Jump to content
Due to inclement weather in Southwest Florida, our Clearwater support team is offline. Our other offices are available to assist you, however their responses may be delayed. We appreciate your patience and understanding during this time. ×

Cannot remove 'Ad by Notification'


Recommended Posts

A few weeks ago I installed P2P software to download a copy of an old TV show. The 'Ad by Notification' must have downloaded along with the P2P software. Since then I have uninstalled the software, reset, uninstalled then re-installed mozilla and explorer, ran windows defender, malware bytes, spybot and adw cleaner. I have looked for any obscure software on my pc to install buy haven't found any. While some items were detected and quaranteened, the problem still persists.  I don't know what else to do - hoping you can help me fix my screw-up.

 

I ran the Farbar Recovery Scan Tool and here are the results.  Thank you in advance for any help you can give me!

 

 

FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-11-2014

Ran by True (administrator) on HOMEPC on 14-11-2014 19:03:23

Running from C:\Users\True\Downloads

Loaded Profile: True (Available profiles: True)

Platform: Windows 8.1 (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

() C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe

(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe

(AMD) C:\Windows\System32\atiesrxx.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe

(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe

(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\livecomm.exe

(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe

(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe

(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe

(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe

(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe

(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE

(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe

(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE

(Microsoft Corporation) C:\Windows\splwow64.exe

(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPNetworkCommunicator.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe

(Dropbox, Inc.) C:\Users\True\AppData\Roaming\Dropbox\bin\Dropbox.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7510896 2014-07-05] (Realtek Semiconductor)

HKLM\...\Run: [simplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2758200 2013-10-14] (Hewlett-Packard)

HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-10-14] (Hewlett-Packard)

HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [155704 2013-10-14] (Hewlett-Packard)

HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2803440 2013-12-13] (Synaptics Incorporated)

HKLM\...\Run: [ColtsTray] => C:\Program Files (x86)\DeskSite Software\Colts DeskSite\ColtsTray.exe

HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-11] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)

HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [475448 2014-03-26] (Hewlett-Packard Development Company, L.P.)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)

HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard)

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]

HKLM\...\Policies\Explorer: [NoFolderOptions] 0

HKLM\...\Policies\Explorer: [NoControlPanel] 0

HKU\S-1-5-21-1734499517-1423219126-3406439121-1002\...\Run: [HP Photosmart 5510 series (NET)] => C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)

HKU\S-1-5-21-1734499517-1423219126-3406439121-1002\...\Run: [spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)

Startup: C:\Users\True\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\True\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

Startup: C:\Users\True\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - .lnk

ShortcutTarget: Monitor Ink Alerts - .lnk -> C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

Startup: C:\Users\True\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

Startup: C:\Users\True\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk

ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)

BootExecute: autocheck autochk * sdnclean64.exe

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/HPNOT14/1

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS

SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS

SearchScopes: HKLM - {86A0B50C-6F90-4213-B8C1-14CE698B7817} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS

SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS

SearchScopes: HKLM-x32 - {86A0B50C-6F90-4213-B8C1-14CE698B7817} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

SearchScopes: HKCU - {86A0B50C-6F90-4213-B8C1-14CE698B7817} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)

BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

BHO-x32: SecureWebBHO Class -> {D3C24E2B-C820-4492-9B69-11BF7163F998} -> C:\Program Files (x86)\Jelbrus Secure Web\jsie.dll (Jelbrus)

BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)

Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

 

FireFox:

========

FF ProfilePath: C:\Users\True\AppData\Roaming\Mozilla\Firefox\Profiles\ywkk0q2m.default-1416000456201

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\ddg.xml

FF Extension: Firefox Helper - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\b85afb9c3dde7f804c95414cfb510fb1 [2014-11-13]

 

Chrome:

=======

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [99328 2013-12-11] () [File not signed]

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-11] (Advanced Micro Devices, Inc.) [File not signed]

R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-10-14] () [File not signed]

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2436280 2014-09-25] (Microsoft Corporation)

R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent)

R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2014-01-13] (Hewlett-Packard Company) [File not signed]

R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [49464 2014-05-21] (Hewlett-Packard Company)

R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [469304 2014-03-26] (Hewlett-Packard Development Company, L.P.)

R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-21] (Microsoft Corporation)

S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)

S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)

R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-10-14] (Softex Inc.) [File not signed]

R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-07-05] (Realtek Semiconductor)

R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)

R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)

R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)

S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-21] (Microsoft Corporation)

S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-21] (Microsoft Corporation)

S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-08-26] (Microsoft Corporation)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)

R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17504 2013-02-07] (Advanced Micro Devices, INC.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3858944 2013-10-17] (Qualcomm Atheros Communications, Inc.)

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2013-09-25] (Advanced Micro Devices)

R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-14] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-10-01] (Malwarebytes Corporation)

R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [291032 2013-11-22] (Realtek Semiconductor Corp.)

S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29936 2013-12-13] (Synaptics Incorporated)

S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [31472 2013-12-13] (Synaptics Incorporated)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)

R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-11-14 19:03 - 2014-11-14 19:04 - 00018230 _____ () C:\Users\True\Downloads\FRST.txt

2014-11-14 19:03 - 2014-11-14 19:03 - 00000000 ____D () C:\FRST

2014-11-14 18:50 - 2014-11-14 18:50 - 02116608 _____ (Farbar) C:\Users\True\Downloads\FRST64.exe

2014-11-14 18:23 - 2014-11-14 18:36 - 00000000 ____D () C:\AdwCleaner

2014-11-14 18:20 - 2014-11-14 18:21 - 02140160 _____ () C:\Users\True\Downloads\AdwCleaner.exe

2014-11-14 16:26 - 2014-11-14 16:26 - 00000000 __SHD () C:\Users\True\AppData\Local\EmieBrowserModeList

2014-11-11 19:43 - 2014-11-11 19:43 - 00001182 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2014-11-11 19:43 - 2014-11-11 19:43 - 00001170 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2014-11-11 19:43 - 2014-11-11 19:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-11-11 19:30 - 2014-11-11 19:30 - 00244088 _____ () C:\Users\True\Downloads\Firefox Setup Stub 33.1.exe

2014-11-11 15:14 - 2014-10-31 00:28 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-11-11 15:13 - 2014-10-30 22:42 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-11-11 15:10 - 2014-10-30 22:59 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-11-11 15:09 - 2014-10-30 23:50 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-11-11 15:09 - 2014-10-30 21:46 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-11-11 15:09 - 2014-10-30 21:30 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-11-11 15:08 - 2014-10-31 00:06 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-11-11 15:08 - 2014-10-31 00:05 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-11-11 15:08 - 2014-10-30 23:53 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-11-11 15:08 - 2014-10-30 23:51 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2014-11-11 15:08 - 2014-10-30 23:50 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-11-11 15:08 - 2014-10-30 23:38 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-11-11 15:08 - 2014-10-30 23:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-11-11 15:08 - 2014-10-30 23:15 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll

2014-11-11 15:08 - 2014-10-30 23:08 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll

2014-11-11 15:08 - 2014-10-30 23:05 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-11-11 15:08 - 2014-10-30 23:03 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-11-11 15:08 - 2014-10-30 22:45 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-11-11 15:08 - 2014-10-30 22:44 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll

2014-11-11 15:08 - 2014-10-30 22:32 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-11-11 15:08 - 2014-10-30 22:24 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-11-11 15:08 - 2014-10-30 22:20 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-11-11 15:08 - 2014-10-30 22:18 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-11-11 15:08 - 2014-10-30 22:13 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-11-11 15:08 - 2014-10-30 22:12 - 00661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2014-11-11 15:08 - 2014-10-30 22:11 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-11-11 15:08 - 2014-10-30 22:02 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-11-11 15:08 - 2014-10-30 21:50 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-11-11 15:08 - 2014-10-30 21:46 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll

2014-11-11 15:08 - 2014-10-30 21:42 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll

2014-11-11 15:08 - 2014-10-30 21:40 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-11-11 15:08 - 2014-10-30 21:39 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-11-11 15:08 - 2014-10-30 21:17 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-11-11 15:08 - 2014-10-30 21:13 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-11-11 15:08 - 2014-10-30 21:11 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-11-11 15:07 - 2014-10-31 00:09 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll

2014-11-11 15:07 - 2014-10-31 00:06 - 00237568 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2014-11-11 15:07 - 2014-10-31 00:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-11-11 15:07 - 2014-10-31 00:05 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2014-11-11 15:07 - 2014-10-31 00:04 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-11-11 15:07 - 2014-10-30 23:57 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-11-11 15:07 - 2014-10-30 23:54 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll

2014-11-11 15:07 - 2014-10-30 23:52 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll

2014-11-11 15:07 - 2014-10-30 23:51 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-11-11 15:07 - 2014-10-30 23:51 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-11-11 15:07 - 2014-10-30 23:40 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll

2014-11-11 15:07 - 2014-10-30 23:30 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-11-11 15:07 - 2014-10-30 23:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2014-11-11 15:07 - 2014-10-30 23:29 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx

2014-11-11 15:07 - 2014-10-30 23:28 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll

2014-11-11 15:07 - 2014-10-30 23:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-11-11 15:07 - 2014-10-30 23:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-11-11 15:07 - 2014-10-30 23:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll

2014-11-11 15:07 - 2014-10-30 23:23 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll

2014-11-11 15:07 - 2014-10-30 23:19 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll

2014-11-11 15:07 - 2014-10-30 23:06 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-11-11 15:07 - 2014-10-30 23:05 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-11-11 15:07 - 2014-10-30 22:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll

2014-11-11 15:07 - 2014-10-30 22:28 - 00137728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe

2014-11-11 15:07 - 2014-10-30 22:27 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe

2014-11-11 15:07 - 2014-10-30 22:26 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll

2014-11-11 15:07 - 2014-10-30 22:24 - 00235520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2014-11-11 15:07 - 2014-10-30 22:24 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-11-11 15:07 - 2014-10-30 22:23 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2014-11-11 15:07 - 2014-10-30 22:23 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-11-11 15:07 - 2014-10-30 22:22 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-11-11 15:07 - 2014-10-30 22:16 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-11-11 15:07 - 2014-10-30 22:15 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-11-11 15:07 - 2014-10-30 22:14 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll

2014-11-11 15:07 - 2014-10-30 22:13 - 00099328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll

2014-11-11 15:07 - 2014-10-30 22:12 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-11-11 15:07 - 2014-10-30 22:03 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll

2014-11-11 15:07 - 2014-10-30 21:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-11-11 15:07 - 2014-10-30 21:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll

2014-11-11 15:07 - 2014-10-30 21:56 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2014-11-11 15:07 - 2014-10-30 21:56 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx

2014-11-11 15:07 - 2014-10-30 21:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-11-11 15:07 - 2014-10-30 21:53 - 00052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll

2014-11-11 15:07 - 2014-10-30 21:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-11-11 15:07 - 2014-10-30 21:51 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll

2014-11-11 15:07 - 2014-10-30 21:48 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll

2014-11-11 15:07 - 2014-10-30 21:40 - 00325632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-11-11 15:07 - 2014-10-30 21:26 - 01042944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll

2014-11-11 15:07 - 2014-10-30 21:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll

2014-11-11 15:06 - 2014-10-31 00:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe

2014-11-11 15:06 - 2014-10-31 00:12 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe

2014-11-11 15:06 - 2014-10-31 00:10 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe

2014-11-11 15:06 - 2014-10-31 00:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

2014-11-11 15:06 - 2014-10-31 00:06 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-11-11 15:06 - 2014-10-30 23:56 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-11-11 15:06 - 2014-10-30 22:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe

2014-11-11 15:06 - 2014-10-30 22:25 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe

2014-11-11 15:00 - 2014-10-10 19:58 - 03320320 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll

2014-11-11 15:00 - 2014-10-10 19:53 - 03607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll

2014-11-11 15:00 - 2014-10-08 02:09 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll

2014-11-11 15:00 - 2014-10-08 00:32 - 02773504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll

2014-11-11 15:00 - 2014-10-08 00:19 - 02459136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll

2014-11-11 15:00 - 2014-09-21 23:38 - 01519488 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll

2014-11-11 15:00 - 2014-09-21 22:06 - 00258368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys

2014-11-11 15:00 - 2014-09-21 22:06 - 00114496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys

2014-11-11 15:00 - 2014-09-21 21:49 - 00035320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys

2014-11-11 15:00 - 2014-09-18 19:16 - 01346048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll

2014-11-11 15:00 - 2014-09-02 17:08 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\winshfhc.dll

2014-11-11 15:00 - 2014-09-02 17:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winshfhc.dll

2014-11-11 14:59 - 2014-10-17 02:01 - 00789184 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll

2014-11-11 14:59 - 2014-10-12 21:33 - 00116032 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe

2014-11-11 14:59 - 2014-10-09 20:58 - 00177472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2014-11-11 14:59 - 2014-10-09 20:58 - 00027456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys

2014-11-11 14:59 - 2014-10-09 20:44 - 00563976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys

2014-11-11 14:59 - 2014-10-08 02:37 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll

2014-11-11 14:59 - 2014-10-08 02:37 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll

2014-11-11 14:59 - 2014-10-08 02:34 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll

2014-11-11 14:59 - 2014-10-08 02:30 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll

2014-11-11 14:59 - 2014-10-08 02:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\rfxvmt.dll

2014-11-11 14:59 - 2014-10-08 01:56 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll

2014-11-11 14:59 - 2014-10-08 01:51 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll

2014-11-11 14:59 - 2014-10-08 01:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll

2014-11-11 14:59 - 2014-10-08 01:27 - 00325120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll

2014-11-11 14:59 - 2014-10-08 01:18 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll

2014-11-11 14:59 - 2014-10-08 01:17 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2014-11-11 14:59 - 2014-10-08 00:23 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll

2014-11-11 14:59 - 2014-09-27 02:13 - 00104336 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll

2014-11-11 14:59 - 2014-09-27 00:24 - 00088800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll

2014-11-11 14:59 - 2014-09-26 22:38 - 00426496 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2014-11-11 14:59 - 2014-09-26 22:30 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll

2014-11-11 14:59 - 2014-09-26 22:17 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2014-11-11 14:58 - 2014-10-18 04:55 - 00055776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe

2014-11-11 14:58 - 2014-10-18 03:09 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll

2014-11-11 14:58 - 2014-10-18 03:09 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll

2014-11-11 14:58 - 2014-10-18 02:25 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll

2014-11-11 14:58 - 2014-10-18 01:50 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll

2014-11-11 14:58 - 2014-10-18 01:38 - 03557376 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll

2014-11-11 14:58 - 2014-10-18 01:27 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe

2014-11-11 14:58 - 2014-10-18 01:26 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll

2014-11-11 14:58 - 2014-10-18 01:23 - 00407552 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll

2014-11-11 14:58 - 2014-10-18 01:23 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll

2014-11-11 14:58 - 2014-10-18 01:21 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll

2014-11-11 14:58 - 2014-10-18 01:20 - 01714176 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll

2014-11-11 14:58 - 2014-10-18 01:14 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll

2014-11-11 14:58 - 2014-10-18 01:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

2014-11-11 14:58 - 2014-10-18 01:12 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll

2014-11-11 14:58 - 2014-10-18 01:11 - 00723968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll

2014-11-11 14:58 - 2014-10-17 01:58 - 00602768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll

2014-11-11 14:55 - 2014-10-23 00:48 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll

2014-11-11 14:55 - 2014-10-23 00:05 - 00072192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll

2014-11-11 14:55 - 2014-10-07 01:28 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll

2014-11-11 14:55 - 2014-10-07 01:27 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll

2014-11-11 14:55 - 2014-10-07 01:27 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll

2014-11-11 14:55 - 2014-10-07 01:27 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe

2014-11-11 14:55 - 2014-10-07 01:27 - 00108432 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll

2014-11-11 14:55 - 2014-10-06 22:34 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll

2014-11-11 14:55 - 2014-10-06 22:34 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll

2014-11-11 14:55 - 2014-10-06 22:33 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll

2014-11-11 14:55 - 2014-10-06 22:30 - 04182016 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-11-11 14:55 - 2014-10-06 20:54 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll

2014-11-11 14:55 - 2014-10-06 20:46 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll

2014-11-11 14:55 - 2014-08-23 00:18 - 02149376 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll

2014-11-11 14:55 - 2014-08-23 00:03 - 01346048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2014-11-11 14:54 - 2014-09-10 01:25 - 00474432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys

2014-11-11 14:54 - 2014-09-07 22:07 - 02497344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2014-11-11 14:54 - 2014-09-04 17:30 - 00822272 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll

2014-11-11 14:54 - 2014-09-04 17:21 - 01053184 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll

2014-11-11 14:54 - 2014-09-03 22:05 - 00836176 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll

2014-11-11 14:54 - 2014-09-03 21:22 - 00670384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll

2014-11-11 14:54 - 2014-09-03 20:01 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll

2014-11-11 14:54 - 2014-09-03 19:32 - 00334336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll

2014-11-11 14:54 - 2014-08-30 19:17 - 00148800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS

2014-11-11 14:54 - 2014-08-30 19:15 - 21197152 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2014-11-11 14:54 - 2014-08-30 17:59 - 18723112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2014-11-11 14:54 - 2014-08-30 16:04 - 00941568 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll

2014-11-11 14:54 - 2014-08-30 15:17 - 00799744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll

2014-11-11 14:54 - 2014-08-27 21:55 - 07484224 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2014-11-11 14:54 - 2014-08-27 19:21 - 02480128 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll

2014-11-11 14:54 - 2014-08-27 19:06 - 02030592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll

2014-11-11 14:54 - 2014-08-23 00:14 - 13424128 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll

2014-11-11 14:54 - 2014-08-23 00:04 - 11820544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll

2014-11-11 14:54 - 2014-08-22 23:50 - 02714112 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll

2014-11-11 14:53 - 2014-09-07 22:07 - 00428864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS

2014-11-11 14:53 - 2014-09-07 17:08 - 00389176 _____ () C:\Windows\system32\ApnDatabase.xml

2014-11-11 14:53 - 2014-08-30 17:05 - 00615424 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOMEX.dll

2014-11-11 14:53 - 2014-08-30 16:58 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\FXSAPI.dll

2014-11-11 14:53 - 2014-08-30 15:53 - 00239104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FXSAPI.dll

2014-11-11 14:53 - 2014-08-01 19:51 - 00545792 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll

2014-11-11 14:53 - 2014-08-01 19:35 - 00485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll

2014-11-11 13:58 - 2014-11-14 18:34 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-11-11 13:57 - 2014-11-11 13:57 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-11-11 13:57 - 2014-11-11 13:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-11-11 13:56 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-11-11 13:56 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-11-11 13:56 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-11-11 13:55 - 2014-11-11 13:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-11-11 13:55 - 2014-11-11 13:55 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-11-11 13:51 - 2014-11-11 13:54 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\True\Downloads\mbam-setup-2.0.3.1025.exe

2014-11-11 13:39 - 2014-11-11 13:40 - 00000000 ____D () C:\Users\True\Desktop\SOA

2014-11-11 12:03 - 2014-11-11 12:06 - 00023159 _____ () C:\Windows\wininit.ini

2014-11-10 19:10 - 2014-11-13 19:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-11-07 12:44 - 2014-11-07 12:44 - 00244152 _____ () C:\Users\True\Downloads\Firefox Setup Stub 33.0.3.exe

2014-11-07 12:16 - 2014-11-07 12:18 - 15047896 _____ (DeskSite) C:\Users\True\Downloads\install_colts_desksite.exe

2014-11-06 13:40 - 2014-11-06 13:40 - 00244032 _____ () C:\Users\True\Downloads\Firefox Setup Stub 33.0.2.exe

2014-11-06 09:28 - 2013-08-22 08:25 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20141106-092815.backup

2014-11-05 23:05 - 2014-11-05 23:05 - 00001414 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk

2014-11-05 23:05 - 2014-11-05 23:05 - 00001402 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk

2014-11-05 23:05 - 2014-11-05 23:05 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking

2014-11-05 23:05 - 2014-11-05 23:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2

2014-11-05 23:04 - 2014-11-06 09:10 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy

2014-11-05 23:04 - 2014-11-05 23:10 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2

2014-11-05 23:04 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe

2014-11-05 22:52 - 2014-11-05 23:02 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\True\Downloads\spybot-2.4.exe

2014-11-05 22:36 - 2014-11-14 16:27 - 00000000 ____D () C:\Users\True\Desktop\Old Firefox Data

2014-11-04 22:11 - 2014-11-04 22:11 - 00002259 _____ () C:\Windows\epplauncher.mif

2014-11-04 22:07 - 2014-11-04 22:09 - 14087848 _____ (Microsoft Corporation) C:\Users\True\Downloads\mseinstall.exe

2014-10-31 14:01 - 2014-11-13 19:39 - 00003272 _____ () C:\Windows\System32\Tasks\Jelbrus Secure Web Task

2014-10-31 14:01 - 2014-10-31 14:01 - 00000000 ____D () C:\Program Files (x86)\Jelbrus Secure Web

2014-10-31 13:58 - 2014-11-11 13:12 - 00073728 _____ () C:\Windows\SysWOW64\tasks.dll

2014-10-30 12:26 - 2014-10-30 12:26 - 00000000 ____D () C:\Users\True\.swt

2014-10-30 12:24 - 2014-10-30 19:24 - 00000000 ____D () C:\Users\True\AppData\Roaming\Azureus

2014-10-30 12:17 - 2014-10-30 12:17 - 00072008 _____ (Azureus Software, Inc.) C:\Users\True\Downloads\VuzeBittorrentClientInstaller.exe

2014-10-27 19:33 - 2014-10-27 19:33 - 00000000 __SHD () C:\Users\True\AppData\Local\EmieUserList

2014-10-27 19:33 - 2014-10-27 19:33 - 00000000 __SHD () C:\Users\True\AppData\Local\EmieSiteList

2014-10-26 20:14 - 2014-11-14 18:56 - 00004960 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for HOMEPC-True HomePC

2014-10-26 20:14 - 2014-10-26 20:14 - 00003090 _____ () C:\Windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1734499517-1423219126-3406439121-1002

2014-10-26 20:14 - 2014-10-26 20:14 - 00000000 ___RD () C:\Users\True\OneDrive

2014-10-26 20:13 - 2014-10-26 20:13 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive

2014-10-26 18:39 - 2014-10-26 19:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013

2014-10-26 18:21 - 2014-10-26 18:23 - 00000000 ____D () C:\Program Files\Microsoft Office 15

2014-10-26 18:20 - 2014-10-26 18:20 - 01055920 _____ (Microsoft Corporation) C:\Users\True\Downloads\setuponenotefreeretail.x86.en-us_.exe

2014-10-25 21:22 - 2014-10-27 13:49 - 00000000 ____D () C:\Users\True\Documents\OneNote Notebooks

2014-10-25 20:31 - 2014-10-29 19:55 - 00714208 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-10-25 20:31 - 2014-10-29 19:55 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

2014-10-17 16:03 - 2014-11-14 18:48 - 00000000 ___RD () C:\Users\True\Dropbox

2014-10-17 16:03 - 2014-11-14 18:47 - 00001070 _____ () C:\Users\True\Desktop\Dropbox.lnk

2014-10-17 16:02 - 2014-11-14 18:47 - 00000000 ____D () C:\Users\True\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

2014-10-17 15:57 - 2014-11-14 18:48 - 00000000 ____D () C:\Users\True\AppData\Roaming\Dropbox

2014-10-17 15:56 - 2014-10-17 15:56 - 00323672 _____ (Dropbox, Inc.) C:\Users\True\Downloads\DropboxInstaller.exe

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-11-14 19:04 - 2014-06-06 20:19 - 01626191 _____ () C:\Windows\WindowsUpdate.log

2014-11-14 19:02 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sru

2014-11-14 18:56 - 2014-06-06 20:30 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1734499517-1423219126-3406439121-1002

2014-11-14 18:41 - 2013-08-26 01:09 - 00956476 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-11-14 18:36 - 2014-06-06 20:27 - 00000000 ____D () C:\Users\True\Documents\Youcam

2014-11-14 18:35 - 2014-06-06 20:44 - 00000000 ___DO () C:\Users\True\SkyDrive

2014-11-14 18:32 - 2013-08-26 01:01 - 00120606 _____ () C:\Windows\PFRO.log

2014-11-14 18:32 - 2013-08-22 09:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-11-14 18:32 - 2013-08-22 08:25 - 00524288 ___SH () C:\Windows\system32\config\BBI

2014-11-14 18:23 - 2014-06-08 21:07 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-11-14 18:18 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\AppReadiness

2014-11-14 16:26 - 2014-06-06 20:51 - 00003914 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{E44FF485-5807-49FF-B743-482D2C37A352}

2014-11-12 15:13 - 2014-06-07 15:50 - 00000000 ____D () C:\Users\True\Desktop\Randy

2014-11-12 14:37 - 2014-07-27 16:21 - 00003154 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForTrue

2014-11-12 14:37 - 2014-07-27 16:21 - 00000342 _____ () C:\Windows\Tasks\HPCeeScheduleForTrue.job

2014-11-12 11:25 - 2013-08-22 10:20 - 00000000 ____D () C:\Windows\CbsTemp

2014-11-11 18:33 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\rescache

2014-11-11 18:18 - 2013-08-22 09:44 - 00484248 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-11-11 18:16 - 2014-03-25 14:47 - 00000000 ____D () C:\Windows\Options

2014-11-11 18:14 - 2013-08-22 10:36 - 00000000 ___RD () C:\Windows\ToastData

2014-11-11 18:14 - 2013-08-22 10:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel

2014-11-11 18:14 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2014-11-11 18:14 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2014-11-11 18:14 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Defender

2014-11-11 18:14 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender

2014-11-11 15:31 - 2014-06-07 10:42 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-11-11 15:25 - 2014-06-08 21:07 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-11-11 15:22 - 2014-06-09 08:54 - 00000000 ____D () C:\Windows\system32\MRT

2014-11-11 15:16 - 2014-06-09 08:54 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-11-11 13:08 - 2014-07-22 13:51 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

2014-11-11 09:23 - 2014-06-07 15:35 - 00000000 ____D () C:\Users\True\Desktop\Debbie Carvings

2014-11-07 15:47 - 2014-09-03 18:56 - 00000000 ____D () C:\Program Files (x86)\Legacy8

2014-11-04 22:56 - 2014-03-25 15:06 - 00000000 ____D () C:\ProgramData\McAfee

2014-11-04 22:56 - 2014-03-25 15:06 - 00000000 ____D () C:\Program Files (x86)\McAfee

2014-11-04 22:53 - 2013-08-22 10:36 - 00000000 ___HD () C:\Windows\ELAMBKUP

2014-11-04 22:51 - 2014-01-18 12:39 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection

2014-11-04 22:45 - 2014-06-06 20:24 - 00000000 ____D () C:\Users\True\AppData\Local\Packages

2014-11-03 20:50 - 2013-08-22 08:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM

2014-11-03 20:29 - 2014-06-22 17:04 - 00695808 ___SH () C:\Users\True\Desktop\Thumbs.db

2014-11-02 20:34 - 2014-06-09 09:24 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log

2014-11-02 20:34 - 2014-06-09 09:24 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt

2014-11-02 10:11 - 2014-06-07 21:17 - 00000000 ____D () C:\Users\True\Desktop\True Woodcarving Books

2014-10-30 12:26 - 2014-06-06 20:24 - 00000000 ____D () C:\Users\True

2014-10-30 06:25 - 2014-08-20 14:01 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2014-10-25 20:22 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\MediaViewer

2014-10-25 20:22 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\FileManager

2014-10-25 20:22 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\Camera

2014-10-25 20:21 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\WinStore

 

Some content of TEMP:

====================

C:\Users\True\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpuh5wix.dll

C:\Users\True\AppData\Local\Temp\Extract.exe

C:\Users\True\AppData\Local\Temp\ose00000.exe

C:\Users\True\AppData\Local\Temp\Quarantine.exe

C:\Users\True\AppData\Local\Temp\sqlite3.dll

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-11-10 22:02

 

==================== End Of Log ============================

 

 

Addition:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-11-2014

Ran by True at 2014-11-14 19:05:53

Running from C:\Users\True\Downloads

Boot Mode: Normal

==========================================================

 

 

==================== Security Center ========================

 

(If an entry is included in the fixlist, it will be removed.)

 

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

 

==================== Installed Programs ======================

 

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 

4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)

Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)

Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)

Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)

Airport Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden

AMD Catalyst Install Manager (HKLM\...\{FA071D2C-FB23-9D66-88DB-8B3B1CEBEDDC}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)

Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) Hidden

Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden

Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)

Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden

Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden

Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden

Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden

Curse at Twilight (x32 Version: 3.0.2.32 - WildTangent) Hidden

CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6902 - CyberLink Corp.)

CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.6.3728 - CyberLink Corp.)

CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3416 - CyberLink Corp.)

CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3.3709 - CyberLink Corp.)

CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.2.3618 - CyberLink Corp.)

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden

DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden

Dropbox (HKU\S-1-5-21-1734499517-1423219126-3406439121-1002\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.)

Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)

Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden

Fishdom 3: Collector's Edition (x32 Version: 3.0.2.38 - WildTangent) Hidden

Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden

Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden

House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden

HP Documentation (HKLM-x32\...\{D82B396E-A647-4C81-9DA4-C61F7BB620EC}) (Version: 1.1.0.0 - Hewlett-Packard)

HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)

HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)

HP Photosmart 5510 series Basic Device Software (HKLM\...\{CFF43B48-42A1-4967-9506-7E341BBD075F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)

HP Photosmart 5510 series Help (HKLM-x32\...\{E02964EA-0E1B-4620-A26E-CBAB0341B1BB}) (Version: 140.0.2.2 - Hewlett Packard)

HP Photosmart 5510 series Product Improvement Study (HKLM\...\{CBB98874-7884-4CC1-A78C-CB53C62BC77B}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)

HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7372.4698 - Hewlett-Packard)

HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.57 - Hewlett-Packard)

HP Support Assistant (HKLM-x32\...\{8C696B4B-6AB1-44BC-9416-96EAC474CABE}) (Version: 7.5.2.12 - Hewlett-Packard Company)

HP Support Solutions Framework (HKLM-x32\...\{D2F04839-0AD0-4F06-A6B5-6DFF05E27B67}) (Version: 11.50.0019 - Hewlett-Packard Company)

HP System Event Utility (HKLM-x32\...\{DEF23826-DB71-4654-BC00-D5D6C20802EA}) (Version: 1.1.4 - Hewlett-Packard Company)

HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)

HP Utility Center (HKLM\...\{891A1782-8B20-4403-8383-458962525926}) (Version: 2.3.4 - Hewlett-Packard Company)

HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)

Inst5675 (Version: 8.00.57 - Softex Inc.) Hidden

Inst5676 (Version: 8.00.57 - Softex Inc.) Hidden

Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden

John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden

King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden

Legacy 8.0 (HKLM-x32\...\Legacy 8.0) (Version: 8.0  - Millennia Corporation)

Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden

Mahjongg Dimensions Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden

Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)

Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)

Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft OneDrive (HKU\S-1-5-21-1734499517-1423219126-3406439121-1002\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)

Microsoft OneNote 2013 - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 15.0.4659.1001 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)

Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Mozilla Firefox 33.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla)

Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1 - Mozilla)

MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden

Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden

OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)

Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4659.1001 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Licensing Component (Version: 15.0.4659.1001 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4659.1001 - Microsoft Corporation) Hidden

Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden

Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden

Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden

Pinger (HKLM-x32\...\Pinger 1.4.0.1) (Version: 1.4.0.1 - Pinger Inc.)

Pinger (x32 Version: 1.4.0.1 - Pinger Inc.) Hidden

Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden

Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden

Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)

Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29075 - Realtek Semiconductor Corp.)

Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 8.24.1218.2013 - Realtek)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7156 - Realtek Semiconductor Corp.)

Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden

Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)

swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.0.4.0 - Synaptics Incorporated)

Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden

Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)

Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden

Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden

WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)

WildTangent Games App (HP Games) (x32 Version: 4.0.10.15 - WildTangent) Hidden

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)

Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden

Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

 

==================== Custom CLSID (selected items): ==========================

 

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

 

CustomCLSID: HKU\S-1-5-21-1734499517-1423219126-3406439121-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\True\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1734499517-1423219126-3406439121-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\True\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation)

CustomCLSID: HKU\S-1-5-21-1734499517-1423219126-3406439121-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\True\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1734499517-1423219126-3406439121-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\True\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1734499517-1423219126-3406439121-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\True\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1734499517-1423219126-3406439121-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\True\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1734499517-1423219126-3406439121-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\True\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1734499517-1423219126-3406439121-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\True\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1734499517-1423219126-3406439121-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\True\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

CustomCLSID: HKU\S-1-5-21-1734499517-1423219126-3406439121-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\True\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

 

==================== Restore Points  =========================

 

22-10-2014 03:03:08 Windows Update

30-10-2014 23:10:15 Scheduled Checkpoint

07-11-2014 17:21:52 Installed Colts DeskSite.

11-11-2014 17:05:34 Cleaner (Spybot - Search & Destroy 2.4, administrator privileges

 

==================== Hosts content: ==========================

 

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

 

2013-08-22 08:25 - 2014-11-06 09:28 - 00450713 ____R C:\Windows\system32\Drivers\etc\hosts

127.0.0.1              www.007guard.com

127.0.0.1              007guard.com

127.0.0.1              008i.com

127.0.0.1              www.008k.com

127.0.0.1              008k.com

127.0.0.1              www.00hq.com

127.0.0.1              00hq.com

127.0.0.1              010402.com

127.0.0.1              www.032439.com

127.0.0.1              032439.com

127.0.0.1              www.0scan.com

127.0.0.1              0scan.com

127.0.0.1              1000gratisproben.com

127.0.0.1              www.1000gratisproben.com

127.0.0.1              1001namen.com

127.0.0.1              www.1001namen.com

127.0.0.1              100888290cs.com

127.0.0.1              www.100888290cs.com

127.0.0.1              www.100sexlinks.com

127.0.0.1              100sexlinks.com

127.0.0.1              10sek.com

127.0.0.1              www.10sek.com

127.0.0.1              www.1-2005-search.com

127.0.0.1              1-2005-search.com

127.0.0.1              123fporn.info

127.0.0.1              www.123fporn.info

127.0.0.1              123haustiereundmehr.com

127.0.0.1              www.123haustiereundmehr.com

127.0.0.1              123moviedownload.com

 

There are 1000 more lines.

 

 

==================== Scheduled Tasks (whitelisted) =============

 

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

 

Task: {0390F844-8BB8-4CF2-8B6A-333B34585420} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN191045FP05NR => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-22] (Hewlett-Packard)

Task: {14C88463-7927-4A82-91E1-76418DF41312} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-09-25] (Microsoft Corporation)

Task: {1F999654-F0FA-4ED7-B6CC-BF747915E701} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)

Task: {2DCE66DC-4EC1-4969-A8A6-90B5FDBDA48C} - System32\Tasks\HPCeeScheduleForTrue => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)

Task: {31ACA094-369F-4EC6-9699-FE5E91D6E428} - \GPUP No Task File <==== ATTENTION

Task: {3AF72D1A-C3A0-4163-BA2D-A11572E75918} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-11-11] (Microsoft Corporation)

Task: {3FEE3CEB-BC79-45F5-B477-F98F63967A10} - System32\Tasks\Microsoft Office 15 Sync Maintenance for HOMEPC-True HomePC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-10-26] (Microsoft Corporation)

Task: {58129A26-74CB-4553-8BD5-9814AE98D6CE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)

Task: {632829CF-193A-42C0-A92B-FAC82F8EF5CA} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-12-13] (Synaptics Incorporated)

Task: {65828A87-D349-48FA-8777-5D15D920D332} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1734499517-1423219126-3406439121-1002 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe

Task: {84F919F4-E2FA-48C7-A521-1FD7702876CF} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)

Task: {98EA16A6-70E5-4DFB-9193-EFA7CA8E6769} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)

Task: {9AEAAAFB-7FF9-4217-83B0-4541E87B93BA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-11] (Adobe Systems Incorporated)

Task: {9F4D2CFC-A8B0-49E9-863B-8FC373E54C0A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-22] (Hewlett-Packard)

Task: {ACF70E8D-BCAA-417B-A3DF-B4F0BFE09FC2} - System32\Tasks\Jelbrus Secure Web Task => C:\Program Files (x86)\Jelbrus Secure Web\jswtask.exe [2014-10-31] (Jelbrus)

Task: {C14DD66F-61DA-48B4-8A39-1F2A71C36C88} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2013-12-17] (CyberLink Corp.)

Task: {C605FB90-B3E9-4290-9111-7908D68CA9EF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe

Task: {C754D718-617D-4B41-9C40-36DC14E713DE} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe

Task: {CA4671AD-3A46-4C05-B23C-B6843DAAAF40} - System32\Tasks\HPCustParticipation HP Photosmart 5510 series => C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)

Task: {EB87482D-A23B-4E11-BEFE-22A3B8646C74} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)

Task: {F39B73B7-D933-4537-904C-C8749C2BE318} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe

Task: {FA59E05D-50C3-4F1B-A01F-FB928C8D37E2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-22] (Hewlett-Packard)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\Windows\Tasks\HPCeeScheduleForTrue.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

 

==================== Loaded Modules (whitelisted) =============

 

2013-10-14 14:23 - 2013-10-14 14:23 - 00109568 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe

2013-10-14 14:24 - 2013-10-14 14:24 - 00627200 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll

2013-10-14 14:25 - 2013-10-14 14:25 - 02541056 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll

2013-10-14 14:22 - 2013-10-14 14:22 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll

2013-10-14 14:22 - 2013-10-14 14:22 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll

2013-10-14 14:22 - 2013-10-14 14:22 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll

2013-10-14 14:35 - 2013-10-14 14:35 - 00306064 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll

2013-10-14 14:35 - 2013-10-14 14:35 - 01297296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll

2013-12-11 17:12 - 2013-12-11 17:12 - 00099328 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe

2013-12-11 17:11 - 2013-12-11 17:11 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll

2014-10-26 18:21 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll

2014-10-26 19:22 - 2014-10-26 19:22 - 08896160 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll

2013-10-14 14:30 - 2013-10-14 14:30 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe

2014-09-09 18:57 - 2014-09-09 18:58 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\ErrorReporting.dll

2014-11-05 23:04 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl

2014-11-05 23:04 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl

2014-11-05 23:04 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl

2014-11-05 23:04 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll

2014-11-05 23:04 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll

2014-03-25 15:05 - 2013-08-05 02:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll

2013-08-05 17:48 - 2013-08-05 17:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll

2014-10-26 19:23 - 2014-10-26 19:23 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll

2014-10-26 18:23 - 2014-10-26 18:23 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll

2013-07-10 17:07 - 2013-07-10 17:07 - 00756888 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL

2014-11-11 19:43 - 2014-11-06 19:09 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

2014-11-14 18:48 - 2014-11-14 18:48 - 00043008 _____ () c:\users\true\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpuh5wix.dll

2013-08-23 14:01 - 2013-08-23 14:01 - 25100288 _____ () C:\Users\True\AppData\Roaming\Dropbox\bin\libcef.dll

 

==================== Alternate Data Streams (whitelisted) =========

 

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

 

AlternateDataStreams: C:\Users\True\SkyDrive:ms-properties

 

==================== Safe Mode (whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

 

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

 

==================== EXE Association (whitelisted) =============

 

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

 

 

==================== MSCONFIG/TASK MANAGER disabled items =========

 

(Currently there is no automatic fix for this section.)

 

 

========================= Accounts: ==========================

 

Administrator (S-1-5-21-1734499517-1423219126-3406439121-500 - Administrator - Disabled)

Guest (S-1-5-21-1734499517-1423219126-3406439121-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-1734499517-1423219126-3406439121-1004 - Limited - Enabled)

True (S-1-5-21-1734499517-1423219126-3406439121-1002 - Administrator - Enabled) => C:\Users\True

 

==================== Faulty Device Manager Devices =============

 

 

==================== Event log errors: =========================

 

Application errors:

==================

Error: (11/14/2014 04:50:17 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program LiveComm.exe version 17.5.9600.20605 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: e68

 

Start Time: 01d00052596c3036

 

Termination Time: 4294967295

 

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exe

 

Report Id: 3339015c-6c48-11e4-8278-a02bb835ea16

 

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe

 

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

 

Error: (11/13/2014 08:14:25 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program LiveComm.exe version 17.5.9600.20605 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: 1938

 

Start Time: 01cffe918d6a1fed

 

Termination Time: 4294967295

 

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exe

 

Report Id: eda1ae42-6b97-11e4-8276-a02bb835ea16

 

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe

 

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

 

Error: (11/13/2014 07:41:42 PM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program backgroundTaskHost.exe version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: 1680

 

Start Time: 01cfffa2e44ca04d

 

Termination Time: 4294967295

 

Application Path: C:\Windows\system32\backgroundTaskHost.exe

 

Report Id: dc8caab8-6b96-11e4-8276-a02bb835ea16

 

Faulting package full name: Facebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nnt

 

Faulting package-relative application ID: App

 

Error: (11/12/2014 10:48:50 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program LiveComm.exe version 17.5.9600.20605 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: 1af8

 

Start Time: 01cffe0c1016922e

 

Termination Time: 4294967295

 

Application Path: C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exe

 

Report Id: 23e6ba1c-6a83-11e4-8276-a02bb835ea16

 

Faulting package full name: microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe

 

Faulting package-relative application ID: ppleae38af2e007f4358a809ac99a64a67c1

 

Error: (11/11/2014 01:29:06 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: WajamInternetEnhancerService.exe, version: 2.15.2.5, time stamp: 0x54240939

Faulting module name: WajamInternetEnhancerService.exe, version: 2.15.2.5, time stamp: 0x54240939

Exception code: 0xc0000005

Fault offset: 0x00021a20

Faulting process id: 0x1470

Faulting application start time: 0xWajamInternetEnhancerService.exe0

Faulting application path: WajamInternetEnhancerService.exe1

Faulting module path: WajamInternetEnhancerService.exe2

Report Id: WajamInternetEnhancerService.exe3

Faulting package full name: WajamInternetEnhancerService.exe4

Faulting package-relative application ID: WajamInternetEnhancerService.exe5

 

Error: (11/11/2014 01:28:55 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: WajamInternetEnhancerService.exe, version: 2.15.2.5, time stamp: 0x54240939

Faulting module name: WajamInternetEnhancerService.exe, version: 2.15.2.5, time stamp: 0x54240939

Exception code: 0xc0000005

Fault offset: 0x00021a20

Faulting process id: 0x199c

Faulting application start time: 0xWajamInternetEnhancerService.exe0

Faulting application path: WajamInternetEnhancerService.exe1

Faulting module path: WajamInternetEnhancerService.exe2

Report Id: WajamInternetEnhancerService.exe3

Faulting package full name: WajamInternetEnhancerService.exe4

Faulting package-relative application ID: WajamInternetEnhancerService.exe5

 

Error: (11/11/2014 01:06:24 PM) (Source: MsiInstaller) (EventID: 1024) (User: HOMEPC)

Description: Product: Adobe Reader XI (11.0.08) - Update '{AC76BA86-7AD7-0000-2550-7A8C40011009}' could not be installed. Error code 1625. Windows Installer can create logs to help troubleshoot issues with installing software packages. Use the following link for instructions on turning on logging support: http://go.microsoft.com/fwlink/?LinkId=23127

 

Error: (11/11/2014 09:34:05 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: plugin-container.exe, version: 33.1.0.5423, time stamp: 0x545c0a59

Faulting module name: mozalloc.dll, version: 33.1.0.5423, time stamp: 0x545be5ee

Exception code: 0x80000003

Fault offset: 0x00001425

Faulting process id: 0x1990

Faulting application start time: 0xplugin-container.exe0

Faulting application path: plugin-container.exe1

Faulting module path: plugin-container.exe2

Report Id: plugin-container.exe3

Faulting package full name: plugin-container.exe4

Faulting package-relative application ID: plugin-container.exe5

 

Error: (11/11/2014 09:30:35 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program firefox.exe version 33.1.0.5423 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

 

Process ID: 154c

 

Start Time: 01cffdba3391b8e6

 

Termination Time: 4294967295

 

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

 

Report Id: 49cbe4d4-69af-11e4-8274-a02bb835ea16

 

Faulting package full name:

 

Faulting package-relative application ID:

 

Error: (11/11/2014 09:30:32 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: plugin-container.exe, version: 33.1.0.5423, time stamp: 0x545c0a59

Faulting module name: mozalloc.dll, version: 33.1.0.5423, time stamp: 0x545be5ee

Exception code: 0x80000003

Fault offset: 0x00001425

Faulting process id: 0x1998

Faulting application start time: 0xplugin-container.exe0

Faulting application path: plugin-container.exe1

Faulting module path: plugin-container.exe2

Report Id: plugin-container.exe3

Faulting package full name: plugin-container.exe4

Faulting package-relative application ID: plugin-container.exe5

 

 

System errors:

=============

Error: (11/14/2014 06:32:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The GamesAppIntegrationService service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (11/14/2014 06:32:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Spybot-S&D 2 Scanner Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

 

Error: (11/14/2014 06:32:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

 

Error: (11/14/2014 06:32:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Spybot-S&D 2 Updating Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

 

Error: (11/14/2014 06:32:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

 

Error: (11/14/2014 06:32:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The HP Support Assistant Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

 

Error: (11/14/2014 06:32:17 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The MBAMService service terminated unexpectedly.  It has done this 1 time(s).

 

Error: (11/14/2014 06:32:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Spybot-S&D 2 Security Center Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

 

Error: (11/14/2014 06:31:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Microsoft Office ClickToRun Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

 

Error: (11/14/2014 06:31:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )

Description: The MBAMScheduler service terminated unexpectedly.  It has done this 1 time(s).

 

 

Microsoft Office Sessions:

=========================

 

CodeIntegrity Errors:

===================================

  Date: 2014-11-14 18:58:44.801

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-11-10 22:03:44.355

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-11-07 12:36:15.161

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-11-05 21:42:50.283

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-10-25 21:49:38.238

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

 

  Date: 2014-08-20 17:23:47.703

  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

 

 

==================== Memory info ===========================

 

Processor: AMD E1-2100 APU with Radeon HD Graphics

Percentage of memory in use: 48%

Total physical RAM: 3537.01 MB

Available physical RAM: 1827.7 MB

Total Pagefile: 4305.01 MB

Available Pagefile: 2237.05 MB

Total Virtual: 131072 MB

Available Virtual: 131071.79 MB

 

==================== Drives ================================

 

Drive c: (Windows) (Fixed) (Total:446.21 GB) (Free:388.14 GB) NTFS

Drive d: (RECOVERY) (Fixed) (Total:18.67 GB) (Free:1.88 GB) NTFS ==>[system with boot components (obtained from reading drive)]

 

==================== MBR & Partition Table ==================

 

========================================================

Disk: 0 (Size: 465.8 GB) (Disk ID: 3F95D415)

 

Partition: GPT Partition Type.

 

==================== End Of Log ============================

Link to post
Share on other sites

  • Root Admin

Hello and :welcome:

Please read the following and post back the logs when ready and we'll see about getting you cleaned up.

General P2P/Piracy Warning:
 
 

 
If you're using
Peer 2 Peer
software such as
uTorrent, BitTorrent
or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have
illegal/cracked software, cracks, keygens etc
. on the system, please remove or uninstall them now and read the policy on
Piracy
.



 
Before we proceed further, please read all of the following instructions carefully.
If there is anything that you do not understand kindly ask before proceeding.
If needed please print out these instructions.
  • Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
  • If the log is too large then you can use attachments by clicking on the More Reply Options button.
  • Please enable your system to show hidden files: How to see hidden files in Windows
  • Make sure you're subscribed to this topic:
    • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

    [*]Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive [*]Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you. [*]The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone. [*]Perform everything in the correct order. Sometimes one step requires the previous one. [*]If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue. [*]You can check here if you're not sure if your computer is 32-bit or 64-bit [*]Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners. [*]When we are done, I'll give you instructions on how to cleanup all the tools and logs [*]Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. [*]Your topic will be closed if you haven't replied within 3 days [*](If I have not responded within 24 hours, please send me a Private Message as a reminder)


 
STEP 0
RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes
so that your normal security software can then run and clean your computer of infections.
When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies
that stop us from using certain tools. When finished it will display a log file that shows the processes that were
terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot
your computer as any malware processes that are configured to start automatically will just be started again.
Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.
 


Link 2

  • On Windows XP double-click on the Rkill desktop icon to run the tool.
  • On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.

STEP 01
Backup the Registry:
Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.
  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.

    [*]Make sure that at least the first two check boxes are selected. [*]Click on OK [*]Then click on YES to create the folder. [*]Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe


STEP 02
Please run a Threat Scan with MBAM.  If you're unable to run or complete the scan as shown below please see the following:  MBAM Clean Removal Process 2x
When reinstalling the program please try the latest version.

Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.
 
 
STEP 03
Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit

  • RogueKiller 32-bit | RogueKiller 64-bit
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes Close the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!!
  • Post back the report which should be located on your desktop.


Thank you
 

Link to post
Share on other sites

Thank you for helping me. You have no idea how much I appreciate it!

 

Here's the results from the Threat Scan:

 

 

Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 11/17/2014

Scan Time: 5:09:20 PM

Logfile:

Administrator: Yes

Version: 2.00.3.1025

Malware Database: v2014.11.17.07

Rootkit Database: v2014.11.12.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

OS: Windows 8.1

CPU: x64

File System: NTFS

User: True

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 323982

Time Elapsed: 39 min, 9 sec

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

Processes: 0

(No malicious items detected)

Modules: 0

(No malicious items detected)

Registry Keys: 0

(No malicious items detected)

Registry Values: 0

(No malicious items detected)

Registry Data: 0

(No malicious items detected)

Folders: 0

(No malicious items detected)

Files: 0

(No malicious items detected)

Physical Sectors: 0

(No malicious items detected)

(end)

 

And here's the log from RogueKiller:

 

RogueKiller V10.0.6.0 (x64) [Nov 13 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : True [Administrator]
Mode : Scan -- Date : 11/17/2014  19:41:38

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 16 ¤¤¤
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyEnable : 1  -> Found
[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:50183;https=127.0.0.1:50183  -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:50183;https=127.0.0.1:50183  -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:50183;https=127.0.0.1:50183  -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:50183;https=127.0.0.1:50183  -> Found
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1734499517-1423219126-3406439121-1002\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com  -> Found
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1734499517-1423219126-3406439121-1002\Software\Microsoft\Internet Explorer\Main | Start Page : www.google.com  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{ACEA431E-6210-4E77-A94A-E742D2D8142B} | DhcpNameServer : 100.100.1.5 [(Unknown Country?) (XX)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{ACEA431E-6210-4E77-A94A-E742D2D8142B} | DhcpNameServer : 100.100.1.5 [(Unknown Country?) (XX)]  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 [Too big!] ¤¤¤

¤¤¤ Antirootkit : 6 (Driver: Loaded) ¤¤¤
[iAT:Addr] (explorer.exe @ USERENV.dll) ext-ms-win-profile-userenv-l1-1-0.dll - GetAppContainerFolderPathWorker : C:\Windows\SYSTEM32\profext.dll @ 0x7ffa67844f28
[iAT:Addr] (explorer.exe @ SettingSyncCore.dll) ext-ms-win-winbici-l1-1-0.dll - SetUserId : C:\Windows\SYSTEM32\winbici.dll @ 0x7ffa69163470
[iAT:Addr] (explorer.exe @ SettingSyncCore.dll) ext-ms-win-winbici-l1-1-0.dll - SetUserBetaState : C:\Windows\SYSTEM32\winbici.dll @ 0x7ffa69163710
[iAT:Addr] (explorer.exe @ Windows.Globalization.dll) ext-ms-win-globalization-collation-l1-1-0.dll - WGCGetGroupingLetter : C:\Windows\SYSTEM32\globcollationhost.dll @ 0x7ffa6db30c78
[iAT:Addr] (explorer.exe @ Windows.Globalization.dll) ext-ms-win-globalization-collation-l1-1-0.dll - WGCGetCharacterGroupDisplayName : C:\Windows\SYSTEM32\globcollationhost.dll @ 0x7ffa6db30c84
[iAT:Addr] (explorer.exe @ Windows.Globalization.dll) ext-ms-win-globalization-collation-l1-1-0.dll - WGCGetDefaultGroupingLetters : C:\Windows\SYSTEM32\globcollationhost.dll @ 0x7ffa6db30c6c

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: HGST HTS545050A7E680 SATA Disk Device +++++
--- User ---
[MBR] 50f32aaf7394053b52d5af7f949c1c83
[bSP] 39086017092d4150764ee2cf324d8bd9 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MB
User = LL1 ... OK
User = LL2 ... OK
 

Link to post
Share on other sites

  • Root Admin

If you still have RogueKiller running you can tell it to fix these items. If not that's okay we'll fix them soon with another tool.

 

 

[PUM.Proxy] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:50183;https=127.0.0.1:50183  -> Found
[PUM.Proxy] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:50183;https=127.0.0.1:50183  -> Found
[PUM.Proxy] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:50183;https=127.0.0.1:50183  -> Found
[PUM.Proxy] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings | ProxyServer : http=127.0.0.1:50183;https=127.0.0.1:50183  -> Found

 

 

 

 

 

Please go ahead and run through the following steps and post back the logs when ready.
 
STEP 04
Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus


STEP 05
Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.


STEP 06
Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Remove any threats found
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.


STEP 07
button_eos.gif

Please go here to run the online antivirus scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology


    [*]Click Scan [*]Wait for the scan to finish [*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.


STEP 08
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.

Link to post
Share on other sites

Ran all the above scans and here are the logs.

 

JRT Log:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 6.3.9 (11.15.2014:2)

OS: Windows 8.1 x64

Ran by True on Wed 11/19/2014 at 17:43:14.94

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

Successfully deleted: [File] "C:\Windows\wininit.ini"

 

~~~ Folders

 

~~~ Event Viewer Logs were cleared

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Wed 11/19/2014 at 17:50:09.61

End of JRT log

 

==================================================================================================

AdwCleaner Log:

 

# AdwCleaner v4.101 - Report created 19/11/2014 at 18:07:45

# Updated 09/11/2014 by Xplode

# Database : 2014-11-16.1 [Live]

# Operating System : Windows 8.1  (64 bits)

# Username : True - HOMEPC

# Running from : C:\Users\True\Desktop\AdwCleaner(1).exe

# Option : Clean

 

***** [ Services ] *****

 

***** [ Files / Folders ] *****

 

***** [ Scheduled Tasks ] *****

 

***** [ Shortcuts ] *****

 

***** [ Registry ] *****

 

***** [ Browsers ] *****

 

-\\ Internet Explorer v11.0.9600.17416

 

-\\ Mozilla Firefox v33.1 (x86 en-US)

 

*************************

 

AdwCleaner[R0].txt - [939 octets] - [14/11/2014 18:23:14]

AdwCleaner[R1].txt - [842 octets] - [19/11/2014 17:57:42]

AdwCleaner[s0].txt - [965 octets] - [14/11/2014 18:31:24]

AdwCleaner[s1].txt - [764 octets] - [19/11/2014 18:07:45]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s1].txt - [823 octets] ##########

===============================================================================================================

MalwareBytes Log:

 

 

Malwarebytes Anti-Malware

www.malwarebytes.org

 

Scan Date: 11/19/2014

Scan Time: 6:22:51 PM

Logfile:

Administrator: Yes

 

Version: 2.00.3.1025

Malware Database: v2014.11.19.07

Rootkit Database: v2014.11.18.01

License: Trial

Malware Protection: Enabled

Malicious Website Protection: Enabled

Self-protection: Disabled

 

OS: Windows 8.1

CPU: x64

File System: NTFS

User: True

 

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 324660

Time Elapsed: 38 min, 57 sec

 

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Enabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

 

Processes: 0

(No malicious items detected)

 

Modules: 0

(No malicious items detected)

 

Registry Keys: 0

(No malicious items detected)

 

Registry Values: 0

(No malicious items detected)

 

Registry Data: 0

(No malicious items detected)

 

Folders: 0

(No malicious items detected)

 

Files: 0

(No malicious items detected)

 

Physical Sectors: 0

(No malicious items detected)

 

(end)

===================================================================================================================

ESET Log:

 

C:\Program Files (x86)\Jelbrus Secure Web\jsie.dll    a variant of Win32/Techsnab.C potentially unwanted application

C:\Program Files (x86)\Jelbrus Secure Web\jswchromium.exe   a variant of Win32/Techsnab.C potentially unwanted application

C:\Program Files (x86)\Jelbrus Secure Web\jswchromium64.exe a variant of Win32/Techsnab.C potentially unwanted application

C:\Program Files (x86)\Jelbrus Secure Web\jsweb.dll   a variant of Win32/Techsnab.C potentially unwanted application

C:\Program Files (x86)\Jelbrus Secure Web\jsweb64.dll a variant of Win32/Techsnab.C potentially unwanted application

C:\Program Files (x86)\Jelbrus Secure Web\jswff.exe   a variant of Win32/Techsnab.C potentially unwanted application

C:\Program Files (x86)\Jelbrus Secure Web\jswtask.exe a variant of Win32/Techsnab.C potentially unwanted application

C:\Users\True\AppData\Local\Microsoft\Windows\INetCache\IE\0MG0BT1B\OrbiterInstaller[1].exe      a variant of Win32/Conduit.SearchProtect.N potentially unwanted application

C:\Users\True\AppData\Local\Microsoft\Windows\INetCache\IE\0MG0BT1B\SPSetup[1].exe  a variant of Win32/ClientConnect.A potentially unwanted application

C:\Users\True\AppData\Local\Microsoft\Windows\INetCache\IE\MTUW70C6\spstub[1].exe   a variant of Win32/ClientConnect.A potentially unwanted application

================================================================================================================

Farbar Log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 19-11-2014

Ran by True (administrator) on HOMEPC on 20-11-2014 06:15:58

Running from C:\Users\True\Downloads

Loaded Profile: True (Available profiles: True)

Platform: Windows 8.1 (X64) OS Language: English (United States)

Internet Explorer Version 11

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

 

==================== Processes (Whitelisted) =================

 

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

 

() C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe

(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe

(AMD) C:\Windows\System32\atiesrxx.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe

() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe

(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe

(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe

(Microsoft Corporation) C:\Windows\System32\dasHost.exe

(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe

(AMD) C:\Windows\System32\atieclxx.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe

(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe

(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe

(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe

(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe

(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe

(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe

(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe

(Dropbox, Inc.) C:\Users\True\AppData\Roaming\Dropbox\bin\Dropbox.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe

(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe

(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPNetworkCommunicator.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe

(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe

(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE

(Microsoft Corporation) C:\Windows\splwow64.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\livecomm.exe

 

 

==================== Registry (Whitelisted) ==================

 

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

 

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7510896 2014-07-05] (Realtek Semiconductor)

HKLM\...\Run: [simplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2758200 2013-10-14] (Hewlett-Packard)

HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-10-14] (Hewlett-Packard)

HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [155704 2013-10-14] (Hewlett-Packard)

HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2803440 2013-12-13] (Synaptics Incorporated)

HKLM\...\Run: [ColtsTray] => C:\Program Files (x86)\DeskSite Software\Colts DeskSite\ColtsTray.exe

HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-11] (Advanced Micro Devices, Inc.)

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)

HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [475448 2014-03-26] (Hewlett-Packard Development Company, L.P.)

HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)

HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)

HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard)

Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]

HKLM\...\Policies\Explorer: [NoFolderOptions] 0

HKLM\...\Policies\Explorer: [NoControlPanel] 0

HKU\S-1-5-21-1734499517-1423219126-3406439121-1002\...\Run: [HP Photosmart 5510 series (NET)] => C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)

HKU\S-1-5-21-1734499517-1423219126-3406439121-1002\...\Run: [spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)

Startup: C:\Users\True\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk

ShortcutTarget: Dropbox.lnk -> C:\Users\True\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

Startup: C:\Users\True\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - .lnk

ShortcutTarget: Monitor Ink Alerts - .lnk -> C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)

Startup: C:\Users\True\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk

ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

Startup: C:\Users\True\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk

ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)

BootExecute: autocheck autochk * sdnclean64.exe

 

==================== Internet (Whitelisted) ====================

 

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

 

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.

ProxyServer: [.DEFAULT] => http=127.0.0.1:50183;https=127.0.0.1:50183

HKU\S-1-5-21-1734499517-1423219126-3406439121-1002\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com

HKU\S-1-5-21-1734499517-1423219126-3406439121-1002\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/HPNOT14/1

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPNOT14/1

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank

SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS

SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS

SearchScopes: HKLM -> {86A0B50C-6F90-4213-B8C1-14CE698B7817} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS

SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=CPNTDFJS

SearchScopes: HKLM-x32 -> {86A0B50C-6F90-4213-B8C1-14CE698B7817} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

SearchScopes: HKU\S-1-5-21-1734499517-1423219126-3406439121-1002 -> {86A0B50C-6F90-4213-B8C1-14CE698B7817} URL = http://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}

SearchScopes: HKU\S-1-5-21-1734499517-1423219126-3406439121-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/711-154371-11896-2/4?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)

BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)

BHO-x32: SecureWebBHO Class -> {D3C24E2B-C820-4492-9B69-11BF7163F998} -> C:\Program Files (x86)\Jelbrus Secure Web\jsie.dll (Jelbrus)

BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)

Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

 

FireFox:

========

FF ProfilePath: C:\Users\True\AppData\Roaming\Mozilla\Firefox\Profiles\ywkk0q2m.default-1416000456201

FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()

FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF Extension: Firefox Helper - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\b85afb9c3dde7f804c95414cfb510fb1 [2014-11-13]

 

Chrome:

=======

 

==================== Services (Whitelisted) =================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [99328 2013-12-11] () [File not signed]

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-11] (Advanced Micro Devices, Inc.) [File not signed]

R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-10-14] () [File not signed]

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2443960 2014-10-30] (Microsoft Corporation)

R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent)

R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2014-01-13] (Hewlett-Packard Company) [File not signed]

R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [49464 2014-05-21] (Hewlett-Packard Company)

R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [469304 2014-03-26] (Hewlett-Packard Development Company, L.P.)

R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)

R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)

R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-10-14] (Softex Inc.) [File not signed]

R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-07-05] (Realtek Semiconductor)

R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)

R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)

R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)

S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-08-26] (Microsoft Corporation)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)

R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)

 

==================== Drivers (Whitelisted) ====================

 

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

 

R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17504 2013-02-07] (Advanced Micro Devices, INC.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3858944 2013-10-17] (Qualcomm Atheros Communications, Inc.)

R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2013-09-25] (Advanced Micro Devices)

R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)

R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)

R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-20] (Malwarebytes Corporation)

R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-10-01] (Malwarebytes Corporation)

R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [291032 2013-11-22] (Realtek Semiconductor Corp.)

S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29936 2013-12-13] (Synaptics Incorporated)

S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [31472 2013-12-13] (Synaptics Incorporated)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)

R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)

 

==================== NetSvcs (Whitelisted) ===================

 

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

 

 

==================== One Month Created Files and Folders ========

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-11-20 06:15 - 2014-11-20 06:15 - 00000000 ____D () C:\Users\True\Downloads\FRST-OlderVersion

2014-11-19 19:09 - 2014-11-19 19:09 - 00000000 ____D () C:\Program Files (x86)\ESET

2014-11-19 19:08 - 2014-11-19 19:09 - 02347384 _____ (ESET) C:\Users\True\Downloads\esetsmartinstaller_enu.exe

2014-11-19 17:56 - 2014-11-19 17:56 - 02140160 _____ () C:\Users\True\Desktop\AdwCleaner(1).exe

2014-11-19 17:50 - 2014-11-19 17:50 - 00000678 _____ () C:\Users\True\Desktop\JRT.txt

2014-11-19 17:44 - 2014-11-19 17:44 - 00000000 ____D () C:\Users\True\AppData\Local\CrashDumps

2014-11-19 17:43 - 2014-11-19 17:43 - 00000000 ____D () C:\Windows\ERUNT

2014-11-19 17:39 - 2014-11-19 17:39 - 01707532 _____ (Thisisu) C:\Users\True\Desktop\JRT.exe

2014-11-18 16:55 - 2014-11-09 18:19 - 00991232 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll

2014-11-18 16:55 - 2014-11-09 18:19 - 00806400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll

2014-11-18 16:55 - 2014-11-09 18:18 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll

2014-11-18 16:55 - 2014-11-09 18:18 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll

2014-11-17 19:44 - 2014-11-17 19:44 - 00004637 _____ () C:\Users\True\Desktop\RKreport_SCN_11172014_194138.log

2014-11-17 19:21 - 2014-11-17 19:21 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys

2014-11-17 19:20 - 2014-11-17 19:20 - 00000000 ____D () C:\ProgramData\RogueKiller

2014-11-17 19:16 - 2014-11-17 19:18 - 17535064 _____ () C:\Users\True\Desktop\RogueKillerX64.exe

2014-11-17 17:06 - 2014-11-17 17:06 - 00000000 ____D () C:\Users\True\Desktop\11-17-2014

2014-11-17 17:04 - 2014-11-17 17:04 - 00000947 _____ () C:\Users\True\Desktop\NTREGOPT.lnk

2014-11-17 17:04 - 2014-11-17 17:04 - 00000928 _____ () C:\Users\True\Desktop\ERUNT.lnk

2014-11-17 17:04 - 2014-11-17 17:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT

2014-11-17 17:04 - 2014-11-17 17:04 - 00000000 ____D () C:\Program Files (x86)\ERUNT

2014-11-17 17:02 - 2014-11-17 17:02 - 00791393 _____ (Lars Hederer ) C:\Users\True\Downloads\erunt-setup.exe

2014-11-17 17:01 - 2014-11-17 17:01 - 00003940 _____ () C:\Users\True\Desktop\Rkill report.txt

2014-11-17 16:58 - 2014-11-17 17:01 - 00003940 _____ () C:\Users\True\Desktop\Rkill.txt

2014-11-17 16:56 - 2014-11-17 16:56 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\True\Desktop\rkill.exe

2014-11-14 19:05 - 2014-11-14 19:07 - 00037343 _____ () C:\Users\True\Downloads\Addition.txt

2014-11-14 19:03 - 2014-11-20 06:16 - 00000000 ____D () C:\FRST

2014-11-14 19:03 - 2014-11-20 06:15 - 00018002 _____ () C:\Users\True\Downloads\FRST.txt

2014-11-14 18:50 - 2014-11-20 06:15 - 02117120 _____ (Farbar) C:\Users\True\Downloads\FRST64.exe

2014-11-14 18:23 - 2014-11-19 18:21 - 00000000 ____D () C:\AdwCleaner

2014-11-14 18:20 - 2014-11-14 18:21 - 02140160 _____ () C:\Users\True\Downloads\AdwCleaner.exe

2014-11-14 16:26 - 2014-11-14 16:26 - 00000000 __SHD () C:\Users\True\AppData\Local\EmieBrowserModeList

2014-11-11 19:43 - 2014-11-11 19:43 - 00001182 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk

2014-11-11 19:43 - 2014-11-11 19:43 - 00001170 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk

2014-11-11 19:43 - 2014-11-11 19:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service

2014-11-11 19:30 - 2014-11-11 19:30 - 00244088 _____ () C:\Users\True\Downloads\Firefox Setup Stub 33.1.exe

2014-11-11 15:14 - 2014-10-31 00:28 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll

2014-11-11 15:13 - 2014-10-30 22:42 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll

2014-11-11 15:10 - 2014-10-30 22:59 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll

2014-11-11 15:09 - 2014-10-30 23:50 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll

2014-11-11 15:09 - 2014-10-30 21:46 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll

2014-11-11 15:09 - 2014-10-30 21:30 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll

2014-11-11 15:08 - 2014-10-31 00:06 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll

2014-11-11 15:08 - 2014-10-31 00:05 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll

2014-11-11 15:08 - 2014-10-30 23:53 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll

2014-11-11 15:08 - 2014-10-30 23:51 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll

2014-11-11 15:08 - 2014-10-30 23:50 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll

2014-11-11 15:08 - 2014-10-30 23:38 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll

2014-11-11 15:08 - 2014-10-30 23:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll

2014-11-11 15:08 - 2014-10-30 23:15 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll

2014-11-11 15:08 - 2014-10-30 23:08 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll

2014-11-11 15:08 - 2014-10-30 23:05 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll

2014-11-11 15:08 - 2014-10-30 23:03 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl

2014-11-11 15:08 - 2014-10-30 22:45 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll

2014-11-11 15:08 - 2014-10-30 22:44 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll

2014-11-11 15:08 - 2014-10-30 22:32 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll

2014-11-11 15:08 - 2014-10-30 22:24 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll

2014-11-11 15:08 - 2014-10-30 22:20 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll

2014-11-11 15:08 - 2014-10-30 22:18 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll

2014-11-11 15:08 - 2014-10-30 22:13 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll

2014-11-11 15:08 - 2014-10-30 22:12 - 00661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll

2014-11-11 15:08 - 2014-10-30 22:11 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll

2014-11-11 15:08 - 2014-10-30 22:02 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll

2014-11-11 15:08 - 2014-10-30 21:50 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll

2014-11-11 15:08 - 2014-10-30 21:46 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll

2014-11-11 15:08 - 2014-10-30 21:42 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll

2014-11-11 15:08 - 2014-10-30 21:40 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll

2014-11-11 15:08 - 2014-10-30 21:39 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl

2014-11-11 15:08 - 2014-10-30 21:17 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll

2014-11-11 15:08 - 2014-10-30 21:13 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll

2014-11-11 15:08 - 2014-10-30 21:11 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

2014-11-11 15:07 - 2014-10-31 00:09 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll

2014-11-11 15:07 - 2014-10-31 00:06 - 00237568 _____ (Microsoft Corporation) C:\Windows\system32\url.dll

2014-11-11 15:07 - 2014-10-31 00:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll

2014-11-11 15:07 - 2014-10-31 00:05 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec

2014-11-11 15:07 - 2014-10-31 00:04 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll

2014-11-11 15:07 - 2014-10-30 23:57 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll

2014-11-11 15:07 - 2014-10-30 23:54 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll

2014-11-11 15:07 - 2014-10-30 23:52 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll

2014-11-11 15:07 - 2014-10-30 23:51 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe

2014-11-11 15:07 - 2014-10-30 23:51 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe

2014-11-11 15:07 - 2014-10-30 23:40 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll

2014-11-11 15:07 - 2014-10-30 23:30 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll

2014-11-11 15:07 - 2014-10-30 23:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll

2014-11-11 15:07 - 2014-10-30 23:29 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx

2014-11-11 15:07 - 2014-10-30 23:28 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll

2014-11-11 15:07 - 2014-10-30 23:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll

2014-11-11 15:07 - 2014-10-30 23:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll

2014-11-11 15:07 - 2014-10-30 23:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll

2014-11-11 15:07 - 2014-10-30 23:23 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll

2014-11-11 15:07 - 2014-10-30 23:19 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll

2014-11-11 15:07 - 2014-10-30 23:06 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll

2014-11-11 15:07 - 2014-10-30 23:05 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe

2014-11-11 15:07 - 2014-10-30 22:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll

2014-11-11 15:07 - 2014-10-30 22:28 - 00137728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe

2014-11-11 15:07 - 2014-10-30 22:27 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe

2014-11-11 15:07 - 2014-10-30 22:26 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll

2014-11-11 15:07 - 2014-10-30 22:24 - 00235520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll

2014-11-11 15:07 - 2014-10-30 22:24 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll

2014-11-11 15:07 - 2014-10-30 22:23 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec

2014-11-11 15:07 - 2014-10-30 22:23 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll

2014-11-11 15:07 - 2014-10-30 22:22 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll

2014-11-11 15:07 - 2014-10-30 22:16 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll

2014-11-11 15:07 - 2014-10-30 22:15 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll

2014-11-11 15:07 - 2014-10-30 22:14 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll

2014-11-11 15:07 - 2014-10-30 22:13 - 00099328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll

2014-11-11 15:07 - 2014-10-30 22:12 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe

2014-11-11 15:07 - 2014-10-30 22:03 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll

2014-11-11 15:07 - 2014-10-30 21:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll

2014-11-11 15:07 - 2014-10-30 21:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll

2014-11-11 15:07 - 2014-10-30 21:56 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll

2014-11-11 15:07 - 2014-10-30 21:56 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx

2014-11-11 15:07 - 2014-10-30 21:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll

2014-11-11 15:07 - 2014-10-30 21:53 - 00052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll

2014-11-11 15:07 - 2014-10-30 21:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll

2014-11-11 15:07 - 2014-10-30 21:51 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll

2014-11-11 15:07 - 2014-10-30 21:48 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll

2014-11-11 15:07 - 2014-10-30 21:40 - 00325632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll

2014-11-11 15:07 - 2014-10-30 21:26 - 01042944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll

2014-11-11 15:07 - 2014-10-30 21:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll

2014-11-11 15:06 - 2014-10-31 00:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe

2014-11-11 15:06 - 2014-10-31 00:12 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe

2014-11-11 15:06 - 2014-10-31 00:10 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe

2014-11-11 15:06 - 2014-10-31 00:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe

2014-11-11 15:06 - 2014-10-31 00:06 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll

2014-11-11 15:06 - 2014-10-30 23:56 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll

2014-11-11 15:06 - 2014-10-30 22:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe

2014-11-11 15:06 - 2014-10-30 22:25 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe

2014-11-11 15:00 - 2014-10-10 19:58 - 03320320 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll

2014-11-11 15:00 - 2014-10-10 19:53 - 03607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll

2014-11-11 15:00 - 2014-10-08 02:09 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll

2014-11-11 15:00 - 2014-10-08 00:32 - 02773504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll

2014-11-11 15:00 - 2014-10-08 00:19 - 02459136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll

2014-11-11 15:00 - 2014-09-21 23:38 - 01519488 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll

2014-11-11 15:00 - 2014-09-21 22:06 - 00258368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys

2014-11-11 15:00 - 2014-09-21 22:06 - 00114496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys

2014-11-11 15:00 - 2014-09-21 21:49 - 00035320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys

2014-11-11 15:00 - 2014-09-18 19:16 - 01346048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll

2014-11-11 15:00 - 2014-09-02 17:08 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\winshfhc.dll

2014-11-11 15:00 - 2014-09-02 17:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winshfhc.dll

2014-11-11 14:59 - 2014-10-17 02:01 - 00789184 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll

2014-11-11 14:59 - 2014-10-12 21:33 - 00116032 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe

2014-11-11 14:59 - 2014-10-09 20:58 - 00177472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys

2014-11-11 14:59 - 2014-10-09 20:58 - 00027456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys

2014-11-11 14:59 - 2014-10-09 20:44 - 00563976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys

2014-11-11 14:59 - 2014-10-08 02:37 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll

2014-11-11 14:59 - 2014-10-08 02:37 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll

2014-11-11 14:59 - 2014-10-08 02:34 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll

2014-11-11 14:59 - 2014-10-08 02:30 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll

2014-11-11 14:59 - 2014-10-08 02:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\rfxvmt.dll

2014-11-11 14:59 - 2014-10-08 01:56 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll

2014-11-11 14:59 - 2014-10-08 01:51 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll

2014-11-11 14:59 - 2014-10-08 01:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll

2014-11-11 14:59 - 2014-10-08 01:27 - 00325120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll

2014-11-11 14:59 - 2014-10-08 01:18 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll

2014-11-11 14:59 - 2014-10-08 01:17 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll

2014-11-11 14:59 - 2014-10-08 00:23 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll

2014-11-11 14:59 - 2014-09-27 02:13 - 00104336 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll

2014-11-11 14:59 - 2014-09-27 00:24 - 00088800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll

2014-11-11 14:59 - 2014-09-26 22:38 - 00426496 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll

2014-11-11 14:59 - 2014-09-26 22:30 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll

2014-11-11 14:59 - 2014-09-26 22:17 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll

2014-11-11 14:58 - 2014-10-18 04:55 - 00055776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe

2014-11-11 14:58 - 2014-10-18 03:09 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll

2014-11-11 14:58 - 2014-10-18 03:09 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll

2014-11-11 14:58 - 2014-10-18 02:25 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll

2014-11-11 14:58 - 2014-10-18 01:50 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll

2014-11-11 14:58 - 2014-10-18 01:38 - 03557376 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll

2014-11-11 14:58 - 2014-10-18 01:27 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe

2014-11-11 14:58 - 2014-10-18 01:26 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll

2014-11-11 14:58 - 2014-10-18 01:23 - 00407552 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll

2014-11-11 14:58 - 2014-10-18 01:23 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll

2014-11-11 14:58 - 2014-10-18 01:21 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll

2014-11-11 14:58 - 2014-10-18 01:20 - 01714176 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll

2014-11-11 14:58 - 2014-10-18 01:14 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll

2014-11-11 14:58 - 2014-10-18 01:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe

2014-11-11 14:58 - 2014-10-18 01:12 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll

2014-11-11 14:58 - 2014-10-18 01:11 - 00723968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll

2014-11-11 14:58 - 2014-10-17 01:58 - 00602768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll

2014-11-11 14:55 - 2014-10-23 00:48 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll

2014-11-11 14:55 - 2014-10-23 00:05 - 00072192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll

2014-11-11 14:55 - 2014-10-07 01:28 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll

2014-11-11 14:55 - 2014-10-07 01:27 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll

2014-11-11 14:55 - 2014-10-07 01:27 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll

2014-11-11 14:55 - 2014-10-07 01:27 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe

2014-11-11 14:55 - 2014-10-07 01:27 - 00108432 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll

2014-11-11 14:55 - 2014-10-06 22:34 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll

2014-11-11 14:55 - 2014-10-06 22:34 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll

2014-11-11 14:55 - 2014-10-06 22:33 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll

2014-11-11 14:55 - 2014-10-06 22:30 - 04182016 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys

2014-11-11 14:55 - 2014-10-06 20:54 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll

2014-11-11 14:55 - 2014-10-06 20:46 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll

2014-11-11 14:55 - 2014-08-23 00:18 - 02149376 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll

2014-11-11 14:55 - 2014-08-23 00:03 - 01346048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll

2014-11-11 14:54 - 2014-09-10 01:25 - 00474432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys

2014-11-11 14:54 - 2014-09-07 22:07 - 02497344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys

2014-11-11 14:54 - 2014-09-04 17:30 - 00822272 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll

2014-11-11 14:54 - 2014-09-04 17:21 - 01053184 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll

2014-11-11 14:54 - 2014-09-03 22:05 - 00836176 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll

2014-11-11 14:54 - 2014-09-03 21:22 - 00670384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll

2014-11-11 14:54 - 2014-09-03 20:01 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll

2014-11-11 14:54 - 2014-09-03 19:32 - 00334336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll

2014-11-11 14:54 - 2014-08-30 19:17 - 00148800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS

2014-11-11 14:54 - 2014-08-30 19:15 - 21197152 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll

2014-11-11 14:54 - 2014-08-30 17:59 - 18723112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll

2014-11-11 14:54 - 2014-08-30 16:04 - 00941568 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll

2014-11-11 14:54 - 2014-08-30 15:17 - 00799744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll

2014-11-11 14:54 - 2014-08-27 21:55 - 07484224 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe

2014-11-11 14:54 - 2014-08-27 19:21 - 02480128 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll

2014-11-11 14:54 - 2014-08-27 19:06 - 02030592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll

2014-11-11 14:54 - 2014-08-23 00:14 - 13424128 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll

2014-11-11 14:54 - 2014-08-23 00:04 - 11820544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll

2014-11-11 14:54 - 2014-08-22 23:50 - 02714112 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll

2014-11-11 14:53 - 2014-09-07 22:07 - 00428864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS

2014-11-11 14:53 - 2014-09-07 17:08 - 00389176 _____ () C:\Windows\system32\ApnDatabase.xml

2014-11-11 14:53 - 2014-08-30 17:05 - 00615424 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOMEX.dll

2014-11-11 14:53 - 2014-08-30 16:58 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\FXSAPI.dll

2014-11-11 14:53 - 2014-08-30 15:53 - 00239104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FXSAPI.dll

2014-11-11 14:53 - 2014-08-01 19:51 - 00545792 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll

2014-11-11 14:53 - 2014-08-01 19:35 - 00485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll

2014-11-11 13:58 - 2014-11-20 02:37 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys

2014-11-11 13:57 - 2014-11-11 13:57 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2014-11-11 13:57 - 2014-11-11 13:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2014-11-11 13:56 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys

2014-11-11 13:56 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

2014-11-11 13:56 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

2014-11-11 13:55 - 2014-11-11 13:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware

2014-11-11 13:55 - 2014-11-11 13:55 - 00000000 ____D () C:\ProgramData\Malwarebytes

2014-11-11 13:51 - 2014-11-11 13:54 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\True\Downloads\mbam-setup-2.0.3.1025.exe

2014-11-11 13:39 - 2014-11-17 17:04 - 00000000 ____D () C:\Users\True\Desktop\SOA

2014-11-10 19:10 - 2014-11-13 19:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

2014-11-07 12:44 - 2014-11-07 12:44 - 00244152 _____ () C:\Users\True\Downloads\Firefox Setup Stub 33.0.3.exe

2014-11-07 12:16 - 2014-11-07 12:18 - 15047896 _____ (DeskSite) C:\Users\True\Downloads\install_colts_desksite.exe

2014-11-06 13:40 - 2014-11-06 13:40 - 00244032 _____ () C:\Users\True\Downloads\Firefox Setup Stub 33.0.2.exe

2014-11-06 09:28 - 2013-08-22 08:25 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20141106-092815.backup

2014-11-05 23:05 - 2014-11-05 23:05 - 00001414 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk

2014-11-05 23:05 - 2014-11-05 23:05 - 00001402 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk

2014-11-05 23:05 - 2014-11-05 23:05 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking

2014-11-05 23:05 - 2014-11-05 23:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2

2014-11-05 23:04 - 2014-11-06 09:10 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy

2014-11-05 23:04 - 2014-11-05 23:10 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2

2014-11-05 23:04 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe

2014-11-05 22:52 - 2014-11-05 23:02 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\True\Downloads\spybot-2.4.exe

2014-11-05 22:36 - 2014-11-14 16:27 - 00000000 ____D () C:\Users\True\Desktop\Old Firefox Data

2014-11-04 22:11 - 2014-11-04 22:11 - 00002259 _____ () C:\Windows\epplauncher.mif

2014-11-04 22:07 - 2014-11-04 22:09 - 14087848 _____ (Microsoft Corporation) C:\Users\True\Downloads\mseinstall.exe

2014-10-31 14:01 - 2014-11-19 20:09 - 00003272 _____ () C:\Windows\System32\Tasks\Jelbrus Secure Web Task

2014-10-31 14:01 - 2014-10-31 14:01 - 00000000 ____D () C:\Program Files (x86)\Jelbrus Secure Web

2014-10-31 13:58 - 2014-11-11 13:12 - 00073728 _____ () C:\Windows\SysWOW64\tasks.dll

2014-10-30 12:26 - 2014-10-30 12:26 - 00000000 ____D () C:\Users\True\.swt

2014-10-30 12:24 - 2014-10-30 19:24 - 00000000 ____D () C:\Users\True\AppData\Roaming\Azureus

2014-10-30 12:17 - 2014-10-30 12:17 - 00072008 _____ (Azureus Software, Inc.) C:\Users\True\Downloads\VuzeBittorrentClientInstaller.exe

2014-10-27 19:33 - 2014-10-27 19:33 - 00000000 __SHD () C:\Users\True\AppData\Local\EmieUserList

2014-10-27 19:33 - 2014-10-27 19:33 - 00000000 __SHD () C:\Users\True\AppData\Local\EmieSiteList

2014-10-26 20:14 - 2014-11-19 18:28 - 00004962 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for HOMEPC-True HomePC

2014-10-26 20:14 - 2014-10-26 20:14 - 00003090 _____ () C:\Windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1734499517-1423219126-3406439121-1002

2014-10-26 20:14 - 2014-10-26 20:14 - 00000000 ___RD () C:\Users\True\OneDrive

2014-10-26 20:13 - 2014-10-26 20:13 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive

2014-10-26 18:39 - 2014-10-26 19:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013

2014-10-26 18:21 - 2014-11-18 17:16 - 00000000 ____D () C:\Program Files\Microsoft Office 15

2014-10-26 18:20 - 2014-10-26 18:20 - 01055920 _____ (Microsoft Corporation) C:\Users\True\Downloads\setuponenotefreeretail.x86.en-us_.exe

2014-10-25 21:22 - 2014-10-27 13:49 - 00000000 ____D () C:\Users\True\Documents\OneNote Notebooks

2014-10-25 20:31 - 2014-10-29 19:55 - 00714208 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe

2014-10-25 20:31 - 2014-10-29 19:55 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

 

==================== One Month Modified Files and Folders =======

 

(If an entry is included in the fixlist, the file\folder will be moved.)

 

2014-11-20 06:00 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sru

2014-11-20 05:23 - 2014-06-08 21:07 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job

2014-11-19 20:29 - 2014-06-06 20:19 - 01190241 _____ () C:\Windows\WindowsUpdate.log

2014-11-19 18:30 - 2014-06-06 20:27 - 00000000 ____D () C:\Users\True\Documents\Youcam

2014-11-19 18:19 - 2013-08-26 01:09 - 00956476 _____ () C:\Windows\system32\PerfStringBackup.INI

2014-11-19 18:18 - 2014-10-17 16:03 - 00000000 ___RD () C:\Users\True\Dropbox

2014-11-19 18:18 - 2014-10-17 15:57 - 00000000 ____D () C:\Users\True\AppData\Roaming\Dropbox

2014-11-19 18:17 - 2014-06-06 20:44 - 00000000 ___DO () C:\Users\True\SkyDrive

2014-11-19 18:11 - 2013-08-26 01:01 - 00121530 _____ () C:\Windows\PFRO.log

2014-11-19 18:11 - 2013-08-22 09:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT

2014-11-19 18:10 - 2013-08-22 08:25 - 00524288 ___SH () C:\Windows\system32\config\BBI

2014-11-19 18:02 - 2014-06-06 20:30 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1734499517-1423219126-3406439121-1002

2014-11-19 17:53 - 2014-06-06 20:51 - 00003914 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{E44FF485-5807-49FF-B743-482D2C37A352}

2014-11-18 17:33 - 2013-08-22 10:20 - 00000000 ____D () C:\Windows\CbsTemp

2014-11-17 17:04 - 2014-06-22 17:04 - 00695808 ___SH () C:\Users\True\Desktop\Thumbs.db

2014-11-16 17:23 - 2014-06-09 09:24 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log

2014-11-16 17:23 - 2014-06-09 09:24 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt

2014-11-16 14:37 - 2014-07-27 16:21 - 00003154 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForTrue

2014-11-16 14:37 - 2014-07-27 16:21 - 00000342 _____ () C:\Windows\Tasks\HPCeeScheduleForTrue.job

2014-11-16 12:32 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\AppReadiness

2014-11-14 20:32 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\rescache

2014-11-14 18:47 - 2014-10-17 16:03 - 00001070 _____ () C:\Users\True\Desktop\Dropbox.lnk

2014-11-14 18:47 - 2014-10-17 16:02 - 00000000 ____D () C:\Users\True\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox

2014-11-12 15:13 - 2014-06-07 15:50 - 00000000 ____D () C:\Users\True\Desktop\Randy

2014-11-11 18:18 - 2013-08-22 09:44 - 00484248 _____ () C:\Windows\system32\FNTCACHE.DAT

2014-11-11 18:16 - 2014-03-25 14:47 - 00000000 ____D () C:\Windows\Options

2014-11-11 18:14 - 2013-08-22 10:36 - 00000000 ___RD () C:\Windows\ToastData

2014-11-11 18:14 - 2013-08-22 10:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel

2014-11-11 18:14 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2014-11-11 18:14 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2014-11-11 18:14 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Defender

2014-11-11 18:14 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender

2014-11-11 15:31 - 2014-06-07 10:42 - 00000000 ____D () C:\ProgramData\Microsoft Help

2014-11-11 15:25 - 2014-06-08 21:07 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater

2014-11-11 15:22 - 2014-06-09 08:54 - 00000000 ____D () C:\Windows\system32\MRT

2014-11-11 15:16 - 2014-06-09 08:54 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

2014-11-11 13:08 - 2014-07-22 13:51 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

2014-11-11 09:23 - 2014-06-07 15:35 - 00000000 ____D () C:\Users\True\Desktop\Debbie Carvings

2014-11-07 15:47 - 2014-09-03 18:56 - 00000000 ____D () C:\Program Files (x86)\Legacy8

2014-11-04 22:56 - 2014-03-25 15:06 - 00000000 ____D () C:\ProgramData\McAfee

2014-11-04 22:56 - 2014-03-25 15:06 - 00000000 ____D () C:\Program Files (x86)\McAfee

2014-11-04 22:53 - 2013-08-22 10:36 - 00000000 ___HD () C:\Windows\ELAMBKUP

2014-11-04 22:51 - 2014-01-18 12:39 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection

2014-11-04 22:45 - 2014-06-06 20:24 - 00000000 ____D () C:\Users\True\AppData\Local\Packages

2014-11-03 20:50 - 2013-08-22 08:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM

2014-11-02 10:11 - 2014-06-07 21:17 - 00000000 ____D () C:\Users\True\Desktop\True Woodcarving Books

2014-10-30 12:26 - 2014-06-06 20:24 - 00000000 ____D () C:\Users\True

2014-10-30 06:25 - 2014-08-20 14:01 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

2014-10-25 20:22 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\MediaViewer

2014-10-25 20:22 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\FileManager

2014-10-25 20:22 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\Camera

2014-10-25 20:21 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\WinStore

 

Some content of TEMP:

====================

C:\Users\True\AppData\Local\Temp\dllnt_dump.dll

C:\Users\True\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpztxckg.dll

C:\Users\True\AppData\Local\Temp\Extract.exe

C:\Users\True\AppData\Local\Temp\ose00000.exe

C:\Users\True\AppData\Local\Temp\Quarantine.exe

C:\Users\True\AppData\Local\Temp\sqlite3.dll

 

 

==================== Bamital & volsnap Check =================

 

(There is no automatic fix for files that do not pass verification.)

 

C:\Windows\System32\winlogon.exe => File is digitally signed

C:\Windows\System32\wininit.exe => File is digitally signed

C:\Windows\explorer.exe => File is digitally signed

C:\Windows\SysWOW64\explorer.exe => File is digitally signed

C:\Windows\System32\svchost.exe => File is digitally signed

C:\Windows\SysWOW64\svchost.exe => File is digitally signed

C:\Windows\System32\services.exe => File is digitally signed

C:\Windows\System32\User32.dll => File is digitally signed

C:\Windows\SysWOW64\User32.dll => File is digitally signed

C:\Windows\System32\userinit.exe => File is digitally signed

C:\Windows\SysWOW64\userinit.exe => File is digitally signed

C:\Windows\System32\rpcss.dll => File is digitally signed

C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

 

 

LastRegBack: 2014-11-20 03:15

 

==================== End Of Log ===

Link to post
Share on other sites

  • Root Admin

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.
 

fixlist.txt

Link to post
Share on other sites

Here's the fixlog. Not sure if this was supposed to fix it - if it was, it didn't. The 'Ad by Notification' is still there.

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-11-2014

Ran by True at 2014-11-21 18:16:28 Run:1

Running from C:\Users\True\Desktop

Loaded Profile: True (Available profiles: True)

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

HKLM-x32\...\Run: [] => [X]

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.

ProxyServer: [.DEFAULT] => http=127.0.0.1:50183;https=127.0.0.1:50183

HKU\S-1-5-21-1734499517-1423219126-3406439121-1002\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.amazon.co...s={searchTerms}

SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://www.amazon.co...s={searchTerms}

SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://www.amazon.co...s={searchTerms}

SearchScopes: HKU\S-1-5-21-1734499517-1423219126-3406439121-1002 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...54371-11896-2/4?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}

C:\Users\True\AppData\Local\Temp\dllnt_dump.dll

C:\Users\True\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpztxckg.dll

C:\Users\True\AppData\Local\Temp\Extract.exe

C:\Users\True\AppData\Local\Temp\ose00000.exe

C:\Users\True\AppData\Local\Temp\Quarantine.exe

C:\Users\True\AppData\Local\Temp\sqlite3.dll

EmptyTemp:

Reboot:

 

*****************

 

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.

HKU\S-1-5-21-1734499517-1423219126-3406439121-1002\Software\Microsoft\Internet Explorer\Main\\First Home Page => value deleted successfully.

HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.

HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.

"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.

"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.

"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{86A0B50C-6F90-4213-B8C1-14CE698B7817}" => Key deleted successfully.

"HKCR\CLSID\{86A0B50C-6F90-4213-B8C1-14CE698B7817}" => Key not found.

"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => Key deleted successfully.

"HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => Key not found.

HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.

"HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{86A0B50C-6F90-4213-B8C1-14CE698B7817}" => Key deleted successfully.

"HKCR\Wow6432Node\CLSID\{86A0B50C-6F90-4213-B8C1-14CE698B7817}" => Key not found.

"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => Key deleted successfully.

"HKCR\Wow6432Node\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => Key not found.

"HKU\S-1-5-21-1734499517-1423219126-3406439121-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{86A0B50C-6F90-4213-B8C1-14CE698B7817}" => Key deleted successfully.

"HKCR\CLSID\{86A0B50C-6F90-4213-B8C1-14CE698B7817}" => Key not found.

"HKU\S-1-5-21-1734499517-1423219126-3406439121-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => Key deleted successfully.

"HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => Key not found.

C:\Users\True\AppData\Local\Temp\dllnt_dump.dll => Moved successfully.

C:\Users\True\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpztxckg.dll => Moved successfully.

C:\Users\True\AppData\Local\Temp\Extract.exe => Moved successfully.

C:\Users\True\AppData\Local\Temp\ose00000.exe => Moved successfully.

C:\Users\True\AppData\Local\Temp\Quarantine.exe => Moved successfully.

C:\Users\True\AppData\Local\Temp\sqlite3.dll => Moved successfully.

EmptyTemp: => Removed 468.4 MB temporary data.

 

 

The system needed a reboot.

 

==== End of Fixlog ====

Link to post
Share on other sites

  • Root Admin

No the fixes are not immediate. Malware removal often takes time.

Let me have you run the following please.

Please download Malwarebytes Anti-Rootkit from HERE

If needed there is a self help tutorial here: MBAR tutorial

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt
Link to post
Share on other sites

I ran the scan and it said no malware found - no cleanup required.

 

M-Bar Log:

Malwarebytes Anti-Rootkit BETA 1.08.2.1001

www.malwarebytes.org

 

Database version: v2014.11.22.09

 

Windows 8.1 x64 NTFS

Internet Explorer 11.0.9600.17416

True :: HOMEPC [administrator]

 

11/22/2014 12:49:32 PM

mbar-log-2014-11-22 (12-49-32).txt

 

Scan type: Quick scan

Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken

Scan options disabled:

Objects scanned: 324606

Time elapsed: 38 minute(s), 11 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 0

(No malicious items detected)

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

Physical Sectors Detected: 0

(No malicious items detected)

 

(end)

==============================================================

System Log:

 

 

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.08.2.1001

 

© Malwarebytes Corporation 2011-2012

 

OS version: 6.3.9200 Windows 8.1 x64

 

Account is Administrative

 

Internet Explorer version: 11.0.9600.17416

 

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED

CPU speed: 0.998000 GHz

Memory total: 3708825600, free: 1741967360

 

Downloaded database version: v2014.11.22.09

Downloaded database version: v2014.11.21.01

=======================================

This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.

=======================================

Initializing...

This version of Malwarebytes Anti-Rootkit requires you to completely exit the Malwarebytes Anti-Malware application to continue.

=======================================

 

 

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.08.2.1001

 

© Malwarebytes Corporation 2011-2012

 

OS version: 6.3.9200 Windows 8.1 x64

 

Account is Administrative

 

Internet Explorer version: 11.0.9600.17416

 

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED

CPU speed: 0.998000 GHz

Memory total: 3708825600, free: 1899589632

 

Initializing...

======================

------------ Kernel report ------------

     11/22/2014 12:49:01

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kd.dll

\SystemRoot\system32\mcupdate_AuthenticAMD.dll

\SystemRoot\System32\drivers\werkernel.sys

\SystemRoot\System32\drivers\CLFS.SYS

\SystemRoot\System32\drivers\tm.sys

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\BOOTVID.dll

\SystemRoot\system32\CI.dll

\SystemRoot\System32\drivers\msrpc.sys

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\System32\Drivers\acpiex.sys

\SystemRoot\System32\Drivers\WppRecorder.sys

\SystemRoot\System32\drivers\ACPI.sys

\SystemRoot\System32\drivers\WMILIB.SYS

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\msisadrv.sys

\SystemRoot\System32\drivers\pci.sys

\SystemRoot\System32\drivers\vdrvroot.sys

\SystemRoot\system32\drivers\pdc.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\System32\drivers\spaceport.sys

\SystemRoot\System32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\System32\drivers\amdsata.sys

\SystemRoot\System32\drivers\storport.sys

\SystemRoot\System32\drivers\amdxata.sys

\SystemRoot\System32\drivers\EhStorClass.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\System32\drivers\fileinfo.sys

\SystemRoot\System32\Drivers\Wof.sys

\SystemRoot\system32\drivers\WdFilter.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\DRIVERS\wfplwfs.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\System32\drivers\volsnap.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\intelpep.sys

\SystemRoot\System32\drivers\disk.sys

\SystemRoot\System32\drivers\CLASSPNP.SYS

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\drivers\cdrom.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\BasicRender.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\System32\drivers\BasicDisplay.sys

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\vwififlt.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\System32\drivers\npsvctrig.sys

\SystemRoot\System32\drivers\mssmbios.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\CLVirtualDrive.sys

\SystemRoot\system32\DRIVERS\ahcache.sys

\SystemRoot\System32\drivers\CompositeBus.sys

\SystemRoot\system32\DRIVERS\serscan.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\system32\drivers\ks.sys

\SystemRoot\system32\DRIVERS\kdnic.sys

\SystemRoot\System32\drivers\umbus.sys

\SystemRoot\System32\drivers\amdppm.sys

\SystemRoot\system32\DRIVERS\atikmpag.sys

\SystemRoot\system32\DRIVERS\atikmdag.sys

\SystemRoot\System32\drivers\HDAudBus.sys

\SystemRoot\system32\DRIVERS\RtsP2Stor.sys

\SystemRoot\system32\DRIVERS\athwbx.sys

\SystemRoot\System32\drivers\vwifibus.sys

\SystemRoot\system32\DRIVERS\Rt630x64.sys

\SystemRoot\System32\drivers\USBXHCI.SYS

\SystemRoot\System32\drivers\ucx01000.sys

\SystemRoot\System32\drivers\usbohci.sys

\SystemRoot\System32\drivers\USBPORT.SYS

\SystemRoot\System32\drivers\usbehci.sys

\SystemRoot\System32\drivers\i8042prt.sys

\SystemRoot\system32\DRIVERS\SynTP.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\System32\drivers\kbdclass.sys

\SystemRoot\System32\drivers\mouclass.sys

\SystemRoot\System32\drivers\CmBatt.sys

\SystemRoot\System32\drivers\BATTC.SYS

\SystemRoot\System32\drivers\sdbus.sys

\SystemRoot\System32\drivers\wmiacpi.sys

\SystemRoot\System32\drivers\WirelessButtonDriver64.sys

\SystemRoot\System32\drivers\HIDCLASS.SYS

\SystemRoot\System32\drivers\HIDPARSE.SYS

\SystemRoot\System32\drivers\AmdAS4.sys

\SystemRoot\System32\drivers\NdisVirtualBus.sys

\SystemRoot\System32\drivers\swenum.sys

\SystemRoot\System32\drivers\rdpbus.sys

\SystemRoot\system32\DRIVERS\clwvd.sys

\SystemRoot\System32\drivers\usbhub.sys

\SystemRoot\system32\drivers\AtihdWB6.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\AMDACPKSL.SYS

\SystemRoot\System32\drivers\UsbHub3.sys

\SystemRoot\system32\drivers\RTKVHD64.sys

\SystemRoot\System32\drivers\usbccgp.sys

\SystemRoot\System32\Drivers\usbvideo.sys

\SystemRoot\System32\Drivers\fastfat.SYS

\SystemRoot\System32\Drivers\dump_diskdump.sys

\SystemRoot\System32\Drivers\dump_amdsata.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\system32\drivers\luafv.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\nwifi.sys

\SystemRoot\system32\DRIVERS\ndisuio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\DRIVERS\vwifimp.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\System32\drivers\condrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\drivers\Ndu.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\drivers\WudfPf.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\Drivers\WdNisDrv.sys

\SystemRoot\System32\drivers\WSDPrint.sys

\SystemRoot\system32\DRIVERS\cdfs.sys

\SystemRoot\system32\DRIVERS\asyncmac.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys

----------- End -----------

Done!

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xffffe0002e1bc060

Upper Device Driver Name: \Driver\disk\

Lower Device Name: \Device\0000002c\

Lower Device Object: 0xffffe0002e0b6060

Lower Device Driver Name: \Driver\amdsata\

<<<2>>>

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xffffe0002e1bc060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\

--------- Disk Stack ------

DevicePointer: 0xffffe0002e1bcb20, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xffffe0002e1bc060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\

DevicePointer: 0xffffe0002e0b4ad0, DeviceName: Unknown, DriverName: \Driver\amdxata\

DevicePointer: 0xffffe0002e0b6060, DeviceName: \Device\0000002c\, DriverName: \Driver\amdsata\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...

File "C:\Windows\System32\drivers\1394ohci.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\1394ohci.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\acpi.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\acpi.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\acpipagr.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\acpipagr.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\acpipmi.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\acpipmi.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\acpitime.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\acpitime.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\AGP440.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\AGP440.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\amdk8.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\amdk8.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\amdppm.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\amdppm.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\intelpep.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\intelpep.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\intelppm.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\intelppm.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\isapnp.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\isapnp.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\kbdclass.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\kbdclass.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\kbdhid.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\kbdhid.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\sbp2port.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\sbp2port.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\sdbus.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\sdbus.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\sdstor.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\sdstor.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\serenum.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\serenum.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\serial.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\serial.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\sermouse.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\sermouse.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\sfloppy.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\sfloppy.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\atapi.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\atapi.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\ataport.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\ataport.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\BasicDisplay.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\BasicDisplay.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\BasicRender.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\BasicRender.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\battc.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\battc.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\BtaMPM.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\BtaMPM.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\BthAvrcpTg.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\BthAvrcpTg.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\bthhfenum.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\bthhfenum.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\BthhfHid.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\BthhfHid.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\bthmodem.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\bthmodem.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\cdrom.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\cdrom.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\CmBatt.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\CmBatt.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\CompositeBus.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\CompositeBus.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\disk.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\disk.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\drmk.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\drmk.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\drmkaud.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\drmkaud.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\dumpsd.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\dumpsd.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\errdev.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\errdev.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\fdc.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\fdc.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\flpydisk.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\flpydisk.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\circlass.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\circlass.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\fxppm.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\fxppm.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\kdnic.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\kdnic.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\uaspstor.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\uaspstor.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\HdAudio.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\HdAudio.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\hidbatt.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\hidbatt.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\hidbth.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\hidbth.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\hidclass.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\hidclass.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\hidi2c.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\hidi2c.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\hidparse.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\hidparse.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\hidusb.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\hidusb.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\i8042prt.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\i8042prt.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\monitor.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\monitor.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\mouclass.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\mouclass.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\mouhid.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\mouhid.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\msgpiowin32.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\msgpiowin32.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\msisadrv.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\msisadrv.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\msiscsi.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\msiscsi.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\mssmbios.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\mssmbios.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\MTConfig.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\MTConfig.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\npsvctrig.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\npsvctrig.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\parport.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\parport.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\pciide.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\pciide.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\pciidex.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\pciidex.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\pcmcia.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\pcmcia.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\portcls.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\portcls.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\processr.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\processr.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\rdpbus.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\rdpbus.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\stornvme.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\stornvme.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\swenum.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\swenum.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\terminpt.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\terminpt.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\tpm.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\tpm.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\TsUsbGD.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\TsUsbGD.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\UCX01000.SYS" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\UCX01000.SYS" is compressed (flags = 1)

File "C:\Windows\System32\drivers\uefi.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\uefi.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\umbus.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\umbus.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\umpass.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\umpass.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\usbcir.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\usbcir.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\usbd.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\usbd.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\usbehci.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\usbehci.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\usbohci.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\usbohci.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\usbport.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\usbport.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\usbprint.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\usbprint.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\usbuhci.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\usbuhci.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\usbvideo.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\usbvideo.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\USBXHCI.SYS" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\USBXHCI.SYS" is compressed (flags = 1)

File "C:\Windows\System32\drivers\vdrvroot.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\vdrvroot.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\vhdmp.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\vhdmp.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\volmgr.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\volmgr.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\vwifibus.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\vwifibus.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\wacompen.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\wacompen.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\wmiacpi.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\wmiacpi.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\WSDPrint.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\WSDPrint.sys" is compressed (flags = 1)

Done!

Drive 0

This is a System drive

Scanning MBR on drive 0...

Inspecting partition table:

This drive is a GPT Drive.

MBR Signature: 55AA

Disk Signature: 3F95D415

 

GPT Protective MBR Partition information:

 

    Partition 0 type is EFI-GPT (0xee)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 1  Numsec = 4294967295

 

    Partition 1 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

    Partition 2 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

    Partition 3 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

GPT Partition information:

 

    GPT Header Signature 4546492050415254

    GPT Header Revision 65536 Size 92 CRC 990474525

    GPT Header CurrentLba = 1 BackupLba 976773167

    GPT Header FirstUsableLba 34  LastUsableLba 976773134

    GPT Header Guid 9b734414-5096-4db7-9dde-5f3b5cea714

    GPT Header Contains 128 partition entries starting at LBA 2

    GPT Header Partition entry size = 128

 

    Backup GPT header Signature 4546492050415254

    Backup GPT header Revision 65536 Size 92 CRC 990474525

    Backup GPT header CurrentLba = 976773167 BackupLba 1

    Backup GPT header FirstUsableLba 34  LastUsableLba 976773134

    Backup GPT header Guid 9b734414-5096-4db7-9dde-5f3b5cea714

    Backup GPT header Contains 128 partition entries starting at LBA 976773135

    Backup GPT header Partition entry size = 128

 

    Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac

    Partition ID 8144acd0-46e0-4bea-b91e-dce2d08c57ab

    FirstLBA 2048  Last LBA 821247

    Attributes 1

    Partition Name                 Basic data partition

 

    Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b

    Partition ID e7c680db-a729-4fcb-ada6-3aa9fe69f37

    FirstLBA 821248  Last LBA 1353727

    Attributes 0

    Partition Name                 EFI system partition

 

    GPT Partition 1 is bootable

    Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae

    Partition ID 744c35ad-9716-489a-80f-203bd5892e1f

    FirstLBA 1353728  Last LBA 1845247

    Attributes 0

    Partition Name         Microsoft reserved partition

 

    Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7

    Partition ID 4f67597a-fda3-474b-aa93-d0e7d5698e5e

    FirstLBA 1845248  Last LBA 937613311

    Attributes 0

    Partition Name                 Basic data partition

 

    Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7

    Partition ID ac90cc0c-a45f-4dc0-b4f7-a09a478b8b7d

    FirstLBA 937613312  Last LBA 976773119

    Attributes 1

    Partition Name                 Basic data partition

 

Disk Size: 500107862016 bytes

Sector size: 512 bytes

 

Done!

Scan finished

=======================================

 

 

Removal queue found; removal started

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...

Removal finished

Link to post
Share on other sites

  • Root Admin

Sorry for the delay. Please look in the MBAR folder and there is a folder called Plugins. In that folder is a file named FIXDAMAGE.EXE please right click over that file and choose "Run as administrator". It should run pretty quick. Then restart the computer and get me a new set of FRST logs. Please make sure you place a check mark int the Additons.txt check box and post back both new logs but make sure you restart before running the FRST scan.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system.

You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please copy and paste it to your reply as well.
Link to post
Share on other sites

Here are the latest logs:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-11-2014 01
Ran by True (administrator) on HOMEPC on 25-11-2014 09:06:34
Running from C:\Users\True\Desktop
Loaded Profile: True (Available profiles: True)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\livecomm.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Dropbox, Inc.) C:\Users\True\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPNetworkCommunicator.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\Youcam_webcam_camera_video.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17246_none_fa4ae8e99b1f603c\TiWorker.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_223.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7510896 2014-07-05] (Realtek Semiconductor)
HKLM\...\Run: [simplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2758200 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [155704 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2803440 2013-12-13] (Synaptics Incorporated)
HKLM\...\Run: [ColtsTray] => C:\Program Files (x86)\DeskSite Software\Colts DeskSite\ColtsTray.exe
HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [475448 2014-03-26] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1734499517-1423219126-3406439121-1002\...\Run: [HP Photosmart 5510 series (NET)] => C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1734499517-1423219126-3406439121-1002\...\Run: [spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
Startup: C:\Users\True\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\True\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\True\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - .lnk
ShortcutTarget: Monitor Ink Alerts - .lnk -> C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\True\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\True\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:50183;https=127.0.0.1:50183
HKU\S-1-5-21-1734499517-1423219126-3406439121-1002\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: SecureWebBHO Class -> {D3C24E2B-C820-4492-9B69-11BF7163F998} -> C:\Program Files (x86)\Jelbrus Secure Web\jsie.dll (Jelbrus)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\True\AppData\Roaming\Mozilla\Firefox\Profiles\ywkk0q2m.default-1416000456201
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Firefox Helper - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\b85afb9c3dde7f804c95414cfb510fb1 [2014-11-13]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [99328 2013-12-11] () [File not signed]
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-11] (Advanced Micro Devices, Inc.) [File not signed]
R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-10-14] () [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2443960 2014-10-30] (Microsoft Corporation)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2014-01-13] (Hewlett-Packard Company) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [49464 2014-05-21] (Hewlett-Packard Company)
R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [469304 2014-03-26] (Hewlett-Packard Development Company, L.P.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-10-14] (Softex Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-07-05] (Realtek Semiconductor)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-08-26] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17504 2013-02-07] (Advanced Micro Devices, INC.)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3858944 2013-10-17] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2013-09-25] (Advanced Micro Devices)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-25] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-10-01] (Malwarebytes Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [291032 2013-11-22] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29936 2013-12-13] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [31472 2013-12-13] (Synaptics Incorporated)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-25 09:06 - 2014-11-25 09:08 - 00015942 _____ () C:\Users\True\Desktop\FRST.txt
2014-11-25 09:06 - 2014-11-25 09:06 - 02118144 _____ (Farbar) C:\Users\True\Desktop\FRST64.exe
2014-11-25 09:06 - 2014-11-25 09:06 - 00000000 ____D () C:\Users\True\Desktop\FRST-OlderVersion
2014-11-22 12:49 - 2014-11-22 14:32 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-11-22 12:42 - 2014-11-25 08:56 - 00000000 ____D () C:\Users\True\Desktop\MBAR
2014-11-20 06:15 - 2014-11-20 06:15 - 00000000 ____D () C:\Users\True\Downloads\FRST-OlderVersion
2014-11-19 19:09 - 2014-11-19 19:09 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-11-19 19:08 - 2014-11-19 19:09 - 02347384 _____ (ESET) C:\Users\True\Downloads\esetsmartinstaller_enu.exe
2014-11-19 17:56 - 2014-11-19 17:56 - 02140160 _____ () C:\Users\True\Desktop\AdwCleaner(1).exe
2014-11-19 17:50 - 2014-11-19 17:50 - 00000678 _____ () C:\Users\True\Desktop\JRT.txt
2014-11-19 17:44 - 2014-11-21 18:17 - 00000000 ____D () C:\Users\True\AppData\Local\CrashDumps
2014-11-19 17:43 - 2014-11-19 17:43 - 00000000 ____D () C:\Windows\ERUNT
2014-11-19 17:39 - 2014-11-19 17:39 - 01707532 _____ (Thisisu) C:\Users\True\Desktop\JRT.exe
2014-11-18 16:55 - 2014-11-09 18:19 - 00991232 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-18 16:55 - 2014-11-09 18:19 - 00806400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-18 16:55 - 2014-11-09 18:18 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-18 16:55 - 2014-11-09 18:18 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-17 19:44 - 2014-11-17 19:44 - 00004637 _____ () C:\Users\True\Desktop\RKreport_SCN_11172014_194138.log
2014-11-17 19:21 - 2014-11-17 19:21 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-11-17 19:20 - 2014-11-17 19:20 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-11-17 19:16 - 2014-11-17 19:18 - 17535064 _____ () C:\Users\True\Desktop\RogueKillerX64.exe
2014-11-17 17:06 - 2014-11-17 17:06 - 00000000 ____D () C:\Users\True\Desktop\11-17-2014
2014-11-17 17:04 - 2014-11-17 17:04 - 00000947 _____ () C:\Users\True\Desktop\NTREGOPT.lnk
2014-11-17 17:04 - 2014-11-17 17:04 - 00000928 _____ () C:\Users\True\Desktop\ERUNT.lnk
2014-11-17 17:04 - 2014-11-17 17:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-11-17 17:04 - 2014-11-17 17:04 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-11-17 17:02 - 2014-11-17 17:02 - 00791393 _____ (Lars Hederer ) C:\Users\True\Downloads\erunt-setup.exe
2014-11-17 17:01 - 2014-11-17 17:01 - 00003940 _____ () C:\Users\True\Desktop\Rkill report.txt
2014-11-17 16:58 - 2014-11-17 17:01 - 00003940 _____ () C:\Users\True\Desktop\Rkill.txt
2014-11-17 16:56 - 2014-11-17 16:56 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\True\Desktop\rkill.exe
2014-11-14 19:05 - 2014-11-14 19:07 - 00037343 _____ () C:\Users\True\Downloads\Addition.txt
2014-11-14 19:03 - 2014-11-25 09:06 - 00000000 ____D () C:\FRST
2014-11-14 19:03 - 2014-11-20 06:17 - 00053536 _____ () C:\Users\True\Downloads\FRST.txt
2014-11-14 18:50 - 2014-11-20 06:15 - 02117120 _____ (Farbar) C:\Users\True\Downloads\FRST64.exe
2014-11-14 18:23 - 2014-11-19 18:21 - 00000000 ____D () C:\AdwCleaner
2014-11-14 18:20 - 2014-11-14 18:21 - 02140160 _____ () C:\Users\True\Downloads\AdwCleaner.exe
2014-11-14 16:26 - 2014-11-14 16:26 - 00000000 __SHD () C:\Users\True\AppData\Local\EmieBrowserModeList
2014-11-11 19:43 - 2014-11-11 19:43 - 00001182 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-11-11 19:43 - 2014-11-11 19:43 - 00001170 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-11-11 19:43 - 2014-11-11 19:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-11 19:30 - 2014-11-11 19:30 - 00244088 _____ () C:\Users\True\Downloads\Firefox Setup Stub 33.1.exe
2014-11-11 15:14 - 2014-10-31 00:28 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-11 15:13 - 2014-10-30 22:42 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-11 15:10 - 2014-10-30 22:59 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-11 15:09 - 2014-10-30 23:50 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-11 15:09 - 2014-10-30 21:46 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-11 15:09 - 2014-10-30 21:30 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-11 15:08 - 2014-10-31 00:06 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-11 15:08 - 2014-10-31 00:05 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-11 15:08 - 2014-10-30 23:53 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-11 15:08 - 2014-10-30 23:51 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-11-11 15:08 - 2014-10-30 23:50 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-11 15:08 - 2014-10-30 23:38 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-11 15:08 - 2014-10-30 23:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-11 15:08 - 2014-10-30 23:15 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2014-11-11 15:08 - 2014-10-30 23:08 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-11-11 15:08 - 2014-10-30 23:05 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-11 15:08 - 2014-10-30 23:03 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-11 15:08 - 2014-10-30 22:45 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-11 15:08 - 2014-10-30 22:44 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-11-11 15:08 - 2014-10-30 22:32 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-11 15:08 - 2014-10-30 22:24 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-11 15:08 - 2014-10-30 22:20 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-11 15:08 - 2014-10-30 22:18 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-11 15:08 - 2014-10-30 22:13 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-11 15:08 - 2014-10-30 22:12 - 00661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-11-11 15:08 - 2014-10-30 22:11 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-11 15:08 - 2014-10-30 22:02 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-11 15:08 - 2014-10-30 21:50 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-11 15:08 - 2014-10-30 21:46 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2014-11-11 15:08 - 2014-10-30 21:42 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-11-11 15:08 - 2014-10-30 21:40 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-11 15:08 - 2014-10-30 21:39 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-11 15:08 - 2014-10-30 21:17 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-11 15:08 - 2014-10-30 21:13 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-11 15:08 - 2014-10-30 21:11 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-11 15:07 - 2014-10-31 00:09 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-11-11 15:07 - 2014-10-31 00:06 - 00237568 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-11-11 15:07 - 2014-10-31 00:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-11 15:07 - 2014-10-31 00:05 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-11-11 15:07 - 2014-10-31 00:04 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-11 15:07 - 2014-10-30 23:57 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-11 15:07 - 2014-10-30 23:54 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-11-11 15:07 - 2014-10-30 23:52 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2014-11-11 15:07 - 2014-10-30 23:51 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-11 15:07 - 2014-10-30 23:51 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-11 15:07 - 2014-10-30 23:40 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-11-11 15:07 - 2014-10-30 23:30 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-11 15:07 - 2014-10-30 23:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-11-11 15:07 - 2014-10-30 23:29 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-11-11 15:07 - 2014-10-30 23:28 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-11-11 15:07 - 2014-10-30 23:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-11 15:07 - 2014-10-30 23:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-11 15:07 - 2014-10-30 23:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-11-11 15:07 - 2014-10-30 23:23 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-11-11 15:07 - 2014-10-30 23:19 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-11-11 15:07 - 2014-10-30 23:06 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-11 15:07 - 2014-10-30 23:05 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-11 15:07 - 2014-10-30 22:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-11-11 15:07 - 2014-10-30 22:28 - 00137728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-11-11 15:07 - 2014-10-30 22:27 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-11-11 15:07 - 2014-10-30 22:26 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-11-11 15:07 - 2014-10-30 22:24 - 00235520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-11-11 15:07 - 2014-10-30 22:24 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-11 15:07 - 2014-10-30 22:23 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-11-11 15:07 - 2014-10-30 22:23 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-11 15:07 - 2014-10-30 22:22 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-11 15:07 - 2014-10-30 22:16 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-11 15:07 - 2014-10-30 22:15 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-11 15:07 - 2014-10-30 22:14 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-11-11 15:07 - 2014-10-30 22:13 - 00099328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2014-11-11 15:07 - 2014-10-30 22:12 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-11 15:07 - 2014-10-30 22:03 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-11-11 15:07 - 2014-10-30 21:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-11 15:07 - 2014-10-30 21:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-11-11 15:07 - 2014-10-30 21:56 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-11-11 15:07 - 2014-10-30 21:56 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-11-11 15:07 - 2014-10-30 21:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-11 15:07 - 2014-10-30 21:53 - 00052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-11-11 15:07 - 2014-10-30 21:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-11 15:07 - 2014-10-30 21:51 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-11-11 15:07 - 2014-10-30 21:48 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-11-11 15:07 - 2014-10-30 21:40 - 00325632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-11 15:07 - 2014-10-30 21:26 - 01042944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-11-11 15:07 - 2014-10-30 21:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-11-11 15:06 - 2014-10-31 00:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-11-11 15:06 - 2014-10-31 00:12 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-11-11 15:06 - 2014-10-31 00:10 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-11-11 15:06 - 2014-10-31 00:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-11-11 15:06 - 2014-10-31 00:06 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-11 15:06 - 2014-10-30 23:56 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-11 15:06 - 2014-10-30 22:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-11-11 15:06 - 2014-10-30 22:25 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-11-11 15:00 - 2014-10-10 19:58 - 03320320 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-11 15:00 - 2014-10-10 19:53 - 03607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-11 15:00 - 2014-10-08 02:09 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-11-11 15:00 - 2014-10-08 00:32 - 02773504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-11-11 15:00 - 2014-10-08 00:19 - 02459136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-11-11 15:00 - 2014-09-21 23:38 - 01519488 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2014-11-11 15:00 - 2014-09-21 22:06 - 00258368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-11-11 15:00 - 2014-09-21 22:06 - 00114496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2014-11-11 15:00 - 2014-09-21 21:49 - 00035320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-11-11 15:00 - 2014-09-18 19:16 - 01346048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2014-11-11 15:00 - 2014-09-02 17:08 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\winshfhc.dll
2014-11-11 15:00 - 2014-09-02 17:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winshfhc.dll
2014-11-11 14:59 - 2014-10-17 02:01 - 00789184 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-11 14:59 - 2014-10-12 21:33 - 00116032 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-11-11 14:59 - 2014-10-09 20:58 - 00177472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-11 14:59 - 2014-10-09 20:58 - 00027456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-11-11 14:59 - 2014-10-09 20:44 - 00563976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-11-11 14:59 - 2014-10-08 02:37 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-11 14:59 - 2014-10-08 02:37 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-11 14:59 - 2014-10-08 02:34 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-11-11 14:59 - 2014-10-08 02:30 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-11-11 14:59 - 2014-10-08 02:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\rfxvmt.dll
2014-11-11 14:59 - 2014-10-08 01:56 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2014-11-11 14:59 - 2014-10-08 01:51 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-11 14:59 - 2014-10-08 01:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-11 14:59 - 2014-10-08 01:27 - 00325120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-11-11 14:59 - 2014-10-08 01:18 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2014-11-11 14:59 - 2014-10-08 01:17 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-11 14:59 - 2014-10-08 00:23 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-11-11 14:59 - 2014-09-27 02:13 - 00104336 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2014-11-11 14:59 - 2014-09-27 00:24 - 00088800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2014-11-11 14:59 - 2014-09-26 22:38 - 00426496 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-11 14:59 - 2014-09-26 22:30 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2014-11-11 14:59 - 2014-09-26 22:17 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-11 14:58 - 2014-10-18 04:55 - 00055776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-11-11 14:58 - 2014-10-18 03:09 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-11-11 14:58 - 2014-10-18 03:09 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-11-11 14:58 - 2014-10-18 02:25 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-11-11 14:58 - 2014-10-18 01:50 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
2014-11-11 14:58 - 2014-10-18 01:38 - 03557376 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-11-11 14:58 - 2014-10-18 01:27 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-11-11 14:58 - 2014-10-18 01:26 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-11-11 14:58 - 2014-10-18 01:23 - 00407552 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-11-11 14:58 - 2014-10-18 01:23 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-11-11 14:58 - 2014-10-18 01:21 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-11-11 14:58 - 2014-10-18 01:20 - 01714176 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-11-11 14:58 - 2014-10-18 01:14 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-11-11 14:58 - 2014-10-18 01:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-11-11 14:58 - 2014-10-18 01:12 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-11-11 14:58 - 2014-10-18 01:11 - 00723968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-11-11 14:58 - 2014-10-17 01:58 - 00602768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-11 14:55 - 2014-10-23 00:48 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-11 14:55 - 2014-10-23 00:05 - 00072192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-11 14:55 - 2014-10-07 01:28 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-11 14:55 - 2014-10-07 01:27 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-11 14:55 - 2014-10-07 01:27 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-11 14:55 - 2014-10-07 01:27 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-11-11 14:55 - 2014-10-07 01:27 - 00108432 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-11 14:55 - 2014-10-06 22:34 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-11 14:55 - 2014-10-06 22:34 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-11 14:55 - 2014-10-06 22:33 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-11 14:55 - 2014-10-06 22:30 - 04182016 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-11 14:55 - 2014-10-06 20:54 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2014-11-11 14:55 - 2014-10-06 20:46 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-11 14:55 - 2014-08-23 00:18 - 02149376 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-11 14:55 - 2014-08-23 00:03 - 01346048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-11 14:54 - 2014-09-10 01:25 - 00474432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-11-11 14:54 - 2014-09-07 22:07 - 02497344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-11-11 14:54 - 2014-09-04 17:30 - 00822272 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-11-11 14:54 - 2014-09-04 17:21 - 01053184 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-11-11 14:54 - 2014-09-03 22:05 - 00836176 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2014-11-11 14:54 - 2014-09-03 21:22 - 00670384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2014-11-11 14:54 - 2014-09-03 20:01 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2014-11-11 14:54 - 2014-09-03 19:32 - 00334336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2014-11-11 14:54 - 2014-08-30 19:17 - 00148800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2014-11-11 14:54 - 2014-08-30 19:15 - 21197152 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-11-11 14:54 - 2014-08-30 17:59 - 18723112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-11-11 14:54 - 2014-08-30 16:04 - 00941568 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2014-11-11 14:54 - 2014-08-30 15:17 - 00799744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2014-11-11 14:54 - 2014-08-27 21:55 - 07484224 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-11-11 14:54 - 2014-08-27 19:21 - 02480128 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-11-11 14:54 - 2014-08-27 19:06 - 02030592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-11-11 14:54 - 2014-08-23 00:14 - 13424128 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-11-11 14:54 - 2014-08-23 00:04 - 11820544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-11-11 14:54 - 2014-08-22 23:50 - 02714112 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2014-11-11 14:53 - 2014-09-07 22:07 - 00428864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-11-11 14:53 - 2014-09-07 17:08 - 00389176 _____ () C:\Windows\system32\ApnDatabase.xml
2014-11-11 14:53 - 2014-08-30 17:05 - 00615424 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOMEX.dll
2014-11-11 14:53 - 2014-08-30 16:58 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\FXSAPI.dll
2014-11-11 14:53 - 2014-08-30 15:53 - 00239104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FXSAPI.dll
2014-11-11 14:53 - 2014-08-01 19:51 - 00545792 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2014-11-11 14:53 - 2014-08-01 19:35 - 00485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2014-11-11 13:58 - 2014-11-25 09:02 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-11 13:57 - 2014-11-11 13:57 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-11 13:57 - 2014-11-11 13:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-11 13:56 - 2014-11-22 12:48 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-11 13:56 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-11 13:56 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-11 13:55 - 2014-11-11 13:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-11 13:55 - 2014-11-11 13:55 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-11 13:51 - 2014-11-11 13:54 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\True\Downloads\mbam-setup-2.0.3.1025.exe
2014-11-11 13:39 - 2014-11-17 17:04 - 00000000 ____D () C:\Users\True\Desktop\SOA
2014-11-10 19:10 - 2014-11-13 19:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-07 12:44 - 2014-11-07 12:44 - 00244152 _____ () C:\Users\True\Downloads\Firefox Setup Stub 33.0.3.exe
2014-11-07 12:16 - 2014-11-07 12:18 - 15047896 _____ (DeskSite) C:\Users\True\Downloads\install_colts_desksite.exe
2014-11-06 13:40 - 2014-11-06 13:40 - 00244032 _____ () C:\Users\True\Downloads\Firefox Setup Stub 33.0.2.exe
2014-11-06 09:28 - 2013-08-22 08:25 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20141106-092815.backup
2014-11-05 23:05 - 2014-11-05 23:05 - 00001414 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-11-05 23:05 - 2014-11-05 23:05 - 00001402 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-11-05 23:05 - 2014-11-05 23:05 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-11-05 23:05 - 2014-11-05 23:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-11-05 23:04 - 2014-11-06 09:10 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-11-05 23:04 - 2014-11-05 23:10 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-11-05 23:04 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-11-05 22:52 - 2014-11-05 23:02 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\True\Downloads\spybot-2.4.exe
2014-11-05 22:36 - 2014-11-14 16:27 - 00000000 ____D () C:\Users\True\Desktop\Old Firefox Data
2014-11-04 22:11 - 2014-11-04 22:11 - 00002259 _____ () C:\Windows\epplauncher.mif
2014-11-04 22:07 - 2014-11-04 22:09 - 14087848 _____ (Microsoft Corporation) C:\Users\True\Downloads\mseinstall.exe
2014-10-31 14:01 - 2014-11-25 08:58 - 00003272 _____ () C:\Windows\System32\Tasks\Jelbrus Secure Web Task
2014-10-31 14:01 - 2014-10-31 14:01 - 00000000 ____D () C:\Program Files (x86)\Jelbrus Secure Web
2014-10-31 13:58 - 2014-11-11 13:12 - 00073728 _____ () C:\Windows\SysWOW64\tasks.dll
2014-10-30 12:26 - 2014-10-30 12:26 - 00000000 ____D () C:\Users\True\.swt
2014-10-30 12:24 - 2014-10-30 19:24 - 00000000 ____D () C:\Users\True\AppData\Roaming\Azureus
2014-10-30 12:17 - 2014-10-30 12:17 - 00072008 _____ (Azureus Software, Inc.) C:\Users\True\Downloads\VuzeBittorrentClientInstaller.exe
2014-10-27 19:33 - 2014-10-27 19:33 - 00000000 __SHD () C:\Users\True\AppData\Local\EmieUserList
2014-10-27 19:33 - 2014-10-27 19:33 - 00000000 __SHD () C:\Users\True\AppData\Local\EmieSiteList
2014-10-26 20:14 - 2014-11-25 09:04 - 00004962 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for HOMEPC-True HomePC
2014-10-26 20:14 - 2014-10-26 20:14 - 00003090 _____ () C:\Windows\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1734499517-1423219126-3406439121-1002
2014-10-26 20:14 - 2014-10-26 20:14 - 00000000 ___RD () C:\Users\True\OneDrive
2014-10-26 20:13 - 2014-10-26 20:13 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
2014-10-26 18:39 - 2014-10-26 19:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-10-26 18:21 - 2014-11-18 17:16 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-10-26 18:20 - 2014-10-26 18:20 - 01055920 _____ (Microsoft Corporation) C:\Users\True\Downloads\setuponenotefreeretail.x86.en-us_.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-25 09:06 - 2014-06-06 20:19 - 01771095 _____ () C:\Windows\WindowsUpdate.log
2014-11-25 09:05 - 2014-06-06 20:27 - 00000000 ____D () C:\Users\True\Documents\Youcam
2014-11-25 09:05 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-11-25 09:03 - 2014-10-17 16:03 - 00000000 ___RD () C:\Users\True\Dropbox
2014-11-25 09:03 - 2014-10-17 15:57 - 00000000 ____D () C:\Users\True\AppData\Roaming\Dropbox
2014-11-25 09:03 - 2014-06-06 20:44 - 00000000 __RDO () C:\Users\True\SkyDrive
2014-11-25 09:01 - 2013-08-22 09:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-25 09:00 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sru
2014-11-25 09:00 - 2013-08-22 08:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
2014-11-25 08:59 - 2014-06-06 20:51 - 00003914 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{E44FF485-5807-49FF-B743-482D2C37A352}
2014-11-22 17:23 - 2014-06-08 21:07 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-22 11:41 - 2014-06-06 20:30 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1734499517-1423219126-3406439121-1002
2014-11-21 18:30 - 2013-08-26 01:09 - 00956476 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-21 18:25 - 2014-06-22 17:04 - 00695808 ___SH () C:\Users\True\Desktop\Thumbs.db
2014-11-21 18:22 - 2013-08-26 01:01 - 00124390 _____ () C:\Windows\PFRO.log
2014-11-21 13:40 - 2014-06-07 21:17 - 00000000 ____D () C:\Users\True\Desktop\True Woodcarving Books
2014-11-20 20:37 - 2014-07-27 16:21 - 00003154 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForTrue
2014-11-20 20:37 - 2014-07-27 16:21 - 00000342 _____ () C:\Windows\Tasks\HPCeeScheduleForTrue.job
2014-11-18 17:33 - 2013-08-22 10:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-11-16 17:23 - 2014-06-09 09:24 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-11-16 17:23 - 2014-06-09 09:24 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-11-14 20:32 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\rescache
2014-11-14 18:47 - 2014-10-17 16:03 - 00001070 _____ () C:\Users\True\Desktop\Dropbox.lnk
2014-11-14 18:47 - 2014-10-17 16:02 - 00000000 ____D () C:\Users\True\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-11-12 15:13 - 2014-06-07 15:50 - 00000000 ____D () C:\Users\True\Desktop\Randy
2014-11-11 18:18 - 2013-08-22 09:44 - 00484248 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-11 18:16 - 2014-03-25 14:47 - 00000000 ____D () C:\Windows\Options
2014-11-11 18:14 - 2013-08-22 10:36 - 00000000 ___RD () C:\Windows\ToastData
2014-11-11 18:14 - 2013-08-22 10:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2014-11-11 18:14 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-11 18:14 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-11 18:14 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-11-11 18:14 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-11-11 15:31 - 2014-06-07 10:42 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-11 15:25 - 2014-06-08 21:07 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-11 15:22 - 2014-06-09 08:54 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-11 15:16 - 2014-06-09 08:54 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-11 13:08 - 2014-07-22 13:51 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-11-11 09:23 - 2014-06-07 15:35 - 00000000 ____D () C:\Users\True\Desktop\Debbie Carvings
2014-11-07 15:47 - 2014-09-03 18:56 - 00000000 ____D () C:\Program Files (x86)\Legacy8
2014-11-04 22:56 - 2014-03-25 15:06 - 00000000 ____D () C:\ProgramData\McAfee
2014-11-04 22:56 - 2014-03-25 15:06 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-11-04 22:53 - 2013-08-22 10:36 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-11-04 22:51 - 2014-01-18 12:39 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2014-11-04 22:45 - 2014-06-06 20:24 - 00000000 ____D () C:\Users\True\AppData\Local\Packages
2014-11-03 20:50 - 2013-08-22 08:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-10-30 12:26 - 2014-06-06 20:24 - 00000000 ____D () C:\Users\True
2014-10-30 06:25 - 2014-08-20 14:01 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-29 19:55 - 2014-10-25 20:31 - 00714208 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-29 19:55 - 2014-10-25 20:31 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-27 13:49 - 2014-10-25 21:22 - 00000000 ____D () C:\Users\True\Documents\OneNote Notebooks

Some content of TEMP:
====================
C:\Users\True\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjxmrur.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-21 11:33

==================== End Of Log ============================

 

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-11-2014 01
Ran by True at 2014-11-25 09:09:46
Running from C:\Users\True\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Airport Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
AMD Catalyst Install Manager (HKLM\...\{FA071D2C-FB23-9D66-88DB-8B3B1CEBEDDC}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Curse at Twilight (x32 Version: 3.0.2.32 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6902 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.6.3728 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3416 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3.3709 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.2.3618 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dropbox (HKU\S-1-5-21-1734499517-1423219126-3406439121-1002\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.)
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version:  - Lars Hederer)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Fishdom 3: Collector's Edition (x32 Version: 3.0.2.38 - WildTangent) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden
HP Documentation (HKLM-x32\...\{D82B396E-A647-4C81-9DA4-C61F7BB620EC}) (Version: 1.1.0.0 - Hewlett-Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Photosmart 5510 series Basic Device Software (HKLM\...\{CFF43B48-42A1-4967-9506-7E341BBD075F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 5510 series Help (HKLM-x32\...\{E02964EA-0E1B-4620-A26E-CBAB0341B1BB}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photosmart 5510 series Product Improvement Study (HKLM\...\{CBB98874-7884-4CC1-A78C-CB53C62BC77B}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7372.4698 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.57 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{8C696B4B-6AB1-44BC-9416-96EAC474CABE}) (Version: 7.5.2.12 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{D2F04839-0AD0-4F06-A6B5-6DFF05E27B67}) (Version: 11.50.0019 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{DEF23826-DB71-4654-BC00-D5D6C20802EA}) (Version: 1.1.4 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
HP Utility Center (HKLM\...\{891A1782-8B20-4403-8383-458962525926}) (Version: 2.3.4 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Inst5675 (Version: 8.00.57 - Softex Inc.) Hidden
Inst5676 (Version: 8.00.57 - Softex Inc.) Hidden
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
Legacy 8.0 (HKLM-x32\...\Legacy 8.0) (Version: 8.0  - Millennia Corporation)
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Dimensions Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1734499517-1423219126-3406439121-1002\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft OneNote 2013 - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 15.0.4667.1002 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 33.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1 - Mozilla)
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Pinger (HKLM-x32\...\Pinger 1.4.0.1) (Version: 1.4.0.1 - Pinger Inc.)
Pinger (x32 Version: 1.4.0.1 - Pinger Inc.) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29075 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 8.24.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7156 - Realtek Semiconductor Corp.)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.0.4.0 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HP Games) (x32 Version: 4.0.10.15 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1734499517-1423219126-3406439121-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\True\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1734499517-1423219126-3406439121-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\True\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1734499517-1423219126-3406439121-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\True\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1734499517-1423219126-3406439121-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\True\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1734499517-1423219126-3406439121-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\True\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1734499517-1423219126-3406439121-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\True\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1734499517-1423219126-3406439121-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\True\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1734499517-1423219126-3406439121-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\True\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1734499517-1423219126-3406439121-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\True\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1734499517-1423219126-3406439121-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\True\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

30-10-2014 23:10:15 Scheduled Checkpoint
07-11-2014 17:21:52 Installed Colts DeskSite.
11-11-2014 17:05:34 Cleaner (Spybot - Search & Destroy 2.4, administrator privileges
18-11-2014 22:31:09 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2014-11-06 09:28 - 00450713 ___RA C:\Windows\system32\Drivers\etc\hosts
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0390F844-8BB8-4CF2-8B6A-333B34585420} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN191045FP05NR => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
Task: {1F999654-F0FA-4ED7-B6CC-BF747915E701} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)
Task: {2DCE66DC-4EC1-4969-A8A6-90B5FDBDA48C} - System32\Tasks\HPCeeScheduleForTrue => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {31ACA094-369F-4EC6-9699-FE5E91D6E428} - \GPUP No Task File <==== ATTENTION
Task: {3FEE3CEB-BC79-45F5-B477-F98F63967A10} - System32\Tasks\Microsoft Office 15 Sync Maintenance for HOMEPC-True HomePC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-09-23] (Microsoft Corporation)
Task: {58129A26-74CB-4553-8BD5-9814AE98D6CE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)
Task: {632829CF-193A-42C0-A92B-FAC82F8EF5CA} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-12-13] (Synaptics Incorporated)
Task: {65828A87-D349-48FA-8777-5D15D920D332} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1734499517-1423219126-3406439121-1002 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
Task: {84F919F4-E2FA-48C7-A521-1FD7702876CF} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {87538E65-DB38-4BBE-AB07-472B10B4299D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-10-07] (Microsoft Corporation)
Task: {98EA16A6-70E5-4DFB-9193-EFA7CA8E6769} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {9AEAAAFB-7FF9-4217-83B0-4541E87B93BA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-11] (Adobe Systems Incorporated)
Task: {9F4D2CFC-A8B0-49E9-863B-8FC373E54C0A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
Task: {BC675A67-0CC5-46CC-B37F-519DB5745D38} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-11-11] (Microsoft Corporation)
Task: {BE9B037A-2C25-4E4E-982B-36B8D0F8BE88} - System32\Tasks\Jelbrus Secure Web Task => C:\Program Files (x86)\Jelbrus Secure Web\jswtask.exe [2014-10-31] (Jelbrus)
Task: {BF5A22AC-67D2-4F59-889F-5A0CA28EB6CC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HPSFUpdaterRedux => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {C14DD66F-61DA-48B4-8A39-1F2A71C36C88} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2013-12-17] (CyberLink Corp.)
Task: {C605FB90-B3E9-4290-9111-7908D68CA9EF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {C754D718-617D-4B41-9C40-36DC14E713DE} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {CA4671AD-3A46-4C05-B23C-B6843DAAAF40} - System32\Tasks\HPCustParticipation HP Photosmart 5510 series => C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {EB87482D-A23B-4E11-BEFE-22A3B8646C74} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)
Task: {F39B73B7-D933-4537-904C-C8749C2BE318} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {FA59E05D-50C3-4F1B-A01F-FB928C8D37E2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HPCeeScheduleForTrue.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2013-10-14 14:23 - 2013-10-14 14:23 - 00109568 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
2013-10-14 14:24 - 2013-10-14 14:24 - 00627200 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll
2013-10-14 14:25 - 2013-10-14 14:25 - 02541056 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2013-10-14 14:22 - 2013-10-14 14:22 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2013-10-14 14:22 - 2013-10-14 14:22 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2013-10-14 14:22 - 2013-10-14 14:22 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2013-10-14 14:35 - 2013-10-14 14:35 - 00306064 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2013-10-14 14:35 - 2013-10-14 14:35 - 01297296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2013-12-11 17:12 - 2013-12-11 17:12 - 00099328 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
2013-12-11 17:11 - 2013-12-11 17:11 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-10-26 18:21 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-11-18 17:13 - 2014-09-23 08:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-10-14 14:30 - 2013-10-14 14:30 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2014-11-05 23:04 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-11-05 23:04 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-11-05 23:04 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-11-05 23:04 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-11-05 23:04 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-03-25 15:05 - 2013-08-05 02:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 17:48 - 2013-08-05 17:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-11-18 16:50 - 2014-11-18 16:50 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
2014-11-25 09:03 - 2014-11-25 09:03 - 00043008 _____ () c:\users\true\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjxmrur.dll
2013-08-23 14:01 - 2013-08-23 14:01 - 25100288 _____ () C:\Users\True\AppData\Roaming\Dropbox\bin\libcef.dll
2014-11-18 16:50 - 2014-11-18 16:50 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2014-11-18 17:12 - 2014-11-18 17:12 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2014-11-11 19:43 - 2014-11-06 19:09 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\True\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1734499517-1423219126-3406439121-500 - Administrator - Disabled)
Guest (S-1-5-21-1734499517-1423219126-3406439121-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1734499517-1423219126-3406439121-1004 - Limited - Enabled)
True (S-1-5-21-1734499517-1423219126-3406439121-1002 - Administrator - Enabled) => C:\Users\True

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/22/2014 11:20:30 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1a58

Start Time: 01d0066f80e2b6b5

Termination Time: 4294967295

Application Path: C:\Windows\system32\backgroundTaskHost.exe

Report Id: 759e1113-7263-11e4-827b-a02bb835ea16

Faulting package full name: Facebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nnt

Faulting package-relative application ID: App

Error: (11/21/2014 10:58:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1766

Error: (11/21/2014 10:58:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1766

Error: (11/21/2014 10:58:43 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/21/2014 06:16:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 33.1.0.5423, time stamp: 0x545c0a59
Faulting module name: mozalloc.dll, version: 33.1.0.5423, time stamp: 0x545be5ee
Exception code: 0x80000003
Fault offset: 0x00001425
Faulting process id: 0x940
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
Faulting package full name: plugin-container.exe4
Faulting package-relative application ID: plugin-container.exe5

Error: (11/21/2014 11:37:00 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (11/21/2014 11:00:31 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program backgroundTaskHost.exe version 6.3.9600.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 534

Start Time: 01d005a37cd7c4bd

Termination Time: 4294967295

Application Path: C:\Windows\system32\backgroundTaskHost.exe

Report Id: 6fd883cb-7197-11e4-827a-a02bb835ea16

Faulting package full name: Facebook.Facebook_1.4.0.9_x64__8xx8rvfyw5nnt

Faulting package-relative application ID: App

Error: (11/20/2014 07:37:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2093

Error: (11/20/2014 07:37:13 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2093

Error: (11/20/2014 05:23:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (11/25/2014 09:00:03 AM) (Source: DCOM) (EventID: 10010) (User: HOMEPC)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (11/21/2014 11:33:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AppX Deployment Service (AppXSVC) service failed to start due to the following error:
%%1053

Error: (11/21/2014 11:33:46 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the AppX Deployment Service (AppXSVC) service to connect.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-11-20 03:17:50.145
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-14 18:58:44.801
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-10 22:03:44.355
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-07 12:36:15.161
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-05 21:42:50.283
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-10-25 21:49:38.238
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-08-20 17:23:47.703
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: AMD E1-2100 APU with Radeon HD Graphics
Percentage of memory in use: 47%
Total physical RAM: 3537.01 MB
Available physical RAM: 1847.79 MB
Total Pagefile: 4305.01 MB
Available Pagefile: 2342.19 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:446.21 GB) (Free:389.65 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:18.67 GB) (Free:1.88 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 3F95D415)

Partition: GPT Partition Type.

==================== End Of Log ============================

Link to post
Share on other sites

  • Root Admin

Please download the attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system.

Run FRST or FRST64 and press the Fix button just once and wait.
If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart.
The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply.

Note: If the tool warned you about an outdated version please download and run the updated version.
 

fixlist.txt

Link to post
Share on other sites

Here's the fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-11-2014 01
Ran by True at 2014-11-26 20:58:28 Run:3
Running from C:\Users\True\Desktop
Loaded Profile: True (Available profiles: True)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:50183;https=127.0.0.1:50183
HKU\S-1-5-21-1734499517-1423219126-3406439121-1002\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
C:\Users\True\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjxmrur.dll
Task: {31ACA094-369F-4EC6-9699-FE5E91D6E428} - \GPUP No Task File <==== ATTENTION
AlternateDataStreams: C:\Users\True\SkyDrive:ms-properties


*****************

HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => Value not found.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => Value not found.
HKU\S-1-5-21-1734499517-1423219126-3406439121-1002\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"C:\Users\True\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpjxmrur.dll" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{31ACA094-369F-4EC6-9699-FE5E91D6E428}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{31ACA094-369F-4EC6-9699-FE5E91D6E428}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\GPUP" => Key deleted successfully.
C:\Users\True\SkyDrive => ":ms-properties" ADS removed successfully.
 

Link to post
Share on other sites

Here's the latest scan. Hope you had a great Thanksgiving!

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-11-2014 01
Ran by True (administrator) on HOMEPC on 28-11-2014 19:11:06
Running from C:\Users\True\Desktop
Loaded Profile: True (Available profiles: True)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Dropbox, Inc.) C:\Users\True\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(Hewlett-Packard Co.) C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPNetworkCommunicator.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17246_none_fa4ae8e99b1f603c\TiWorker.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7510896 2014-07-05] (Realtek Semiconductor)
HKLM\...\Run: [simplePass] => C:\Program Files\Hewlett-Packard\SimplePass\HPSmplPass.exe [2758200 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [155704 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [155704 2013-10-14] (Hewlett-Packard)
HKLM\...\Run: [synTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2803440 2013-12-13] (Synaptics Incorporated)
HKLM\...\Run: [ColtsTray] => C:\Program Files (x86)\DeskSite Software\Colts DeskSite\ColtsTray.exe
HKLM-x32\...\Run: [startCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [475448 2014-03-26] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [sDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-1734499517-1423219126-3406439121-1002\...\Run: [HP Photosmart 5510 series (NET)] => C:\Program Files\HP\HP Photosmart 5510 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-1734499517-1423219126-3406439121-1002\...\Run: [spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
Startup: C:\Users\True\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\True\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\True\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - .lnk
ShortcutTarget: Monitor Ink Alerts - .lnk -> C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\True\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2007 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\True\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [.DEFAULT] => Internet Explorer proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:50183;https=127.0.0.1:50183
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO-x32: SecureWebBHO Class -> {D3C24E2B-C820-4492-9B69-11BF7163F998} -> C:\Program Files (x86)\Jelbrus Secure Web\jsie.dll (Jelbrus)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\True\AppData\Roaming\Mozilla\Firefox\Profiles\ywkk0q2m.default-1416000456201
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll (Adobe Systems, Inc.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Firefox Helper - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\b85afb9c3dde7f804c95414cfb510fb1 [2014-11-13]

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [99328 2013-12-11] () [File not signed]
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-11] (Advanced Micro Devices, Inc.) [File not signed]
R2 Cachedrv server; C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe [109568 2013-10-14] () [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2443960 2014-10-30] (Microsoft Corporation)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-04-24] (WildTangent)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2014-01-13] (Hewlett-Packard Company) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [49464 2014-05-21] (Hewlett-Packard Company)
R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [469304 2014-03-26] (Hewlett-Packard Development Company, L.P.)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [87552 2013-10-14] (Softex Inc.) [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-07-05] (Realtek Semiconductor)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2013-08-26] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17504 2013-02-07] (Advanced Micro Devices, INC.)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3858944 2013-10-17] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2013-09-25] (Advanced Micro Devices)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-26] (Malwarebytes Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [291032 2013-11-22] (Realtek Semiconductor Corp.)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29936 2013-12-13] (Synaptics Incorporated)
S3 SmbDrvI; C:\Windows\System32\drivers\Smb_driver_Intel.sys [31472 2013-12-13] (Synaptics Incorporated)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-25 09:09 - 2014-11-25 09:11 - 00032828 _____ () C:\Users\True\Desktop\Addition.txt
2014-11-25 09:06 - 2014-11-28 19:13 - 00014817 _____ () C:\Users\True\Desktop\FRST.txt
2014-11-25 09:06 - 2014-11-26 20:53 - 02117632 _____ (Farbar) C:\Users\True\Desktop\FRST64.exe
2014-11-25 09:06 - 2014-11-26 20:53 - 00000000 ____D () C:\Users\True\Desktop\FRST-OlderVersion
2014-11-22 12:49 - 2014-11-22 14:32 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-11-22 12:42 - 2014-11-25 08:56 - 00000000 ____D () C:\Users\True\Desktop\MBAR
2014-11-20 06:15 - 2014-11-20 06:15 - 00000000 ____D () C:\Users\True\Downloads\FRST-OlderVersion
2014-11-19 19:09 - 2014-11-19 19:09 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-11-19 19:08 - 2014-11-19 19:09 - 02347384 _____ (ESET) C:\Users\True\Downloads\esetsmartinstaller_enu.exe
2014-11-19 17:56 - 2014-11-19 17:56 - 02140160 _____ () C:\Users\True\Desktop\AdwCleaner(1).exe
2014-11-19 17:50 - 2014-11-19 17:50 - 00000678 _____ () C:\Users\True\Desktop\JRT.txt
2014-11-19 17:44 - 2014-11-26 20:54 - 00000000 ____D () C:\Users\True\AppData\Local\CrashDumps
2014-11-19 17:43 - 2014-11-19 17:43 - 00000000 ____D () C:\Windows\ERUNT
2014-11-19 17:39 - 2014-11-19 17:39 - 01707532 _____ (Thisisu) C:\Users\True\Desktop\JRT.exe
2014-11-18 16:55 - 2014-11-09 18:19 - 00991232 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-18 16:55 - 2014-11-09 18:19 - 00806400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-18 16:55 - 2014-11-09 18:18 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-18 16:55 - 2014-11-09 18:18 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-17 19:44 - 2014-11-17 19:44 - 00004637 _____ () C:\Users\True\Desktop\RKreport_SCN_11172014_194138.log
2014-11-17 19:21 - 2014-11-17 19:21 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-11-17 19:20 - 2014-11-17 19:20 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-11-17 19:16 - 2014-11-17 19:18 - 17535064 _____ () C:\Users\True\Desktop\RogueKillerX64.exe
2014-11-17 17:06 - 2014-11-17 17:06 - 00000000 ____D () C:\Users\True\Desktop\11-17-2014
2014-11-17 17:04 - 2014-11-17 17:04 - 00000947 _____ () C:\Users\True\Desktop\NTREGOPT.lnk
2014-11-17 17:04 - 2014-11-17 17:04 - 00000928 _____ () C:\Users\True\Desktop\ERUNT.lnk
2014-11-17 17:04 - 2014-11-17 17:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-11-17 17:04 - 2014-11-17 17:04 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-11-17 17:02 - 2014-11-17 17:02 - 00791393 _____ (Lars Hederer ) C:\Users\True\Downloads\erunt-setup.exe
2014-11-17 17:01 - 2014-11-17 17:01 - 00003940 _____ () C:\Users\True\Desktop\Rkill report.txt
2014-11-17 16:58 - 2014-11-17 17:01 - 00003940 _____ () C:\Users\True\Desktop\Rkill.txt
2014-11-17 16:56 - 2014-11-17 16:56 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\True\Desktop\rkill.exe
2014-11-14 19:05 - 2014-11-14 19:07 - 00037343 _____ () C:\Users\True\Downloads\Addition.txt
2014-11-14 19:03 - 2014-11-28 19:11 - 00000000 ____D () C:\FRST
2014-11-14 19:03 - 2014-11-20 06:17 - 00053536 _____ () C:\Users\True\Downloads\FRST.txt
2014-11-14 18:50 - 2014-11-20 06:15 - 02117120 _____ (Farbar) C:\Users\True\Downloads\FRST64.exe
2014-11-14 18:23 - 2014-11-19 18:21 - 00000000 ____D () C:\AdwCleaner
2014-11-14 18:20 - 2014-11-14 18:21 - 02140160 _____ () C:\Users\True\Downloads\AdwCleaner.exe
2014-11-14 16:26 - 2014-11-14 16:26 - 00000000 __SHD () C:\Users\True\AppData\Local\EmieBrowserModeList
2014-11-11 19:43 - 2014-11-11 19:43 - 00001182 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-11-11 19:43 - 2014-11-11 19:43 - 00001170 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-11-11 19:43 - 2014-11-11 19:43 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-11 19:30 - 2014-11-11 19:30 - 00244088 _____ () C:\Users\True\Downloads\Firefox Setup Stub 33.1.exe
2014-11-11 15:14 - 2014-10-31 00:28 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-11 15:13 - 2014-10-30 22:42 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-11 15:10 - 2014-10-30 22:59 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-11 15:09 - 2014-10-30 23:50 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-11 15:09 - 2014-10-30 21:46 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-11 15:09 - 2014-10-30 21:30 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-11 15:08 - 2014-10-31 00:06 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-11 15:08 - 2014-10-31 00:05 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-11 15:08 - 2014-10-30 23:53 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-11 15:08 - 2014-10-30 23:51 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-11-11 15:08 - 2014-10-30 23:50 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-11 15:08 - 2014-10-30 23:38 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-11 15:08 - 2014-10-30 23:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-11 15:08 - 2014-10-30 23:15 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2014-11-11 15:08 - 2014-10-30 23:08 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-11-11 15:08 - 2014-10-30 23:05 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-11 15:08 - 2014-10-30 23:03 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-11 15:08 - 2014-10-30 22:45 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-11 15:08 - 2014-10-30 22:44 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-11-11 15:08 - 2014-10-30 22:32 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-11 15:08 - 2014-10-30 22:24 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-11 15:08 - 2014-10-30 22:20 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-11 15:08 - 2014-10-30 22:18 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-11 15:08 - 2014-10-30 22:13 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-11 15:08 - 2014-10-30 22:12 - 00661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-11-11 15:08 - 2014-10-30 22:11 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-11 15:08 - 2014-10-30 22:02 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-11 15:08 - 2014-10-30 21:50 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-11 15:08 - 2014-10-30 21:46 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2014-11-11 15:08 - 2014-10-30 21:42 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-11-11 15:08 - 2014-10-30 21:40 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-11 15:08 - 2014-10-30 21:39 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-11 15:08 - 2014-10-30 21:17 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-11 15:08 - 2014-10-30 21:13 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-11 15:08 - 2014-10-30 21:11 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-11 15:07 - 2014-10-31 00:09 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-11-11 15:07 - 2014-10-31 00:06 - 00237568 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-11-11 15:07 - 2014-10-31 00:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-11 15:07 - 2014-10-31 00:05 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-11-11 15:07 - 2014-10-31 00:04 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-11 15:07 - 2014-10-30 23:57 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-11 15:07 - 2014-10-30 23:54 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-11-11 15:07 - 2014-10-30 23:52 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2014-11-11 15:07 - 2014-10-30 23:51 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-11 15:07 - 2014-10-30 23:51 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-11 15:07 - 2014-10-30 23:40 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-11-11 15:07 - 2014-10-30 23:30 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-11 15:07 - 2014-10-30 23:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-11-11 15:07 - 2014-10-30 23:29 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-11-11 15:07 - 2014-10-30 23:28 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-11-11 15:07 - 2014-10-30 23:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-11 15:07 - 2014-10-30 23:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-11 15:07 - 2014-10-30 23:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-11-11 15:07 - 2014-10-30 23:23 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-11-11 15:07 - 2014-10-30 23:19 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-11-11 15:07 - 2014-10-30 23:06 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-11 15:07 - 2014-10-30 23:05 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-11 15:07 - 2014-10-30 22:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-11-11 15:07 - 2014-10-30 22:28 - 00137728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-11-11 15:07 - 2014-10-30 22:27 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-11-11 15:07 - 2014-10-30 22:26 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-11-11 15:07 - 2014-10-30 22:24 - 00235520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-11-11 15:07 - 2014-10-30 22:24 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-11 15:07 - 2014-10-30 22:23 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-11-11 15:07 - 2014-10-30 22:23 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-11 15:07 - 2014-10-30 22:22 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-11 15:07 - 2014-10-30 22:16 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-11 15:07 - 2014-10-30 22:15 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-11 15:07 - 2014-10-30 22:14 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-11-11 15:07 - 2014-10-30 22:13 - 00099328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2014-11-11 15:07 - 2014-10-30 22:12 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-11 15:07 - 2014-10-30 22:03 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-11-11 15:07 - 2014-10-30 21:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-11 15:07 - 2014-10-30 21:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-11-11 15:07 - 2014-10-30 21:56 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-11-11 15:07 - 2014-10-30 21:56 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-11-11 15:07 - 2014-10-30 21:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-11 15:07 - 2014-10-30 21:53 - 00052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-11-11 15:07 - 2014-10-30 21:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-11 15:07 - 2014-10-30 21:51 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-11-11 15:07 - 2014-10-30 21:48 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-11-11 15:07 - 2014-10-30 21:40 - 00325632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-11 15:07 - 2014-10-30 21:26 - 01042944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-11-11 15:07 - 2014-10-30 21:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-11-11 15:06 - 2014-10-31 00:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-11-11 15:06 - 2014-10-31 00:12 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-11-11 15:06 - 2014-10-31 00:10 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-11-11 15:06 - 2014-10-31 00:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-11-11 15:06 - 2014-10-31 00:06 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-11 15:06 - 2014-10-30 23:56 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-11 15:06 - 2014-10-30 22:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-11-11 15:06 - 2014-10-30 22:25 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-11-11 15:00 - 2014-10-10 19:58 - 03320320 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-11 15:00 - 2014-10-10 19:53 - 03607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-11 15:00 - 2014-10-08 02:09 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-11-11 15:00 - 2014-10-08 00:32 - 02773504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-11-11 15:00 - 2014-10-08 00:19 - 02459136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-11-11 15:00 - 2014-09-21 23:38 - 01519488 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2014-11-11 15:00 - 2014-09-21 22:06 - 00258368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-11-11 15:00 - 2014-09-21 22:06 - 00114496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2014-11-11 15:00 - 2014-09-21 21:49 - 00035320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-11-11 15:00 - 2014-09-18 19:16 - 01346048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2014-11-11 15:00 - 2014-09-02 17:08 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\winshfhc.dll
2014-11-11 15:00 - 2014-09-02 17:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winshfhc.dll
2014-11-11 14:59 - 2014-10-17 02:01 - 00789184 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-11 14:59 - 2014-10-12 21:33 - 00116032 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-11-11 14:59 - 2014-10-09 20:58 - 00177472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-11 14:59 - 2014-10-09 20:58 - 00027456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-11-11 14:59 - 2014-10-09 20:44 - 00563976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-11-11 14:59 - 2014-10-08 02:37 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-11 14:59 - 2014-10-08 02:37 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-11 14:59 - 2014-10-08 02:34 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-11-11 14:59 - 2014-10-08 02:30 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-11-11 14:59 - 2014-10-08 02:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\rfxvmt.dll
2014-11-11 14:59 - 2014-10-08 01:56 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2014-11-11 14:59 - 2014-10-08 01:51 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-11 14:59 - 2014-10-08 01:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-11 14:59 - 2014-10-08 01:27 - 00325120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-11-11 14:59 - 2014-10-08 01:18 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2014-11-11 14:59 - 2014-10-08 01:17 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-11 14:59 - 2014-10-08 00:23 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-11-11 14:59 - 2014-09-27 02:13 - 00104336 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2014-11-11 14:59 - 2014-09-27 00:24 - 00088800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2014-11-11 14:59 - 2014-09-26 22:38 - 00426496 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-11 14:59 - 2014-09-26 22:30 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2014-11-11 14:59 - 2014-09-26 22:17 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-11 14:58 - 2014-10-18 04:55 - 00055776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-11-11 14:58 - 2014-10-18 03:09 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-11-11 14:58 - 2014-10-18 03:09 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-11-11 14:58 - 2014-10-18 02:25 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-11-11 14:58 - 2014-10-18 01:50 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
2014-11-11 14:58 - 2014-10-18 01:38 - 03557376 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-11-11 14:58 - 2014-10-18 01:27 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-11-11 14:58 - 2014-10-18 01:26 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-11-11 14:58 - 2014-10-18 01:23 - 00407552 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-11-11 14:58 - 2014-10-18 01:23 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-11-11 14:58 - 2014-10-18 01:21 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-11-11 14:58 - 2014-10-18 01:20 - 01714176 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-11-11 14:58 - 2014-10-18 01:14 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-11-11 14:58 - 2014-10-18 01:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-11-11 14:58 - 2014-10-18 01:12 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-11-11 14:58 - 2014-10-18 01:11 - 00723968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-11-11 14:58 - 2014-10-17 01:58 - 00602768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-11 14:55 - 2014-10-23 00:48 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-11 14:55 - 2014-10-23 00:05 - 00072192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-11 14:55 - 2014-10-07 01:28 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-11 14:55 - 2014-10-07 01:27 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-11 14:55 - 2014-10-07 01:27 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-11 14:55 - 2014-10-07 01:27 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-11-11 14:55 - 2014-10-07 01:27 - 00108432 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-11 14:55 - 2014-10-06 22:34 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-11 14:55 - 2014-10-06 22:34 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-11 14:55 - 2014-10-06 22:33 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-11 14:55 - 2014-10-06 22:30 - 04182016 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-11 14:55 - 2014-10-06 20:54 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2014-11-11 14:55 - 2014-10-06 20:46 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-11 14:55 - 2014-08-23 00:18 - 02149376 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-11 14:55 - 2014-08-23 00:03 - 01346048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-11 14:54 - 2014-09-10 01:25 - 00474432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-11-11 14:54 - 2014-09-07 22:07 - 02497344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-11-11 14:54 - 2014-09-04 17:30 - 00822272 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-11-11 14:54 - 2014-09-04 17:21 - 01053184 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-11-11 14:54 - 2014-09-03 22:05 - 00836176 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2014-11-11 14:54 - 2014-09-03 21:22 - 00670384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2014-11-11 14:54 - 2014-09-03 20:01 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2014-11-11 14:54 - 2014-09-03 19:32 - 00334336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2014-11-11 14:54 - 2014-08-30 19:17 - 00148800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2014-11-11 14:54 - 2014-08-30 19:15 - 21197152 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-11-11 14:54 - 2014-08-30 17:59 - 18723112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-11-11 14:54 - 2014-08-30 16:04 - 00941568 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2014-11-11 14:54 - 2014-08-30 15:17 - 00799744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2014-11-11 14:54 - 2014-08-27 21:55 - 07484224 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-11-11 14:54 - 2014-08-27 19:21 - 02480128 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-11-11 14:54 - 2014-08-27 19:06 - 02030592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-11-11 14:54 - 2014-08-23 00:14 - 13424128 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-11-11 14:54 - 2014-08-23 00:04 - 11820544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-11-11 14:54 - 2014-08-22 23:50 - 02714112 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2014-11-11 14:53 - 2014-09-07 22:07 - 00428864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-11-11 14:53 - 2014-09-07 17:08 - 00389176 _____ () C:\Windows\system32\ApnDatabase.xml
2014-11-11 14:53 - 2014-08-30 17:05 - 00615424 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOMEX.dll
2014-11-11 14:53 - 2014-08-30 16:58 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\FXSAPI.dll
2014-11-11 14:53 - 2014-08-30 15:53 - 00239104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FXSAPI.dll
2014-11-11 14:53 - 2014-08-01 19:51 - 00545792 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2014-11-11 14:53 - 2014-08-01 19:35 - 00485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2014-11-11 13:58 - 2014-11-26 20:50 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-11 13:57 - 2014-11-11 13:57 - 00001125 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-11 13:57 - 2014-11-11 13:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-11 13:56 - 2014-11-22 12:48 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-11 13:56 - 2014-10-01 11:11 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-11 13:56 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-11 13:55 - 2014-11-11 13:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-11 13:55 - 2014-11-11 13:55 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-11 13:51 - 2014-11-11 13:54 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\True\Downloads\mbam-setup-2.0.3.1025.exe
2014-11-11 13:39 - 2014-11-17 17:04 - 00000000 ____D () C:\Users\True\Desktop\SOA
2014-11-10 19:10 - 2014-11-13 19:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-07 12:44 - 2014-11-07 12:44 - 00244152 _____ () C:\Users\True\Downloads\Firefox Setup Stub 33.0.3.exe
2014-11-07 12:16 - 2014-11-07 12:18 - 15047896 _____ (DeskSite) C:\Users\True\Downloads\install_colts_desksite.exe
2014-11-06 13:40 - 2014-11-06 13:40 - 00244032 _____ () C:\Users\True\Downloads\Firefox Setup Stub 33.0.2.exe
2014-11-06 09:28 - 2013-08-22 08:25 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20141106-092815.backup
2014-11-05 23:05 - 2014-11-05 23:05 - 00001414 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-11-05 23:05 - 2014-11-05 23:05 - 00001402 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-11-05 23:05 - 2014-11-05 23:05 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-11-05 23:05 - 2014-11-05 23:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-11-05 23:04 - 2014-11-06 09:10 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-11-05 23:04 - 2014-11-05 23:10 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-11-05 23:04 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-11-05 22:52 - 2014-11-05 23:02 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\True\Downloads\spybot-2.4.exe
2014-11-05 22:36 - 2014-11-14 16:27 - 00000000 ____D () C:\Users\True\Desktop\Old Firefox Data
2014-11-04 22:11 - 2014-11-04 22:11 - 00002259 _____ () C:\Windows\epplauncher.mif
2014-11-04 22:07 - 2014-11-04 22:09 - 14087848 _____ (Microsoft Corporation) C:\Users\True\Downloads\mseinstall.exe
2014-10-31 14:01 - 2014-11-28 19:06 - 00003272 _____ () C:\Windows\System32\Tasks\Jelbrus Secure Web Task
2014-10-31 14:01 - 2014-10-31 14:01 - 00000000 ____D () C:\Program Files (x86)\Jelbrus Secure Web
2014-10-31 13:58 - 2014-11-11 13:12 - 00073728 _____ () C:\Windows\SysWOW64\tasks.dll
2014-10-30 12:26 - 2014-10-30 12:26 - 00000000 ____D () C:\Users\True\.swt
2014-10-30 12:24 - 2014-10-30 19:24 - 00000000 ____D () C:\Users\True\AppData\Roaming\Azureus
2014-10-30 12:17 - 2014-10-30 12:17 - 00072008 _____ (Azureus Software, Inc.) C:\Users\True\Downloads\VuzeBittorrentClientInstaller.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-28 19:10 - 2014-10-26 20:14 - 00004962 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for HOMEPC-True HomePC
2014-11-28 19:09 - 2014-10-17 16:03 - 00000000 ___RD () C:\Users\True\Dropbox
2014-11-28 19:09 - 2014-10-17 15:57 - 00000000 ____D () C:\Users\True\AppData\Roaming\Dropbox
2014-11-28 19:09 - 2014-06-06 20:44 - 00000000 __RDO () C:\Users\True\SkyDrive
2014-11-28 19:07 - 2014-06-06 20:19 - 02071198 _____ () C:\Windows\WindowsUpdate.log
2014-11-28 19:07 - 2013-08-22 09:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-28 19:07 - 2013-08-22 08:25 - 00524288 ___SH () C:\Windows\system32\config\BBI
2014-11-28 19:03 - 2014-06-08 21:07 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-28 19:00 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\system32\sru
2014-11-28 19:00 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-11-26 21:32 - 2013-08-22 10:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-11-26 21:30 - 2014-06-06 20:30 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1734499517-1423219126-3406439121-1002
2014-11-26 21:26 - 2014-06-08 21:07 - 00003718 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-26 21:12 - 2014-06-07 14:49 - 00000000 ____D () C:\Users\True\Desktop\Geneology
2014-11-26 21:11 - 2013-08-26 01:09 - 00956476 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-26 21:07 - 2014-06-06 20:27 - 00000000 ____D () C:\Users\True\Documents\Youcam
2014-11-26 20:45 - 2014-06-06 20:51 - 00003914 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{E44FF485-5807-49FF-B743-482D2C37A352}
2014-11-21 18:25 - 2014-06-22 17:04 - 00695808 ___SH () C:\Users\True\Desktop\Thumbs.db
2014-11-21 18:22 - 2013-08-26 01:01 - 00124390 _____ () C:\Windows\PFRO.log
2014-11-21 13:40 - 2014-06-07 21:17 - 00000000 ____D () C:\Users\True\Desktop\True Woodcarving Books
2014-11-20 20:37 - 2014-07-27 16:21 - 00003154 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForTrue
2014-11-20 20:37 - 2014-07-27 16:21 - 00000342 _____ () C:\Windows\Tasks\HPCeeScheduleForTrue.job
2014-11-20 15:51 - 2014-10-25 20:31 - 00714208 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-20 15:51 - 2014-10-25 20:31 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-18 17:16 - 2014-10-26 18:21 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-11-16 17:23 - 2014-06-09 09:24 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-11-16 17:23 - 2014-06-09 09:24 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-11-14 20:32 - 2013-08-22 10:36 - 00000000 ____D () C:\Windows\rescache
2014-11-14 18:47 - 2014-10-17 16:03 - 00001070 _____ () C:\Users\True\Desktop\Dropbox.lnk
2014-11-14 18:47 - 2014-10-17 16:02 - 00000000 ____D () C:\Users\True\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-11-12 15:13 - 2014-06-07 15:50 - 00000000 ____D () C:\Users\True\Desktop\Randy
2014-11-11 18:18 - 2013-08-22 09:44 - 00484248 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-11 18:16 - 2014-03-25 14:47 - 00000000 ____D () C:\Windows\Options
2014-11-11 18:14 - 2013-08-22 10:36 - 00000000 ___RD () C:\Windows\ToastData
2014-11-11 18:14 - 2013-08-22 10:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2014-11-11 18:14 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-11 18:14 - 2013-08-22 10:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-11 18:14 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-11-11 18:14 - 2013-08-22 10:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-11-11 15:31 - 2014-06-07 10:42 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-11 15:22 - 2014-06-09 08:54 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-11 15:16 - 2014-06-09 08:54 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-11 13:08 - 2014-07-22 13:51 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-11-11 09:23 - 2014-06-07 15:35 - 00000000 ____D () C:\Users\True\Desktop\Debbie Carvings
2014-11-07 15:47 - 2014-09-03 18:56 - 00000000 ____D () C:\Program Files (x86)\Legacy8
2014-11-04 22:56 - 2014-03-25 15:06 - 00000000 ____D () C:\ProgramData\McAfee
2014-11-04 22:56 - 2014-03-25 15:06 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-11-04 22:53 - 2013-08-22 10:36 - 00000000 ___HD () C:\Windows\ELAMBKUP
2014-11-04 22:51 - 2014-01-18 12:39 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2014-11-04 22:45 - 2014-06-06 20:24 - 00000000 ____D () C:\Users\True\AppData\Local\Packages
2014-11-03 20:50 - 2013-08-22 08:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-10-30 12:26 - 2014-06-06 20:24 - 00000000 ____D () C:\Users\True
2014-10-30 06:25 - 2014-08-20 14:01 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\True\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmumy75.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-21 11:33

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 26-11-2014 01
Ran by True at 2014-11-28 19:13:57
Running from C:\Users\True\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Airport Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
AMD Catalyst Install Manager (HKLM\...\{FA071D2C-FB23-9D66-88DB-8B3B1CEBEDDC}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Curse at Twilight (x32 Version: 3.0.2.32 - WildTangent) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.5.6902 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.6.3728 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.5.3416 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3.3709 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.2.3618 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dropbox (HKU\S-1-5-21-1734499517-1423219126-3406439121-1002\...\Dropbox) (Version: 2.10.52 - Dropbox, Inc.)
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version:  - Lars Hederer)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Fishdom 3: Collector's Edition (x32 Version: 3.0.2.38 - WildTangent) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden
HP Documentation (HKLM-x32\...\{D82B396E-A647-4C81-9DA4-C61F7BB620EC}) (Version: 1.1.0.0 - Hewlett-Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Photosmart 5510 series Basic Device Software (HKLM\...\{CFF43B48-42A1-4967-9506-7E341BBD075F}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Photosmart 5510 series Help (HKLM-x32\...\{E02964EA-0E1B-4620-A26E-CBAB0341B1BB}) (Version: 140.0.2.2 - Hewlett Packard)
HP Photosmart 5510 series Product Improvement Study (HKLM\...\{CBB98874-7884-4CC1-A78C-CB53C62BC77B}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7372.4698 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.00.57 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{8C696B4B-6AB1-44BC-9416-96EAC474CABE}) (Version: 7.5.2.12 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{D2F04839-0AD0-4F06-A6B5-6DFF05E27B67}) (Version: 11.50.0019 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{DEF23826-DB71-4654-BC00-D5D6C20802EA}) (Version: 1.1.4 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
HP Utility Center (HKLM\...\{891A1782-8B20-4403-8383-458962525926}) (Version: 2.3.4 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Inst5675 (Version: 8.00.57 - Softex Inc.) Hidden
Inst5676 (Version: 8.00.57 - Softex Inc.) Hidden
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
Legacy 8.0 (HKLM-x32\...\Legacy 8.0) (Version: 8.0  - Millennia Corporation)
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mahjongg Dimensions Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1734499517-1423219126-3406439121-1002\...\OneDriveSetup.exe) (Version: 17.3.1229.0918 - Microsoft Corporation)
Microsoft OneNote 2013 - en-us (HKLM\...\OneNoteFreeRetail - en-us) (Version: 15.0.4667.1002 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 33.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 en-US)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 33.1 - Mozilla)
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
OEM Application Profile (HKLM-x32\...\{70D5F822-F4C4-33D9-7EEC-2A4AF4EA7BDC}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4667.1002 - Microsoft Corporation) Hidden
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Pinger (HKLM-x32\...\Pinger 1.4.0.1) (Version: 1.4.0.1 - Pinger Inc.)
Pinger (x32 Version: 1.4.0.1 - Pinger Inc.) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29075 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 8.24.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7156 - Realtek Semiconductor Corp.)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.0.4.0 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HP Games) (x32 Version: 4.0.10.15 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1734499517-1423219126-3406439121-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\True\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1734499517-1423219126-3406439121-1002_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\True\AppData\Local\Microsoft\SkyDrive\17.3.1229.0918\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1734499517-1423219126-3406439121-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\True\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1734499517-1423219126-3406439121-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\True\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1734499517-1423219126-3406439121-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\True\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1734499517-1423219126-3406439121-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\True\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1734499517-1423219126-3406439121-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\True\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1734499517-1423219126-3406439121-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\True\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1734499517-1423219126-3406439121-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\True\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1734499517-1423219126-3406439121-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\True\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

11-11-2014 17:05:34 Cleaner (Spybot - Search & Destroy 2.4, administrator privileges
18-11-2014 22:31:09 Windows Update
27-11-2014 02:31:04 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 08:25 - 2014-11-06 09:28 - 00450713 ___RA C:\Windows\system32\Drivers\etc\hosts
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1001namen.com
127.0.0.1    www.1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123fporn.info
127.0.0.1    www.123fporn.info
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0390F844-8BB8-4CF2-8B6A-333B34585420} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN191045FP05NR => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
Task: {1F999654-F0FA-4ED7-B6CC-BF747915E701} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-08-05] (CyberLink)
Task: {2DCE66DC-4EC1-4969-A8A6-90B5FDBDA48C} - System32\Tasks\HPCeeScheduleForTrue => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {3A01E48A-8DC2-4267-92AE-C82215F7CEF1} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-11-11] (Microsoft Corporation)
Task: {3FEE3CEB-BC79-45F5-B477-F98F63967A10} - System32\Tasks\Microsoft Office 15 Sync Maintenance for HOMEPC-True HomePC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-09-23] (Microsoft Corporation)
Task: {58129A26-74CB-4553-8BD5-9814AE98D6CE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)
Task: {632829CF-193A-42C0-A92B-FAC82F8EF5CA} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2013-12-13] (Synaptics Incorporated)
Task: {65828A87-D349-48FA-8777-5D15D920D332} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1734499517-1423219126-3406439121-1002 => %localappdata%\Microsoft\SkyDrive\SkyDrive.exe
Task: {84F919F4-E2FA-48C7-A521-1FD7702876CF} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {87538E65-DB38-4BBE-AB07-472B10B4299D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-10-07] (Microsoft Corporation)
Task: {98EA16A6-70E5-4DFB-9193-EFA7CA8E6769} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {9AEAAAFB-7FF9-4217-83B0-4541E87B93BA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-11-26] (Adobe Systems Incorporated)
Task: {9F4D2CFC-A8B0-49E9-863B-8FC373E54C0A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
Task: {B25607C2-D153-4846-901E-EC7F57B7CCF4} - System32\Tasks\Jelbrus Secure Web Task => C:\Program Files (x86)\Jelbrus Secure Web\jswtask.exe [2014-10-31] (Jelbrus)
Task: {C14DD66F-61DA-48B4-8A39-1F2A71C36C88} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2013-12-17] (CyberLink Corp.)
Task: {C605FB90-B3E9-4290-9111-7908D68CA9EF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe
Task: {C754D718-617D-4B41-9C40-36DC14E713DE} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe
Task: {CA4671AD-3A46-4C05-B23C-B6843DAAAF40} - System32\Tasks\HPCustParticipation HP Photosmart 5510 series => C:\Program Files\HP\HP Photosmart 5510 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {EB87482D-A23B-4E11-BEFE-22A3B8646C74} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2014-01-13] (Hewlett-Packard Company)
Task: {F39B73B7-D933-4537-904C-C8749C2BE318} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe
Task: {FA59E05D-50C3-4F1B-A01F-FB928C8D37E2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-10-21] (Hewlett-Packard)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\HPCeeScheduleForTrue.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Loaded Modules (whitelisted) =============

2013-10-14 14:23 - 2013-10-14 14:23 - 00109568 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachesrvr.exe
2013-10-14 14:24 - 2013-10-14 14:24 - 00627200 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cachedrv.dll
2013-10-14 14:25 - 2013-10-14 14:25 - 02541056 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2013-10-14 14:22 - 2013-10-14 14:22 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2013-10-14 14:22 - 2013-10-14 14:22 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2013-10-14 14:22 - 2013-10-14 14:22 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2013-10-14 14:35 - 2013-10-14 14:35 - 00306064 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2013-10-14 14:35 - 2013-10-14 14:35 - 01297296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2013-12-11 17:12 - 2013-12-11 17:12 - 00099328 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
2013-12-11 17:11 - 2013-12-11 17:11 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2014-10-26 18:21 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2014-11-18 17:13 - 2014-09-23 08:36 - 08897696 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-10-14 14:30 - 2013-10-14 14:30 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2014-11-05 23:04 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-11-05 23:04 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-11-05 23:04 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-11-05 23:04 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-11-05 23:04 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-03-25 15:05 - 2013-08-05 02:49 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-08-05 17:48 - 2013-08-05 17:48 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2014-11-28 19:09 - 2014-11-28 19:09 - 00043008 _____ () c:\users\true\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpmumy75.dll
2013-08-23 14:01 - 2013-08-23 14:01 - 25100288 _____ () C:\Users\True\AppData\Roaming\Dropbox\bin\libcef.dll
2014-11-18 16:50 - 2014-11-18 16:50 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2014-11-11 19:43 - 2014-11-06 19:09 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-11-18 17:12 - 2014-11-18 17:12 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2014-11-18 16:50 - 2014-11-18 16:50 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
2014-03-25 15:00 - 2011-08-23 21:39 - 00081920 _____ () C:\Program Files (x86)\CyberLink\YouCam\koan\_ctypes.pyd
2014-03-25 15:00 - 2011-08-23 21:39 - 00053248 _____ () C:\Program Files (x86)\CyberLink\YouCam\koan\_socket.pyd
2014-03-25 15:00 - 2011-08-23 21:39 - 00655360 _____ () C:\Program Files (x86)\CyberLink\YouCam\koan\_ssl.pyd

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\True\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-1734499517-1423219126-3406439121-500 - Administrator - Disabled)
Guest (S-1-5-21-1734499517-1423219126-3406439121-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1734499517-1423219126-3406439121-1004 - Limited - Enabled)
True (S-1-5-21-1734499517-1423219126-3406439121-1002 - Administrator - Enabled) => C:\Users\True

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (11/28/2014 07:00:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 163247203

Error: (11/28/2014 07:00:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 163247203

Error: (11/28/2014 07:00:07 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/26/2014 09:39:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1563

Error: (11/26/2014 09:39:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1563

Error: (11/26/2014 09:39:21 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/26/2014 08:58:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 33.1.0.5423, time stamp: 0x545c0a59
Faulting module name: mozalloc.dll, version: 33.1.0.5423, time stamp: 0x545be5ee
Exception code: 0x80000003
Fault offset: 0x00001425
Faulting process id: 0xd38
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
Faulting package full name: plugin-container.exe4
Faulting package-relative application ID: plugin-container.exe5

Error: (11/26/2014 08:54:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 33.1.0.5423, time stamp: 0x545c0a59
Faulting module name: mozalloc.dll, version: 33.1.0.5423, time stamp: 0x545be5ee
Exception code: 0x80000003
Fault offset: 0x00001425
Faulting process id: 0x188
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
Faulting package full name: plugin-container.exe4
Faulting package-relative application ID: plugin-container.exe5

Error: (11/26/2014 08:54:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FRST64.exe, version: 26.11.2014.1, time stamp: 0x547609fc
Faulting module name: FRST64.exe, version: 26.11.2014.1, time stamp: 0x547609fc
Exception code: 0xc0000005
Fault offset: 0x0000000000024a00
Faulting process id: 0x978
Faulting application start time: 0xFRST64.exe0
Faulting application path: FRST64.exe1
Faulting module path: FRST64.exe2
Report Id: FRST64.exe3
Faulting package full name: FRST64.exe4
Faulting package-relative application ID: FRST64.exe5

Error: (11/25/2014 09:30:51 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.


System errors:
=============
Error: (11/26/2014 08:45:26 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMScheduler service.

Error: (11/25/2014 09:20:42 AM) (Source: DCOM) (EventID: 10001) (User: HOMEPC)
Description: "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exe" -ServerName:Microsoft.WindowsLive.Platform.Server15616Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mcaUnavailableUnavailable

Error: (11/25/2014 09:20:42 AM) (Source: DCOM) (EventID: 10001) (User: HOMEPC)
Description: "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exe" -ServerName:Microsoft.WindowsLive.Platform.Server15616Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mcaUnavailableUnavailable

Error: (11/25/2014 09:20:42 AM) (Source: DCOM) (EventID: 10001) (User: HOMEPC)
Description: "C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\LiveComm.exe" -ServerName:Microsoft.WindowsLive.Platform.Server15616Microsoft.WindowsLive.Mail.AppXj3e9v0xw9sf8t58nqr15tqqb2yq4zsfg.mcaUnavailableUnavailable

Error: (11/25/2014 09:20:42 AM) (Source: DCOM) (EventID: 10010) (User: HOMEPC)
Description: Microsoft.WindowsLive.Mail.AppXchpnq3xrg3grbgjnhp88jn3v9r1xskxr.mca

Error: (11/25/2014 09:20:35 AM) (Source: DCOM) (EventID: 10010) (User: HOMEPC)
Description: Microsoft.WindowsLive.Mail.AppXchpnq3xrg3grbgjnhp88jn3v9r1xskxr.mca

Error: (11/25/2014 09:00:03 AM) (Source: DCOM) (EventID: 10010) (User: HOMEPC)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (11/21/2014 11:33:46 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AppX Deployment Service (AppXSVC) service failed to start due to the following error:
%%1053

Error: (11/21/2014 11:33:46 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the AppX Deployment Service (AppXSVC) service to connect.


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-11-25 09:24:58.694
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-20 03:17:50.145
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-14 18:58:44.801
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-10 22:03:44.355
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-07 12:36:15.161
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-11-05 21:42:50.283
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-10-25 21:49:38.238
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-08-20 17:23:47.703
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: AMD E1-2100 APU with Radeon HD Graphics
Percentage of memory in use: 43%
Total physical RAM: 3537.01 MB
Available physical RAM: 1994.57 MB
Total Pagefile: 4305.01 MB
Available Pagefile: 2630.08 MB
Total Virtual: 131072 MB
Available Virtual: 131071.83 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:446.21 GB) (Free:390.61 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:18.67 GB) (Free:1.88 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 3F95D415)

Partition: GPT Partition Type.

==================== End Of Log ============================

Link to post
Share on other sites