marinedog Posted September 27, 2014 ID:883752 Share Posted September 27, 2014 Hi I am having problems with superiend which keeps popping up adverts when I use links. I have done the looking at my list of programs for something fishy to uninstall but cannot see anything. Anyone else come across superiend and found a way to remove it? I have looked on the internet and keep seeing suggestions that Spy hunter would remove it but I am a bit loathe to go down the route of adding something else into the mix. Link to post Share on other sites More sharing options...
deeprybka Posted September 27, 2014 ID:883935 Share Posted September 27, 2014 Hi & My name is Jürgen and I will be assisting you with your Malware related problems. Before we move on, please read the following points carefully. My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.Perform everything in the correct order. Sometimes one step requires the previous one.If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.P2P/Piracy Warning:If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now and read the policy on Piracy.Step 1 Please run a FRST scan. This will help us diagnose your problem. Please download Farbar Recovery Scan Tool and save it to your Desktop. (If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)Start FRST with administator privileges.Make sure the option Addition.txt is checked and press the Scan button.When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.Please copy and paste these logs in your next reply. Link to post Share on other sites More sharing options...
marinedog Posted September 28, 2014 Author ID:884120 Share Posted September 28, 2014 Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-09-2014Ran by rthain at 2014-09-28 14:14:25Running from C:\Users\rthain\DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) HiddenAMD Accelerated Video Transcoding (Version: 12.10.100.30424 - Advanced Micro Devices, Inc.) HiddenAMD Catalyst Install Manager (HKLM\...\{FA5043AF-EAC4-C06E-18B0-A184923DC7CC}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)AMD Fuel (Version: 2013.0424.1659.28626 - Advanced Micro Devices, Inc.) HiddenAMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.4.4.0 - AppEx Networks)Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)ccc-utility64 (Version: 2013.0424.1659.28626 - Advanced Micro Devices, Inc.) HiddenGoogle Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) HiddenHP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)HP Deskjet F4500 All-in-One Driver 14.0 Rel. 6 (HKLM\...\{0AFFEA39-60AF-4C4F-BB47-4A1F7CB12129}) (Version: 14.0 - HP)HP Deskjet F4500 All-in-One Driver Software 14.0 Rel. 6 (HKLM\...\{FD126052-310E-4364-937B-6B5564F24578}) (Version: 14.0 - HP)HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)Lenovo OneKey Recovery (Version: 8.0.0.1219 - CyberLink Corp.) HiddenLenovo pointing device (HKLM\...\Elantech) (Version: 11.4.14.1 - ELAN Microelectronic Corp.)Lenovo Solution Center (HKLM\...\{D60E3A84-5DDC-49ED-B9A5-E3466996EB36}) (Version: 2.3.002.00 - Lenovo Group Limited)Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4649.1003 - Microsoft Corporation)Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837B34E3-7C30-493C-8F6A-2B0F04E2912C}) (Version: - )Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: - )Network64 (Version: 140.0.306.000 - Hewlett-Packard) HiddenOffice 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4649.1003 - Microsoft Corporation) HiddenOffice 15 Click-to-Run Licensing Component (Version: 15.0.4649.1003 - Microsoft Corporation) HiddenOffice 15 Click-to-Run Localization Component (x32 Version: 15.0.4649.1003 - Microsoft Corporation) HiddenPHOTOfunSTUDIO 8.3 PE (HKLM-x32\...\{5F07A881-4A7F-4F16-AF9E-F2202B504A91}) (Version: 8.03.713 - Panasonic Corporation)SILKYPIX Developer Studio 3.1 SE (HKLM-x32\...\InstallShield_{0A04086B-0B71-43C3-95EF-FDFC4C18D161}) (Version: 3 - Ichikawa Soft Laboratory)SILKYPIX Developer Studio 3.1 SE (x32 Version: 3 - Ichikawa Soft Laboratory) HiddenSkype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)Windows Driver Package - Lenovo (ACPIVPC) System (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-2069769180-886861901-593725835-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\rthain\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\FileSyncApi64.dll (Microsoft Corporation) ==================== Restore Points ========================= 08-09-2014 12:00:36 Installed iTunes15-09-2014 13:46:05 Windows Update17-09-2014 12:26:56 Installed iTunes25-09-2014 10:00:15 Removed Apple Mobile Device Support ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0273F0E5-B392-4040-897C-88E58D58A131} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTaskTask: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsListTask: {178341D9-6A43-4921-968F-49E1A96B02D9} - System32\Tasks\Microsoft\Windows\DiskFootprint\DiagnosticsTask: {1BA79801-C587-4B85-9826-A4360C9361A4} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-08-12] (Microsoft Corporation)Task: {1CE7E27E-9796-4882-8549-A842589BE012} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-ManagementTask: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTaskTask: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulateTask: {3464D1DC-7077-4541-8DEA-2442E9A2C002} - System32\Tasks\IHSelfDeleteTASK => CMDTask: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalanceTask: {4FDD21E9-93A2-4A1F-8976-B611B1453DFD} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-ValidationTask: {5216F248-F1B3-47F2-8FA1-8E20E9545220} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUploadTask: {5FFCF0E3-A441-4FAE-B542-A3DE94FB78CB} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play CleanupTask: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance TaskTask: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTaskTask: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryStateTask: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance TaskTask: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTaskTask: {8E5527C9-40FB-48DE-83C0-ECF63125ADD4} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-09-25] ()Task: {94E0755B-AD5F-42A0-AC64-A17E2CF83444} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-09-10] (Microsoft Corporation)Task: {94F53616-87EA-41A2-8AD1-B5BA3B9105A0} - System32\Tasks\IHUninstallTrackingTASK => CMDTask: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance WorkTask: {A007B7F5-CAEF-4625-A2AA-D54C5097C300} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-07] (Google Inc.)Task: {A1F9865C-B78F-4B68-A3D7-97B9D8C53285} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2014-03-25] (AnyProtect by CMI) <==== ATTENTIONTask: {CAAE6675-2342-42EA-A59B-126BAD184E72} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-07] (Google Inc.)Task: {CB78DEDD-BB6C-4732-80EE-B0F5BDE3272D} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2014-03-25] (AnyProtect by CMI) <==== ATTENTIONTask: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTaskTask: {D11A9F0F-23C4-4C34-99E8-7807BFB9EC05} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2013-09-25] (Lenovo)Task: {D86ECD2F-5E29-4D57-A199-DEED69296294} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-09-25] (Lenovo)Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensingTask: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon SynchronizationTask: {E1837F55-CE24-4E70-9E7F-B1A3B15933BF} - System32\Tasks\Microsoft Office 15 Sync Maintenance for HEREWARD-rthain Hereward => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-09-25] (Microsoft Corporation)Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRETask: {EBC124A1-64D3-43B6-94BA-07922F30C15C} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"Task: {F65DEEB1-7C31-409B-B4F9-8B9863F3746F} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauservTask: {F96B5C94-E2AA-4BD8-AC45-A66256D49D12} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-09-25] ()Task: {FD3877A3-2026-4F25-BBE6-AB783650B593} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe [2014-03-25] (AnyProtect by CMI) <==== ATTENTIONTask: {FF96CA05-9B30-4DC5-90AB-F0B404D98A86} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2069769180-886861901-593725835-1002 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exeTask: C:\WINDOWS\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTIONTask: C:\WINDOWS\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTIONTask: C:\WINDOWS\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTIONTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-04-25 01:10 - 2013-04-25 01:10 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll2014-04-05 15:15 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll2014-09-25 10:07 - 2014-09-25 10:07 - 08894120 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll2013-04-25 01:10 - 2013-04-25 01:10 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll2014-03-25 14:46 - 2014-03-25 14:46 - 00186496 _____ () c:\Program Files (x86)\Optimizer Pro\OptProCrashSvc.dll2014-03-25 14:46 - 2014-03-25 14:46 - 02961368 _____ () c:\Program Files (x86)\Optimizer Pro\OptProCrash.dll2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll2013-06-10 07:37 - 2012-07-12 13:59 - 00891392 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtNetwork4.dll2013-06-10 07:37 - 2012-07-12 13:59 - 02281984 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtCore4.dll2013-06-10 07:37 - 2012-07-12 13:59 - 00016896 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\featureController.dll2013-06-10 07:37 - 2012-07-12 13:59 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\osEvents.dll2013-06-10 07:37 - 2012-07-12 13:59 - 00322048 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\log4cplus.dll2013-06-10 07:37 - 2012-07-12 13:59 - 00339456 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtXml4.dll2013-06-10 07:37 - 2012-07-12 13:59 - 00400384 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\sqlite3.dll2013-06-10 07:37 - 2012-07-12 13:59 - 00195584 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\libgsoap.dll2013-06-10 07:37 - 2012-07-12 13:59 - 00062464 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\zlib1.dll2013-06-10 07:37 - 2012-07-12 13:59 - 00446976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\deviceProfile.dll2013-06-10 07:37 - 2012-07-12 13:59 - 00019456 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\eventsSender.dll2013-06-10 07:37 - 2012-07-12 13:59 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManagerStarter.dll2014-09-08 12:38 - 2014-08-26 17:47 - 01491968 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll2014-09-08 12:38 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll2014-04-12 10:41 - 2014-04-02 02:57 - 00065352 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\chrome_elf.dll2014-04-12 10:41 - 2014-04-02 02:57 - 00674632 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libglesv2.dll2014-04-12 10:41 - 2014-04-02 02:57 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\libegl.dll2014-04-12 10:41 - 2014-04-02 02:57 - 04081480 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll2014-04-12 10:41 - 2014-04-02 02:58 - 00390472 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll2014-04-12 10:41 - 2014-04-02 02:57 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ffmpegsumo.dll2014-04-12 10:41 - 2014-04-02 02:58 - 13691720 _____ () C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-2069769180-886861901-593725835-500 - Administrator - Disabled)Guest (S-1-5-21-2069769180-886861901-593725835-501 - Limited - Disabled)rthain (S-1-5-21-2069769180-886861901-593725835-1002 - Administrator - Enabled) => C:\Users\rthain ==================== Faulty Device Manager Devices ============= Name: Deskjet F4500 seriesDescription: Deskjet F4500 seriesClass Guid: {4d36e971-e325-11ce-bfc1-08002be10318}Manufacturer: HPService: Problem: : This device is disabled. (Code 22)Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors:==================Error: (09/28/2014 10:14:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 80435922 Error: (09/28/2014 10:14:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 80435922 Error: (09/28/2014 10:14:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (09/27/2014 10:39:08 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )Description: 80070005 Error: (09/27/2014 10:26:54 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Client application bug: DNSServiceResolve(38:48:4c:cc:0d:1f@fe80::3a48:4cff:fecc:d1f._apple-mobdev2._tcp.local.) active for over two minutes. This places considerable burden on the network. Error: (09/27/2014 10:26:54 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Client application bug: DNSServiceResolve(38:48:4c:cc:0d:1f@fe80::3a48:4cff:fecc:d1f._apple-mobdev2._tcp.local.) active for over two minutes. This places considerable burden on the network. Error: (09/27/2014 10:24:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: ERROR: handle_resolve_request bad interfaceIndex 24 Error: (09/27/2014 10:24:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: ERROR: handle_resolve_request bad interfaceIndex 23 Error: (09/27/2014 10:24:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: ERROR: handle_resolve_request bad interfaceIndex 22 Error: (09/27/2014 10:24:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: ERROR: handle_resolve_request bad interfaceIndex 21 System errors:=============Error: (09/26/2014 08:31:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The AppEx Networks Accelerator LWF service failed to start due to the following error: %%31 Error: (09/26/2014 08:31:18 PM) (Source: APXACC) (EventID: 1003) (User: )Description: The NDIS6 LWF initialization has failed. (0xC0000001) Error: (09/26/2014 08:30:12 PM) (Source: Service Control Manager) (EventID: 7023) (User: )Description: The Superfetch service terminated with the following error: %%1062 Error: (09/26/2014 08:29:54 PM) (Source: DCOM) (EventID: 10010) (User: HEREWARD)Description: {D63B10C5-BB46-4990-A94F-E40B9D520160} Error: (09/26/2014 08:29:54 PM) (Source: DCOM) (EventID: 10010) (User: HEREWARD)Description: {D63B10C5-BB46-4990-A94F-E40B9D520160} Error: (09/26/2014 08:29:54 PM) (Source: DCOM) (EventID: 10010) (User: HEREWARD)Description: {D63B10C5-BB46-4990-A94F-E40B9D520160} Error: (09/26/2014 08:29:54 PM) (Source: DCOM) (EventID: 10010) (User: HEREWARD)Description: {D63B10C5-BB46-4990-A94F-E40B9D520160} Error: (09/26/2014 08:29:52 PM) (Source: DCOM) (EventID: 10010) (User: HEREWARD)Description: {D63B10C5-BB46-4990-A94F-E40B9D520160} Error: (09/26/2014 08:29:47 PM) (Source: DCOM) (EventID: 10010) (User: HEREWARD)Description: {16D99191-6280-4B33-A2F5-04805A0FC582} Error: (09/26/2014 07:06:25 PM) (Source: DCOM) (EventID: 10010) (User: HEREWARD)Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Microsoft Office Sessions:=========================Error: (09/28/2014 10:14:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 80435922 Error: (09/28/2014 10:14:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 80435922 Error: (09/28/2014 10:14:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (09/27/2014 10:39:08 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )Description: 80070005 Error: (09/27/2014 10:26:54 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Client application bug: DNSServiceResolve(38:48:4c:cc:0d:1f@fe80::3a48:4cff:fecc:d1f._apple-mobdev2._tcp.local.) active for over two minutes. This places considerable burden on the network. Error: (09/27/2014 10:26:54 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Client application bug: DNSServiceResolve(38:48:4c:cc:0d:1f@fe80::3a48:4cff:fecc:d1f._apple-mobdev2._tcp.local.) active for over two minutes. This places considerable burden on the network. Error: (09/27/2014 10:24:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: ERROR: handle_resolve_request bad interfaceIndex 24 Error: (09/27/2014 10:24:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: ERROR: handle_resolve_request bad interfaceIndex 23 Error: (09/27/2014 10:24:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: ERROR: handle_resolve_request bad interfaceIndex 22 Error: (09/27/2014 10:24:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: ERROR: handle_resolve_request bad interfaceIndex 21 CodeIntegrity Errors:=================================== Date: 2014-04-01 09:47:55.573 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements. Date: 2014-04-01 09:47:55.445 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements. ==================== Memory info =========================== Processor: AMD A8-5550M APU with Radeon HD Graphics Percentage of memory in use: 52%Total physical RAM: 3268.26 MBAvailable physical RAM: 1539.43 MBTotal Pagefile: 3908.26 MBAvailable Pagefile: 1523.79 MBTotal Virtual: 131072 MBAvailable Virtual: 131071.84 MB ==================== Drives ================================ Drive c: (Windows8_OS) (Fixed) (Total:891.81 GB) (Free:784.88 GB) NTFS ==>[system with boot components (obtained from reading drive)]Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:23.19 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 931.5 GB) (Disk ID: 6527829E) Partition: GPT Partition Type. ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
marinedog Posted September 28, 2014 Author ID:884121 Share Posted September 28, 2014 Hi I hope that what I sent was correct. I am not sure if you have both reports then please let me know where and how to locate the missing one. Link to post Share on other sites More sharing options...
deeprybka Posted September 28, 2014 ID:884122 Share Posted September 28, 2014 Hi,the FRST.txt is missing and should be here: C:\Users\rthain\Downloads Link to post Share on other sites More sharing options...
marinedog Posted September 28, 2014 Author ID:884123 Share Posted September 28, 2014 Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-09-2014Ran by rthain (administrator) on HEREWARD on 28-09-2014 14:12:26Running from C:\Users\rthain\DownloadsLoaded Profile: rthain (Available profiles: rthain)Platform: Windows 8.1 (X64) OS Language: English (United States)Internet Explorer Version 11Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Microsoft Corporation) C:\Windows\System32\dasHost.exe(Microsoft Corporation) C:\Windows\System32\rundll32.exe(AMD) C:\Windows\System32\atieclxx.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe(Panasonic Corporation) C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe(Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2876816 2013-03-05] (ELAN Microelectronics Corp.)HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2013-06-10] (Lenovo (Beijing) Limited)HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2013-06-10] (Lenovo(beijing) Limited)HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [552960 2013-03-01] (Vimicro)HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642816 2013-04-25] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)HKLM-x32\...\Run: [intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)HKLM-x32\...\Run: [] => [X]HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087776 2014-08-26] (Wondershare)HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\570\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)HKU\S-1-5-21-2069769180-886861901-593725835-1002\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-08-14] (Apple Inc.)HKU\S-1-5-21-2069769180-886861901-593725835-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-08-08] (Apple Inc.)HKU\S-1-5-21-2069769180-886861901-593725835-1002\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)AppInit_DLLs: c:\progra~2\settin~1\systemk\x64\syskldr.dll => c:\progra~2\settin~1\systemk\x64\syskldr.dll File Not FoundAppInit_DLLs: c:\progra~2\linkey\ieexte~1\iedll64.dll => c:\progra~2\linkey\ieexte~1\iedll64.dll File Not FoundAppInit_DLLs-x32: c:\progra~2\settin~1\systemk\syskldr.dll => "c:\progra~2\settin~1\systemk\syskldr.dll" File Not FoundStartup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnkShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 8.3 PE.lnkShortcutTarget: PHOTOfunSTUDIO 8.3 PE.lnk -> C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation)ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => No FileShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.comHKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.comHKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.comHKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.comSearchScopes: HKLM - {25A72053-8D57-4117-B3BC-CBFB4BDDECF9} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJSSearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&aid=130&itype=n&ver=11471&tm=301&src=ds&p={searchTerms}SearchScopes: HKLM-x32 - {25A72053-8D57-4117-B3BC-CBFB4BDDECF9} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJSSearchScopes: HKLM-x32 - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&aid=130&itype=n&ver=11471&tm=301&src=ds&p={searchTerms}SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = SearchScopes: HKCU - URL http://search.conduit.com/Results.aspx?gd=&ctid=CT3324333&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=58&CUI=&UM=5&UP=SP634F1E17-EDB0-4D45-B5DC-DBAE9EA457B5&q={searchTerms}&SSPV=SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}SearchScopes: HKCU - {25A72053-8D57-4117-B3BC-CBFB4BDDECF9} URL = SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2476} URL = http://www.default-search.net/search?sid=476&aid=130&itype=n&ver=11471&tm=301&src=ds&p={searchTerms}BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No FileDPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095} Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - No FileHandler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.1.254 FireFox:========FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @exent.com/npExentControl,version=7.1.0.1 -> C:\Program Files (x86)\FreeRide Games\npExentControl.dll (Exent Technologies Ltd.)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) Chrome: =======CHR DefaultSearchKeyword: Default -> google.co.ukCHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll ()CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll ()CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll No FileCHR Plugin: (ExentÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂî AOD Gecko Plugin) - C:\Program Files (x86)\FreeRide Games\npExentControl.dll (Exent Technologies Ltd.)CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No FileCHR Plugin: (Nitro PDF plugin for Firefox and Chrome) - C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll No FileCHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No FileCHR Profile: C:\Users\rthain\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Drive) - C:\Users\rthain\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-07]CHR Extension: (YouTube) - C:\Users\rthain\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-07]CHR Extension: (Google Search) - C:\Users\rthain\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-07]CHR Extension: (Google Wallet) - C:\Users\rthain\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-07]CHR Extension: (Gmail) - C:\Users\rthain\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-07]CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 70e6ca8c; c:\Program Files (x86)\Optimizer Pro\OptProCrashSvc.dll [186496 2014-03-25] ()R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-04-25] (Advanced Micro Devices, Inc.) [File not signed]R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2428088 2014-08-12] (Microsoft Corporation)R2 HPSLPSVC; C:\Users\rthain\AppData\Local\Temp\7zS194E\hpslpsvc64.dll [1039360 2013-07-19] (Hewlett-Packard Co.) [File not signed]S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1674720 2013-09-25] ()R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [219360 2013-04-18] (AppEx Networks Corporation)R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [94208 2013-02-14] (Advanced Micro Devices)R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-28] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1045248 2013-03-01] (Vimicro Corporation)R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)R2 X5XSEx_Pr148; C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.Sys [56136 2012-08-02] (Exent Technologies Ltd.)S3 CnxtHdAudService; \SystemRoot\system32\drivers\CHDRT64.sys [X]S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]S3 MREMP50; \??\C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [X]S3 MRESP50; \??\C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-28 14:12 - 2014-09-28 14:13 - 00021113 _____ () C:\Users\rthain\Downloads\FRST.txt2014-09-28 14:10 - 2014-09-28 14:12 - 00000000 ____D () C:\FRST2014-09-28 14:10 - 2014-09-28 14:10 - 02108928 _____ (Farbar) C:\Users\rthain\Downloads\FRST64.exe2014-09-28 14:09 - 2014-09-28 14:10 - 01100288 _____ (Farbar) C:\Users\rthain\Downloads\FRST (2).exe2014-09-28 14:09 - 2014-09-28 14:09 - 01100288 _____ (Farbar) C:\Users\rthain\Downloads\FRST (1).exe2014-09-28 14:06 - 2014-09-28 14:06 - 01100288 _____ (Farbar) C:\Users\rthain\Downloads\FRST.exe2014-09-26 20:04 - 2014-09-26 20:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud2014-09-26 19:44 - 2014-09-26 19:44 - 00001806 _____ () C:\Users\Public\Desktop\iTunes.lnk2014-09-26 19:44 - 2014-09-26 19:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes2014-09-26 19:43 - 2014-09-26 19:43 - 00000000 ____D () C:\Program Files\iPod2014-09-26 19:42 - 2014-09-26 19:44 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692014-09-26 19:42 - 2014-09-26 19:44 - 00000000 ____D () C:\Program Files\iTunes2014-09-26 19:42 - 2014-09-26 19:44 - 00000000 ____D () C:\Program Files (x86)\iTunes2014-09-25 11:16 - 2014-09-25 11:16 - 00002535 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk2014-09-25 11:16 - 2014-09-25 11:16 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Apple2014-09-25 11:16 - 2014-09-25 11:16 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update2014-09-25 11:15 - 2014-09-25 11:15 - 00000000 ____D () C:\Program Files\Bonjour2014-09-25 11:15 - 2014-09-25 11:15 - 00000000 ____D () C:\Program Files (x86)\Bonjour2014-09-25 10:53 - 2014-09-25 10:53 - 17291904 _____ (Malwarebytes Corporation ) C:\Users\rthain\Downloads\mbam_premium (1).exe2014-09-24 17:34 - 2014-09-24 17:34 - 00011264 _____ () C:\Users\rthain\Downloads\HACS 2nd September 14.wps2014-09-19 13:28 - 2014-09-19 13:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype2014-09-15 16:49 - 2014-09-28 13:52 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys2014-09-15 16:49 - 2014-09-25 10:54 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-09-15 16:49 - 2014-09-25 10:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-09-15 16:49 - 2014-09-25 10:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-09-15 16:49 - 2014-09-15 16:49 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-09-15 16:49 - 2014-05-12 08:19 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys2014-09-15 16:49 - 2014-05-12 08:19 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys2014-09-15 16:49 - 2014-05-12 08:19 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys2014-09-15 15:42 - 2014-09-15 15:43 - 17291904 _____ (Malwarebytes Corporation ) C:\Users\rthain\Downloads\mbam_premium.exe2014-09-14 10:02 - 2014-08-23 08:48 - 02374784 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe2014-09-14 10:02 - 2014-08-23 08:13 - 02084520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe2014-09-14 10:02 - 2014-08-23 07:10 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll2014-09-14 10:02 - 2014-08-23 06:32 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll2014-09-14 10:02 - 2014-08-23 05:44 - 02860032 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll2014-09-14 10:02 - 2014-08-23 05:34 - 13423104 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll2014-09-14 10:02 - 2014-08-23 05:33 - 00796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll2014-09-14 10:02 - 2014-08-23 05:31 - 01038336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll2014-09-14 10:02 - 2014-08-23 05:20 - 11818496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll2014-09-14 10:02 - 2014-07-30 02:56 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll2014-09-14 10:02 - 2014-07-29 06:22 - 00205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcpmon.dll2014-09-14 10:01 - 2014-07-24 16:28 - 00468288 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS2014-09-14 10:01 - 2014-07-24 16:28 - 00419648 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys2014-09-14 10:01 - 2014-07-24 16:28 - 00412992 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys2014-09-14 10:01 - 2014-07-24 16:28 - 00143680 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys2014-09-14 10:01 - 2014-07-24 16:23 - 01519488 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll2014-09-14 10:01 - 2014-07-24 16:20 - 21266336 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll2014-09-14 10:01 - 2014-07-24 16:20 - 00645592 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll2014-09-14 10:01 - 2014-07-24 16:16 - 02574208 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL2014-09-14 10:01 - 2014-07-24 16:16 - 00211216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVol.exe2014-09-14 10:01 - 2014-07-24 16:07 - 07424320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe2014-09-14 10:01 - 2014-07-24 16:07 - 02009920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys2014-09-14 10:01 - 2014-07-24 16:05 - 01660048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi2014-09-14 10:01 - 2014-07-24 16:05 - 01519560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe2014-09-14 10:01 - 2014-07-24 16:05 - 01488008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi2014-09-14 10:01 - 2014-07-24 16:05 - 01356840 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe2014-09-14 10:01 - 2014-07-24 16:03 - 02141920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll2014-09-14 10:01 - 2014-07-24 16:03 - 00882136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll2014-09-14 10:01 - 2014-07-24 16:03 - 00818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll2014-09-14 10:01 - 2014-07-24 16:03 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll2014-09-14 10:01 - 2014-07-24 16:03 - 00205512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll2014-09-14 10:01 - 2014-07-24 15:57 - 02515264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys2014-09-14 10:01 - 2014-07-24 15:57 - 00475968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys2014-09-14 10:01 - 2014-07-24 14:48 - 02410976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL2014-09-14 10:01 - 2014-07-24 14:46 - 18760328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll2014-09-14 10:01 - 2014-07-24 14:46 - 00477200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll2014-09-14 10:01 - 2014-07-24 14:36 - 02145472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll2014-09-14 10:01 - 2014-07-24 14:36 - 00707536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll2014-09-14 10:01 - 2014-07-24 14:36 - 00674512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll2014-09-14 10:01 - 2014-07-24 14:36 - 00355800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll2014-09-14 10:01 - 2014-07-24 14:36 - 00180720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll2014-09-14 10:01 - 2014-07-24 12:44 - 00674816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys2014-09-14 10:01 - 2014-07-24 12:43 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys2014-09-14 10:01 - 2014-07-24 12:42 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys2014-09-14 10:01 - 2014-07-24 12:05 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll2014-09-14 10:01 - 2014-07-24 12:05 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll2014-09-14 10:01 - 2014-07-24 11:49 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersGPExt.dll2014-09-14 10:01 - 2014-07-24 11:20 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll2014-09-14 10:01 - 2014-07-24 11:10 - 01844224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll2014-09-14 10:01 - 2014-07-24 11:10 - 00834560 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe2014-09-14 10:01 - 2014-07-24 11:10 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll2014-09-14 10:01 - 2014-07-24 11:09 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll2014-09-14 10:01 - 2014-07-24 11:06 - 00438272 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll2014-09-14 10:01 - 2014-07-24 10:52 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll2014-09-14 10:01 - 2014-07-24 10:44 - 16874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll2014-09-14 10:01 - 2014-07-24 10:39 - 00770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll2014-09-14 10:01 - 2014-07-24 10:33 - 01741824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll2014-09-14 10:01 - 2014-07-24 10:24 - 01817088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll2014-09-14 10:01 - 2014-07-24 10:23 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll2014-09-14 10:01 - 2014-07-24 10:16 - 12730880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll2014-09-14 10:01 - 2014-07-24 10:12 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll2014-09-14 10:01 - 2014-07-24 10:11 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\conhost.exe2014-09-14 10:01 - 2014-07-24 10:10 - 00540672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll2014-09-14 10:01 - 2014-07-24 10:03 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll2014-09-14 10:01 - 2014-07-24 10:02 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll2014-09-14 10:01 - 2014-07-24 09:53 - 01261056 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll2014-09-14 10:01 - 2014-07-24 09:53 - 00449536 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll2014-09-14 10:01 - 2014-07-24 09:49 - 01287680 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll2014-09-14 10:01 - 2014-07-24 09:39 - 02397184 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll2014-09-14 10:01 - 2014-07-24 09:38 - 00371200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll2014-09-14 10:01 - 2014-07-24 09:32 - 01532416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll2014-09-14 10:01 - 2014-07-24 09:29 - 00439296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll2014-09-14 10:01 - 2014-07-24 09:27 - 00907776 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll2014-09-14 10:01 - 2014-07-24 09:23 - 01404416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll2014-09-14 10:01 - 2014-07-24 09:22 - 00487936 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv2014-09-14 10:01 - 2014-07-24 09:21 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll2014-09-14 10:01 - 2014-07-24 09:21 - 00302080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll2014-09-14 10:01 - 2014-07-24 09:19 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll2014-09-14 10:01 - 2014-07-24 09:18 - 00795136 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe2014-09-14 10:01 - 2014-07-24 09:16 - 00505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\VAN.dll2014-09-14 10:01 - 2014-07-24 09:16 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll2014-09-14 10:01 - 2014-07-24 09:15 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll2014-09-14 10:01 - 2014-07-24 09:10 - 01029632 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll2014-09-14 10:01 - 2014-07-24 09:10 - 00889344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll2014-09-14 10:01 - 2014-07-24 09:10 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll2014-09-14 10:01 - 2014-07-24 09:10 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv2014-09-14 10:01 - 2014-07-24 09:02 - 03465216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll2014-09-14 10:01 - 2014-07-24 09:01 - 05833216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll2014-09-14 10:01 - 2014-07-24 09:01 - 01992192 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll2014-09-14 10:01 - 2014-07-24 08:50 - 01182208 _____ (Microsoft Corporation) C:\WINDOWS\system32\printui.dll2014-09-14 10:01 - 2014-07-24 08:47 - 00576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll2014-09-14 10:01 - 2014-07-24 08:46 - 08652800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll2014-09-14 10:01 - 2014-07-24 08:44 - 01057792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\printui.dll2014-09-14 10:01 - 2014-07-24 08:43 - 02696704 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll2014-09-14 10:01 - 2014-07-24 08:39 - 02642944 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll2014-09-14 10:01 - 2014-07-24 08:38 - 06649344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll2014-09-14 10:01 - 2014-07-24 08:38 - 05777408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll2014-09-14 10:01 - 2014-07-24 08:33 - 03360768 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll2014-09-14 10:01 - 2014-07-24 08:30 - 02318336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll2014-09-14 10:01 - 2014-07-24 08:28 - 01600000 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll2014-09-14 10:01 - 2014-07-24 05:11 - 00513544 _____ () C:\WINDOWS\SysWOW64\locale.nls2014-09-14 10:01 - 2014-07-24 05:11 - 00513544 _____ () C:\WINDOWS\system32\locale.nls2014-09-14 10:01 - 2014-07-12 06:55 - 00268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll2014-09-14 10:01 - 2014-07-12 05:58 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll2014-09-14 10:01 - 2014-07-12 05:13 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll2014-09-14 10:01 - 2014-07-04 11:29 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSip.dll2014-09-14 10:01 - 2014-07-04 10:30 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll2014-09-14 10:01 - 2014-07-04 10:27 - 00474112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll2014-09-14 10:01 - 2014-06-27 07:22 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys2014-09-14 10:01 - 2014-06-26 01:32 - 01029632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll2014-09-14 10:01 - 2014-06-19 03:13 - 00310080 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys2014-09-14 10:01 - 2014-06-14 07:03 - 02389504 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll2014-09-14 10:01 - 2014-06-14 06:46 - 02071552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll2014-09-14 10:01 - 2014-06-05 11:18 - 01018368 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll2014-09-14 10:01 - 2014-06-05 10:42 - 00889856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll2014-09-14 10:01 - 2014-05-31 06:00 - 01463808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll2014-09-14 10:01 - 2014-05-29 07:23 - 00427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll2014-09-14 10:01 - 2014-05-29 06:25 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll2014-09-14 10:01 - 2014-05-06 05:41 - 00486744 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll2014-09-14 10:01 - 2014-05-06 01:55 - 00391000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll2014-09-14 10:01 - 2014-03-25 03:27 - 00160600 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmmbase.dll2014-09-14 10:01 - 2014-03-25 02:20 - 00127544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmmbase.dll2014-09-14 10:00 - 2014-07-24 16:28 - 00280384 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys2014-09-14 10:00 - 2014-07-24 16:25 - 00054752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe2014-09-14 10:00 - 2014-07-24 16:23 - 00125472 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll2014-09-14 10:00 - 2014-07-24 16:20 - 00263400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe2014-09-14 10:00 - 2014-07-24 16:03 - 00233888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll2014-09-14 10:00 - 2014-07-24 14:50 - 00098048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll2014-09-14 10:00 - 2014-07-24 14:48 - 00180208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVol.exe2014-09-14 10:00 - 2014-07-24 12:51 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRUM.DLL2014-09-14 10:00 - 2014-07-24 12:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDYAK.DLL2014-09-14 10:00 - 2014-07-24 12:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTT102.DLL2014-09-14 10:00 - 2014-07-24 12:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTAT.DLL2014-09-14 10:00 - 2014-07-24 12:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRU1.DLL2014-09-14 10:00 - 2014-07-24 12:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDBASH.DLL2014-09-14 10:00 - 2014-07-24 12:51 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRU.DLL2014-09-14 10:00 - 2014-07-24 12:47 - 00132608 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll2014-09-14 10:00 - 2014-07-24 12:46 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\IPMIDrv.sys2014-09-14 10:00 - 2014-07-24 12:45 - 00076800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys2014-09-14 10:00 - 2014-07-24 12:42 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\NdisImPlatform.sys2014-09-14 10:00 - 2014-07-24 12:41 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys2014-09-14 10:00 - 2014-07-24 12:33 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll2014-09-14 10:00 - 2014-07-24 12:33 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll2014-09-14 10:00 - 2014-07-24 12:22 - 00308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll2014-09-14 10:00 - 2014-07-24 12:06 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasnap.dll2014-09-14 10:00 - 2014-07-24 11:52 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDYAK.DLL2014-09-14 10:00 - 2014-07-24 11:52 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDTT102.DLL2014-09-14 10:00 - 2014-07-24 11:52 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDTAT.DLL2014-09-14 10:00 - 2014-07-24 11:51 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRUM.DLL2014-09-14 10:00 - 2014-07-24 11:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRU1.DLL2014-09-14 10:00 - 2014-07-24 11:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDBASH.DLL2014-09-14 10:00 - 2014-07-24 11:51 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRU.DLL2014-09-14 10:00 - 2014-07-24 11:33 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll2014-09-14 10:00 - 2014-07-24 11:32 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\powercfg.cpl2014-09-14 10:00 - 2014-07-24 11:18 - 01089024 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpedit.dll2014-09-14 10:00 - 2014-07-24 11:12 - 00878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll2014-09-14 10:00 - 2014-07-24 11:10 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasnap.dll2014-09-14 10:00 - 2014-07-24 11:05 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll2014-09-14 10:00 - 2014-07-24 10:53 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll2014-09-14 10:00 - 2014-07-24 10:42 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\powercfg.cpl2014-09-14 10:00 - 2014-07-24 10:40 - 00557056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintDialogs.dll2014-09-14 10:00 - 2014-07-24 10:32 - 01048064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpedit.dll2014-09-14 10:00 - 2014-07-24 10:27 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll2014-09-14 10:00 - 2014-07-24 10:27 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe2014-09-14 10:00 - 2014-07-24 10:25 - 00832512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenter.dll2014-09-14 10:00 - 2014-07-24 10:21 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll2014-09-14 10:00 - 2014-07-24 10:18 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll2014-09-14 10:00 - 2014-07-24 10:14 - 00443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll2014-09-14 10:00 - 2014-07-24 10:13 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prnntfy.dll2014-09-14 10:00 - 2014-07-24 10:11 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll2014-09-14 10:00 - 2014-07-24 10:09 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll2014-09-14 10:00 - 2014-07-24 10:04 - 00492032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintDialogs.dll2014-09-14 10:00 - 2014-07-24 10:04 - 00183808 _____ (Microsoft Corp.) C:\WINDOWS\system32\Defrag.exe2014-09-14 10:00 - 2014-07-24 09:58 - 00105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll2014-09-14 10:00 - 2014-07-24 09:49 - 01361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll2014-09-14 10:00 - 2014-07-24 09:49 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll2014-09-14 10:00 - 2014-07-24 09:49 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll2014-09-14 10:00 - 2014-07-24 09:48 - 00659968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll2014-09-14 10:00 - 2014-07-24 09:47 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll2014-09-14 10:00 - 2014-07-24 09:43 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll2014-09-14 10:00 - 2014-07-24 09:36 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll2014-09-14 10:00 - 2014-07-24 09:30 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll2014-09-14 10:00 - 2014-07-24 09:28 - 00595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll2014-09-14 10:00 - 2014-07-24 09:24 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll2014-09-14 10:00 - 2014-07-24 09:20 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll2014-09-14 10:00 - 2014-07-24 09:18 - 01144320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll2014-09-14 10:00 - 2014-07-24 09:18 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll2014-09-14 10:00 - 2014-07-24 09:15 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll2014-09-14 10:00 - 2014-07-24 09:15 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll2014-09-14 10:00 - 2014-07-24 09:13 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll2014-09-14 10:00 - 2014-07-24 09:12 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll2014-09-14 10:00 - 2014-07-24 09:08 - 00321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll2014-09-14 10:00 - 2014-07-24 09:08 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll2014-09-14 10:00 - 2014-07-24 09:07 - 01705472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll2014-09-14 10:00 - 2014-07-24 09:06 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll2014-09-14 10:00 - 2014-07-24 09:05 - 00448000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VAN.dll2014-09-14 10:00 - 2014-07-24 09:04 - 00667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll2014-09-14 10:00 - 2014-07-24 09:01 - 01126912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll2014-09-14 10:00 - 2014-07-24 09:00 - 02100736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll2014-09-14 10:00 - 2014-07-24 08:58 - 00432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll2014-09-14 10:00 - 2014-07-24 08:58 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll2014-09-14 10:00 - 2014-07-24 08:54 - 01290752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll2014-09-14 10:00 - 2014-07-24 08:50 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll2014-09-14 10:00 - 2014-07-24 08:49 - 00263680 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll2014-09-14 10:00 - 2014-07-24 08:43 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll2014-09-14 10:00 - 2014-07-24 08:43 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll2014-09-14 10:00 - 2014-07-24 08:41 - 00459264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll2014-09-14 10:00 - 2014-07-12 06:23 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll2014-09-14 10:00 - 2014-07-12 05:33 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll2014-09-14 10:00 - 2014-07-10 00:19 - 00387391 _____ () C:\WINDOWS\system32\ApnDatabase.xml2014-09-14 10:00 - 2014-07-04 13:59 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys2014-09-14 10:00 - 2014-07-04 11:20 - 01656832 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll2014-09-14 10:00 - 2014-07-04 11:06 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxSip.dll2014-09-14 10:00 - 2014-07-04 11:00 - 01351168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll2014-09-14 10:00 - 2014-06-26 01:29 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll2014-09-14 10:00 - 2014-06-20 00:37 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys2014-09-14 10:00 - 2014-06-07 13:46 - 00216368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll2014-09-14 10:00 - 2014-06-07 11:20 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll2014-09-14 10:00 - 2014-06-05 15:00 - 01118040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys2014-09-14 10:00 - 2014-05-31 05:18 - 01319936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll2014-09-14 10:00 - 2014-05-29 06:20 - 00427520 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll2014-09-14 10:00 - 2014-05-29 05:36 - 00344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll2014-09-14 10:00 - 2014-05-26 08:26 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll2014-09-14 10:00 - 2014-05-10 11:12 - 00387896 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll2014-09-14 10:00 - 2014-05-10 09:46 - 00335680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll2014-09-14 10:00 - 2014-03-25 03:27 - 00123920 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmm.dll2014-09-14 10:00 - 2014-03-25 02:20 - 00128568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmm.dll2014-09-14 09:52 - 2014-08-15 01:36 - 00146752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpioclx.sys2014-09-10 21:53 - 2014-08-16 02:56 - 00547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll2014-09-10 21:53 - 2014-08-16 02:54 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll2014-09-10 21:53 - 2014-08-16 02:43 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll2014-09-10 21:53 - 2014-08-16 02:32 - 00446464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll2014-09-10 21:53 - 2014-08-16 02:25 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll2014-09-10 21:53 - 2014-08-16 02:22 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll2014-09-10 21:53 - 2014-08-16 02:20 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll2014-09-10 21:53 - 2014-08-16 02:19 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll2014-09-10 21:53 - 2014-08-16 02:18 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll2014-09-10 21:53 - 2014-08-16 02:06 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll2014-09-10 21:53 - 2014-08-16 02:05 - 00727040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll2014-09-10 21:53 - 2014-08-16 02:05 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe2014-09-10 21:53 - 2014-08-16 02:03 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll2014-09-10 21:53 - 2014-08-16 01:53 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll2014-09-10 21:53 - 2014-08-16 01:53 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll2014-09-10 21:52 - 2014-08-16 03:40 - 23591424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll2014-09-10 21:52 - 2014-08-16 03:04 - 17455104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll2014-09-10 21:52 - 2014-08-16 03:00 - 05833728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll2014-09-10 21:52 - 2014-08-16 03:00 - 02793984 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll2014-09-10 21:52 - 2014-08-16 02:45 - 04232704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll2014-09-10 21:52 - 2014-08-16 02:18 - 02185728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll2014-09-10 21:52 - 2014-08-16 02:11 - 00597504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll2014-09-10 21:52 - 2014-08-16 02:03 - 02104832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl2014-09-10 21:52 - 2014-08-16 01:58 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll2014-09-10 21:52 - 2014-08-16 01:56 - 02310656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll2014-09-10 21:52 - 2014-08-16 01:53 - 13588480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll2014-09-10 21:52 - 2014-08-16 01:51 - 11769856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll2014-09-10 21:52 - 2014-08-16 01:45 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll2014-09-10 21:52 - 2014-08-16 01:44 - 02014208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl2014-09-10 21:52 - 2014-08-16 01:44 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll2014-09-10 21:52 - 2014-08-16 01:34 - 01447424 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll2014-09-10 21:52 - 2014-08-16 01:20 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll2014-09-10 21:52 - 2014-08-16 01:18 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll2014-09-10 21:52 - 2014-08-16 01:14 - 01190400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll2014-09-10 21:52 - 2014-08-16 01:12 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll2014-09-10 17:44 - 2014-08-02 01:18 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll2014-09-10 17:43 - 2014-09-05 03:36 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll2014-09-10 17:43 - 2014-09-05 03:31 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll2014-09-10 17:43 - 2014-09-05 01:48 - 00738816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll2014-09-10 17:43 - 2014-07-24 04:20 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll2014-09-10 17:43 - 2014-07-24 04:20 - 00869544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll2014-09-08 12:45 - 2014-09-08 12:45 - 00000000 ____D () C:\ProgramData\Wondershare2014-09-08 12:38 - 2014-09-08 12:38 - 00000000 ____D () C:\Users\rthain\AppData\Local\Wondershare2014-09-04 14:27 - 2014-09-05 15:03 - 00000000 ____D () C:\ProgramData\RRooyaliCoupon2014-09-01 11:40 - 2014-09-02 10:15 - 00000000 ____D () C:\ProgramData\KInGiCooupon2014-08-29 12:16 - 2014-08-29 12:16 - 01927440 _____ (Gross Mauntin) C:\Users\rthain\Downloads\adobe_flash.exe ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-28 14:12 - 2014-02-13 11:35 - 01890082 _____ () C:\WINDOWS\WindowsUpdate.log2014-09-28 14:02 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru2014-09-28 13:54 - 2014-08-01 12:08 - 00004978 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for HEREWARD-rthain Hereward2014-09-28 13:52 - 2014-01-19 12:00 - 00000000 ____D () C:\Users\rthain\AppData\Roaming\Skype2014-09-28 13:52 - 2013-11-07 12:57 - 00000908 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job2014-09-28 11:37 - 2013-11-07 12:57 - 00000912 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job2014-09-28 10:29 - 2013-11-05 12:21 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2069769180-886861901-593725835-10022014-09-28 10:25 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness2014-09-26 20:31 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT2014-09-26 20:30 - 2014-03-27 11:35 - 00151804 _____ () C:\WINDOWS\PFRO.log2014-09-26 20:30 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI2014-09-26 19:38 - 2014-04-14 10:36 - 00007263 _____ () C:\WINDOWS\setupact.log2014-09-25 11:43 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp2014-09-25 11:16 - 2014-08-25 11:31 - 00000000 ____D () C:\Program Files\Common Files\Apple2014-09-25 11:15 - 2014-04-14 18:42 - 00000000 ____D () C:\ProgramData\Apple2014-09-25 10:09 - 2014-04-05 15:15 - 00000000 ____D () C:\Program Files\Microsoft Office 152014-09-23 10:34 - 2014-01-27 17:45 - 00000000 ____D () C:\Users\rthain2014-09-23 10:19 - 2013-11-05 12:12 - 00000000 ____D () C:\Users\rthain\AppData\Local\Packages2014-09-22 07:42 - 2014-01-31 16:01 - 00278152 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe2014-09-19 13:28 - 2014-07-21 10:37 - 00002531 _____ () C:\Users\Public\Desktop\Skype.lnk2014-09-19 13:28 - 2014-07-21 10:37 - 00000000 ___RD () C:\Program Files (x86)\Skype2014-09-19 13:28 - 2014-01-19 11:59 - 00000000 ____D () C:\ProgramData\Skype2014-09-17 16:55 - 2014-01-10 03:51 - 00000000 ____D () C:\Users\rthain\Documents\HACS2014-09-17 16:06 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache2014-09-16 12:28 - 2013-11-14 08:28 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI2014-09-15 16:44 - 2013-08-22 15:44 - 00371864 _____ () C:\WINDOWS\system32\FNTCACHE.DAT2014-09-15 15:28 - 2013-11-14 08:17 - 00000000 ____D () C:\Program Files\Windows Journal2014-09-15 15:28 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData2014-09-15 15:28 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel2014-09-15 15:28 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility2014-09-15 15:28 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility2014-09-15 15:28 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\WinStore2014-09-15 15:28 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\setup2014-09-15 15:28 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\InputMethod2014-09-15 15:28 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\setup2014-09-15 15:28 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\oobe2014-09-15 15:26 - 2014-03-28 10:57 - 00000000 ____D () C:\Users\rthain\AppData\Local\AdFender2014-09-10 22:25 - 2014-07-10 11:16 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel2014-09-10 21:54 - 2014-06-13 13:28 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll2014-09-10 21:54 - 2014-06-13 13:28 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll2014-09-10 21:53 - 2014-06-13 13:28 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll2014-09-10 21:53 - 2014-06-13 13:28 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe2014-09-10 21:53 - 2014-06-13 13:28 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe2014-09-10 21:53 - 2014-06-13 13:28 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe2014-09-10 21:53 - 2014-06-13 13:28 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll2014-09-10 21:53 - 2014-06-13 13:28 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll2014-09-10 21:53 - 2014-06-13 13:28 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll2014-09-10 21:53 - 2014-06-13 13:28 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll2014-09-10 21:53 - 2014-06-13 13:28 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll2014-09-10 21:53 - 2014-06-13 13:28 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll2014-09-10 21:53 - 2014-06-12 10:27 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll2014-09-10 21:53 - 2014-06-12 10:27 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll2014-09-10 21:53 - 2014-05-03 09:24 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb2014-09-10 21:53 - 2014-05-03 09:24 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb2014-09-10 21:52 - 2013-11-18 03:59 - 00000000 ____D () C:\WINDOWS\system32\MRT2014-09-10 21:43 - 2013-11-18 03:59 - 101694776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe2014-09-08 15:41 - 2014-04-14 11:12 - 00000000 ____D () C:\PFS8.3 PE_TMP2014-09-07 14:27 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Registration2014-09-07 11:47 - 2013-11-07 11:01 - 00000000 ____D () C:\ldiag2014-09-06 14:46 - 2014-01-31 12:33 - 00000000 ____D () C:\Users\rthain\Documents\My Scans2014-09-05 14:39 - 2013-06-10 07:29 - 00000000 ____D () C:\ProgramData\Adobe2014-09-05 14:39 - 2013-06-10 07:29 - 00000000 ____D () C:\Program Files (x86)\Adobe2014-09-04 14:28 - 2014-04-26 10:55 - 00000000 ____D () C:\ProgramData\874cfb7b7dee04e92014-09-04 14:05 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\addins2014-09-02 21:06 - 2014-08-13 22:33 - 00706016 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe2014-09-02 21:06 - 2014-08-13 22:33 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl2014-08-29 12:19 - 2013-08-22 14:25 - 00000229 _____ () C:\WINDOWS\win.ini Some content of TEMP:====================C:\Users\rthain\AppData\Local\Temp\BackupSetup.exeC:\Users\rthain\AppData\Local\Temp\KUIU.EXEC:\Users\rthain\AppData\Local\Temp\SettingsManagerSetup.exeC:\Users\rthain\AppData\Local\Temp\SHSetup.exeC:\Users\rthain\AppData\Local\Temp\vcredist_x64.exeC:\Users\rthain\AppData\Local\Temp\_is3897.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-26 20:42 ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
marinedog Posted September 28, 2014 Author ID:884124 Share Posted September 28, 2014 Hope this helps. I do have another problem which i posted elsewhere and was told that you may come across and be able to sort it out for me:) My real-time protection and updates keep turning off and I have to re-download in order to start them again. Any help in that area also gratefully received. Link to post Share on other sites More sharing options...
deeprybka Posted September 28, 2014 ID:884127 Share Posted September 28, 2014 Hi,please try to run Malwarebytes: Scan with Malwarebytes Anti-Malware .Please open Malwarebytes Anti-Malware. Please update the database by clicking on the "Update Now" button. Following the update and click "Settings" and go to "Detection and Protection" Make sure "Scan for Rootkits" is checked. Click on Dashboard, then click on Scan Now to start the scan.(If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt so that you can decide what you want to do. I suggest "Quarantine". Click the button: Apply All Actions.) A window with an option to view the detailed log will appear. Click on "View Detailed Log". After viewing the results, please click on the "Copy to Clipboard" button and then OK. Return to our forum. Paste your log into your next reply. Link to post Share on other sites More sharing options...
marinedog Posted September 29, 2014 Author ID:884461 Share Posted September 29, 2014 Malwarebytes Anti-Malwarewww.malwarebytes.org Scan Date: 29/09/2014Scan Time: 09:45:13Logfile: Administrator: Yes Version: 2.00.2.1012Malware Database: v2014.09.29.02Rootkit Database: v2014.09.19.01License: PremiumMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: Disabled OS: Windows 8.1CPU: x64File System: NTFSUser: rthain Scan Type: Threat ScanResult: CompletedObjects Scanned: 328701Time Elapsed: 31 min, 22 sec Memory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: Enabled Processes: 0(No malicious items detected) Modules: 0(No malicious items detected) Registry Keys: 0(No malicious items detected) Registry Values: 0(No malicious items detected) Registry Data: 0(No malicious items detected) Folders: 0(No malicious items detected) Files: 0(No malicious items detected) Physical Sectors: 0(No malicious items detected) (end) Link to post Share on other sites More sharing options...
deeprybka Posted September 29, 2014 ID:884568 Share Posted September 29, 2014 Hi, Step 1 Please download AdwCleaner (by Xplode) and save it to your Desktop.Double click on AdwCleaner.exe to run the tool. Vista/Windows 7/8 users right-click and select "Run As Administrator"Click on the Scan button.After the scan has finished, click on the Clean button.Press OK when asked to close all programs and follow the onscreen prompts.After rebooting, a log file (that is saved in C:\AdwCleaner[s#].txt) will open automatically. Copy and paste the contents of that logfile in your next reply.Step 2 Start FRST with administator privileges.Make sure the following option is checked: Press the Scan button.When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from. Please copy and paste these logs in your next reply. Link to post Share on other sites More sharing options...
marinedog Posted September 29, 2014 Author ID:884603 Share Posted September 29, 2014 Okay here is the first one. I left Optimizer Pro 70e6ca8c checked when I did the clean. I will post the other report later. # AdwCleaner v3.310 - Report created 29/09/2014 at 18:55:58# Updated 12/09/2014 by Xplode# Operating System : Windows 8.1 (64 bits)# Username : rthain - HEREWARD# Running from : C:\Users\rthain\Downloads\AdwCleaner.exe# Option : Clean ***** [ Services ] ***** Service Deleted : 70e6ca8c ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\CaoolSalECoouppOnFolder Deleted : C:\ProgramData\KInGiCoouponFolder Deleted : C:\ProgramData\LuckyCoUpeonnFolder Deleted : C:\ProgramData\RRooyaliCouponFolder Deleted : C:\ProgramData\SaleItCouponFolder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\optimizer pro v3.2Folder Deleted : C:\Program Files (x86)\AnyProtectExFolder Deleted : C:\Program Files (x86)\Optimizer ProFolder Deleted : C:\Program Files (x86)\CaoolSalECoouppOnFolder Deleted : C:\Users\rthain\AppData\Local\Tuguu_SLFolder Deleted : C:\Users\rthain\AppData\Roaming\Optimizer ProFile Deleted : C:\ENDFile Deleted : C:\Users\rthain\AppData\Roaming\aps.scan.quick.resultsFile Deleted : C:\Users\rthain\AppData\Roaming\aps.scan.resultsFile Deleted : C:\Users\rthain\AppData\Roaming\aps.uninstall.scan.results ***** [ Scheduled Tasks ] ***** Task Deleted : APSnotifierPP1Task Deleted : APSnotifierPP2Task Deleted : APSnotifierPP3 ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\NewPlayer_RASMANCSKey Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E993643-8FBC-44FE-BC85-D318495C4D96}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{54739D49-AC03-4C57-9264-C5195596B3A1}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EAF749DC-CD87-4B04-B22A-D4AC3FBCB2BC}Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2476}Key Deleted : HKCU\Software\AnyProtectKey Deleted : HKCU\Software\InstalledBrowserExtensionsKey Deleted : HKCU\Software\LinkeyKey Deleted : HKCU\Software\Optimizer ProKey Deleted : HKCU\Software\SoftonicKey Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensionsKey Deleted : HKLM\SOFTWARE\NewPlayerKey Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensionsData Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\settin~1\systemk\syskldr.dllData Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\settin~1\systemk\x64\syskldr.dllData Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\linkey\ieexte~1\iedll64.dll ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.17278 -\\ Google Chrome v34.0.1847.116 [ File : C:\Users\rthain\AppData\Local\Google\Chrome\User Data\Default\preferences ] Deleted [Extension] : booedmolknjekdopkepjjeckmjkdpfglDeleted [Extension] : flpcjncodpafbgdpnkljologafpionhb ************************* AdwCleaner[R0].txt - [4695 octets] - [29/09/2014 18:38:37]AdwCleaner[s0].txt - [4348 octets] - [29/09/2014 18:55:58] ########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [4408 octets] ########## Link to post Share on other sites More sharing options...
marinedog Posted September 29, 2014 Author ID:884607 Share Posted September 29, 2014 Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-09-2014 02Ran by rthain at 2014-09-29 19:49:17Running from C:\Users\rthain\DownloadsBoot Mode: Normal========================================================== ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) HiddenAMD Accelerated Video Transcoding (Version: 12.10.100.30424 - Advanced Micro Devices, Inc.) HiddenAMD Catalyst Install Manager (HKLM\...\{FA5043AF-EAC4-C06E-18B0-A184923DC7CC}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)AMD Fuel (Version: 2013.0424.1659.28626 - Advanced Micro Devices, Inc.) HiddenAMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.4.4.0 - AppEx Networks)Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)ccc-utility64 (Version: 2013.0424.1659.28626 - Advanced Micro Devices, Inc.) HiddenGoogle Chrome (HKLM-x32\...\Google Chrome) (Version: 34.0.1847.116 - Google Inc.)Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) HiddenHP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)HP Deskjet F4500 All-in-One Driver 14.0 Rel. 6 (HKLM\...\{0AFFEA39-60AF-4C4F-BB47-4A1F7CB12129}) (Version: 14.0 - HP)HP Deskjet F4500 All-in-One Driver Software 14.0 Rel. 6 (HKLM\...\{FD126052-310E-4364-937B-6B5564F24578}) (Version: 14.0 - HP)HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)iCloud (HKLM\...\{6096C0CC-7E19-4355-87F0-627EC5AA146D}) (Version: 4.0.3.56 - Apple Inc.)iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)Lenovo OneKey Recovery (Version: 8.0.0.1219 - CyberLink Corp.) HiddenLenovo pointing device (HKLM\...\Elantech) (Version: 11.4.14.1 - ELAN Microelectronic Corp.)Lenovo Solution Center (HKLM\...\{D60E3A84-5DDC-49ED-B9A5-E3466996EB36}) (Version: 2.3.002.00 - Lenovo Group Limited)Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4649.1003 - Microsoft Corporation)Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.3.1171.0714 - Microsoft Corporation)Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837B34E3-7C30-493C-8F6A-2B0F04E2912C}) (Version: - )Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: - )Network64 (Version: 140.0.306.000 - Hewlett-Packard) HiddenOffice 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4649.1003 - Microsoft Corporation) HiddenOffice 15 Click-to-Run Licensing Component (Version: 15.0.4649.1003 - Microsoft Corporation) HiddenOffice 15 Click-to-Run Localization Component (x32 Version: 15.0.4649.1003 - Microsoft Corporation) HiddenPHOTOfunSTUDIO 8.3 PE (HKLM-x32\...\{5F07A881-4A7F-4F16-AF9E-F2202B504A91}) (Version: 8.03.713 - Panasonic Corporation)SILKYPIX Developer Studio 3.1 SE (HKLM-x32\...\InstallShield_{0A04086B-0B71-43C3-95EF-FDFC4C18D161}) (Version: 3 - Ichikawa Soft Laboratory)SILKYPIX Developer Studio 3.1 SE (x32 Version: 3 - Ichikawa Soft Laboratory) HiddenSkype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)Windows Driver Package - Lenovo (ACPIVPC) System (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo) ==================== Custom CLSID (selected items): ========================== (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.) CustomCLSID: HKU\S-1-5-21-2069769180-886861901-593725835-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\rthain\AppData\Local\Microsoft\SkyDrive\17.3.1171.0714\amd64\FileSyncApi64.dll (Microsoft Corporation) ==================== Restore Points ========================= 08-09-2014 12:00:36 Installed iTunes15-09-2014 13:46:05 Windows Update17-09-2014 12:26:56 Installed iTunes25-09-2014 10:00:15 Removed Apple Mobile Device Support ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.) Task: {0273F0E5-B392-4040-897C-88E58D58A131} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTaskTask: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsListTask: {178341D9-6A43-4921-968F-49E1A96B02D9} - System32\Tasks\Microsoft\Windows\DiskFootprint\DiagnosticsTask: {1BA79801-C587-4B85-9826-A4360C9361A4} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-08-12] (Microsoft Corporation)Task: {1CE7E27E-9796-4882-8549-A842589BE012} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-ManagementTask: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTaskTask: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulateTask: {3464D1DC-7077-4541-8DEA-2442E9A2C002} - System32\Tasks\IHSelfDeleteTASK => CMDTask: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalanceTask: {4FDD21E9-93A2-4A1F-8976-B611B1453DFD} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-ValidationTask: {5216F248-F1B3-47F2-8FA1-8E20E9545220} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUploadTask: {5E2AFB4F-65F6-4D28-A72B-6ED330E95916} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-09-10] (Microsoft Corporation)Task: {5FFCF0E3-A441-4FAE-B542-A3DE94FB78CB} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play CleanupTask: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance TaskTask: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTaskTask: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryStateTask: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance TaskTask: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTaskTask: {8E5527C9-40FB-48DE-83C0-ECF63125ADD4} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-09-25] ()Task: {94F53616-87EA-41A2-8AD1-B5BA3B9105A0} - System32\Tasks\IHUninstallTrackingTASK => CMDTask: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance WorkTask: {A007B7F5-CAEF-4625-A2AA-D54C5097C300} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-07] (Google Inc.)Task: {CAAE6675-2342-42EA-A59B-126BAD184E72} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-07] (Google Inc.)Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTaskTask: {D11A9F0F-23C4-4C34-99E8-7807BFB9EC05} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2013-09-25] (Lenovo)Task: {D86ECD2F-5E29-4D57-A199-DEED69296294} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe [2013-09-25] (Lenovo)Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensingTask: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon SynchronizationTask: {E1837F55-CE24-4E70-9E7F-B1A3B15933BF} - System32\Tasks\Microsoft Office 15 Sync Maintenance for HEREWARD-rthain Hereward => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-09-25] (Microsoft Corporation)Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRETask: {EBC124A1-64D3-43B6-94BA-07922F30C15C} - System32\Tasks\Microsoft\Windows\PLA\LSC Memory => Rundll32.exe C:\windows\system32\pla.dll,PlaHost "LSC Memory" "$(Arg0)"Task: {F65DEEB1-7C31-409B-B4F9-8B9863F3746F} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauservTask: {F96B5C94-E2AA-4BD8-AC45-A66256D49D12} - System32\Tasks\Lenovo\LSC\LSCHardwareScanPostpone => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2013-09-25] ()Task: {FF96CA05-9B30-4DC5-90AB-F0B404D98A86} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2069769180-886861901-593725835-1002 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exeTask: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Loaded Modules (whitelisted) ============= 2013-04-25 01:10 - 2013-04-25 01:10 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll2014-04-05 15:15 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll2014-09-25 10:07 - 2014-09-25 10:07 - 08894120 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll2013-04-25 01:10 - 2013-04-25 01:10 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll2013-06-10 07:37 - 2012-07-12 13:59 - 00891392 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtNetwork4.dll2013-06-10 07:37 - 2012-07-12 13:59 - 02281984 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtCore4.dll2013-06-10 07:37 - 2012-07-12 13:59 - 00016896 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\featureController.dll2013-06-10 07:37 - 2012-07-12 13:59 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\osEvents.dll2013-06-10 07:37 - 2012-07-12 13:59 - 00322048 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\log4cplus.dll2013-06-10 07:37 - 2012-07-12 13:59 - 00339456 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\QtXml4.dll2013-06-10 07:37 - 2012-07-12 13:59 - 00400384 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\sqlite3.dll2013-06-10 07:37 - 2012-07-12 13:59 - 00195584 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\libgsoap.dll2013-06-10 07:37 - 2012-07-12 13:59 - 00062464 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\zlib1.dll2013-06-10 07:37 - 2012-07-12 13:59 - 00446976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\deviceProfile.dll2013-06-10 07:37 - 2012-07-12 13:59 - 00019456 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\eventsSender.dll2013-06-10 07:37 - 2012-07-12 13:59 - 00062976 _____ () C:\Program Files (x86)\Intel\IntelAppStore\bin\serviceManagerStarter.dll2014-09-08 12:38 - 2014-08-26 17:47 - 01491968 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll2014-09-08 12:38 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll2014-09-25 10:03 - 2014-09-25 10:03 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll ==================== Alternate Data Streams (whitelisted) ========= (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.) ==================== Safe Mode (whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== EXE Association (whitelisted) ============= (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.) ==================== MSCONFIG/TASK MANAGER disabled items ========= (Currently there is no automatic fix for this section.) ========================= Accounts: ========================== Administrator (S-1-5-21-2069769180-886861901-593725835-500 - Administrator - Disabled)Guest (S-1-5-21-2069769180-886861901-593725835-501 - Limited - Disabled)rthain (S-1-5-21-2069769180-886861901-593725835-1002 - Administrator - Enabled) => C:\Users\rthain ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors:==================Error: (09/29/2014 07:38:13 PM) (Source: Application Error) (EventID: 1000) (User: )Description: Faulting application name: mbam.exe, version: 1.0.0.532, time stamp: 0x53518532Faulting module name: ntdll.dll, version: 6.3.9600.17114, time stamp: 0x53648f36Exception code: 0xc0000005Fault offset: 0x00062a78Faulting process id: 0x98Faulting application start time: 0xmbam.exe0Faulting application path: mbam.exe1Faulting module path: mbam.exe2Report Id: mbam.exe3Faulting package full name: mbam.exe4Faulting package-relative application ID: mbam.exe5 Error: (09/28/2014 10:14:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 80435922 Error: (09/28/2014 10:14:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 80435922 Error: (09/28/2014 10:14:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (09/27/2014 10:39:08 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )Description: 80070005 Error: (09/27/2014 10:26:54 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Client application bug: DNSServiceResolve(38:48:4c:cc:0d:1f@fe80::3a48:4cff:fecc:d1f._apple-mobdev2._tcp.local.) active for over two minutes. This places considerable burden on the network. Error: (09/27/2014 10:26:54 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Client application bug: DNSServiceResolve(38:48:4c:cc:0d:1f@fe80::3a48:4cff:fecc:d1f._apple-mobdev2._tcp.local.) active for over two minutes. This places considerable burden on the network. Error: (09/27/2014 10:24:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: ERROR: handle_resolve_request bad interfaceIndex 24 Error: (09/27/2014 10:24:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: ERROR: handle_resolve_request bad interfaceIndex 23 Error: (09/27/2014 10:24:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: ERROR: handle_resolve_request bad interfaceIndex 22 System errors:=============Error: (09/29/2014 07:39:26 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The AppEx Networks Accelerator LWF service failed to start due to the following error: %%31 Error: (09/29/2014 07:39:26 PM) (Source: APXACC) (EventID: 1003) (User: )Description: The NDIS6 LWF initialization has failed. (0xC0000001) Error: (09/29/2014 06:52:32 PM) (Source: DCOM) (EventID: 10010) (User: HEREWARD)Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001} Error: (09/29/2014 06:52:02 PM) (Source: DCOM) (EventID: 10010) (User: HEREWARD)Description: {1B1F472E-3221-4826-97DB-2C2324D389AE} Error: (09/28/2014 02:32:16 PM) (Source: DCOM) (EventID: 10010) (User: HEREWARD)Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9} Error: (09/28/2014 02:32:16 PM) (Source: DCOM) (EventID: 10010) (User: HEREWARD)Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9} Error: (09/26/2014 08:31:18 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The AppEx Networks Accelerator LWF service failed to start due to the following error: %%31 Error: (09/26/2014 08:31:18 PM) (Source: APXACC) (EventID: 1003) (User: )Description: The NDIS6 LWF initialization has failed. (0xC0000001) Error: (09/26/2014 08:30:12 PM) (Source: Service Control Manager) (EventID: 7023) (User: )Description: The Superfetch service terminated with the following error: %%1062 Error: (09/26/2014 08:29:54 PM) (Source: DCOM) (EventID: 10010) (User: HEREWARD)Description: {D63B10C5-BB46-4990-A94F-E40B9D520160} Microsoft Office Sessions:=========================Error: (09/29/2014 07:38:13 PM) (Source: Application Error) (EventID: 1000) (User: )Description: mbam.exe1.0.0.53253518532ntdll.dll6.3.9600.1711453648f36c000000500062a789801cfdc0b31fc0f5dC:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exeC:\WINDOWS\SYSTEM32\ntdll.dllc46a33ac-4807-11e4-beb6-208984dbef6f Error: (09/28/2014 10:14:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledSPRetry 80435922 Error: (09/28/2014 10:14:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: m->NextScheduledEvent 80435922 Error: (09/28/2014 10:14:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Task Scheduling Error: Continuously busy for more than a second Error: (09/27/2014 10:39:08 AM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )Description: 80070005 Error: (09/27/2014 10:26:54 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Client application bug: DNSServiceResolve(38:48:4c:cc:0d:1f@fe80::3a48:4cff:fecc:d1f._apple-mobdev2._tcp.local.) active for over two minutes. This places considerable burden on the network. Error: (09/27/2014 10:26:54 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: Client application bug: DNSServiceResolve(38:48:4c:cc:0d:1f@fe80::3a48:4cff:fecc:d1f._apple-mobdev2._tcp.local.) active for over two minutes. This places considerable burden on the network. Error: (09/27/2014 10:24:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: ERROR: handle_resolve_request bad interfaceIndex 24 Error: (09/27/2014 10:24:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: ERROR: handle_resolve_request bad interfaceIndex 23 Error: (09/27/2014 10:24:44 AM) (Source: Bonjour Service) (EventID: 100) (User: )Description: ERROR: handle_resolve_request bad interfaceIndex 22 CodeIntegrity Errors:=================================== Date: 2014-04-01 09:47:55.573 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\systemk\x64\sysapcrt.dll that did not meet the Windows signing level requirements. Date: 2014-04-01 09:47:55.445 Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume5\Program Files (x86)\Settings Manager\systemk\sysapcrt.dll that did not meet the Windows signing level requirements. ==================== Memory info =========================== Processor: AMD A8-5550M APU with Radeon HD Graphics Percentage of memory in use: 39%Total physical RAM: 3268.26 MBAvailable physical RAM: 1983.53 MBTotal Pagefile: 3908.26 MBAvailable Pagefile: 2131.43 MBTotal Virtual: 131072 MBAvailable Virtual: 131071.84 MB ==================== Drives ================================ Drive c: (Windows8_OS) (Fixed) (Total:891.81 GB) (Free:784.89 GB) NTFS ==>[system with boot components (obtained from reading drive)]Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:23.19 GB) NTFS ==================== MBR & Partition Table ================== ========================================================Disk: 0 (Size: 931.5 GB) (Disk ID: 6527829E) Partition: GPT Partition Type. ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
marinedog Posted September 29, 2014 Author ID:884609 Share Posted September 29, 2014 Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-09-2014 02Ran by rthain (administrator) on HEREWARD on 29-09-2014 19:47:00Running from C:\Users\rthain\DownloadsLoaded Profile: rthain (Available profiles: rthain)Platform: Windows 8.1 (X64) OS Language: English (United States)Internet Explorer Version 11Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe(AMD) C:\Windows\System32\atieclxx.exe(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe(Panasonic Corporation) C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe(Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Farbar) C:\Users\rthain\Downloads\FRST64 (1).exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2876816 2013-03-05] (ELAN Microelectronics Corp.)HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2013-06-10] (Lenovo (Beijing) Limited)HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2013-06-10] (Lenovo(beijing) Limited)HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [552960 2013-03-01] (Vimicro)HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642816 2013-04-25] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)HKLM-x32\...\Run: [intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)HKLM-x32\...\Run: [] => [X]HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087776 2014-08-26] (Wondershare)HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\570\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)HKU\S-1-5-21-2069769180-886861901-593725835-1002\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-08-14] (Apple Inc.)HKU\S-1-5-21-2069769180-886861901-593725835-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-08-08] (Apple Inc.)HKU\S-1-5-21-2069769180-886861901-593725835-1002\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnkShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 8.3 PE.lnkShortcutTarget: PHOTOfunSTUDIO 8.3 PE.lnk -> C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation)ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => No FileShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.comHKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.comHKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.comHKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.comSearchScopes: HKLM - {25A72053-8D57-4117-B3BC-CBFB4BDDECF9} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJSSearchScopes: HKLM-x32 - {25A72053-8D57-4117-B3BC-CBFB4BDDECF9} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJSSearchScopes: HKCU - URL http://search.conduit.com/Results.aspx?gd=&ctid=CT3324333&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=58&CUI=&UM=5&UP=SP634F1E17-EDB0-4D45-B5DC-DBAE9EA457B5&q={searchTerms}&SSPV=SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}SearchScopes: HKCU - {25A72053-8D57-4117-B3BC-CBFB4BDDECF9} URL = BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No FileDPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095} Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - No FileHandler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.1.254 FireFox:========FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @exent.com/npExentControl,version=7.1.0.1 -> C:\Program Files (x86)\FreeRide Games\npExentControl.dll (Exent Technologies Ltd.)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) Chrome: =======CHR HomePage: Default -> CHR DefaultSearchKeyword: Default -> google.co.ukCHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll ()CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll ()CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll No FileCHR Plugin: (ExentÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂî AOD Gecko Plugin) - C:\Program Files (x86)\FreeRide Games\npExentControl.dll (Exent Technologies Ltd.)CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No FileCHR Plugin: (Nitro PDF plugin for Firefox and Chrome) - C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll No FileCHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No FileCHR Profile: C:\Users\rthain\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Drive) - C:\Users\rthain\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-07]CHR Extension: (YouTube) - C:\Users\rthain\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-07]CHR Extension: (Google Search) - C:\Users\rthain\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-07]CHR Extension: (Google Wallet) - C:\Users\rthain\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-07]CHR Extension: (Gmail) - C:\Users\rthain\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-07]CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-04-25] (Advanced Micro Devices, Inc.) [File not signed]R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2428088 2014-08-12] (Microsoft Corporation)R2 HPSLPSVC; C:\Users\rthain\AppData\Local\Temp\7zS194E\hpslpsvc64.dll [1039360 2013-07-19] (Hewlett-Packard Co.) [File not signed]S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1674720 2013-09-25] ()R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [219360 2013-04-18] (AppEx Networks Corporation)R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [94208 2013-02-14] (Advanced Micro Devices)R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)R1 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [91352 2014-05-12] (Malwarebytes Corporation)R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-29] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1045248 2013-03-01] (Vimicro Corporation)R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)R2 X5XSEx_Pr148; C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.Sys [56136 2012-08-02] (Exent Technologies Ltd.)S3 CnxtHdAudService; \SystemRoot\system32\drivers\CHDRT64.sys [X]S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]S3 MREMP50; \??\C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [X]S3 MRESP50; \??\C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-29 19:46 - 2014-09-29 19:46 - 02108928 _____ (Farbar) C:\Users\rthain\Downloads\FRST64 (1).exe2014-09-29 18:40 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll2014-09-29 18:38 - 2014-09-29 19:07 - 00000000 ____D () C:\AdwCleaner2014-09-29 18:37 - 2014-09-29 18:38 - 01373475 _____ () C:\Users\rthain\Downloads\AdwCleaner.exe2014-09-28 14:24 - 2014-09-28 14:30 - 00000238 _____ () C:\Users\rthain\Downloads\Search.txt2014-09-28 14:14 - 2014-09-28 14:15 - 00025474 _____ () C:\Users\rthain\Downloads\Addition.txt2014-09-28 14:12 - 2014-09-29 19:47 - 00020034 _____ () C:\Users\rthain\Downloads\FRST.txt2014-09-28 14:10 - 2014-09-29 19:47 - 00000000 ____D () C:\FRST2014-09-28 14:10 - 2014-09-28 14:10 - 02108928 _____ (Farbar) C:\Users\rthain\Downloads\FRST64.exe2014-09-28 14:09 - 2014-09-28 14:10 - 01100288 _____ (Farbar) C:\Users\rthain\Downloads\FRST (2).exe2014-09-28 14:09 - 2014-09-28 14:09 - 01100288 _____ (Farbar) C:\Users\rthain\Downloads\FRST (1).exe2014-09-28 14:06 - 2014-09-28 14:06 - 01100288 _____ (Farbar) C:\Users\rthain\Downloads\FRST.exe2014-09-26 20:04 - 2014-09-26 20:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud2014-09-26 19:44 - 2014-09-26 19:44 - 00001806 _____ () C:\Users\Public\Desktop\iTunes.lnk2014-09-26 19:44 - 2014-09-26 19:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes2014-09-26 19:43 - 2014-09-26 19:43 - 00000000 ____D () C:\Program Files\iPod2014-09-26 19:42 - 2014-09-26 19:44 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692014-09-26 19:42 - 2014-09-26 19:44 - 00000000 ____D () C:\Program Files\iTunes2014-09-26 19:42 - 2014-09-26 19:44 - 00000000 ____D () C:\Program Files (x86)\iTunes2014-09-25 11:16 - 2014-09-25 11:16 - 00002535 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk2014-09-25 11:16 - 2014-09-25 11:16 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Apple2014-09-25 11:16 - 2014-09-25 11:16 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update2014-09-25 11:15 - 2014-09-25 11:15 - 00000000 ____D () C:\Program Files\Bonjour2014-09-25 11:15 - 2014-09-25 11:15 - 00000000 ____D () C:\Program Files (x86)\Bonjour2014-09-25 10:53 - 2014-09-25 10:53 - 17291904 _____ (Malwarebytes Corporation ) C:\Users\rthain\Downloads\mbam_premium (1).exe2014-09-24 17:34 - 2014-09-24 17:34 - 00011264 _____ () C:\Users\rthain\Downloads\HACS 2nd September 14.wps2014-09-19 13:28 - 2014-09-19 13:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype2014-09-15 16:49 - 2014-09-29 19:40 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys2014-09-15 16:49 - 2014-09-25 10:54 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-09-15 16:49 - 2014-09-25 10:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-09-15 16:49 - 2014-09-25 10:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-09-15 16:49 - 2014-09-15 16:49 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-09-15 16:49 - 2014-05-12 08:19 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys2014-09-15 16:49 - 2014-05-12 08:19 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys2014-09-15 16:49 - 2014-05-12 08:19 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys2014-09-15 15:42 - 2014-09-15 15:43 - 17291904 _____ (Malwarebytes Corporation ) C:\Users\rthain\Downloads\mbam_premium.exe2014-09-14 10:02 - 2014-08-23 08:48 - 02374784 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe2014-09-14 10:02 - 2014-08-23 08:13 - 02084520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe2014-09-14 10:02 - 2014-08-23 07:10 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll2014-09-14 10:02 - 2014-08-23 06:32 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll2014-09-14 10:02 - 2014-08-23 05:44 - 02860032 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll2014-09-14 10:02 - 2014-08-23 05:34 - 13423104 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll2014-09-14 10:02 - 2014-08-23 05:33 - 00796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll2014-09-14 10:02 - 2014-08-23 05:31 - 01038336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll2014-09-14 10:02 - 2014-08-23 05:20 - 11818496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll2014-09-14 10:02 - 2014-07-30 02:56 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll2014-09-14 10:02 - 2014-07-29 06:22 - 00205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcpmon.dll2014-09-14 10:01 - 2014-07-24 16:28 - 00468288 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS2014-09-14 10:01 - 2014-07-24 16:28 - 00419648 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys2014-09-14 10:01 - 2014-07-24 16:28 - 00412992 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys2014-09-14 10:01 - 2014-07-24 16:28 - 00143680 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys2014-09-14 10:01 - 2014-07-24 16:23 - 01519488 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll2014-09-14 10:01 - 2014-07-24 16:20 - 21266336 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll2014-09-14 10:01 - 2014-07-24 16:20 - 00645592 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll2014-09-14 10:01 - 2014-07-24 16:16 - 02574208 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL2014-09-14 10:01 - 2014-07-24 16:16 - 00211216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVol.exe2014-09-14 10:01 - 2014-07-24 16:07 - 07424320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe2014-09-14 10:01 - 2014-07-24 16:07 - 02009920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys2014-09-14 10:01 - 2014-07-24 16:05 - 01660048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi2014-09-14 10:01 - 2014-07-24 16:05 - 01519560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe2014-09-14 10:01 - 2014-07-24 16:05 - 01488008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi2014-09-14 10:01 - 2014-07-24 16:05 - 01356840 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe2014-09-14 10:01 - 2014-07-24 16:03 - 02141920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll2014-09-14 10:01 - 2014-07-24 16:03 - 00882136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll2014-09-14 10:01 - 2014-07-24 16:03 - 00818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll2014-09-14 10:01 - 2014-07-24 16:03 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll2014-09-14 10:01 - 2014-07-24 16:03 - 00205512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll2014-09-14 10:01 - 2014-07-24 15:57 - 02515264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys2014-09-14 10:01 - 2014-07-24 15:57 - 00475968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys2014-09-14 10:01 - 2014-07-24 14:48 - 02410976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL2014-09-14 10:01 - 2014-07-24 14:46 - 18760328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll2014-09-14 10:01 - 2014-07-24 14:46 - 00477200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll2014-09-14 10:01 - 2014-07-24 14:36 - 02145472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll2014-09-14 10:01 - 2014-07-24 14:36 - 00707536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll2014-09-14 10:01 - 2014-07-24 14:36 - 00674512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll2014-09-14 10:01 - 2014-07-24 14:36 - 00355800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll2014-09-14 10:01 - 2014-07-24 14:36 - 00180720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll2014-09-14 10:01 - 2014-07-24 12:44 - 00674816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys2014-09-14 10:01 - 2014-07-24 12:43 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys2014-09-14 10:01 - 2014-07-24 12:42 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys2014-09-14 10:01 - 2014-07-24 12:05 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll2014-09-14 10:01 - 2014-07-24 12:05 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll2014-09-14 10:01 - 2014-07-24 11:49 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersGPExt.dll2014-09-14 10:01 - 2014-07-24 11:20 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll2014-09-14 10:01 - 2014-07-24 11:10 - 01844224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll2014-09-14 10:01 - 2014-07-24 11:10 - 00834560 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe2014-09-14 10:01 - 2014-07-24 11:10 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll2014-09-14 10:01 - 2014-07-24 11:09 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll2014-09-14 10:01 - 2014-07-24 11:06 - 00438272 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll2014-09-14 10:01 - 2014-07-24 10:52 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll2014-09-14 10:01 - 2014-07-24 10:44 - 16874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll2014-09-14 10:01 - 2014-07-24 10:39 - 00770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll2014-09-14 10:01 - 2014-07-24 10:33 - 01741824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll2014-09-14 10:01 - 2014-07-24 10:24 - 01817088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll2014-09-14 10:01 - 2014-07-24 10:23 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll2014-09-14 10:01 - 2014-07-24 10:16 - 12730880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll2014-09-14 10:01 - 2014-07-24 10:12 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll2014-09-14 10:01 - 2014-07-24 10:11 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\conhost.exe2014-09-14 10:01 - 2014-07-24 10:10 - 00540672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll2014-09-14 10:01 - 2014-07-24 10:03 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll2014-09-14 10:01 - 2014-07-24 10:02 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll2014-09-14 10:01 - 2014-07-24 09:53 - 01261056 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll2014-09-14 10:01 - 2014-07-24 09:53 - 00449536 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll2014-09-14 10:01 - 2014-07-24 09:49 - 01287680 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll2014-09-14 10:01 - 2014-07-24 09:39 - 02397184 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll2014-09-14 10:01 - 2014-07-24 09:38 - 00371200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll2014-09-14 10:01 - 2014-07-24 09:32 - 01532416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll2014-09-14 10:01 - 2014-07-24 09:29 - 00439296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll2014-09-14 10:01 - 2014-07-24 09:27 - 00907776 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll2014-09-14 10:01 - 2014-07-24 09:23 - 01404416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll2014-09-14 10:01 - 2014-07-24 09:22 - 00487936 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv2014-09-14 10:01 - 2014-07-24 09:21 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll2014-09-14 10:01 - 2014-07-24 09:21 - 00302080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll2014-09-14 10:01 - 2014-07-24 09:19 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll2014-09-14 10:01 - 2014-07-24 09:18 - 00795136 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe2014-09-14 10:01 - 2014-07-24 09:16 - 00505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\VAN.dll2014-09-14 10:01 - 2014-07-24 09:16 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll2014-09-14 10:01 - 2014-07-24 09:15 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll2014-09-14 10:01 - 2014-07-24 09:10 - 01029632 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll2014-09-14 10:01 - 2014-07-24 09:10 - 00889344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll2014-09-14 10:01 - 2014-07-24 09:10 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll2014-09-14 10:01 - 2014-07-24 09:10 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv2014-09-14 10:01 - 2014-07-24 09:02 - 03465216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll2014-09-14 10:01 - 2014-07-24 09:01 - 05833216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll2014-09-14 10:01 - 2014-07-24 09:01 - 01992192 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll2014-09-14 10:01 - 2014-07-24 08:50 - 01182208 _____ (Microsoft Corporation) C:\WINDOWS\system32\printui.dll2014-09-14 10:01 - 2014-07-24 08:47 - 00576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll2014-09-14 10:01 - 2014-07-24 08:46 - 08652800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll2014-09-14 10:01 - 2014-07-24 08:44 - 01057792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\printui.dll2014-09-14 10:01 - 2014-07-24 08:43 - 02696704 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll2014-09-14 10:01 - 2014-07-24 08:39 - 02642944 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll2014-09-14 10:01 - 2014-07-24 08:38 - 06649344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll2014-09-14 10:01 - 2014-07-24 08:38 - 05777408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll2014-09-14 10:01 - 2014-07-24 08:33 - 03360768 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll2014-09-14 10:01 - 2014-07-24 08:30 - 02318336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll2014-09-14 10:01 - 2014-07-24 08:28 - 01600000 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll2014-09-14 10:01 - 2014-07-24 05:11 - 00513544 _____ () C:\WINDOWS\SysWOW64\locale.nls2014-09-14 10:01 - 2014-07-24 05:11 - 00513544 _____ () C:\WINDOWS\system32\locale.nls2014-09-14 10:01 - 2014-07-12 06:55 - 00268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll2014-09-14 10:01 - 2014-07-12 05:58 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll2014-09-14 10:01 - 2014-07-12 05:13 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll2014-09-14 10:01 - 2014-07-04 11:29 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSip.dll2014-09-14 10:01 - 2014-07-04 10:30 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll2014-09-14 10:01 - 2014-07-04 10:27 - 00474112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll2014-09-14 10:01 - 2014-06-27 07:22 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys2014-09-14 10:01 - 2014-06-26 01:32 - 01029632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll2014-09-14 10:01 - 2014-06-19 03:13 - 00310080 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys2014-09-14 10:01 - 2014-06-14 07:03 - 02389504 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll2014-09-14 10:01 - 2014-06-14 06:46 - 02071552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll2014-09-14 10:01 - 2014-06-05 11:18 - 01018368 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll2014-09-14 10:01 - 2014-06-05 10:42 - 00889856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll2014-09-14 10:01 - 2014-05-31 06:00 - 01463808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll2014-09-14 10:01 - 2014-05-29 07:23 - 00427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll2014-09-14 10:01 - 2014-05-29 06:25 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll2014-09-14 10:01 - 2014-05-06 05:41 - 00486744 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll2014-09-14 10:01 - 2014-05-06 01:55 - 00391000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll2014-09-14 10:01 - 2014-03-25 03:27 - 00160600 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmmbase.dll2014-09-14 10:01 - 2014-03-25 02:20 - 00127544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmmbase.dll2014-09-14 10:00 - 2014-07-24 16:28 - 00280384 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys2014-09-14 10:00 - 2014-07-24 16:25 - 00054752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe2014-09-14 10:00 - 2014-07-24 16:23 - 00125472 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll2014-09-14 10:00 - 2014-07-24 16:20 - 00263400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe2014-09-14 10:00 - 2014-07-24 16:03 - 00233888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll2014-09-14 10:00 - 2014-07-24 14:50 - 00098048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll2014-09-14 10:00 - 2014-07-24 14:48 - 00180208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVol.exe2014-09-14 10:00 - 2014-07-24 12:51 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRUM.DLL2014-09-14 10:00 - 2014-07-24 12:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDYAK.DLL2014-09-14 10:00 - 2014-07-24 12:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTT102.DLL2014-09-14 10:00 - 2014-07-24 12:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTAT.DLL2014-09-14 10:00 - 2014-07-24 12:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRU1.DLL2014-09-14 10:00 - 2014-07-24 12:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDBASH.DLL2014-09-14 10:00 - 2014-07-24 12:51 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRU.DLL2014-09-14 10:00 - 2014-07-24 12:47 - 00132608 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll2014-09-14 10:00 - 2014-07-24 12:46 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\IPMIDrv.sys2014-09-14 10:00 - 2014-07-24 12:45 - 00076800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys2014-09-14 10:00 - 2014-07-24 12:42 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\NdisImPlatform.sys2014-09-14 10:00 - 2014-07-24 12:41 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys2014-09-14 10:00 - 2014-07-24 12:33 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll2014-09-14 10:00 - 2014-07-24 12:33 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll2014-09-14 10:00 - 2014-07-24 12:22 - 00308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll2014-09-14 10:00 - 2014-07-24 12:06 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasnap.dll2014-09-14 10:00 - 2014-07-24 11:52 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDYAK.DLL2014-09-14 10:00 - 2014-07-24 11:52 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDTT102.DLL2014-09-14 10:00 - 2014-07-24 11:52 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDTAT.DLL2014-09-14 10:00 - 2014-07-24 11:51 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRUM.DLL2014-09-14 10:00 - 2014-07-24 11:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRU1.DLL2014-09-14 10:00 - 2014-07-24 11:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDBASH.DLL2014-09-14 10:00 - 2014-07-24 11:51 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRU.DLL2014-09-14 10:00 - 2014-07-24 11:33 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll2014-09-14 10:00 - 2014-07-24 11:32 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\powercfg.cpl2014-09-14 10:00 - 2014-07-24 11:18 - 01089024 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpedit.dll2014-09-14 10:00 - 2014-07-24 11:12 - 00878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll2014-09-14 10:00 - 2014-07-24 11:10 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasnap.dll2014-09-14 10:00 - 2014-07-24 11:05 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll2014-09-14 10:00 - 2014-07-24 10:53 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll2014-09-14 10:00 - 2014-07-24 10:42 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\powercfg.cpl2014-09-14 10:00 - 2014-07-24 10:40 - 00557056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintDialogs.dll2014-09-14 10:00 - 2014-07-24 10:32 - 01048064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpedit.dll2014-09-14 10:00 - 2014-07-24 10:27 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll2014-09-14 10:00 - 2014-07-24 10:27 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe2014-09-14 10:00 - 2014-07-24 10:25 - 00832512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenter.dll2014-09-14 10:00 - 2014-07-24 10:21 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll2014-09-14 10:00 - 2014-07-24 10:18 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll2014-09-14 10:00 - 2014-07-24 10:14 - 00443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll2014-09-14 10:00 - 2014-07-24 10:13 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prnntfy.dll2014-09-14 10:00 - 2014-07-24 10:11 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll2014-09-14 10:00 - 2014-07-24 10:09 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll2014-09-14 10:00 - 2014-07-24 10:04 - 00492032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintDialogs.dll2014-09-14 10:00 - 2014-07-24 10:04 - 00183808 _____ (Microsoft Corp.) C:\WINDOWS\system32\Defrag.exe2014-09-14 10:00 - 2014-07-24 09:58 - 00105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll2014-09-14 10:00 - 2014-07-24 09:49 - 01361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll2014-09-14 10:00 - 2014-07-24 09:49 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll2014-09-14 10:00 - 2014-07-24 09:49 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll2014-09-14 10:00 - 2014-07-24 09:48 - 00659968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll2014-09-14 10:00 - 2014-07-24 09:47 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll2014-09-14 10:00 - 2014-07-24 09:43 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll2014-09-14 10:00 - 2014-07-24 09:36 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll2014-09-14 10:00 - 2014-07-24 09:30 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll2014-09-14 10:00 - 2014-07-24 09:28 - 00595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll2014-09-14 10:00 - 2014-07-24 09:24 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll2014-09-14 10:00 - 2014-07-24 09:20 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll2014-09-14 10:00 - 2014-07-24 09:18 - 01144320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll2014-09-14 10:00 - 2014-07-24 09:18 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll2014-09-14 10:00 - 2014-07-24 09:15 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll2014-09-14 10:00 - 2014-07-24 09:15 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll2014-09-14 10:00 - 2014-07-24 09:13 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll2014-09-14 10:00 - 2014-07-24 09:12 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll2014-09-14 10:00 - 2014-07-24 09:08 - 00321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll2014-09-14 10:00 - 2014-07-24 09:08 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll2014-09-14 10:00 - 2014-07-24 09:07 - 01705472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll2014-09-14 10:00 - 2014-07-24 09:06 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll2014-09-14 10:00 - 2014-07-24 09:05 - 00448000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VAN.dll2014-09-14 10:00 - 2014-07-24 09:04 - 00667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll2014-09-14 10:00 - 2014-07-24 09:01 - 01126912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll2014-09-14 10:00 - 2014-07-24 09:00 - 02100736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll2014-09-14 10:00 - 2014-07-24 08:58 - 00432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll2014-09-14 10:00 - 2014-07-24 08:58 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll2014-09-14 10:00 - 2014-07-24 08:54 - 01290752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll2014-09-14 10:00 - 2014-07-24 08:50 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll2014-09-14 10:00 - 2014-07-24 08:49 - 00263680 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll2014-09-14 10:00 - 2014-07-24 08:43 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll2014-09-14 10:00 - 2014-07-24 08:43 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll2014-09-14 10:00 - 2014-07-24 08:41 - 00459264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll2014-09-14 10:00 - 2014-07-12 06:23 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll2014-09-14 10:00 - 2014-07-12 05:33 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll2014-09-14 10:00 - 2014-07-10 00:19 - 00387391 _____ () C:\WINDOWS\system32\ApnDatabase.xml2014-09-14 10:00 - 2014-07-04 13:59 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys2014-09-14 10:00 - 2014-07-04 11:20 - 01656832 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll2014-09-14 10:00 - 2014-07-04 11:06 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxSip.dll2014-09-14 10:00 - 2014-07-04 11:00 - 01351168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll2014-09-14 10:00 - 2014-06-26 01:29 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll2014-09-14 10:00 - 2014-06-20 00:37 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys2014-09-14 10:00 - 2014-06-07 13:46 - 00216368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll2014-09-14 10:00 - 2014-06-07 11:20 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll2014-09-14 10:00 - 2014-06-05 15:00 - 01118040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys2014-09-14 10:00 - 2014-05-31 05:18 - 01319936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll2014-09-14 10:00 - 2014-05-29 06:20 - 00427520 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll2014-09-14 10:00 - 2014-05-29 05:36 - 00344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll2014-09-14 10:00 - 2014-05-26 08:26 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll2014-09-14 10:00 - 2014-05-10 11:12 - 00387896 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll2014-09-14 10:00 - 2014-05-10 09:46 - 00335680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll2014-09-14 10:00 - 2014-03-25 03:27 - 00123920 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmm.dll2014-09-14 10:00 - 2014-03-25 02:20 - 00128568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmm.dll2014-09-14 09:52 - 2014-08-15 01:36 - 00146752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpioclx.sys2014-09-10 21:53 - 2014-08-16 02:56 - 00547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll2014-09-10 21:53 - 2014-08-16 02:54 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll2014-09-10 21:53 - 2014-08-16 02:43 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll2014-09-10 21:53 - 2014-08-16 02:32 - 00446464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll2014-09-10 21:53 - 2014-08-16 02:25 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll2014-09-10 21:53 - 2014-08-16 02:22 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll2014-09-10 21:53 - 2014-08-16 02:20 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll2014-09-10 21:53 - 2014-08-16 02:19 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll2014-09-10 21:53 - 2014-08-16 02:18 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll2014-09-10 21:53 - 2014-08-16 02:06 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll2014-09-10 21:53 - 2014-08-16 02:05 - 00727040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll2014-09-10 21:53 - 2014-08-16 02:05 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe2014-09-10 21:53 - 2014-08-16 02:03 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll2014-09-10 21:53 - 2014-08-16 01:53 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll2014-09-10 21:53 - 2014-08-16 01:53 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll2014-09-10 21:52 - 2014-08-16 03:40 - 23591424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll2014-09-10 21:52 - 2014-08-16 03:04 - 17455104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll2014-09-10 21:52 - 2014-08-16 03:00 - 05833728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll2014-09-10 21:52 - 2014-08-16 03:00 - 02793984 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll2014-09-10 21:52 - 2014-08-16 02:45 - 04232704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll2014-09-10 21:52 - 2014-08-16 02:18 - 02185728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll2014-09-10 21:52 - 2014-08-16 02:11 - 00597504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll2014-09-10 21:52 - 2014-08-16 02:03 - 02104832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl2014-09-10 21:52 - 2014-08-16 01:58 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll2014-09-10 21:52 - 2014-08-16 01:56 - 02310656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll2014-09-10 21:52 - 2014-08-16 01:53 - 13588480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll2014-09-10 21:52 - 2014-08-16 01:51 - 11769856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll2014-09-10 21:52 - 2014-08-16 01:45 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll2014-09-10 21:52 - 2014-08-16 01:44 - 02014208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl2014-09-10 21:52 - 2014-08-16 01:44 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll2014-09-10 21:52 - 2014-08-16 01:34 - 01447424 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll2014-09-10 21:52 - 2014-08-16 01:20 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll2014-09-10 21:52 - 2014-08-16 01:18 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll2014-09-10 21:52 - 2014-08-16 01:14 - 01190400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll2014-09-10 21:52 - 2014-08-16 01:12 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll2014-09-10 17:44 - 2014-08-02 01:18 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll2014-09-10 17:43 - 2014-09-05 03:36 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll2014-09-10 17:43 - 2014-09-05 03:31 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll2014-09-10 17:43 - 2014-09-05 01:48 - 00738816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll2014-09-10 17:43 - 2014-07-24 04:20 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll2014-09-10 17:43 - 2014-07-24 04:20 - 00869544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll2014-09-08 12:45 - 2014-09-08 12:45 - 00000000 ____D () C:\ProgramData\Wondershare2014-09-08 12:38 - 2014-09-08 12:38 - 00000000 ____D () C:\Users\rthain\AppData\Local\Wondershare ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-29 19:46 - 2013-11-05 12:21 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2069769180-886861901-593725835-10022014-09-29 19:42 - 2014-02-13 11:35 - 01960314 _____ () C:\WINDOWS\WindowsUpdate.log2014-09-29 19:42 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness2014-09-29 19:41 - 2014-08-01 12:08 - 00004978 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for HEREWARD-rthain Hereward2014-09-29 19:40 - 2014-01-19 12:00 - 00000000 ____D () C:\Users\rthain\AppData\Roaming\Skype2014-09-29 19:40 - 2013-11-07 12:57 - 00000908 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job2014-09-29 19:39 - 2014-03-27 11:35 - 00152114 _____ () C:\WINDOWS\PFRO.log2014-09-29 19:39 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT2014-09-29 19:38 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI2014-09-29 19:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru2014-09-29 18:37 - 2013-11-07 12:57 - 00000912 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job2014-09-26 19:38 - 2014-04-14 10:36 - 00007263 _____ () C:\WINDOWS\setupact.log2014-09-25 11:43 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp2014-09-25 11:16 - 2014-08-25 11:31 - 00000000 ____D () C:\Program Files\Common Files\Apple2014-09-25 11:15 - 2014-04-14 18:42 - 00000000 ____D () C:\ProgramData\Apple2014-09-25 10:09 - 2014-04-05 15:15 - 00000000 ____D () C:\Program Files\Microsoft Office 152014-09-23 10:34 - 2014-01-27 17:45 - 00000000 ____D () C:\Users\rthain2014-09-23 10:19 - 2013-11-05 12:12 - 00000000 ____D () C:\Users\rthain\AppData\Local\Packages2014-09-22 07:42 - 2014-01-31 16:01 - 00278152 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe2014-09-19 13:28 - 2014-07-21 10:37 - 00002531 _____ () C:\Users\Public\Desktop\Skype.lnk2014-09-19 13:28 - 2014-07-21 10:37 - 00000000 ___RD () C:\Program Files (x86)\Skype2014-09-19 13:28 - 2014-01-19 11:59 - 00000000 ____D () C:\ProgramData\Skype2014-09-17 16:55 - 2014-01-10 03:51 - 00000000 ____D () C:\Users\rthain\Documents\HACS2014-09-17 16:06 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache2014-09-16 12:28 - 2013-11-14 08:28 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI2014-09-15 16:44 - 2013-08-22 15:44 - 00371864 _____ () C:\WINDOWS\system32\FNTCACHE.DAT2014-09-15 15:28 - 2013-11-14 08:17 - 00000000 ____D () C:\Program Files\Windows Journal2014-09-15 15:28 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData2014-09-15 15:28 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel2014-09-15 15:28 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility2014-09-15 15:28 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility2014-09-15 15:28 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\WinStore2014-09-15 15:28 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\setup2014-09-15 15:28 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\InputMethod2014-09-15 15:28 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\setup2014-09-15 15:28 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\oobe2014-09-15 15:26 - 2014-03-28 10:57 - 00000000 ____D () C:\Users\rthain\AppData\Local\AdFender2014-09-10 22:25 - 2014-07-10 11:16 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel2014-09-10 21:54 - 2014-06-13 13:28 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll2014-09-10 21:54 - 2014-06-13 13:28 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll2014-09-10 21:53 - 2014-06-13 13:28 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll2014-09-10 21:53 - 2014-06-13 13:28 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe2014-09-10 21:53 - 2014-06-13 13:28 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe2014-09-10 21:53 - 2014-06-13 13:28 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe2014-09-10 21:53 - 2014-06-13 13:28 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll2014-09-10 21:53 - 2014-06-13 13:28 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll2014-09-10 21:53 - 2014-06-13 13:28 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll2014-09-10 21:53 - 2014-06-13 13:28 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll2014-09-10 21:53 - 2014-06-13 13:28 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll2014-09-10 21:53 - 2014-06-13 13:28 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll2014-09-10 21:53 - 2014-06-12 10:27 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll2014-09-10 21:53 - 2014-06-12 10:27 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll2014-09-10 21:53 - 2014-05-03 09:24 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb2014-09-10 21:53 - 2014-05-03 09:24 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb2014-09-10 21:52 - 2013-11-18 03:59 - 00000000 ____D () C:\WINDOWS\system32\MRT2014-09-10 21:43 - 2013-11-18 03:59 - 101694776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe2014-09-08 15:41 - 2014-04-14 11:12 - 00000000 ____D () C:\PFS8.3 PE_TMP2014-09-07 14:27 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Registration2014-09-07 11:47 - 2013-11-07 11:01 - 00000000 ____D () C:\ldiag2014-09-06 14:46 - 2014-01-31 12:33 - 00000000 ____D () C:\Users\rthain\Documents\My Scans2014-09-05 14:39 - 2013-06-10 07:29 - 00000000 ____D () C:\ProgramData\Adobe2014-09-05 14:39 - 2013-06-10 07:29 - 00000000 ____D () C:\Program Files (x86)\Adobe2014-09-04 14:28 - 2014-04-26 10:55 - 00000000 ____D () C:\ProgramData\874cfb7b7dee04e92014-09-04 14:05 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\addins2014-09-02 21:06 - 2014-08-13 22:33 - 00706016 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe2014-09-02 21:06 - 2014-08-13 22:33 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl Some content of TEMP:====================C:\Users\rthain\AppData\Local\Temp\BackupSetup.exeC:\Users\rthain\AppData\Local\Temp\KUIU.EXEC:\Users\rthain\AppData\Local\Temp\Quarantine.exeC:\Users\rthain\AppData\Local\Temp\SettingsManagerSetup.exeC:\Users\rthain\AppData\Local\Temp\SHSetup.exeC:\Users\rthain\AppData\Local\Temp\vcredist_x64.exeC:\Users\rthain\AppData\Local\Temp\_is3897.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-26 20:42 ==================== End Of Log ============================ Link to post Share on other sites More sharing options...
deeprybka Posted September 29, 2014 ID:884632 Share Posted September 29, 2014 Hi,how is your computer running after the following fix?Which problems or symptoms are still present?Step 1Press the + R on your keyboard at the same time. Type notepad and click OK.Copy the entire content of the codebox below and paste into the notepad document:Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - No FileHKLM-x32\...\Run: [] => [X]ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => No FileSearchScopes: HKCU - URL http://search.condui...rchTerms}&SSPV=SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.searc...x={searchTerms}SearchScopes: HKCU - {25A72053-8D57-4117-B3BC-CBFB4BDDECF9} URL =Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No FileHandler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - No FileCHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No FileCHR Plugin: (Nitro PDF plugin for Firefox and Chrome) - C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll No FileCHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll No FileCHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTIONS3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]EmptyTemp:Click File, Save As and type fixlist.txt as the File Name.Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!Right-click on icon and select Run as Administrator to start the tool.(XP users click run after receipt of Windows Security Warning - Open File).Press the Fix button just once and wait.If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.When finished FRST will generate a log on the Desktop, called Fixlog.txt.Please post it to your reply.After Reboot:Step 2Start FRST with administator privileges.Press the Scan button.When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.Please copy and paste the log in your next reply. Link to post Share on other sites More sharing options...
marinedog Posted September 30, 2014 Author ID:884868 Share Posted September 30, 2014 Sorry, FRST64 is showing in downloads - where else should it be located and how do I get them in the same location? Link to post Share on other sites More sharing options...
deeprybka Posted September 30, 2014 ID:884932 Share Posted September 30, 2014 Hi, please save the fixlist.txt also in the downloads directory and run the fix. Link to post Share on other sites More sharing options...
marinedog Posted October 1, 2014 Author ID:885317 Share Posted October 1, 2014 As you may have guessed i am now way out of my depth here. I think this is what you need but basically I am now at the point of cutting and pasting whatever seems to be appropriate. I will run the scan and then hopefully will be able to find those reports and send them. Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-09-2014 02Ran by rthain (administrator) on HEREWARD on 29-09-2014 19:47:00Running from C:\Users\rthain\DownloadsLoaded Profile: rthain (Available profiles: rthain)Platform: Windows 8.1 (X64) OS Language: English (United States)Internet Explorer Version 11Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe(AMD) C:\Windows\System32\atieclxx.exe(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.23.9\GoogleCrashHandler64.exe(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe(Panasonic Corporation) C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe(Vimicro) C:\Program Files (x86)\USB Camera\VM331STI.EXE(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe(Intel Corporation) C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\MSOSYNC.EXE(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Farbar) C:\Users\rthain\Downloads\FRST64 (1).exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2876816 2013-03-05] (ELAN Microelectronics Corp.)HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2013-06-10] (Lenovo (Beijing) Limited)HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2013-06-10] (Lenovo(beijing) Limited)HKLM-x32\...\Run: [331BigDog] => C:\Program Files (x86)\USB Camera\VM331STI.EXE [552960 2013-03-01] (Vimicro)HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642816 2013-04-25] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-29] (CyberLink Corp.)HKLM-x32\...\Run: [intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2010-06-09] (Hewlett-Packard)HKLM-x32\...\Run: [] => [X]HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [2087776 2014-08-26] (Wondershare)HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)Winlogon\Notify\GoToAssist: C:\Program Files (x86)\Citrix\GoToAssist\570\G2AWinLogon_x64.dll (Citrix Online, a division of Citrix Systems, Inc.)HKU\S-1-5-21-2069769180-886861901-593725835-1002\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-08-14] (Apple Inc.)HKU\S-1-5-21-2069769180-886861901-593725835-1002\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-08-08] (Apple Inc.)HKU\S-1-5-21-2069769180-886861901-593725835-1002\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22041192 2014-08-27] (Skype Technologies S.A.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnkShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 8.3 PE.lnkShortcutTarget: PHOTOfunSTUDIO 8.3 PE.lnk -> C:\Program Files (x86)\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe (Panasonic Corporation)ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => No FileShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.comHKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.comHKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.comHKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.comSearchScopes: HKLM - {25A72053-8D57-4117-B3BC-CBFB4BDDECF9} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJSSearchScopes: HKLM-x32 - {25A72053-8D57-4117-B3BC-CBFB4BDDECF9} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJSSearchScopes: HKCU - URL http://search.conduit.com/Results.aspx?gd=&ctid=CT3324333&octid=EB_ORIGINAL_CTID&ISID=ISID_ID&SearchSource=58&CUI=&UM=5&UP=SP634F1E17-EDB0-4D45-B5DC-DBAE9EA457B5&q={searchTerms}&SSPV=SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}SearchScopes: HKCU - {25A72053-8D57-4117-B3BC-CBFB4BDDECF9} URL = BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No FileDPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095} Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - No FileHandler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.1.254 FireFox:========FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @exent.com/npExentControl,version=7.1.0.1 -> C:\Program Files (x86)\FreeRide Games\npExentControl.dll (Exent Technologies Ltd.)FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.) Chrome: =======CHR HomePage: Default -> CHR DefaultSearchKeyword: Default -> google.co.ukCHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter}CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\PepperFlash\pepflashplayer.dll ()CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\pdf.dll ()CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll No FileCHR Plugin: (ExentÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂÃÂî AOD Gecko Plugin) - C:\Program Files (x86)\FreeRide Games\npExentControl.dll (Exent Technologies Ltd.)CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No FileCHR Plugin: (Nitro PDF plugin for Firefox and Chrome) - C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll No FileCHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)CHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No FileCHR Profile: C:\Users\rthain\AppData\Local\Google\Chrome\User Data\DefaultCHR Extension: (Google Drive) - C:\Users\rthain\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-11-07]CHR Extension: (YouTube) - C:\Users\rthain\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-11-07]CHR Extension: (Google Search) - C:\Users\rthain\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-11-07]CHR Extension: (Google Wallet) - C:\Users\rthain\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-07]CHR Extension: (Gmail) - C:\Users\rthain\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-11-07]CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2013-04-25] (Advanced Micro Devices, Inc.) [File not signed]R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2428088 2014-08-12] (Microsoft Corporation)R2 HPSLPSVC; C:\Users\rthain\AppData\Local\Temp\7zS194E\hpslpsvc64.dll [1039360 2013-07-19] (Hewlett-Packard Co.) [File not signed]S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-22] (Microsoft Corporation)S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [1674720 2013-09-25] ()R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-22] (Microsoft Corporation)S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-22] (Microsoft Corporation)R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [219360 2013-04-18] (AppEx Networks Corporation)R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [94208 2013-02-14] (Advanced Micro Devices)R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [8536752 2013-07-01] (Broadcom Corporation)S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)R1 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [91352 2014-05-12] (Malwarebytes Corporation)R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [122584 2014-09-29] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)R3 vm331avs; C:\Windows\System32\Drivers\vm331avs.sys [1045248 2013-03-01] (Vimicro Corporation)R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)R2 X5XSEx_Pr148; C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.Sys [56136 2012-08-02] (Exent Technologies Ltd.)S3 CnxtHdAudService; \SystemRoot\system32\drivers\CHDRT64.sys [X]S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]S3 MREMP50; \??\C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [X]S3 MRESP50; \??\C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-29 19:46 - 2014-09-29 19:46 - 02108928 _____ (Farbar) C:\Users\rthain\Downloads\FRST64 (1).exe2014-09-29 18:40 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll2014-09-29 18:38 - 2014-09-29 19:07 - 00000000 ____D () C:\AdwCleaner2014-09-29 18:37 - 2014-09-29 18:38 - 01373475 _____ () C:\Users\rthain\Downloads\AdwCleaner.exe2014-09-28 14:24 - 2014-09-28 14:30 - 00000238 _____ () C:\Users\rthain\Downloads\Search.txt2014-09-28 14:14 - 2014-09-28 14:15 - 00025474 _____ () C:\Users\rthain\Downloads\Addition.txt2014-09-28 14:12 - 2014-09-29 19:47 - 00020034 _____ () C:\Users\rthain\Downloads\FRST.txt2014-09-28 14:10 - 2014-09-29 19:47 - 00000000 ____D () C:\FRST2014-09-28 14:10 - 2014-09-28 14:10 - 02108928 _____ (Farbar) C:\Users\rthain\Downloads\FRST64.exe2014-09-28 14:09 - 2014-09-28 14:10 - 01100288 _____ (Farbar) C:\Users\rthain\Downloads\FRST (2).exe2014-09-28 14:09 - 2014-09-28 14:09 - 01100288 _____ (Farbar) C:\Users\rthain\Downloads\FRST (1).exe2014-09-28 14:06 - 2014-09-28 14:06 - 01100288 _____ (Farbar) C:\Users\rthain\Downloads\FRST.exe2014-09-26 20:04 - 2014-09-26 20:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud2014-09-26 19:44 - 2014-09-26 19:44 - 00001806 _____ () C:\Users\Public\Desktop\iTunes.lnk2014-09-26 19:44 - 2014-09-26 19:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes2014-09-26 19:43 - 2014-09-26 19:43 - 00000000 ____D () C:\Program Files\iPod2014-09-26 19:42 - 2014-09-26 19:44 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692014-09-26 19:42 - 2014-09-26 19:44 - 00000000 ____D () C:\Program Files\iTunes2014-09-26 19:42 - 2014-09-26 19:44 - 00000000 ____D () C:\Program Files (x86)\iTunes2014-09-25 11:16 - 2014-09-25 11:16 - 00002535 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk2014-09-25 11:16 - 2014-09-25 11:16 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Apple2014-09-25 11:16 - 2014-09-25 11:16 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update2014-09-25 11:15 - 2014-09-25 11:15 - 00000000 ____D () C:\Program Files\Bonjour2014-09-25 11:15 - 2014-09-25 11:15 - 00000000 ____D () C:\Program Files (x86)\Bonjour2014-09-25 10:53 - 2014-09-25 10:53 - 17291904 _____ (Malwarebytes Corporation ) C:\Users\rthain\Downloads\mbam_premium (1).exe2014-09-24 17:34 - 2014-09-24 17:34 - 00011264 _____ () C:\Users\rthain\Downloads\HACS 2nd September 14.wps2014-09-19 13:28 - 2014-09-19 13:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype2014-09-15 16:49 - 2014-09-29 19:40 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys2014-09-15 16:49 - 2014-09-25 10:54 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2014-09-15 16:49 - 2014-09-25 10:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2014-09-15 16:49 - 2014-09-25 10:54 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2014-09-15 16:49 - 2014-09-15 16:49 - 00000000 ____D () C:\ProgramData\Malwarebytes2014-09-15 16:49 - 2014-05-12 08:19 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys2014-09-15 16:49 - 2014-05-12 08:19 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys2014-09-15 16:49 - 2014-05-12 08:19 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys2014-09-15 15:42 - 2014-09-15 15:43 - 17291904 _____ (Malwarebytes Corporation ) C:\Users\rthain\Downloads\mbam_premium.exe2014-09-14 10:02 - 2014-08-23 08:48 - 02374784 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe2014-09-14 10:02 - 2014-08-23 08:13 - 02084520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe2014-09-14 10:02 - 2014-08-23 07:10 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll2014-09-14 10:02 - 2014-08-23 06:32 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll2014-09-14 10:02 - 2014-08-23 05:44 - 02860032 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll2014-09-14 10:02 - 2014-08-23 05:34 - 13423104 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll2014-09-14 10:02 - 2014-08-23 05:33 - 00796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll2014-09-14 10:02 - 2014-08-23 05:31 - 01038336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll2014-09-14 10:02 - 2014-08-23 05:20 - 11818496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll2014-09-14 10:02 - 2014-07-30 02:56 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll2014-09-14 10:02 - 2014-07-29 06:22 - 00205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcpmon.dll2014-09-14 10:01 - 2014-07-24 16:28 - 00468288 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS2014-09-14 10:01 - 2014-07-24 16:28 - 00419648 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys2014-09-14 10:01 - 2014-07-24 16:28 - 00412992 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys2014-09-14 10:01 - 2014-07-24 16:28 - 00143680 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys2014-09-14 10:01 - 2014-07-24 16:23 - 01519488 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll2014-09-14 10:01 - 2014-07-24 16:20 - 21266336 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll2014-09-14 10:01 - 2014-07-24 16:20 - 00645592 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll2014-09-14 10:01 - 2014-07-24 16:16 - 02574208 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL2014-09-14 10:01 - 2014-07-24 16:16 - 00211216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVol.exe2014-09-14 10:01 - 2014-07-24 16:07 - 07424320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe2014-09-14 10:01 - 2014-07-24 16:07 - 02009920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys2014-09-14 10:01 - 2014-07-24 16:05 - 01660048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi2014-09-14 10:01 - 2014-07-24 16:05 - 01519560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe2014-09-14 10:01 - 2014-07-24 16:05 - 01488008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi2014-09-14 10:01 - 2014-07-24 16:05 - 01356840 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe2014-09-14 10:01 - 2014-07-24 16:03 - 02141920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll2014-09-14 10:01 - 2014-07-24 16:03 - 00882136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll2014-09-14 10:01 - 2014-07-24 16:03 - 00818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll2014-09-14 10:01 - 2014-07-24 16:03 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll2014-09-14 10:01 - 2014-07-24 16:03 - 00205512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll2014-09-14 10:01 - 2014-07-24 15:57 - 02515264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys2014-09-14 10:01 - 2014-07-24 15:57 - 00475968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys2014-09-14 10:01 - 2014-07-24 14:48 - 02410976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL2014-09-14 10:01 - 2014-07-24 14:46 - 18760328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll2014-09-14 10:01 - 2014-07-24 14:46 - 00477200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll2014-09-14 10:01 - 2014-07-24 14:36 - 02145472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll2014-09-14 10:01 - 2014-07-24 14:36 - 00707536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll2014-09-14 10:01 - 2014-07-24 14:36 - 00674512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll2014-09-14 10:01 - 2014-07-24 14:36 - 00355800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll2014-09-14 10:01 - 2014-07-24 14:36 - 00180720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll2014-09-14 10:01 - 2014-07-24 12:44 - 00674816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys2014-09-14 10:01 - 2014-07-24 12:43 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys2014-09-14 10:01 - 2014-07-24 12:42 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys2014-09-14 10:01 - 2014-07-24 12:05 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll2014-09-14 10:01 - 2014-07-24 12:05 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll2014-09-14 10:01 - 2014-07-24 11:49 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersGPExt.dll2014-09-14 10:01 - 2014-07-24 11:20 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll2014-09-14 10:01 - 2014-07-24 11:10 - 01844224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll2014-09-14 10:01 - 2014-07-24 11:10 - 00834560 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe2014-09-14 10:01 - 2014-07-24 11:10 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll2014-09-14 10:01 - 2014-07-24 11:09 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll2014-09-14 10:01 - 2014-07-24 11:06 - 00438272 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll2014-09-14 10:01 - 2014-07-24 10:52 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll2014-09-14 10:01 - 2014-07-24 10:44 - 16874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll2014-09-14 10:01 - 2014-07-24 10:39 - 00770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll2014-09-14 10:01 - 2014-07-24 10:33 - 01741824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll2014-09-14 10:01 - 2014-07-24 10:24 - 01817088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll2014-09-14 10:01 - 2014-07-24 10:23 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll2014-09-14 10:01 - 2014-07-24 10:16 - 12730880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll2014-09-14 10:01 - 2014-07-24 10:12 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll2014-09-14 10:01 - 2014-07-24 10:11 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\conhost.exe2014-09-14 10:01 - 2014-07-24 10:10 - 00540672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll2014-09-14 10:01 - 2014-07-24 10:03 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll2014-09-14 10:01 - 2014-07-24 10:02 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll2014-09-14 10:01 - 2014-07-24 09:53 - 01261056 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll2014-09-14 10:01 - 2014-07-24 09:53 - 00449536 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll2014-09-14 10:01 - 2014-07-24 09:49 - 01287680 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll2014-09-14 10:01 - 2014-07-24 09:39 - 02397184 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll2014-09-14 10:01 - 2014-07-24 09:38 - 00371200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll2014-09-14 10:01 - 2014-07-24 09:32 - 01532416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll2014-09-14 10:01 - 2014-07-24 09:29 - 00439296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll2014-09-14 10:01 - 2014-07-24 09:27 - 00907776 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll2014-09-14 10:01 - 2014-07-24 09:23 - 01404416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll2014-09-14 10:01 - 2014-07-24 09:22 - 00487936 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv2014-09-14 10:01 - 2014-07-24 09:21 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll2014-09-14 10:01 - 2014-07-24 09:21 - 00302080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll2014-09-14 10:01 - 2014-07-24 09:19 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll2014-09-14 10:01 - 2014-07-24 09:18 - 00795136 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe2014-09-14 10:01 - 2014-07-24 09:16 - 00505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\VAN.dll2014-09-14 10:01 - 2014-07-24 09:16 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll2014-09-14 10:01 - 2014-07-24 09:15 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll2014-09-14 10:01 - 2014-07-24 09:10 - 01029632 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll2014-09-14 10:01 - 2014-07-24 09:10 - 00889344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll2014-09-14 10:01 - 2014-07-24 09:10 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll2014-09-14 10:01 - 2014-07-24 09:10 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv2014-09-14 10:01 - 2014-07-24 09:02 - 03465216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll2014-09-14 10:01 - 2014-07-24 09:01 - 05833216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll2014-09-14 10:01 - 2014-07-24 09:01 - 01992192 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll2014-09-14 10:01 - 2014-07-24 08:50 - 01182208 _____ (Microsoft Corporation) C:\WINDOWS\system32\printui.dll2014-09-14 10:01 - 2014-07-24 08:47 - 00576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll2014-09-14 10:01 - 2014-07-24 08:46 - 08652800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll2014-09-14 10:01 - 2014-07-24 08:44 - 01057792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\printui.dll2014-09-14 10:01 - 2014-07-24 08:43 - 02696704 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll2014-09-14 10:01 - 2014-07-24 08:39 - 02642944 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll2014-09-14 10:01 - 2014-07-24 08:38 - 06649344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll2014-09-14 10:01 - 2014-07-24 08:38 - 05777408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll2014-09-14 10:01 - 2014-07-24 08:33 - 03360768 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll2014-09-14 10:01 - 2014-07-24 08:30 - 02318336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll2014-09-14 10:01 - 2014-07-24 08:28 - 01600000 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll2014-09-14 10:01 - 2014-07-24 05:11 - 00513544 _____ () C:\WINDOWS\SysWOW64\locale.nls2014-09-14 10:01 - 2014-07-24 05:11 - 00513544 _____ () C:\WINDOWS\system32\locale.nls2014-09-14 10:01 - 2014-07-12 06:55 - 00268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll2014-09-14 10:01 - 2014-07-12 05:58 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll2014-09-14 10:01 - 2014-07-12 05:13 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll2014-09-14 10:01 - 2014-07-04 11:29 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSip.dll2014-09-14 10:01 - 2014-07-04 10:30 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll2014-09-14 10:01 - 2014-07-04 10:27 - 00474112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll2014-09-14 10:01 - 2014-06-27 07:22 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys2014-09-14 10:01 - 2014-06-26 01:32 - 01029632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll2014-09-14 10:01 - 2014-06-19 03:13 - 00310080 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys2014-09-14 10:01 - 2014-06-14 07:03 - 02389504 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll2014-09-14 10:01 - 2014-06-14 06:46 - 02071552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll2014-09-14 10:01 - 2014-06-05 11:18 - 01018368 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll2014-09-14 10:01 - 2014-06-05 10:42 - 00889856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll2014-09-14 10:01 - 2014-05-31 06:00 - 01463808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll2014-09-14 10:01 - 2014-05-29 07:23 - 00427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll2014-09-14 10:01 - 2014-05-29 06:25 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll2014-09-14 10:01 - 2014-05-06 05:41 - 00486744 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll2014-09-14 10:01 - 2014-05-06 01:55 - 00391000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll2014-09-14 10:01 - 2014-03-25 03:27 - 00160600 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmmbase.dll2014-09-14 10:01 - 2014-03-25 02:20 - 00127544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmmbase.dll2014-09-14 10:00 - 2014-07-24 16:28 - 00280384 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys2014-09-14 10:00 - 2014-07-24 16:25 - 00054752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe2014-09-14 10:00 - 2014-07-24 16:23 - 00125472 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll2014-09-14 10:00 - 2014-07-24 16:20 - 00263400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe2014-09-14 10:00 - 2014-07-24 16:03 - 00233888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll2014-09-14 10:00 - 2014-07-24 14:50 - 00098048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll2014-09-14 10:00 - 2014-07-24 14:48 - 00180208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVol.exe2014-09-14 10:00 - 2014-07-24 12:51 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRUM.DLL2014-09-14 10:00 - 2014-07-24 12:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDYAK.DLL2014-09-14 10:00 - 2014-07-24 12:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTT102.DLL2014-09-14 10:00 - 2014-07-24 12:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTAT.DLL2014-09-14 10:00 - 2014-07-24 12:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRU1.DLL2014-09-14 10:00 - 2014-07-24 12:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDBASH.DLL2014-09-14 10:00 - 2014-07-24 12:51 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRU.DLL2014-09-14 10:00 - 2014-07-24 12:47 - 00132608 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll2014-09-14 10:00 - 2014-07-24 12:46 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\IPMIDrv.sys2014-09-14 10:00 - 2014-07-24 12:45 - 00076800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys2014-09-14 10:00 - 2014-07-24 12:42 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\NdisImPlatform.sys2014-09-14 10:00 - 2014-07-24 12:41 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys2014-09-14 10:00 - 2014-07-24 12:33 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll2014-09-14 10:00 - 2014-07-24 12:33 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll2014-09-14 10:00 - 2014-07-24 12:22 - 00308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll2014-09-14 10:00 - 2014-07-24 12:06 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasnap.dll2014-09-14 10:00 - 2014-07-24 11:52 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDYAK.DLL2014-09-14 10:00 - 2014-07-24 11:52 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDTT102.DLL2014-09-14 10:00 - 2014-07-24 11:52 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDTAT.DLL2014-09-14 10:00 - 2014-07-24 11:51 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRUM.DLL2014-09-14 10:00 - 2014-07-24 11:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRU1.DLL2014-09-14 10:00 - 2014-07-24 11:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDBASH.DLL2014-09-14 10:00 - 2014-07-24 11:51 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRU.DLL2014-09-14 10:00 - 2014-07-24 11:33 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll2014-09-14 10:00 - 2014-07-24 11:32 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\powercfg.cpl2014-09-14 10:00 - 2014-07-24 11:18 - 01089024 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpedit.dll2014-09-14 10:00 - 2014-07-24 11:12 - 00878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll2014-09-14 10:00 - 2014-07-24 11:10 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasnap.dll2014-09-14 10:00 - 2014-07-24 11:05 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll2014-09-14 10:00 - 2014-07-24 10:53 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll2014-09-14 10:00 - 2014-07-24 10:42 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\powercfg.cpl2014-09-14 10:00 - 2014-07-24 10:40 - 00557056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintDialogs.dll2014-09-14 10:00 - 2014-07-24 10:32 - 01048064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpedit.dll2014-09-14 10:00 - 2014-07-24 10:27 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll2014-09-14 10:00 - 2014-07-24 10:27 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe2014-09-14 10:00 - 2014-07-24 10:25 - 00832512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenter.dll2014-09-14 10:00 - 2014-07-24 10:21 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll2014-09-14 10:00 - 2014-07-24 10:18 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll2014-09-14 10:00 - 2014-07-24 10:14 - 00443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll2014-09-14 10:00 - 2014-07-24 10:13 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prnntfy.dll2014-09-14 10:00 - 2014-07-24 10:11 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll2014-09-14 10:00 - 2014-07-24 10:09 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll2014-09-14 10:00 - 2014-07-24 10:04 - 00492032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintDialogs.dll2014-09-14 10:00 - 2014-07-24 10:04 - 00183808 _____ (Microsoft Corp.) C:\WINDOWS\system32\Defrag.exe2014-09-14 10:00 - 2014-07-24 09:58 - 00105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll2014-09-14 10:00 - 2014-07-24 09:49 - 01361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll2014-09-14 10:00 - 2014-07-24 09:49 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll2014-09-14 10:00 - 2014-07-24 09:49 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll2014-09-14 10:00 - 2014-07-24 09:48 - 00659968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll2014-09-14 10:00 - 2014-07-24 09:47 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll2014-09-14 10:00 - 2014-07-24 09:43 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll2014-09-14 10:00 - 2014-07-24 09:36 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll2014-09-14 10:00 - 2014-07-24 09:30 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll2014-09-14 10:00 - 2014-07-24 09:28 - 00595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll2014-09-14 10:00 - 2014-07-24 09:24 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll2014-09-14 10:00 - 2014-07-24 09:20 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll2014-09-14 10:00 - 2014-07-24 09:18 - 01144320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll2014-09-14 10:00 - 2014-07-24 09:18 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll2014-09-14 10:00 - 2014-07-24 09:15 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll2014-09-14 10:00 - 2014-07-24 09:15 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll2014-09-14 10:00 - 2014-07-24 09:13 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll2014-09-14 10:00 - 2014-07-24 09:12 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll2014-09-14 10:00 - 2014-07-24 09:08 - 00321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll2014-09-14 10:00 - 2014-07-24 09:08 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll2014-09-14 10:00 - 2014-07-24 09:07 - 01705472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll2014-09-14 10:00 - 2014-07-24 09:06 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll2014-09-14 10:00 - 2014-07-24 09:05 - 00448000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VAN.dll2014-09-14 10:00 - 2014-07-24 09:04 - 00667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll2014-09-14 10:00 - 2014-07-24 09:01 - 01126912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll2014-09-14 10:00 - 2014-07-24 09:00 - 02100736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll2014-09-14 10:00 - 2014-07-24 08:58 - 00432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll2014-09-14 10:00 - 2014-07-24 08:58 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll2014-09-14 10:00 - 2014-07-24 08:54 - 01290752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll2014-09-14 10:00 - 2014-07-24 08:50 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll2014-09-14 10:00 - 2014-07-24 08:49 - 00263680 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll2014-09-14 10:00 - 2014-07-24 08:43 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll2014-09-14 10:00 - 2014-07-24 08:43 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll2014-09-14 10:00 - 2014-07-24 08:41 - 00459264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll2014-09-14 10:00 - 2014-07-12 06:23 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll2014-09-14 10:00 - 2014-07-12 05:33 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll2014-09-14 10:00 - 2014-07-10 00:19 - 00387391 _____ () C:\WINDOWS\system32\ApnDatabase.xml2014-09-14 10:00 - 2014-07-04 13:59 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys2014-09-14 10:00 - 2014-07-04 11:20 - 01656832 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll2014-09-14 10:00 - 2014-07-04 11:06 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxSip.dll2014-09-14 10:00 - 2014-07-04 11:00 - 01351168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll2014-09-14 10:00 - 2014-06-26 01:29 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll2014-09-14 10:00 - 2014-06-20 00:37 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys2014-09-14 10:00 - 2014-06-07 13:46 - 00216368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll2014-09-14 10:00 - 2014-06-07 11:20 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll2014-09-14 10:00 - 2014-06-05 15:00 - 01118040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys2014-09-14 10:00 - 2014-05-31 05:18 - 01319936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll2014-09-14 10:00 - 2014-05-29 06:20 - 00427520 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll2014-09-14 10:00 - 2014-05-29 05:36 - 00344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll2014-09-14 10:00 - 2014-05-26 08:26 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll2014-09-14 10:00 - 2014-05-10 11:12 - 00387896 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll2014-09-14 10:00 - 2014-05-10 09:46 - 00335680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll2014-09-14 10:00 - 2014-03-25 03:27 - 00123920 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmm.dll2014-09-14 10:00 - 2014-03-25 02:20 - 00128568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmm.dll2014-09-14 09:52 - 2014-08-15 01:36 - 00146752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpioclx.sys2014-09-10 21:53 - 2014-08-16 02:56 - 00547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll2014-09-10 21:53 - 2014-08-16 02:54 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll2014-09-10 21:53 - 2014-08-16 02:43 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll2014-09-10 21:53 - 2014-08-16 02:32 - 00446464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll2014-09-10 21:53 - 2014-08-16 02:25 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll2014-09-10 21:53 - 2014-08-16 02:22 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll2014-09-10 21:53 - 2014-08-16 02:20 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll2014-09-10 21:53 - 2014-08-16 02:19 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll2014-09-10 21:53 - 2014-08-16 02:18 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll2014-09-10 21:53 - 2014-08-16 02:06 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll2014-09-10 21:53 - 2014-08-16 02:05 - 00727040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll2014-09-10 21:53 - 2014-08-16 02:05 - 00707072 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe2014-09-10 21:53 - 2014-08-16 02:03 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll2014-09-10 21:53 - 2014-08-16 01:53 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll2014-09-10 21:53 - 2014-08-16 01:53 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll2014-09-10 21:52 - 2014-08-16 03:40 - 23591424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll2014-09-10 21:52 - 2014-08-16 03:04 - 17455104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll2014-09-10 21:52 - 2014-08-16 03:00 - 05833728 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll2014-09-10 21:52 - 2014-08-16 03:00 - 02793984 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll2014-09-10 21:52 - 2014-08-16 02:45 - 04232704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll2014-09-10 21:52 - 2014-08-16 02:18 - 02185728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll2014-09-10 21:52 - 2014-08-16 02:11 - 00597504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll2014-09-10 21:52 - 2014-08-16 02:03 - 02104832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl2014-09-10 21:52 - 2014-08-16 01:58 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll2014-09-10 21:52 - 2014-08-16 01:56 - 02310656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll2014-09-10 21:52 - 2014-08-16 01:53 - 13588480 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll2014-09-10 21:52 - 2014-08-16 01:51 - 11769856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll2014-09-10 21:52 - 2014-08-16 01:45 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll2014-09-10 21:52 - 2014-08-16 01:44 - 02014208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl2014-09-10 21:52 - 2014-08-16 01:44 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll2014-09-10 21:52 - 2014-08-16 01:34 - 01447424 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll2014-09-10 21:52 - 2014-08-16 01:20 - 01812992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll2014-09-10 21:52 - 2014-08-16 01:18 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll2014-09-10 21:52 - 2014-08-16 01:14 - 01190400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll2014-09-10 21:52 - 2014-08-16 01:12 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll2014-09-10 17:44 - 2014-08-02 01:18 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll2014-09-10 17:43 - 2014-09-05 03:36 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll2014-09-10 17:43 - 2014-09-05 03:31 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll2014-09-10 17:43 - 2014-09-05 01:48 - 00738816 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll2014-09-10 17:43 - 2014-07-24 04:20 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll2014-09-10 17:43 - 2014-07-24 04:20 - 00869544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll2014-09-08 12:45 - 2014-09-08 12:45 - 00000000 ____D () C:\ProgramData\Wondershare2014-09-08 12:38 - 2014-09-08 12:38 - 00000000 ____D () C:\Users\rthain\AppData\Local\Wondershare ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2014-09-29 19:46 - 2013-11-05 12:21 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2069769180-886861901-593725835-10022014-09-29 19:42 - 2014-02-13 11:35 - 01960314 _____ () C:\WINDOWS\WindowsUpdate.log2014-09-29 19:42 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\AppReadiness2014-09-29 19:41 - 2014-08-01 12:08 - 00004978 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for HEREWARD-rthain Hereward2014-09-29 19:40 - 2014-01-19 12:00 - 00000000 ____D () C:\Users\rthain\AppData\Roaming\Skype2014-09-29 19:40 - 2013-11-07 12:57 - 00000908 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job2014-09-29 19:39 - 2014-03-27 11:35 - 00152114 _____ () C:\WINDOWS\PFRO.log2014-09-29 19:39 - 2013-08-22 15:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT2014-09-29 19:38 - 2013-08-22 14:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI2014-09-29 19:00 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\sru2014-09-29 18:37 - 2013-11-07 12:57 - 00000912 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job2014-09-26 19:38 - 2014-04-14 10:36 - 00007263 _____ () C:\WINDOWS\setupact.log2014-09-25 11:43 - 2012-07-26 08:59 - 00000000 ____D () C:\WINDOWS\CbsTemp2014-09-25 11:16 - 2014-08-25 11:31 - 00000000 ____D () C:\Program Files\Common Files\Apple2014-09-25 11:15 - 2014-04-14 18:42 - 00000000 ____D () C:\ProgramData\Apple2014-09-25 10:09 - 2014-04-05 15:15 - 00000000 ____D () C:\Program Files\Microsoft Office 152014-09-23 10:34 - 2014-01-27 17:45 - 00000000 ____D () C:\Users\rthain2014-09-23 10:19 - 2013-11-05 12:12 - 00000000 ____D () C:\Users\rthain\AppData\Local\Packages2014-09-22 07:42 - 2014-01-31 16:01 - 00278152 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe2014-09-19 13:28 - 2014-07-21 10:37 - 00002531 _____ () C:\Users\Public\Desktop\Skype.lnk2014-09-19 13:28 - 2014-07-21 10:37 - 00000000 ___RD () C:\Program Files (x86)\Skype2014-09-19 13:28 - 2014-01-19 11:59 - 00000000 ____D () C:\ProgramData\Skype2014-09-17 16:55 - 2014-01-10 03:51 - 00000000 ____D () C:\Users\rthain\Documents\HACS2014-09-17 16:06 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\rescache2014-09-16 12:28 - 2013-11-14 08:28 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI2014-09-15 16:44 - 2013-08-22 15:44 - 00371864 _____ () C:\WINDOWS\system32\FNTCACHE.DAT2014-09-15 15:28 - 2013-11-14 08:17 - 00000000 ____D () C:\Program Files\Windows Journal2014-09-15 15:28 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ToastData2014-09-15 15:28 - 2013-08-22 16:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel2014-09-15 15:28 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility2014-09-15 15:28 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility2014-09-15 15:28 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\WinStore2014-09-15 15:28 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\setup2014-09-15 15:28 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\InputMethod2014-09-15 15:28 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\system32\setup2014-09-15 15:28 - 2013-08-22 14:36 - 00000000 ____D () C:\WINDOWS\system32\oobe2014-09-15 15:26 - 2014-03-28 10:57 - 00000000 ____D () C:\Users\rthain\AppData\Local\AdFender2014-09-10 22:25 - 2014-07-10 11:16 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel2014-09-10 21:54 - 2014-06-13 13:28 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll2014-09-10 21:54 - 2014-06-13 13:28 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll2014-09-10 21:53 - 2014-06-13 13:28 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll2014-09-10 21:53 - 2014-06-13 13:28 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe2014-09-10 21:53 - 2014-06-13 13:28 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe2014-09-10 21:53 - 2014-06-13 13:28 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe2014-09-10 21:53 - 2014-06-13 13:28 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll2014-09-10 21:53 - 2014-06-13 13:28 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll2014-09-10 21:53 - 2014-06-13 13:28 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll2014-09-10 21:53 - 2014-06-13 13:28 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll2014-09-10 21:53 - 2014-06-13 13:28 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll2014-09-10 21:53 - 2014-06-13 13:28 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll2014-09-10 21:53 - 2014-06-12 10:27 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll2014-09-10 21:53 - 2014-06-12 10:27 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll2014-09-10 21:53 - 2014-05-03 09:24 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb2014-09-10 21:53 - 2014-05-03 09:24 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb2014-09-10 21:52 - 2013-11-18 03:59 - 00000000 ____D () C:\WINDOWS\system32\MRT2014-09-10 21:43 - 2013-11-18 03:59 - 101694776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe2014-09-08 15:41 - 2014-04-14 11:12 - 00000000 ____D () C:\PFS8.3 PE_TMP2014-09-07 14:27 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\Registration2014-09-07 11:47 - 2013-11-07 11:01 - 00000000 ____D () C:\ldiag2014-09-06 14:46 - 2014-01-31 12:33 - 00000000 ____D () C:\Users\rthain\Documents\My Scans2014-09-05 14:39 - 2013-06-10 07:29 - 00000000 ____D () C:\ProgramData\Adobe2014-09-05 14:39 - 2013-06-10 07:29 - 00000000 ____D () C:\Program Files (x86)\Adobe2014-09-04 14:28 - 2014-04-26 10:55 - 00000000 ____D () C:\ProgramData\874cfb7b7dee04e92014-09-04 14:05 - 2013-08-22 16:36 - 00000000 ____D () C:\WINDOWS\addins2014-09-02 21:06 - 2014-08-13 22:33 - 00706016 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe2014-09-02 21:06 - 2014-08-13 22:33 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl Some content of TEMP:====================C:\Users\rthain\AppData\Local\Temp\BackupSetup.exeC:\Users\rthain\AppData\Local\Temp\KUIU.EXEC:\Users\rthain\AppData\Local\Temp\Quarantine.exeC:\Users\rthain\AppData\Local\Temp\SettingsManagerSetup.exeC:\Users\rthain\AppData\Local\Temp\SHSetup.exeC:\Users\rthain\AppData\Local\Temp\vcredist_x64.exeC:\Users\rthain\AppData\Local\Temp\_is3897.exe ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2014-09-26 20:42 Link to post Share on other sites More sharing options...
marinedog Posted October 1, 2014 Author ID:885342 Share Posted October 1, 2014 Hi I simply haven't a clue where I am supposed to look for the report after the scan. Superiend still seems to be present as it appeared when i went on a link in an email which had been sent to me - although malwarebytes did come on and say it had intercepted something malicious but whether that was a coincidence or not I don't know. If you still wish to help me in despite my lack of pc skills I would be very grateful but will fully understand if you decide not to continue. Link to post Share on other sites More sharing options...
deeprybka Posted October 1, 2014 ID:885348 Share Posted October 1, 2014 Hi, did you run the fix? The Fixlog.txt is also located in downloads directory. Link to post Share on other sites More sharing options...
marinedog Posted October 1, 2014 Author ID:885379 Share Posted October 1, 2014 Hi I did run the fix followed by the scan. I know it ran the fix and it told me there was a report. In downloads I have files marked Addition, fixlog (which was the one I thought I cut and paste above), FRST, FRST64. Do I need to run the fix again? Link to post Share on other sites More sharing options...
deeprybka Posted October 1, 2014 ID:885380 Share Posted October 1, 2014 Hi,I am only online with my mobile therefore the question if you have run the fix. Please post Fixlog.txt Link to post Share on other sites More sharing options...
marinedog Posted October 3, 2014 Author ID:886016 Share Posted October 3, 2014 Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-09-2014Ran by rthain at 2014-10-01 13:52:52 Run:1Running from C:\Users\rthain\DownloadsLoaded Profiles: rthain & (Available profiles: rthain)Boot Mode: Normal============================================== Content of fixlist:*****************Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - No FileHKLM-x32\...\Run: [] => [X]ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => No FileSearchScopes: HKCU - URL http://search.condui...rchTerms}&SSPV=SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.searc...x={searchTerms}SearchScopes: HKCU - {25A72053-8D57-4117-B3BC-CBFB4BDDECF9} URL =Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No FileHandler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - No FileCHR Plugin: (McAfee SecurityCenter) - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL No FileCHR Plugin: (Nitro PDF plugin for Firefox and Chrome) - C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll No FileCHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll No FileCHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTIONS3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]EmptyTemp:***************** "HKCR\PROTOCOLS\Handler\ipp\0x00000001" => Key deleted successfully."HKCR\CLSID\{E1D2BF42-A96B-11D1-9C6B-0000F875AC61}" => Key not found.HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully."HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => Key deleted successfully."HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}" => Key not found.HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\URL => value deleted successfully.HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\SuggestionsURL_JSON => value deleted successfully."HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{25A72053-8D57-4117-B3BC-CBFB4BDDECF9}" => Key deleted successfully."HKCR\CLSID\{25A72053-8D57-4117-B3BC-CBFB4BDDECF9}" => Key not found.HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully."HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => Key not found."HKCR\PROTOCOLS\Handler\ipp\0x00000001" => Key not found."HKCR\CLSID\{E1D2BF42-A96B-11D1-9C6B-0000F875AC61}" => Key not found.c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL not found.C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll not found.C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll not found."HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.esgiguard => Service deleted successfully.EmptyTemp: => Removed 4.3 GB temporary data. The system needed a reboot. ==== End of Fixlog ==== Link to post Share on other sites More sharing options...
marinedog Posted October 3, 2014 Author ID:886018 Share Posted October 3, 2014 Superiend is still present and still appearing when I use any links that come in via emails such as if I want to look at my electricity bill on line and use the link provided in the supplier's email. Link to post Share on other sites More sharing options...
deeprybka Posted October 3, 2014 ID:886025 Share Posted October 3, 2014 Hi, which email-client? Chrome? Start FRST with administator privileges.Make sure the following option is checked: Press the Scan button. When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.Please copy and paste these logs in your next reply. Link to post Share on other sites More sharing options...
marinedog Posted October 3, 2014 Author ID:886075 Share Posted October 3, 2014 Yes, chrome. Can I get rid of all previous reports as it is getting confusing. Link to post Share on other sites More sharing options...
Recommended Posts