Jump to content

Trojan.FakeMS.ED: MBAM finds over 600 times


Recommended Posts

MBAM Pro found over 600 instances of Trojan.FakeMS.ED just all of a sudden.  I couldn't start any browsers without going into safe mode, they were working so slowly.  Farbar scan is below.  Thank you so much for your help.

 

I haven't quarantined anything, as it seems there are so many systems files listed it might cripple the computer.Addition.txt

 

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-07-2014
Ran by Michael (administrator) on SHAKTIDEVA on 27-07-2014 02:29:33
Running from C:\Users\Michael\Desktop
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Safe Mode (with Networking)
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHT\ChtIME.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\JPN\JpnIME.exe
(Microsoft Corporation) C:\Windows\HelpPane.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [synLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [665400 2012-08-27] (Synaptics)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-08-10] (Lenovo)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2012-10-26] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2012-10-26] (Lenovo(beijing) Limited)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2916152 2012-08-27] (Synaptics Incorporated)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13647576 2013-08-27] (Realtek Semiconductor)
HKLM-x32\...\Run: [iAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [277504 2012-08-16] (Intel Corporation)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [updateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-19] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)
HKLM-x32\...\Run: [intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [bCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [946352 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3478752 2012-12-18] (Adobe Systems Inc.)
HKLM-x32\...\Run: [AdobeCS5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [406992 2010-02-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-09-27] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [Wondershare Helper Compact] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1694208 2013-05-04] (Wondershare)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-09-04] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [NOFOLDEROPTIONS] 0
HKU\S-1-5-21-3264983995-1323812112-139882667-1002\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-3264983995-1323812112-139882667-1002\...\Run: [Google Update] => C:\Users\Michael\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2013-04-15] (Google Inc.)
HKU\S-1-5-21-3264983995-1323812112-139882667-1002\...\Run: [Office Timeline Performance Helper] => C:\Program Files (x86)\Office Timeline\2013\OfficeTimelineStartup.exe [16640 2013-12-19] (OfficeTimeline LLC)
HKU\S-1-5-21-3264983995-1323812112-139882667-1002\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3672640 2013-03-14] (Disc Soft Ltd)
HKU\S-1-5-21-3264983995-1323812112-139882667-1002\...\Run: [DAEMON Tools Ultra Agent] => C:\Program Files (x86)\DAEMON Tools Ultra\DTAgent.exe [3192056 2013-11-14] (Disc Soft Ltd)
HKU\S-1-5-21-3264983995-1323812112-139882667-1002\...\Run: [AlcoholAutomount] => C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
HKU\S-1-5-21-3264983995-1323812112-139882667-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [59720 2013-11-20] (Apple Inc.)
HKU\S-1-5-21-3264983995-1323812112-139882667-1002\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [457728 2013-11-14] (Microsoft Corporation)
HKU\S-1-5-21-3264983995-1323812112-139882667-1002\...\Run: [DVSSkypeRecorder] => C:\Program Files (x86)\DVDVideoSoft\Free Video Call Recorder for Skype\skyui.exe [1014440 2014-06-23] (DVDVideoSoft Ltd.)
HKU\S-1-5-21-3264983995-1323812112-139882667-1002\...\Run: [GoogleChromeAutoLaunch_1D7305B07635F8E0A4CF4B02D1C53C4D] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-07-15] (Google Inc.)
HKU\S-1-5-21-3264983995-1323812112-139882667-1002\...\Run: [sandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [784392 2014-05-29] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-3264983995-1323812112-139882667-1002\...\Policies\Explorer: [DisallowRun] 1
HKU\S-1-5-21-3264983995-1323812112-139882667-1002\...\MountPoints2: {4618a17e-a9e0-11e3-bee5-b888e3916e9f} - "G:\setup.exe" 
HKU\S-1-5-21-3264983995-1323812112-139882667-1002\...\MountPoints2: {bf5b0ff0-b7ee-11e2-be92-b888e3916e9f} - "G:\ch_drive.exe" 
HKU\S-1-5-21-3264983995-1323812112-139882667-1002\...\MountPoints2: {bf5b1146-b7ee-11e2-be92-b888e3916e9f} - "F:\ch_drive.exe" 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\StartUp\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\Lenovo\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\StartUp\CrashPlan Tray.lnk
ShortcutTarget: CrashPlan Tray.lnk -> C:\Program Files\CrashPlan\CrashPlanTray.exe (Code 42 Software, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\StartUp\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Michael\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Startup\EmEditor.lnk
ShortcutTarget: EmEditor.lnk -> C:\Program Files\EmEditor\emedtray.exe (Emurasoft, Inc.)
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Startup\Framework.exe.lnk
ShortcutTarget: Framework.exe.lnk -> C:\Program Files\Windows Media Player\Framework.exe (No File)
Startup: C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 1 (GFS Unread Stub) -> {99FD978C-D287-4F50-827F-B2C658EDA8E7} => C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2 (GFS Stub) -> {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} => C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 2.5 (GFS Unread Folder) -> {920E6DB1-9907-4370-B3A0-BAFC03D81399} => C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 3 (GFS Folder) -> {16F3DD56-1AF5-4347-846D-7C10C4192619} => C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers: Groove Explorer Icon Overlay 4 (GFS Unread Mark) -> {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} => C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers: OverlayExcluded -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\21.4.0.13\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayPending -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\21.4.0.13\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: OverlayProtected -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\21.4.0.13\buShell.dll (Symantec Corporation)
ShellIconOverlayIdentifiers: ShareOverlay -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers: StorageProviderError -> {0CA2640D-5B9C-4c59-A5FB-2DA61A7437CF} => C:\Windows\System32\shell32.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: StorageProviderSyncing -> {0A30F902-8398-4ee8-86F7-4CFB589F04D1} => C:\Windows\System32\shell32.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Michael\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll No File
ShellIconOverlayIdentifiers-x32: ShareOverlay -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: StorageProviderError -> {0CA2640D-5B9C-4c59-A5FB-2DA61A7437CF} => C:\Windows\SysWOW64\shell32.dll (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: StorageProviderSyncing -> {0A30F902-8398-4ee8-86F7-4CFB589F04D1} => C:\Windows\SysWOW64\shell32.dll (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?rd=1&ucc=DE&dcc=DE&opt=0&ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x30945AC76034CE01
SearchScopes: HKLM - {8B0E5150-500E-44CB-95DD-A4EEA715D2C3} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {8B0E5150-500E-44CB-95DD-A4EEA715D2C3} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKCU - {8B0E5150-500E-44CB-95DD-A4EEA715D2C3} URL = 
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\21.4.0.13\coIEPlg.dll (Symantec Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL No File
BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
BHO: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_64.dll (IvoSoft)
BHO-x32: No Name -> {01F29AE5-D48D-417B-9D00-8A115C23A0EB} -> C:\Users\Michael\AppData\LocalLow\systems ie bho\bho.dll ()
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: No Name -> {452ADB5B-00BE-469D-A65F-3046146B2ED5} ->  No File
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ClassicIE9BHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIE9DLL_32.dll (IvoSoft)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\21.4.0.13\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095} 
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL No File
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL No File [ ]
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: E:\My Documents\Tech Files\Firefox Profile
FF NetworkProxy: "type", 1
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
FF Plugin-x32: @exent.com/npExentControl,version=7.1.0.1 - C:\Program Files (x86)\FreeRide Games\npExentControl.dll (Exent Technologies Ltd.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll ( )
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @coreonline.com/run3d,version=1.0 - C:\Users\Michael\AppData\LocalLow\Square Enix\nprun3d.dll (Square Enix)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\Michael\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\Michael\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\Michael\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\Michael\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Backup\npuplaypc.dll (Ubisoft)
FF Plugin ProgramFiles/Appdata: C:\Users\Michael\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Michael\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF SearchPlugin: E:\My Documents\Tech Files\Firefox Profile\searchplugins\the-pirate-bay.xml
FF Extension: Perapera Chinese - E:\My Documents\Tech Files\Firefox Profile\Extensions\chineseperakun@gmail.com [2013-05-16]
FF Extension: Xmarks - E:\My Documents\Tech Files\Firefox Profile\Extensions\foxmarks@kei.com [2014-07-13]
FF Extension: Perapera Japanese - E:\My Documents\Tech Files\Firefox Profile\Extensions\peraperakun@gmail.com [2013-05-16]
FF Extension: Elite Proxy Switcher - E:\My Documents\Tech Files\Firefox Profile\Extensions\eliteproxyswitcher@my-proxy.com.xpi [2013-05-16]
FF Extension: عارض PDF - E:\My Documents\Tech Files\Firefox Profile\Extensions\uriloader@pdf.js.xpi [2014-07-07]
FF Extension: Modify Headers - E:\My Documents\Tech Files\Firefox Profile\Extensions\{b749fc7c-e949-447f-926c-3f4eed6accfe}.xpi [2014-05-29]
FF Extension: Adblock Plus - E:\My Documents\Tech Files\Firefox Profile\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-07-23]
FF Extension: QuickProxy - E:\My Documents\Tech Files\Firefox Profile\Extensions\{d5ea4520-61a1-11da-8cd6-0800200c9a66}.xpi [2013-05-16]
FF Extension: DownThemAll! - E:\My Documents\Tech Files\Firefox Profile\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2014-05-29]
FF Extension: UnMHT - E:\My Documents\Tech Files\Firefox Profile\Extensions\{f759ca51-3a91-4dd1-ae78-9db5eee9ebf0}.xpi [2014-05-29]
FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afext@anchorfree.com [2014-06-18]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013-04-26]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.1.3\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.1.3\coFFPlgn [2014-07-27]
FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.1.3\IPSFF
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.0.1.3\IPSFF [2014-07-14]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 AxAutoMntSrv; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [75624 2012-01-05] (Alcohol Soft Development Team)
S2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2252504 2013-09-04] (Broadcom Corporation.)
S2 btwdins; C:\Program Files\Lenovo\Bluetooth Software\btwdins.exe [957304 2012-09-07] (Broadcom Corporation.)
S2 ClassicShellService; C:\Program Files\Classic Shell\ClassicShellService.exe [68608 2013-06-29] (IvoSoft) [File not signed]
S2 CrashPlanService; C:\Program Files\CrashPlan\CrashPlanService.exe [222720 2013-04-09] (CrashPlan) [File not signed]
S3 Disc Soft Bus Service; C:\Program Files (x86)\DAEMON Tools Ultra\DiscSoftBusService.exe [723192 2013-11-14] (Disc Soft Ltd)
S2 HandleService; C:\Users\Michael\AppData\Roaming\Win System\handle.exe [637952 2014-06-10] (Handle) [File not signed]
S2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
S2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-08-16] (Intel Corporation) [File not signed]
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-08] ()
S2 N360; C:\Program Files (x86)\Norton 360\Engine\21.4.0.13\N360.exe [265040 2014-06-27] (Symantec Corporation)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S2 NitroDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [216072 2012-07-16] (Nitro PDF Software)
S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1886488 2014-07-10] (Trusteer Ltd.)
S2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [174088 2014-05-29] (Sandboxie Holdings, LLC)
S2 StarWindServiceAE; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [370688 2009-12-23] (StarWind Software) [File not signed]
S2 VMLiteService; C:\Program Files\VMLite\VMLite Workstation\VMLiteService.exe [426600 2010-08-21] (VMLite, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [348392 2013-10-31] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2013-10-31] (Microsoft Corporation)
S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3674864 2014-01-08] (Intel® Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U3 axscsidrv; C:\Windows\System32\Drivers\axscsidrv.sys [293888 2014-03-12] (Alcohol Soft Development Team)
S3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-09-04] (Broadcom Corporation.)
S1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\21.0.1.3\Definitions\BASHDefs\20140718.001\BHDrvx64.sys [1530160 2014-07-03] (Symantec Corporation)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation)
S1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1504000.00D\ccSetx64.sys [162392 2014-02-21] (Symantec Corporation)
R3 dtscsibus; C:\Windows\system32\DRIVERS\dtscsibus.sys [29696 2014-03-12] (Disc Soft Ltd)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283200 2014-03-12] (DT Soft Ltd)
S1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [486192 2014-07-14] (Symantec Corporation)
S3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142128 2014-07-14] (Symantec Corporation)
S1 HssDRV6; C:\Windows\system32\DRIVERS\hssdrv6.sys [44744 2013-11-13] (AnchorFree Inc.)
S1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\21.0.1.3\Definitions\IPSDefs\20140725.001\IDSvia64.sys [525016 2014-07-11] (Symantec Corporation)
S3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [122584 2014-07-26] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
S3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\21.0.1.3\Definitions\VirusDefs\20140726.002\ENG64.SYS [126040 2014-07-25] (Symantec Corporation)
S3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\21.0.1.3\Definitions\VirusDefs\20140726.002\EX64.SYS [2099288 2014-07-25] (Symantec Corporation)
R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3349984 2014-02-25] (Intel Corporation)
S1 RapportCerberus_69875; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_69875.sys [631128 2014-07-25] ()
S1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [299736 2014-07-10] (Trusteer Ltd.)
S0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [288440 2014-07-10] (Trusteer Ltd.)
S0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [358616 2014-07-10] (Trusteer Ltd.)
S1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [414296 2014-07-10] (Trusteer Ltd.)
S3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8222736 2012-06-15] (Realtek Semiconductor Corp.)
S3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [185352 2014-05-29] (Sandboxie Holdings, LLC)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-27] (Synaptics Incorporated)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [386680 2014-03-12] (Duplex Secure Ltd.)
S3 SRTSP; C:\Windows\System32\Drivers\N360x64\1504000.00D\SRTSP64.SYS [875736 2014-02-13] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\N360x64\1504000.00D\SRTSPX64.SYS [36952 2013-07-31] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\N360x64\1504000.00D\SYMDS64.SYS [493656 2013-08-01] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\N360x64\1504000.00D\SYMEFA64.SYS [1148120 2014-03-04] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\N360x64\1504000.00D\SymELAM.sys [23568 2013-08-01] (Symantec Corporation)
S3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [177752 2014-07-14] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\N360x64\1504000.00D\Ironx64.SYS [264280 2013-07-31] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\N360x64\1504000.00D\SYMNETS.SYS [593112 2014-02-18] (Symantec Corporation)
R3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2013-04-24] (Anchorfree Inc.)
S1 VBoxDrv; C:\Windows\System32\drivers\VBoxDrv.sys [204328 2010-08-11] (VMLite, Inc.)
S1 vmlitedrv; C:\Windows\System32\drivers\vmlitedrv.sys [14952 2010-08-03] (VMLite, Inc.)
R3 vmlitestor; C:\Windows\System32\drivers\vmlitestor.sys [177768 2010-08-11] (VMLite, Inc.)
S1 VMLiteUSBMon; C:\Windows\System32\drivers\vmliteusbmon.sys [135272 2010-08-18] (VMLite, Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124760 2013-10-31] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
S2 X5XSEx_Pr148; C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.Sys [56136 2012-07-25] (Exent Technologies Ltd.)
S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-10] (Windows ® Win 7 DDK provider)
S3 AsyncMac; \SystemRoot\system32\DRIVERS\asyncmac.sys [X]
S1 MpKslce7cc813; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AAEEAF7E-4D3E-4ACD-86FD-55A19EB2C93B}\MpKslce7cc813.sys [X]
S3 srv2; System32\DRIVERS\srv2.sys [X]
S3 USBSTOR; \SystemRoot\System32\drivers\USBSTOR.SYS [X]
S3 WSDPrintDevice; \SystemRoot\System32\drivers\WSDPrint.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-07-27 02:29 - 2014-07-27 02:29 - 00000000 _____ () C:\Users\Michael\Desktop\FRST.txt
2014-07-27 02:07 - 2014-07-27 02:08 - 00066691 _____ () C:\Users\Michael\Downloads\Addition.txt
2014-07-27 02:06 - 2014-07-27 02:20 - 00079658 _____ () C:\Users\Michael\Downloads\FRST.txt
2014-07-27 02:05 - 2014-07-27 02:29 - 00000000 ____D () C:\FRST
2014-07-27 02:02 - 2014-07-27 02:03 - 02093568 _____ (Farbar) C:\Users\Michael\Desktop\FRST64.exe
2014-07-27 01:48 - 2014-07-27 01:48 - 00000000 ____D () C:\WINDOWS\pss
2014-07-27 01:17 - 2014-07-27 01:17 - 00070186 _____ () C:\Trojan.FakeMS.ED.txt
2014-07-26 13:13 - 2014-07-26 13:25 - 307365764 _____ () C:\Users\Michael\Downloads\amike21_(Giorgio_Moroder)-2014-07-26.zip
2014-07-26 13:13 - 2014-07-26 13:19 - 98924383 _____ () C:\Users\Michael\Downloads\amike13-2014-07-26.zip
2014-07-26 13:07 - 2014-07-26 13:11 - 62472618 _____ () C:\Users\Michael\Downloads\amike18_(SDM_outtakes)-2014-07-26.zip
2014-07-26 13:04 - 2014-07-26 13:13 - 204814015 _____ () C:\Users\Michael\Downloads\amike20_(Seeing_Past_Disco)-2014-07-26.zip
2014-07-25 12:28 - 2014-07-25 12:28 - 00002589 _____ () C:\Users\Public\Desktop\Romaco Timeout.lnk
2014-07-25 12:28 - 2014-07-25 12:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Romaco Canada
2014-07-25 11:51 - 2014-07-25 11:51 - 00002613 _____ () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Romaco Timeout.lnk
2014-07-25 08:22 - 2014-07-25 08:22 - 00000000 ____D () C:\Users\Michael\AppData\Local\Romaco_Canada
2014-07-25 08:20 - 2014-07-25 08:20 - 00000000 ____D () C:\Program Files (x86)\Romaco Canada
2014-07-25 08:16 - 2014-07-25 08:16 - 00929416 _____ (CNET Download.com) C:\Users\Michael\Downloads\cbsidlm-cbsi188-Romaco_Timeout-SEO-75325347.exe
2014-07-20 00:11 - 2014-07-20 00:11 - 00296288 _____ () C:\WINDOWS\Minidump\072014-2000578-01.dmp
2014-07-20 00:11 - 2014-07-20 00:11 - 00000000 ____D () C:\WINDOWS\Minidump
2014-07-19 04:58 - 2014-07-19 04:58 - 02999166 _____ () C:\Users\Michael\Downloads\[中医大辞典].txt
2014-07-17 18:27 - 2014-07-17 20:41 - 00000000 ____D () C:\Users\Michael\Downloads\PowerDesk 9.0.1.10-PROPER
2014-07-17 18:05 - 2014-07-17 18:05 - 00000000 ____D () C:\Users\Michael\B93251B592094DAB867CAA98D91584CD.TMP
2014-07-17 17:51 - 2014-07-17 20:05 - 00000000 ____D () C:\Users\Michael\Downloads\PowerDesk Pro 8.5.7.30
2014-07-17 17:45 - 2014-07-17 17:45 - 02656264 _____ (Sandboxie Holdings, LLC) C:\Users\Michael\Downloads\SandboxieInstall (2).exe
2014-07-17 17:44 - 2014-07-17 17:44 - 02656264 _____ (Sandboxie Holdings, LLC) C:\Users\Michael\Downloads\SandboxieInstall (1).exe
2014-07-17 17:44 - 2014-07-17 17:44 - 00000000 ___RD () C:\Sandbox
2014-07-17 17:42 - 2014-07-25 15:27 - 00001734 _____ () C:\WINDOWS\Sandboxie.ini
2014-07-17 17:42 - 2014-07-17 17:37 - 00000919 _____ () C:\Users\Michael\Desktop\Sandboxed Web Browser.lnk
2014-07-17 17:38 - 2014-07-17 17:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2014-07-17 17:37 - 2014-07-17 17:37 - 02656264 _____ (Sandboxie Holdings, LLC) C:\Users\Michael\Downloads\SandboxieInstall.exe
2014-07-17 17:37 - 2014-07-17 17:37 - 00000000 ____D () C:\Program Files\Sandboxie
2014-07-17 17:33 - 2014-07-17 17:33 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Avanquest
2014-07-17 17:33 - 2014-07-17 17:33 - 00000000 ____D () C:\Program Files (x86)\Avanquest
2014-07-17 17:32 - 2014-07-17 18:35 - 70974775 _____ () C:\Users\Michael\Downloads\PowerDesk-9.rar
2014-07-17 17:28 - 2014-07-17 17:30 - 00000000 ____D () C:\Users\Michael\Downloads\PowerDesk Pro v7.0.1.3
2014-07-17 17:27 - 2014-07-17 17:27 - 00026267 _____ () C:\Users\Michael\Downloads\[kickassunblock.net]powerdesk.pro.7.torrent
2014-07-17 17:27 - 2014-07-17 17:27 - 00013583 _____ () C:\Users\Michael\Downloads\[kickassunblock.net]a.powerdesk.pro.v7.0.1.3.with.keygen.torrent
2014-07-17 17:26 - 2014-07-17 17:27 - 20964928 _____ (Copernic, a division of N. Harris Copernic Systems) C:\Users\Michael\Downloads\copernicdesktopsearch.exe
2014-07-17 17:16 - 2014-07-17 18:18 - 71328399 _____ () C:\Users\Michael\Downloads\PowerDesk 9 Final.exe
2014-07-17 17:09 - 2013-01-17 20:35 - 00002456 _____ () C:\Program Files\hklm avan2.reg
2014-07-17 17:09 - 2013-01-17 20:33 - 00003430 _____ () C:\Program Files\hkcu avan1.reg
2014-07-17 17:08 - 2014-07-17 17:15 - 00000813 _____ () C:\Users\Michael\Desktop\PDExploNXP.exe.lnk
2014-07-17 17:06 - 2014-07-17 17:18 - 00000000 ____D () C:\Program Files\avan
2014-07-17 16:45 - 2014-07-17 17:05 - 00000000 ____D () C:\Users\Michael\Downloads\PowerDesk 9 Final
2014-07-17 16:43 - 2014-07-17 16:45 - 00000000 ____D () C:\Users\Michael\Downloads\Best of Starvation Bundle
2014-07-17 15:52 - 2014-07-17 16:00 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\qBittorrent
2014-07-17 15:52 - 2014-07-17 15:52 - 00000000 ____D () C:\Users\Michael\AppData\Local\qBittorrent
2014-07-17 15:51 - 2014-07-17 15:51 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\qBittorrent
2014-07-17 15:51 - 2014-07-17 15:51 - 00000000 ____D () C:\Program Files (x86)\qBittorrent
2014-07-17 15:46 - 2014-07-17 15:47 - 10509452 _____ (The qBittorrent project) C:\Users\Michael\Downloads\qbittorrent_3.1.9.2_setup.exe
2014-07-17 15:38 - 2014-07-17 15:39 - 01859152 _____ (BitTorrent Inc.) C:\Users\Michael\Downloads\uTorrent (2).exe
2014-07-17 13:25 - 2014-07-17 13:25 - 00000000 ____D () C:\Program Files\Realtek
2014-07-17 13:25 - 2013-07-23 15:40 - 02103040 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\WavesGUILib64.dll
2014-07-17 13:24 - 2013-08-27 20:37 - 03613528 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2014-07-17 13:24 - 2013-08-27 19:23 - 00638209 _____ () C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2014-07-17 13:24 - 2013-08-27 17:07 - 05680680 _____ () C:\WINDOWS\system32\Drivers\rtvienna.dat
2014-07-17 13:24 - 2013-08-27 15:25 - 00147672 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2014-07-17 13:24 - 2013-08-27 14:08 - 32358400 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat
2014-07-17 13:24 - 2013-08-26 14:29 - 02585816 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkAPO64.dll
2014-07-17 13:24 - 2013-08-20 20:17 - 02809048 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2014-07-17 13:24 - 2013-08-06 09:47 - 00947248 _____ (Sony Corporation) C:\WINDOWS\system32\SFSS_APO.dll
2014-07-17 13:24 - 2013-08-02 20:16 - 01005784 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2014-07-17 13:24 - 2013-07-26 14:05 - 00617176 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2014-07-17 13:24 - 2013-04-24 17:16 - 01662024 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2014-07-17 13:24 - 2013-02-20 18:55 - 01284680 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2014-07-17 13:24 - 2012-11-14 11:41 - 00378000 _____ (Realtek Semiconductor) C:\WINDOWS\system32\RtkGuiCompLib.dll
2014-07-17 13:24 - 2011-12-20 15:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2014-07-17 13:24 - 2011-11-22 16:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll
2014-07-17 13:24 - 2011-09-02 14:21 - 00221024 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFNHK64.dll
2014-07-17 13:24 - 2011-09-02 14:21 - 00081248 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFCOM64.dll
2014-07-17 13:24 - 2011-09-02 14:21 - 00078688 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFAPO64.dll
2014-07-17 13:24 - 2010-11-08 07:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll
2014-07-17 13:24 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
2014-07-17 13:24 - 2010-11-08 07:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
2014-07-17 13:24 - 2010-11-08 07:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll
2014-07-17 13:24 - 2010-11-08 07:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll
2014-07-17 13:24 - 2010-11-08 07:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll
2014-07-17 13:24 - 2010-11-03 18:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
2014-07-17 13:24 - 2010-07-22 16:48 - 00074064 _____ (Virage Logic Corporation / Sonic Focus) C:\WINDOWS\SysWOW64\SFCOM.dll
2014-07-17 13:24 - 2009-11-24 09:55 - 00518896 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll
2014-07-17 13:24 - 2009-11-24 09:55 - 00211184 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSH64.dll
2014-07-17 13:24 - 2009-11-24 09:55 - 00198896 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSHP64.dll
2014-07-17 13:24 - 2009-11-24 09:55 - 00155888 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll
2014-07-17 13:23 - 2013-08-14 16:36 - 00662784 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVolumeSDAPO.dll
2014-07-17 13:23 - 2013-07-23 15:39 - 14048512 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioRealtek64.dll
2014-07-17 13:23 - 2012-08-31 19:18 - 07164176 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEP64A.dll
2014-07-17 13:23 - 2012-08-31 19:17 - 00434960 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EED64A.dll
2014-07-17 13:23 - 2012-08-31 19:17 - 00141584 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEL64A.dll
2014-07-17 13:23 - 2012-08-31 19:17 - 00124176 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEA64A.dll
2014-07-17 13:23 - 2012-08-31 19:17 - 00075024 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEG64A.dll
2014-07-17 13:22 - 2013-08-14 16:35 - 00663296 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO30.dll
2014-07-17 13:22 - 2013-08-07 17:41 - 00113576 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2014-07-17 13:22 - 2013-08-06 04:56 - 06219096 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64A.dll
2014-07-17 13:22 - 2013-08-06 04:56 - 01908568 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64A.dll
2014-07-17 13:22 - 2013-08-06 04:56 - 00312152 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64A.dll
2014-07-17 13:22 - 2013-08-06 04:56 - 00261464 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64.dll
2014-07-17 13:22 - 2013-08-05 18:11 - 02743328 _____ (Fortemedia Corporation) C:\WINDOWS\system32\FMAPO64.dll
2014-07-17 13:22 - 2013-07-24 10:07 - 02032896 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioEQ64.dll
2014-07-17 13:22 - 2013-07-23 15:39 - 01916672 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioRealtek264.dll
2014-07-17 13:22 - 2013-07-23 15:39 - 00922880 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPOShell64.dll
2014-07-17 13:22 - 2013-06-05 21:42 - 00208072 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAC64.dll
2014-07-17 13:22 - 2012-03-08 11:47 - 00108640 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAR64.dll
2014-07-17 13:22 - 2011-05-31 09:42 - 01756264 _____ (DTS) C:\WINDOWS\system32\DTSS2SpeakerDLL64.dll
2014-07-17 13:22 - 2011-05-31 09:42 - 01568360 _____ (DTS) C:\WINDOWS\system32\DTSS2HeadphoneDLL64.dll
2014-07-17 13:22 - 2011-05-31 09:42 - 01486952 _____ (DTS) C:\WINDOWS\system32\DTSBoostDLL64.dll
2014-07-17 13:22 - 2011-05-31 09:42 - 00728680 _____ (DTS) C:\WINDOWS\system32\DTSBassEnhancementDLL64.dll
2014-07-17 13:22 - 2011-05-31 09:42 - 00712296 _____ (DTS) C:\WINDOWS\system32\DTSSymmetryDLL64.dll
2014-07-17 13:22 - 2011-05-31 09:42 - 00693352 _____ (DTS) C:\WINDOWS\system32\DTSVoiceClarityDLL64.dll
2014-07-17 13:22 - 2011-05-31 09:42 - 00491112 _____ (DTS) C:\WINDOWS\system32\DTSNeoPCDLL64.dll
2014-07-17 13:22 - 2011-05-31 09:42 - 00432744 _____ (DTS) C:\WINDOWS\system32\DTSLimiterDLL64.dll
2014-07-17 13:22 - 2011-05-31 09:42 - 00428648 _____ (DTS) C:\WINDOWS\system32\DTSGainCompensatorDLL64.dll
2014-07-17 13:22 - 2011-05-31 09:42 - 00242792 _____ (DTS) C:\WINDOWS\system32\DTSLFXAPO64.dll
2014-07-17 13:22 - 2011-05-31 09:42 - 00242792 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPO64.dll
2014-07-17 13:22 - 2011-05-31 09:42 - 00241768 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPONS64.dll
2014-07-17 13:22 - 2010-09-27 09:34 - 00318808 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO20.dll
2014-07-17 13:20 - 2013-08-08 19:57 - 02080472 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RtlExUpd.dll
2014-07-17 11:24 - 2014-07-17 11:34 - 333229760 _____ (Lenovo Group Limited ) C:\Users\Michael\Downloads\audio129w81.exe
2014-07-17 11:24 - 2014-07-17 11:24 - 02024376 _____ (Easeware ) C:\Users\Michael\Downloads\Lenovo_Downloader_for_5_0pau05w8.exe
2014-07-17 11:23 - 2014-07-17 11:23 - 02024376 _____ (Easeware ) C:\Users\Michael\Downloads\Lenovo_Downloader_for_0pau05w8.exe
2014-07-16 15:43 - 2014-07-16 15:54 - 00000610 _____ () C:\Users\Michael\Desktop\002.part.met.bak
2014-07-16 15:43 - 2014-07-16 15:54 - 00000610 _____ () C:\Users\Michael\Desktop\002.part.met
2014-07-16 15:43 - 2014-07-16 15:43 - 00000000 _____ () C:\Users\Michael\Desktop\002.part
2014-07-16 13:11 - 2014-07-16 13:11 - 00394227 _____ () C:\Users\Michael\Downloads\valussichapter.zip
2014-07-15 21:40 - 2014-07-15 21:40 - 00146183 _____ () C:\Users\Michael\Downloads\YouTube-Unblocker-056.crx
2014-07-15 12:26 - 2014-07-15 12:26 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless
2014-07-15 12:26 - 2014-07-15 12:26 - 00000000 ____D () C:\Program Files (x86)\Cisco
2014-07-15 12:25 - 2014-07-15 12:25 - 00011420 _____ () C:\WINDOWS\DPINST.LOG
2014-07-15 12:25 - 2014-07-15 12:25 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp
2014-07-15 12:17 - 2014-07-15 12:22 - 95240144 _____ (Intel® Corporation) C:\Users\Michael\Downloads\Wireless_16.11.0_e164.exe
2014-07-15 12:17 - 2014-07-15 12:17 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\SystemRequirementsLab
2014-07-15 12:17 - 2014-07-15 12:17 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab
2014-07-15 11:41 - 2014-07-26 23:57 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-15 11:40 - 2014-07-17 18:59 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-15 11:40 - 2014-07-15 11:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-15 11:40 - 2014-07-15 11:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-15 11:40 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-07-15 11:40 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-07-15 11:40 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-07-15 11:05 - 2014-07-15 11:06 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Michael\Downloads\mbam-clean-2.1.1.1001.exe
2014-07-15 08:46 - 2014-07-15 08:46 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Michael\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-07-15 08:45 - 2014-07-15 08:46 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Michael\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-15 08:43 - 2014-07-27 01:35 - 00000000 ____D () C:\Users\Michael\AppData\Local\CrashDumps
2014-07-14 23:54 - 2014-07-14 23:54 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Norton 360
2014-07-14 23:20 - 2014-07-14 23:53 - 00003206 _____ () C:\WINDOWS\System32\Tasks\Norton WSC Integration
2014-07-14 23:20 - 2014-07-14 23:53 - 00002350 _____ () C:\Users\Public\Desktop\Norton 360.lnk
2014-07-14 23:20 - 2014-07-14 23:20 - 00177752 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2014-07-14 23:20 - 2014-07-14 23:20 - 00008222 _____ () C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2014-07-14 23:20 - 2014-07-14 23:20 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-07-14 23:18 - 2014-07-14 23:53 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2014-07-14 23:18 - 2014-07-14 23:53 - 00000000 ____D () C:\WINDOWS\system32\Drivers\N360x64
2014-07-14 23:18 - 2014-07-14 23:20 - 00000000 ____D () C:\ProgramData\Norton
2014-07-14 23:18 - 2014-07-14 23:18 - 00000000 ____D () C:\Program Files (x86)\Norton 360
2014-07-14 22:44 - 2014-07-14 22:44 - 00000000 ____D () C:\Users\Michael\Downloads\Norton (All versions) 2014
2014-07-12 16:51 - 2014-07-15 12:00 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\VOPackage
2014-07-12 16:45 - 2014-07-27 01:06 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Win System
2014-07-12 16:44 - 2014-07-23 21:22 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Security Systems
2014-07-12 16:43 - 2014-07-12 16:44 - 23313752 _____ (DVDVideoSoft Ltd. ) C:\Users\Michael\Desktop\FreeVideoCallRecorderForSkype.exe
2014-07-12 16:43 - 2014-07-12 16:44 - 00288344 _____ ( ) C:\Users\Michael\Desktop\VOPackage.exe
2014-07-11 00:04 - 2014-07-11 00:04 - 02347384 _____ (ESET) C:\Users\Michael\Downloads\esetsmartinstaller_enu.exe
2014-07-11 00:04 - 2014-07-11 00:04 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-10 14:44 - 2014-07-11 16:08 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\baidu
2014-07-10 14:44 - 2014-07-10 14:44 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\BaiduYunGuanjia
2014-07-10 14:19 - 2014-07-10 14:23 - 39627458 _____ () C:\Users\Michael\Downloads\The_Book_of_Changes236.rar
2014-07-10 14:18 - 2014-07-10 14:21 - 32019927 _____ () C:\Users\Michael\Downloads\others710.rar
2014-07-10 09:13 - 2014-07-10 09:13 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Michael\Downloads\tdsskiller.exe
2014-07-10 02:05 - 2014-07-17 13:26 - 00002655 _____ () C:\WINDOWS\setupact.log
2014-07-10 02:05 - 2014-07-10 02:05 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-07-10 02:04 - 2014-07-26 22:59 - 00043872 _____ () C:\WINDOWS\PFRO.log
2014-07-10 02:02 - 2014-07-10 02:02 - 00000616 _____ () C:\Users\Michael\Desktop\JRT.txt
2014-07-10 00:27 - 2014-07-10 00:27 - 04872677 _____ () C:\Users\Michael\Downloads\mbam-chameleon-3.1.4.0.zip
2014-07-10 00:07 - 2014-07-10 00:07 - 00304620 _____ () C:\Users\Michael\Downloads\RefMan (RIS) Export.ens
2014-07-09 20:33 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll
2014-07-09 20:32 - 2014-07-10 01:58 - 00000000 ____D () C:\AdwCleaner
2014-07-09 20:26 - 2014-07-09 20:26 - 01348263 _____ () C:\Users\Michael\Downloads\adwcleaner_3.215.exe
2014-07-09 18:18 - 2014-07-09 18:18 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-07-09 18:17 - 2014-07-09 18:17 - 01016261 _____ (Thisisu) C:\Users\Michael\Downloads\JRT.exe
2014-07-08 15:50 - 2014-07-11 17:15 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-08 15:49 - 2014-07-11 17:15 - 00000000 ____D () C:\Users\Michael\Desktop\mbar
2014-07-08 15:48 - 2014-07-08 15:48 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Michael\Downloads\mbar-1.07.0.1012.exe
2014-07-07 10:12 - 2014-07-07 10:13 - 29183200 _____ (Microsoft Corporation) C:\Users\Michael\Downloads\Windows-KB890830-x64-V5.13.exe
2014-07-07 10:10 - 2014-07-07 10:10 - 00688992 _____ (Swearware) C:\Users\Michael\Downloads\dds.scr
2014-07-07 10:10 - 2014-07-07 10:10 - 00380416 _____ () C:\Users\Michael\Downloads\znpuyv3z.exe
2014-07-07 10:10 - 2014-07-07 10:10 - 00050688 _____ (Atribune.org) C:\Users\Michael\Downloads\ATF-Cleaner.exe
2014-07-04 15:26 - 2014-07-04 15:26 - 01530368 _____ () C:\Users\Michael\Downloads\PMPH Terms List (updated 2010-5-18) use CTRL+F to search.xls
2014-07-04 15:26 - 2014-07-04 15:26 - 00980480 _____ () C:\Users\Michael\Downloads\WFAS Terms List .xls
2014-07-04 15:26 - 2014-07-04 15:26 - 00980480 _____ () C:\Users\Michael\Downloads\WFAS Terms List  (1).xls
2014-07-03 18:39 - 2014-07-03 18:39 - 00001093 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-07-03 18:39 - 2014-07-03 18:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-07-03 17:48 - 2014-07-03 17:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-07-03 17:48 - 2014-07-03 17:48 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-07-03 17:46 - 2014-07-03 17:48 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\DVDVideoSoft
2014-07-02 17:18 - 2014-07-02 17:18 - 00003110 _____ () C:\WINDOWS\System32\Tasks\{4751B92F-130E-4C36-8A72-C4BF431E1D31}
2014-07-02 17:15 - 2014-07-02 17:15 - 00003110 _____ () C:\WINDOWS\System32\Tasks\{12933184-2889-493C-BEDC-A6BF45316B23}
2014-07-02 17:09 - 2014-07-02 17:19 - 00001024 _____ () C:\Get_Info4.DAT
2014-07-02 17:09 - 2014-07-02 17:09 - 00000000 _____ () C:\WINDOWS\SysWOW64\Ifsmg04.sys
2014-07-02 17:09 - 2014-07-02 17:09 - 00000000 _____ () C:\WINDOWS\Rapidl04.dll
2014-07-02 17:07 - 2014-07-02 17:07 - 00286720 _____ (Indigo Rose Corporation) C:\WINDOWS\iun503.exe
2014-07-02 17:07 - 2014-07-02 17:07 - 00001938 _____ () C:\Users\UpdatusUser\Desktop\Encyclopaedia of TCM.lnk
2014-07-02 17:07 - 2014-07-02 17:07 - 00001938 _____ () C:\Users\Michael\Desktop\Encyclopaedia of TCM.lnk
2014-07-02 17:07 - 2014-07-02 17:07 - 00001938 _____ () C:\Users\fbwuser\Desktop\Encyclopaedia of TCM.lnk
2014-07-02 17:07 - 2014-07-02 17:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\knowledge
2014-07-02 17:07 - 2014-07-02 17:07 - 00000000 ____D () C:\Program Files (x86)\knowledge
2014-07-02 17:07 - 2003-02-24 04:18 - 00061440 ____R () C:\WINDOWS\SysWOW64\shdocz04.dll
2014-06-28 17:45 - 2014-06-28 17:45 - 00000000 ____D () C:\Users\Michael\AppData\Local\PunkBuster
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-07-27 02:29 - 2014-07-27 02:29 - 00000000 _____ () C:\Users\Michael\Desktop\FRST.txt
2014-07-27 02:29 - 2014-07-27 02:05 - 00000000 ____D () C:\FRST
2014-07-27 02:20 - 2014-07-27 02:06 - 00079658 _____ () C:\Users\Michael\Downloads\FRST.txt
2014-07-27 02:15 - 2013-04-17 14:40 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\uTorrent
2014-07-27 02:08 - 2014-07-27 02:07 - 00066691 _____ () C:\Users\Michael\Downloads\Addition.txt
2014-07-27 02:03 - 2014-07-27 02:02 - 02093568 _____ (Farbar) C:\Users\Michael\Desktop\FRST64.exe
2014-07-27 01:50 - 2014-03-11 15:58 - 01075282 _____ () C:\WINDOWS\WindowsUpdate.log
2014-07-27 01:50 - 2013-08-22 16:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-07-27 01:50 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-07-27 01:48 - 2014-07-27 01:48 - 00000000 ____D () C:\WINDOWS\pss
2014-07-27 01:48 - 2014-03-11 16:05 - 00000000 ____D () C:\Users\Michael
2014-07-27 01:48 - 2013-04-15 22:34 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-27 01:43 - 2013-05-16 14:58 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-07-27 01:35 - 2014-07-15 08:43 - 00000000 ____D () C:\Users\Michael\AppData\Local\CrashDumps
2014-07-27 01:34 - 2013-04-15 22:34 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-27 01:17 - 2014-07-27 01:17 - 00070186 _____ () C:\Trojan.FakeMS.ED.txt
2014-07-27 01:06 - 2014-07-12 16:45 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Win System
2014-07-27 01:01 - 2014-03-11 16:54 - 00003942 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{1A1867E5-09CF-4DB9-B144-73F8B0ABBEC4}
2014-07-27 01:00 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-07-27 00:53 - 2013-04-16 15:01 - 00000938 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3264983995-1323812112-139882667-1002UA.job
2014-07-26 23:57 - 2014-07-15 11:41 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-07-26 23:02 - 2013-06-26 15:59 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Dropbox
2014-07-26 22:59 - 2014-07-10 02:04 - 00043872 _____ () C:\WINDOWS\PFRO.log
2014-07-26 22:53 - 2013-04-16 15:01 - 00000886 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3264983995-1323812112-139882667-1002Core.job
2014-07-26 22:49 - 2013-04-16 12:06 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Skype
2014-07-26 13:35 - 2014-03-11 23:47 - 00000035 _____ () C:\WINDOWS\phonetic.ini
2014-07-26 13:25 - 2014-07-26 13:13 - 307365764 _____ () C:\Users\Michael\Downloads\amike21_(Giorgio_Moroder)-2014-07-26.zip
2014-07-26 13:19 - 2014-07-26 13:13 - 98924383 _____ () C:\Users\Michael\Downloads\amike13-2014-07-26.zip
2014-07-26 13:13 - 2014-07-26 13:04 - 204814015 _____ () C:\Users\Michael\Downloads\amike20_(Seeing_Past_Disco)-2014-07-26.zip
2014-07-26 13:11 - 2014-07-26 13:07 - 62472618 _____ () C:\Users\Michael\Downloads\amike18_(SDM_outtakes)-2014-07-26.zip
2014-07-26 12:04 - 2013-04-17 18:09 - 00000000 ____D () C:\Users\Michael\AppData\Local\Adobe
2014-07-25 18:01 - 2013-04-18 11:49 - 00000000 ____D () C:\Program Files (x86)\HYDC30Client
2014-07-25 17:48 - 2013-04-15 22:28 - 00003598 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3264983995-1323812112-139882667-1002
2014-07-25 15:27 - 2014-07-17 17:42 - 00001734 _____ () C:\WINDOWS\Sandboxie.ini
2014-07-25 15:19 - 2013-08-23 07:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2014-07-25 15:18 - 2013-04-17 14:02 - 00247296 ___SH () C:\Users\Michael\Desktop\Thumbs.db
2014-07-25 14:56 - 2013-06-26 16:03 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-07-25 12:28 - 2014-07-25 12:28 - 00002589 _____ () C:\Users\Public\Desktop\Romaco Timeout.lnk
2014-07-25 12:28 - 2014-07-25 12:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Romaco Canada
2014-07-25 11:51 - 2014-07-25 11:51 - 00002613 _____ () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Romaco Timeout.lnk
2014-07-25 08:22 - 2014-07-25 08:22 - 00000000 ____D () C:\Users\Michael\AppData\Local\Romaco_Canada
2014-07-25 08:20 - 2014-07-25 08:20 - 00000000 ____D () C:\Program Files (x86)\Romaco Canada
2014-07-25 08:18 - 2013-07-18 23:27 - 00000000 ____D () C:\Users\Michael\AppData\Local\Downloaded Installations
2014-07-25 08:16 - 2014-07-25 08:16 - 00929416 _____ (CNET Download.com) C:\Users\Michael\Downloads\cbsidlm-cbsi188-Romaco_Timeout-SEO-75325347.exe
2014-07-24 17:57 - 2013-08-22 15:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-07-24 11:24 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-07-23 21:22 - 2014-07-12 16:44 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Security Systems
2014-07-22 19:14 - 2013-04-17 15:24 - 00466432 ___SH () C:\Users\Michael\Downloads\Thumbs.db
2014-07-20 00:11 - 2014-07-20 00:11 - 00296288 _____ () C:\WINDOWS\Minidump\072014-2000578-01.dmp
2014-07-20 00:11 - 2014-07-20 00:11 - 00000000 ____D () C:\WINDOWS\Minidump
2014-07-19 05:02 - 2012-10-19 12:42 - 00000000 ___DC () C:\Sinology Texts
2014-07-19 04:58 - 2014-07-19 04:58 - 02999166 _____ () C:\Users\Michael\Downloads\[中医大辞典].txt
2014-07-19 03:41 - 2013-11-14 09:28 - 00865408 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-07-18 12:03 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\Resources
2014-07-17 20:43 - 2013-01-17 12:16 - 00000000 ____D () C:\Program Files (x86)\PowerDesk
2014-07-17 20:41 - 2014-07-17 18:27 - 00000000 ____D () C:\Users\Michael\Downloads\PowerDesk 9.0.1.10-PROPER
2014-07-17 20:05 - 2014-07-17 17:51 - 00000000 ____D () C:\Users\Michael\Downloads\PowerDesk Pro 8.5.7.30
2014-07-17 18:59 - 2014-07-15 11:40 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-07-17 18:35 - 2014-07-17 17:32 - 70974775 _____ () C:\Users\Michael\Downloads\PowerDesk-9.rar
2014-07-17 18:18 - 2014-07-17 17:16 - 71328399 _____ () C:\Users\Michael\Downloads\PowerDesk 9 Final.exe
2014-07-17 18:05 - 2014-07-17 18:05 - 00000000 ____D () C:\Users\Michael\B93251B592094DAB867CAA98D91584CD.TMP
2014-07-17 17:45 - 2014-07-17 17:45 - 02656264 _____ (Sandboxie Holdings, LLC) C:\Users\Michael\Downloads\SandboxieInstall (2).exe
2014-07-17 17:44 - 2014-07-17 17:44 - 02656264 _____ (Sandboxie Holdings, LLC) C:\Users\Michael\Downloads\SandboxieInstall (1).exe
2014-07-17 17:44 - 2014-07-17 17:44 - 00000000 ___RD () C:\Sandbox
2014-07-17 17:38 - 2014-07-17 17:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2014-07-17 17:37 - 2014-07-17 17:42 - 00000919 _____ () C:\Users\Michael\Desktop\Sandboxed Web Browser.lnk
2014-07-17 17:37 - 2014-07-17 17:37 - 02656264 _____ (Sandboxie Holdings, LLC) C:\Users\Michael\Downloads\SandboxieInstall.exe
2014-07-17 17:37 - 2014-07-17 17:37 - 00000000 ____D () C:\Program Files\Sandboxie
2014-07-17 17:33 - 2014-07-17 17:33 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Avanquest
2014-07-17 17:33 - 2014-07-17 17:33 - 00000000 ____D () C:\Program Files (x86)\Avanquest
2014-07-17 17:30 - 2014-07-17 17:28 - 00000000 ____D () C:\Users\Michael\Downloads\PowerDesk Pro v7.0.1.3
2014-07-17 17:27 - 2014-07-17 17:27 - 00026267 _____ () C:\Users\Michael\Downloads\[kickassunblock.net]powerdesk.pro.7.torrent
2014-07-17 17:27 - 2014-07-17 17:27 - 00013583 _____ () C:\Users\Michael\Downloads\[kickassunblock.net]a.powerdesk.pro.v7.0.1.3.with.keygen.torrent
2014-07-17 17:27 - 2014-07-17 17:26 - 20964928 _____ (Copernic, a division of N. Harris Copernic Systems) C:\Users\Michael\Downloads\copernicdesktopsearch.exe
2014-07-17 17:18 - 2014-07-17 17:06 - 00000000 ____D () C:\Program Files\avan
2014-07-17 17:15 - 2014-07-17 17:08 - 00000813 _____ () C:\Users\Michael\Desktop\PDExploNXP.exe.lnk
2014-07-17 17:05 - 2014-07-17 16:45 - 00000000 ____D () C:\Users\Michael\Downloads\PowerDesk 9 Final
2014-07-17 16:45 - 2014-07-17 16:43 - 00000000 ____D () C:\Users\Michael\Downloads\Best of Starvation Bundle
2014-07-17 16:00 - 2014-07-17 15:52 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\qBittorrent
2014-07-17 15:53 - 2013-04-18 01:25 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\BITS
2014-07-17 15:52 - 2014-07-17 15:52 - 00000000 ____D () C:\Users\Michael\AppData\Local\qBittorrent
2014-07-17 15:51 - 2014-07-17 15:51 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\qBittorrent
2014-07-17 15:51 - 2014-07-17 15:51 - 00000000 ____D () C:\Program Files (x86)\qBittorrent
2014-07-17 15:47 - 2014-07-17 15:46 - 10509452 _____ (The qBittorrent project) C:\Users\Michael\Downloads\qbittorrent_3.1.9.2_setup.exe
2014-07-17 15:39 - 2014-07-17 15:38 - 01859152 _____ (BitTorrent Inc.) C:\Users\Michael\Downloads\uTorrent (2).exe
2014-07-17 13:27 - 2012-10-26 01:31 - 00000000 ___HD () C:\Program Files (x86)\Temp
2014-07-17 13:26 - 2014-07-10 02:05 - 00002655 _____ () C:\WINDOWS\setupact.log
2014-07-17 13:25 - 2014-07-17 13:25 - 00000000 ____D () C:\Program Files\Realtek
2014-07-17 13:25 - 2014-03-11 15:59 - 00000000 ____D () C:\WINDOWS\SysWOW64\RTCOM
2014-07-17 11:34 - 2014-07-17 11:24 - 333229760 _____ (Lenovo Group Limited ) C:\Users\Michael\Downloads\audio129w81.exe
2014-07-17 11:24 - 2014-07-17 11:24 - 02024376 _____ (Easeware ) C:\Users\Michael\Downloads\Lenovo_Downloader_for_5_0pau05w8.exe
2014-07-17 11:23 - 2014-07-17 11:23 - 02024376 _____ (Easeware ) C:\Users\Michael\Downloads\Lenovo_Downloader_for_0pau05w8.exe
2014-07-17 10:43 - 2013-04-17 16:12 - 00000000 ____D () C:\Program Files (x86)\EndNote X4
2014-07-16 17:20 - 2014-03-13 21:28 - 00000000 ____D () C:\Users\Michael\AppData\Local\Deployment
2014-07-16 15:54 - 2014-07-16 15:43 - 00000610 _____ () C:\Users\Michael\Desktop\002.part.met.bak
2014-07-16 15:54 - 2014-07-16 15:43 - 00000610 _____ () C:\Users\Michael\Desktop\002.part.met
2014-07-16 15:43 - 2014-07-16 15:43 - 00000000 _____ () C:\Users\Michael\Desktop\002.part
2014-07-16 13:11 - 2014-07-16 13:11 - 00394227 _____ () C:\Users\Michael\Downloads\valussichapter.zip
2014-07-15 21:40 - 2014-07-15 21:40 - 00146183 _____ () C:\Users\Michael\Downloads\YouTube-Unblocker-056.crx
2014-07-15 12:42 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-07-15 12:27 - 2012-10-26 01:19 - 00000000 ____D () C:\ProgramData\Intel
2014-07-15 12:27 - 2012-07-26 07:37 - 00000000 ____D () C:\Users\Default.migrated
2014-07-15 12:26 - 2014-07-15 12:26 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless
2014-07-15 12:26 - 2014-07-15 12:26 - 00000000 ____D () C:\Program Files (x86)\Cisco
2014-07-15 12:26 - 2012-10-26 01:32 - 00000000 ____D () C:\ProgramData\Intel.sav
2014-07-15 12:26 - 2012-10-26 01:18 - 00000000 ____D () C:\Program Files\Common Files\Intel
2014-07-15 12:26 - 2012-10-26 01:16 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-07-15 12:25 - 2014-07-15 12:25 - 00011420 _____ () C:\WINDOWS\DPINST.LOG
2014-07-15 12:25 - 2014-07-15 12:25 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp
2014-07-15 12:25 - 2014-03-11 15:57 - 00000000 ____D () C:\Program Files\Intel
2014-07-15 12:23 - 2013-04-30 15:07 - 00000000 ____D () C:\ProgramData\Package Cache
2014-07-15 12:22 - 2014-07-15 12:17 - 95240144 _____ (Intel® Corporation) C:\Users\Michael\Downloads\Wireless_16.11.0_e164.exe
2014-07-15 12:17 - 2014-07-15 12:17 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\SystemRequirementsLab
2014-07-15 12:17 - 2014-07-15 12:17 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab
2014-07-15 12:00 - 2014-07-12 16:51 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\VOPackage
2014-07-15 11:40 - 2014-07-15 11:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-07-15 11:40 - 2014-07-15 11:40 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-07-15 11:14 - 2012-07-26 10:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2014-07-15 11:06 - 2014-07-15 11:05 - 00321848 _____ (Malwarebytes Corporation) C:\Users\Michael\Downloads\mbam-clean-2.1.1.1001.exe
2014-07-15 08:46 - 2014-07-15 08:46 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Michael\Downloads\mbam-setup-2.0.2.1012 (1).exe
2014-07-15 08:46 - 2014-07-15 08:45 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Michael\Downloads\mbam-setup-2.0.2.1012.exe
2014-07-14 23:54 - 2014-07-14 23:54 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Norton 360
2014-07-14 23:53 - 2014-07-14 23:20 - 00003206 _____ () C:\WINDOWS\System32\Tasks\Norton WSC Integration
2014-07-14 23:53 - 2014-07-14 23:20 - 00002350 _____ () C:\Users\Public\Desktop\Norton 360.lnk
2014-07-14 23:53 - 2014-07-14 23:18 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2014-07-14 23:53 - 2014-07-14 23:18 - 00000000 ____D () C:\WINDOWS\system32\Drivers\N360x64
2014-07-14 23:20 - 2014-07-14 23:20 - 00177752 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2014-07-14 23:20 - 2014-07-14 23:20 - 00008222 _____ () C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2014-07-14 23:20 - 2014-07-14 23:20 - 00000000 ____D () C:\Program Files\Common Files\Symantec Shared
2014-07-14 23:20 - 2014-07-14 23:18 - 00000000 ____D () C:\ProgramData\Norton
2014-07-14 23:18 - 2014-07-14 23:18 - 00000000 ____D () C:\Program Files (x86)\Norton 360
2014-07-14 22:44 - 2014-07-14 22:44 - 00000000 ____D () C:\Users\Michael\Downloads\Norton (All versions) 2014
2014-07-13 00:08 - 2013-04-19 15:29 - 00007607 _____ () C:\Users\Michael\AppData\Local\Resmon.ResmonCfg
2014-07-12 16:44 - 2014-07-12 16:43 - 23313752 _____ (DVDVideoSoft Ltd. ) C:\Users\Michael\Desktop\FreeVideoCallRecorderForSkype.exe
2014-07-12 16:44 - 2014-07-12 16:43 - 00288344 _____ ( ) C:\Users\Michael\Desktop\VOPackage.exe
2014-07-11 17:15 - 2014-07-08 15:50 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-07-11 17:15 - 2014-07-08 15:49 - 00000000 ____D () C:\Users\Michael\Desktop\mbar
2014-07-11 16:08 - 2014-07-10 14:44 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\baidu
2014-07-11 04:38 - 2014-03-12 14:48 - 00000000 ____D () C:\Users\Michael\Downloads\Daemontools.Ultra
2014-07-11 04:37 - 2014-03-12 15:23 - 00000000 ____D () C:\Users\Michael\Downloads\Alcohol 120% 2.0.2.5830
2014-07-11 04:37 - 2013-04-28 15:10 - 00000000 ____D () C:\Users\Michael\Downloads\DAEMON Tools Pro Advanced v5.2.0. 0348 Crack [mindcrasher]
2014-07-11 00:04 - 2014-07-11 00:04 - 02347384 _____ (ESET) C:\Users\Michael\Downloads\esetsmartinstaller_enu.exe
2014-07-11 00:04 - 2014-07-11 00:04 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-07-10 19:23 - 2013-04-30 11:36 - 00358616 _____ (Trusteer Ltd.) C:\WINDOWS\system32\Drivers\RapportKE64.sys
2014-07-10 19:23 - 2013-04-30 11:36 - 00288440 _____ (Trusteer Ltd.) C:\WINDOWS\system32\Drivers\RapportHades64.sys
2014-07-10 14:44 - 2014-07-10 14:44 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\BaiduYunGuanjia
2014-07-10 14:23 - 2014-07-10 14:19 - 39627458 _____ () C:\Users\Michael\Downloads\The_Book_of_Changes236.rar
2014-07-10 14:21 - 2014-07-10 14:18 - 32019927 _____ () C:\Users\Michael\Downloads\others710.rar
2014-07-10 09:13 - 2014-07-10 09:13 - 04181856 _____ (Kaspersky Lab ZAO) C:\Users\Michael\Downloads\tdsskiller.exe
2014-07-10 02:05 - 2014-07-10 02:05 - 00000000 _____ () C:\WINDOWS\setuperr.log
2014-07-10 02:02 - 2014-07-10 02:02 - 00000616 _____ () C:\Users\Michael\Desktop\JRT.txt
2014-07-10 01:58 - 2014-07-09 20:32 - 00000000 ____D () C:\AdwCleaner
2014-07-10 00:27 - 2014-07-10 00:27 - 04872677 _____ () C:\Users\Michael\Downloads\mbam-chameleon-3.1.4.0.zip
2014-07-10 00:07 - 2014-07-10 00:07 - 00304620 _____ () C:\Users\Michael\Downloads\RefMan (RIS) Export.ens
2014-07-09 20:26 - 2014-07-09 20:26 - 01348263 _____ () C:\Users\Michael\Downloads\adwcleaner_3.215.exe
2014-07-09 18:18 - 2014-07-09 18:18 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-07-09 18:17 - 2014-07-09 18:17 - 01016261 _____ (Thisisu) C:\Users\Michael\Downloads\JRT.exe
2014-07-09 18:13 - 2014-04-04 21:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-07-09 18:13 - 2014-04-04 21:12 - 00000000 ____D () C:\Program Files\CCleaner
2014-07-09 10:29 - 2012-07-26 09:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-07-08 19:43 - 2013-05-16 14:58 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-07-08 15:48 - 2014-07-08 15:48 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Michael\Downloads\mbar-1.07.0.1012.exe
2014-07-07 10:13 - 2014-07-07 10:12 - 29183200 _____ (Microsoft Corporation) C:\Users\Michael\Downloads\Windows-KB890830-x64-V5.13.exe
2014-07-07 10:10 - 2014-07-07 10:10 - 00688992 _____ (Swearware) C:\Users\Michael\Downloads\dds.scr
2014-07-07 10:10 - 2014-07-07 10:10 - 00380416 _____ () C:\Users\Michael\Downloads\znpuyv3z.exe
2014-07-07 10:10 - 2014-07-07 10:10 - 00050688 _____ (Atribune.org) C:\Users\Michael\Downloads\ATF-Cleaner.exe
2014-07-04 15:26 - 2014-07-04 15:26 - 01530368 _____ () C:\Users\Michael\Downloads\PMPH Terms List (updated 2010-5-18) use CTRL+F to search.xls
2014-07-04 15:26 - 2014-07-04 15:26 - 00980480 _____ () C:\Users\Michael\Downloads\WFAS Terms List .xls
2014-07-04 15:26 - 2014-07-04 15:26 - 00980480 _____ () C:\Users\Michael\Downloads\WFAS Terms List  (1).xls
2014-07-04 14:44 - 2013-05-06 22:48 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\vlc
2014-07-03 18:39 - 2014-07-03 18:39 - 00001093 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-07-03 18:39 - 2014-07-03 18:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-07-03 17:48 - 2014-07-03 17:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
2014-07-03 17:48 - 2014-07-03 17:48 - 00000000 ____D () C:\Program Files (x86)\DVDVideoSoft
2014-07-03 17:48 - 2014-07-03 17:46 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\DVDVideoSoft
2014-07-02 17:19 - 2014-07-02 17:09 - 00001024 _____ () C:\Get_Info4.DAT
2014-07-02 17:18 - 2014-07-02 17:18 - 00003110 _____ () C:\WINDOWS\System32\Tasks\{4751B92F-130E-4C36-8A72-C4BF431E1D31}
2014-07-02 17:15 - 2014-07-02 17:15 - 00003110 _____ () C:\WINDOWS\System32\Tasks\{12933184-2889-493C-BEDC-A6BF45316B23}
2014-07-02 17:14 - 2014-03-11 23:42 - 00000000 ____D () C:\Users\Michael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft AppLocale
2014-07-02 17:10 - 2013-04-15 22:22 - 00000000 ____D () C:\Users\Michael\AppData\Local\VirtualStore
2014-07-02 17:09 - 2014-07-02 17:09 - 00000000 _____ () C:\WINDOWS\SysWOW64\Ifsmg04.sys
2014-07-02 17:09 - 2014-07-02 17:09 - 00000000 _____ () C:\WINDOWS\Rapidl04.dll
2014-07-02 17:07 - 2014-07-02 17:07 - 00286720 _____ (Indigo Rose Corporation) C:\WINDOWS\iun503.exe
2014-07-02 17:07 - 2014-07-02 17:07 - 00001938 _____ () C:\Users\UpdatusUser\Desktop\Encyclopaedia of TCM.lnk
2014-07-02 17:07 - 2014-07-02 17:07 - 00001938 _____ () C:\Users\Michael\Desktop\Encyclopaedia of TCM.lnk
2014-07-02 17:07 - 2014-07-02 17:07 - 00001938 _____ () C:\Users\fbwuser\Desktop\Encyclopaedia of TCM.lnk
2014-07-02 17:07 - 2014-07-02 17:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\knowledge
2014-07-02 17:07 - 2014-07-02 17:07 - 00000000 ____D () C:\Program Files (x86)\knowledge
2014-07-02 17:07 - 2013-08-22 17:36 - 00000000 ____D () C:\WINDOWS\System
2014-06-28 17:45 - 2014-06-28 17:45 - 00000000 ____D () C:\Users\Michael\AppData\Local\PunkBuster
 
Some content of TEMP:
====================
C:\Users\Michael\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmprqasen.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
safeboot: ==> The system is configured to boot to Safe Mode <===== ATTENTION!
 
 
LastRegBack: 2014-07-26 23:14
 
==================== End Of Log ============================

 

Link to post
Share on other sites

I to have 2 systems like that.  Both started today.

First system was showing fakems.ed blocked starting this afternoon.

More than 10000 files.

 

So, I brought in 2nd system that is less than 2 month old with win 7 pro, AVG internet security 2014, Malwarebyte pro.

No other software installed.  After finishing malwarebyte update about 10min ago, in started showing the block messages.

I just shutdown the system.

 

I am pretty sure it has somethimg to do with malwarebyte update.

Since the system only been started 4 times for updates, there is no way for it to get such infection.

Link to post
Share on other sites

  • Staff

Hello all-

 

Anyone with this issue if your system boots up, please try system restore from safe mode.

 

Also let us know what OS and language you're running.

 

The issue was corrected with Malware Database: v2014.07.27.02 and up

Link to post
Share on other sites

I have MBAM pro running on Windows 7 64-bit English on two of my PC's. Ran into this problem on both of them today. To make matters worse, I deleted some quaranteend files (from system32 folder of course) naively thinking it might help, and was not able to boot into Windows anymore, not even safe mode.( I would only see a black screen with a mouse curser hanging on forever). So I popped in my Windows 7 64-bit System Repair CD I created a few months ago(any PC running Windows 7, whether 32 or 64 bit is able to create this CD, if yout don't have one, just borrow a PC from someone else to create one, it only takes a few minutes). Booted the PC using the CD. On the 1st PC, I did a system restore from an earlier point(two days ago), I was able to boot into Windows again. On the 2nd PC, system restore did not work saying that it could not find any points created. So I did a startup repair, which automatically rebooted my PC a few times, and I was able to boot into Windows again also. However, I was still not able to launch Malwarebytes on both PC's. Then I saw this forum and followed instructions posted by MB staff which was to run the cleanout tool, then restall, then reactivate. Now everything is back to normal again.

Link to post
Share on other sites

Well, both systems are win 7 64bit. I removed malwarebyte from win8.1 laptop. I will probably re install it.

My main system has all the data in separate drive.  However, Malwarebyte quarantined way to many files and I tried to boot a few times without success. Need to spend at least 12 hours to install & update.

The newer system is partially recovered.

 

Thank Malwarebyte for doing an awful job with update.  1 messed up update caused a lot of works.

Did they evev tested the update before release? 

 

Back to work.

Link to post
Share on other sites

Hi, I'm the original poster on this thread, my scans are above.

 

My system is Win 8.1

 

I can boot to Safe Mode.  But I can't System Restore. It replies:

 

"Cannot access the kernel driver.

Make sure the kernel module has been loaded successfully."

 

I'm sure that's helpful advice if I had any idea what it means or how to do it.  

 

Thanks in advance for your suggestions.

Link to post
Share on other sites

Hi, I'm the original poster on this thread, my scans are above.

 

My system is Win 8.1

 

I can boot to Safe Mode.  But I can't System Restore. It replies:

 

"Cannot access the kernel driver.

Make sure the kernel module has been loaded successfully."

 

I'm sure that's helpful advice if I had any idea what it means or how to do it.  

 

Thanks in advance for your suggestions.

I neglected to mention, the title of the window giving this error is "VMLite - Runtime Error."

Link to post
Share on other sites

Tried to Run MBAM in Safe mode, and then in normal mode.  Got this error:

 

The exception unknown software exception (0x40000015) occurred in the application at location 0x6b08d6dfd.  Click OK to terminate the program.

 

Tried to download and reinstall MBAM, got error as follows:

Internal Error: Expression error 'Runtime Error (at: 79:177): External exception E06D7363

 

and same exception error again:

 

Runtime Error (at 69:252) and again (at 45:89)

External exception E06D7363 

 

and the same application error as at top of this post.

 

Now quite anxious I won't be able to recover the quarantined system files.

Link to post
Share on other sites

I had to use MBAM Cleaner to uninstall, and then I could reinstall successfully.  But now my old quarantine log is deleted, and I don't know what's happened with those system files?  When Cleaner uninstalls, does it restore the quarantined elements?

Link to post
Share on other sites

Hi, so I understand this was a problem due to an MBAM update?  I've paid for the software, and have been a long time MBAM enthusiast although only now just joined the forum because this is an MBAM-origin problem.  I would really appreciate some support on how to retrieve the old quarantined files and restore them to my system.

 

I've responded to your suggestion about restoring under safe mode and am running Win 8.1 English, and have been hoping for some suggestions for about 14 hours now.  1PW kindly PM'ed me, but effectively to say "Wait, don't do anything."

 

I'm still here, looking forward to your suggestions.  Thanks!

Link to post
Share on other sites

Same thing happened to me as well.

 

Came home after a night out this early morning, turn on my computer, then started getting numerous popups saying that basically all processes couldn't start. I freaked out, then restarted my computer. Upon restart it seemed like it has gotten worse. Explorer wasn't responding, and etc. Searched for this issue and found this post. I went on to uninstalling it, and upon uninstall - it was even worse. Internet wouldn't connect, none of the system processes (i.e. explorer) would work. Rebooted under safe mode and restored my system to a snapshot from 7 days ago... (latest one available).

 

If this is indeed the fault of an MBAM update, I'm not sure if I can trust this software enough to continue using it. Can an official representative please give us an update on this. Exactly how/why this happened, how it will be prevented in the future. I'm sure anyone that ran into this issue will feel the same way... I feel conned and ripped off.. How can a software that was meant to prevent things like this...... cause it?

Link to post
Share on other sites

  • Staff

Hello all-

 

The original topic starter is now being assisted in support, therefore, I will close this topic and any others who have had the same incident occur, please create your own topic here in the forums or submit a helpdesk request, but kindly do not do both.

 

Thanks for your patience and understanding.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.