Jump to content

superiend


marinedog

Recommended Posts

Hi 

 

I am having problems with superiend which keeps popping up adverts when I use links. I have done the looking at my list of programs for something fishy to uninstall but cannot see anything. Anyone else come across superiend and found a way to remove it? I have looked on the internet and keep seeing suggestions that Spy hunter would remove it but I am a bit loathe to go down the route of adding something else into the mix. 

Link to post
Share on other sites

Hi & :welcome:

My name is Jürgen and I will be assisting you with your Malware related problems.

Before we move on, please read the following points carefully. :excl:

  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
P2P/Piracy Warning:
  • If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.
  • Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now and read the policy on Piracy.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png

Please download Farbar Recovery Scan Tool and save it to your Desktop.

(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)

  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.
Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-09-2014

Ran by rthain at 2014-09-28 14:14:25

Running from C:\Users\rthain\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden

AMD Accelerated Video Transcoding (Version: 12.10.100.30424 - Advanced Micro Devices, Inc.) Hidden

AMD Catalyst Install Manager (HKLM\...\{FA5043AF-EAC4-C06E-18B0-A184923DC7CC}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)

AMD Fuel (Version: 2013.0424.1659.28626 - Advanced Micro Devices, Inc.) Hidden

AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.4.4.0 - AppEx Networks)

Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

ccc-utility64 (Version: 2013.0424.1659.28626 - Advanced Micro Devices, Inc.) Hidden

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)

Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden

HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)

HP Deskjet F4500 All-in-One Driver 14.0 Rel. 6 (HKLM\...\{0AFFEA39-60AF-4C4F-BB47-4A1F7CB12129}) (Version: 14.0 - HP)

HP Deskjet F4500 All-in-One Driver Software 14.0 Rel. 6 (HKLM\...\{FD126052-310E-4364-937B-6B5564F24578}) (Version: 14.0 - HP)

HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)

HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)

iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)

iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)

Lenovo OneKey Recovery (Version: 8.0.0.1219 - CyberLink Corp.) Hidden

Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.14.1 - ELAN Microelectronic Corp.)

Lenovo Solution Center (HKLM\...\{D60E3A84-5DDC-49ED-B9A5-E3466996EB36}) (Version: 2.3.002.00 - Lenovo Group Limited)

Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)

Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4649.1003 - Microsoft Corporation)

Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)

Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)

Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837B34E3-7C30-493C-8F6A-2B0F04E2912C}) (Version:  - )

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version:  - )

Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden

Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4649.1003 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Licensing Component (Version: 15.0.4649.1003 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4649.1003 - Microsoft Corporation) Hidden

PHOTOfunSTUDIO 8.3 PE (HKLM-x32\...\{5F07A881-4A7F-4F16-AF9E-F2202B504A91}) (Version: 8.03.713 - Panasonic Corporation)

SILKYPIX Developer Studio 3.1 SE (HKLM-x32\...\InstallShield_{0A04086B-0B71-43C3-95EF-FDFC4C18D161}) (Version: 3 - Ichikawa Soft Laboratory)

SILKYPIX Developer Studio 3.1 SE (x32 Version: 3 - Ichikawa Soft Laboratory) Hidden

Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)

Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)

Windows Driver Package - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)

Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

CustomCLSID: HKU\S-1-5-21-2069769180-886861901-593725835-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\rthain\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\FileSyncApi64.dll (Microsoft Corporation)

 

==================== Restore Points  =========================

 

08-09-2014 12:00:36 Installed iTunes

15-09-2014 13:46:05 Windows Update

17-09-2014 12:26:56 Installed iTunes

25-09-2014 10:00:15 Removed Apple Mobile Device Support

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {0273F0E5-B392-4040-897C-88E58D58A131} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask

Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList

Task: {178341D9-6A43-4921-968F-49E1A96B02D9} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics

Task: {1BA79801-C587-4B85-9826-A4360C9361A4} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-08-12] (Microsoft Corporation)

Task: {1CE7E27E-9796-4882-8549-A842589BE012} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management

Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask

Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate

Task: {3464D1DC-7077-4541-8DEA-2442E9A2C002} - System32\Tasks\IHSelfDeleteTASK => CMD

Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)

Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)

Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance

Task: {4FDD21E9-93A2-4A1F-8976-B611B1453DFD} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation

Task: {5216F248-F1B3-47F2-8FA1-8E20E9545220} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload

Task: {5FFCF0E3-A441-4FAE-B542-A3DE94FB78CB} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)

Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup

Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task

Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask

Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState

Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task

Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask

Task: {8E5527C9-40FB-48DE-83C0-ECF63125ADD4} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-09-25] ()

Task: {94E0755B-AD5F-42A0-AC64-A17E2CF83444} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-09-10] (Microsoft Corporation)

Task: {94F53616-87EA-41A2-8AD1-B5BA3B9105A0} - System32\Tasks\IHUninstallTrackingTASK => CMD

Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work

Task: {A007B7F5-CAEF-4625-A2AA-D54C5097C300} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-07] (Google Inc.)

Task: {A1F9865C-B78F-4B68-A3D7-97B9D8C53285} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2014-03-25] (AnyProtect by CMI) <==== ATTENTION

Task: {CAAE6675-2342-42EA-A59B-126BAD184E72} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-07] (Google Inc.)

Task: {CB78DEDD-BB6C-4732-80EE-B0F5BDE3272D} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2014-03-25] (AnyProtect by CMI) <==== ATTENTION

Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask

Task: {D11A9F0F-23C4-4C34-99E8-7807BFB9EC05} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2013-09-25] (Lenovo)

Task: {D86ECD2F-5E29-4D57-A199-DEED69296294} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-09-25] (Lenovo)

Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing

Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization

Task: {E1837F55-CE24-4E70-9E7F-B1A3B15933BF} - System32\Tasks\Microsoft Office 15 Sync Maintenance for HEREWARD-rthain Hereward => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-09-25] (Microsoft Corporation)

Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE

Task: {EBC124A1-64D3-43B6-94BA-07922F30C15C} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"

Task: {F65DEEB1-7C31-409B-B4F9-8B9863F3746F} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv

Task: {F96B5C94-E2AA-4BD8-AC45-A66256D49D12} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-09-25] ()

Task: {FD3877A3-2026-4F25-BBE6-AB783650B593} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2014-03-25] (AnyProtect by CMI) <==== ATTENTION

Task: {FF96CA05-9B30-4DC5-90AB-F0B404D98A86} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2069769180-886861901-593725835-1002 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe

Task: C:\WINDOWS\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION

Task: C:\WINDOWS\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION

Task: C:\WINDOWS\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2013-04-25 01:10 - 2013-04-25 01:10 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll

2014-04-05 15:15 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll

2014-09-25 10:07 - 2014-09-25 10:07 - 08894120 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll

2013-04-25 01:10 - 2013-04-25 01:10 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll

2014-03-25 14:46 - 2014-03-25 14:46 - 00186496 _____ () c:\Program Files (x86)\Optimizer Pro\OptProCrashSvc.dll

2014-03-25 14:46 - 2014-03-25 14:46 - 02961368 _____ () c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll

2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2013-06-10 07:37 - 2012-07-12 13:59 - 00891392 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtNetwork4.dll

2013-06-10 07:37 - 2012-07-12 13:59 - 02281984 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtCore4.dll

2013-06-10 07:37 - 2012-07-12 13:59 - 00016896 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\featureController.dll

2013-06-10 07:37 - 2012-07-12 13:59 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\osEvents.dll

2013-06-10 07:37 - 2012-07-12 13:59 - 00322048 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\log4cplus.dll

2013-06-10 07:37 - 2012-07-12 13:59 - 00339456 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtXml4.dll

2013-06-10 07:37 - 2012-07-12 13:59 - 00400384 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\sqlite3.dll

2013-06-10 07:37 - 2012-07-12 13:59 - 00195584 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\libgsoap.dll

2013-06-10 07:37 - 2012-07-12 13:59 - 00062464 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\zlib1.dll

2013-06-10 07:37 - 2012-07-12 13:59 - 00446976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\deviceProfile.dll

2013-06-10 07:37 - 2012-07-12 13:59 - 00019456 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\eventsSender.dll

2013-06-10 07:37 - 2012-07-12 13:59 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManagerStarter.dll

2014-09-08 12:38 - 2014-08-26 17:47 - 01491968 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll

2014-09-08 12:38 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll

2014-04-12 10:41 - 2014-04-02 02:57 - 00065352 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll

2014-04-12 10:41 - 2014-04-02 02:57 - 00674632 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libglesv2.dll

2014-04-12 10:41 - 2014-04-02 02:57 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libegl.dll

2014-04-12 10:41 - 2014-04-02 02:57 - 04081480 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll

2014-04-12 10:41 - 2014-04-02 02:58 - 00390472 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll

2014-04-12 10:41 - 2014-04-02 02:57 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll

2014-04-12 10:41 - 2014-04-02 02:58 - 13691720 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

 

========================= Accounts: ==========================

 

Administrator (S-1-5-21-2069769180-886861901-593725835-500 - Administrator - Disabled)

Guest (S-1-5-21-2069769180-886861901-593725835-501 - Limited - Disabled)

rthain (S-1-5-21-2069769180-886861901-593725835-1002 - Administrator - Enabled) => C:\Users\rthain

 

==================== Faulty Device Manager Devices =============

 

Name: Deskjet F4500 series

Description: Deskjet F4500 series

Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}

Manufacturer: HP

Service: 

Problem: : This device is disabled. (Code 22)

Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (09/28/2014 10:14:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 80435922

 

Error: (09/28/2014 10:14:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 80435922

 

Error: (09/28/2014 10:14:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (09/27/2014 10:39:08 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )

Description: 80070005

 

Error: (09/27/2014 10:26:54 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Client application bug: DNSServiceResolve(38:48:4c:cc:0d:1f@fe80::3a48:4cff:fecc:d1f._apple-mobdev2._tcp.local.) active for over two minutes. This places considerable burden on the network.

 

Error: (09/27/2014 10:26:54 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Client application bug: DNSServiceResolve(38:48:4c:cc:0d:1f@fe80::3a48:4cff:fecc:d1f._apple-mobdev2._tcp.local.) active for over two minutes. This places considerable burden on the network.

 

Error: (09/27/2014 10:24:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: ERROR: handle_resolve_request bad interfaceIndex 24

 

Error: (09/27/2014 10:24:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: ERROR: handle_resolve_request bad interfaceIndex 23

 

Error: (09/27/2014 10:24:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: ERROR: handle_resolve_request bad interfaceIndex 22

 

Error: (09/27/2014 10:24:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: ERROR: handle_resolve_request bad interfaceIndex 21

 

 

System errors:

=============

Error: (09/26/2014 08:31:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The AppEx Networks Accelerator LWF service failed to start due to the following error: 

%%31

 

Error: (09/26/2014 08:31:18 PM) (Source: APXACC) (EventID: 1003) (User: )

Description: The NDIS6 LWF initialization has failed. (0xC0000001)

 

Error: (09/26/2014 08:30:12 PM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The Superfetch service terminated with the following error: 

%%1062

 

Error: (09/26/2014 08:29:54 PM) (Source: DCOM) (EventID: 10010) (User: HEREWARD)

Description: {D63B10C5-BB46-4990-A94F-E40B9D520160}

 

Error: (09/26/2014 08:29:54 PM) (Source: DCOM) (EventID: 10010) (User: HEREWARD)

Description: {D63B10C5-BB46-4990-A94F-E40B9D520160}

 

Error: (09/26/2014 08:29:54 PM) (Source: DCOM) (EventID: 10010) (User: HEREWARD)

Description: {D63B10C5-BB46-4990-A94F-E40B9D520160}

 

Error: (09/26/2014 08:29:54 PM) (Source: DCOM) (EventID: 10010) (User: HEREWARD)

Description: {D63B10C5-BB46-4990-A94F-E40B9D520160}

 

Error: (09/26/2014 08:29:52 PM) (Source: DCOM) (EventID: 10010) (User: HEREWARD)

Description: {D63B10C5-BB46-4990-A94F-E40B9D520160}

 

Error: (09/26/2014 08:29:47 PM) (Source: DCOM) (EventID: 10010) (User: HEREWARD)

Description: {16D99191-6280-4B33-A2F5-04805A0FC582}

 

Error: (09/26/2014 07:06:25 PM) (Source: DCOM) (EventID: 10010) (User: HEREWARD)

Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

 

 

Microsoft Office Sessions:

=========================

Error: (09/28/2014 10:14:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 80435922

 

Error: (09/28/2014 10:14:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 80435922

 

Error: (09/28/2014 10:14:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (09/27/2014 10:39:08 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )

Description: 80070005

 

Error: (09/27/2014 10:26:54 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Client application bug: DNSServiceResolve(38:48:4c:cc:0d:1f@fe80::3a48:4cff:fecc:d1f._apple-mobdev2._tcp.local.) active for over two minutes. This places considerable burden on the network.

 

Error: (09/27/2014 10:26:54 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Client application bug: DNSServiceResolve(38:48:4c:cc:0d:1f@fe80::3a48:4cff:fecc:d1f._apple-mobdev2._tcp.local.) active for over two minutes. This places considerable burden on the network.

 

Error: (09/27/2014 10:24:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: ERROR: handle_resolve_request bad interfaceIndex 24

 

Error: (09/27/2014 10:24:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: ERROR: handle_resolve_request bad interfaceIndex 23

 

Error: (09/27/2014 10:24:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: ERROR: handle_resolve_request bad interfaceIndex 22

 

Error: (09/27/2014 10:24:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: ERROR: handle_resolve_request bad interfaceIndex 21

 

 

CodeIntegrity Errors:

===================================

  Date: 2014-04-01 09:47:55.573

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements.

 

  Date: 2014-04-01 09:47:55.445

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements.

 

 

==================== Memory info =========================== 

 

Processor: AMD A8-5550M APU with Radeon HD Graphics 

Percentage of memory in use: 52%

Total physical RAM: 3268.26 MB

Available physical RAM: 1539.43 MB

Total Pagefile: 3908.26 MB

Available Pagefile: 1523.79 MB

Total Virtual: 131072 MB

Available Virtual: 131071.84 MB

 

==================== Drives ================================

 

Drive c: (Windows8_OS) (Fixed) (Total:891.81 GB) (Free:784.88 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:23.19 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 931.5 GB) (Disk ID: 6527829E)

 

Partition: GPT Partition Type.

 

==================== End Of Log ============================

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-09-2014

Ran by rthain (administrator) on HEREWARD on 28-09-2014 14:12:26

Running from C:\Users\rthain\Downloads

Loaded Profile: rthain (Available profiles: rthain)

Platform: Windows 8.1 (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(AMD) C:\Windows\System32\atiesrxx.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe

(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe

(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(Microsoft Corporation) C:\Windows\System32\rundll32.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe

(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe

(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe

(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

(Panasonic Corporation) C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe

(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE

(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe

(Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe

(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2876816 2013-03-05] (ELAN Microelectronics Corp.)

HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2013-06-10] (Lenovo (Beijing) Limited)

HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2013-06-10] (Lenovo(beijing) Limited)

HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [552960 2013-03-01] (Vimicro)

HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642816 2013-04-25] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)

HKLM-x32\...\Run: [intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087776 2014-08-26] (Wondershare)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)

Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\570\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)

HKU\S-1-5-21-2069769180-886861901-593725835-1002\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-08-14] (Apple Inc.)

HKU\S-1-5-21-2069769180-886861901-593725835-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-08-08] (Apple Inc.)

HKU\S-1-5-21-2069769180-886861901-593725835-1002\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)

AppInit_DLLs: c:\progra~2\settin~1\systemk\x64\syskldr.dll => c:\progra~2\settin~1\systemk\x64\syskldr.dll File Not Found

AppInit_DLLs:  c:\progra~2\linkey\ieexte~1\iedll64.dll => c:\progra~2\linkey\ieexte~1\iedll64.dll File Not Found

AppInit_DLLs-x32: c:\progra~2\settin~1\systemk\syskldr.dll => "c:\progra~2\settin~1\systemk\syskldr.dll" File Not Found

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 8.3 PE.lnk

ShortcutTarget: PHOTOfunSTUDIO 8.3 PE.lnk -> C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation)

ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File

ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)

ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)

ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)

ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com

HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com

SearchScopes: HKLM - {25A72053-8D57-4117-B3BC-CBFB4BDDECF9} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS


SearchScopes: HKLM-x32 - {25A72053-8D57-4117-B3BC-CBFB4BDDECF9} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS

SearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&aid=130&itype=n&ver=11471&tm=301&src=ds&p={searchTerms}

SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 



SearchScopes: HKCU - {25A72053-8D57-4117-B3BC-CBFB4BDDECF9} URL = 


BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File

DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095} 

Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File

Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)

Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)

Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.1.254

 

FireFox:

========

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @exent.com/npExentControl,version=7.1.0.1 -> C:\Program Files (x86)\FreeRide Games\npExentControl.dll (Exent Technologies Ltd.)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

 

Chrome: 

=======

CHR DefaultSearchKeyword: Default -> google.co.uk

CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll ()

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll No File

CHR Plugin: (ExentÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂî AOD Gecko Plugin) - C:\Program Files (x86)\FreeRide Games\npExentControl.dll (Exent Technologies Ltd.)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File

CHR Plugin: (Nitro PDF plugin for Firefox and Chrome) - C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll No File

CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)

CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File

CHR Profile: C:\Users\rthain\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Drive) - C:\Users\rthain\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-07]

CHR Extension: (YouTube) - C:\Users\rthain\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-07]

CHR Extension: (Google Search) - C:\Users\rthain\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-07]

CHR Extension: (Google Wallet) - C:\Users\rthain\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-07]

CHR Extension: (Gmail) - C:\Users\rthain\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-07]

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 70e6ca8c; c:\Program Files (x86)\Optimizer Pro\OptProCrashSvc.dll [186496 2014-03-25] ()

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-04-25] (Advanced Micro Devices, Inc.) [File not signed]

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)

R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2428088 2014-08-12] (Microsoft Corporation)

R2 HPSLPSVC; C:\Users\rthain\AppData\Local\Temp\7zS194E\hpslpsvc64.dll [1039360 2013-07-19] (Hewlett-Packard Co.) [File not signed]

S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]

S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)

S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)

S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1674720 2013-09-25] ()

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)

S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]

S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)

R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]

S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)

S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)

R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)

R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [219360 2013-04-18] (AppEx Networks Corporation)

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [94208 2013-02-14] (Advanced Micro Devices)

R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)

S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)

S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)

R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-28] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)

R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1045248 2013-03-01] (Vimicro Corporation)

R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)

S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)

R2 X5XSEx_Pr148; C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.Sys [56136 2012-08-02] (Exent Technologies Ltd.)

S3 CnxtHdAudService; \SystemRoot\system32\drivers\CHDRT64.sys [X]

S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]

S3 MREMP50; \??\C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [X]

S3 MRESP50; \??\C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-09-28 14:12 - 2014-09-28 14:13 - 00021113 _____ () C:\Users\rthain\Downloads\FRST.txt

2014-09-28 14:10 - 2014-09-28 14:12 - 00000000 ____D () C:\FRST

2014-09-28 14:10 - 2014-09-28 14:10 - 02108928 _____ (Farbar) C:\Users\rthain\Downloads\FRST64.exe

2014-09-28 14:09 - 2014-09-28 14:10 - 01100288 _____ (Farbar) C:\Users\rthain\Downloads\FRST (2).exe

2014-09-28 14:09 - 2014-09-28 14:09 - 01100288 _____ (Farbar) C:\Users\rthain\Downloads\FRST (1).exe

2014-09-28 14:06 - 2014-09-28 14:06 - 01100288 _____ (Farbar) C:\Users\rthain\Downloads\FRST.exe

2014-09-26 20:04 - 2014-09-26 20:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud

2014-09-26 19:44 - 2014-09-26 19:44 - 00001806 _____ () C:\Users\Public\Desktop\iTunes.lnk

2014-09-26 19:44 - 2014-09-26 19:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

2014-09-26 19:43 - 2014-09-26 19:43 - 00000000 ____D () C:\Program Files\iPod

2014-09-26 19:42 - 2014-09-26 19:44 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2014-09-26 19:42 - 2014-09-26 19:44 - 00000000 ____D () C:\Program Files\iTunes

2014-09-26 19:42 - 2014-09-26 19:44 - 00000000 ____D () C:\Program Files (x86)\iTunes

2014-09-25 11:16 - 2014-09-25 11:16 - 00002535 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk

2014-09-25 11:16 - 2014-09-25 11:16 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Apple

2014-09-25 11:16 - 2014-09-25 11:16 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update

2014-09-25 11:15 - 2014-09-25 11:15 - 00000000 ____D () C:\Program Files\Bonjour

2014-09-25 11:15 - 2014-09-25 11:15 - 00000000 ____D () C:\Program Files (x86)\Bonjour

2014-09-25 10:53 - 2014-09-25 10:53 - 17291904 _____ (Malwarebytes Corporation ) C:\Users\rthain\Downloads\mbam_premium (1).exe

2014-09-24 17:34 - 2014-09-24 17:34 - 00011264 _____ () C:\Users\rthain\Downloads\HACS 2nd September 14.wps

2014-09-19 13:28 - 2014-09-19 13:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

2014-09-15 16:49 - 2014-09-28 13:52 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2014-09-15 16:49 - 2014-09-25 10:54 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-09-15 16:49 - 2014-09-25 10:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-09-15 16:49 - 2014-09-25 10:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-09-15 16:49 - 2014-09-15 16:49 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-09-15 16:49 - 2014-05-12 08:19 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

2014-09-15 16:49 - 2014-05-12 08:19 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys

2014-09-15 16:49 - 2014-05-12 08:19 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys

2014-09-15 15:42 - 2014-09-15 15:43 - 17291904 _____ (Malwarebytes Corporation ) C:\Users\rthain\Downloads\mbam_premium.exe

2014-09-14 10:02 - 2014-08-23 08:48 - 02374784 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe

2014-09-14 10:02 - 2014-08-23 08:13 - 02084520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe

2014-09-14 10:02 - 2014-08-23 07:10 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll

2014-09-14 10:02 - 2014-08-23 06:32 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll

2014-09-14 10:02 - 2014-08-23 05:44 - 02860032 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll

2014-09-14 10:02 - 2014-08-23 05:34 - 13423104 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll

2014-09-14 10:02 - 2014-08-23 05:33 - 00796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll

2014-09-14 10:02 - 2014-08-23 05:31 - 01038336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll

2014-09-14 10:02 - 2014-08-23 05:20 - 11818496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll

2014-09-14 10:02 - 2014-07-30 02:56 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll

2014-09-14 10:02 - 2014-07-29 06:22 - 00205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcpmon.dll

2014-09-14 10:01 - 2014-07-24 16:28 - 00468288 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS

2014-09-14 10:01 - 2014-07-24 16:28 - 00419648 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys

2014-09-14 10:01 - 2014-07-24 16:28 - 00412992 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys

2014-09-14 10:01 - 2014-07-24 16:28 - 00143680 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys

2014-09-14 10:01 - 2014-07-24 16:23 - 01519488 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll

2014-09-14 10:01 - 2014-07-24 16:20 - 21266336 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll

2014-09-14 10:01 - 2014-07-24 16:20 - 00645592 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll

2014-09-14 10:01 - 2014-07-24 16:16 - 02574208 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL

2014-09-14 10:01 - 2014-07-24 16:16 - 00211216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVol.exe

2014-09-14 10:01 - 2014-07-24 16:07 - 07424320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe

2014-09-14 10:01 - 2014-07-24 16:07 - 02009920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys

2014-09-14 10:01 - 2014-07-24 16:05 - 01660048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi

2014-09-14 10:01 - 2014-07-24 16:05 - 01519560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe

2014-09-14 10:01 - 2014-07-24 16:05 - 01488008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi

2014-09-14 10:01 - 2014-07-24 16:05 - 01356840 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe

2014-09-14 10:01 - 2014-07-24 16:03 - 02141920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll

2014-09-14 10:01 - 2014-07-24 16:03 - 00882136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll

2014-09-14 10:01 - 2014-07-24 16:03 - 00818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll

2014-09-14 10:01 - 2014-07-24 16:03 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll

2014-09-14 10:01 - 2014-07-24 16:03 - 00205512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll

2014-09-14 10:01 - 2014-07-24 15:57 - 02515264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys

2014-09-14 10:01 - 2014-07-24 15:57 - 00475968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys

2014-09-14 10:01 - 2014-07-24 14:48 - 02410976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL

2014-09-14 10:01 - 2014-07-24 14:46 - 18760328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll

2014-09-14 10:01 - 2014-07-24 14:46 - 00477200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll

2014-09-14 10:01 - 2014-07-24 14:36 - 02145472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll

2014-09-14 10:01 - 2014-07-24 14:36 - 00707536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll

2014-09-14 10:01 - 2014-07-24 14:36 - 00674512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll

2014-09-14 10:01 - 2014-07-24 14:36 - 00355800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll

2014-09-14 10:01 - 2014-07-24 14:36 - 00180720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll

2014-09-14 10:01 - 2014-07-24 12:44 - 00674816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys

2014-09-14 10:01 - 2014-07-24 12:43 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys

2014-09-14 10:01 - 2014-07-24 12:42 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys

2014-09-14 10:01 - 2014-07-24 12:05 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll

2014-09-14 10:01 - 2014-07-24 12:05 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll

2014-09-14 10:01 - 2014-07-24 11:49 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersGPExt.dll

2014-09-14 10:01 - 2014-07-24 11:20 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll

2014-09-14 10:01 - 2014-07-24 11:10 - 01844224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll

2014-09-14 10:01 - 2014-07-24 11:10 - 00834560 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe

2014-09-14 10:01 - 2014-07-24 11:10 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll

2014-09-14 10:01 - 2014-07-24 11:09 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll

2014-09-14 10:01 - 2014-07-24 11:06 - 00438272 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll

2014-09-14 10:01 - 2014-07-24 10:52 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll

2014-09-14 10:01 - 2014-07-24 10:44 - 16874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll

2014-09-14 10:01 - 2014-07-24 10:39 - 00770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll

2014-09-14 10:01 - 2014-07-24 10:33 - 01741824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll

2014-09-14 10:01 - 2014-07-24 10:24 - 01817088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll

2014-09-14 10:01 - 2014-07-24 10:23 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll

2014-09-14 10:01 - 2014-07-24 10:16 - 12730880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll

2014-09-14 10:01 - 2014-07-24 10:12 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll

2014-09-14 10:01 - 2014-07-24 10:11 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\conhost.exe

2014-09-14 10:01 - 2014-07-24 10:10 - 00540672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll

2014-09-14 10:01 - 2014-07-24 10:03 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll

2014-09-14 10:01 - 2014-07-24 10:02 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll

2014-09-14 10:01 - 2014-07-24 09:53 - 01261056 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll

2014-09-14 10:01 - 2014-07-24 09:53 - 00449536 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll

2014-09-14 10:01 - 2014-07-24 09:49 - 01287680 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll

2014-09-14 10:01 - 2014-07-24 09:39 - 02397184 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll

2014-09-14 10:01 - 2014-07-24 09:38 - 00371200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll

2014-09-14 10:01 - 2014-07-24 09:32 - 01532416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll

2014-09-14 10:01 - 2014-07-24 09:29 - 00439296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll

2014-09-14 10:01 - 2014-07-24 09:27 - 00907776 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll

2014-09-14 10:01 - 2014-07-24 09:23 - 01404416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll

2014-09-14 10:01 - 2014-07-24 09:22 - 00487936 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv

2014-09-14 10:01 - 2014-07-24 09:21 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll

2014-09-14 10:01 - 2014-07-24 09:21 - 00302080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll

2014-09-14 10:01 - 2014-07-24 09:19 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll

2014-09-14 10:01 - 2014-07-24 09:18 - 00795136 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe

2014-09-14 10:01 - 2014-07-24 09:16 - 00505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\VAN.dll

2014-09-14 10:01 - 2014-07-24 09:16 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll

2014-09-14 10:01 - 2014-07-24 09:15 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll

2014-09-14 10:01 - 2014-07-24 09:10 - 01029632 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll

2014-09-14 10:01 - 2014-07-24 09:10 - 00889344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll

2014-09-14 10:01 - 2014-07-24 09:10 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll

2014-09-14 10:01 - 2014-07-24 09:10 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv

2014-09-14 10:01 - 2014-07-24 09:02 - 03465216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll

2014-09-14 10:01 - 2014-07-24 09:01 - 05833216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll

2014-09-14 10:01 - 2014-07-24 09:01 - 01992192 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll

2014-09-14 10:01 - 2014-07-24 08:50 - 01182208 _____ (Microsoft Corporation) C:\WINDOWS\system32\printui.dll

2014-09-14 10:01 - 2014-07-24 08:47 - 00576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll

2014-09-14 10:01 - 2014-07-24 08:46 - 08652800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll

2014-09-14 10:01 - 2014-07-24 08:44 - 01057792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\printui.dll

2014-09-14 10:01 - 2014-07-24 08:43 - 02696704 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll

2014-09-14 10:01 - 2014-07-24 08:39 - 02642944 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll

2014-09-14 10:01 - 2014-07-24 08:38 - 06649344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll

2014-09-14 10:01 - 2014-07-24 08:38 - 05777408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll

2014-09-14 10:01 - 2014-07-24 08:33 - 03360768 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll

2014-09-14 10:01 - 2014-07-24 08:30 - 02318336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll

2014-09-14 10:01 - 2014-07-24 08:28 - 01600000 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll

2014-09-14 10:01 - 2014-07-24 05:11 - 00513544 _____ () C:\WINDOWS\SysWOW64\locale.nls

2014-09-14 10:01 - 2014-07-24 05:11 - 00513544 _____ () C:\WINDOWS\system32\locale.nls

2014-09-14 10:01 - 2014-07-12 06:55 - 00268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll

2014-09-14 10:01 - 2014-07-12 05:58 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll

2014-09-14 10:01 - 2014-07-12 05:13 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll

2014-09-14 10:01 - 2014-07-04 11:29 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSip.dll

2014-09-14 10:01 - 2014-07-04 10:30 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll

2014-09-14 10:01 - 2014-07-04 10:27 - 00474112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll

2014-09-14 10:01 - 2014-06-27 07:22 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys

2014-09-14 10:01 - 2014-06-26 01:32 - 01029632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll

2014-09-14 10:01 - 2014-06-19 03:13 - 00310080 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys

2014-09-14 10:01 - 2014-06-14 07:03 - 02389504 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll

2014-09-14 10:01 - 2014-06-14 06:46 - 02071552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll

2014-09-14 10:01 - 2014-06-05 11:18 - 01018368 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll

2014-09-14 10:01 - 2014-06-05 10:42 - 00889856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll

2014-09-14 10:01 - 2014-05-31 06:00 - 01463808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll

2014-09-14 10:01 - 2014-05-29 07:23 - 00427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll

2014-09-14 10:01 - 2014-05-29 06:25 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll

2014-09-14 10:01 - 2014-05-06 05:41 - 00486744 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll

2014-09-14 10:01 - 2014-05-06 01:55 - 00391000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll

2014-09-14 10:01 - 2014-03-25 03:27 - 00160600 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmmbase.dll

2014-09-14 10:01 - 2014-03-25 02:20 - 00127544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmmbase.dll

2014-09-14 10:00 - 2014-07-24 16:28 - 00280384 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys

2014-09-14 10:00 - 2014-07-24 16:25 - 00054752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

2014-09-14 10:00 - 2014-07-24 16:23 - 00125472 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll

2014-09-14 10:00 - 2014-07-24 16:20 - 00263400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe

2014-09-14 10:00 - 2014-07-24 16:03 - 00233888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll

2014-09-14 10:00 - 2014-07-24 14:50 - 00098048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll

2014-09-14 10:00 - 2014-07-24 14:48 - 00180208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVol.exe

2014-09-14 10:00 - 2014-07-24 12:51 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRUM.DLL

2014-09-14 10:00 - 2014-07-24 12:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDYAK.DLL

2014-09-14 10:00 - 2014-07-24 12:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTT102.DLL

2014-09-14 10:00 - 2014-07-24 12:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTAT.DLL

2014-09-14 10:00 - 2014-07-24 12:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRU1.DLL

2014-09-14 10:00 - 2014-07-24 12:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDBASH.DLL

2014-09-14 10:00 - 2014-07-24 12:51 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRU.DLL

2014-09-14 10:00 - 2014-07-24 12:47 - 00132608 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll

2014-09-14 10:00 - 2014-07-24 12:46 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\IPMIDrv.sys

2014-09-14 10:00 - 2014-07-24 12:45 - 00076800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys

2014-09-14 10:00 - 2014-07-24 12:42 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\NdisImPlatform.sys

2014-09-14 10:00 - 2014-07-24 12:41 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys

2014-09-14 10:00 - 2014-07-24 12:33 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll

2014-09-14 10:00 - 2014-07-24 12:33 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll

2014-09-14 10:00 - 2014-07-24 12:22 - 00308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll

2014-09-14 10:00 - 2014-07-24 12:06 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasnap.dll

2014-09-14 10:00 - 2014-07-24 11:52 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDYAK.DLL

2014-09-14 10:00 - 2014-07-24 11:52 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDTT102.DLL

2014-09-14 10:00 - 2014-07-24 11:52 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDTAT.DLL

2014-09-14 10:00 - 2014-07-24 11:51 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRUM.DLL

2014-09-14 10:00 - 2014-07-24 11:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRU1.DLL

2014-09-14 10:00 - 2014-07-24 11:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDBASH.DLL

2014-09-14 10:00 - 2014-07-24 11:51 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRU.DLL

2014-09-14 10:00 - 2014-07-24 11:33 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll

2014-09-14 10:00 - 2014-07-24 11:32 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\powercfg.cpl

2014-09-14 10:00 - 2014-07-24 11:18 - 01089024 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpedit.dll

2014-09-14 10:00 - 2014-07-24 11:12 - 00878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll

2014-09-14 10:00 - 2014-07-24 11:10 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasnap.dll

2014-09-14 10:00 - 2014-07-24 11:05 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll

2014-09-14 10:00 - 2014-07-24 10:53 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll

2014-09-14 10:00 - 2014-07-24 10:42 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\powercfg.cpl

2014-09-14 10:00 - 2014-07-24 10:40 - 00557056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintDialogs.dll

2014-09-14 10:00 - 2014-07-24 10:32 - 01048064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpedit.dll

2014-09-14 10:00 - 2014-07-24 10:27 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll

2014-09-14 10:00 - 2014-07-24 10:27 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe

2014-09-14 10:00 - 2014-07-24 10:25 - 00832512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenter.dll

2014-09-14 10:00 - 2014-07-24 10:21 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll

2014-09-14 10:00 - 2014-07-24 10:18 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll

2014-09-14 10:00 - 2014-07-24 10:14 - 00443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll

2014-09-14 10:00 - 2014-07-24 10:13 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prnntfy.dll

2014-09-14 10:00 - 2014-07-24 10:11 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll

2014-09-14 10:00 - 2014-07-24 10:09 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll

2014-09-14 10:00 - 2014-07-24 10:04 - 00492032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintDialogs.dll

2014-09-14 10:00 - 2014-07-24 10:04 - 00183808 _____ (Microsoft Corp.) C:\WINDOWS\system32\Defrag.exe

2014-09-14 10:00 - 2014-07-24 09:58 - 00105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll

2014-09-14 10:00 - 2014-07-24 09:49 - 01361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll

2014-09-14 10:00 - 2014-07-24 09:49 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll

2014-09-14 10:00 - 2014-07-24 09:49 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll

2014-09-14 10:00 - 2014-07-24 09:48 - 00659968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll

2014-09-14 10:00 - 2014-07-24 09:47 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll

2014-09-14 10:00 - 2014-07-24 09:43 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll

2014-09-14 10:00 - 2014-07-24 09:36 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll

2014-09-14 10:00 - 2014-07-24 09:30 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll

2014-09-14 10:00 - 2014-07-24 09:28 - 00595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll

2014-09-14 10:00 - 2014-07-24 09:24 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll

2014-09-14 10:00 - 2014-07-24 09:20 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll

2014-09-14 10:00 - 2014-07-24 09:18 - 01144320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll

2014-09-14 10:00 - 2014-07-24 09:18 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll

2014-09-14 10:00 - 2014-07-24 09:15 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll

2014-09-14 10:00 - 2014-07-24 09:15 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll

2014-09-14 10:00 - 2014-07-24 09:13 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll

2014-09-14 10:00 - 2014-07-24 09:12 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll

2014-09-14 10:00 - 2014-07-24 09:08 - 00321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll

2014-09-14 10:00 - 2014-07-24 09:08 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll

2014-09-14 10:00 - 2014-07-24 09:07 - 01705472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll

2014-09-14 10:00 - 2014-07-24 09:06 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll

2014-09-14 10:00 - 2014-07-24 09:05 - 00448000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VAN.dll

2014-09-14 10:00 - 2014-07-24 09:04 - 00667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll

2014-09-14 10:00 - 2014-07-24 09:01 - 01126912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll

2014-09-14 10:00 - 2014-07-24 09:00 - 02100736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll

2014-09-14 10:00 - 2014-07-24 08:58 - 00432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll

2014-09-14 10:00 - 2014-07-24 08:58 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll

2014-09-14 10:00 - 2014-07-24 08:54 - 01290752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll

2014-09-14 10:00 - 2014-07-24 08:50 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll

2014-09-14 10:00 - 2014-07-24 08:49 - 00263680 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll

2014-09-14 10:00 - 2014-07-24 08:43 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll

2014-09-14 10:00 - 2014-07-24 08:43 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll

2014-09-14 10:00 - 2014-07-24 08:41 - 00459264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll

2014-09-14 10:00 - 2014-07-12 06:23 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll

2014-09-14 10:00 - 2014-07-12 05:33 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll

2014-09-14 10:00 - 2014-07-10 00:19 - 00387391 _____ () C:\WINDOWS\system32\ApnDatabase.xml

2014-09-14 10:00 - 2014-07-04 13:59 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys

2014-09-14 10:00 - 2014-07-04 11:20 - 01656832 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll

2014-09-14 10:00 - 2014-07-04 11:06 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxSip.dll

2014-09-14 10:00 - 2014-07-04 11:00 - 01351168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll

2014-09-14 10:00 - 2014-06-26 01:29 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll

2014-09-14 10:00 - 2014-06-20 00:37 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys

2014-09-14 10:00 - 2014-06-07 13:46 - 00216368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll

2014-09-14 10:00 - 2014-06-07 11:20 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll

2014-09-14 10:00 - 2014-06-05 15:00 - 01118040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys

2014-09-14 10:00 - 2014-05-31 05:18 - 01319936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll

2014-09-14 10:00 - 2014-05-29 06:20 - 00427520 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll

2014-09-14 10:00 - 2014-05-29 05:36 - 00344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll

2014-09-14 10:00 - 2014-05-26 08:26 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll

2014-09-14 10:00 - 2014-05-10 11:12 - 00387896 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll

2014-09-14 10:00 - 2014-05-10 09:46 - 00335680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll

2014-09-14 10:00 - 2014-03-25 03:27 - 00123920 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmm.dll

2014-09-14 10:00 - 2014-03-25 02:20 - 00128568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmm.dll

2014-09-14 09:52 - 2014-08-15 01:36 - 00146752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpioclx.sys

2014-09-10 21:53 - 2014-08-16 02:56 - 00547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll

2014-09-10 21:53 - 2014-08-16 02:54 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll

2014-09-10 21:53 - 2014-08-16 02:43 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll

2014-09-10 21:53 - 2014-08-16 02:32 - 00446464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll

2014-09-10 21:53 - 2014-08-16 02:25 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll

2014-09-10 21:53 - 2014-08-16 02:22 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll

2014-09-10 21:53 - 2014-08-16 02:20 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll

2014-09-10 21:53 - 2014-08-16 02:19 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll

2014-09-10 21:53 - 2014-08-16 02:18 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll

2014-09-10 21:53 - 2014-08-16 02:06 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll

2014-09-10 21:53 - 2014-08-16 02:05 - 00727040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll

2014-09-10 21:53 - 2014-08-16 02:05 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe

2014-09-10 21:53 - 2014-08-16 02:03 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll

2014-09-10 21:53 - 2014-08-16 01:53 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll

2014-09-10 21:53 - 2014-08-16 01:53 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll

2014-09-10 21:52 - 2014-08-16 03:40 - 23591424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2014-09-10 21:52 - 2014-08-16 03:04 - 17455104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2014-09-10 21:52 - 2014-08-16 03:00 - 05833728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll

2014-09-10 21:52 - 2014-08-16 03:00 - 02793984 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll

2014-09-10 21:52 - 2014-08-16 02:45 - 04232704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll

2014-09-10 21:52 - 2014-08-16 02:18 - 02185728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll

2014-09-10 21:52 - 2014-08-16 02:11 - 00597504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll

2014-09-10 21:52 - 2014-08-16 02:03 - 02104832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl

2014-09-10 21:52 - 2014-08-16 01:58 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll

2014-09-10 21:52 - 2014-08-16 01:56 - 02310656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll

2014-09-10 21:52 - 2014-08-16 01:53 - 13588480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2014-09-10 21:52 - 2014-08-16 01:51 - 11769856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2014-09-10 21:52 - 2014-08-16 01:45 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll

2014-09-10 21:52 - 2014-08-16 01:44 - 02014208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl

2014-09-10 21:52 - 2014-08-16 01:44 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll

2014-09-10 21:52 - 2014-08-16 01:34 - 01447424 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll

2014-09-10 21:52 - 2014-08-16 01:20 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll

2014-09-10 21:52 - 2014-08-16 01:18 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll

2014-09-10 21:52 - 2014-08-16 01:14 - 01190400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll

2014-09-10 21:52 - 2014-08-16 01:12 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll

2014-09-10 17:44 - 2014-08-02 01:18 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll

2014-09-10 17:43 - 2014-09-05 03:36 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll

2014-09-10 17:43 - 2014-09-05 03:31 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll

2014-09-10 17:43 - 2014-09-05 01:48 - 00738816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll

2014-09-10 17:43 - 2014-07-24 04:20 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll

2014-09-10 17:43 - 2014-07-24 04:20 - 00869544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll

2014-09-08 12:45 - 2014-09-08 12:45 - 00000000 ____D () C:\ProgramData\Wondershare

2014-09-08 12:38 - 2014-09-08 12:38 - 00000000 ____D () C:\Users\rthain\AppData\Local\Wondershare

2014-09-04 14:27 - 2014-09-05 15:03 - 00000000 ____D () C:\ProgramData\RRooyaliCoupon

2014-09-01 11:40 - 2014-09-02 10:15 - 00000000 ____D () C:\ProgramData\KInGiCooupon

2014-08-29 12:16 - 2014-08-29 12:16 - 01927440 _____ (Gross Mauntin) C:\Users\rthain\Downloads\adobe_flash.exe

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-09-28 14:12 - 2014-02-13 11:35 - 01890082 _____ () C:\WINDOWS\WindowsUpdate.log

2014-09-28 14:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru

2014-09-28 13:54 - 2014-08-01 12:08 - 00004978 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for HEREWARD-rthain Hereward

2014-09-28 13:52 - 2014-01-19 12:00 - 00000000 ____D () C:\Users\rthain\AppData\Roaming\Skype

2014-09-28 13:52 - 2013-11-07 12:57 - 00000908 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2014-09-28 11:37 - 2013-11-07 12:57 - 00000912 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2014-09-28 10:29 - 2013-11-05 12:21 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2069769180-886861901-593725835-1002

2014-09-28 10:25 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness

2014-09-26 20:31 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT

2014-09-26 20:30 - 2014-03-27 11:35 - 00151804 _____ () C:\WINDOWS\PFRO.log

2014-09-26 20:30 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI

2014-09-26 19:38 - 2014-04-14 10:36 - 00007263 _____ () C:\WINDOWS\setupact.log

2014-09-25 11:43 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp

2014-09-25 11:16 - 2014-08-25 11:31 - 00000000 ____D () C:\Program Files\Common Files\Apple

2014-09-25 11:15 - 2014-04-14 18:42 - 00000000 ____D () C:\ProgramData\Apple

2014-09-25 10:09 - 2014-04-05 15:15 - 00000000 ____D () C:\Program Files\Microsoft Office 15

2014-09-23 10:34 - 2014-01-27 17:45 - 00000000 ____D () C:\Users\rthain

2014-09-23 10:19 - 2013-11-05 12:12 - 00000000 ____D () C:\Users\rthain\AppData\Local\Packages

2014-09-22 07:42 - 2014-01-31 16:01 - 00278152 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe

2014-09-19 13:28 - 2014-07-21 10:37 - 00002531 _____ () C:\Users\Public\Desktop\Skype.lnk

2014-09-19 13:28 - 2014-07-21 10:37 - 00000000 ___RD () C:\Program Files (x86)\Skype

2014-09-19 13:28 - 2014-01-19 11:59 - 00000000 ____D () C:\ProgramData\Skype

2014-09-17 16:55 - 2014-01-10 03:51 - 00000000 ____D () C:\Users\rthain\Documents\HACS

2014-09-17 16:06 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache

2014-09-16 12:28 - 2013-11-14 08:28 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI

2014-09-15 16:44 - 2013-08-22 15:44 - 00371864 _____ () C:\WINDOWS\system32\FNTCACHE.DAT

2014-09-15 15:28 - 2013-11-14 08:17 - 00000000 ____D () C:\Program Files\Windows Journal

2014-09-15 15:28 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData

2014-09-15 15:28 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel

2014-09-15 15:28 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility

2014-09-15 15:28 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility

2014-09-15 15:28 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\WinStore

2014-09-15 15:28 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\setup

2014-09-15 15:28 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\InputMethod

2014-09-15 15:28 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\setup

2014-09-15 15:28 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\oobe

2014-09-15 15:26 - 2014-03-28 10:57 - 00000000 ____D () C:\Users\rthain\AppData\Local\AdFender

2014-09-10 22:25 - 2014-07-10 11:16 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel

2014-09-10 21:54 - 2014-06-13 13:28 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll

2014-09-10 21:54 - 2014-06-13 13:28 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll

2014-09-10 21:53 - 2014-06-13 13:28 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll

2014-09-10 21:53 - 2014-06-13 13:28 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe

2014-09-10 21:53 - 2014-06-13 13:28 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe

2014-09-10 21:53 - 2014-06-13 13:28 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe

2014-09-10 21:53 - 2014-06-13 13:28 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll

2014-09-10 21:53 - 2014-06-13 13:28 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll

2014-09-10 21:53 - 2014-06-13 13:28 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll

2014-09-10 21:53 - 2014-06-13 13:28 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll

2014-09-10 21:53 - 2014-06-13 13:28 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll

2014-09-10 21:53 - 2014-06-13 13:28 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll

2014-09-10 21:53 - 2014-06-12 10:27 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll

2014-09-10 21:53 - 2014-06-12 10:27 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll

2014-09-10 21:53 - 2014-05-03 09:24 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb

2014-09-10 21:53 - 2014-05-03 09:24 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb

2014-09-10 21:52 - 2013-11-18 03:59 - 00000000 ____D () C:\WINDOWS\system32\MRT

2014-09-10 21:43 - 2013-11-18 03:59 - 101694776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2014-09-08 15:41 - 2014-04-14 11:12 - 00000000 ____D () C:\PFS8.3 PE_TMP

2014-09-07 14:27 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Registration

2014-09-07 11:47 - 2013-11-07 11:01 - 00000000 ____D () C:\ldiag

2014-09-06 14:46 - 2014-01-31 12:33 - 00000000 ____D () C:\Users\rthain\Documents\My Scans

2014-09-05 14:39 - 2013-06-10 07:29 - 00000000 ____D () C:\ProgramData\Adobe

2014-09-05 14:39 - 2013-06-10 07:29 - 00000000 ____D () C:\Program Files (x86)\Adobe

2014-09-04 14:28 - 2014-04-26 10:55 - 00000000 ____D () C:\ProgramData\874cfb7b7dee04e9

2014-09-04 14:05 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\addins

2014-09-02 21:06 - 2014-08-13 22:33 - 00706016 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2014-09-02 21:06 - 2014-08-13 22:33 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

2014-08-29 12:19 - 2013-08-22 14:25 - 00000229 _____ () C:\WINDOWS\win.ini

 

Some content of TEMP:

====================

C:\Users\rthain\AppData\Local\Temp\BackupSetup.exe

C:\Users\rthain\AppData\Local\Temp\KUIU.EXE

C:\Users\rthain\AppData\Local\Temp\SettingsManagerSetup.exe

C:\Users\rthain\AppData\Local\Temp\SHSetup.exe

C:\Users\rthain\AppData\Local\Temp\vcredist_x64.exe

C:\Users\rthain\AppData\Local\Temp\_is3897.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-09-26 20:42

 

==================== End Of Log ============================

Link to post
Share on other sites

Hope this helps. I do have another problem which i posted elsewhere and was told that you may come across and be able to sort it out for me:) My real-time protection and updates keep turning off and I have to re-download in order to start them again.  Any help in that area also gratefully received.  

Link to post
Share on other sites

Hi,

please try to run Malwarebytes:

 

Scan with mbam.pngMalwarebytes Anti-Malware .

  • Please open Malwarebytes Anti-Malware.
  • Please update the database by clicking on the "Update Now" button.
  • Following the update and click "Settings" and go to "Detection and Protection"
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard, then click on Scan Now to start the scan.
    (If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt so that you can decide what you want to do. I suggest "Quarantine". Click the button: Apply All Actions.)
  • A window with an option to view the detailed log will appear. Click on "View Detailed Log".
  • After viewing the results, please click on the "Copy to Clipboard" button and then OK.
  • Return to our forum. Paste your log into your next reply.

Link to post
Share on other sites

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 29/09/2014

Scan Time: 09:45:13

Logfile: 

Administrator: Yes

 

Version: 2.00.2.1012

Malware Database: v2014.09.29.02

Rootkit Database: v2014.09.19.01

License: Premium

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

 

OS: Windows 8.1

CPU: x64

File System: NTFS

User: rthain

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 328701

Time Elapsed: 31 min, 22 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

 

(end)

Link to post
Share on other sites

Hi,

Step 1

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select "Run As Administrator"

  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[s#].txt) will open automatically.

    Copy and paste the contents of that logfile in your next reply.

Step 2

frst.pngfrstscan.png

Start FRST with administator privileges.

  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.

    Please copy and paste these logs in your next reply.

Link to post
Share on other sites

Okay here is the first one. I left Optimizer Pro 70e6ca8c checked when I did the clean. I will post the other report later. 

 

# AdwCleaner v3.310 - Report created 29/09/2014 at 18:55:58
# Updated 12/09/2014 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : rthain - HEREWARD
# Running from : C:\Users\rthain\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : 70e6ca8c
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\CaoolSalECoouppOn
Folder Deleted : C:\ProgramData\KInGiCooupon
Folder Deleted : C:\ProgramData\LuckyCoUpeonn
Folder Deleted : C:\ProgramData\RRooyaliCoupon
Folder Deleted : C:\ProgramData\SaleItCoupon
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2
Folder Deleted : C:\Program Files (x86)\AnyProtectEx
Folder Deleted : C:\Program Files (x86)\Optimizer Pro
Folder Deleted : C:\Program Files (x86)\CaoolSalECoouppOn
Folder Deleted : C:\Users\rthain\AppData\Local\Tuguu_SL
Folder Deleted : C:\Users\rthain\AppData\Roaming\Optimizer Pro
File Deleted : C:\END
File Deleted : C:\Users\rthain\AppData\Roaming\aps.scan.quick.results
File Deleted : C:\Users\rthain\AppData\Roaming\aps.scan.results
File Deleted : C:\Users\rthain\AppData\Roaming\aps.uninstall.scan.results
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : APSnotifierPP1
Task Deleted : APSnotifierPP2
Task Deleted : APSnotifierPP3
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{54739D49-AC03-4C57-9264-C5195596B3A1}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}
Key Deleted : HKCU\Software\AnyProtect
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Linkey
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\NewPlayer
Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\settin~1\systemk\syskldr.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\settin~1\systemk\x64\syskldr.dll
Data Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\linkey\ieexte~1\iedll64.dll
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17278
 
 
-\\ Google Chrome v34.0.1847.116
 
[ File : C:\Users\rthain\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfgl
Deleted [Extension] : flpcjncodpafbgdpnkljologafpionhb
 
*************************
 
AdwCleaner[R0].txt - [4695 octets] - [29/09/2014 18:38:37]
AdwCleaner[s0].txt - [4348 octets] - [29/09/2014 18:55:58]
 
########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [4408 octets] ##########
Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-09-2014 02

Ran by rthain at 2014-09-29 19:49:17

Running from C:\Users\rthain\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden

AMD Accelerated Video Transcoding (Version: 12.10.100.30424 - Advanced Micro Devices, Inc.) Hidden

AMD Catalyst Install Manager (HKLM\...\{FA5043AF-EAC4-C06E-18B0-A184923DC7CC}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)

AMD Fuel (Version: 2013.0424.1659.28626 - Advanced Micro Devices, Inc.) Hidden

AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.4.4.0 - AppEx Networks)

Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

ccc-utility64 (Version: 2013.0424.1659.28626 - Advanced Micro Devices, Inc.) Hidden

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)

Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden

HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)

HP Deskjet F4500 All-in-One Driver 14.0 Rel. 6 (HKLM\...\{0AFFEA39-60AF-4C4F-BB47-4A1F7CB12129}) (Version: 14.0 - HP)

HP Deskjet F4500 All-in-One Driver Software 14.0 Rel. 6 (HKLM\...\{FD126052-310E-4364-937B-6B5564F24578}) (Version: 14.0 - HP)

HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)

HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)

iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)

iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)

Lenovo OneKey Recovery (Version: 8.0.0.1219 - CyberLink Corp.) Hidden

Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.14.1 - ELAN Microelectronic Corp.)

Lenovo Solution Center (HKLM\...\{D60E3A84-5DDC-49ED-B9A5-E3466996EB36}) (Version: 2.3.002.00 - Lenovo Group Limited)

Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)

Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4649.1003 - Microsoft Corporation)

Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)

Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)

Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837B34E3-7C30-493C-8F6A-2B0F04E2912C}) (Version:  - )

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version:  - )

Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden

Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4649.1003 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Licensing Component (Version: 15.0.4649.1003 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4649.1003 - Microsoft Corporation) Hidden

PHOTOfunSTUDIO 8.3 PE (HKLM-x32\...\{5F07A881-4A7F-4F16-AF9E-F2202B504A91}) (Version: 8.03.713 - Panasonic Corporation)

SILKYPIX Developer Studio 3.1 SE (HKLM-x32\...\InstallShield_{0A04086B-0B71-43C3-95EF-FDFC4C18D161}) (Version: 3 - Ichikawa Soft Laboratory)

SILKYPIX Developer Studio 3.1 SE (x32 Version: 3 - Ichikawa Soft Laboratory) Hidden

Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)

Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)

Windows Driver Package - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)

Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

CustomCLSID: HKU\S-1-5-21-2069769180-886861901-593725835-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\rthain\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\FileSyncApi64.dll (Microsoft Corporation)

 

==================== Restore Points  =========================

 

08-09-2014 12:00:36 Installed iTunes

15-09-2014 13:46:05 Windows Update

17-09-2014 12:26:56 Installed iTunes

25-09-2014 10:00:15 Removed Apple Mobile Device Support

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {0273F0E5-B392-4040-897C-88E58D58A131} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask

Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList

Task: {178341D9-6A43-4921-968F-49E1A96B02D9} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics

Task: {1BA79801-C587-4B85-9826-A4360C9361A4} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-08-12] (Microsoft Corporation)

Task: {1CE7E27E-9796-4882-8549-A842589BE012} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management

Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask

Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate

Task: {3464D1DC-7077-4541-8DEA-2442E9A2C002} - System32\Tasks\IHSelfDeleteTASK => CMD

Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)

Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)

Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance

Task: {4FDD21E9-93A2-4A1F-8976-B611B1453DFD} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation

Task: {5216F248-F1B3-47F2-8FA1-8E20E9545220} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload

Task: {5E2AFB4F-65F6-4D28-A72B-6ED330E95916} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-09-10] (Microsoft Corporation)

Task: {5FFCF0E3-A441-4FAE-B542-A3DE94FB78CB} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)

Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup

Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task

Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask

Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState

Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task

Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask

Task: {8E5527C9-40FB-48DE-83C0-ECF63125ADD4} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-09-25] ()

Task: {94F53616-87EA-41A2-8AD1-B5BA3B9105A0} - System32\Tasks\IHUninstallTrackingTASK => CMD

Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work

Task: {A007B7F5-CAEF-4625-A2AA-D54C5097C300} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-07] (Google Inc.)

Task: {CAAE6675-2342-42EA-A59B-126BAD184E72} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-07] (Google Inc.)

Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask

Task: {D11A9F0F-23C4-4C34-99E8-7807BFB9EC05} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2013-09-25] (Lenovo)

Task: {D86ECD2F-5E29-4D57-A199-DEED69296294} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-09-25] (Lenovo)

Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing

Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization

Task: {E1837F55-CE24-4E70-9E7F-B1A3B15933BF} - System32\Tasks\Microsoft Office 15 Sync Maintenance for HEREWARD-rthain Hereward => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-09-25] (Microsoft Corporation)

Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE

Task: {EBC124A1-64D3-43B6-94BA-07922F30C15C} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"

Task: {F65DEEB1-7C31-409B-B4F9-8B9863F3746F} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv

Task: {F96B5C94-E2AA-4BD8-AC45-A66256D49D12} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-09-25] ()

Task: {FF96CA05-9B30-4DC5-90AB-F0B404D98A86} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2069769180-886861901-593725835-1002 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

 

==================== Loaded Modules (whitelisted) =============

 

2013-04-25 01:10 - 2013-04-25 01:10 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll

2014-04-05 15:15 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll

2014-09-25 10:07 - 2014-09-25 10:07 - 08894120 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll

2013-04-25 01:10 - 2013-04-25 01:10 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll

2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2013-06-10 07:37 - 2012-07-12 13:59 - 00891392 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtNetwork4.dll

2013-06-10 07:37 - 2012-07-12 13:59 - 02281984 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtCore4.dll

2013-06-10 07:37 - 2012-07-12 13:59 - 00016896 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\featureController.dll

2013-06-10 07:37 - 2012-07-12 13:59 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\osEvents.dll

2013-06-10 07:37 - 2012-07-12 13:59 - 00322048 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\log4cplus.dll

2013-06-10 07:37 - 2012-07-12 13:59 - 00339456 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtXml4.dll

2013-06-10 07:37 - 2012-07-12 13:59 - 00400384 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\sqlite3.dll

2013-06-10 07:37 - 2012-07-12 13:59 - 00195584 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\libgsoap.dll

2013-06-10 07:37 - 2012-07-12 13:59 - 00062464 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\zlib1.dll

2013-06-10 07:37 - 2012-07-12 13:59 - 00446976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\deviceProfile.dll

2013-06-10 07:37 - 2012-07-12 13:59 - 00019456 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\eventsSender.dll

2013-06-10 07:37 - 2012-07-12 13:59 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManagerStarter.dll

2014-09-08 12:38 - 2014-08-26 17:47 - 01491968 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll

2014-09-08 12:38 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll

2014-09-25 10:03 - 2014-09-25 10:03 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

 

========================= Accounts: ==========================

 

Administrator (S-1-5-21-2069769180-886861901-593725835-500 - Administrator - Disabled)

Guest (S-1-5-21-2069769180-886861901-593725835-501 - Limited - Disabled)

rthain (S-1-5-21-2069769180-886861901-593725835-1002 - Administrator - Enabled) => C:\Users\rthain

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (09/29/2014 07:38:13 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532

Faulting module name: ntdll.dll, version: 6.3.9600.17114, time stamp: 0x53648f36

Exception code: 0xc0000005

Fault offset: 0x00062a78

Faulting process id: 0x98

Faulting application start time: 0xmbam.exe0

Faulting application path: mbam.exe1

Faulting module path: mbam.exe2

Report Id: mbam.exe3

Faulting package full name: mbam.exe4

Faulting package-relative application ID: mbam.exe5

 

Error: (09/28/2014 10:14:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 80435922

 

Error: (09/28/2014 10:14:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 80435922

 

Error: (09/28/2014 10:14:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (09/27/2014 10:39:08 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )

Description: 80070005

 

Error: (09/27/2014 10:26:54 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Client application bug: DNSServiceResolve(38:48:4c:cc:0d:1f@fe80::3a48:4cff:fecc:d1f._apple-mobdev2._tcp.local.) active for over two minutes. This places considerable burden on the network.

 

Error: (09/27/2014 10:26:54 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Client application bug: DNSServiceResolve(38:48:4c:cc:0d:1f@fe80::3a48:4cff:fecc:d1f._apple-mobdev2._tcp.local.) active for over two minutes. This places considerable burden on the network.

 

Error: (09/27/2014 10:24:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: ERROR: handle_resolve_request bad interfaceIndex 24

 

Error: (09/27/2014 10:24:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: ERROR: handle_resolve_request bad interfaceIndex 23

 

Error: (09/27/2014 10:24:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: ERROR: handle_resolve_request bad interfaceIndex 22

 

 

System errors:

=============

Error: (09/29/2014 07:39:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The AppEx Networks Accelerator LWF service failed to start due to the following error: 

%%31

 

Error: (09/29/2014 07:39:26 PM) (Source: APXACC) (EventID: 1003) (User: )

Description: The NDIS6 LWF initialization has failed. (0xC0000001)

 

Error: (09/29/2014 06:52:32 PM) (Source: DCOM) (EventID: 10010) (User: HEREWARD)

Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

 

Error: (09/29/2014 06:52:02 PM) (Source: DCOM) (EventID: 10010) (User: HEREWARD)

Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

 

Error: (09/28/2014 02:32:16 PM) (Source: DCOM) (EventID: 10010) (User: HEREWARD)

Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

 

Error: (09/28/2014 02:32:16 PM) (Source: DCOM) (EventID: 10010) (User: HEREWARD)

Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

 

Error: (09/26/2014 08:31:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The AppEx Networks Accelerator LWF service failed to start due to the following error: 

%%31

 

Error: (09/26/2014 08:31:18 PM) (Source: APXACC) (EventID: 1003) (User: )

Description: The NDIS6 LWF initialization has failed. (0xC0000001)

 

Error: (09/26/2014 08:30:12 PM) (Source: Service Control Manager) (EventID: 7023) (User: )

Description: The Superfetch service terminated with the following error: 

%%1062

 

Error: (09/26/2014 08:29:54 PM) (Source: DCOM) (EventID: 10010) (User: HEREWARD)

Description: {D63B10C5-BB46-4990-A94F-E40B9D520160}

 

 

Microsoft Office Sessions:

=========================

Error: (09/29/2014 07:38:13 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: mbam.exe1.0.0.53253518532ntdll.dll6.3.9600.1711453648f36c000000500062a789801cfdc0b31fc0f5dC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\WINDOWS\SYSTEM32\ntdll.dllc46a33ac-4807-11e4-beb6-208984dbef6f

 

Error: (09/28/2014 10:14:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledSPRetry 80435922

 

Error: (09/28/2014 10:14:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: m->NextScheduledEvent 80435922

 

Error: (09/28/2014 10:14:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Task Scheduling Error: Continuously busy for more than a second

 

Error: (09/27/2014 10:39:08 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )

Description: 80070005

 

Error: (09/27/2014 10:26:54 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Client application bug: DNSServiceResolve(38:48:4c:cc:0d:1f@fe80::3a48:4cff:fecc:d1f._apple-mobdev2._tcp.local.) active for over two minutes. This places considerable burden on the network.

 

Error: (09/27/2014 10:26:54 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Client application bug: DNSServiceResolve(38:48:4c:cc:0d:1f@fe80::3a48:4cff:fecc:d1f._apple-mobdev2._tcp.local.) active for over two minutes. This places considerable burden on the network.

 

Error: (09/27/2014 10:24:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: ERROR: handle_resolve_request bad interfaceIndex 24

 

Error: (09/27/2014 10:24:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: ERROR: handle_resolve_request bad interfaceIndex 23

 

Error: (09/27/2014 10:24:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: ERROR: handle_resolve_request bad interfaceIndex 22

 

 

CodeIntegrity Errors:

===================================

  Date: 2014-04-01 09:47:55.573

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements.

 

  Date: 2014-04-01 09:47:55.445

  Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements.

 

 

==================== Memory info =========================== 

 

Processor: AMD A8-5550M APU with Radeon HD Graphics 

Percentage of memory in use: 39%

Total physical RAM: 3268.26 MB

Available physical RAM: 1983.53 MB

Total Pagefile: 3908.26 MB

Available Pagefile: 2131.43 MB

Total Virtual: 131072 MB

Available Virtual: 131071.84 MB

 

==================== Drives ================================

 

Drive c: (Windows8_OS) (Fixed) (Total:891.81 GB) (Free:784.89 GB) NTFS ==>[system with boot components (obtained from reading drive)]

Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:23.19 GB) NTFS

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 931.5 GB) (Disk ID: 6527829E)

 

Partition: GPT Partition Type.

 

==================== End Of Log ============================

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-09-2014 02

Ran by rthain (administrator) on HEREWARD on 29-09-2014 19:47:00

Running from C:\Users\rthain\Downloads

Loaded Profile: rthain (Available profiles: rthain)

Platform: Windows 8.1 (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal


 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe

(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe

(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe

(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe

(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe

(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe

(Panasonic Corporation) C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe

(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe

(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe

(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe

(Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe

(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe

(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Farbar) C:\Users\rthain\Downloads\FRST64 (1).exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2876816 2013-03-05] (ELAN Microelectronics Corp.)

HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2013-06-10] (Lenovo (Beijing) Limited)

HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2013-06-10] (Lenovo(beijing) Limited)

HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [552960 2013-03-01] (Vimicro)

HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642816 2013-04-25] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)

HKLM-x32\...\Run: [intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087776 2014-08-26] (Wondershare)

HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)

Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\570\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)

HKU\S-1-5-21-2069769180-886861901-593725835-1002\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-08-14] (Apple Inc.)

HKU\S-1-5-21-2069769180-886861901-593725835-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-08-08] (Apple Inc.)

HKU\S-1-5-21-2069769180-886861901-593725835-1002\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk

ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 8.3 PE.lnk

ShortcutTarget: PHOTOfunSTUDIO 8.3 PE.lnk -> C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation)

ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File

ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)

ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)

ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)

ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com

HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com

SearchScopes: HKLM - {25A72053-8D57-4117-B3BC-CBFB4BDDECF9} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS

SearchScopes: HKLM-x32 - {25A72053-8D57-4117-B3BC-CBFB4BDDECF9} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS



SearchScopes: HKCU - {25A72053-8D57-4117-B3BC-CBFB4BDDECF9} URL = 

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File

DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095} 

Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File

Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)

Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)

Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.1.254

 

FireFox:

========

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()

FF Plugin-x32: @exent.com/npExentControl,version=7.1.0.1 -> C:\Program Files (x86)\FreeRide Games\npExentControl.dll (Exent Technologies Ltd.)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)

 

Chrome: 

=======

CHR HomePage: Default -> 

CHR DefaultSearchKeyword: Default -> google.co.uk

CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}

CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll ()

CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer

CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll ()

CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll ()

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll No File

CHR Plugin: (ExentÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂî AOD Gecko Plugin) - C:\Program Files (x86)\FreeRide Games\npExentControl.dll (Exent Technologies Ltd.)

CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File

CHR Plugin: (Nitro PDF plugin for Firefox and Chrome) - C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll No File

CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)

CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File

CHR Profile: C:\Users\rthain\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Drive) - C:\Users\rthain\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-07]

CHR Extension: (YouTube) - C:\Users\rthain\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-07]

CHR Extension: (Google Search) - C:\Users\rthain\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-07]

CHR Extension: (Google Wallet) - C:\Users\rthain\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-07]

CHR Extension: (Gmail) - C:\Users\rthain\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-07]

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-04-25] (Advanced Micro Devices, Inc.) [File not signed]

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)

R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2428088 2014-08-12] (Microsoft Corporation)

R2 HPSLPSVC; C:\Users\rthain\AppData\Local\Temp\7zS194E\hpslpsvc64.dll [1039360 2013-07-19] (Hewlett-Packard Co.) [File not signed]

S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]

S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)

S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)

S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1674720 2013-09-25] ()

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)

R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]

S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)

R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]

S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)

S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)

R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)

R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

S2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [219360 2013-04-18] (AppEx Networks Corporation)

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [94208 2013-02-14] (Advanced Micro Devices)

R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)

S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)

S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)

R1 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [91352 2014-05-12] (Malwarebytes Corporation)

R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-29] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)

R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1045248 2013-03-01] (Vimicro Corporation)

R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)

S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)

R2 X5XSEx_Pr148; C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.Sys [56136 2012-08-02] (Exent Technologies Ltd.)

S3 CnxtHdAudService; \SystemRoot\system32\drivers\CHDRT64.sys [X]

S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]

S3 MREMP50; \??\C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [X]

S3 MRESP50; \??\C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [X]

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-09-29 19:46 - 2014-09-29 19:46 - 02108928 _____ (Farbar) C:\Users\rthain\Downloads\FRST64 (1).exe

2014-09-29 18:40 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll

2014-09-29 18:38 - 2014-09-29 19:07 - 00000000 ____D () C:\AdwCleaner

2014-09-29 18:37 - 2014-09-29 18:38 - 01373475 _____ () C:\Users\rthain\Downloads\AdwCleaner.exe

2014-09-28 14:24 - 2014-09-28 14:30 - 00000238 _____ () C:\Users\rthain\Downloads\Search.txt

2014-09-28 14:14 - 2014-09-28 14:15 - 00025474 _____ () C:\Users\rthain\Downloads\Addition.txt

2014-09-28 14:12 - 2014-09-29 19:47 - 00020034 _____ () C:\Users\rthain\Downloads\FRST.txt

2014-09-28 14:10 - 2014-09-29 19:47 - 00000000 ____D () C:\FRST

2014-09-28 14:10 - 2014-09-28 14:10 - 02108928 _____ (Farbar) C:\Users\rthain\Downloads\FRST64.exe

2014-09-28 14:09 - 2014-09-28 14:10 - 01100288 _____ (Farbar) C:\Users\rthain\Downloads\FRST (2).exe

2014-09-28 14:09 - 2014-09-28 14:09 - 01100288 _____ (Farbar) C:\Users\rthain\Downloads\FRST (1).exe

2014-09-28 14:06 - 2014-09-28 14:06 - 01100288 _____ (Farbar) C:\Users\rthain\Downloads\FRST.exe

2014-09-26 20:04 - 2014-09-26 20:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud

2014-09-26 19:44 - 2014-09-26 19:44 - 00001806 _____ () C:\Users\Public\Desktop\iTunes.lnk

2014-09-26 19:44 - 2014-09-26 19:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

2014-09-26 19:43 - 2014-09-26 19:43 - 00000000 ____D () C:\Program Files\iPod

2014-09-26 19:42 - 2014-09-26 19:44 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69

2014-09-26 19:42 - 2014-09-26 19:44 - 00000000 ____D () C:\Program Files\iTunes

2014-09-26 19:42 - 2014-09-26 19:44 - 00000000 ____D () C:\Program Files (x86)\iTunes

2014-09-25 11:16 - 2014-09-25 11:16 - 00002535 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk

2014-09-25 11:16 - 2014-09-25 11:16 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Apple

2014-09-25 11:16 - 2014-09-25 11:16 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update

2014-09-25 11:15 - 2014-09-25 11:15 - 00000000 ____D () C:\Program Files\Bonjour

2014-09-25 11:15 - 2014-09-25 11:15 - 00000000 ____D () C:\Program Files (x86)\Bonjour

2014-09-25 10:53 - 2014-09-25 10:53 - 17291904 _____ (Malwarebytes Corporation ) C:\Users\rthain\Downloads\mbam_premium (1).exe

2014-09-24 17:34 - 2014-09-24 17:34 - 00011264 _____ () C:\Users\rthain\Downloads\HACS 2nd September 14.wps

2014-09-19 13:28 - 2014-09-19 13:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

2014-09-15 16:49 - 2014-09-29 19:40 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2014-09-15 16:49 - 2014-09-25 10:54 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-09-15 16:49 - 2014-09-25 10:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-09-15 16:49 - 2014-09-25 10:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-09-15 16:49 - 2014-09-15 16:49 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-09-15 16:49 - 2014-05-12 08:19 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

2014-09-15 16:49 - 2014-05-12 08:19 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys

2014-09-15 16:49 - 2014-05-12 08:19 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys

2014-09-15 15:42 - 2014-09-15 15:43 - 17291904 _____ (Malwarebytes Corporation ) C:\Users\rthain\Downloads\mbam_premium.exe

2014-09-14 10:02 - 2014-08-23 08:48 - 02374784 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe

2014-09-14 10:02 - 2014-08-23 08:13 - 02084520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe

2014-09-14 10:02 - 2014-08-23 07:10 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll

2014-09-14 10:02 - 2014-08-23 06:32 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll

2014-09-14 10:02 - 2014-08-23 05:44 - 02860032 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll

2014-09-14 10:02 - 2014-08-23 05:34 - 13423104 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll

2014-09-14 10:02 - 2014-08-23 05:33 - 00796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll

2014-09-14 10:02 - 2014-08-23 05:31 - 01038336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll

2014-09-14 10:02 - 2014-08-23 05:20 - 11818496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll

2014-09-14 10:02 - 2014-07-30 02:56 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll

2014-09-14 10:02 - 2014-07-29 06:22 - 00205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcpmon.dll

2014-09-14 10:01 - 2014-07-24 16:28 - 00468288 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS

2014-09-14 10:01 - 2014-07-24 16:28 - 00419648 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys

2014-09-14 10:01 - 2014-07-24 16:28 - 00412992 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys

2014-09-14 10:01 - 2014-07-24 16:28 - 00143680 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys

2014-09-14 10:01 - 2014-07-24 16:23 - 01519488 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll

2014-09-14 10:01 - 2014-07-24 16:20 - 21266336 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll

2014-09-14 10:01 - 2014-07-24 16:20 - 00645592 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll

2014-09-14 10:01 - 2014-07-24 16:16 - 02574208 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL

2014-09-14 10:01 - 2014-07-24 16:16 - 00211216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVol.exe

2014-09-14 10:01 - 2014-07-24 16:07 - 07424320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe

2014-09-14 10:01 - 2014-07-24 16:07 - 02009920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys

2014-09-14 10:01 - 2014-07-24 16:05 - 01660048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi

2014-09-14 10:01 - 2014-07-24 16:05 - 01519560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe

2014-09-14 10:01 - 2014-07-24 16:05 - 01488008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi

2014-09-14 10:01 - 2014-07-24 16:05 - 01356840 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe

2014-09-14 10:01 - 2014-07-24 16:03 - 02141920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll

2014-09-14 10:01 - 2014-07-24 16:03 - 00882136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll

2014-09-14 10:01 - 2014-07-24 16:03 - 00818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll

2014-09-14 10:01 - 2014-07-24 16:03 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll

2014-09-14 10:01 - 2014-07-24 16:03 - 00205512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll

2014-09-14 10:01 - 2014-07-24 15:57 - 02515264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys

2014-09-14 10:01 - 2014-07-24 15:57 - 00475968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys

2014-09-14 10:01 - 2014-07-24 14:48 - 02410976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL

2014-09-14 10:01 - 2014-07-24 14:46 - 18760328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll

2014-09-14 10:01 - 2014-07-24 14:46 - 00477200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll

2014-09-14 10:01 - 2014-07-24 14:36 - 02145472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll

2014-09-14 10:01 - 2014-07-24 14:36 - 00707536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll

2014-09-14 10:01 - 2014-07-24 14:36 - 00674512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll

2014-09-14 10:01 - 2014-07-24 14:36 - 00355800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll

2014-09-14 10:01 - 2014-07-24 14:36 - 00180720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll

2014-09-14 10:01 - 2014-07-24 12:44 - 00674816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys

2014-09-14 10:01 - 2014-07-24 12:43 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys

2014-09-14 10:01 - 2014-07-24 12:42 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys

2014-09-14 10:01 - 2014-07-24 12:05 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll

2014-09-14 10:01 - 2014-07-24 12:05 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll

2014-09-14 10:01 - 2014-07-24 11:49 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersGPExt.dll

2014-09-14 10:01 - 2014-07-24 11:20 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll

2014-09-14 10:01 - 2014-07-24 11:10 - 01844224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll

2014-09-14 10:01 - 2014-07-24 11:10 - 00834560 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe

2014-09-14 10:01 - 2014-07-24 11:10 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll

2014-09-14 10:01 - 2014-07-24 11:09 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll

2014-09-14 10:01 - 2014-07-24 11:06 - 00438272 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll

2014-09-14 10:01 - 2014-07-24 10:52 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll

2014-09-14 10:01 - 2014-07-24 10:44 - 16874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll

2014-09-14 10:01 - 2014-07-24 10:39 - 00770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll

2014-09-14 10:01 - 2014-07-24 10:33 - 01741824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll

2014-09-14 10:01 - 2014-07-24 10:24 - 01817088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll

2014-09-14 10:01 - 2014-07-24 10:23 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll

2014-09-14 10:01 - 2014-07-24 10:16 - 12730880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll

2014-09-14 10:01 - 2014-07-24 10:12 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll

2014-09-14 10:01 - 2014-07-24 10:11 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\conhost.exe

2014-09-14 10:01 - 2014-07-24 10:10 - 00540672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll

2014-09-14 10:01 - 2014-07-24 10:03 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll

2014-09-14 10:01 - 2014-07-24 10:02 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll

2014-09-14 10:01 - 2014-07-24 09:53 - 01261056 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll

2014-09-14 10:01 - 2014-07-24 09:53 - 00449536 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll

2014-09-14 10:01 - 2014-07-24 09:49 - 01287680 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll

2014-09-14 10:01 - 2014-07-24 09:39 - 02397184 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll

2014-09-14 10:01 - 2014-07-24 09:38 - 00371200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll

2014-09-14 10:01 - 2014-07-24 09:32 - 01532416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll

2014-09-14 10:01 - 2014-07-24 09:29 - 00439296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll

2014-09-14 10:01 - 2014-07-24 09:27 - 00907776 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll

2014-09-14 10:01 - 2014-07-24 09:23 - 01404416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll

2014-09-14 10:01 - 2014-07-24 09:22 - 00487936 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv

2014-09-14 10:01 - 2014-07-24 09:21 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll

2014-09-14 10:01 - 2014-07-24 09:21 - 00302080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll

2014-09-14 10:01 - 2014-07-24 09:19 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll

2014-09-14 10:01 - 2014-07-24 09:18 - 00795136 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe

2014-09-14 10:01 - 2014-07-24 09:16 - 00505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\VAN.dll

2014-09-14 10:01 - 2014-07-24 09:16 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll

2014-09-14 10:01 - 2014-07-24 09:15 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll

2014-09-14 10:01 - 2014-07-24 09:10 - 01029632 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll

2014-09-14 10:01 - 2014-07-24 09:10 - 00889344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll

2014-09-14 10:01 - 2014-07-24 09:10 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll

2014-09-14 10:01 - 2014-07-24 09:10 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv

2014-09-14 10:01 - 2014-07-24 09:02 - 03465216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll

2014-09-14 10:01 - 2014-07-24 09:01 - 05833216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll

2014-09-14 10:01 - 2014-07-24 09:01 - 01992192 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll

2014-09-14 10:01 - 2014-07-24 08:50 - 01182208 _____ (Microsoft Corporation) C:\WINDOWS\system32\printui.dll

2014-09-14 10:01 - 2014-07-24 08:47 - 00576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll

2014-09-14 10:01 - 2014-07-24 08:46 - 08652800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll

2014-09-14 10:01 - 2014-07-24 08:44 - 01057792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\printui.dll

2014-09-14 10:01 - 2014-07-24 08:43 - 02696704 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll

2014-09-14 10:01 - 2014-07-24 08:39 - 02642944 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll

2014-09-14 10:01 - 2014-07-24 08:38 - 06649344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll

2014-09-14 10:01 - 2014-07-24 08:38 - 05777408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll

2014-09-14 10:01 - 2014-07-24 08:33 - 03360768 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll

2014-09-14 10:01 - 2014-07-24 08:30 - 02318336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll

2014-09-14 10:01 - 2014-07-24 08:28 - 01600000 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll

2014-09-14 10:01 - 2014-07-24 05:11 - 00513544 _____ () C:\WINDOWS\SysWOW64\locale.nls

2014-09-14 10:01 - 2014-07-24 05:11 - 00513544 _____ () C:\WINDOWS\system32\locale.nls

2014-09-14 10:01 - 2014-07-12 06:55 - 00268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll

2014-09-14 10:01 - 2014-07-12 05:58 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll

2014-09-14 10:01 - 2014-07-12 05:13 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll

2014-09-14 10:01 - 2014-07-04 11:29 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSip.dll

2014-09-14 10:01 - 2014-07-04 10:30 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll

2014-09-14 10:01 - 2014-07-04 10:27 - 00474112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll

2014-09-14 10:01 - 2014-06-27 07:22 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys

2014-09-14 10:01 - 2014-06-26 01:32 - 01029632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll

2014-09-14 10:01 - 2014-06-19 03:13 - 00310080 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys

2014-09-14 10:01 - 2014-06-14 07:03 - 02389504 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll

2014-09-14 10:01 - 2014-06-14 06:46 - 02071552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll

2014-09-14 10:01 - 2014-06-05 11:18 - 01018368 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll

2014-09-14 10:01 - 2014-06-05 10:42 - 00889856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll

2014-09-14 10:01 - 2014-05-31 06:00 - 01463808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll

2014-09-14 10:01 - 2014-05-29 07:23 - 00427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll

2014-09-14 10:01 - 2014-05-29 06:25 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll

2014-09-14 10:01 - 2014-05-06 05:41 - 00486744 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll

2014-09-14 10:01 - 2014-05-06 01:55 - 00391000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll

2014-09-14 10:01 - 2014-03-25 03:27 - 00160600 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmmbase.dll

2014-09-14 10:01 - 2014-03-25 02:20 - 00127544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmmbase.dll

2014-09-14 10:00 - 2014-07-24 16:28 - 00280384 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys

2014-09-14 10:00 - 2014-07-24 16:25 - 00054752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

2014-09-14 10:00 - 2014-07-24 16:23 - 00125472 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll

2014-09-14 10:00 - 2014-07-24 16:20 - 00263400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe

2014-09-14 10:00 - 2014-07-24 16:03 - 00233888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll

2014-09-14 10:00 - 2014-07-24 14:50 - 00098048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll

2014-09-14 10:00 - 2014-07-24 14:48 - 00180208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVol.exe

2014-09-14 10:00 - 2014-07-24 12:51 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRUM.DLL

2014-09-14 10:00 - 2014-07-24 12:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDYAK.DLL

2014-09-14 10:00 - 2014-07-24 12:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTT102.DLL

2014-09-14 10:00 - 2014-07-24 12:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTAT.DLL

2014-09-14 10:00 - 2014-07-24 12:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRU1.DLL

2014-09-14 10:00 - 2014-07-24 12:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDBASH.DLL

2014-09-14 10:00 - 2014-07-24 12:51 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRU.DLL

2014-09-14 10:00 - 2014-07-24 12:47 - 00132608 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll

2014-09-14 10:00 - 2014-07-24 12:46 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\IPMIDrv.sys

2014-09-14 10:00 - 2014-07-24 12:45 - 00076800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys

2014-09-14 10:00 - 2014-07-24 12:42 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\NdisImPlatform.sys

2014-09-14 10:00 - 2014-07-24 12:41 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys

2014-09-14 10:00 - 2014-07-24 12:33 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll

2014-09-14 10:00 - 2014-07-24 12:33 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll

2014-09-14 10:00 - 2014-07-24 12:22 - 00308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll

2014-09-14 10:00 - 2014-07-24 12:06 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasnap.dll

2014-09-14 10:00 - 2014-07-24 11:52 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDYAK.DLL

2014-09-14 10:00 - 2014-07-24 11:52 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDTT102.DLL

2014-09-14 10:00 - 2014-07-24 11:52 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDTAT.DLL

2014-09-14 10:00 - 2014-07-24 11:51 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRUM.DLL

2014-09-14 10:00 - 2014-07-24 11:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRU1.DLL

2014-09-14 10:00 - 2014-07-24 11:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDBASH.DLL

2014-09-14 10:00 - 2014-07-24 11:51 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRU.DLL

2014-09-14 10:00 - 2014-07-24 11:33 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll

2014-09-14 10:00 - 2014-07-24 11:32 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\powercfg.cpl

2014-09-14 10:00 - 2014-07-24 11:18 - 01089024 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpedit.dll

2014-09-14 10:00 - 2014-07-24 11:12 - 00878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll

2014-09-14 10:00 - 2014-07-24 11:10 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasnap.dll

2014-09-14 10:00 - 2014-07-24 11:05 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll

2014-09-14 10:00 - 2014-07-24 10:53 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll

2014-09-14 10:00 - 2014-07-24 10:42 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\powercfg.cpl

2014-09-14 10:00 - 2014-07-24 10:40 - 00557056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintDialogs.dll

2014-09-14 10:00 - 2014-07-24 10:32 - 01048064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpedit.dll

2014-09-14 10:00 - 2014-07-24 10:27 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll

2014-09-14 10:00 - 2014-07-24 10:27 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe

2014-09-14 10:00 - 2014-07-24 10:25 - 00832512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenter.dll

2014-09-14 10:00 - 2014-07-24 10:21 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll

2014-09-14 10:00 - 2014-07-24 10:18 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll

2014-09-14 10:00 - 2014-07-24 10:14 - 00443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll

2014-09-14 10:00 - 2014-07-24 10:13 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prnntfy.dll

2014-09-14 10:00 - 2014-07-24 10:11 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll

2014-09-14 10:00 - 2014-07-24 10:09 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll

2014-09-14 10:00 - 2014-07-24 10:04 - 00492032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintDialogs.dll

2014-09-14 10:00 - 2014-07-24 10:04 - 00183808 _____ (Microsoft Corp.) C:\WINDOWS\system32\Defrag.exe

2014-09-14 10:00 - 2014-07-24 09:58 - 00105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll

2014-09-14 10:00 - 2014-07-24 09:49 - 01361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll

2014-09-14 10:00 - 2014-07-24 09:49 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll

2014-09-14 10:00 - 2014-07-24 09:49 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll

2014-09-14 10:00 - 2014-07-24 09:48 - 00659968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll

2014-09-14 10:00 - 2014-07-24 09:47 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll

2014-09-14 10:00 - 2014-07-24 09:43 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll

2014-09-14 10:00 - 2014-07-24 09:36 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll

2014-09-14 10:00 - 2014-07-24 09:30 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll

2014-09-14 10:00 - 2014-07-24 09:28 - 00595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll

2014-09-14 10:00 - 2014-07-24 09:24 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll

2014-09-14 10:00 - 2014-07-24 09:20 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll

2014-09-14 10:00 - 2014-07-24 09:18 - 01144320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll

2014-09-14 10:00 - 2014-07-24 09:18 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll

2014-09-14 10:00 - 2014-07-24 09:15 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll

2014-09-14 10:00 - 2014-07-24 09:15 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll

2014-09-14 10:00 - 2014-07-24 09:13 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll

2014-09-14 10:00 - 2014-07-24 09:12 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll

2014-09-14 10:00 - 2014-07-24 09:08 - 00321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll

2014-09-14 10:00 - 2014-07-24 09:08 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll

2014-09-14 10:00 - 2014-07-24 09:07 - 01705472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll

2014-09-14 10:00 - 2014-07-24 09:06 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll

2014-09-14 10:00 - 2014-07-24 09:05 - 00448000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VAN.dll

2014-09-14 10:00 - 2014-07-24 09:04 - 00667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll

2014-09-14 10:00 - 2014-07-24 09:01 - 01126912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll

2014-09-14 10:00 - 2014-07-24 09:00 - 02100736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll

2014-09-14 10:00 - 2014-07-24 08:58 - 00432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll

2014-09-14 10:00 - 2014-07-24 08:58 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll

2014-09-14 10:00 - 2014-07-24 08:54 - 01290752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll

2014-09-14 10:00 - 2014-07-24 08:50 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll

2014-09-14 10:00 - 2014-07-24 08:49 - 00263680 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll

2014-09-14 10:00 - 2014-07-24 08:43 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll

2014-09-14 10:00 - 2014-07-24 08:43 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll

2014-09-14 10:00 - 2014-07-24 08:41 - 00459264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll

2014-09-14 10:00 - 2014-07-12 06:23 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll

2014-09-14 10:00 - 2014-07-12 05:33 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll

2014-09-14 10:00 - 2014-07-10 00:19 - 00387391 _____ () C:\WINDOWS\system32\ApnDatabase.xml

2014-09-14 10:00 - 2014-07-04 13:59 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys

2014-09-14 10:00 - 2014-07-04 11:20 - 01656832 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll

2014-09-14 10:00 - 2014-07-04 11:06 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxSip.dll

2014-09-14 10:00 - 2014-07-04 11:00 - 01351168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll

2014-09-14 10:00 - 2014-06-26 01:29 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll

2014-09-14 10:00 - 2014-06-20 00:37 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys

2014-09-14 10:00 - 2014-06-07 13:46 - 00216368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll

2014-09-14 10:00 - 2014-06-07 11:20 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll

2014-09-14 10:00 - 2014-06-05 15:00 - 01118040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys

2014-09-14 10:00 - 2014-05-31 05:18 - 01319936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll

2014-09-14 10:00 - 2014-05-29 06:20 - 00427520 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll

2014-09-14 10:00 - 2014-05-29 05:36 - 00344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll

2014-09-14 10:00 - 2014-05-26 08:26 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll

2014-09-14 10:00 - 2014-05-10 11:12 - 00387896 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll

2014-09-14 10:00 - 2014-05-10 09:46 - 00335680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll

2014-09-14 10:00 - 2014-03-25 03:27 - 00123920 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmm.dll

2014-09-14 10:00 - 2014-03-25 02:20 - 00128568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmm.dll

2014-09-14 09:52 - 2014-08-15 01:36 - 00146752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpioclx.sys

2014-09-10 21:53 - 2014-08-16 02:56 - 00547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll

2014-09-10 21:53 - 2014-08-16 02:54 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll

2014-09-10 21:53 - 2014-08-16 02:43 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll

2014-09-10 21:53 - 2014-08-16 02:32 - 00446464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll

2014-09-10 21:53 - 2014-08-16 02:25 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll

2014-09-10 21:53 - 2014-08-16 02:22 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll

2014-09-10 21:53 - 2014-08-16 02:20 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll

2014-09-10 21:53 - 2014-08-16 02:19 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll

2014-09-10 21:53 - 2014-08-16 02:18 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll

2014-09-10 21:53 - 2014-08-16 02:06 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll

2014-09-10 21:53 - 2014-08-16 02:05 - 00727040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll

2014-09-10 21:53 - 2014-08-16 02:05 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe

2014-09-10 21:53 - 2014-08-16 02:03 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll

2014-09-10 21:53 - 2014-08-16 01:53 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll

2014-09-10 21:53 - 2014-08-16 01:53 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll

2014-09-10 21:52 - 2014-08-16 03:40 - 23591424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2014-09-10 21:52 - 2014-08-16 03:04 - 17455104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2014-09-10 21:52 - 2014-08-16 03:00 - 05833728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll

2014-09-10 21:52 - 2014-08-16 03:00 - 02793984 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll

2014-09-10 21:52 - 2014-08-16 02:45 - 04232704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll

2014-09-10 21:52 - 2014-08-16 02:18 - 02185728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll

2014-09-10 21:52 - 2014-08-16 02:11 - 00597504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll

2014-09-10 21:52 - 2014-08-16 02:03 - 02104832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl

2014-09-10 21:52 - 2014-08-16 01:58 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll

2014-09-10 21:52 - 2014-08-16 01:56 - 02310656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll

2014-09-10 21:52 - 2014-08-16 01:53 - 13588480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2014-09-10 21:52 - 2014-08-16 01:51 - 11769856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2014-09-10 21:52 - 2014-08-16 01:45 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll

2014-09-10 21:52 - 2014-08-16 01:44 - 02014208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl

2014-09-10 21:52 - 2014-08-16 01:44 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll

2014-09-10 21:52 - 2014-08-16 01:34 - 01447424 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll

2014-09-10 21:52 - 2014-08-16 01:20 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll

2014-09-10 21:52 - 2014-08-16 01:18 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll

2014-09-10 21:52 - 2014-08-16 01:14 - 01190400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll

2014-09-10 21:52 - 2014-08-16 01:12 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll

2014-09-10 17:44 - 2014-08-02 01:18 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll

2014-09-10 17:43 - 2014-09-05 03:36 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll

2014-09-10 17:43 - 2014-09-05 03:31 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll

2014-09-10 17:43 - 2014-09-05 01:48 - 00738816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll

2014-09-10 17:43 - 2014-07-24 04:20 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll

2014-09-10 17:43 - 2014-07-24 04:20 - 00869544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll

2014-09-08 12:45 - 2014-09-08 12:45 - 00000000 ____D () C:\ProgramData\Wondershare

2014-09-08 12:38 - 2014-09-08 12:38 - 00000000 ____D () C:\Users\rthain\AppData\Local\Wondershare

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-09-29 19:46 - 2013-11-05 12:21 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2069769180-886861901-593725835-1002

2014-09-29 19:42 - 2014-02-13 11:35 - 01960314 _____ () C:\WINDOWS\WindowsUpdate.log

2014-09-29 19:42 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness

2014-09-29 19:41 - 2014-08-01 12:08 - 00004978 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for HEREWARD-rthain Hereward

2014-09-29 19:40 - 2014-01-19 12:00 - 00000000 ____D () C:\Users\rthain\AppData\Roaming\Skype

2014-09-29 19:40 - 2013-11-07 12:57 - 00000908 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2014-09-29 19:39 - 2014-03-27 11:35 - 00152114 _____ () C:\WINDOWS\PFRO.log

2014-09-29 19:39 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT

2014-09-29 19:38 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI

2014-09-29 19:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru

2014-09-29 18:37 - 2013-11-07 12:57 - 00000912 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2014-09-26 19:38 - 2014-04-14 10:36 - 00007263 _____ () C:\WINDOWS\setupact.log

2014-09-25 11:43 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp

2014-09-25 11:16 - 2014-08-25 11:31 - 00000000 ____D () C:\Program Files\Common Files\Apple

2014-09-25 11:15 - 2014-04-14 18:42 - 00000000 ____D () C:\ProgramData\Apple

2014-09-25 10:09 - 2014-04-05 15:15 - 00000000 ____D () C:\Program Files\Microsoft Office 15

2014-09-23 10:34 - 2014-01-27 17:45 - 00000000 ____D () C:\Users\rthain

2014-09-23 10:19 - 2013-11-05 12:12 - 00000000 ____D () C:\Users\rthain\AppData\Local\Packages

2014-09-22 07:42 - 2014-01-31 16:01 - 00278152 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe

2014-09-19 13:28 - 2014-07-21 10:37 - 00002531 _____ () C:\Users\Public\Desktop\Skype.lnk

2014-09-19 13:28 - 2014-07-21 10:37 - 00000000 ___RD () C:\Program Files (x86)\Skype

2014-09-19 13:28 - 2014-01-19 11:59 - 00000000 ____D () C:\ProgramData\Skype

2014-09-17 16:55 - 2014-01-10 03:51 - 00000000 ____D () C:\Users\rthain\Documents\HACS

2014-09-17 16:06 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache

2014-09-16 12:28 - 2013-11-14 08:28 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI

2014-09-15 16:44 - 2013-08-22 15:44 - 00371864 _____ () C:\WINDOWS\system32\FNTCACHE.DAT

2014-09-15 15:28 - 2013-11-14 08:17 - 00000000 ____D () C:\Program Files\Windows Journal

2014-09-15 15:28 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData

2014-09-15 15:28 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel

2014-09-15 15:28 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility

2014-09-15 15:28 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility

2014-09-15 15:28 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\WinStore

2014-09-15 15:28 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\setup

2014-09-15 15:28 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\InputMethod

2014-09-15 15:28 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\setup

2014-09-15 15:28 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\oobe

2014-09-15 15:26 - 2014-03-28 10:57 - 00000000 ____D () C:\Users\rthain\AppData\Local\AdFender

2014-09-10 22:25 - 2014-07-10 11:16 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel

2014-09-10 21:54 - 2014-06-13 13:28 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll

2014-09-10 21:54 - 2014-06-13 13:28 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll

2014-09-10 21:53 - 2014-06-13 13:28 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll

2014-09-10 21:53 - 2014-06-13 13:28 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe

2014-09-10 21:53 - 2014-06-13 13:28 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe

2014-09-10 21:53 - 2014-06-13 13:28 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe

2014-09-10 21:53 - 2014-06-13 13:28 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll

2014-09-10 21:53 - 2014-06-13 13:28 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll

2014-09-10 21:53 - 2014-06-13 13:28 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll

2014-09-10 21:53 - 2014-06-13 13:28 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll

2014-09-10 21:53 - 2014-06-13 13:28 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll

2014-09-10 21:53 - 2014-06-13 13:28 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll

2014-09-10 21:53 - 2014-06-12 10:27 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll

2014-09-10 21:53 - 2014-06-12 10:27 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll

2014-09-10 21:53 - 2014-05-03 09:24 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb

2014-09-10 21:53 - 2014-05-03 09:24 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb

2014-09-10 21:52 - 2013-11-18 03:59 - 00000000 ____D () C:\WINDOWS\system32\MRT

2014-09-10 21:43 - 2013-11-18 03:59 - 101694776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2014-09-08 15:41 - 2014-04-14 11:12 - 00000000 ____D () C:\PFS8.3 PE_TMP

2014-09-07 14:27 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Registration

2014-09-07 11:47 - 2013-11-07 11:01 - 00000000 ____D () C:\ldiag

2014-09-06 14:46 - 2014-01-31 12:33 - 00000000 ____D () C:\Users\rthain\Documents\My Scans

2014-09-05 14:39 - 2013-06-10 07:29 - 00000000 ____D () C:\ProgramData\Adobe

2014-09-05 14:39 - 2013-06-10 07:29 - 00000000 ____D () C:\Program Files (x86)\Adobe

2014-09-04 14:28 - 2014-04-26 10:55 - 00000000 ____D () C:\ProgramData\874cfb7b7dee04e9

2014-09-04 14:05 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\addins

2014-09-02 21:06 - 2014-08-13 22:33 - 00706016 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2014-09-02 21:06 - 2014-08-13 22:33 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

 

Some content of TEMP:

====================

C:\Users\rthain\AppData\Local\Temp\BackupSetup.exe

C:\Users\rthain\AppData\Local\Temp\KUIU.EXE

C:\Users\rthain\AppData\Local\Temp\Quarantine.exe

C:\Users\rthain\AppData\Local\Temp\SettingsManagerSetup.exe

C:\Users\rthain\AppData\Local\Temp\SHSetup.exe

C:\Users\rthain\AppData\Local\Temp\vcredist_x64.exe

C:\Users\rthain\AppData\Local\Temp\_is3897.exe

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-09-26 20:42

 

==================== End Of Log ============================

Link to post
Share on other sites

Hi,

how is your computer running after the following fix?

Which problems or symptoms are still present?

Step 1

frst.pngfrstfix.png

Press thew7.png + R on your keyboard at the same time. Type notepad and click OK.

  • Copy the entire content of the codebox below and paste into the notepad document:

    Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No FileHKLM-x32\...\Run: [] => [X]ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No FileSearchScopes: HKCU - URL http://search.condui...rchTerms}&SSPV=SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.searc...x={searchTerms}SearchScopes: HKCU - {25A72053-8D57-4117-B3BC-CBFB4BDDECF9} URL =Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No FileHandler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No FileCHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No FileCHR Plugin: (Nitro PDF plugin for Firefox and Chrome) - C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll No FileCHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll No FileCHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTIONS3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]EmptyTemp:
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.

    (XP users click run after receipt of Windows Security Warning - Open File).

  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please post it to your reply.

After Reboot:

Step 2

frst.pngfrstscan.png

Start FRST with administator privileges.

  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.

    Please copy and paste the log in your next reply.

Link to post
Share on other sites

As you may have guessed i am now way out of my depth here. I think this is what you need but basically I am now at the point of cutting and pasting whatever seems to be appropriate. I will run the scan and then hopefully will be able to find those reports and send them.  

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-09-2014 02
Ran by rthain (administrator) on HEREWARD on 29-09-2014 19:47:00
Running from C:\Users\rthain\Downloads
Loaded Profile: rthain (Available profiles: rthain)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Panasonic Corporation) C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\rthain\Downloads\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2876816 2013-03-05] (ELAN Microelectronics Corp.)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2013-06-10] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2013-06-10] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [552960 2013-03-01] (Vimicro)
HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642816 2013-04-25] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)
HKLM-x32\...\Run: [intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087776 2014-08-26] (Wondershare)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\570\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)
HKU\S-1-5-21-2069769180-886861901-593725835-1002\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-08-14] (Apple Inc.)
HKU\S-1-5-21-2069769180-886861901-593725835-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-08-08] (Apple Inc.)
HKU\S-1-5-21-2069769180-886861901-593725835-1002\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 8.3 PE.lnk
ShortcutTarget: PHOTOfunSTUDIO 8.3 PE.lnk -> C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com
SearchScopes: HKLM - {25A72053-8D57-4117-B3BC-CBFB4BDDECF9} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM-x32 - {25A72053-8D57-4117-B3BC-CBFB4BDDECF9} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKCU - {25A72053-8D57-4117-B3BC-CBFB4BDDECF9} URL = 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095} 
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.1.254
 
FireFox:
========
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @exent.com/npExentControl,version=7.1.0.1 -> C:\Program Files (x86)\FreeRide Games\npExentControl.dll (Exent Technologies Ltd.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR DefaultSearchKeyword: Default -> google.co.uk
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll No File
CHR Plugin: (ExentÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂî AOD Gecko Plugin) - C:\Program Files (x86)\FreeRide Games\npExentControl.dll (Exent Technologies Ltd.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Nitro PDF plugin for Firefox and Chrome) - C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll No File
CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File
CHR Profile: C:\Users\rthain\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\rthain\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-07]
CHR Extension: (YouTube) - C:\Users\rthain\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-07]
CHR Extension: (Google Search) - C:\Users\rthain\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-07]
CHR Extension: (Google Wallet) - C:\Users\rthain\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-07]
CHR Extension: (Gmail) - C:\Users\rthain\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-07]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-04-25] (Advanced Micro Devices, Inc.) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2428088 2014-08-12] (Microsoft Corporation)
R2 HPSLPSVC; C:\Users\rthain\AppData\Local\Temp\7zS194E\hpslpsvc64.dll [1039360 2013-07-19] (Hewlett-Packard Co.) [File not signed]
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1674720 2013-09-25] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [219360 2013-04-18] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [94208 2013-02-14] (Advanced Micro Devices)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R1 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [91352 2014-05-12] (Malwarebytes Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-29] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1045248 2013-03-01] (Vimicro Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
R2 X5XSEx_Pr148; C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.Sys [56136 2012-08-02] (Exent Technologies Ltd.)
S3 CnxtHdAudService; \SystemRoot\system32\drivers\CHDRT64.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
S3 MREMP50; \??\C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [X]
S3 MRESP50; \??\C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-29 19:46 - 2014-09-29 19:46 - 02108928 _____ (Farbar) C:\Users\rthain\Downloads\FRST64 (1).exe
2014-09-29 18:40 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll
2014-09-29 18:38 - 2014-09-29 19:07 - 00000000 ____D () C:\AdwCleaner
2014-09-29 18:37 - 2014-09-29 18:38 - 01373475 _____ () C:\Users\rthain\Downloads\AdwCleaner.exe
2014-09-28 14:24 - 2014-09-28 14:30 - 00000238 _____ () C:\Users\rthain\Downloads\Search.txt
2014-09-28 14:14 - 2014-09-28 14:15 - 00025474 _____ () C:\Users\rthain\Downloads\Addition.txt
2014-09-28 14:12 - 2014-09-29 19:47 - 00020034 _____ () C:\Users\rthain\Downloads\FRST.txt
2014-09-28 14:10 - 2014-09-29 19:47 - 00000000 ____D () C:\FRST
2014-09-28 14:10 - 2014-09-28 14:10 - 02108928 _____ (Farbar) C:\Users\rthain\Downloads\FRST64.exe
2014-09-28 14:09 - 2014-09-28 14:10 - 01100288 _____ (Farbar) C:\Users\rthain\Downloads\FRST (2).exe
2014-09-28 14:09 - 2014-09-28 14:09 - 01100288 _____ (Farbar) C:\Users\rthain\Downloads\FRST (1).exe
2014-09-28 14:06 - 2014-09-28 14:06 - 01100288 _____ (Farbar) C:\Users\rthain\Downloads\FRST.exe
2014-09-26 20:04 - 2014-09-26 20:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2014-09-26 19:44 - 2014-09-26 19:44 - 00001806 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-26 19:44 - 2014-09-26 19:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-26 19:43 - 2014-09-26 19:43 - 00000000 ____D () C:\Program Files\iPod
2014-09-26 19:42 - 2014-09-26 19:44 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-26 19:42 - 2014-09-26 19:44 - 00000000 ____D () C:\Program Files\iTunes
2014-09-26 19:42 - 2014-09-26 19:44 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-25 11:16 - 2014-09-25 11:16 - 00002535 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-09-25 11:16 - 2014-09-25 11:16 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Apple
2014-09-25 11:16 - 2014-09-25 11:16 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-09-25 11:15 - 2014-09-25 11:15 - 00000000 ____D () C:\Program Files\Bonjour
2014-09-25 11:15 - 2014-09-25 11:15 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2014-09-25 10:53 - 2014-09-25 10:53 - 17291904 _____ (Malwarebytes Corporation ) C:\Users\rthain\Downloads\mbam_premium (1).exe
2014-09-24 17:34 - 2014-09-24 17:34 - 00011264 _____ () C:\Users\rthain\Downloads\HACS 2nd September 14.wps
2014-09-19 13:28 - 2014-09-19 13:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-09-15 16:49 - 2014-09-29 19:40 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-09-15 16:49 - 2014-09-25 10:54 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-15 16:49 - 2014-09-25 10:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-15 16:49 - 2014-09-25 10:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-15 16:49 - 2014-09-15 16:49 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-15 16:49 - 2014-05-12 08:19 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-09-15 16:49 - 2014-05-12 08:19 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-09-15 16:49 - 2014-05-12 08:19 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-09-15 15:42 - 2014-09-15 15:43 - 17291904 _____ (Malwarebytes Corporation ) C:\Users\rthain\Downloads\mbam_premium.exe
2014-09-14 10:02 - 2014-08-23 08:48 - 02374784 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2014-09-14 10:02 - 2014-08-23 08:13 - 02084520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2014-09-14 10:02 - 2014-08-23 07:10 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2014-09-14 10:02 - 2014-08-23 06:32 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2014-09-14 10:02 - 2014-08-23 05:44 - 02860032 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-09-14 10:02 - 2014-08-23 05:34 - 13423104 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-09-14 10:02 - 2014-08-23 05:33 - 00796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2014-09-14 10:02 - 2014-08-23 05:31 - 01038336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-09-14 10:02 - 2014-08-23 05:20 - 11818496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-09-14 10:02 - 2014-07-30 02:56 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll
2014-09-14 10:02 - 2014-07-29 06:22 - 00205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcpmon.dll
2014-09-14 10:01 - 2014-07-24 16:28 - 00468288 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2014-09-14 10:01 - 2014-07-24 16:28 - 00419648 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2014-09-14 10:01 - 2014-07-24 16:28 - 00412992 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2014-09-14 10:01 - 2014-07-24 16:28 - 00143680 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys
2014-09-14 10:01 - 2014-07-24 16:23 - 01519488 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2014-09-14 10:01 - 2014-07-24 16:20 - 21266336 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-09-14 10:01 - 2014-07-24 16:20 - 00645592 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2014-09-14 10:01 - 2014-07-24 16:16 - 02574208 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2014-09-14 10:01 - 2014-07-24 16:16 - 00211216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVol.exe
2014-09-14 10:01 - 2014-07-24 16:07 - 07424320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2014-09-14 10:01 - 2014-07-24 16:07 - 02009920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2014-09-14 10:01 - 2014-07-24 16:05 - 01660048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2014-09-14 10:01 - 2014-07-24 16:05 - 01519560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2014-09-14 10:01 - 2014-07-24 16:05 - 01488008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2014-09-14 10:01 - 2014-07-24 16:05 - 01356840 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2014-09-14 10:01 - 2014-07-24 16:03 - 02141920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-09-14 10:01 - 2014-07-24 16:03 - 00882136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2014-09-14 10:01 - 2014-07-24 16:03 - 00818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2014-09-14 10:01 - 2014-07-24 16:03 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2014-09-14 10:01 - 2014-07-24 16:03 - 00205512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll
2014-09-14 10:01 - 2014-07-24 15:57 - 02515264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-09-14 10:01 - 2014-07-24 15:57 - 00475968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2014-09-14 10:01 - 2014-07-24 14:48 - 02410976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
2014-09-14 10:01 - 2014-07-24 14:46 - 18760328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-09-14 10:01 - 2014-07-24 14:46 - 00477200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2014-09-14 10:01 - 2014-07-24 14:36 - 02145472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-09-14 10:01 - 2014-07-24 14:36 - 00707536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2014-09-14 10:01 - 2014-07-24 14:36 - 00674512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2014-09-14 10:01 - 2014-07-24 14:36 - 00355800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2014-09-14 10:01 - 2014-07-24 14:36 - 00180720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll
2014-09-14 10:01 - 2014-07-24 12:44 - 00674816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2014-09-14 10:01 - 2014-07-24 12:43 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2014-09-14 10:01 - 2014-07-24 12:42 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2014-09-14 10:01 - 2014-07-24 12:05 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll
2014-09-14 10:01 - 2014-07-24 12:05 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2014-09-14 10:01 - 2014-07-24 11:49 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersGPExt.dll
2014-09-14 10:01 - 2014-07-24 11:20 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2014-09-14 10:01 - 2014-07-24 11:10 - 01844224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2014-09-14 10:01 - 2014-07-24 11:10 - 00834560 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-09-14 10:01 - 2014-07-24 11:10 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2014-09-14 10:01 - 2014-07-24 11:09 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2014-09-14 10:01 - 2014-07-24 11:06 - 00438272 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2014-09-14 10:01 - 2014-07-24 10:52 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2014-09-14 10:01 - 2014-07-24 10:44 - 16874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-09-14 10:01 - 2014-07-24 10:39 - 00770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2014-09-14 10:01 - 2014-07-24 10:33 - 01741824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2014-09-14 10:01 - 2014-07-24 10:24 - 01817088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll
2014-09-14 10:01 - 2014-07-24 10:23 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2014-09-14 10:01 - 2014-07-24 10:16 - 12730880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-09-14 10:01 - 2014-07-24 10:12 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2014-09-14 10:01 - 2014-07-24 10:11 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\conhost.exe
2014-09-14 10:01 - 2014-07-24 10:10 - 00540672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2014-09-14 10:01 - 2014-07-24 10:03 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2014-09-14 10:01 - 2014-07-24 10:02 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2014-09-14 10:01 - 2014-07-24 09:53 - 01261056 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2014-09-14 10:01 - 2014-07-24 09:53 - 00449536 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
2014-09-14 10:01 - 2014-07-24 09:49 - 01287680 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2014-09-14 10:01 - 2014-07-24 09:39 - 02397184 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2014-09-14 10:01 - 2014-07-24 09:38 - 00371200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2014-09-14 10:01 - 2014-07-24 09:32 - 01532416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2014-09-14 10:01 - 2014-07-24 09:29 - 00439296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2014-09-14 10:01 - 2014-07-24 09:27 - 00907776 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2014-09-14 10:01 - 2014-07-24 09:23 - 01404416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2014-09-14 10:01 - 2014-07-24 09:22 - 00487936 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2014-09-14 10:01 - 2014-07-24 09:21 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2014-09-14 10:01 - 2014-07-24 09:21 - 00302080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
2014-09-14 10:01 - 2014-07-24 09:19 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-09-14 10:01 - 2014-07-24 09:18 - 00795136 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2014-09-14 10:01 - 2014-07-24 09:16 - 00505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\VAN.dll
2014-09-14 10:01 - 2014-07-24 09:16 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2014-09-14 10:01 - 2014-07-24 09:15 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-09-14 10:01 - 2014-07-24 09:10 - 01029632 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-09-14 10:01 - 2014-07-24 09:10 - 00889344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2014-09-14 10:01 - 2014-07-24 09:10 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2014-09-14 10:01 - 2014-07-24 09:10 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2014-09-14 10:01 - 2014-07-24 09:02 - 03465216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-09-14 10:01 - 2014-07-24 09:01 - 05833216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2014-09-14 10:01 - 2014-07-24 09:01 - 01992192 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2014-09-14 10:01 - 2014-07-24 08:50 - 01182208 _____ (Microsoft Corporation) C:\WINDOWS\system32\printui.dll
2014-09-14 10:01 - 2014-07-24 08:47 - 00576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2014-09-14 10:01 - 2014-07-24 08:46 - 08652800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2014-09-14 10:01 - 2014-07-24 08:44 - 01057792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\printui.dll
2014-09-14 10:01 - 2014-07-24 08:43 - 02696704 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2014-09-14 10:01 - 2014-07-24 08:39 - 02642944 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-09-14 10:01 - 2014-07-24 08:38 - 06649344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-09-14 10:01 - 2014-07-24 08:38 - 05777408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-09-14 10:01 - 2014-07-24 08:33 - 03360768 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2014-09-14 10:01 - 2014-07-24 08:30 - 02318336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-09-14 10:01 - 2014-07-24 08:28 - 01600000 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2014-09-14 10:01 - 2014-07-24 05:11 - 00513544 _____ () C:\WINDOWS\SysWOW64\locale.nls
2014-09-14 10:01 - 2014-07-24 05:11 - 00513544 _____ () C:\WINDOWS\system32\locale.nls
2014-09-14 10:01 - 2014-07-12 06:55 - 00268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
2014-09-14 10:01 - 2014-07-12 05:58 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
2014-09-14 10:01 - 2014-07-12 05:13 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-09-14 10:01 - 2014-07-04 11:29 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSip.dll
2014-09-14 10:01 - 2014-07-04 10:30 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2014-09-14 10:01 - 2014-07-04 10:27 - 00474112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2014-09-14 10:01 - 2014-06-27 07:22 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2014-09-14 10:01 - 2014-06-26 01:32 - 01029632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2014-09-14 10:01 - 2014-06-19 03:13 - 00310080 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2014-09-14 10:01 - 2014-06-14 07:03 - 02389504 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2014-09-14 10:01 - 2014-06-14 06:46 - 02071552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2014-09-14 10:01 - 2014-06-05 11:18 - 01018368 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2014-09-14 10:01 - 2014-06-05 10:42 - 00889856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2014-09-14 10:01 - 2014-05-31 06:00 - 01463808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2014-09-14 10:01 - 2014-05-29 07:23 - 00427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2014-09-14 10:01 - 2014-05-29 06:25 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2014-09-14 10:01 - 2014-05-06 05:41 - 00486744 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll
2014-09-14 10:01 - 2014-05-06 01:55 - 00391000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll
2014-09-14 10:01 - 2014-03-25 03:27 - 00160600 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmmbase.dll
2014-09-14 10:01 - 2014-03-25 02:20 - 00127544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmmbase.dll
2014-09-14 10:00 - 2014-07-24 16:28 - 00280384 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2014-09-14 10:00 - 2014-07-24 16:25 - 00054752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-09-14 10:00 - 2014-07-24 16:23 - 00125472 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
2014-09-14 10:00 - 2014-07-24 16:20 - 00263400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2014-09-14 10:00 - 2014-07-24 16:03 - 00233888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2014-09-14 10:00 - 2014-07-24 14:50 - 00098048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2014-09-14 10:00 - 2014-07-24 14:48 - 00180208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVol.exe
2014-09-14 10:00 - 2014-07-24 12:51 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRUM.DLL
2014-09-14 10:00 - 2014-07-24 12:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDYAK.DLL
2014-09-14 10:00 - 2014-07-24 12:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTT102.DLL
2014-09-14 10:00 - 2014-07-24 12:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTAT.DLL
2014-09-14 10:00 - 2014-07-24 12:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRU1.DLL
2014-09-14 10:00 - 2014-07-24 12:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDBASH.DLL
2014-09-14 10:00 - 2014-07-24 12:51 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRU.DLL
2014-09-14 10:00 - 2014-07-24 12:47 - 00132608 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2014-09-14 10:00 - 2014-07-24 12:46 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\IPMIDrv.sys
2014-09-14 10:00 - 2014-07-24 12:45 - 00076800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2014-09-14 10:00 - 2014-07-24 12:42 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\NdisImPlatform.sys
2014-09-14 10:00 - 2014-07-24 12:41 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2014-09-14 10:00 - 2014-07-24 12:33 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-09-14 10:00 - 2014-07-24 12:33 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2014-09-14 10:00 - 2014-07-24 12:22 - 00308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
2014-09-14 10:00 - 2014-07-24 12:06 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasnap.dll
2014-09-14 10:00 - 2014-07-24 11:52 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDYAK.DLL
2014-09-14 10:00 - 2014-07-24 11:52 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDTT102.DLL
2014-09-14 10:00 - 2014-07-24 11:52 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDTAT.DLL
2014-09-14 10:00 - 2014-07-24 11:51 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRUM.DLL
2014-09-14 10:00 - 2014-07-24 11:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRU1.DLL
2014-09-14 10:00 - 2014-07-24 11:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDBASH.DLL
2014-09-14 10:00 - 2014-07-24 11:51 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRU.DLL
2014-09-14 10:00 - 2014-07-24 11:33 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2014-09-14 10:00 - 2014-07-24 11:32 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\powercfg.cpl
2014-09-14 10:00 - 2014-07-24 11:18 - 01089024 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpedit.dll
2014-09-14 10:00 - 2014-07-24 11:12 - 00878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll
2014-09-14 10:00 - 2014-07-24 11:10 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasnap.dll
2014-09-14 10:00 - 2014-07-24 11:05 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2014-09-14 10:00 - 2014-07-24 10:53 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll
2014-09-14 10:00 - 2014-07-24 10:42 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\powercfg.cpl
2014-09-14 10:00 - 2014-07-24 10:40 - 00557056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintDialogs.dll
2014-09-14 10:00 - 2014-07-24 10:32 - 01048064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpedit.dll
2014-09-14 10:00 - 2014-07-24 10:27 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2014-09-14 10:00 - 2014-07-24 10:27 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2014-09-14 10:00 - 2014-07-24 10:25 - 00832512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenter.dll
2014-09-14 10:00 - 2014-07-24 10:21 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2014-09-14 10:00 - 2014-07-24 10:18 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2014-09-14 10:00 - 2014-07-24 10:14 - 00443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2014-09-14 10:00 - 2014-07-24 10:13 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prnntfy.dll
2014-09-14 10:00 - 2014-07-24 10:11 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2014-09-14 10:00 - 2014-07-24 10:09 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2014-09-14 10:00 - 2014-07-24 10:04 - 00492032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintDialogs.dll
2014-09-14 10:00 - 2014-07-24 10:04 - 00183808 _____ (Microsoft Corp.) C:\WINDOWS\system32\Defrag.exe
2014-09-14 10:00 - 2014-07-24 09:58 - 00105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2014-09-14 10:00 - 2014-07-24 09:49 - 01361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2014-09-14 10:00 - 2014-07-24 09:49 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2014-09-14 10:00 - 2014-07-24 09:49 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2014-09-14 10:00 - 2014-07-24 09:48 - 00659968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2014-09-14 10:00 - 2014-07-24 09:47 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2014-09-14 10:00 - 2014-07-24 09:43 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2014-09-14 10:00 - 2014-07-24 09:36 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2014-09-14 10:00 - 2014-07-24 09:30 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2014-09-14 10:00 - 2014-07-24 09:28 - 00595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2014-09-14 10:00 - 2014-07-24 09:24 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-14 10:00 - 2014-07-24 09:20 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll
2014-09-14 10:00 - 2014-07-24 09:18 - 01144320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2014-09-14 10:00 - 2014-07-24 09:18 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-09-14 10:00 - 2014-07-24 09:15 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2014-09-14 10:00 - 2014-07-24 09:15 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2014-09-14 10:00 - 2014-07-24 09:13 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2014-09-14 10:00 - 2014-07-24 09:12 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-14 10:00 - 2014-07-24 09:08 - 00321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2014-09-14 10:00 - 2014-07-24 09:08 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll
2014-09-14 10:00 - 2014-07-24 09:07 - 01705472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-09-14 10:00 - 2014-07-24 09:06 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-09-14 10:00 - 2014-07-24 09:05 - 00448000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VAN.dll
2014-09-14 10:00 - 2014-07-24 09:04 - 00667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-09-14 10:00 - 2014-07-24 09:01 - 01126912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2014-09-14 10:00 - 2014-07-24 09:00 - 02100736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
2014-09-14 10:00 - 2014-07-24 08:58 - 00432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2014-09-14 10:00 - 2014-07-24 08:58 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2014-09-14 10:00 - 2014-07-24 08:54 - 01290752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2014-09-14 10:00 - 2014-07-24 08:50 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-09-14 10:00 - 2014-07-24 08:49 - 00263680 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll
2014-09-14 10:00 - 2014-07-24 08:43 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-09-14 10:00 - 2014-07-24 08:43 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll
2014-09-14 10:00 - 2014-07-24 08:41 - 00459264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2014-09-14 10:00 - 2014-07-12 06:23 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2014-09-14 10:00 - 2014-07-12 05:33 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2014-09-14 10:00 - 2014-07-10 00:19 - 00387391 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-09-14 10:00 - 2014-07-04 13:59 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2014-09-14 10:00 - 2014-07-04 11:20 - 01656832 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2014-09-14 10:00 - 2014-07-04 11:06 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxSip.dll
2014-09-14 10:00 - 2014-07-04 11:00 - 01351168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2014-09-14 10:00 - 2014-06-26 01:29 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2014-09-14 10:00 - 2014-06-20 00:37 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2014-09-14 10:00 - 2014-06-07 13:46 - 00216368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2014-09-14 10:00 - 2014-06-07 11:20 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2014-09-14 10:00 - 2014-06-05 15:00 - 01118040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2014-09-14 10:00 - 2014-05-31 05:18 - 01319936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2014-09-14 10:00 - 2014-05-29 06:20 - 00427520 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2014-09-14 10:00 - 2014-05-29 05:36 - 00344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2014-09-14 10:00 - 2014-05-26 08:26 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2014-09-14 10:00 - 2014-05-10 11:12 - 00387896 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2014-09-14 10:00 - 2014-05-10 09:46 - 00335680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2014-09-14 10:00 - 2014-03-25 03:27 - 00123920 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmm.dll
2014-09-14 10:00 - 2014-03-25 02:20 - 00128568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmm.dll
2014-09-14 09:52 - 2014-08-15 01:36 - 00146752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpioclx.sys
2014-09-10 21:53 - 2014-08-16 02:56 - 00547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-09-10 21:53 - 2014-08-16 02:54 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-09-10 21:53 - 2014-08-16 02:43 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-09-10 21:53 - 2014-08-16 02:32 - 00446464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2014-09-10 21:53 - 2014-08-16 02:25 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-09-10 21:53 - 2014-08-16 02:22 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-09-10 21:53 - 2014-08-16 02:20 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-09-10 21:53 - 2014-08-16 02:19 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-09-10 21:53 - 2014-08-16 02:18 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-09-10 21:53 - 2014-08-16 02:06 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-09-10 21:53 - 2014-08-16 02:05 - 00727040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-09-10 21:53 - 2014-08-16 02:05 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-09-10 21:53 - 2014-08-16 02:03 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2014-09-10 21:53 - 2014-08-16 01:53 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-09-10 21:53 - 2014-08-16 01:53 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-09-10 21:52 - 2014-08-16 03:40 - 23591424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-09-10 21:52 - 2014-08-16 03:04 - 17455104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-09-10 21:52 - 2014-08-16 03:00 - 05833728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-09-10 21:52 - 2014-08-16 03:00 - 02793984 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-09-10 21:52 - 2014-08-16 02:45 - 04232704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-09-10 21:52 - 2014-08-16 02:18 - 02185728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-09-10 21:52 - 2014-08-16 02:11 - 00597504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-09-10 21:52 - 2014-08-16 02:03 - 02104832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-09-10 21:52 - 2014-08-16 01:58 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-10 21:52 - 2014-08-16 01:56 - 02310656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-09-10 21:52 - 2014-08-16 01:53 - 13588480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-09-10 21:52 - 2014-08-16 01:51 - 11769856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-09-10 21:52 - 2014-08-16 01:45 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-09-10 21:52 - 2014-08-16 01:44 - 02014208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-09-10 21:52 - 2014-08-16 01:44 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-09-10 21:52 - 2014-08-16 01:34 - 01447424 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-09-10 21:52 - 2014-08-16 01:20 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-09-10 21:52 - 2014-08-16 01:18 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-09-10 21:52 - 2014-08-16 01:14 - 01190400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-09-10 21:52 - 2014-08-16 01:12 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-09-10 17:44 - 2014-08-02 01:18 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2014-09-10 17:43 - 2014-09-05 03:36 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2014-09-10 17:43 - 2014-09-05 03:31 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2014-09-10 17:43 - 2014-09-05 01:48 - 00738816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2014-09-10 17:43 - 2014-07-24 04:20 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
2014-09-10 17:43 - 2014-07-24 04:20 - 00869544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
2014-09-08 12:45 - 2014-09-08 12:45 - 00000000 ____D () C:\ProgramData\Wondershare
2014-09-08 12:38 - 2014-09-08 12:38 - 00000000 ____D () C:\Users\rthain\AppData\Local\Wondershare
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-29 19:46 - 2013-11-05 12:21 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2069769180-886861901-593725835-1002
2014-09-29 19:42 - 2014-02-13 11:35 - 01960314 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-29 19:42 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-09-29 19:41 - 2014-08-01 12:08 - 00004978 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for HEREWARD-rthain Hereward
2014-09-29 19:40 - 2014-01-19 12:00 - 00000000 ____D () C:\Users\rthain\AppData\Roaming\Skype
2014-09-29 19:40 - 2013-11-07 12:57 - 00000908 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-29 19:39 - 2014-03-27 11:35 - 00152114 _____ () C:\WINDOWS\PFRO.log
2014-09-29 19:39 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-29 19:38 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-09-29 19:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-09-29 18:37 - 2013-11-07 12:57 - 00000912 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-26 19:38 - 2014-04-14 10:36 - 00007263 _____ () C:\WINDOWS\setupact.log
2014-09-25 11:43 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-09-25 11:16 - 2014-08-25 11:31 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-09-25 11:15 - 2014-04-14 18:42 - 00000000 ____D () C:\ProgramData\Apple
2014-09-25 10:09 - 2014-04-05 15:15 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-09-23 10:34 - 2014-01-27 17:45 - 00000000 ____D () C:\Users\rthain
2014-09-23 10:19 - 2013-11-05 12:12 - 00000000 ____D () C:\Users\rthain\AppData\Local\Packages
2014-09-22 07:42 - 2014-01-31 16:01 - 00278152 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-09-19 13:28 - 2014-07-21 10:37 - 00002531 _____ () C:\Users\Public\Desktop\Skype.lnk
2014-09-19 13:28 - 2014-07-21 10:37 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-09-19 13:28 - 2014-01-19 11:59 - 00000000 ____D () C:\ProgramData\Skype
2014-09-17 16:55 - 2014-01-10 03:51 - 00000000 ____D () C:\Users\rthain\Documents\HACS
2014-09-17 16:06 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-09-16 12:28 - 2013-11-14 08:28 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-09-15 16:44 - 2013-08-22 15:44 - 00371864 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-09-15 15:28 - 2013-11-14 08:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-09-15 15:28 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-09-15 15:28 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2014-09-15 15:28 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-09-15 15:28 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-09-15 15:28 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-09-15 15:28 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\setup
2014-09-15 15:28 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\InputMethod
2014-09-15 15:28 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\setup
2014-09-15 15:28 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\oobe
2014-09-15 15:26 - 2014-03-28 10:57 - 00000000 ____D () C:\Users\rthain\AppData\Local\AdFender
2014-09-10 22:25 - 2014-07-10 11:16 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2014-09-10 21:54 - 2014-06-13 13:28 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-09-10 21:54 - 2014-06-13 13:28 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-09-10 21:53 - 2014-06-13 13:28 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-09-10 21:53 - 2014-06-13 13:28 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-09-10 21:53 - 2014-06-13 13:28 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-09-10 21:53 - 2014-06-13 13:28 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-09-10 21:53 - 2014-06-13 13:28 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-09-10 21:53 - 2014-06-13 13:28 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-09-10 21:53 - 2014-06-13 13:28 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-09-10 21:53 - 2014-06-13 13:28 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-09-10 21:53 - 2014-06-13 13:28 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-09-10 21:53 - 2014-06-13 13:28 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-09-10 21:53 - 2014-06-12 10:27 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-09-10 21:53 - 2014-06-12 10:27 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-09-10 21:53 - 2014-05-03 09:24 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-09-10 21:53 - 2014-05-03 09:24 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-09-10 21:52 - 2013-11-18 03:59 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-09-10 21:43 - 2013-11-18 03:59 - 101694776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-09-08 15:41 - 2014-04-14 11:12 - 00000000 ____D () C:\PFS8.3 PE_TMP
2014-09-07 14:27 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Registration
2014-09-07 11:47 - 2013-11-07 11:01 - 00000000 ____D () C:\ldiag
2014-09-06 14:46 - 2014-01-31 12:33 - 00000000 ____D () C:\Users\rthain\Documents\My Scans
2014-09-05 14:39 - 2013-06-10 07:29 - 00000000 ____D () C:\ProgramData\Adobe
2014-09-05 14:39 - 2013-06-10 07:29 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-09-04 14:28 - 2014-04-26 10:55 - 00000000 ____D () C:\ProgramData\874cfb7b7dee04e9
2014-09-04 14:05 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\addins
2014-09-02 21:06 - 2014-08-13 22:33 - 00706016 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-09-02 21:06 - 2014-08-13 22:33 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
 
Some content of TEMP:
====================
C:\Users\rthain\AppData\Local\Temp\BackupSetup.exe
C:\Users\rthain\AppData\Local\Temp\KUIU.EXE
C:\Users\rthain\AppData\Local\Temp\Quarantine.exe
C:\Users\rthain\AppData\Local\Temp\SettingsManagerSetup.exe
C:\Users\rthain\AppData\Local\Temp\SHSetup.exe
C:\Users\rthain\AppData\Local\Temp\vcredist_x64.exe
C:\Users\rthain\AppData\Local\Temp\_is3897.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-26 20:42
Link to post
Share on other sites

Hi I simply haven't a clue where I am supposed to look for the report after the scan. Superiend still seems to be present as it appeared when i went on a link in an email which had been sent to me - although malwarebytes did come on and say it had intercepted something malicious but whether that was a coincidence or not I don't know. If you still wish to help me in despite my lack of pc skills I would be very grateful but will fully understand if you decide not to continue.  

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-09-2014

Ran by rthain at 2014-10-01 13:52:52 Run:1

Running from C:\Users\rthain\Downloads

Loaded Profiles: rthain &  (Available profiles: rthain)

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File

HKLM-x32\...\Run: [] => [X]

ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File


SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.searc...x={searchTerms}

SearchScopes: HKCU - {25A72053-8D57-4117-B3BC-CBFB4BDDECF9} URL =

Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File

Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File

CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No File

CHR Plugin: (Nitro PDF plugin for Firefox and Chrome) - C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll No File

CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll No File

CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]

EmptyTemp:

*****************

 

"HKCR\PROTOCOLS\Handler\ipp\0x00000001" => Key deleted successfully.

"HKCR\CLSID\{E1D2BF42-A96B-11D1-9C6B-0000F875AC61}" => Key not found.

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully.

"HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}" => Key not found.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL => value deleted successfully.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SuggestionsURL_JSON => value deleted successfully.

"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{25A72053-8D57-4117-B3BC-CBFB4BDDECF9}" => Key deleted successfully.

"HKCR\CLSID\{25A72053-8D57-4117-B3BC-CBFB4BDDECF9}" => Key not found.

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.

"HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => Key not found.

"HKCR\PROTOCOLS\Handler\ipp\0x00000001" => Key not found.

"HKCR\CLSID\{E1D2BF42-A96B-11D1-9C6B-0000F875AC61}" => Key not found.

c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL not found.

C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll not found.

C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll not found.

"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.

esgiguard => Service deleted successfully.

EmptyTemp: => Removed 4.3 GB temporary data.

 

 

The system needed a reboot. 

 

==== End of Fixlog ====

Link to post
Share on other sites

Hi, 

which email-client? Chrome?

 

frst.pngfrstscan.png

Start FRST with administator privileges.

  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.