Xerzi Posted March 14, 2015 ID:947396 Share Posted March 14, 2015 Hi, I was using my Windows 8 CPU when I had relogged in and found that I couldn't open one of my programs (that required administrator). Figured out there could be a problem, so I tried to access Malwarebytes. When I say open the program, I can allow it to run but nothing happens at all. I've tried Charmeleon and tested all but no Command Prompt appears. Tried to use RKill, won't do anything either, can open but won't do anything. If it would help I was infected with Trovi two days back. Regards Link to post Share on other sites More sharing options...
kevinf80 Posted March 14, 2015 ID:947398 Share Posted March 14, 2015 Hello and welcome to Malwarebytes, P2P/Piracy Warning: If you're using Peer 2 Peer software such as uTorrent, BitTorrent or similar you must either fully uninstall them or completely disable them from running while being assisted here.Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy. Follow the instructions in the following link to show hidden files: http://www.bleepingcomputer.com/tutorials/how-to-see-hidden-files-in-windows/ Next, Download Farbar Recovery Scan Tool and save it to your desktop. Note: You need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.Double-click to run it. When the tool opens click Yes to disclaimer.Press Scan button.It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply. Thanks, Kevin.. Link to post Share on other sites More sharing options...
Xerzi Posted March 14, 2015 Author ID:947399 Share Posted March 14, 2015 Thanks for the quick response. I am not actually able to access the control pannel at all. Not sure how to bypass this. Link to post Share on other sites More sharing options...
Xerzi Posted March 14, 2015 Author ID:947401 Share Posted March 14, 2015 Sorry for double post. Here are the attached txt's FRSTScan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015Ran by (administrator) on DELL on 14-03-2015 22:11:38Running from C:\Users\User\DownloadsLoaded Profiles: (administrator) & UpdatusUser (Available profiles: (administrator) & UpdatusUser)Platform: Windows 8.1 Pro (X64) OS Language: English (United States)Internet Explorer Version 11 (Default browser: FF)Boot Mode: NormalTutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/==================== Processes (Whitelisted) =================(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)(Microsoft Corporation) C:\Windows\System32\wlanext.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe(Avast Software) C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\ng\ngservice.exe(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe(Intel® Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exeFailed to access process -> firefox.exe(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe(Microsoft Corporation) C:\Windows\System32\dllhost.exe(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe(Intel Corporation) C:\Windows\System32\igfxtray.exe(Intel Corporation) C:\Windows\System32\hkcmd.exe(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe(Intel Corporation) C:\Windows\System32\igfxpers.exe(Spotify Ltd) C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe(Microsoft Corporation) C:\Windows\System32\WWAHost.exe(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe==================== Registry (Whitelisted) ==================(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [682904 2012-09-20] (Alps Electric Co., Ltd.)HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-02-04] (AVAST Software)Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)HKU\S-1-5-21-3153547000-893765435-3105596823-1001\...\Run: [spotify] => C:\Users\User\AppData\Roaming\Spotify\Spotify.exe [6737976 2015-01-27] (Spotify Ltd)HKU\S-1-5-21-3153547000-893765435-3105596823-1001\...\Run: [Google Update] => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [107848 2015-02-14] (Google Inc.)HKU\S-1-5-21-3153547000-893765435-3105596823-1001\...\Run: [spotify Web Helper] => C:\Users\User\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2015-01-27] (Spotify Ltd)AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll => C:\PROGRA~2\SearchProtect\SearchProtect\bin\VC64Loader.dll File Not FoundAppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [168616 2013-12-18] (NVIDIA Corporation)AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [141336 2013-12-18] (NVIDIA Corporation)ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)==================== Internet (Whitelisted) ====================(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)HKU\S-1-5-21-3153547000-893765435-3105596823-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/en-au/?ocid=iehpURLSearchHook: [s-1-5-21-3153547000-893765435-3105596823-1002] ATTENTION ==> Default URLSearchHook is missing.SearchScopes: HKU\S-1-5-21-3153547000-893765435-3105596823-1001 -> {1A95DC8F-4A6D-4938-B715-50B59B516306} URL =BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-02-04] (AVAST Software)BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-02-04] (AVAST Software)Tcpip\Parameters: [DhcpNameServer] 211.29.132.12 198.142.0.51 198.142.235.14FireFox:========FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\bu4k8nya.default-1426141415084FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-06] ()FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-06] ()FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)FF Plugin HKU\S-1-5-21-3153547000-893765435-3105596823-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\User\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-01-27] (Google)FF Plugin HKU\S-1-5-21-3153547000-893765435-3105596823-1001: @talk.google.com/O1DPlugin -> C:\Users\User\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-01-27] (Google)FF Plugin HKU\S-1-5-21-3153547000-893765435-3105596823-1001: @tools.google.com/Google Update;version=3 -> C:\Users\User\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-14] (Google Inc.)FF Plugin HKU\S-1-5-21-3153547000-893765435-3105596823-1001: @tools.google.com/Google Update;version=9 -> C:\Users\User\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-14] (Google Inc.)FF Plugin ProgramFiles/Appdata: C:\Users\User\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-01-27] (Google)FF Plugin ProgramFiles/Appdata: C:\Users\User\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-01-27] (Google)FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FFFF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-02-04]Chrome:=======CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2015-02-04]CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-02-04]==================== Services (Whitelisted) =================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-02-04] (AVAST Software)R3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2015-02-04] (Avast Software)S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [321024 2013-08-22] (Microsoft Corporation)R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-26] (Intel Corporation)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [272176 2012-09-25] ()S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [3398544 2014-11-12] (INCA Internet Co., Ltd.)S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-04] (Microsoft Corporation)S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-04] (Microsoft Corporation)R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [1153840 2012-09-25] (Intel® Corporation)==================== Drivers (Whitelisted) ====================(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-02-04] ()R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [87912 2015-02-04] (AVAST Software)R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-02-04] (AVAST Software)R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-02-04] ()R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-02-04] (AVAST Software)R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-02-04] (AVAST Software)R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-02-04] (AVAST Software)R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-02-04] ()S3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [132608 2015-01-30] (Microsoft Corporation)S3 BthHFAud; C:\Windows\System32\drivers\BthHfAud.sys [32768 2014-10-08] (Microsoft Corporation)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-03-14] (Malwarebytes Corporation)R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2014-11-21] (Malwarebytes Corporation)R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [4309032 2012-10-11] (Intel Corporation)R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [271752 2015-02-04] (Avast Software)S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-04] (Microsoft Corporation)R3 dump_wmimmc; \??\C:\Program Files (x86)\SEGA\PHANTASYSTARONLINE2\pso2_bin\GameGuard\dump_wmimmc.sys [X]==================== NetSvcs (Whitelisted) ===================(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)==================== One Month Created Files and Folders ========(If an entry is included in the fixlist, the file\folder will be moved.)2015-03-14 22:11 - 2015-03-14 22:12 - 00011685 _____ () C:\Users\User\Downloads\FRST.txt2015-03-14 22:11 - 2015-03-14 22:11 - 02095616 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe2015-03-14 22:11 - 2015-03-14 22:11 - 00000000 ____D () C:\FRST2015-03-14 21:16 - 2015-03-14 21:17 - 16502728 _____ (Malwarebytes Corp.) C:\Users\User\Downloads\mbar-1.09.1.1004.exe2015-03-14 21:03 - 2015-03-14 21:03 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\User\Downloads\iExplore.exe2015-03-14 21:02 - 2015-03-14 21:02 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\User\Downloads\rkill.exe2015-03-14 20:39 - 2015-03-14 20:39 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\derpaderp.exe2015-03-14 15:26 - 2015-03-14 19:11 - 00000000 ___RD () C:\Users\User\OneDrive2015-03-14 13:53 - 2015-03-14 13:54 - 00000197 _____ () C:\Windows\system32\2015-03-14-02-53-55.003-AvastVBoxSVC.exe-2640.log2015-03-14 13:34 - 2015-03-14 13:35 - 00000197 _____ () C:\Windows\system32\2015-03-14-02-34-53.081-AvastVBoxSVC.exe-2404.log2015-03-14 10:53 - 2015-03-14 10:54 - 00000197 _____ () C:\Windows\system32\2015-03-13-23-53-39.022-AvastVBoxSVC.exe-2784.log2015-03-13 20:56 - 2015-03-13 20:58 - 00000197 _____ () C:\Windows\system32\2015-03-13-09-56-34.012-AvastVBoxSVC.exe-2092.log2015-03-13 17:44 - 2015-03-13 17:45 - 00000012 _____ () C:\Users\User\Desktop\New Text Document.txt2015-03-13 17:38 - 2015-03-13 17:39 - 00000197 _____ () C:\Windows\system32\2015-03-13-06-38-15.081-AvastVBoxSVC.exe-2920.log2015-03-13 16:37 - 2015-03-13 16:37 - 00000000 ____D () C:\Program Files\Common Files\INCA Shared2015-03-13 16:37 - 2014-11-12 02:29 - 03398544 _____ (INCA Internet Co., Ltd.) C:\Windows\SysWOW64\GameMon.des2015-03-13 16:37 - 2005-01-02 23:43 - 00004682 _____ (INCA Internet Co., Ltd.) C:\Windows\SysWOW64\npptNT2.sys2015-03-13 16:37 - 2003-07-19 08:17 - 00005174 _____ () C:\Windows\SysWOW64\nppt9x.vxd2015-03-13 16:14 - 2015-03-13 16:14 - 00001354 _____ () C:\Users\User\Desktop\Phantasy Star Online 2.lnk2015-03-13 16:14 - 2015-03-13 16:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Phantasy Star Online 22015-03-13 15:45 - 2015-03-13 16:18 - 00000000 ____D () C:\Users\User\Documents\SEGA2015-03-13 15:45 - 2015-03-13 15:45 - 00000000 ____D () C:\Program Files (x86)\SEGA2015-03-13 06:55 - 2015-03-13 06:55 - 00000197 _____ () C:\Windows\system32\2015-03-12-19-55-43.084-AvastVBoxSVC.exe-2720.log2015-03-12 07:23 - 2015-03-12 07:23 - 00000197 _____ () C:\Windows\system32\2015-03-11-20-23-49.008-AvastVBoxSVC.exe-2552.log2015-03-11 22:45 - 2015-03-14 20:37 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware2015-03-11 22:45 - 2015-03-14 15:24 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys2015-03-11 22:45 - 2015-03-11 22:45 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\User\Downloads\mbam-setup-2.0.4.1028.exe2015-03-11 22:45 - 2015-03-11 22:45 - 00001114 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk2015-03-11 22:45 - 2015-03-11 22:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware2015-03-11 22:45 - 2015-03-11 22:45 - 00000000 ____D () C:\ProgramData\Malwarebytes2015-03-11 22:45 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2015-03-11 22:45 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys2015-03-11 22:45 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys2015-03-11 20:28 - 2015-03-12 07:26 - 00000000 ____D () C:\Users\User\Desktop\PSO2_Full_Client_2.0221.42015-03-11 20:26 - 2015-03-11 20:26 - 00000878 _____ () C:\Users\User\Desktop\BitTorrent.lnk2015-03-11 20:25 - 2015-03-11 20:25 - 01744472 _____ (BitTorrent Inc.) C:\Users\User\Downloads\BitTorrent.exe2015-03-11 19:27 - 2015-02-04 10:58 - 00264000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys2015-03-11 19:27 - 2015-02-04 10:58 - 00114496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys2015-03-11 19:27 - 2015-02-04 10:58 - 00044024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys2015-03-11 19:27 - 2015-02-03 10:53 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\winshfhc.dll2015-03-11 19:27 - 2015-02-03 10:53 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winshfhc.dll2015-03-11 19:26 - 2015-02-08 10:57 - 01090048 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll2015-03-11 19:26 - 2015-02-08 10:49 - 00791040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll2015-03-11 19:26 - 2015-02-07 10:09 - 00396419 _____ () C:\Windows\system32\ApnDatabase.xml2015-03-11 19:26 - 2015-02-06 12:28 - 02257408 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll2015-03-11 19:26 - 2015-02-06 12:08 - 01943040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll2015-03-11 19:26 - 2015-02-06 07:24 - 01113920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys2015-03-11 19:26 - 2015-02-03 11:03 - 03551744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll2015-03-11 19:26 - 2015-02-03 11:02 - 04298240 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll2015-03-11 19:26 - 2015-01-31 10:42 - 03097600 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll2015-03-11 19:26 - 2015-01-31 10:29 - 02484224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll2015-03-11 19:26 - 2015-01-30 14:01 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BthA2DP.sys2015-03-11 19:26 - 2015-01-30 14:01 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys2015-03-11 19:26 - 2015-01-30 14:00 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rfcomm.sys2015-03-11 19:26 - 2015-01-30 13:03 - 01488896 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll2015-03-11 19:26 - 2015-01-30 13:03 - 01464832 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll2015-03-11 19:26 - 2015-01-30 13:02 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\eappgnui.dll2015-03-11 19:26 - 2015-01-30 12:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll2015-03-11 19:26 - 2015-01-30 12:42 - 01204224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll2015-03-11 19:26 - 2015-01-30 12:40 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappgnui.dll2015-03-11 19:26 - 2015-01-30 12:37 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\eapp3hst.dll2015-03-11 19:26 - 2015-01-30 12:29 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\atlthunk.dll2015-03-11 19:26 - 2015-01-30 12:24 - 00339456 _____ (Microsoft Corporation) C:\Windows\system32\eapphost.dll2015-03-11 19:26 - 2015-01-30 12:24 - 00250880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapp3hst.dll2015-03-11 19:26 - 2015-01-30 12:16 - 00266752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapphost.dll2015-03-11 19:26 - 2015-01-30 12:08 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\eappcfg.dll2015-03-11 19:26 - 2015-01-30 12:06 - 00278016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappcfg.dll2015-03-11 19:26 - 2015-01-29 12:58 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\photowiz.dll2015-03-11 19:26 - 2015-01-29 12:29 - 00290816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\photowiz.dll2015-03-11 19:26 - 2015-01-29 12:11 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll2015-03-11 19:26 - 2015-01-29 12:04 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll2015-03-11 19:26 - 2015-01-29 12:04 - 00864256 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll2015-03-11 19:26 - 2015-01-29 12:00 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll2015-03-11 19:26 - 2015-01-29 11:59 - 02773504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll2015-03-11 19:26 - 2015-01-29 11:55 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll2015-03-11 19:26 - 2015-01-29 11:50 - 00811008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll2015-03-11 19:26 - 2015-01-29 11:49 - 02459136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll2015-03-11 19:26 - 2015-01-28 13:24 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\StorageContextHandler.dll2015-03-11 19:26 - 2015-01-28 12:47 - 00060928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StorageContextHandler.dll2015-03-11 19:26 - 2015-01-28 10:47 - 02501368 _____ (Microsoft Corporation) C:\Windows\explorer.exe2015-03-11 19:26 - 2015-01-28 10:41 - 02207488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe2015-03-11 19:26 - 2015-01-27 14:44 - 00933888 _____ (Microsoft Corporation) C:\Windows\system32\calc.exe2015-03-11 19:26 - 2015-01-24 12:51 - 00816128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\calc.exe2015-03-11 19:26 - 2015-01-23 18:17 - 00723072 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll2015-03-11 19:26 - 2015-01-23 16:02 - 00560392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll2015-03-11 19:26 - 2014-12-11 16:36 - 00046456 _____ (Microsoft Corporation) C:\Windows\system32\LockScreenContentServer.exe2015-03-11 19:26 - 2014-10-29 13:46 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BTHUSB.SYS2015-03-11 19:26 - 2014-10-29 13:46 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthenum.sys2015-03-11 19:26 - 2014-10-29 13:45 - 01198080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys2015-03-11 19:26 - 2014-10-29 13:43 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\printui.exe2015-03-11 19:26 - 2014-10-29 13:34 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\compstui.dll2015-03-11 19:26 - 2014-10-29 13:34 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WSCollect.exe2015-03-11 19:26 - 2014-10-29 13:34 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\WSReset.exe2015-03-11 19:26 - 2014-10-29 13:04 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\findnetprinters.dll2015-03-11 19:26 - 2014-10-29 13:03 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\fsquirt.exe2015-03-11 19:26 - 2014-10-29 12:58 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\printui.exe2015-03-11 19:26 - 2014-10-29 12:52 - 00289280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\compstui.dll2015-03-11 19:26 - 2014-10-29 12:51 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll2015-03-11 19:26 - 2014-10-29 12:48 - 00825856 _____ (Microsoft Corporation) C:\Windows\system32\pmcsnap.dll2015-03-11 19:26 - 2014-10-29 12:45 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\ppcsnap.dll2015-03-11 19:26 - 2014-10-29 12:45 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\prnntfy.dll2015-03-11 19:26 - 2014-10-29 12:28 - 00055808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\findnetprinters.dll2015-03-11 19:26 - 2014-10-29 12:28 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\atlthunk.dll2015-03-11 19:26 - 2014-10-29 12:20 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll2015-03-11 19:26 - 2014-10-29 12:19 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\eappprxy.dll2015-03-11 19:26 - 2014-10-29 12:15 - 00199168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prnntfy.dll2015-03-11 19:26 - 2014-10-29 12:13 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll2015-03-11 19:26 - 2014-10-29 11:59 - 00056320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappprxy.dll2015-03-11 19:26 - 2014-10-29 11:55 - 00223744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll2015-03-11 19:26 - 2014-10-29 11:55 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\puiapi.dll2015-03-11 19:26 - 2014-10-29 11:44 - 00167424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiapi.dll2015-03-11 19:26 - 2014-10-29 11:41 - 00269312 _____ (Microsoft Corporation) C:\Windows\system32\DafPrintProvider.dll2015-03-11 19:26 - 2014-10-29 11:35 - 00203776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DafPrintProvider.dll2015-03-11 19:26 - 2014-10-08 18:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BthHfAud.sys2015-03-11 16:13 - 2015-03-11 20:23 - 00000000 ____D () C:\Users\User\Desktop\save2015-03-11 16:13 - 2015-03-06 13:53 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll2015-03-11 16:13 - 2015-03-06 13:33 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll2015-03-11 16:13 - 2015-02-26 10:26 - 04178944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys2015-03-11 16:13 - 2015-02-21 12:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2015-03-11 16:13 - 2015-02-21 11:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2015-03-11 16:13 - 2015-02-21 11:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2015-03-11 16:13 - 2015-02-20 14:03 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll2015-03-11 16:13 - 2015-02-20 13:58 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll2015-03-11 16:13 - 2015-02-20 13:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2015-03-11 16:13 - 2015-02-20 13:20 - 00301056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll2015-03-11 16:13 - 2015-02-20 13:15 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll2015-03-11 16:13 - 2015-02-20 12:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2015-03-11 16:13 - 2015-02-20 12:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2015-03-11 16:13 - 2015-02-20 12:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2015-03-11 16:13 - 2015-01-31 10:20 - 00203264 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll2015-03-11 16:13 - 2015-01-29 02:41 - 07472960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe2015-03-11 16:13 - 2015-01-29 02:41 - 01733440 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll2015-03-11 16:13 - 2015-01-29 02:41 - 01498360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll2015-03-11 16:13 - 2015-01-27 15:22 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll2015-03-11 16:13 - 2015-01-27 13:11 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll2015-03-11 16:13 - 2014-10-29 14:56 - 00027456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys2015-03-11 16:13 - 2014-10-29 13:49 - 00003072 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll2015-03-11 16:13 - 2014-10-29 13:44 - 00096256 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll2015-03-11 16:13 - 2014-10-29 13:44 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll2015-03-11 16:13 - 2014-10-29 13:37 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\rfxvmt.dll2015-03-11 16:13 - 2014-10-29 13:04 - 00003072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll2015-03-11 16:13 - 2014-10-29 13:00 - 00077824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll2015-03-11 16:13 - 2014-10-29 13:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll2015-03-11 16:12 - 2015-02-21 11:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll2015-03-11 16:12 - 2015-02-21 11:27 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll2015-03-11 16:12 - 2015-02-21 10:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll2015-03-11 16:12 - 2015-02-21 10:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll2015-03-11 16:12 - 2015-02-20 13:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2015-03-11 16:12 - 2015-02-20 13:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2015-03-11 16:12 - 2015-02-20 13:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll2015-03-11 16:12 - 2015-02-20 13:35 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll2015-03-11 16:12 - 2015-02-20 13:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2015-03-11 16:12 - 2015-02-20 13:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2015-03-11 16:12 - 2015-02-20 13:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll2015-03-11 16:12 - 2015-02-20 13:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll2015-03-11 16:12 - 2015-02-20 13:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll2015-03-11 16:12 - 2015-02-20 13:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2015-03-11 16:12 - 2015-02-20 12:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll2015-03-11 16:12 - 2015-02-20 12:56 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll2015-03-11 16:12 - 2015-02-20 12:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll2015-03-11 16:12 - 2015-02-20 12:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2015-03-11 16:12 - 2015-02-20 12:49 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll2015-03-11 16:12 - 2015-02-20 12:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2015-03-11 16:12 - 2015-02-20 12:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll2015-03-11 16:12 - 2015-02-20 12:29 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll2015-03-11 16:12 - 2015-02-20 12:26 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll2015-03-11 16:12 - 2015-02-20 12:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2015-03-11 16:12 - 2015-02-20 12:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2015-03-11 16:12 - 2015-02-20 12:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2015-03-11 16:12 - 2015-02-20 12:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2015-03-11 16:12 - 2015-02-20 12:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2015-03-11 16:12 - 2015-02-20 11:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2015-03-11 16:12 - 2015-02-20 11:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2015-03-11 16:12 - 2015-02-13 04:40 - 22291584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll2015-03-11 16:12 - 2015-02-13 04:34 - 19731824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll2015-03-11 16:12 - 2015-01-30 05:45 - 01763352 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll2015-03-11 16:12 - 2015-01-30 05:34 - 01488040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll2015-03-11 16:12 - 2015-01-28 12:31 - 00402432 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll2015-03-11 16:12 - 2015-01-28 12:11 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll2015-03-11 16:12 - 2015-01-21 16:54 - 01384712 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll2015-03-11 16:12 - 2015-01-21 16:15 - 01123848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll2015-03-11 16:10 - 2015-03-11 16:10 - 00000000 ____D () C:\Users\User\Documents\New folder2015-03-08 08:50 - 2015-03-08 08:50 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox2015-03-08 08:10 - 2015-03-08 08:11 - 00000197 _____ () C:\Windows\system32\2015-03-07-21-10-44.027-AvastVBoxSVC.exe-2480.log2015-03-05 17:37 - 2015-03-05 17:37 - 00000197 _____ () C:\Windows\system32\2015-03-05-06-37-21.010-AvastVBoxSVC.exe-3280.log2015-03-01 18:40 - 2015-03-01 18:42 - 00000197 _____ () C:\Windows\system32\2015-03-01-07-40-39.033-AvastVBoxSVC.exe-2512.log2015-02-25 17:11 - 2014-12-14 08:28 - 00513488 _____ () C:\Windows\SysWOW64\locale.nls2015-02-25 17:11 - 2014-12-14 08:28 - 00513488 _____ () C:\Windows\system32\locale.nls2015-02-25 17:11 - 2014-10-29 12:27 - 01200128 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll2015-02-25 17:11 - 2014-10-29 12:27 - 00323072 _____ (Microsoft Corporation) C:\Windows\system32\GlobCollationHost.dll2015-02-25 17:11 - 2014-10-29 12:04 - 00868352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll2015-02-25 17:11 - 2014-10-29 12:04 - 00200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GlobCollationHost.dll2015-02-22 16:07 - 2015-02-22 16:08 - 00000197 _____ () C:\Windows\system32\2015-02-22-05-07-43.047-AvastVBoxSVC.exe-3540.log2015-02-19 20:54 - 2015-02-19 20:54 - 00003028 _____ () C:\Windows\System32\Tasks\{6814C38D-70DE-4620-AF22-CBF0FCDC7738}2015-02-17 17:43 - 2015-02-17 17:44 - 00000197 _____ () C:\Windows\system32\2015-02-17-06-43-39.051-AvastVBoxSVC.exe-4020.log2015-02-14 21:50 - 2015-02-14 21:50 - 00002471 _____ () C:\Users\User\Desktop\PlanetSide 2.lnk2015-02-14 20:51 - 2015-02-14 20:51 - 00943248 _____ (Dashlane inc.) C:\Users\User\Downloads\Dashlane_Launcher_bfirefox-1422555155.exe2015-02-14 20:47 - 2015-03-14 20:52 - 00000914 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3153547000-893765435-3105596823-1001UA.job2015-02-14 20:47 - 2015-03-14 20:52 - 00000862 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3153547000-893765435-3105596823-1001Core.job2015-02-14 20:47 - 2015-02-14 20:47 - 00880208 _____ (Google Inc.) C:\Users\User\Downloads\GoogleVoiceAndVideoSetup.exe2015-02-14 20:47 - 2015-02-14 20:47 - 00003858 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3153547000-893765435-3105596823-1001UA2015-02-14 20:47 - 2015-02-14 20:47 - 00003478 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3153547000-893765435-3105596823-1001Core2015-02-12 20:28 - 2015-02-12 20:28 - 00000197 _____ () C:\Windows\system32\2015-02-12-09-28-32.012-AvastVBoxSVC.exe-2908.log2015-02-12 17:22 - 2015-01-16 09:43 - 00563504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys2015-02-12 17:22 - 2015-01-16 09:43 - 00177984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys2015-02-12 17:22 - 2015-01-14 15:22 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll2015-02-12 17:22 - 2015-01-14 14:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll2015-02-12 17:22 - 2014-12-19 19:57 - 00788680 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll2015-02-12 17:22 - 2014-12-19 19:25 - 00602776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll2015-02-12 17:22 - 2014-12-09 14:45 - 00393728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll2015-02-12 17:22 - 2014-12-09 12:56 - 00538624 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll2015-02-12 17:22 - 2014-10-29 13:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll2015-02-12 17:22 - 2014-10-29 13:50 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll2015-02-12 17:22 - 2014-10-29 13:06 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll2015-02-12 17:22 - 2014-10-29 13:06 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll2015-02-12 17:22 - 2014-10-29 13:02 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll2015-02-12 17:22 - 2014-10-29 13:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll2015-02-12 17:22 - 2014-10-29 12:57 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll2015-02-12 17:22 - 2014-10-29 12:31 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll2015-02-12 17:22 - 2014-10-29 12:15 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll2015-02-12 17:22 - 2014-10-29 12:15 - 00005632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll2015-02-12 17:22 - 2014-10-29 12:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe2015-02-12 17:22 - 2014-10-29 12:13 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe2015-02-12 17:22 - 2014-10-29 12:13 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe2015-02-12 17:21 - 2015-02-04 10:38 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll2015-02-12 17:21 - 2015-02-04 10:08 - 00761856 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll2015-02-12 17:21 - 2015-02-04 10:08 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll2015-02-12 17:21 - 2015-02-03 10:11 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll2015-02-12 17:21 - 2015-02-03 10:11 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll2015-02-12 17:21 - 2015-02-03 10:11 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll2015-02-12 17:21 - 2015-01-20 05:42 - 01487976 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll2015-02-12 17:21 - 2015-01-12 13:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll2015-02-12 17:21 - 2015-01-12 12:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2015-02-12 17:21 - 2015-01-12 12:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll2015-02-12 17:21 - 2015-01-12 12:23 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll==================== One Month Modified Files and Folders =======(If an entry is included in the fixlist, the file\folder will be moved.)2015-03-14 22:03 - 2015-01-21 03:48 - 00818732 _____ () C:\Windows\system32\PerfStringBackup.INI2015-03-14 22:03 - 2013-08-23 02:36 - 00000000 ____D () C:\Windows\system32\sru2015-03-14 22:02 - 2015-01-27 18:44 - 00000000 ____D () C:\Users\User\AppData\Roaming\Spotify2015-03-14 22:02 - 2015-01-21 03:43 - 01140654 _____ () C:\Windows\WindowsUpdate.log2015-03-14 20:56 - 2015-02-06 18:58 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2015-03-14 19:45 - 2013-08-23 02:36 - 00000000 ____D () C:\Windows\LiveKernelReports2015-03-14 19:33 - 2015-01-21 03:50 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3153547000-893765435-3105596823-10012015-03-14 19:18 - 2015-02-04 19:32 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update2015-03-14 19:13 - 2015-01-27 16:26 - 00003906 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{7207D024-38B7-4EBC-910C-572324DCA071}2015-03-14 19:10 - 2013-08-23 02:36 - 00000000 ____D () C:\Windows\AppReadiness2015-03-14 15:28 - 2015-01-21 03:44 - 00000000 ____D () C:\Users\User\AppData\Local\Packages2015-03-14 13:51 - 2013-08-23 01:46 - 00017011 _____ () C:\Windows\setupact.log2015-03-14 13:51 - 2013-08-23 01:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2015-03-13 17:35 - 2013-08-23 00:25 - 00262144 ___SH () C:\Windows\system32\config\BBI2015-03-13 06:53 - 2013-08-23 01:44 - 00337808 _____ () C:\Windows\system32\FNTCACHE.DAT2015-03-13 06:52 - 2015-01-21 03:40 - 00041428 _____ () C:\Windows\PFRO.log2015-03-13 06:35 - 2013-08-23 02:36 - 00000000 ___RD () C:\Windows\ToastData2015-03-13 06:35 - 2013-08-23 02:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools2015-03-13 06:35 - 2013-08-23 02:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools2015-03-13 06:35 - 2013-08-23 02:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories2015-03-13 06:35 - 2013-08-23 02:36 - 00000000 ____D () C:\Windows\PolicyDefinitions2015-03-13 06:35 - 2013-08-23 02:36 - 00000000 ____D () C:\Program Files\Windows Defender2015-03-13 06:35 - 2013-08-23 02:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender2015-03-13 06:34 - 2013-08-23 02:36 - 00000000 ____D () C:\Windows\WinStore2015-03-13 04:53 - 2013-08-23 02:20 - 00000000 ____D () C:\Windows\CbsTemp2015-03-13 04:52 - 2015-01-28 19:30 - 00000000 ____D () C:\Windows\system32\MRT2015-03-13 04:49 - 2015-01-28 19:30 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2015-03-11 23:03 - 2015-01-27 16:27 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service2015-03-05 08:24 - 2013-08-23 02:38 - 00792032 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2015-03-05 08:24 - 2013-08-23 02:38 - 00178144 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2015-02-16 18:49 - 2015-01-27 18:44 - 00000000 ____D () C:\Users\User\AppData\Local\Spotify2015-02-14 21:50 - 2015-01-28 18:20 - 00002501 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PlanetSide 2.lnk2015-02-14 21:50 - 2015-01-28 18:20 - 00000000 ___HD () C:\Windows\msdownld.tmp2015-02-14 21:50 - 2015-01-28 18:20 - 00000000 ____D () C:\Windows\SysWOW64\directx2015-02-14 21:44 - 2013-08-23 02:36 - 00000000 ____D () C:\Windows\rescache2015-02-14 20:47 - 2015-02-04 19:32 - 00000000 ____D () C:\Users\User\AppData\Local\Google2015-02-14 20:47 - 2015-01-27 16:27 - 00000000 ____D () C:\Users\User\AppData\Roaming\Mozilla2015-02-14 20:45 - 2015-01-28 18:56 - 00000000 ____D () C:\Users\User\Documents\ManiaPlanet2015-02-14 19:16 - 2015-01-28 18:53 - 00000000 ____D () C:\ProgramData\ManiaPlanet2015-02-13 21:17 - 2015-01-28 18:53 - 00000000 ____D () C:\Program Files (x86)\ManiaPlanet2015-02-12 17:28 - 2015-01-31 11:24 - 00000000 ___SD () C:\Windows\system32\CompatTel2015-02-12 17:28 - 2015-01-31 11:24 - 00000000 ____D () C:\Windows\system32\appraiserSome content of TEMP:====================C:\Users\User\AppData\Local\Temp\Uninstaller-4380.exeC:\Users\User\AppData\Local\Temp\Uninstaller-4720.exe==================== Bamital & volsnap Check =================(There is no automatic fix for files that do not pass verification.)C:\Windows\System32\winlogon.exe => File is digitally signedC:\Windows\System32\wininit.exe => File is digitally signedC:\Windows\explorer.exe => File is digitally signedC:\Windows\SysWOW64\explorer.exe => File is digitally signedC:\Windows\System32\svchost.exe => File is digitally signedC:\Windows\SysWOW64\svchost.exe => File is digitally signedC:\Windows\System32\services.exe => File is digitally signedC:\Windows\System32\User32.dll => File is digitally signedC:\Windows\SysWOW64\User32.dll => File is digitally signedC:\Windows\System32\userinit.exe => File is digitally signedC:\Windows\SysWOW64\userinit.exe => File is digitally signedC:\Windows\System32\rpcss.dll => File is digitally signedC:\Windows\System32\Drivers\volsnap.sys => File is digitally signedLastRegBack: 2015-03-13 04:49==================== End Of Log ============================ AdditionAdditional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015Ran by (administrator) at 2015-03-14 22:12:31Running from C:\Users\User\DownloadsBoot Mode: Normal============================================================================== Security Center ========================(If an entry is included in the fixlist, it will be removed.)AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}==================== Installed Programs ======================(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)BitTorrent (HKU\S-1-5-21-3153547000-893765435-3105596823-1001\...\BitTorrent) (Version: 7.9.2.38914 - BitTorrent Inc.)Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.214 - ALPS ELECTRIC CO., LTD.)Google Talk Plugin (HKLM-x32\...\{C77CC230-7417-3F01-B70D-52583DC9FEC9}) (Version: 5.40.2.0 - Google)Google Update Helper (x32 Version: 1.3.21.169 - Google Inc.) HiddenIntel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2867 - Intel Corporation)Intel® PROSet/Wireless for Bluetooth® + High Speed (HKLM\...\{E77289CF-12B9-4CAB-A49E-FEAE947F4D95}) (Version: 15.5.4.0423 - Intel Corporation)Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)Intel® PROSet/Wireless WiFi Software (HKLM\...\{1593C708-5535-47A4-8C0F-F8D4BE2B4560}) (Version: 15.05.6000.1620 - Intel Corporation)Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)ManiaPlanet (HKLM-x32\...\ManiaPlanet_is1) (Version: - Nadeo)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)Mozilla Firefox 36.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0.1 (x86 en-US)) (Version: 36.0.1 - Mozilla)Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)NVIDIA Graphics Driver 331.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 331.65 - NVIDIA Corporation)NVIDIA Update 1.15.2 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.15.2 - NVIDIA Corporation)Phantasy Star Online 2 (HKLM-x32\...\http://pso2.jp/appid/release/asiasoft_sg_is1)(Version: - Asiasoft) PlanetSide 2 (HKU\S-1-5-21-3153547000-893765435-3105596823-1001\...\SOE-PlanetSide 2) (Version: 1.0.3.183 - Sony Online Entertainment)Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.21.200.26 - Client Connect LTD) <==== ATTENTIONSpotify (HKU\S-1-5-21-3153547000-893765435-3105596823-1001\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)WinRAR 5.21 beta 1 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.1 - win.rar GmbH)==================== Custom CLSID (selected items): ==========================(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)CustomCLSID: HKU\S-1-5-21-3153547000-893765435-3105596823-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)CustomCLSID: HKU\S-1-5-21-3153547000-893765435-3105596823-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\User\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll (Google Inc.)==================== Restore Points =========================22-02-2015 19:13:59 Scheduled Checkpoint27-02-2015 17:30:39 Windows Update12-03-2015 07:38:19 Windows Update==================== Hosts content: ==========================(If needed Hosts: directive could be included in the fixlist to reset Hosts.)2013-08-23 00:25 - 2013-08-23 00:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts==================== Scheduled Tasks (whitelisted) =============(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)Task: {15EBE461-BEF1-4076-BE18-70D1B1C40493} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-02-04] (AVAST Software)Task: {1B339BBE-5EBA-4063-B9AF-1114B7BB9B6F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-03-13] (Microsoft Corporation)Task: {229A672F-2151-4AF0-9AF2-70D2DE29116D} - System32\Tasks\{6814C38D-70DE-4620-AF22-CBF0FCDC7738} => pcalua.exe -a E:\autohtml.exe -d E:\Task: {32F88649-D3AE-430A-A038-680205AC2ECA} - \avayvaxxvae No Task File <==== ATTENTIONTask: {9CB2714B-A3FE-48B5-9599-B841A7B96789} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-02-06] (Adobe Systems Incorporated)Task: {C95B985D-3F33-46B5-9789-B0EAC52F8CD3} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3153547000-893765435-3105596823-1001UA => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2015-02-14] (Google Inc.)Task: {E234AC7F-CF9B-4D92-AE57-1F888DEE1C06} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3153547000-893765435-3105596823-1001Core => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe [2015-02-14] (Google Inc.)Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3153547000-893765435-3105596823-1001Core.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exeTask: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3153547000-893765435-3105596823-1001UA.job => C:\Users\User\AppData\Local\Google\Update\GoogleUpdate.exe==================== Loaded Modules (whitelisted) ==============2015-02-04 19:31 - 2015-02-04 19:31 - 00388208 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxDDU.dll2015-02-04 19:31 - 2015-02-04 19:31 - 05851328 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxRT.dll2015-01-21 04:46 - 2013-10-23 19:20 - 00102176 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll2013-12-18 14:42 - 2013-12-18 14:42 - 00013088 _____ () C:\Program Files\NVIDIA Corporation\CoProcManager\detoured.dll2015-01-21 04:44 - 2012-10-26 15:08 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll2015-03-14 10:53 - 2015-03-14 10:53 - 02922496 _____ () C:\Program Files\AVAST Software\Avast\defs\15031302\algo.dll2015-02-04 19:31 - 2015-02-04 19:31 - 04495336 _____ () C:\Program Files\AVAST Software\Avast\ng\vbox\x86\VBoxRT-x86.dll2015-03-14 20:32 - 2015-03-14 20:32 - 02922496 _____ () C:\Program Files\AVAST Software\Avast\defs\15031400\algo.dll2015-01-21 04:43 - 2012-06-26 05:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll2013-12-18 14:42 - 2013-12-18 14:42 - 00013088 _____ () C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll2015-03-14 10:29 - 2015-03-14 10:29 - 38714440 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll==================== Alternate Data Streams (whitelisted) =========(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)AlternateDataStreams: C:\Users\User\OneDrive:ms-properties==================== Safe Mode (whitelisted) ===================(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"==================== EXE Association (whitelisted) ===============(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)==================== Other Areas ============================(Currently there is no automatic fix for this section.)HKU\S-1-5-21-3153547000-893765435-3105596823-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Mozilla\Firefox\Desktop Background.bmpDNS Servers: 211.29.132.12 - 198.142.0.51==================== MSCONFIG/TASK MANAGER disabled items ==(Currently there is no automatic fix for this section.)==================== Accounts: =============================Administrator (S-1-5-21-3153547000-893765435-3105596823-500 - Administrator - Disabled)(administrator) (S-1-5-21-3153547000-893765435-3105596823-1001 - Administrator - Enabled) => C:\Users\UserGuest (S-1-5-21-3153547000-893765435-3105596823-501 - Limited - Disabled)UpdatusUser (S-1-5-21-3153547000-893765435-3105596823-1002 - Limited - Enabled) => C:\Users\UpdatusUser==================== Faulty Device Manager Devices ================================= Event log errors: =========================Application errors:==================Error: (03/14/2015 09:16:33 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Dell)Description: Activation of app Microsoft.SkypeApp_kzf8qxf38zg5c!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.Error: (03/14/2015 09:01:37 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Dell)Description: Activation of app Microsoft.SkypeApp_kzf8qxf38zg5c!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.Error: (03/14/2015 08:46:33 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Dell)Description: Activation of app Microsoft.SkypeApp_kzf8qxf38zg5c!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.Error: (03/14/2015 08:31:43 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Dell)Description: Activation of app Microsoft.SkypeApp_kzf8qxf38zg5c!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.Error: (03/14/2015 08:16:33 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Dell)Description: Activation of app Microsoft.SkypeApp_kzf8qxf38zg5c!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.Error: (03/14/2015 08:01:33 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Dell)Description: Activation of app Microsoft.SkypeApp_kzf8qxf38zg5c!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.Error: (03/14/2015 07:44:10 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Dell)Description: Activation of app Microsoft.SkypeApp_kzf8qxf38zg5c!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.Error: (03/14/2015 07:38:36 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)Description: There was an error with the Windows Location Provider databaseError: (03/14/2015 07:35:09 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Dell)Description: Activation of app Microsoft.SkypeApp_kzf8qxf38zg5c!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.Error: (03/14/2015 07:31:33 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Dell)Description: Activation of app Microsoft.SkypeApp_kzf8qxf38zg5c!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.System errors:=============Error: (03/14/2015 10:11:18 PM) (Source: DCOM) (EventID: 10010) (User: Dell)Description: {88F5E7B2-09B9-471E-895A-25247585905C}Error: (03/14/2015 10:09:40 PM) (Source: DCOM) (EventID: 10010) (User: Dell)Description: {06622D85-6856-4460-8DE1-A81921B41C4B}Error: (03/14/2015 10:09:38 PM) (Source: DCOM) (EventID: 10010) (User: Dell)Description: {06622D85-6856-4460-8DE1-A81921B41C4B}Error: (03/14/2015 10:09:10 PM) (Source: DCOM) (EventID: 10010) (User: Dell)Description: {06622D85-6856-4460-8DE1-A81921B41C4B}Error: (03/14/2015 10:09:10 PM) (Source: DCOM) (EventID: 10010) (User: Dell)Description: {06622D85-6856-4460-8DE1-A81921B41C4B}Error: (03/14/2015 10:09:10 PM) (Source: DCOM) (EventID: 10010) (User: Dell)Description: {06622D85-6856-4460-8DE1-A81921B41C4B}Error: (03/14/2015 10:09:10 PM) (Source: DCOM) (EventID: 10010) (User: Dell)Description: {06622D85-6856-4460-8DE1-A81921B41C4B}Error: (03/14/2015 10:01:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )Description: The TCP/IP NetBIOS Helper service failed to start due to the following error:%%1069Error: (03/14/2015 10:01:37 PM) (Source: Service Control Manager) (EventID: 7038) (User: )Description: The lmhosts service was unable to log on as NT AUTHORITY\LocalService with the currently configured password due to the following error:%%8To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).Error: (03/14/2015 09:17:17 PM) (Source: DCOM) (EventID: 10010) (User: Dell)Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}Microsoft Office Sessions:=========================Error: (03/14/2015 09:16:33 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Dell)Description: Microsoft.SkypeApp_kzf8qxf38zg5c!App-2144927141Error: (03/14/2015 09:01:37 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Dell)Description: Microsoft.SkypeApp_kzf8qxf38zg5c!App-2144927141Error: (03/14/2015 08:46:33 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Dell)Description: Microsoft.SkypeApp_kzf8qxf38zg5c!App-2144927141Error: (03/14/2015 08:31:43 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Dell)Description: Microsoft.SkypeApp_kzf8qxf38zg5c!App-2144927141Error: (03/14/2015 08:16:33 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Dell)Description: Microsoft.SkypeApp_kzf8qxf38zg5c!App-2144927141Error: (03/14/2015 08:01:33 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Dell)Description: Microsoft.SkypeApp_kzf8qxf38zg5c!App-2144927141Error: (03/14/2015 07:44:10 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Dell)Description: Microsoft.SkypeApp_kzf8qxf38zg5c!App-2144927141Error: (03/14/2015 07:38:36 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)Description: -2147024883Error: (03/14/2015 07:35:09 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Dell)Description: Microsoft.SkypeApp_kzf8qxf38zg5c!App-2144927141Error: (03/14/2015 07:31:33 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Dell)Description: Microsoft.SkypeApp_kzf8qxf38zg5c!App-2144927141==================== Memory info ===========================Processor: Intel® Core i7-3630QM CPU @ 2.40GHzPercentage of memory in use: 25%Total physical RAM: 8049.71 MBAvailable physical RAM: 5981.9 MBTotal Pagefile: 9329.71 MBAvailable Pagefile: 7001.62 MBTotal Virtual: 131072 MBAvailable Virtual: 131071.79 MB==================== Drives ================================Drive c: () (Fixed) (Total:931.17 GB) (Free:840.48 GB) NTFS==================== MBR & Partition Table ==========================================================================Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 090470D1)Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)Partition 2: (Not Active) - (Size=931.2 GB) - (Type=07 NTFS)==================== End Of Log ============================ Link to post Share on other sites More sharing options...
kevinf80 Posted March 15, 2015 ID:947559 Share Posted March 15, 2015 Download attached fixlist.txt file (end of reply) and save it to the Desktop, or the folder you saved FRST into.NOTE. It's important that both FRST and fixlist.txt are in the same location or the fix will not work. Run FRST and press the Fix button just once and wait.The tool will make a log on the Desktop (Fixlog.txt) or the folder it was ran from. Please post it to your reply. Next, Please run a Threat Scan with MBAM. If you're unable to run or complete the scan as shown below please see the following: MBAM Clean Removal Process 2xFollow the relevant steps and ensure to run mbam-clean tool after UNinstalling Malwarebytes. When reinstalling the program please try the latest version from here: http://www.malwarebytes.org/mwb-download/Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... linkOpen up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply. Next, Download AdwCleaner by Xplode onto your Desktop. Double click on Adwcleaner.exe to run the tool. Click on Scan Once the scan is done, click on the Clean button. <<<--- Ensure this option is completed You will get a prompt asking to close all programs. Click OK. Click OK again to reboot your computer. A text file will open after the restart. Please post the content of that logfile in your reply. You can also find the logfile at C:\AdwCleaner[sn].txt. Where n in the scan reference number Next, Please download Junkware Removal Tool to your desktop.Shut down your protection software now to avoid potential conflicts. (re-enable when done)Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".The tool will open and start scanning your system.Please be patient as this can take a while to complete depending on your system's specifications.On completion, a log (JRT.txt) is saved to your desktop and will automatically open.Post the contents of JRT.txt into your next message. Next, Scan with HerdProtect Please download HerdProtect by Reason Software (portable edition) and save the file to your desktop. Temporary disable your AntiVirus and AntiSpyware protection - instructions here. Right-click on icon and select Run as Administrator to install the scanner.It will ask for the location - leave the default one (%ProgramFiles%) or select another, convenient one.Agree to the terms, select Launch herdProtect and click Finish.Click Scan. It may take a while, depending on your system and connection specs. Please be patient.When it finishes click on Save Results.A Notepad with a report should open. Please include the contents of that report in your next reply. This type of scan often produces false positives. In any case do not remove on your own any of its findings! Removal will be made after the careful analysis of the scan results.Upon completion of the cleaning you may remove HerdProtect if you wish so. To do it just delete its directory (chosen by you when installing the tool). Let me see those logs, also give an update on any remaining issues or concerns..... Thanks, Kevin..... Fixlist.txt Link to post Share on other sites More sharing options...
Xerzi Posted March 16, 2015 Author ID:947724 Share Posted March 16, 2015 Malwarebytes Anti-Malwarewww.malwarebytes.orgScan Date: 16/03/2015Scan Time: 6:08:38 PMLogfile:Administrator: YesVersion: 2.00.4.1028Malware Database: v2015.03.16.01Rootkit Database: v2015.02.25.01License: TrialMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: DisabledOS: Windows 8.1CPU: x64File System: NTFSUser: (administrator)Scan Type: Threat ScanResult: CompletedObjects Scanned: 373623Time Elapsed: 17 min, 19 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: EnabledHeuristics: EnabledPUP: EnabledPUM: EnabledProcesses: 0(No malicious items detected)Modules: 0(No malicious items detected)Registry Keys: 0(No malicious items detected)Registry Values: 0(No malicious items detected)Registry Data: 0(No malicious items detected)Folders: 0(No malicious items detected)Files: 0(No malicious items detected)Physical Sectors: 0(No malicious items detected)(end) Link to post Share on other sites More sharing options...
Xerzi Posted March 16, 2015 Author ID:947725 Share Posted March 16, 2015 # AdwCleaner v4.112 - Logfile created 16/03/2015 at 19:01:45# Updated 09/03/2015 by Xplode# Database : 2015-03-15.1 [server]# Operating system : Windows 8.1 Pro (x64)# Username : (administrator) - DELL# Running from : C:\Users\User\Downloads\AdwCleaner(2).exe# Option : Cleaning***** [ Services ] ********** [ Files / Folders ] *****Folder Deleted : C:\Users\User\Desktop\Save***** [ Scheduled tasks ] ********** [ Shortcuts ] ********** [ Registry ] *****Key Deleted : HKLM\SOFTWARE\SPPDCOMKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtectKey Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}***** [ Web browsers ] *****-\\ Internet Explorer v11.0.9600.17416-\\ Mozilla Firefox v36.0.1 (x86 en-US)*************************AdwCleaner[R0].txt - [1010 bytes] - [16/03/2015 18:59:24]AdwCleaner[s0].txt - [947 bytes] - [16/03/2015 19:01:45]########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [1005 bytes] ########## Link to post Share on other sites More sharing options...
Xerzi Posted March 16, 2015 Author ID:947726 Share Posted March 16, 2015 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Junkware Removal Tool (JRT) by ThisisuVersion: 6.4.3 (03.01.2015:1)OS: Windows 8.1 Pro x64Ran by (administrator) on Mon 16/03/2015 at 19:06:24.25~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Services~~~ Registry ValuesSuccessfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start PageSuccessfully repaired: [Registry Value] HKEY_USERS\\Software\Microsoft\Internet Explorer\Main\\Start Page~~~ Registry Keys~~~ Files~~~ Folders~~~ Event Viewer Logs were cleared~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Scan was completed on Mon 16/03/2015 at 19:11:24.46End of JRT log~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Link to post Share on other sites More sharing options...
Xerzi Posted March 16, 2015 Author ID:947727 Share Posted March 16, 2015 Just saying, it said that this wasn't the full scan, if u want I can do the second scan for you as well. Saved date: 16/03/2015 8:07:33 PMFiles detected: 13Files scanned: 7,752Processes scanned: 65Modules scanned: 616ASEPs scanned: 466Downloads scanned: 0Deep analysis: 2/1---------------------------------------------------------------------------------Files---------------------------------------------------------------------------------File path: c:\windows\system32\igd10umd64.dllPublisher: Intel CorporationMD5: efa67664e181eaf2dea190ee71c0c9abSHA-1: 40123015a8bd2d4ad992f47256a1a92f5d0f3d7eCreated: 21/01/2015 4:44:04 AMDetections: 1Determination: Ignore detections (false positive) - Emsisoft Anti-Malware as Gen:Variant.Kazy.308139 (Undefined)---------------------------------------------------------------------------------File path: c:\windows\system32\drivers\intcdaud.sysPublisher: Intel® CorporationMD5: f5495b38bfb9149925f54f65ab40efbfSHA-1: 3fbef8ee216245a0b26e3fb24f6345605a0b440bCreated: 21/01/2015 4:44:04 AMDetections: 1Determination: Ignore detections (false positive) - Emsisoft Anti-Malware as Gen:Variant.Adware.SMSHoax.95 (Adware)---------------------------------------------------------------------------------File path: c:\users\user\appdata\local\temp\quarantine.exePublisher: MD5: 81415579b23e99e00dbae8188b229c51SHA-1: 4cfe98a0b250732af55021720bc20caebc53125eCreated: 8/11/2014 7:33:34 PMDetections: 2Determination: Inconclusive - Norman as DarkComet.CQ (Undefined) - Rising Antivirus as PE:Backdoor.Win32.DarkKomet.b!1075356506 (Undefined)---------------------------------------------------------------------------------File path: c:\users\user\appdata\local\temp\jrt\nircmd.datPublisher: NirSoftMD5: 466a42aea0abdf4c6b610f0f5e61cfa2SHA-1: 7e7998642babcb567ff7845cfaf4f3636ce209f7Created: 16/03/2015 7:05:19 PMDetections: 1Determination: Ignore detections (false positive) - ViRobot as RiskTool.Nircmd.43520---------------------------------------------------------------------------------File path: c:\users\user\downloads\7z920.exePublisher: MD5: b3fdf6e7b0aecd48ca7e4921773fb606SHA-1: 55283ad59439134673fc32fc097bdd9ae920fbc6Created: 30/01/2015 8:38:32 PMDetections: 1Determination: Ignore detections (false positive) - Bkav FE as W32.Clod966.Trojan (Undefined)---------------------------------------------------------------------------------File path: c:\users\user\downloads\adwcleaner(1).exePublisher: MD5: 95300ba672a14e3ae6740cb3cb41db7bSHA-1: 2b02174d3e80e73721e78422fcd70681b743ebe9Created: 15/03/2015 8:29:24 AMDetections: 3Determination: Inconclusive - Norman as DarkComet.CQ (Undefined) - Rising Antivirus as PE:Backdoor.Win32.DarkKomet.b!1075356506 (Undefined) - Qihoo 360 Security as HEUR/QVM11.1.Malware.Gen (Undefined)---------------------------------------------------------------------------------File path: c:\users\user\downloads\adwcleaner(2).exePublisher: MD5: 95300ba672a14e3ae6740cb3cb41db7bSHA-1: 2b02174d3e80e73721e78422fcd70681b743ebe9Created: 16/03/2015 6:09:04 PMDetections: 3Determination: Inconclusive - Norman as DarkComet.CQ (Undefined) - Rising Antivirus as PE:Backdoor.Win32.DarkKomet.b!1075356506 (Undefined) - Qihoo 360 Security as HEUR/QVM11.1.Malware.Gen (Undefined)---------------------------------------------------------------------------------File path: c:\users\user\downloads\adwcleaner.exePublisher: MD5: 95300ba672a14e3ae6740cb3cb41db7bSHA-1: 2b02174d3e80e73721e78422fcd70681b743ebe9Created: 15/03/2015 8:08:19 AMDetections: 3Determination: Inconclusive - Norman as DarkComet.CQ (Undefined) - Rising Antivirus as PE:Backdoor.Win32.DarkKomet.b!1075356506 (Undefined) - Qihoo 360 Security as HEUR/QVM11.1.Malware.Gen (Undefined)---------------------------------------------------------------------------------File path: c:\users\user\downloads\dashlane_launcher_bfirefox-1422555155.exePublisher: Dashlane inc.Signer: DashlaneMD5: 60462ebbe126b295489524e558344f05SHA-1: d4b635f17d251db7ffdf85ca4ab347ad56a0a72bCreated: 14/02/2015 8:51:30 PMDetections: 3Determination: Ignore detections (false positive) - Trend Micro House Call as Suspicious_GEN.F47V0129 (Undefined) - Vba32 AntiVirus as suspected of Trojan.Downloader.gen (Undefined) - Rising Antivirus as NS:PUF.SilenceInstaller!1.9DDF (Undefined)---------------------------------------------------------------------------------File path: c:\users\user\downloads\frst64.exePublisher: FarbarMD5: f58676de827dd9a5f3a44a698e8b4663SHA-1: bc7834bdbca38477a8ccf4a3027487f8e18f6170Created: 14/03/2015 10:11:11 PMDetections: 1Determination: Ignore detections (false positive) - Jiangmin as Trojan/PSW.Autoit.ic (Undefined)---------------------------------------------------------------------------------File path: c:\users\user\downloads\ps2_setup.exePublisher: Signer: Sony Online EntertainmentMD5: 91b4c2ec7bb52ebc80dc76a1f3b9dfb4SHA-1: 0c3eb3ec1855c676654c57e9d1e531ba9a58ad5eCreated: 31/01/2015 12:06:56 PMDetections: 2Determination: Ignore detections (false positive) - Antiy Labs AVL as Trojan[backdoor]/Win32.Agent (Undefined) - Vba32 AntiVirus as suspected of Trojan.Downloader.gen.h (Undefined)---------------------------------------------------------------------------------File path: c:\windows\syswow64\ext-ms-win-cluster-clusapi-l1-1-1.dllPublisher: Microsoft CorporationMD5: 6f5557e3f97cb2a957da5dcdaf1e22c1SHA-1: c2a27e776fbfc3666642425dcc5f2b34bb41cb10Created: 22/08/2013 2:14:14 PMDetections: 1Determination: Ignore detections (false positive) - The Hacker as Backdoor/Bifrose.fxu (Undefined)---------------------------------------------------------------------------------File path: c:\windows\syswow64\kbdcherp.dllPublisher: Microsoft CorporationMD5: f992fe1d923f59f806442449f3ea557bSHA-1: d216f5bc5d466c1c9d94aa57a28c5226b214bdbcCreated: 22/08/2013 2:15:06 PMDetections: 1Determination: Ignore detections (false positive) - The Hacker as Trojan/Kryptik.ahcy (Undefined) Link to post Share on other sites More sharing options...
kevinf80 Posted March 16, 2015 ID:947730 Share Posted March 16, 2015 HerdProtect logs are of no concern... What is the current status, are there any remaining issues or concerns.. Link to post Share on other sites More sharing options...
Xerzi Posted March 17, 2015 Author ID:948163 Share Posted March 17, 2015 Just concerned if the virus still is on my computer. Not sure if it's any interest but it occured after I switched my CPU to a Microsoft Account. Link to post Share on other sites More sharing options...
kevinf80 Posted March 17, 2015 ID:948178 Share Posted March 17, 2015 What do you mean (I switched my CPU to a Microsoft Account.) What do refer to. CPU usually means "Central Processing Unit" Logs we see upto now are clean, do you have any specific issues? Link to post Share on other sites More sharing options...
Xerzi Posted March 17, 2015 Author ID:948200 Share Posted March 17, 2015 Not really. Windows 8 allows you to change your computer account to an account that has everything linked up to a Microsoft Account. When I switched to that, that's when problems began. Link to post Share on other sites More sharing options...
kevinf80 Posted March 17, 2015 ID:948224 Share Posted March 17, 2015 If the new account causes problems are you able to revert back? Run couple final scans :- Please download RogueKiller and save it to your desktop from the following link: http://www.bleepingcomputer.com/download/roguekiller/ Quit all running programs.For Windows XP, double-click to start.For Vista,Windows 7/8, Right-click on the program and select Run as Administrator to start and when prompted allow it to run.Read and accept the EULA (End User Licene Agreement)Click Scan to scan the system.When the scan completes select "Report", log will open. Close the program > Don't Fix anything!Post back the report which should also be located here: Next, Please download aswMBR from here: http://files.avast.com/files/rootkit-scanner/aswmbr.exe Save to your desktop. Double click theaswMBR.exe icon, and click RunThere will be a short delay before the next dialog box comes up. Please just wait a minute or two.When asked if you'd like to "download the latest Avast! virus definitions", click Yes.Typically this is about a 100MB download so depending on your connection speed it can take a short while to download and become ready.Click the Scan button to start the scan once the update has finished downloadingOn completion of the scan, click the save log button, save it to your desktop, then copy and paste it in your next reply. Note: There will also be a file on your desktop named MBR.dat do not delete this for now. It is an actual backup of the MBR (master boot record). Zip up MBR.dat and attach to your reply.. Also let me know if there are any specific issues or concerns remaining.. Thanks, Kevin.... Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted March 26, 2015 Root Admin ID:950642 Share Posted March 26, 2015 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts