Jump to content

Backdoor.bot found - Removal of other suspected files please.


kelro
 Share

Recommended Posts

Some advice on further checks I can make to find any remaining infections would be much appreciated. I have added the log below.

 

Scan Date: 19/11/2014
Scan Time: 20:24:12
Logfile:
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.19.07
Rootkit Database: v2014.11.18.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Alex

Scan Type: Custom Scan
Result: Completed
Objects Scanned: 492987
Time Elapsed: 25 min, 53 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
Backdoor.Bot, C:\Users\Alex\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\caae4b001253909f\120712-0049\Att\20001624\IMG00009778.zip, Quarantined, [b689003d0c7012240074493a18e916ea],

Physical Sectors: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

  • Root Admin

Hello and :welcome:

Please read the following and post back the logs when ready and we'll see about getting you cleaned up.

General P2P/Piracy Warning:

If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Before we proceed further, please read all of the following instructions carefully.

If there is anything that you do not understand kindly ask before proceeding.

If needed please print out these instructions.

  • Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text.
  • If the log is too large then you can use attachments by clicking on the More Reply Options button.
  • Please enable your system to show hidden files: How to see hidden files in Windows
  • Make sure you're subscribed to this topic:
    • Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly
  • Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive
  • Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you.
  • The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue.
  • You can check here if you're not sure if your computer is 32-bit or 64-bit
  • Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners.
  • When we are done, I'll give you instructions on how to cleanup all the tools and logs
  • Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.
  • Your topic will be closed if you haven't replied within 3 days
  • (If I have not responded within 24 hours, please send me a Private Message as a reminder)
STEP 0

RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes

so that your normal security software can then run and clean your computer of infections.

When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies

that stop us from using certain tools. When finished it will display a log file that shows the processes that were

terminated while the program was running.

As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot

your computer as any malware processes that are configured to start automatically will just be started again.

Instead, after running RKill you should immediately scan your computer using the requested scans I've included.

Please download Rkill by Grinler from one of the links below and save it to your desktop.

Link 1

Link 2

  • On Windows XP double-click on the Rkill desktop icon to run the tool.
  • On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
  • If the tool does not run from any of the links provided, please let me know.
  • Do not reboot the computer, you will need to run the application again.
STEP 01

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

  • Please download ERUNT from one of the following links: Link1 | Link2 | Link3
  • ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.
  • Double click on erunt-setup.exe to Install ERUNT by following the prompts.
  • NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO.
  • Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process.
  • Choose a location for the backup.
    • Note: the default location is C:\Windows\ERDNT which is acceptable.
  • Make sure that at least the first two check boxes are selected.
  • Click on OK
  • Then click on YES to create the folder.
  • Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe
STEP 02

Please run a Threat Scan with MBAM. If you're unable to run or complete the scan as shown below please see the following: MBAM Clean Removal Process 2x

When reinstalling the program please try the latest version.

Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link

Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.

Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

STEP 03

Please download RogueKiller and save it to your desktop.

You can check here if you're not sure if your computer is 32-bit or 64-bit

  • RogueKiller 32-bit | RogueKiller 64-bit
  • Quit all running programs.
  • For Windows XP, double-click to start.
  • For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.
  • Read and accept the EULA (End User Licene Agreement)
  • Click Scan to scan the system.
  • When the scan completes Close the program > Don't Fix anything!
  • Don't run any other options, they're not all bad!!
  • Post back the report which should be located on your desktop.
Thank you
Link to post
Share on other sites

Rkill 2.6.8 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/21/2014 10:58:43 PM in x64 mode.
Windows Version: Windows 8.1 Enterprise

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * Windows Defender Disabled

   [HKLM\SOFTWARE\Microsoft\Windows Defender]
   "DisableAntiSpyware" = dword:00000001

Checking Windows Service Integrity:

 * E1G60 [Missing Service]

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * No issues found.

Program finished at: 11/21/2014 10:58:57 PM
Execution time: 0 hours(s), 0 minute(s), and 13 seconds(s)

I've followed the steps up to Step 02. It's scanning at the moment. Once finihsed I'll continue.

Link to post
Share on other sites

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 21/11/2014
Scan Time: 23:02:27
Logfile:
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.21.12
Rootkit Database: v2014.11.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Alex

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 325895
Time Elapsed: 6 min, 57 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

  • Root Admin

Did you disable your antivirus before running it?

Let me have you try the following

Please download Malwarebytes Anti-Rootkit from HERE

If needed there is a self help tutorial here: MBAR tutorial

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt
Link to post
Share on other sites

Did you disable your antivirus before running it?

Let me have you try the following

Please download Malwarebytes Anti-Rootkit from HERE

If needed there is a self help tutorial here: MBAR tutorial

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder... mbar-log.txt and system-log.txt

 

Yes I disabled everything.

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.08.2.1001

© Malwarebytes Corporation 2011-2012

OS version: 6.3.9200 Windows 8.1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17416

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, M:\ DRIVE_FIXED

CPU speed: 3.998000 GHz

Memory total: 17050796032, free: 14473129984

Downloaded database version: v2014.11.22.05

Downloaded database version: v2014.11.21.01

=======================================

------------ Kernel report ------------

     11/22/2014 11:13:23

------------ Loaded modules -----------

\SystemRoot\system32\ntoskrnl.exe

\SystemRoot\system32\hal.dll

\SystemRoot\system32\kd.dll

\SystemRoot\system32\mcupdate_GenuineIntel.dll

\SystemRoot\System32\drivers\werkernel.sys

\SystemRoot\System32\drivers\CLFS.SYS

\SystemRoot\System32\drivers\tm.sys

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\BOOTVID.dll

\SystemRoot\system32\CI.dll

\SystemRoot\System32\drivers\msrpc.sys

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\System32\Drivers\acpiex.sys

\SystemRoot\System32\Drivers\WppRecorder.sys

\SystemRoot\System32\drivers\ACPI.sys

\SystemRoot\System32\drivers\WMILIB.SYS

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\msisadrv.sys

\SystemRoot\System32\drivers\pci.sys

\SystemRoot\System32\drivers\vdrvroot.sys

\SystemRoot\system32\drivers\pdc.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\System32\drivers\spaceport.sys

\SystemRoot\System32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\System32\drivers\vmci.sys

\SystemRoot\system32\drivers\vsock.sys

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\System32\drivers\iaStorA.sys

\SystemRoot\System32\drivers\storport.sys

\SystemRoot\System32\drivers\EhStorClass.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\System32\drivers\fileinfo.sys

\SystemRoot\System32\Drivers\Wof.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\DRIVERS\wfplwfs.sys

\SystemRoot\System32\drivers\asstor64.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\System32\drivers\volsnap.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\intelpep.sys

\SystemRoot\System32\drivers\disk.sys

\SystemRoot\System32\drivers\CLASSPNP.SYS

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\drivers\dtsoftbus01.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\BasicRender.sys

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\System32\drivers\BasicDisplay.sys

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\drivers\ws2ifsl.sys

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\csc.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\System32\drivers\npsvctrig.sys

\SystemRoot\System32\drivers\mssmbios.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\SysWow64\drivers\AsUpIO.sys

\SystemRoot\SysWow64\drivers\AsIO.sys

\SystemRoot\system32\DRIVERS\ahcache.sys

\SystemRoot\system32\DRIVERS\vmnetadapter.sys

\SystemRoot\system32\DRIVERS\VMNET.SYS

\SystemRoot\System32\drivers\CompositeBus.sys

\SystemRoot\system32\DRIVERS\kdnic.sys

\SystemRoot\System32\drivers\umbus.sys

\SystemRoot\system32\DRIVERS\igdkmd64.sys

\SystemRoot\System32\drivers\HDAudBus.sys

\SystemRoot\System32\drivers\USBXHCI.SYS

\SystemRoot\System32\drivers\ucx01000.sys

\SystemRoot\system32\DRIVERS\TeeDriverx64.sys

\SystemRoot\system32\DRIVERS\e1d64x64.sys

\SystemRoot\System32\drivers\usbehci.sys

\SystemRoot\System32\drivers\USBPORT.SYS

\SystemRoot\System32\drivers\wmiacpi.sys

\SystemRoot\System32\drivers\intelppm.sys

\SystemRoot\System32\drivers\acpipagr.sys

\SystemRoot\System32\drivers\NdisVirtualBus.sys

\SystemRoot\System32\drivers\swenum.sys

\SystemRoot\System32\drivers\ks.sys

\SystemRoot\System32\drivers\iwdbus.sys

\SystemRoot\System32\drivers\rdpbus.sys

\SystemRoot\System32\drivers\usbhub.sys

\SystemRoot\System32\drivers\USBD.SYS

\SystemRoot\System32\drivers\cdrom.sys

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\ksthunk.sys

\SystemRoot\System32\drivers\UsbHub3.sys

\SystemRoot\SysWow64\drivers\ASUSFILTER.sys

\SystemRoot\system32\drivers\RTKVHD64.sys

\SystemRoot\System32\drivers\usbccgp.sys

\SystemRoot\System32\drivers\hidusb.sys

\SystemRoot\System32\drivers\HIDCLASS.SYS

\SystemRoot\System32\drivers\HIDPARSE.SYS

\SystemRoot\System32\drivers\kbdhid.sys

\SystemRoot\System32\drivers\kbdclass.sys

\SystemRoot\System32\drivers\mouhid.sys

\SystemRoot\System32\drivers\mouclass.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\Drivers\dump_diskdump.sys

\SystemRoot\System32\Drivers\dump_iaStorA.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\System32\drivers\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\system32\drivers\luafv.sys

\??\C:\Program Files\Sandboxie\SbieDrv.sys

\SystemRoot\system32\DRIVERS\vmnetbridge.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\??\C:\Windows\system32\drivers\hcmon.sys

\??\C:\Windows\system32\drivers\vmx86.sys

\SystemRoot\system32\DRIVERS\asramdisk.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\drivers\Ndu.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\??\C:\Windows\system32\drivers\vmnetuserif.sys

\SystemRoot\SysWOW64\drivers\vstor2-mntapi20-shared.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\??\C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\gzflt.sys

\??\C:\Windows\system32\Drivers\iqvw64e.sys

\SystemRoot\system32\DRIVERS\mslldp.sys

\SystemRoot\system32\drivers\WudfPf.sys

\SystemRoot\System32\drivers\WUDFRd.sys

\SystemRoot\System32\drivers\condrv.sys

\??\C:\Windows\system32\drivers\IOMap64.sys

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys

----------- End -----------

Done!

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xffffe0000b8ee060

Upper Device Driver Name: \Driver\disk\

Lower Device Name: \Device\00000039\

Lower Device Object: 0xffffe0000913e7f0

Lower Device Driver Name: \Driver\iaStorA\

<<<2>>>

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xffffe0000b8ee060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\

--------- Disk Stack ------

DevicePointer: 0xffffe0000b8eeb20, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xffffe0000b8ee060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\

DevicePointer: 0xffffe0000913e240, DeviceName: Unknown, DriverName: \Driver\ACPI\

DevicePointer: 0xffffe00007fe0a30, DeviceName: Unknown, DriverName: \Driver\ACPI\

DevicePointer: 0xffffe0000913e7f0, DeviceName: \Device\00000039\, DriverName: \Driver\iaStorA\

------------ End ----------

Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\

Upper DeviceData: 0x0, 0x0, 0x0

Lower DeviceData: 0x0, 0x0, 0x0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

<<<2>>>

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...

File "C:\Windows\System32\drivers\1394ohci.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\1394ohci.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\acpi.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\acpi.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\acpipagr.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\acpipagr.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\acpipmi.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\acpipmi.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\acpitime.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\acpitime.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\AGP440.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\AGP440.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\amdk8.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\amdk8.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\amdppm.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\amdppm.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\intelpep.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\intelpep.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\intelppm.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\intelppm.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\isapnp.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\isapnp.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\kbdclass.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\kbdclass.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\kbdhid.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\kbdhid.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\kdnic.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\kdnic.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\serenum.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\serenum.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\serial.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\serial.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\sermouse.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\sermouse.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\sfloppy.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\sfloppy.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\spaceport.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\spaceport.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\stornvme.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\stornvme.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\atapi.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\atapi.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\ataport.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\ataport.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\BasicDisplay.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\BasicDisplay.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\BasicRender.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\BasicRender.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\battc.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\battc.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\BtaMPM.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\BtaMPM.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\BthAvrcpTg.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\BthAvrcpTg.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\bthhfenum.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\bthhfenum.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\BthhfHid.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\BthhfHid.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\cdrom.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\cdrom.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\CmBatt.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\CmBatt.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\CompositeBus.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\CompositeBus.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\disk.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\disk.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\drmk.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\drmk.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\drmkaud.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\drmkaud.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\dumpsd.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\dumpsd.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\EhStorTcgDrv.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\errdev.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\errdev.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\fdc.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\fdc.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\flpydisk.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\flpydisk.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\fxppm.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\fxppm.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\hdaudbus.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\hdaudbus.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\HdAudio.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\HdAudio.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\hidbatt.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\hidbatt.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\hidbth.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\hidbth.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\hidclass.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\hidclass.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\hidi2c.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\hidi2c.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\hidparse.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\hidparse.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\hidusb.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\hidusb.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\i8042prt.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\i8042prt.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\circlass.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\circlass.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\monitor.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\monitor.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\mouclass.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\mouclass.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\mouhid.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\mouhid.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\msgpiowin32.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\msgpiowin32.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\msisadrv.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\msisadrv.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\msiscsi.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\msiscsi.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\mssmbios.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\mssmbios.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\MTConfig.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\MTConfig.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\npsvctrig.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\npsvctrig.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\parport.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\parport.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\pci.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\pci.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\pciide.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\pciide.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\pciidex.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\pciidex.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\pcmcia.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\pcmcia.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\portcls.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\portcls.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\processr.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\processr.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\swenum.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\swenum.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\terminpt.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\terminpt.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\tpm.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\tpm.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\TsUsbGD.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\TsUsbGD.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\tsusbhub.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\tsusbhub.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\uaspstor.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\uaspstor.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\UCX01000.SYS" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\UCX01000.SYS" is compressed (flags = 1)

File "C:\Windows\System32\drivers\uefi.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\uefi.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\umbus.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\umbus.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\umpass.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\umpass.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\usb8023x.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\usb8023x.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\usbccgp.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\usbccgp.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\usbcir.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\usbcir.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\usbd.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\usbd.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\usbehci.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\usbehci.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\usbhub.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\usbhub.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\USBHUB3.SYS" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\USBHUB3.SYS" is compressed (flags = 1)

File "C:\Windows\System32\drivers\usbohci.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\usbohci.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\usbport.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\usbport.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\usbprint.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\usbprint.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\USBSTOR.SYS" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\USBSTOR.SYS" is compressed (flags = 1)

File "C:\Windows\System32\drivers\usbuhci.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\usbuhci.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\USBXHCI.SYS" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\USBXHCI.SYS" is compressed (flags = 1)

File "C:\Windows\System32\drivers\vdrvroot.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\vdrvroot.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\vhdmp.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\vhdmp.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\volmgr.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\volmgr.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\volsnap.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\volsnap.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\vwifibus.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\vwifibus.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\wacompen.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\wacompen.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\winusb.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\winusb.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\wmiacpi.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\wmiacpi.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\WSDPrint.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\WSDPrint.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\rdpbus.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\rdpbus.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\rndismpx.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\rndismpx.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\sbp2port.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\sbp2port.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\sdbus.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\sdbus.sys" is compressed (flags = 1)

File "C:\Windows\System32\drivers\sdstor.sys" is compressed (flags = 1)

File "C:\WINDOWS\SYSTEM32\drivers\sdstor.sys" is compressed (flags = 1)

Done!

Drive 0

This is a System drive

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: 701CABE5

Partition information:

    Partition 0 type is Primary (0x7)

    Partition is ACTIVE.

    Partition starts at LBA: 2048  Numsec = 716800

    Partition file system is NTFS

    Partition is bootable

    Partition 1 type is Primary (0x7)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 718848  Numsec = 282875904

    Partition 2 type is Primary (0x7)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 283594752  Numsec = 204797952

    Partition 3 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

Disk Size: 250059350016 bytes

Sector size: 512 bytes

Done!

Scan finished

=======================================

Removal queue found; removal started

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...

Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...

Removal finished

Malwarebytes Anti-Rootkit BETA 1.08.2.1001

www.malwarebytes.org

Database version: v2014.11.22.05

Windows 8.1 x64 NTFS

Internet Explorer 11.0.9600.17416

Alex :: HENRY [administrator]

22/11/2014 11:13:28

mbar-log-2014-11-22 (11-13-28).txt

Scan type: Quick scan

Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken

Scan options disabled:

Objects scanned: 325364

Time elapsed: 8 minute(s), 13 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

Physical Sectors Detected: 0

(No malicious items detected)

(end)

 

Link to post
Share on other sites

  • Root Admin

No that's fine.

Please go ahead and run through the following steps and post back the logs when ready.

STEP 04

Please download Junkware Removal Tool to your desktop.

  • Shutdown your antivirus to avoid any conflicts.
  • Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next reply message
  • When completed make sure to re-enable your antivirus
STEP 05

Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
STEP 06

Please open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link

Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkits, Under Non Malware Protection set both PUP and PUM to Treat detections as malware.

Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Remove any threats found

Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

STEP 07

button_eos.gif

Please go here to run the online antivirus scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.
STEP 08

Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well.
Link to post
Share on other sites

I will do those all now. Yesterday i suffered a DDOS attack and despite actions by my ISP it continues. I am receiving about 4 million packets a minute with only the fourm open. Yesterday in 17 minutes of having my PC on and connected, I recived over 865million. I am assuming they are all in the same.

Link to post
Share on other sites

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.9 (11.15.2014:2)
OS: Windows 8.1 Enterprise x64
Ran by Alex on 24/11/2014 at 17:37:11.79
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{6c97a91e-4524-4019-86af-2aa2d567bf5c}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6c97a91e-4524-4019-86af-2aa2d567bf5c}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{6c97a91e-4524-4019-86af-2aa2d567bf5c}
Successfully deleted: [Registry Key - Orphan] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6c97a91e-4524-4019-86af-2aa2d567bf5c}
Successfully deleted: [Registry Key - Orphan] HKEY_CLASSES_ROOT\CLSID\{6c97a91e-4524-4019-86af-2aa2d567bf5c}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\Alex\appdata\locallow\adawaretb"
Successfully deleted: [Folder] "C:\Program Files (x86)\toolbar cleaner"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"



~~~ FireFox

Successfully deleted the following from C:\Users\Alex\AppData\Roaming\mozilla\firefox\profiles\fcn7t8lb.default\prefs.js

user_pref("keyword.URL", "hxxp://securedsearch2.lavasoft.com/results.php?pr=vmn&id=adawaretb&v=3_9&idate=__installtime__&hsimp=yhs-lavasoft&ent=bs&q=");
Emptied folder: C:\Users\Alex\AppData\Roaming\mozilla\firefox\profiles\fcn7t8lb.default\minidumps [3 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24/11/2014 at 17:38:11.08
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

Link to post
Share on other sites

# AdwCleaner v4.102 - Report created 24/11/2014 at 17:44:25
# Updated 23/11/2014 by Xplode
# Database : 2014-11-24.1 [Live]
# Operating System : Windows 8.1 Enterprise  (64 bits)
# Username : Alex - HENRY
# Running from : C:\Users\Alex\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Alex\AppData\LocalLow\adawaretb

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87934C42-161D-45BC-8CEF-EF18ABE2A30C}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6C97A91E-4524-4019-86AF-2AA2D567BF5C}
Value Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6C97A91E-4524-4019-86AF-2AA2D567BF5C}]
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{62155D33-3CE2-401E-8967-5A270628A3D5}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{87934C42-161D-45BC-8CEF-EF18ABE2A30C}
Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp
Key Deleted : HKCU\Software\AppDataLow\Software\adawaretb
Key Deleted : HKLM\SOFTWARE\adawaretb
Key Deleted : HKLM\SOFTWARE\Toolbar Cleaner
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adawaretb
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v33.1 (x86 en-GB)


-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [2333 octets] - [24/11/2014 17:43:26]
AdwCleaner[s0].txt - [2268 octets] - [24/11/2014 17:44:25]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [2328 octets] ##########
 

Link to post
Share on other sites

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 24/11/2014
Scan Time: 17:47:59
Logfile:
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.24.07
Rootkit Database: v2014.11.22.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Alex

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 326708
Time Elapsed: 5 min, 37 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawareDx.dll    a variant of Win32/Toolbar.Visicom.B potentially unwanted application
C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\adawaretb.dll    a variant of Win32/Toolbar.Visicom.A potentially unwanted application
C:\Program Files (x86)\Lavasoft\AdAware SecureSearch Toolbar\dtUser.exe    a variant of Win32/Toolbar.Visicom.C potentially unwanted application
C:\Users\Alex\Downloads\ccsetup419pro.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application
C:\Windows\Installer\1d918.msi    a variant of Win32/Systweak.L potentially unwanted application
 

Link to post
Share on other sites

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 23-11-2014 01
Ran by Alex (administrator) on HENRY on 24-11-2014 18:36:06
Running from C:\Users\Alex\Downloads
Loaded Profile: Alex (Available profiles: Alex)
Platform: Windows 8.1 Enterprise (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
() C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe
() C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
() C:\Program Files (x86)\ASUS\WebStorage\2.0.1.213\AsusWSWinService.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsusFanControlService\1.06.01\AsusFanControlService.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.ASUSHOMECLOUD\MSSQL\Binn\sqlservr.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
() C:\Program Files (x86)\ASUS\KeyBot\KeyBot.exe
() C:\Program Files (x86)\ASUS\ASUS ROG Connect Plus\RC TweakIt Server\AsBCLK.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe
() C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotifyServer.exe
() C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\livecomm.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
() C:\Program Files (x86)\ASUS\HomeCloud\Media Streamer\ASUS Media Streamer\DLNA\DMR\AODMR.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Disc Soft Ltd) C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe
() C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNoticeMonitor.exe
() C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotify_PCCtrl.exe
() C:\Program Files\ASUS\HomeCloud\ServerConsole\ASUS HomeCloud.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe
(Nota Inc.) C:\Program Files (x86)\Gyazo\GyStation.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(Flux Software LLC) C:\Users\Alex\AppData\Local\FluxSoftware\Flux\flux.exe
(Dell) C:\Users\Alex\AppData\Local\Apps\2.0\P6QD129X.3P2\N88ETEY1.ANT\dell..tion_e30b47f5d4a30e9e_0005.000b_1df8a3cb60a9209e\DellSystemDetect.exe
() C:\Program Files (x86)\ASUS\HomeCloud\Media Streamer\ASUS Media Streamer\ShareEdit.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(EnTech Taiwan) C:\Program Files (x86)\Dell\Dell Display Manager\ddm.exe
() C:\Program Files (x86)\ASUS\HomeCloud\Media Streamer\ASUS Media Streamer\DLNA\DMS\AODMS.exe
() C:\Program Files (x86)\ASUS\HomeCloud\Media Streamer\ASUS Media Streamer\ASUSWSAgent.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files (x86)\ASUS\HomeCloud\Media Streamer\ASUS Media Streamer\AMSRelayHelpAgent.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
() C:\Program Files (x86)\ASUS\AI Suite III\AsusMiniBar.exe
(Apache Software Foundation) C:\Program Files\ASUS\HomeCloud\Tomcat\Tomcat_OmniStore\bin\tomcat6.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.Reader_6.3.9654.17044_x64__8wekyb3d8bbwe\glcnd.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2014-04-11] (Intel Corporation)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe [8925504 2014-10-15] ()
HKLM-x32\...\Run: [ASUS Media Streamer ShareEdit] => C:\Program Files (x86)\ASUS\HomeCloud\Media Streamer\ASUS Media Streamer\ShareEdit.exe [1232384 2014-03-21] ()
HKLM-x32\...\Run: [ASUS Media Streamer DMS] => C:\Program Files (x86)\ASUS\HomeCloud\Media Streamer\ASUS Media Streamer\DLNA\DMS\AODMS.exe [1243136 2014-03-21] ()
HKLM-x32\...\Run: [ASUS Media Streamer WSAgent] => C:\Program Files (x86)\ASUS\HomeCloud\Media Streamer\ASUS Media Streamer\ASUSWSAgent.exe [72704 2014-03-31] ()
HKLM-x32\...\Run: [ASUS Media Streamer RelayHelpAgent] => C:\Program Files (x86)\ASUS\HomeCloud\Media Streamer\ASUS Media Streamer\AMSRelayHelpAgent.exe [67072 2014-03-21] ()
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.0.1.213\ASUSWSLoader.exe [56640 2013-06-26] ()
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HomeCloud Drive] => C:\Program Files (x86)\ASUS\LocalDrive\LocalDrive.exe [2316608 2014-09-26] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [112856 2014-10-29] (VMware, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKU\S-1-5-21-3591367604-1146184651-4490953-1001\...\Run: [DAEMON Tools Pro Agent] => C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [3128408 2014-03-13] (Disc Soft Ltd)
HKU\S-1-5-21-3591367604-1146184651-4490953-1001\...\Run: [Gyazo] => C:\Program Files (x86)\Gyazo\GyStation.exe [3095328 2014-09-16] (Nota Inc.)
HKU\S-1-5-21-3591367604-1146184651-4490953-1001\...\Run: [sandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [784904 2014-10-14] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-3591367604-1146184651-4490953-1001\...\Run: [skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22066272 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-3591367604-1146184651-4490953-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6501656 2014-10-30] (Piriform Ltd)
HKU\S-1-5-21-3591367604-1146184651-4490953-1001\...\Run: [f.lux] => C:\Users\Alex\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-3591367604-1146184651-4490953-1001\...\Run: [DellSystemDetect] => C:\Users\Alex\AppData\Local\Apps\2.0\P6QD129X.3P2\N88ETEY1.ANT\dell..tion_e30b47f5d4a30e9e_0005.000b_1df8a3cb60a9209e\DellSystemDetect.exe [264488 2014-10-06] (Dell)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Dell Display Manager.lnk
ShortcutTarget: Dell Display Manager.lnk -> C:\Program Files (x86)\Dell\Dell Display Manager\ddm.exe (EnTech Taiwan)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\GoPro Importer.lnk
ShortcutTarget: GoPro Importer.lnk -> C:\Program Files (x86)\GoPro\Tools\Importer\GoPro Importer.exe (GoPro)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.0.1.213\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.0.1.213\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.0.1.213\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3591367604-1146184651-4490953-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3591367604-1146184651-4490953-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.uk.msn.com/
HKU\S-1-5-21-3591367604-1146184651-4490953-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1D9779C614C6CF01
HKU\S-1-5-21-3591367604-1146184651-4490953-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\fcn7t8lb.default
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3591367604-1146184651-4490953-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Alex\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
FF Extension: iMacros for Firefox - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\fcn7t8lb.default\Extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2014-11-12]
FF Extension: Bloody Vikings! - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\fcn7t8lb.default\Extensions\bloodyvikings@ffs.bplaced.net.xpi [2014-10-07]
FF Extension: Firebug - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\fcn7t8lb.default\Extensions\firebug@software.joehewitt.com.xpi [2014-10-07]
FF Extension: MEGA - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\fcn7t8lb.default\Extensions\firefox@mega.co.nz.xpi [2014-09-04]
FF Extension: Multifox - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\fcn7t8lb.default\Extensions\multifox@hultmann.xpi [2014-10-07]
FF Extension: MozBar - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\fcn7t8lb.default\Extensions\toolbar@seomoz.org.xpi [2014-10-07]
FF Extension: URL Lister - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\fcn7t8lb.default\Extensions\urllister@binnyva.com.xpi [2014-11-12]
FF Extension: Adblock Plus - C:\Users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\fcn7t8lb.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-11-22]

Chrome:
=======
CHR Profile: C:\Users\Alex\AppData\Local\Google\Chrome\User Data\Default

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe [936728 2014-01-29] ()
R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [954648 2014-01-28] (ASUSTeK Computer Inc.)
R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe [1360016 2014-03-21] ()
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.0.1.213\AsusWSWinService.exe [71680 2013-06-26] () [File not signed]
R2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.06.01\AsusFanControlService.exe [382776 2014-04-09] (ASUSTeK Computer Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [16232 2014-04-11] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [887232 2014-01-31] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [154584 2014-03-20] (Intel Corporation)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe [707888 2014-10-15] ()
R2 MSSQL$ASUSHOMECLOUD; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.ASUSHOMECLOUD\MSSQL\Binn\sqlservr.exe [43129288 2012-06-29] (Microsoft Corporation)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-10-06] ()
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [174600 2014-10-14] (Sandboxie Holdings, LLC)
S4 SQLAgent$ASUSHOMECLOUD; c:\Program Files (x86)\Microsoft SQL Server\MSSQL10_50.ASUSHOMECLOUD\MSSQL\Binn\SQLAGENT.EXE [379848 2012-06-29] (Microsoft Corporation)
R3 tomcat6; C:\Program Files\ASUS\HomeCloud\Tomcat\Tomcat_OmniStore\bin\tomcat6.exe [80896 2013-04-29] (Apache Software Foundation) [File not signed]
R2 vmware-converter-agent; C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter-a.exe [480472 2014-06-10] (VMware, Inc.)
R2 vmware-converter-server; C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [480472 2014-06-10] (VMware, Inc.)
R2 vmware-converter-worker; C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\vmware-converter.exe [480472 2014-06-10] (VMware, Inc.)
S3 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [14407384 2014-10-29] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-07-04] ()
R2 AsRamDisk; C:\Windows\system32\DRIVERS\asramdisk.sys [111928 2013-12-13] (Asus)
R0 asstor64; C:\Windows\System32\drivers\asstor64.sys [84816 2014-03-14] (Asmedia Technology)
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2012-09-14] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-20] (MCCI Corporation)
S3 AWEAlloc; C:\Windows\system32\DRIVERS\awealloc.sys [21304 2013-10-05] (Olof Lagerkvist)
S3 bmdrvr; C:\Windows\SysWow64\drivers\bmdrvr.sys [75344 2013-02-22] (VMware, Inc.)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-09-01] (Disc Soft Ltd)
R3 e1dexpress; C:\Windows\system32\DRIVERS\e1d64x64.sys [457496 2014-03-14] (Intel Corporation)
R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.0.56\gzflt.sys [150256 2014-07-10] (BitDefender LLC)
R4 IOMap; C:\Windows\system32\drivers\IOMap64.sys [24824 2014-03-07] (ASUSTeK Computer Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [118272 2014-03-20] (Intel Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [185352 2014-10-14] (Sandboxie Holdings, LLC)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [389240 2014-07-10] (BitDefender S.R.L.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [73296 2013-10-08] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [33872 2013-02-22] (VMware, Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-24 18:35 - 2014-11-24 18:35 - 00000000 ____D () C:\Users\Alex\Downloads\FRST-OlderVersion
2014-11-24 18:11 - 2014-11-24 18:11 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-11-24 18:10 - 2014-11-24 18:10 - 02347384 _____ (ESET) C:\Users\Alex\Downloads\esetsmartinstaller_enu.exe
2014-11-24 17:43 - 2014-11-24 17:44 - 00000000 ____D () C:\AdwCleaner
2014-11-24 17:39 - 2014-11-24 17:39 - 02148864 _____ () C:\Users\Alex\Desktop\AdwCleaner.exe
2014-11-24 17:38 - 2014-11-24 17:38 - 00002571 _____ () C:\Users\Alex\Desktop\JRT.txt
2014-11-24 17:37 - 2014-11-24 17:37 - 00000000 ____D () C:\Windows\ERUNT
2014-11-24 17:36 - 2014-11-24 17:36 - 01707532 _____ (Thisisu) C:\Users\Alex\Desktop\JRT.exe
2014-11-24 17:29 - 2014-03-07 00:46 - 00024824 ____R (ASUSTeK Computer Inc.) C:\Windows\system32\Drivers\IOMap64.sys
2014-11-22 13:55 - 2014-11-22 13:55 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux
2014-11-22 13:55 - 2014-11-22 13:55 - 00000000 ____D () C:\Users\Alex\AppData\Local\FluxSoftware
2014-11-22 13:54 - 2014-11-22 13:54 - 00597304 _____ () C:\Users\Alex\Downloads\flux-setup.exe
2014-11-22 11:13 - 2014-11-22 11:25 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-11-22 11:12 - 2014-11-22 11:25 - 00000000 ____D () C:\Users\Alex\Desktop\mbar
2014-11-22 11:12 - 2014-11-22 11:12 - 16448208 _____ (Malwarebytes Corp.) C:\Users\Alex\Downloads\mbar-1.08.2.1001.exe
2014-11-21 23:11 - 2014-11-21 23:11 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-11-21 23:11 - 2014-11-21 23:11 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-11-21 23:10 - 2014-11-21 23:11 - 18310232 _____ () C:\Users\Alex\Downloads\RogueKillerX64.exe
2014-11-21 23:00 - 2014-11-21 23:00 - 00000932 _____ () C:\Users\Alex\Desktop\NTREGOPT.lnk
2014-11-21 23:00 - 2014-11-21 23:00 - 00000913 _____ () C:\Users\Alex\Desktop\ERUNT.lnk
2014-11-21 23:00 - 2014-11-21 23:00 - 00000000 ____D () C:\Windows\ERDNT
2014-11-21 23:00 - 2014-11-21 23:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT
2014-11-21 23:00 - 2014-11-21 23:00 - 00000000 ____D () C:\Program Files (x86)\ERUNT
2014-11-21 22:59 - 2014-11-21 22:59 - 00791393 _____ (Lars Hederer ) C:\Users\Alex\Downloads\erunt-setup.exe
2014-11-21 22:58 - 2014-11-21 22:58 - 00002226 _____ () C:\Users\Alex\Desktop\Rkill.txt
2014-11-21 22:57 - 2014-11-21 22:57 - 01944824 _____ (Bleeping Computer, LLC) C:\Users\Alex\Desktop\rkill.exe
2014-11-21 22:56 - 2014-11-21 22:56 - 00007608 _____ () C:\Users\Alex\AppData\Local\Resmon.ResmonCfg
2014-11-21 19:17 - 2014-11-21 19:17 - 00000000 ____D () C:\Users\Public\Documents\DAEMON Tools Images
2014-11-21 18:58 - 2014-11-21 18:58 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\Apple Computer
2014-11-21 17:39 - 2014-11-21 17:39 - 00001857 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-11-21 17:39 - 2014-11-21 17:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-11-21 17:39 - 2014-11-21 17:39 - 00000000 ____D () C:\ProgramData\Apple Computer
2014-11-21 17:38 - 2014-11-21 17:38 - 42096984 _____ (Apple Inc.) C:\Users\Alex\Downloads\QuickTimeInstaller.exe
2014-11-21 17:38 - 2014-11-21 17:38 - 00002535 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2014-11-21 17:38 - 2014-11-21 17:38 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2014-11-21 17:38 - 2014-11-21 17:38 - 00000000 ____D () C:\Users\Alex\AppData\Local\Apple
2014-11-21 17:38 - 2014-11-21 17:38 - 00000000 ____D () C:\ProgramData\Apple
2014-11-21 17:38 - 2014-11-21 17:38 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-11-21 17:37 - 2014-11-21 17:41 - 00000000 ____D () C:\Users\Public\CineForm
2014-11-21 17:37 - 2014-11-21 17:41 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\GoPro
2014-11-21 17:37 - 2014-11-21 17:39 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-11-21 17:37 - 2014-11-21 17:37 - 00004422 _____ () C:\Windows\DPINST.LOG
2014-11-21 17:37 - 2014-11-21 17:37 - 00001120 _____ () C:\Users\Alex\Desktop\GoPro Studio.lnk
2014-11-21 17:37 - 2014-11-21 17:37 - 00000000 ____D () C:\Users\Alex\AppData\Local\GoPro
2014-11-21 17:37 - 2014-11-21 17:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GoPro
2014-11-21 17:37 - 2014-11-21 17:37 - 00000000 ____D () C:\Program Files\DIFX
2014-11-21 17:37 - 2014-11-21 17:37 - 00000000 ____D () C:\Program Files (x86)\GoPro
2014-11-21 17:37 - 2014-11-21 17:37 - 00000000 ____D () C:\Program Files (x86)\CineForm
2014-11-21 17:09 - 2014-11-21 17:10 - 163882760 _____ () C:\Users\Alex\Downloads\GoProStudioPC-2.5.3.400.exe
2014-11-21 16:49 - 2014-11-21 17:40 - 00001675 _____ () C:\Windows\setupact.log
2014-11-21 16:49 - 2014-11-21 16:49 - 00000000 _____ () C:\Windows\setuperr.log
2014-11-21 15:21 - 2014-11-21 15:23 - 00000000 ____D () C:\Users\Alex\Documents\Virtual Machines
2014-11-21 15:20 - 2014-11-21 15:20 - 00001310 _____ () C:\Users\Public\Desktop\VMware vCenter Converter Standalone Client.lnk
2014-11-21 15:20 - 2014-11-21 15:20 - 00001024 _____ () C:\.rnd
2014-11-21 15:19 - 2014-11-21 16:33 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\VMware
2014-11-21 15:19 - 2014-11-21 16:33 - 00000000 ____D () C:\Users\Alex\AppData\Local\VMware
2014-11-21 15:16 - 2014-11-24 17:44 - 00000000 ____D () C:\ProgramData\VMware
2014-11-21 15:16 - 2014-11-21 15:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
2014-11-21 15:16 - 2014-11-21 15:19 - 00000000 ____D () C:\Program Files (x86)\VMware
2014-11-21 15:16 - 2014-11-21 15:16 - 00002143 _____ () C:\Users\Public\Desktop\VMware Workstation.lnk
2014-11-21 15:16 - 2014-11-21 15:16 - 00001024 _____ () C:\Windows\SysWOW64\%TMP%
2014-11-21 15:16 - 2014-11-21 15:16 - 00000000 ____D () C:\Users\Public\Documents\Shared Virtual Machines
2014-11-21 15:16 - 2014-11-21 15:16 - 00000000 ____D () C:\Program Files\Common Files\VMware
2014-11-21 15:16 - 2014-10-29 15:01 - 00931032 _____ (VMware, Inc.) C:\Windows\system32\vnetlib64.dll
2014-11-21 15:16 - 2014-10-29 15:01 - 00437976 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
2014-11-21 15:16 - 2014-10-29 15:01 - 00359128 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
2014-11-21 15:16 - 2014-10-29 15:01 - 00064728 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmx86.sys
2014-11-21 15:16 - 2014-10-29 15:01 - 00031448 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetuserif.sys
2014-11-21 15:16 - 2014-02-27 18:40 - 00054464 _____ (VMware, Inc.) C:\Windows\system32\Drivers\hcmon.sys
2014-11-21 15:16 - 2013-10-08 18:21 - 00073296 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vsock.sys
2014-11-21 15:16 - 2013-10-08 18:21 - 00067664 _____ (VMware, Inc.) C:\Windows\system32\vsocklib.dll
2014-11-21 15:16 - 2013-10-08 18:21 - 00063568 _____ (VMware, Inc.) C:\Windows\SysWOW64\vsocklib.dll
2014-11-21 15:11 - 2014-11-21 15:13 - 514992056 _____ (VMware, Inc.) C:\Users\Alex\Downloads\VMware-workstation-full-10.0.4-2249910.exe
2014-11-20 22:02 - 2014-11-20 22:16 - 3053371392 _____ () C:\Users\Alex\Downloads\kali-linux-1.0.9a-amd64.iso
2014-11-19 21:32 - 2014-11-24 18:36 - 00019012 _____ () C:\Users\Alex\Downloads\FRST.txt
2014-11-19 21:32 - 2014-11-24 18:36 - 00000000 ____D () C:\FRST
2014-11-19 21:32 - 2014-11-19 21:33 - 00038104 _____ () C:\Users\Alex\Downloads\Addition.txt
2014-11-19 21:31 - 2014-11-24 18:35 - 02118144 _____ (Farbar) C:\Users\Alex\Downloads\FRST64.exe
2014-11-19 20:51 - 2014-11-24 17:44 - 00001256 _____ () C:\Windows\PFRO.log
2014-11-19 18:11 - 2014-11-09 23:19 - 00991232 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 18:11 - 2014-11-09 23:19 - 00806400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 18:11 - 2014-11-09 23:18 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 18:11 - 2014-11-09 23:18 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-18 18:05 - 2014-11-18 18:05 - 00000789 _____ () C:\Users\Alex\Desktop\tobbe license.txt
2014-11-17 21:04 - 2014-11-17 21:04 - 00205107 _____ () C:\Users\Alex\Downloads\The UK Productivity Puzzle AK Added.pptx
2014-11-16 14:28 - 2014-11-24 18:18 - 01158024 _____ () C:\Windows\WindowsUpdate.log
2014-11-16 13:57 - 2014-11-16 13:57 - 04976136 _____ (Piriform Ltd) C:\Users\Alex\Downloads\ccsetup419pro.exe
2014-11-15 14:18 - 2014-11-15 14:18 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-15 14:16 - 2014-11-15 14:16 - 00004685 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_71-b14.log
2014-11-15 14:16 - 2014-11-15 14:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-15 14:00 - 2014-11-15 14:00 - 05127536 _____ () C:\Windows\PE_File.dll
2014-11-13 07:16 - 2014-11-13 07:16 - 00000000 ____D () C:\Users\Alex\Documents\Fax
2014-11-13 06:55 - 2014-10-10 01:58 - 00177472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-13 06:55 - 2014-10-10 01:58 - 00027456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-11-13 06:55 - 2014-10-10 01:44 - 00563976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-11-13 06:55 - 2014-10-08 07:37 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-13 06:55 - 2014-10-08 07:37 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-13 06:55 - 2014-10-08 07:34 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-11-13 06:55 - 2014-10-08 07:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\rfxvmt.dll
2014-11-13 06:55 - 2014-10-08 06:56 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2014-11-13 06:55 - 2014-10-08 06:51 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-13 06:55 - 2014-10-08 06:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-13 06:55 - 2014-10-08 06:18 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2014-11-13 06:55 - 2014-10-08 06:17 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-13 06:55 - 2014-10-08 05:23 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-11-13 06:55 - 2014-09-27 07:13 - 00104336 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2014-11-13 06:55 - 2014-09-27 05:24 - 00088800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2014-11-13 06:55 - 2014-09-27 03:38 - 00426496 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-13 06:55 - 2014-09-27 03:30 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2014-11-13 06:55 - 2014-09-27 03:17 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-13 06:54 - 2014-10-18 09:55 - 00055776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-11-13 06:54 - 2014-10-18 08:09 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-11-13 06:54 - 2014-10-18 08:09 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-11-13 06:54 - 2014-10-18 07:25 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-11-13 06:54 - 2014-10-18 06:50 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
2014-11-13 06:54 - 2014-10-18 06:38 - 03557376 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-11-13 06:54 - 2014-10-18 06:27 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-11-13 06:54 - 2014-10-18 06:26 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-11-13 06:54 - 2014-10-18 06:23 - 00407552 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-11-13 06:54 - 2014-10-18 06:23 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-11-13 06:54 - 2014-10-18 06:21 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-11-13 06:54 - 2014-10-18 06:20 - 01714176 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-11-13 06:54 - 2014-10-18 06:14 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-11-13 06:54 - 2014-10-18 06:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-11-13 06:54 - 2014-10-18 06:12 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-11-13 06:54 - 2014-10-18 06:11 - 00723968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-11-13 06:54 - 2014-10-17 07:01 - 00789184 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-13 06:54 - 2014-10-17 06:58 - 00602768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-13 06:54 - 2014-10-13 02:33 - 00116032 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-11-13 06:54 - 2014-10-11 00:58 - 03320320 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-13 06:54 - 2014-10-11 00:53 - 03607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-13 06:54 - 2014-10-08 07:30 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-11-13 06:54 - 2014-10-08 07:09 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-11-13 06:54 - 2014-10-08 06:27 - 00325120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-11-13 06:54 - 2014-10-08 05:32 - 02773504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-11-13 06:54 - 2014-10-08 05:19 - 02459136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-11-13 06:53 - 2014-09-22 04:38 - 01519488 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2014-11-13 06:53 - 2014-09-22 03:06 - 00258368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-11-13 06:53 - 2014-09-22 03:06 - 00114496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2014-11-13 06:53 - 2014-09-22 02:49 - 00035320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-11-13 06:53 - 2014-09-19 00:16 - 01346048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2014-11-13 06:53 - 2014-09-02 22:08 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\winshfhc.dll
2014-11-13 06:53 - 2014-09-02 22:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winshfhc.dll
2014-11-13 06:52 - 2014-10-31 05:28 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-13 06:52 - 2014-10-31 05:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-11-13 06:52 - 2014-10-31 05:12 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-11-13 06:52 - 2014-10-31 05:10 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-11-13 06:52 - 2014-10-31 05:09 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-11-13 06:52 - 2014-10-31 05:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-11-13 06:52 - 2014-10-31 05:06 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-13 06:52 - 2014-10-31 05:06 - 00237568 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-11-13 06:52 - 2014-10-31 05:06 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-13 06:52 - 2014-10-31 05:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-13 06:52 - 2014-10-31 05:05 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-13 06:52 - 2014-10-31 05:05 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-11-13 06:52 - 2014-10-31 05:04 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-13 06:52 - 2014-10-31 04:57 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-13 06:52 - 2014-10-31 04:56 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-13 06:52 - 2014-10-31 04:54 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-11-13 06:52 - 2014-10-31 04:53 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-13 06:52 - 2014-10-31 04:52 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2014-11-13 06:52 - 2014-10-31 04:51 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-11-13 06:52 - 2014-10-31 04:51 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-13 06:52 - 2014-10-31 04:51 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-13 06:52 - 2014-10-31 04:50 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-13 06:52 - 2014-10-31 04:50 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-13 06:52 - 2014-10-31 04:40 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-11-13 06:52 - 2014-10-31 04:38 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-13 06:52 - 2014-10-31 04:30 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-13 06:52 - 2014-10-31 04:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-11-13 06:52 - 2014-10-31 04:29 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-11-13 06:52 - 2014-10-31 04:28 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-11-13 06:52 - 2014-10-31 04:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-13 06:52 - 2014-10-31 04:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-13 06:52 - 2014-10-31 04:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-11-13 06:52 - 2014-10-31 04:23 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-11-13 06:52 - 2014-10-31 04:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-13 06:52 - 2014-10-31 04:19 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-11-13 06:52 - 2014-10-31 04:15 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2014-11-13 06:52 - 2014-10-31 04:08 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-11-13 06:52 - 2014-10-31 04:06 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-13 06:52 - 2014-10-31 04:05 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-13 06:52 - 2014-10-31 04:05 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-13 06:52 - 2014-10-31 04:03 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-13 06:52 - 2014-10-31 03:59 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-13 06:52 - 2014-10-31 03:45 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-13 06:52 - 2014-10-31 03:44 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-11-13 06:52 - 2014-10-31 03:42 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-13 06:52 - 2014-10-31 03:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-11-13 06:52 - 2014-10-31 03:32 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-13 06:52 - 2014-10-31 03:28 - 00137728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-11-13 06:52 - 2014-10-31 03:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-11-13 06:52 - 2014-10-31 03:27 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-11-13 06:52 - 2014-10-31 03:26 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-11-13 06:52 - 2014-10-31 03:25 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-11-13 06:52 - 2014-10-31 03:24 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-13 06:52 - 2014-10-31 03:24 - 00235520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-11-13 06:52 - 2014-10-31 03:24 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-13 06:52 - 2014-10-31 03:23 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-11-13 06:52 - 2014-10-31 03:23 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-13 06:52 - 2014-10-31 03:22 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-13 06:52 - 2014-10-31 03:20 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-13 06:52 - 2014-10-31 03:18 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-13 06:52 - 2014-10-31 03:16 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-13 06:52 - 2014-10-31 03:15 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-13 06:52 - 2014-10-31 03:14 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-11-13 06:52 - 2014-10-31 03:13 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-13 06:52 - 2014-10-31 03:13 - 00099328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2014-11-13 06:52 - 2014-10-31 03:12 - 00661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-11-13 06:52 - 2014-10-31 03:12 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-13 06:52 - 2014-10-31 03:11 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-13 06:52 - 2014-10-31 03:03 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-11-13 06:52 - 2014-10-31 03:02 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-13 06:52 - 2014-10-31 02:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-13 06:52 - 2014-10-31 02:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-11-13 06:52 - 2014-10-31 02:56 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-11-13 06:52 - 2014-10-31 02:56 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-11-13 06:52 - 2014-10-31 02:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-13 06:52 - 2014-10-31 02:53 - 00052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-11-13 06:52 - 2014-10-31 02:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-13 06:52 - 2014-10-31 02:51 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-11-13 06:52 - 2014-10-31 02:50 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-13 06:52 - 2014-10-31 02:48 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-11-13 06:52 - 2014-10-31 02:46 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-13 06:52 - 2014-10-31 02:46 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2014-11-13 06:52 - 2014-10-31 02:42 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-11-13 06:52 - 2014-10-31 02:40 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-13 06:52 - 2014-10-31 02:40 - 00325632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-13 06:52 - 2014-10-31 02:39 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-13 06:52 - 2014-10-31 02:30 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-13 06:52 - 2014-10-31 02:26 - 01042944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-11-13 06:52 - 2014-10-31 02:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-11-13 06:52 - 2014-10-31 02:17 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-13 06:52 - 2014-10-31 02:13 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-13 06:52 - 2014-10-31 02:11 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-13 06:52 - 2014-10-23 05:48 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-13 06:52 - 2014-10-23 05:05 - 00072192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-13 06:52 - 2014-10-07 06:28 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-13 06:52 - 2014-10-07 06:27 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-13 06:52 - 2014-10-07 06:27 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-13 06:52 - 2014-10-07 06:27 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-11-13 06:52 - 2014-10-07 06:27 - 00108432 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-13 06:52 - 2014-10-07 03:34 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-13 06:52 - 2014-10-07 03:34 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-13 06:52 - 2014-10-07 03:33 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-13 06:52 - 2014-10-07 03:30 - 04182016 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-13 06:52 - 2014-10-07 01:54 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2014-11-13 06:52 - 2014-10-07 01:46 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-13 06:52 - 2014-09-10 06:25 - 00474432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-11-13 06:52 - 2014-09-08 03:07 - 02497344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-11-13 06:52 - 2014-09-08 03:07 - 00428864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-11-13 06:52 - 2014-09-07 22:08 - 00389176 _____ () C:\Windows\system32\ApnDatabase.xml
2014-11-13 06:52 - 2014-09-04 22:30 - 00822272 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-11-13 06:52 - 2014-09-04 22:21 - 01053184 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-11-13 06:52 - 2014-09-04 03:05 - 00836176 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2014-11-13 06:52 - 2014-09-04 02:22 - 00670384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2014-11-13 06:52 - 2014-09-04 01:01 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2014-11-13 06:52 - 2014-09-04 00:32 - 00334336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2014-11-13 06:52 - 2014-08-31 00:17 - 00148800 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2014-11-13 06:52 - 2014-08-31 00:15 - 21197152 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-11-13 06:52 - 2014-08-30 22:59 - 18723112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-11-13 06:52 - 2014-08-30 22:05 - 00615424 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOMEX.dll
2014-11-13 06:52 - 2014-08-30 21:58 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\FXSAPI.dll
2014-11-13 06:52 - 2014-08-30 21:04 - 00941568 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2014-11-13 06:52 - 2014-08-30 20:53 - 00239104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FXSAPI.dll
2014-11-13 06:52 - 2014-08-30 20:17 - 00799744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2014-11-13 06:52 - 2014-08-28 02:55 - 07484224 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-11-13 06:52 - 2014-08-28 00:21 - 02480128 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-11-13 06:52 - 2014-08-28 00:06 - 02030592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-11-13 06:52 - 2014-08-23 05:18 - 02149376 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-13 06:52 - 2014-08-23 05:14 - 13424128 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-11-13 06:52 - 2014-08-23 05:04 - 11820544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-11-13 06:52 - 2014-08-23 05:03 - 01346048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-13 06:52 - 2014-08-23 04:50 - 02714112 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2014-11-13 06:52 - 2014-08-02 00:51 - 00545792 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2014-11-13 06:52 - 2014-08-02 00:35 - 00485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2014-11-12 23:24 - 2014-11-12 23:24 - 00000616 _____ () C:\Users\Alex\Desktop\Quotes.txt
2014-11-12 20:01 - 2014-11-13 06:57 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-11-11 18:50 - 2014-11-15 15:09 - 00000049 _____ () C:\Users\Alex\Desktop\New Text Document.txt
2014-11-11 17:57 - 2014-11-11 17:57 - 00000000 __SHD () C:\Users\Alex\AppData\Local\EmieUserList
2014-11-11 17:57 - 2014-11-11 17:57 - 00000000 __SHD () C:\Users\Alex\AppData\Local\EmieSiteList
2014-11-05 00:18 - 2014-11-05 00:18 - 01462272 _____ (CineForm Inc.) C:\Windows\system32\CFHD.dll
2014-11-05 00:15 - 2014-11-05 00:15 - 01490944 _____ (CineForm Inc.) C:\Windows\SysWOW64\CFHD.dll
2014-10-30 17:03 - 2014-10-30 17:04 - 01085336 _____ (EnTech Taiwan ) C:\Users\Alex\Downloads\ddmsetup1500.exe
2014-10-29 15:00 - 2014-10-29 15:00 - 00080464 _____ (VMware, Inc.) C:\Windows\system32\vmnetbridge.dll
2014-10-29 15:00 - 2014-10-29 15:00 - 00049232 _____ (VMware, Inc.) C:\Windows\system32\vnetinst.dll
2014-10-29 15:00 - 2014-10-29 15:00 - 00046160 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetbridge.sys
2014-10-29 15:00 - 2014-10-29 15:00 - 00024656 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnet.sys
2014-10-29 15:00 - 2014-10-29 15:00 - 00020560 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetadapter.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-24 18:35 - 2014-10-06 18:25 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\Skype
2014-11-24 18:24 - 2014-10-10 19:52 - 00000568 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3591367604-1146184651-4490953-1001.job
2014-11-24 18:00 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\sru
2014-11-24 17:51 - 2014-09-01 20:25 - 00000000 _____ () C:\Windows\Path.idx
2014-11-24 17:51 - 2014-09-01 13:28 - 00961644 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-24 17:47 - 2014-10-18 17:54 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-24 17:47 - 2014-09-01 19:52 - 00006464 _____ () C:\Windows\SysWOW64\Gms.log
2014-11-24 17:46 - 2014-09-01 20:09 - 01048576 _____ () C:\Windows\PE_Rom.dll
2014-11-24 17:45 - 2014-10-18 18:21 - 00002329 _____ () C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk
2014-11-24 17:45 - 2014-10-08 12:36 - 00000000 ___DO () C:\Users\Alex\OneDrive
2014-11-24 17:45 - 2014-09-01 21:04 - 00005617 _____ () C:\Windows\SysWOW64\IntelRemoteWakeAgent.ini
2014-11-24 17:45 - 2014-09-01 20:14 - 00000000 ____D () C:\Users\Alex\AppData\Local\asushomecloud
2014-11-24 17:44 - 2013-08-22 14:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-24 17:44 - 2013-08-22 13:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-11-24 07:22 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\NDF
2014-11-23 15:46 - 2014-09-21 10:44 - 00001490 _____ () C:\Windows\Sandboxie.ini
2014-11-22 14:07 - 2014-09-01 14:08 - 00003594 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3591367604-1146184651-4490953-1001
2014-11-22 12:34 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-11-22 11:12 - 2014-10-18 17:54 - 00096472 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-21 23:36 - 2014-09-01 13:28 - 00000000 ____D () C:\Users\Alex
2014-11-21 22:25 - 2014-10-06 17:15 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-11-21 17:37 - 2014-09-01 19:48 - 00000000 ____D () C:\ProgramData\Package Cache
2014-11-21 15:16 - 2014-09-01 19:54 - 00965990 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-11-21 15:07 - 2014-09-04 18:01 - 00000000 ____D () C:\Users\Alex\.VirtualBox
2014-11-21 00:18 - 2014-09-04 22:44 - 00000000 ____D () C:\Users\Alex\VirtualBox VMs
2014-11-20 21:51 - 2014-09-01 20:19 - 00000000 ____D () C:\ProgramData\WinZip
2014-11-19 18:20 - 2013-08-22 15:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-11-16 13:58 - 2014-10-08 12:38 - 00000000 ____D () C:\Program Files\CCleaner
2014-11-16 13:57 - 2014-10-08 12:38 - 00000834 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-11-15 14:16 - 2014-09-01 20:12 - 00000000 ____D () C:\Program Files (x86)\Java
2014-11-15 13:56 - 2014-09-01 20:12 - 00001134 _____ () C:\Users\Public\Desktop\ASUS HomeCloudServer.lnk
2014-11-15 13:56 - 2014-09-01 18:46 - 00000000 ____D () C:\Program Files (x86)\ASUS
2014-11-15 13:51 - 2014-09-05 16:15 - 00000000 ____D () C:\ProgramData\asushomecloud
2014-11-15 13:45 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\rescache
2014-11-13 08:12 - 2013-08-22 14:44 - 00372872 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-13 08:11 - 2014-09-01 20:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-11-13 08:11 - 2013-08-22 15:36 - 00000000 ___RD () C:\Windows\ToastData
2014-11-13 08:11 - 2013-08-22 15:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2014-11-13 08:11 - 2013-08-22 15:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-13 08:11 - 2013-08-22 15:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-13 08:11 - 2013-08-22 15:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-11-13 08:11 - 2013-08-22 15:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-11-13 08:09 - 2014-09-05 16:15 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-13 08:08 - 2014-09-05 16:15 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-13 07:18 - 2013-08-22 15:36 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-10-30 22:33 - 2014-10-10 19:52 - 00003560 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-3591367604-1146184651-4490953-1001
2014-10-30 17:05 - 2014-10-06 17:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Display Manager
2014-10-30 03:50 - 2014-09-04 17:44 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-10-30 00:55 - 2013-08-22 15:38 - 00714208 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-30 00:55 - 2013-08-22 15:38 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

Some content of TEMP:
====================
C:\Users\Alex\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Alex\AppData\Local\Temp\Quarantine.exe
C:\Users\Alex\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-11-24 07:12

==================== End Of Log ============================

Link to post
Share on other sites

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 23-11-2014 01
Ran by Alex at 2014-11-24 18:36:20
Running from C:\Users\Alex\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Ad-Aware Antivirus (Disabled - Out of date) {D87B6541-12A1-DAEA-0033-9B8057AAB996}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Ad-Aware Antivirus (Disabled - Out of date) {631A84A5-349B-D564-3A83-A0F22C2DF32B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Ad-Aware Firewall (Disabled) {E040E464-58CE-DBB2-2B6C-32B5A979FEED}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Ad-Aware Antivirus (HKLM\...\{6D1428BD-E5F2-4378-B620-E7442E7C2BFB}_AdAwareUpdater) (Version: 11.4.6792.0 - Lavasoft)
AdAwareInstaller (Version: 11.4.6792.0 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.4.6792.0 - Lavasoft) Hidden
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader X (10.1.12) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
AI Suite 3 (HKLM-x32\...\{D46DA5F0-25AD-4B77-98DA-6DD6AF39FBD9}) (Version: 1.00.79 - ASUSTeK Computer Inc.)
AntimalwareEngine (Version: 3.0.0.56 - Lavasoft) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 2.0.8.0001 - Asmedia Technology)
ASUS Boot Setting (HKLM-x32\...\{7AAE9187-C24F-4073-A951-36C370E7A3A5}) (Version: 1.00.18 - ASUSTeK Computer Inc.)
ASUS HomeCloud Launcher (HKLM-x32\...\4ff11ffb-5880-4338-90e0-1502e835b184) (Version: 1.00.06 - ASUSTeK Computer Inc.)
ASUS HomeCloud Server 1.0.14.039 (HKLM\...\ASUS HomeCloud) (Version: 1.0.14.039 - ASUS Cloud Corporation)
ASUS HomeCloud Server 1.0.17.059 (HKLM\...\ASUS HomeCloudServer) (Version: 1.0.17.059 - ASUS Cloud Corporation)
ASUS ROG Connect Plus (HKLM-x32\...\{ECF51D37-52ED-4871-BF8B-FEA34B8B4120}) (Version: 1.00.26 - ASUSTeK Computer Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 4.19 - Piriform)
Counter-Strike Nexon: Zombies (HKLM-x32\...\Steam App 273110) (Version:  - Nexon)
CPUID ROG CPU-Z 1.69 (HKLM\...\CPUID ROG CPU-Z_is1) (Version: 1.69 - CPUID, Inc.)
DAEMON Tools Pro (HKLM-x32\...\DAEMON Tools Pro) (Version: 5.5.0.0387 - Disc Soft Ltd)
Dell Display Manager (HKLM-x32\...\{AC50C05D-9D57-40F5-B2EF-AC402F14312B}_is1) (Version:  - EnTech Taiwan)
Dell System Detect (HKU\S-1-5-21-3591367604-1146184651-4490953-1001\...\73f463568823ebbe) (Version: 5.11.0.3 - Dell)
ERUNT 1.1j (HKLM-x32\...\ERUNT_is1) (Version:  - Lars Hederer)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
f.lux (HKU\S-1-5-21-3591367604-1146184651-4490953-1001\...\Flux) (Version:  - )
GoPro Studio 2.5.3 (HKLM-x32\...\GoPro Studio) (Version: 2.5.3 - GoPro, Inc.)
GoToMeeting 6.4.5.1865 (HKU\S-1-5-21-3591367604-1146184651-4490953-1001\...\GoToMeeting) (Version: 6.4.5.1865 - CitrixOnline)
Gyazo 2.2 (HKLM-x32\...\{6DB8C365-E719-4BA5-9594-10DFC244D3FD}_is1) (Version:  - Nota Inc.)
HomeCloud Drive 1.0.0.082 (HKLM-x32\...\HomeCloud Drive) (Version: 1.0.0.082 - ASUS Cloud Corporation)
Intel® Chipset Device Software (x32 Version: 10.0.14 - Intel® Corporation) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.0.1204 - Intel Corporation)
Intel® Network Connections 19.1.51.0 (HKLM\...\PROSetDX) (Version: 19.1.51.0 - Intel)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 13.0.3.1001 - Intel Corporation)
Java 7 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.710 - Oracle)
KeyBot (HKLM-x32\...\{DF53C8ED-1B43-475D-8CEB-9462E7BC2D9C}) (Version: 1.00.11 - ASUSTeK Computer Inc.)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
Media Streamer (HKLM-x32\...\{B457E718-00CA-45C8-9F75-45D66F8DAFF6}) (Version: 2.00.09 - ASUSTeK Computer Inc.)
MemTweakIt (HKLM-x32\...\{E51AAC3A-D66D-4912-B883-DAFBA249D10F}) (Version: 2.02.01 - ASUSTeK Computer Inc.)
Microsoft SQL Server 2008 R2 (HKLM-x32\...\Microsoft SQL Server 2008 R2) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{79A2C6E8-C727-4D12-B4B3-19790C181DEA}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Setup (English) (HKLM-x32\...\{7419AE1A-D1A5-4B24-BD78-C7ABCC26016F}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM-x32\...\{D441BD04-E548-4F8E-97A4-1B66135BAAA8}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server Browser (HKLM-x32\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}) (Version: 10.52.4000.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 33.1 (x86 en-GB) (HKLM-x32\...\Mozilla Firefox 33.1 (x86 en-GB)) (Version: 33.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 31.0 - Mozilla)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.6.9 - Notepad++ Team)
NVIDIA PhysX (HKLM-x32\...\{DEA314C4-0929-4250-BC92-98E4C105F28D}) (Version: 9.10.0129 - NVIDIA Corporation)
OpenOffice 4.1.1 (HKLM-x32\...\{86F2B095-3998-41D5-833D-1C5075300950}) (Version: 4.11.9775 - Apache Software Foundation)
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.9 - )
pidgin-otr 4.0.0-1 (HKLM-x32\...\pidgin-otr) (Version: 4.0.0-1 - Cypherpunks CA)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7227 - Realtek Semiconductor Corp.)
ROG RAMDisk (HKLM-x32\...\{DE8C1883-4F14-40DF-8C8C-376157ADF5A3}) (Version: 2.02.03 - ASUSTeK Computer Inc.)
Sandboxie 4.14 (64-bit) (HKLM\...\Sandboxie) (Version: 4.14 - Sandboxie Holdings, LLC)
Service Pack 2 for SQL Server 2008 R2 (KB2630458) (HKLM-x32\...\KB2630458) (Version: 10.52.4000.0 - Microsoft Corporation)
Sid Meier's Civilization V (HKLM-x32\...\Steam App 8930) (Version:  - 2K Games, Inc.)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
SQL Server 2008 R2 SP2 Common Files (x32 Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Services (x32 Version: 10.52.4000.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP2 Database Engine Shared (x32 Version: 10.52.4000.0 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (x32 Version: 10.50.1600.1 - Microsoft Corporation) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
VMware vCenter Converter Standalone (HKLM-x32\...\{17C3235A-A4B9-44ED-8794-54D8408F9733}) (Version: 5.1.1.1890470 - VMware, Inc.)
VMware Workstation (HKLM-x32\...\VMware_Workstation) (Version: 10.0.4 - VMware, Inc)
VMware Workstation (Version: 10.0.4 - VMware, Inc.) Hidden
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.0.1.213 - ASUS Cloud Corporation)
Windows Driver Package - GoPro (WinUSB) Universal Serial Bus devices  (03/07/2012 ) (HKLM\...\0B624A43DD66DBF5CF3EDFA9741A364E688062A4) (Version: 03/07/2012  - GoPro)
WinZip 17.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240DD}) (Version: 17.5.10562 - WinZip Computing, S.L. )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3591367604-1146184651-4490953-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-3591367604-1146184651-4490953-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Alex\AppData\Local\Citrix\GoToMeeting\1440\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)

==================== Restore Points  =========================

30-10-2014 15:19:35 Scheduled Checkpoint
09-11-2014 15:14:42 Scheduled Checkpoint
13-11-2014 08:08:08 Windows Update
15-11-2014 14:15:55 Installed Java 7 Update 71
19-11-2014 18:20:45 Windows Update
21-11-2014 15:11:09 Removed Oracle VM VirtualBox 4.3.14

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 13:25 - 2013-08-22 13:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1EBD0802-63E4-4801-9B73-753B2DE1F09B} - System32\Tasks\KMS Server Daily Activate => C:\Windows\AutoKMS_VL_ALL\AutoKMS_VL_ALL.exe [2013-11-19] (MDL)
Task: {1ECAB667-ED0D-4784-8B41-D2EDA0E3F400} - System32\Tasks\G2MUpdateTask-S-1-5-21-3591367604-1146184651-4490953-1001 => C:\Users\Alex\AppData\Local\Citrix\GoToMeeting\1865\g2mupdate.exe [2014-10-30] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {23F0514B-BE1F-489A-8495-44F70A9C4728} - System32\Tasks\ASUS\GpuFanHelper => C:\Program Files (x86)\ASUS\AI Suite III\DIP4\GpuFanHelper.exe [2014-04-02] (TODO: <Company name>)
Task: {25356406-F8BA-444E-AFA9-1866A05CB08F} - System32\Tasks\ASUS\ASUS Media Streamer DMR => C:\Program Files (x86)\ASUS\HomeCloud\Media Streamer\ASUS Media Streamer\DLNA\DMR\AODMR.exe [2014-03-21] ()
Task: {6358E86E-E1E4-432B-A0A8-E63D3FED0366} - System32\Tasks\ASUS\Push Notice Server Execute => C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotifyServer.exe [2014-01-10] (ASUSTeK Computer Inc.)
Task: {636BE7A0-077D-448D-8AAE-5089F332A245} - System32\Tasks\GyazoUpdateTaskMachine => C:\Program Files (x86)\Gyazo\GyazoUpdate.exe [2014-07-03] ()
Task: {834E4A0D-A2AA-4DE8-A21F-0A79DA3654C5} - System32\Tasks\KMS Server OnLogon Activate => C:\Windows\AutoKMS_VL_ALL\AutoKMS_VL_ALL.exe [2013-11-19] (MDL)
Task: {8FA07160-504A-4623-8DEC-ED0E0C44A422} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-10-30] (Piriform Ltd)
Task: {B195D752-9F96-4A79-88B6-442B59A3BE6D} - System32\Tasks\ASUS\KeyBot Execute => C:\Program Files (x86)\ASUS\KeyBot\KeyBot.exe [2014-04-15] ()
Task: {B5970C74-20EE-41D9-B82C-AA751CEF9D67} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {BE3ACC5E-3D81-40DC-B986-AB695EB26F7C} - System32\Tasks\ASUS\RC TweakIt Server Execute => C:\Program Files (x86)\ASUS\ASUS ROG Connect Plus\RC TweakIt Server\AsBCLK.exe [2014-03-07] ()
Task: {C64B8079-34DA-4B15-A462-07E8CD940EF5} - System32\Tasks\ASUS\ASUS DIPAwayMode => C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe [2014-04-14] ()
Task: {D0366C1B-028E-4791-994D-8E30C15B4CAB} - System32\Tasks\ASUS\ASUS AISuiteIII => C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe [2014-04-09] (ASUSTeK Computer Inc.)
Task: {DA5F7E2D-0034-4DF1-AF86-C8F102D1334C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-11-13] (Microsoft Corporation)
Task: {E00DB613-6CB9-4DEF-9514-946D2C4B6CE1} - System32\Tasks\ASUS\USB 3.0 Boost Service => C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr.exe [2013-07-24] (ASUSTeK Computer Inc.)
Task: {ED8E78B2-76DC-45A7-AB03-DA1375A05089} - System32\Tasks\ASUS\RamDisk => C:\Program Files (x86)\ASUS\ROG RAMDisk\loadImage.exe [2013-09-26] ()
Task: {EE0E3EDB-407B-4AFE-B012-02ECC23EB024} - System32\Tasks\AsushomeCloudStart => C:\Program Files\ASUS\HomeCloud\ServerConsole\ASUS HomeCloud.exe [2014-11-07] ()
Task: {FD0E9159-F577-43C9-B7EA-C14F41235653} - System32\Tasks\ASUS\Ez Update => C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe [2013-09-12] ()
Task: C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3591367604-1146184651-4490953-1001.job => C:\Users\Alex\AppData\Local\Citrix\GoToMeeting\1865\g2mupdate.exe

==================== Loaded Modules (whitelisted) =============

2014-09-01 19:54 - 2014-01-29 05:26 - 00936728 ____R () C:\Program Files (x86)\ASUS\AXSP\1.02.00\atkexComSvc.exe
2014-09-01 20:06 - 2014-03-21 06:44 - 01360016 ____R () C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.22\AsSysCtrlService.exe
2013-06-26 06:54 - 2013-06-26 06:54 - 00071680 _____ () C:\Program Files (x86)\ASUS\WebStorage\2.0.1.213\AsusWSWinService.exe
2014-10-15 12:37 - 2014-10-15 12:37 - 00707888 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareService.exe
2014-10-15 13:03 - 2014-10-15 13:03 - 00103768 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_thread-vc100-mt-1_55.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00024408 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_system-vc100-mt-1_55.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00055648 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_date_time-vc100-mt-1_55.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00123744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_filesystem-vc100-mt-1_55.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00033624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_chrono-vc100-mt-1_55.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 12459344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareServiceKernel.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 03396400 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\RCF.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00788824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_regex-vc100-mt-1_55.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00734536 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareActivation.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 02185560 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareApplicationUpdater.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00813896 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareGamingMode.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00098624 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareReset.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00120128 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTime.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00952152 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareDefinitionsUpdater.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00869224 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareDefinitionsUpdaterScheduler.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 01108808 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareIgnoreList.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00250696 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareQuarantine.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00989016 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareAntiMalwareEngine.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00212824 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareAntiRootkitEngine.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 01172816 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareScannerHistory.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 01281344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareScanner.dll
2014-10-15 13:04 - 2014-10-15 13:04 - 00035160 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_timer-vc100-mt-1_55.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00976728 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareScannerScheduler.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 01092440 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareRealTimeProtection.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00229200 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareIncompatibles.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00893768 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareAntiSpam.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00845136 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareAntiPhishing.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 03096912 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareParentalControl.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 02887504 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareWebProtection.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 01067344 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareEmailProtection.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 01290584 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareNetworkProtection.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 01004352 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwarePromo.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00343880 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareFeedback.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 02787160 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareThreatWorkAlliance.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 01264960 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwarePinCode.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 01004864 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareNotice.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00957256 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareAvcEngine.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 01179496 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareRealTimeProtectionHistory.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00154944 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\SecurityCenter.dll
2014-10-06 20:25 - 2014-10-06 20:25 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-09-01 20:16 - 2014-04-15 09:22 - 01615160 _____ () C:\Program Files (x86)\ASUS\KeyBot\KeyBot.exe
2014-09-01 20:19 - 2014-03-07 23:28 - 01982744 _____ () C:\Program Files (x86)\ASUS\ASUS ROG Connect Plus\RC TweakIt Server\AsBCLK.exe
2014-09-01 20:06 - 2013-09-12 09:35 - 01425208 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe
2014-09-01 20:06 - 2014-04-14 18:27 - 01261568 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe
2014-10-15 13:03 - 2014-10-15 13:03 - 02753360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareShellExtension.dll
2014-05-12 09:49 - 2014-05-12 09:49 - 00222720 _____ () C:\Program Files (x86)\Notepad++\NppShell_06.dll
2014-09-21 11:01 - 2014-09-21 11:01 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\ErrorReporting.dll
2014-09-01 20:12 - 2014-03-21 14:44 - 00295936 _____ () C:\Program Files (x86)\ASUS\HomeCloud\Media Streamer\ASUS Media Streamer\DLNA\DMR\AODMR.exe
2014-09-01 20:06 - 2014-04-11 08:53 - 01045304 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNoticeMonitor.exe
2014-09-01 20:06 - 2014-04-11 09:53 - 00037176 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNotify_PCCtrl.exe
2014-11-07 11:19 - 2014-11-07 11:19 - 02138432 _____ () C:\Program Files\ASUS\HomeCloud\ServerConsole\ASUS HomeCloud.exe
2014-10-15 13:03 - 2014-10-15 13:03 - 08925504 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTray.exe
2014-10-15 13:03 - 2014-10-15 13:03 - 00500056 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\boost_locale-vc100-mt-1_55.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 02132800 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\HtmlFramework.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00066872 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\DllStorage.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00869712 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\AdAwareTrayDefaultSkin.dll
2014-10-15 13:03 - 2014-10-15 13:03 - 00811328 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.4.6792.0\Localization.dll
2014-09-01 20:12 - 2014-03-21 14:44 - 01232384 _____ () C:\Program Files (x86)\ASUS\HomeCloud\Media Streamer\ASUS Media Streamer\ShareEdit.exe
2014-04-14 19:41 - 2014-04-14 19:41 - 00039192 _____ () C:\Program Files\CCleaner\branding.dll
2014-09-01 20:12 - 2014-03-21 14:44 - 01243136 _____ () C:\Program Files (x86)\ASUS\HomeCloud\Media Streamer\ASUS Media Streamer\DLNA\DMS\AODMS.exe
2014-09-01 20:12 - 2014-03-31 15:39 - 00072704 _____ () C:\Program Files (x86)\ASUS\HomeCloud\Media Streamer\ASUS Media Streamer\ASUSWSAgent.exe
2014-09-01 20:12 - 2014-03-21 14:44 - 00067072 _____ () C:\Program Files (x86)\ASUS\HomeCloud\Media Streamer\ASUS Media Streamer\AMSRelayHelpAgent.exe
2014-09-01 20:06 - 2014-04-02 15:23 - 00947512 _____ () C:\Program Files (x86)\ASUS\AI Suite III\ASUSMiniBar.exe
2014-09-01 19:54 - 2014-11-24 17:44 - 00037376 _____ () C:\Program Files (x86)\ASUS\AXSP\1.02.00\PEbiosinterface32.dll
2014-09-01 19:54 - 2013-10-11 06:32 - 00104448 ____R () C:\Program Files (x86)\ASUS\AXSP\1.02.00\ATKEX.dll
2014-06-10 20:56 - 2014-06-10 20:56 - 00086744 _____ () C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\mspack.dll
2014-06-10 20:55 - 2014-06-10 20:55 - 01297624 _____ () C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\libxml2.dll
2014-06-10 20:54 - 2014-06-10 20:54 - 00542936 _____ () C:\Program Files (x86)\VMware\VMware vCenter Converter Standalone\sqlite3.dll
2014-10-29 15:01 - 2014-10-29 15:01 - 01261272 _____ () C:\Program Files (x86)\VMware\VMware Workstation\libxml2.dll
2014-09-01 20:16 - 2014-01-16 10:20 - 00462848 _____ () C:\Program Files (x86)\ASUS\KeyBot\Macro_HookKey.dll
2014-09-01 20:16 - 2010-08-09 20:23 - 00175616 _____ () C:\Program Files (x86)\ASUS\KeyBot\AsusService.dll
2014-09-01 20:16 - 2013-09-03 09:49 - 00253952 _____ () C:\Program Files (x86)\ASUS\KeyBot\pngio.dll
2014-09-01 20:16 - 2012-02-02 20:26 - 00208896 _____ () C:\Program Files (x86)\ASUS\KeyBot\ImageHelper.dll
2014-09-01 20:19 - 2014-01-21 19:34 - 00179712 _____ () C:\Program Files (x86)\ASUS\ASUS ROG Connect Plus\RC TweakIt Server\AsusService.dll
2014-09-01 20:19 - 2014-01-21 19:34 - 00470016 _____ () C:\Program Files (x86)\ASUS\ASUS ROG Connect Plus\RC TweakIt Server\IccHelper.dll
2014-09-01 20:06 - 2014-01-28 10:16 - 00091648 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Log4cxxWrapper.dll
2014-09-01 20:06 - 2014-01-28 10:16 - 00147456 _____ () C:\Program Files (x86)\ASUS\AI Suite III\AssistFunc.dll
2014-09-01 20:06 - 2014-04-14 19:10 - 04033024 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\dip4.dll
2014-09-01 20:06 - 2014-03-07 09:46 - 00091648 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\Log4cxxWrapper.dll
2014-09-01 20:06 - 2013-08-29 14:59 - 01138176 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EasyUpdt.dll
2014-09-01 20:06 - 2014-02-14 17:54 - 00827392 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Version\Version.dll
2014-09-01 20:06 - 2014-03-07 00:46 - 00053248 ____R () C:\Program Files (x86)\ASUS\VGA COM\1.00.17\Exeio.dll
2014-09-01 20:06 - 2014-04-07 07:57 - 00278528 ____R () C:\Program Files (x86)\ASUS\VGA COM\1.00.17\Vender.dll
2014-09-01 20:06 - 2014-01-28 01:16 - 00662016 ____R () C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMLib.dll
2014-09-01 20:06 - 2014-03-07 09:45 - 00010240 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\IccHelper.dll
2014-09-01 20:06 - 2012-01-19 08:39 - 00028672 _____ () C:\Program Files (x86)\ASUS\AI Suite III\USB BIOS Flashback\PEInfo.dll
2014-09-01 20:06 - 2014-01-28 10:16 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite III\ImageHelper.dll
2014-09-01 20:06 - 2014-01-28 10:16 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite III\pngio.dll
2014-09-01 20:06 - 2010-09-23 10:51 - 00114688 _____ () C:\Program Files (x86)\ASUS\AI Suite III\USB BIOS Flashback\AsIdxParser.dll
2014-09-01 20:06 - 2010-02-25 13:01 - 00139264 _____ () C:\Program Files (x86)\ASUS\AI Suite III\USB BIOS Flashback\Aszip.dll
2014-09-01 20:06 - 2013-09-12 17:01 - 05773368 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzULIB.dll
2014-09-01 20:06 - 2010-06-21 14:21 - 00208896 _____ () C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\ImageHelper.dll
2014-09-01 20:06 - 2014-03-07 09:46 - 00685056 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4DIGIPowerControlAction.dll
2014-09-01 20:06 - 2014-04-02 15:29 - 00859136 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4EpuAction.dll
2014-09-01 20:06 - 2014-04-07 15:57 - 00801280 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4FanAction.dll
2014-09-01 20:06 - 2014-03-27 15:56 - 00807936 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DIPDLL\DIP4TurboVEVOAction.dll
2014-09-01 20:06 - 2014-03-07 09:46 - 00010240 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\IccHelper.dll
2014-09-01 20:06 - 2013-11-20 09:10 - 00662016 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\aaHMLib.dll
2014-09-01 20:06 - 2013-07-02 09:40 - 00253952 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\pngio.dll
2014-11-07 10:33 - 2014-11-07 10:33 - 00160768 _____ () C:\Program Files\ASUS\HomeCloud\ServerConsole\ASUSWSHomeCloudAPI.dll
2014-05-09 08:35 - 2014-05-09 08:35 - 00012800 _____ () C:\Program Files\ASUS\HomeCloud\ServerConsole\CWoWFuncInterface.dll
2014-05-27 10:09 - 2014-05-27 10:09 - 00018432 _____ () C:\Program Files\ASUS\HomeCloud\ServerConsole\IntelRemoteWakeAPI.dll
2014-03-11 01:51 - 2014-03-11 01:51 - 00065024 _____ () C:\Program Files\ASUS\HomeCloud\ServerConsole\AsWoWDLL.dll
2014-09-01 20:12 - 2014-03-21 14:44 - 00253952 _____ () C:\Program Files (x86)\ASUS\HomeCloud\Media Streamer\ASUS Media Streamer\pngio.dll
2014-11-12 20:01 - 2014-11-12 20:01 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-09-01 20:06 - 2014-04-02 15:29 - 00743424 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\EPU.dll
2014-09-01 20:06 - 2014-04-07 15:57 - 00908288 _____ () C:\Program Files (x86)\ASUS\AI Suite III\DIP4\FAN.dll
2014-09-01 20:06 - 2014-04-10 14:23 - 00643584 _____ () C:\Program Files (x86)\ASUS\AI Suite III\Push Notice\PushNoticeMiniMsg.dll
2014-03-20 10:43 - 2014-03-20 10:43 - 01241560 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Alex\OneDrive:ms-properties
AlternateDataStreams: C:\Users\Alex\SkyDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "GoPro Importer.lnk"
HKLM\...\StartupApproved\Run32: => "HomeCloud Drive"
HKU\S-1-5-21-3591367604-1146184651-4490953-1001\...\StartupApproved\Run: => "DAEMON Tools Pro Agent"

========================= Accounts: ==========================

Administrator (S-1-5-21-3591367604-1146184651-4490953-500 - Administrator - Disabled)
Alex (S-1-5-21-3591367604-1146184651-4490953-1001 - Administrator - Enabled) => C:\Users\Alex
Guest (S-1-5-21-3591367604-1146184651-4490953-501 - Limited - Disabled)
___VMware_Conv_SA___ (S-1-5-21-3591367604-1146184651-4490953-1007 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: VMware Virtual Ethernet Adapter for VMnet1
Description: VMware Virtual Ethernet Adapter for VMnet1
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: VMware Virtual Ethernet Adapter for VMnet8
Description: VMware Virtual Ethernet Adapter for VMnet8
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: VMware, Inc.
Service: VMnetAdapter
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: High Definition Audio Device
Description: High Definition Audio Device
Class Guid: {4d36e96c-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: HdAudAddService
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (11/24/2014 06:35:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 19.11.2014.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1328

Start Time: 01d00815518f9927

Termination Time: 2

Application Path: C:\Users\Alex\Downloads\FRST64.exe

Report Id: a0c96708-7408-11e4-828a-40167ea94dfc

Faulting package full name:

Faulting package-relative application ID:

Error: (11/24/2014 06:33:46 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (11/24/2014 06:11:04 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (11/24/2014 06:11:03 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (11/24/2014 06:11:00 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (11/24/2014 06:11:00 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (11/24/2014 05:45:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: DipAwayMode.exe, version: 0.0.0.0, time stamp: 0x00000000
Faulting module name: KERNELBASE.dll, version: 6.3.9600.17278, time stamp: 0x53eeb460
Exception code: 0x40010006
Fault offset: 0x00012f71
Faulting process id: 0x1160
Faulting application start time: 0xDipAwayMode.exe0
Faulting application path: DipAwayMode.exe1
Faulting module path: DipAwayMode.exe2
Report Id: DipAwayMode.exe3
Faulting package full name: DipAwayMode.exe4
Faulting package-relative application ID: DipAwayMode.exe5


System errors:
=============
Error: (11/24/2014 05:44:26 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (11/24/2014 05:44:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly.  It has done this 2 time(s).

Error: (11/24/2014 05:44:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The VMware vCenter Converter Standalone Worker service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/24/2014 05:44:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Apache Tomcat service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/24/2014 05:44:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Management and Security Application Local Management Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/24/2014 05:44:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Dynamic Application Loader Host Interface Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/24/2014 05:44:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Rapid Storage Technology service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/24/2014 05:44:25 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Integrated Clock Controller Service - Intel® ICCS service terminated unexpectedly.  It has done this 1 time(s).

Error: (11/24/2014 05:44:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (11/24/2014 05:44:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.


Microsoft Office Sessions:
=========================
Error: (11/24/2014 06:35:26 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FRST64.exe19.11.2014.0132801d00815518f99272C:\Users\Alex\Downloads\FRST64.exea0c96708-7408-11e4-828a-40167ea94dfc

Error: (11/24/2014 06:33:46 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Alex\Downloads\esetsmartinstaller_enu.exe

Error: (11/24/2014 06:11:04 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Alex\Downloads\esetsmartinstaller_enu.exe

Error: (11/24/2014 06:11:03 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Alex\Downloads\esetsmartinstaller_enu.exe

Error: (11/24/2014 06:11:00 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Alex\Downloads\esetsmartinstaller_enu.exe

Error: (11/24/2014 06:11:00 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\Alex\Downloads\esetsmartinstaller_enu.exe

Error: (11/24/2014 05:45:22 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: DipAwayMode.exe0.0.0.000000000KERNELBASE.dll6.3.9600.1727853eeb4604001000600012f71116001d0080e680795baC:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exeC:\Windows\SYSTEM32\KERNELBASE.dlla9c128e5-7401-11e4-828a-40167ea94dfc


==================== Memory info ===========================

Processor: Intel® Core i7-4790K CPU @ 4.00GHz
Percentage of memory in use: 20%
Total physical RAM: 16260.91 MB
Available physical RAM: 12889.51 MB
Total Pagefile: 18692.91 MB
Available Pagefile: 14501.33 MB
Total Virtual: 131072 MB
Available Virtual: 131071.84 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:134.89 GB) (Free:54.46 GB) NTFS
Drive m: (Mac) (Fixed) (Total:97.66 GB) (Free:97.51 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 701CABE5)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=134.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=97.7 GB) - (Type=07 NTFS)

==================== End Of Log ============================


All steps done!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.