Hello

I am helping my neighbor who lives across the street get his computer cleaned. I have used you guys myself many times and you have been fantastic at solving problems. As he is not so tech savvy (nor am I really) and mostly uses his computer for browsing, I am walking him through this process.

First off, he is running windows 8 (not 8.1) so we could not run a backup of the registry with ERUNT.

I see he has a CD for Webroot, but he said it was installed a few years ago and since he doesn't do much if any online purchasing, he doesn't believe he ever renewed it. Therefore, I told him I am not surprised that he picked up a virus. I don't see where the Webroot program is even installed (I am not very good at navigating windows 8, so maybe it's just me).

Anyways, his home page was hijacked (I have since set it back to Verizon.net and it seems to be staying), but his IE is constantly bombarded with pop ups and phony problem messages.

Below are the results of his logs:

DDS:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16537
Run by abruzzeseredbklyn706 at 11:09:11 on 2014-05-11
Microsoft Windows 8 6.2.9200.0.1252.1.1033.18.3798.2617 [GMT -7:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFreeUpdt.exe
C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
C:\Program Files\Elantech\ETDService.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\windows\system32\taskhost.exe
C:\windows\System32\dwm.exe
C:\windows\system32\taskhostex.exe
C:\PROGRA~2\SearchProtect\SearchProtect\bin\cltmng.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
C:\PROGRA~2\SearchProtect\UI\bin\cltmngui.exe
C:\windows\Explorer.EXE
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\LiveComm.exe
C:\windows\system32\igfxext.exe
C:\Program Files (x86)\Samsung\Settings\sSettings.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files (x86)\PC Health Kit\PCHKSmartScan.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\StormAlerts.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\StormAlertsApp.exe
C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
C:\Program Files\Samsung\S Agent\CommonAgent.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
C:\windows\SysWOW64\NOTEPAD.EXE
C:\windows\SysWOW64\NOTEPAD.EXE
C:\windows\system32\taskhost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\System32\svchost.exe -k WerSvcGroup
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://entertainment.verizon.com/
uDefault_Page_URL = hxxp://samsung13.msn.com
mWinlogon: Userinit = userinit.exe
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: ConvertFilesforFree: {59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB} - C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFree.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [PC Driver Kit] C:\Program Files (x86)\PC Driver Kit\PCDKLauncher.exe
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [CLMLServer_For_P2G8] "C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe"
mRun: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /R
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Intel AppUp(SM) center] "C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe" --domain-id F0399437-FD0C-4A48-B101-F0314A6172E4
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
StartupFolder: C:\Users\ABRUZZ~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\STORMA~2.LNK - C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\StormAlerts.exe
StartupFolder: C:\Users\ABRUZZ~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\STORMA~1.LNK - C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\StormAlertsApp.exe
mPolicies-System: DisableCAD = dword:1
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{AB88A77F-F920-488D-BF20-8E0840706A82} : DHCPNameServer = 192.168.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
AppInit_DLLs= C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll
SSODL: WebCheck - <orphaned>
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll
STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\Windows\SysWOW64\CbFsMntNtf3.dll
x64-BHO: ConvertFilesforFree: {59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB} - C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFree_x64.dll
x64-BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
x64-BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /S3HpProtect
x64-Run: [BtTray] "C:\Program Files (x86)\Bluetooth Suite\BtTray.exe"
x64-Run: [BtvStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [Bitcasa] C:\Program Files\Bitcasa\Bitcasa.exe /startup
x64-Run: [IgfxTray] C:\windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\windows\System32\igfxpers.exe
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-mPolicies-System: DisableCAD = dword:1
x64-IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
x64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\System32\CbFsMntNtf3.dll
x64-STS: Virtual Storage Mount Notification - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\System32\CbFsMntNtf3.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\windows\System32\Drivers\iaStorA.sys [2013-2-28 645952]
R0 PxHlpa64;PxHlpa64;C:\windows\System32\Drivers\PxHlpa64.sys [2013-2-28 56336]
R1 cbfs3;cbfs3;C:\windows\System32\Drivers\cbfs3.sys [2013-2-28 352456]
R1 ccSet_NARA;NARA Settings Manager;C:\windows\System32\Drivers\NARAx64\0401000.00E\ccSetx64.sys [2013-2-28 168608]
R1 CLVirtualDrive;CLVirtualDrive;C:\windows\System32\Drivers\CLVirtualDrive.sys [2013-2-28 92536]
R2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [2013-1-26 172104]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2012-10-31 231040]
R2 c2cautoupdatesvc;Skype Click to Call Updater;C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [2014-4-11 1390720]
R2 CltMngSvc;Search Protect by Conduit Service;C:\PROGRA~2\SearchProtect\Main\bin\CltMngSvc.exe [2014-4-8 2470688]
R2 ConvertFilesforFreeUpdt;ConvertFilesforFreeUpdt;C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFreeUpdt.exe [2014-4-7 252928]
R2 Easy Launcher;Easy Launcher;C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [2012-11-30 1591176]
R2 ETDService;Elan Service;C:\Program Files\Elantech\ETDService.exe [2012-10-17 90992]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-19 635104]
R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2013-2-28 128896]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2013-2-28 165760]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2012-8-14 3943104]
R2 SWUpdateService;SW Update Service;C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe [2013-1-24 2883120]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2013-2-28 364416]
R2 ZAtheros Bt and Wlan Coex Agent;ZAtheros Bt and Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2012-10-31 323584]
R3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;C:\windows\System32\Drivers\btath_flt.sys [2013-2-28 88728]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\windows\System32\Drivers\btath_a2dp.sys [2013-2-28 344216]
R3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;C:\windows\System32\Drivers\btath_avdt.sys [2013-2-28 114840]
R3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;C:\windows\System32\Drivers\btath_bus.sys [2013-2-28 33944]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\windows\System32\Drivers\btath_hcrp.sys [2013-2-28 178840]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\windows\System32\Drivers\btath_lwflt.sys [2013-2-28 76952]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\windows\System32\Drivers\btath_rcp.sys [2013-2-28 135832]
R3 BtFilter;BtFilter;C:\windows\System32\Drivers\btfilter.sys [2013-2-28 576152]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\windows\System32\Drivers\BthLEEnum.sys [2012-7-25 202752]
R3 ETD;Samsung PS/2 Port Input Device;C:\windows\System32\Drivers\ETD.sys [2012-10-17 325488]
R3 IntcDAud;Intel(R) Display Audio;C:\windows\System32\Drivers\IntcDAud.sys [2012-6-18 342528]
R3 RadioHIDMini;Radio HID Mini-driver;C:\windows\System32\Drivers\RadioHIDMini.sys [2012-11-13 23408]
R3 RTL8168;Realtek 8168 NT Driver;C:\windows\System32\Drivers\Rt630x64.sys [2013-2-27 719504]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
.
=============== Created Last 30 ================
.
2014-05-11 17:03:38 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FAA5E5F4-F279-44A5-A11A-9EA007244489}\offreg.dll
2014-05-11 16:51:14 10651704 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FAA5E5F4-F279-44A5-A11A-9EA007244489}\mpengine.dll
2014-05-09 17:21:59 272048 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10238.bin
2014-05-09 17:20:34 10651704 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2014-05-06 22:03:32 628024 ----a-w- C:\windows\System32\NotificationUI.exe
2014-05-06 22:03:31 693760 ----a-w- C:\windows\System32\WSShared.dll
2014-05-06 22:03:28 566784 ----a-w- C:\windows\SysWow64\WSShared.dll
2014-05-06 22:03:26 124928 ----a-w- C:\windows\SysWow64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-06 22:03:22 163840 ----a-w- C:\windows\System32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-03 23:31:00 2706432 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-05-03 23:30:58 2706432 ----a-w- C:\windows\System32\mshtml.tlb
2014-05-03 21:42:59 -------- d-----w- C:\Users\abruzzeseredbklyn706\AppData\Roaming\CompuClever
2014-05-03 21:42:56 -------- d-----w- C:\ProgramData\CompuClever
2014-05-03 21:42:47 -------- d-----w- C:\Program Files (x86)\CompuClever
2014-05-03 21:42:36 -------- d-----w- C:\Program Files (x86)\HiDefMedia
2014-05-03 21:41:19 -------- d-----w- C:\Program Files (x86)\File Type Helper
2014-05-03 21:41:17 -------- d-----w- C:\Program Files (x86)\Convert Files for Free
2014-05-03 21:40:21 -------- d-----w- C:\Users\abruzzeseredbklyn706\AppData\Roaming\PC Health Kit
2014-05-03 21:40:14 -------- d-----w- C:\Program Files (x86)\PC Health Kit
2014-04-12 18:48:47 1084928 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll
2014-04-12 18:48:44 3959808 ----a-w- C:\windows\System32\jscript9.dll
2014-04-12 18:48:44 2877952 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-04-12 18:48:38 108032 ----a-w- C:\Program Files (x86)\Internet Explorer\jsdebuggeride.dll
2014-04-12 18:42:03 2232664 ----a-w- C:\windows\System32\drivers\tcpip.sys
2014-04-12 18:41:57 5979648 ----a-w- C:\windows\System32\mstscax.dll
2014-04-12 18:41:57 1939288 ----a-w- C:\windows\System32\drivers\ntfs.sys
2014-04-12 18:41:56 599040 ----a-w- C:\windows\System32\WSDApi.dll
2014-04-12 18:41:56 523264 ----a-w- C:\windows\System32\XpsGdiConverter.dll
2014-04-12 18:41:55 485888 ----a-w- C:\windows\SysWow64\WSDApi.dll
2014-04-12 18:41:54 5092352 ----a-w- C:\windows\SysWow64\mstscax.dll
2014-04-12 18:41:54 365568 ----a-w- C:\windows\SysWow64\XpsGdiConverter.dll
2014-04-12 18:41:54 278872 ----a-w- C:\windows\System32\drivers\msiscsi.sys
2014-04-12 18:41:53 332632 ----a-w- C:\windows\System32\drivers\storport.sys
2014-04-12 18:41:53 143872 ----a-w- C:\windows\SysWow64\Windows.ApplicationModel.Store.dll
2014-04-12 18:41:53 118784 ----a-w- C:\windows\System32\drivers\dfsc.sys
.
==================== Find3M ====================
.
2014-04-22 23:47:16 78296 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-22 23:47:16 694232 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-03-07 00:48:11 1766400 ----a-w- C:\windows\SysWow64\wininet.dll
2014-03-07 00:08:30 2240000 ----a-w- C:\windows\System32\wininet.dll
2014-03-07 00:08:27 915968 ----a-w- C:\windows\System32\uxtheme.dll



AswMBR:

something happened with this log. After it updated avast files, it said there was an error in the logfile (?). I don't know if I deleted the log by accident, but I ran it again and all I get is the below:

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-05-11 11:07:12
-----------------------------
11:07:12.538 OS Version: Windows x64 6.2.9200
11:07:12.538 Number of processors: 4 586 0x3A09
11:07:12.538 ComputerName: REDPRINCE UserName:
11:07:12.538 Initialze error 1
11:07:24.462 The log file has been saved successfully to "C:\Users\abruzzeseredbklyn706\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-05-11 11:29:40
-----------------------------
11:29:40.263 OS Version: Windows x64 6.2.9200
11:29:40.263 Number of processors: 4 586 0x3A09
11:29:40.264 ComputerName: REDPRINCE UserName:
11:29:40.266 Initialze error 1
11:29:53.248 The log file has been saved successfully to "C:\Users\abruzzeseredbklyn706\Desktop\aswMBR.txt"


I've tried to open ASW again but it doe not give me the option to scan again, only to print the log file (which I did above) and to Exit. Do I need to uninstall the program and reinstall it to run it again?

Help on next steps would be much appreciated.

Thanks

Hi Red Prince,

My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
The fixes are specific to your problem and should only be used for the issues on this machine.
Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
It's often worth reading through these instructions and printing them for ease of reference.
If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
Please reply to this thread. Do not start a new topic.
Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.
IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Please stay with this topic until I let you know that your system appears to be "All Clear"

Important: All tools MUST be run from the Desktop.

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Security Check

Download Security Check by screen317 from here (http://screen317.spywareinfoforum.org/SecurityCheck.exe) or here (http://screen317.changelog.fr/SecurityCheck.exe).
Save it to your Desktop.

Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye2_zpse2245433.png.html) Malwarebytes Anti-Rootkit

Download Malwarebytes Anti-Rootkit (http://downloads.malwarebytes.org/file/mbar)
Once the file has been downloaded, right click on the downloaded file and select the Extract all menu option.
Follow the instructions to extract the ZIP file to a folder called mbar-versionnumber on your desktop.
Once the ZIP file has been extracted, open the folder and when that folder opens, double-click on the mbar folder.

Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

Double-click on the mbar.exe file to launch Malwarebytes Anti-Rootkit.
After you double-click on the mbar.exe file, you may receive a User Account Control (UAC) message if you are sure you wish to allow the program to run. Please allow to start Malwarebytes Anti-Rootkit correctly.
Malwarebytes Anti-Rootkit will now install necessary drivers that are required for the program to operate correctly.
If you receive a DDA driver message like could not load DDA driver, click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer and will start automatically.

http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMAnti-Rootkit1_zps4613be8c.png (http://s1269.photobucket.com/user/OCD-WTT/media/MBAMAnti-Rootkit1_zps4613be8c.png.html)

Please click by the introduction screen on the Next button to continue.

http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMAnti-Rootkit2update_zpsf85fca28.png (http://s1269.photobucket.com/user/OCD-WTT/media/MBAMAnti-Rootkit2update_zpsf85fca28.png.html)

Next you will see the Update Database screen.
Click on the Update button so Malwarebytes Anti-Rootkit can download the latest definition updates.

http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMAnti-Rootkitupdatecomplete_zpscf9f4cdb.png (http://s1269.photobucket.com/user/OCD-WTT/media/MBAMAnti-Rootkitupdatecomplete_zpscf9f4cdb.png.html)

When the update has finished, click on the Next button.

http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMAnti-Rootkitscan_zps9b346fe7.png (http://s1269.photobucket.com/user/OCD-WTT/media/MBAMAnti-Rootkitscan_zps9b346fe7.png.html)

Next you can select some basic scanning options. Make sure the Drivers, Sectors, and System scan targets are selected before you click on the Scan button.
Malwarebytes Anti-Rootkit will now start scanning your computer for rootkits. This scan can take some time, so please be patient.

http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMAnti-Rootkitscan-results_zps9f0fdf8e.png (http://s1269.photobucket.com/user/OCD-WTT/media/MBAMAnti-Rootkitscan-results_zps9f0fdf8e.png.html)

When the scan with Malwarebytes Anti-Rootkit is finished, the program will display a screen with the results from the scan.
Make sure everything is selected and that the option to create a restore point is checked.
Next click on the Cleanup button. Malwarebytes Anti-Rootkit will then prompt you to reboot your computer.
Click on Yes button to restart your computer.

There will now be two log files created in the mbar folder called system-log.txt and one that starts with mbar-log.
The mbar-log file will always start with mbar-log, but the rest will be named using a timestamp indicating the time it was run.
For example, mbar-log-2012-11-12 (19-13-32).txt corresponds to mbar-log-year-month-day (hour-minute-second).txt.
The system-log.txt contains information about each time you have run MBAR and contains diagnostic information from the program.

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Download Farbar Recovery Scan Tool (http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/) and save to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.


Right click and select "Run as Administrator" to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply

=========================

You do not need to post the Addition.txt, do not delete it at this time.

=========================

In your next post please provide the following:

checkup.txt
system-log.txt
mbar-log
FRST.txt

Hi OCD

Looking forward to your help on this. FYI, after running malwarebytes scan and cleanup, seems like pop-ups and redirect are still active. Nonetheless, attached below are the three logs you requested from each of the programs we downloaded.

Thanks again for your help, standing by for next instructions.

Red Prince


MBAR Log:


Malwarebytes Anti-Rootkit BETA 1.07.0.1009
www.malwarebytes.org

Database version: v2014.05.17.03

Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16897
abruzzeseredbklyn706 :: REDPRINCE [limited]

5/16/2014 8:59:25 PM
mbar-log-2014-05-16 (20-59-25).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 257871
Time elapsed: 11 minute(s), 46 second(s)

Memory Processes Detected: 1
C:\Program Files (x86)\PC Health Kit\PCHKSmartScan.exe (Rogue.PCHealthKit) -> 11564 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 2
HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PC Health Kit_is1 (Rogue.PCHealthKit) -> Delete on reboot.
HKCU\SOFTWARE\PC Health Kit (Rogue.PCHealthKit) -> Delete on reboot.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 2
C:\Program Files (x86)\PC Health Kit (Rogue.PCHealthKit) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Kit (Rogue.PCHealthKit) -> Delete on reboot.

Files Detected: 22
C:\Program Files (x86)\PC Health Kit\PCHealthKit.chm (Rogue.PCHealthKit) -> Delete on reboot.
C:\Program Files (x86)\PC Health Kit\CookiesException.txt (Rogue.PCHealthKit) -> Delete on reboot.
C:\Program Files (x86)\PC Health Kit\English.ini (Rogue.PCHealthKit) -> Delete on reboot.
C:\Program Files (x86)\PC Health Kit\file_id.diz (Rogue.PCHealthKit) -> Delete on reboot.
C:\Program Files (x86)\PC Health Kit\HomePage.url (Rogue.PCHealthKit) -> Delete on reboot.
C:\Program Files (x86)\PC Health Kit\PCHealthKit.exe (Rogue.PCHealthKit) -> Delete on reboot.
C:\Program Files (x86)\PC Health Kit\PCHKGuard.exe (Rogue.PCHealthKit) -> Delete on reboot.
C:\Program Files (x86)\PC Health Kit\PCHKLauncher.exe (Rogue.PCHealthKit) -> Delete on reboot.
C:\Program Files (x86)\PC Health Kit\PCHKReminder.exe (Rogue.PCHealthKit) -> Delete on reboot.
C:\Program Files (x86)\PC Health Kit\PCHKSchedule.exe (Rogue.PCHealthKit) -> Delete on reboot.
C:\Program Files (x86)\PC Health Kit\PCHKSmartScan.exe (Rogue.PCHealthKit) -> Delete on reboot.
C:\Program Files (x86)\PC Health Kit\PCHKUninstaller.exe (Rogue.PCHealthKit) -> Delete on reboot.
C:\Program Files (x86)\PC Health Kit\scan.gif (Rogue.PCHealthKit) -> Delete on reboot.
C:\Program Files (x86)\PC Health Kit\sqlite3.dll (Rogue.PCHealthKit) -> Delete on reboot.
C:\Program Files (x86)\PC Health Kit\StartupList.txt (Rogue.PCHealthKit) -> Delete on reboot.
C:\Program Files (x86)\PC Health Kit\unins000.dat (Rogue.PCHealthKit) -> Delete on reboot.
C:\Program Files (x86)\PC Health Kit\unins000.exe (Rogue.PCHealthKit) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Kit\PC Health Kit.lnk (Rogue.PCHealthKit) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Kit\Check updates.lnk (Rogue.PCHealthKit) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Kit\Help.lnk (Rogue.PCHealthKit) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Kit\PC Health Kit on the Web.lnk (Rogue.PCHealthKit) -> Delete on reboot.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Kit\Uninstall PC Health Kit.lnk (Rogue.PCHealthKit) -> Delete on reboot.

Physical Sectors Detected: 0
(No malicious items detected)

(end)



System-log:

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1009

(c) Malwarebytes Corporation 2011-2012

OS version: 6.2.9200 Windows 8 x64

Account is Non-administrative

Internet Explorer version: 10.0.9200.16897

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 1.896000 GHz
Memory total: 3981996032, free: 1979232256

Downloaded database version: v2014.05.17.03
Downloaded database version: v2014.03.27.01
Initializing...
======================
------------ Kernel report ------------
05/16/2014 20:59:18
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\system32\drivers\tpm.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\iaStorA.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\system32\drivers\WdFilter.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\CLVirtualDrive.sys
\??\C:\windows\system32\drivers\cbfs3.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\System32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\HECIx64.sys
\SystemRoot\System32\drivers\usbehci.sys
\SystemRoot\System32\drivers\USBPORT.SYS
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\athw8x.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\system32\DRIVERS\Rt630x64.sys
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\system32\DRIVERS\ETD.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\RadioHIDMini.sys
\SystemRoot\System32\drivers\mshidkmdf.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\System32\drivers\swenum.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\btath_bus.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\System32\drivers\usbhub.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\IntcDAud.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\btfilter.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\system32\DRIVERS\BthLEEnum.sys
\SystemRoot\System32\drivers\rfcomm.sys
\SystemRoot\System32\drivers\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\System32\drivers\btath_rcp.sys
\SystemRoot\system32\drivers\btath_avdt.sys
\SystemRoot\system32\drivers\btath_a2dp.sys
\SystemRoot\System32\drivers\btath_hcrp.sys
\SystemRoot\system32\DRIVERS\btath_flt.sys
\SystemRoot\system32\DRIVERS\btath_lwflt.sys
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\drivers\rdpvideominiport.sys
\??\C:\Users\ABRUZZ~1\AppData\Local\Temp\aswMBR.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\cdd.dll
\??\C:\windows\system32\drivers\mbamchameleon.sys
\??\C:\windows\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8005c12060
Upper Device Driver Name: \Driver\disk\
Lower Device Name: \Device\0000003b\
Lower Device Object: 0xfffffa8003bb4060
Lower Device Driver Name: \Driver\iaStorA\
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8005c12060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004962980, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8005c12060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xfffffa8003bb4060, DeviceName: \Device\0000003b\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Read File: File "C:\Windows\System32\Drivers\vwifibus.sys" is compressed (flags = 1)
Read File: File "C:\WINDOWS\SYSTEM32\drivers\vwifibus.sys" is compressed (flags = 1)
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 11372AD9

GPT Protective MBR Partition information:

Partition 0 type is EFI-GPT (0xee)
Partition is NOT ACTIVE.
Partition starts at LBA: 1 Numsec = 4294967295

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

GPT Partition information:

GPT Header Signature 4546492050415254
GPT Header Revision 65536 Size 92 CRC 258679324
GPT Header CurrentLba = 1 BackupLba 976773167
GPT Header FirstUsableLba 34 LastUsableLba 976773134
GPT Header Guid 99f23383-eb08-4ec6-b796-8831bc51c2d
GPT Header Contains 128 partition entries starting at LBA 2
GPT Header Partition entry size = 128

Backup GPT header Signature 4546492050415254
Backup GPT header Revision 65536 Size 92 CRC 258679324
Backup GPT header CurrentLba = 976773167 BackupLba 1
Backup GPT header FirstUsableLba 34 LastUsableLba 976773134
Backup GPT header Guid 99f23383-eb08-4ec6-b796-8831bc51c2d
Backup GPT header Contains 128 partition entries starting at LBA 976773135
Backup GPT header Partition entry size = 128

Partition 0 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID f9d7d9c2-c57b-4d77-804-c176158bd031
FirstLBA 2048 Last LBA 1023999
Attributes 1
Partition Name Basic data partition

Partition 1 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
Partition ID f4f7049e-bb9b-49dd-82b6-c11466804c70
FirstLBA 1024000 Last LBA 1638399
Attributes 0
Partition Name EFI system partition

GPT Partition 1 is bootable
Partition 2 Type e3c9e316-b5c-4db8-817d-f92df0215ae
Partition ID f697f674-20ca-4dda-917-7ec313ffbc32
FirstLBA 1638400 Last LBA 1900543
Attributes 0
Partition Name Microsoft reserved partition

Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID ee9e068d-10d9-4a31-a084-8b23706ae06b
FirstLBA 1900544 Last LBA 928827392
Attributes 0
Partition Name Basic data partition

Partition 4 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID 4f5cb26d-8280-4b92-83fe-952380b0e7ca
FirstLBA 928827393 Last LBA 974675968
Attributes 1
Partition Name Basic data partition

Partition 5 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
Partition ID 9138b5ec-3380-4f77-4173-636c65706975
FirstLBA 974675969 Last LBA 976773120
Attributes 1
Partition Name Basic data partition

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Done!
Infected: C:\Program Files (x86)\PC Health Kit\PCHealthKit.chm --> [Rogue.PCHealthKit]
Infected: C:\Program Files (x86)\PC Health Kit --> [Rogue.PCHealthKit]
Infected: C:\Program Files (x86)\PC Health Kit\CookiesException.txt --> [Rogue.PCHealthKit]
Infected: C:\Program Files (x86)\PC Health Kit\English.ini --> [Rogue.PCHealthKit]
Infected: C:\Program Files (x86)\PC Health Kit\file_id.diz --> [Rogue.PCHealthKit]
Infected: C:\Program Files (x86)\PC Health Kit\HomePage.url --> [Rogue.PCHealthKit]
Infected: C:\Program Files (x86)\PC Health Kit\PCHealthKit.exe --> [Rogue.PCHealthKit]
Infected: C:\Program Files (x86)\PC Health Kit\PCHKGuard.exe --> [Rogue.PCHealthKit]
Infected: C:\Program Files (x86)\PC Health Kit\PCHKLauncher.exe --> [Rogue.PCHealthKit]
Infected: C:\Program Files (x86)\PC Health Kit\PCHKReminder.exe --> [Rogue.PCHealthKit]
Infected: C:\Program Files (x86)\PC Health Kit\PCHKSchedule.exe --> [Rogue.PCHealthKit]
Infected: C:\Program Files (x86)\PC Health Kit\PCHKSmartScan.exe --> [Rogue.PCHealthKit]
Infected: C:\Program Files (x86)\PC Health Kit\PCHKSmartScan.exe --> [Rogue.PCHealthKit]
Infected: C:\Program Files (x86)\PC Health Kit\PCHKUninstaller.exe --> [Rogue.PCHealthKit]
Infected: C:\Program Files (x86)\PC Health Kit\scan.gif --> [Rogue.PCHealthKit]
Infected: C:\Program Files (x86)\PC Health Kit\sqlite3.dll --> [Rogue.PCHealthKit]
Infected: C:\Program Files (x86)\PC Health Kit\StartupList.txt --> [Rogue.PCHealthKit]
Infected: C:\Program Files (x86)\PC Health Kit\unins000.dat --> [Rogue.PCHealthKit]
Infected: C:\Program Files (x86)\PC Health Kit\unins000.exe --> [Rogue.PCHealthKit]
Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PC Health Kit_is1 --> [Rogue.PCHealthKit]
Infected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Kit\PC Health Kit.lnk --> [Rogue.PCHealthKit]
Infected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Kit --> [Rogue.PCHealthKit]
Infected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Kit\Check updates.lnk --> [Rogue.PCHealthKit]
Infected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Kit\Help.lnk --> [Rogue.PCHealthKit]
Infected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Kit\PC Health Kit on the Web.lnk --> [Rogue.PCHealthKit]
Infected: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Health Kit\Uninstall PC Health Kit.lnk --> [Rogue.PCHealthKit]
Infected: HKCU\SOFTWARE\PC Health Kit --> [Rogue.PCHealthKit]
Scan finished
Creating System Restore point...
Cleaning up...
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================






Check Up log:


Results of screen317's Security Check version 0.99.83
x64 (UAC is enabled)
Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Adobe Reader 10.1.3 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSMpEng.exe
abruzzeseredbklyn706 AppData Local StormAlerts\StormAlerts.exe
abruzzeseredbklyn706 AppData Local StormAlerts\StormAlertsApp.exe
Windows Defender MsMpEng.exe
Symantec Norton Online Backup NOBuAgent.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````




FRST SCAN:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-05-2014
Ran by abruzzeseredbklyn706 (administrator) on REDPRINCE on 16-05-2014 21:28:49
Running from C:\Users\abruzzeseredbklyn706\Desktop
Platform: Windows 8 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(CompuClever Systems Inc) C:\Program Files (x86)\CompuClever\PC Clean Maestro\pccum.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
() C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFreeUpdt.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\LiveComm.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Weather Warnings LLC) C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\StormAlerts.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
() C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\StormAlertsApp.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe
() C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13263072 2012-12-12] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1260256 2013-01-04] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [766080 2012-10-31] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-10-31] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM\...\Run: [Bitcasa] => C:\Program Files\Bitcasa\Bitcasa.exe [4365824 2012-12-27] (Bitcasa, Inc)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2872176 2012-10-08] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2012-04-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-04-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-14] (Symantec Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2700142147-97012374-720385256-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-2700142147-97012374-720385256-1001\...\Run: [PC Driver Kit] => C:\Program Files (x86)\PC Driver Kit\PCDKLauncher.exe [201528 2013-10-07] (PC Health Labs)
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [202560 2014-05-03] (Client Connect LTD)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [171840 2014-05-03] (Client Connect LTD)
Startup: C:\Users\abruzzeseredbklyn706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Storm Alerts.lnk
ShortcutTarget: Storm Alerts.lnk -> C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\StormAlerts.exe (Weather Warnings LLC)
Startup: C:\Users\abruzzeseredbklyn706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormAlerts.lnk
ShortcutTarget: StormAlerts.lnk -> C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\StormAlertsApp.exe ()
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?gd=&ctid=CT3323128&octid=EB_ORIGINAL_CTID&ISID=&SearchSource=55&CUI=&UM=5&UP=SP3A270495-5635-4FAF-901D-71483078A191&SSPV=
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung13.msn.com
SearchScopes: HKLM - DefaultScope {CA263134-BB82-4DF6-B504-6BB870E632DA} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM - {CA263134-BB82-4DF6-B504-6BB870E632DA} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM-x32 - DefaultScope {CA263134-BB82-4DF6-B504-6BB870E632DA} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM-x32 - {CA263134-BB82-4DF6-B504-6BB870E632DA} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3319613&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP3A270495-5635-4FAF-901D-71483078A191&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3319613&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP3A270495-5635-4FAF-901D-71483078A191&q={searchTerms}&SSPV=
SearchScopes: HKCU - {CA263134-BB82-4DF6-B504-6BB870E632DA} URL =
BHO: ConvertFilesforFree - {59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB} - C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFree_x64.dll (Convert Files for Free)
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: ConvertFilesforFree - {59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB} - C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFree.dll (Convert Files for Free)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

==================== Services (Whitelisted) =================

R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [172104 2013-01-26] (Adobe Systems Incorporated)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [231040 2012-10-31] (Qualcomm Atheros Commnucations)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2496320 2014-05-03] (Client Connect LTD)
R2 ConvertFilesforFreeUpdt; C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFreeUpdt.exe [252928 2014-04-07] ()
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1591176 2012-11-30] (Samsung Electronics CO., LTD.)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [90992 2012-10-08] (ELAN Microelectronics Corp.)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-14] (Symantec Corporation)
R2 SWUpdateService; C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe [2883120 2013-01-24] (Samsung Electronics CO., LTD.)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-10-25] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-10-31] (Atheros)

==================== Drivers (Whitelisted) ====================

R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-10-31] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [352456 2012-08-05] (EldoS Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-24] (CyberLink)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-09] (Corel Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-16 21:28 - 2014-05-16 21:29 - 00014500 _____ () C:\Users\abruzzeseredbklyn706\Desktop\FRST.txt
2014-05-16 21:28 - 2014-05-16 21:28 - 00000000 ____D () C:\FRST
2014-05-16 21:27 - 2014-05-16 21:27 - 02067456 _____ (Farbar) C:\Users\abruzzeseredbklyn706\Desktop\FRST64.exe
2014-05-16 21:25 - 2014-05-16 21:26 - 01056768 _____ (Farbar) C:\Users\abruzzeseredbklyn706\Desktop\FRST.exe
2014-05-16 21:14 - 2014-05-16 21:14 - 00000000 ___RD () C:\Users\abruzzeseredbklyn706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-05-16 20:59 - 2014-05-16 21:13 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-05-16 20:59 - 2014-05-16 20:59 - 00119000 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-16 20:59 - 2014-05-16 20:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-16 20:55 - 2014-05-16 20:55 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-05-16 20:54 - 2014-05-16 21:11 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\Desktop\mbar
2014-05-16 20:50 - 2014-05-16 20:52 - 12589848 _____ (Malwarebytes Corp.) C:\Users\abruzzeseredbklyn706\Desktop\mbar-1.07.0.1009.exe
2014-05-16 20:49 - 2014-05-16 20:49 - 00000998 _____ () C:\Users\abruzzeseredbklyn706\Desktop\checkup.txt
2014-05-16 20:46 - 2014-05-16 20:46 - 00854367 _____ () C:\Users\abruzzeseredbklyn706\Desktop\SecurityCheck.exe
2014-05-11 11:49 - 2014-05-11 11:49 - 00000429 _____ () C:\Users\abruzzeseredbklyn706\Desktop\aswMBR.txt
2014-05-11 11:48 - 2014-05-11 11:48 - 04745728 _____ (AVAST Software) C:\Users\abruzzeseredbklyn706\Desktop\aswMBR.exe
2014-05-11 11:08 - 2014-05-11 11:08 - 00001915 _____ () C:\Users\abruzzeseredbklyn706\Desktop\attach.zip
2014-05-11 10:05 - 2014-05-11 11:09 - 00016496 _____ () C:\Users\abruzzeseredbklyn706\Desktop\dds.txt
2014-05-11 10:05 - 2014-05-11 11:09 - 00005830 _____ () C:\Users\abruzzeseredbklyn706\Desktop\attach.txt
2014-05-11 09:59 - 2014-05-11 09:59 - 00688992 ____R (Swearware) C:\Users\abruzzeseredbklyn706\Desktop\dds.scr
2014-05-06 15:03 - 2014-04-19 02:39 - 00628024 _____ (Microsoft Corporation) C:\windows\system32\NotificationUI.exe
2014-05-06 15:03 - 2014-04-19 01:45 - 00693760 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll
2014-05-06 15:03 - 2014-04-19 01:45 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-06 15:03 - 2014-04-18 23:57 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll
2014-05-06 15:03 - 2014-04-18 23:57 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-03 16:31 - 2014-04-29 07:14 - 19275264 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-05-03 16:31 - 2014-04-29 05:47 - 14357504 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-05-03 16:31 - 2014-04-29 05:25 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-05-03 16:30 - 2014-04-29 05:36 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-05-03 14:43 - 2014-05-03 14:43 - 00003824 _____ () C:\windows\System32\Tasks\PC Clean Maestro Scan
2014-05-03 14:43 - 2014-05-03 14:43 - 00003540 _____ () C:\windows\System32\Tasks\PC Clean Maestro Scan SecondTime
2014-05-03 14:43 - 2014-05-03 14:43 - 00003538 _____ () C:\windows\System32\Tasks\PC Clean Maestro Scan FirstTime
2014-05-03 14:43 - 2014-05-03 14:43 - 00003358 _____ () C:\windows\System32\Tasks\PC Clean Maestro Startup
2014-05-03 14:43 - 2014-05-03 14:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HiDefMedia
2014-05-03 14:42 - 2014-05-03 14:42 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CompuClever
2014-05-03 14:42 - 2014-05-03 14:42 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\AppData\Roaming\CompuClever
2014-05-03 14:42 - 2014-05-03 14:42 - 00000000 ____D () C:\ProgramData\CompuClever
2014-05-03 14:42 - 2014-05-03 14:42 - 00000000 ____D () C:\Program Files (x86)\HiDefMedia
2014-05-03 14:42 - 2014-05-03 14:42 - 00000000 ____D () C:\Program Files (x86)\CompuClever
2014-05-03 14:41 - 2014-05-03 14:41 - 00000002 _____ () C:\END
2014-05-03 14:41 - 2014-05-03 14:41 - 00000000 ____D () C:\Program Files (x86)\File Type Helper
2014-05-03 14:41 - 2014-05-03 14:41 - 00000000 ____D () C:\Program Files (x86)\Convert Files for Free
2014-05-03 14:40 - 2014-05-16 20:36 - 00003302 _____ () C:\windows\System32\Tasks\PC Health Kit Schedule
2014-05-03 14:40 - 2014-05-03 14:40 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\Documents\PC Health Kit
2014-05-03 14:40 - 2014-05-03 14:40 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\AppData\Roaming\PC Health Kit

==================== One Month Modified Files and Folders =======

2014-05-16 21:29 - 2014-05-16 21:28 - 00014500 _____ () C:\Users\abruzzeseredbklyn706\Desktop\FRST.txt
2014-05-16 21:28 - 2014-05-16 21:28 - 00000000 ____D () C:\FRST
2014-05-16 21:28 - 2013-02-27 23:23 - 01231774 _____ () C:\windows\WindowsUpdate.log
2014-05-16 21:27 - 2014-05-16 21:27 - 02067456 _____ (Farbar) C:\Users\abruzzeseredbklyn706\Desktop\FRST64.exe
2014-05-16 21:27 - 2014-01-22 11:45 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts
2014-05-16 21:26 - 2014-05-16 21:25 - 01056768 _____ (Farbar) C:\Users\abruzzeseredbklyn706\Desktop\FRST.exe
2014-05-16 21:26 - 2013-09-26 22:39 - 00003592 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2700142147-97012374-720385256-1001
2014-05-16 21:18 - 2013-02-28 00:35 - 00000000 ____D () C:\ProgramData\WinClon
2014-05-16 21:18 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-05-16 21:14 - 2014-05-16 21:14 - 00000000 ___RD () C:\Users\abruzzeseredbklyn706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-05-16 21:13 - 2014-05-16 20:59 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-05-16 21:13 - 2012-08-05 14:07 - 00459244 _____ () C:\windows\PFRO.log
2014-05-16 21:13 - 2012-07-26 00:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-05-16 21:12 - 2012-07-25 22:26 - 00262144 ___SH () C:\windows\system32\config\BBI
2014-05-16 21:11 - 2014-05-16 20:54 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\Desktop\mbar
2014-05-16 21:00 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\system32\sru
2014-05-16 20:59 - 2014-05-16 20:59 - 00119000 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-16 20:59 - 2014-05-16 20:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-16 20:55 - 2014-05-16 20:55 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-05-16 20:52 - 2014-05-16 20:50 - 12589848 _____ (Malwarebytes Corp.) C:\Users\abruzzeseredbklyn706\Desktop\mbar-1.07.0.1009.exe
2014-05-16 20:49 - 2014-05-16 20:49 - 00000998 _____ () C:\Users\abruzzeseredbklyn706\Desktop\checkup.txt
2014-05-16 20:46 - 2014-05-16 20:46 - 00854367 _____ () C:\Users\abruzzeseredbklyn706\Desktop\SecurityCheck.exe
2014-05-16 20:36 - 2014-05-03 14:40 - 00003302 _____ () C:\windows\System32\Tasks\PC Health Kit Schedule
2014-05-12 10:37 - 2014-01-18 13:52 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-05-11 11:49 - 2014-05-11 11:49 - 00000429 _____ () C:\Users\abruzzeseredbklyn706\Desktop\aswMBR.txt
2014-05-11 11:48 - 2014-05-11 11:48 - 04745728 _____ (AVAST Software) C:\Users\abruzzeseredbklyn706\Desktop\aswMBR.exe
2014-05-11 11:09 - 2014-05-11 10:05 - 00016496 _____ () C:\Users\abruzzeseredbklyn706\Desktop\dds.txt
2014-05-11 11:09 - 2014-05-11 10:05 - 00005830 _____ () C:\Users\abruzzeseredbklyn706\Desktop\attach.txt
2014-05-11 11:08 - 2014-05-11 11:08 - 00001915 _____ () C:\Users\abruzzeseredbklyn706\Desktop\attach.zip
2014-05-11 11:05 - 2013-12-29 12:08 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\AppData\Local\CrashDumps
2014-05-11 10:45 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\rescache
2014-05-11 09:59 - 2014-05-11 09:59 - 00688992 ____R (Swearware) C:\Users\abruzzeseredbklyn706\Desktop\dds.scr
2014-05-08 09:08 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\WinStore
2014-05-03 14:43 - 2014-05-03 14:43 - 00003824 _____ () C:\windows\System32\Tasks\PC Clean Maestro Scan
2014-05-03 14:43 - 2014-05-03 14:43 - 00003540 _____ () C:\windows\System32\Tasks\PC Clean Maestro Scan SecondTime
2014-05-03 14:43 - 2014-05-03 14:43 - 00003538 _____ () C:\windows\System32\Tasks\PC Clean Maestro Scan FirstTime
2014-05-03 14:43 - 2014-05-03 14:43 - 00003358 _____ () C:\windows\System32\Tasks\PC Clean Maestro Startup
2014-05-03 14:43 - 2014-05-03 14:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HiDefMedia
2014-05-03 14:42 - 2014-05-03 14:42 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CompuClever
2014-05-03 14:42 - 2014-05-03 14:42 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\AppData\Roaming\CompuClever
2014-05-03 14:42 - 2014-05-03 14:42 - 00000000 ____D () C:\ProgramData\CompuClever
2014-05-03 14:42 - 2014-05-03 14:42 - 00000000 ____D () C:\Program Files (x86)\HiDefMedia
2014-05-03 14:42 - 2014-05-03 14:42 - 00000000 ____D () C:\Program Files (x86)\CompuClever
2014-05-03 14:41 - 2014-05-03 14:41 - 00000002 _____ () C:\END
2014-05-03 14:41 - 2014-05-03 14:41 - 00000000 ____D () C:\Program Files (x86)\File Type Helper
2014-05-03 14:41 - 2014-05-03 14:41 - 00000000 ____D () C:\Program Files (x86)\Convert Files for Free
2014-05-03 14:40 - 2014-05-03 14:40 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\Documents\PC Health Kit
2014-05-03 14:40 - 2014-05-03 14:40 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\AppData\Roaming\PC Health Kit
2014-04-29 07:14 - 2014-05-03 16:31 - 19275264 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-04-29 05:47 - 2014-05-03 16:31 - 14357504 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-04-29 05:36 - 2014-05-03 16:30 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-04-29 05:25 - 2014-05-03 16:31 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-04-22 16:47 - 2013-10-28 15:08 - 00694232 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-04-22 16:47 - 2013-10-28 15:08 - 00078296 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-19 02:39 - 2014-05-06 15:03 - 00628024 _____ (Microsoft Corporation) C:\windows\system32\NotificationUI.exe
2014-04-19 01:45 - 2014-05-06 15:03 - 00693760 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll
2014-04-19 01:45 - 2014-05-06 15:03 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-18 23:57 - 2014-05-06 15:03 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll
2014-04-18 23:57 - 2014-05-06 15:03 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-18 12:09 - 2013-12-29 11:42 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-04-18 12:08 - 2013-09-26 22:33 - 00000000 ___RD () C:\Users\abruzzeseredbklyn706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-18 12:08 - 2013-09-26 22:33 - 00000000 ___RD () C:\Users\abruzzeseredbklyn706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-18 12:04 - 2012-07-26 01:12 - 00000000 ___RD () C:\windows\ToastData
2014-04-17 13:26 - 2012-07-25 22:26 - 00262144 ___SH () C:\windows\system32\config\ELAM

Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe
C:\Users\EasySurvey\EasySurvey.exe


Some content of TEMP:
====================
C:\Users\abruzzeseredbklyn706\AppData\Local\Temp\SPSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-11 09:39

==================== End Of Log ============================

Hi Red Prince,

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye2_zpse2245433.png.html) Uninstall via Programs and Features

Locate the following listed in Programs and Features and click the Remove button:

CompuClever
SearchProtect

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) FRST Fix Script

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt



(CompuClever Systems Inc) C:\Program Files (x86)\CompuClever\PC Clean Maestro\pccum.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [202560 2014-05-03] (Client Connect LTD)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [171840 2014-05-03] (Client Connect LTD)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?gd=&ctid=...3078A191&SSPV=
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3319613&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP3A270495-5635-4FAF-901D-71483078A191&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3319613&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP3A270495-5635-4FAF-901D-71483078A191&q={searchTerms}&SSPV=
SearchScopes: HKCU - {CA263134-BB82-4DF6-B504-6BB870E632DA} URL =
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2496320 2014-05-03] (Client Connect LTD)
2014-05-03 14:43 - 2014-05-03 14:43 - 00003824 _____ () C:\windows\System32\Tasks\PC Clean Maestro Scan
2014-05-03 14:43 - 2014-05-03 14:43 - 00003540 _____ () C:\windows\System32\Tasks\PC Clean Maestro Scan SecondTime
2014-05-03 14:43 - 2014-05-03 14:43 - 00003538 _____ () C:\windows\System32\Tasks\PC Clean Maestro Scan FirstTime
2014-05-03 14:43 - 2014-05-03 14:43 - 00003358 _____ () C:\windows\System32\Tasks\PC Clean Maestro Startup
2014-05-03 14:42 - 2014-05-03 14:42 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CompuClever
2014-05-03 14:42 - 2014-05-03 14:42 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\AppData\Roaming\CompuClever
2014-05-03 14:42 - 2014-05-03 14:42 - 00000000 ____D () C:\ProgramData\CompuClever
2014-05-03 14:42 - 2014-05-03 14:42 - 00000000 ____D () C:\Program Files (x86)\CompuClever
2014-05-03 14:40 - 2014-05-16 20:36 - 00003302 _____ () C:\windows\System32\Tasks\PC Health Kit Schedule
2014-05-03 14:40 - 2014-05-03 14:40 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\Documents\PC Health Kit
2014-05-03 14:40 - 2014-05-03 14:40 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\AppData\Roaming\PC Health Kit
2014-05-16 20:36 - 2014-05-03 14:40 - 00003302 _____ () C:\windows\System32\Tasks\PC Health Kit Schedule
C:\ProgramData\MakeMarkerFile.exe
C:\Users\EasySurvey\EasySurvey.exe


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Reboot

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Re-run Farbar Recovery Scan Tool it should be on your desktop.


Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
=========================


In your next post please provide the following:

Fixlog.txt
FRST.txt
Any change in performance?

Fixlog:

Thanks OCD. Followed instructions and posted the two logs requested below.

Good news is that homepage is no longer hijacked and goes to MSN but still seeing pop-ups a la "java update" and "pdf creator" and "downloadcypher.com" etc. But overall, seems a tad better.

looking forward to next steps.

thanks

Red Prince




Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-05-2014
Ran by abruzzeseredbklyn706 at 2014-05-17 20:19:28 Run:1
Running from C:\Users\abruzzeseredbklyn706\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
(CompuClever Systems Inc) C:\Program Files (x86)\CompuClever\PC Clean Maestro\pccum.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
(Client Connect LTD) C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll [202560 2014-05-03] (Client Connect LTD)
AppInit_DLLs-x32: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll [171840 2014-05-03] (Client Connect LTD)
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?gd=&ctid=...3078A191&SSPV=
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3319613&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP3A270495-5635-4FAF-901D-71483078A191&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.conduit.com/Results.aspx?ctid=CT3319613&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP3A270495-5635-4FAF-901D-71483078A191&q={searchTerms}&SSPV=
SearchScopes: HKCU - {CA263134-BB82-4DF6-B504-6BB870E632DA} URL =
R2 CltMngSvc; C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe [2496320 2014-05-03] (Client Connect LTD)
2014-05-03 14:43 - 2014-05-03 14: 43 - 00003824 _____ () C:\windows\System32\Tasks\PC Clean Maestro Scan
2014-05-03 14:43 - 2014-05-03 14: 43 - 00003540 _____ () C:\windows\System32\Tasks\PC Clean Maestro Scan SecondTime
2014-05-03 14:43 - 2014-05-03 14: 43 - 00003538 _____ () C:\windows\System32\Tasks\PC Clean Maestro Scan FirstTime
2014-05-03 14:43 - 2014-05-03 14: 43 - 00003358 _____ () C:\windows\System32\Tasks\PC Clean Maestro Startup
2014-05-03 14:42 - 2014-05-03 14:42 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CompuClever
2014-05-03 14:42 - 2014-05-03 14:42 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\AppData\Roaming\CompuClever
2014-05-03 14:42 - 2014-05-03 14:42 - 00000000 ____D () C:\ProgramData\CompuClever
2014-05-03 14:42 - 2014-05-03 14:42 - 00000000 ____D () C:\Program Files (x86)\CompuClever
2014-05-03 14:40 - 2014-05-16 20: 36 - 00003302 _____ () C:\windows\System32\Tasks\PC Health Kit Schedule
2014-05-03 14:40 - 2014-05-03 14:40 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\Documents\PC Health Kit
2014-05-03 14:40 - 2014-05-03 14:40 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\AppData\Roaming\PC Health Kit
2014-05-16 20:36 - 2014-05-03 14:40 - 00003302 _____ () C:\windows\System32\Tasks\PC Health Kit Schedule
C:\ProgramData\MakeMarkerFile.exe
C:\Users\EasySurvey\EasySurvey.exe
*****************

C:\Program Files (x86)\CompuClever\PC Clean Maestro\pccum.exe => No running process found
C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe => No running process found
C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe => No running process found
C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe => No running process found
"C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll" => Value Data not found.
"C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll" => Value Data not found.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key deleted successfully.
HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CA263134-BB82-4DF6-B504-6BB870E632DA} => Key deleted successfully.
HKCR\CLSID\{CA263134-BB82-4DF6-B504-6BB870E632DA} => Key not found.
CltMngSvc => Service not found.
"C:\windows\System32\Tasks\PC Clean Maestro Scan" => File/Directory not found.
"C:\windows\System32\Tasks\PC Clean Maestro Scan SecondTime" => File/Directory not found.
"C:\windows\System32\Tasks\PC Clean Maestro Scan FirstTime" => File/Directory not found.
"C:\windows\System32\Tasks\PC Clean Maestro Startup" => File/Directory not found.
"C:\Users\abruzzeseredbklyn706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CompuClever" => File/Directory not found.
C:\Users\abruzzeseredbklyn706\AppData\Roaming\CompuClever => Moved successfully.
"C:\ProgramData\CompuClever" => File/Directory not found.
C:\Program Files (x86)\CompuClever => Moved successfully.
C:\windows\System32\Tasks\PC Health Kit Schedule => Moved successfully.
C:\Users\abruzzeseredbklyn706\Documents\PC Health Kit => Moved successfully.
C:\Users\abruzzeseredbklyn706\AppData\Roaming\PC Health Kit => Moved successfully.
"C:\windows\System32\Tasks\PC Health Kit Schedule" => File/Directory not found.
C:\ProgramData\MakeMarkerFile.exe => Moved successfully.
C:\Users\EasySurvey\EasySurvey.exe => Moved successfully.

==== End of Fixlog ====

FRST log:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-05-2014
Ran by abruzzeseredbklyn706 (administrator) on REDPRINCE on 17-05-2014 20:34:13
Running from C:\Users\abruzzeseredbklyn706\Desktop
Platform: Windows 8 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
() C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFreeUpdt.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Weather Warnings LLC) C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\StormAlerts.exe
() C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\StormAlertsApp.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.2.9200.16683_none_62280e15510f8e79\TiWorker.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13263072 2012-12-12] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1260256 2013-01-04] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [766080 2012-10-31] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-10-31] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM\...\Run: [Bitcasa] => C:\Program Files\Bitcasa\Bitcasa.exe [4365824 2012-12-27] (Bitcasa, Inc)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2872176 2012-10-08] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2012-04-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-04-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-14] (Symantec Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2700142147-97012374-720385256-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-2700142147-97012374-720385256-1001\...\Run: [PC Driver Kit] => C:\Program Files (x86)\PC Driver Kit\PCDKLauncher.exe [201528 2013-10-07] (PC Health Labs)
Startup: C:\Users\abruzzeseredbklyn706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Storm Alerts.lnk
ShortcutTarget: Storm Alerts.lnk -> C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\StormAlerts.exe (Weather Warnings LLC)
Startup: C:\Users\abruzzeseredbklyn706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormAlerts.lnk
ShortcutTarget: StormAlerts.lnk -> C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\StormAlertsApp.exe ()
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung13.msn.com
SearchScopes: HKLM - DefaultScope {CA263134-BB82-4DF6-B504-6BB870E632DA} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM - {CA263134-BB82-4DF6-B504-6BB870E632DA} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM-x32 - DefaultScope {CA263134-BB82-4DF6-B504-6BB870E632DA} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM-x32 - {CA263134-BB82-4DF6-B504-6BB870E632DA} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKCU - DefaultScope {CA263134-BB82-4DF6-B504-6BB870E632DA} URL =
SearchScopes: HKCU - {CA263134-BB82-4DF6-B504-6BB870E632DA} URL =
BHO: ConvertFilesforFree - {59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB} - C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFree_x64.dll (Convert Files for Free)
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: ConvertFilesforFree - {59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB} - C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFree.dll (Convert Files for Free)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

==================== Services (Whitelisted) =================

R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [172104 2013-01-26] (Adobe Systems Incorporated)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [231040 2012-10-31] (Qualcomm Atheros Commnucations)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 ConvertFilesforFreeUpdt; C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFreeUpdt.exe [252928 2014-04-07] ()
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1591176 2012-11-30] (Samsung Electronics CO., LTD.)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [90992 2012-10-08] (ELAN Microelectronics Corp.)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-14] (Symantec Corporation)
R2 SWUpdateService; C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe [2883120 2013-01-24] (Samsung Electronics CO., LTD.)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-10-31] (Atheros)

==================== Drivers (Whitelisted) ====================

R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-10-31] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [352456 2012-08-05] (EldoS Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-24] (CyberLink)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-09] (Corel Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-17 20:29 - 2014-05-17 20:29 - 00000000 ___RD () C:\Users\abruzzeseredbklyn706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-05-16 21:29 - 2014-05-16 21:29 - 00023839 _____ () C:\Users\abruzzeseredbklyn706\Desktop\Addition.txt
2014-05-16 21:28 - 2014-05-17 20:34 - 00012764 _____ () C:\Users\abruzzeseredbklyn706\Desktop\FRST.txt
2014-05-16 21:28 - 2014-05-17 20:34 - 00000000 ____D () C:\FRST
2014-05-16 21:27 - 2014-05-16 21:27 - 02067456 _____ (Farbar) C:\Users\abruzzeseredbklyn706\Desktop\FRST64.exe
2014-05-16 21:25 - 2014-05-16 21:26 - 01056768 _____ (Farbar) C:\Users\abruzzeseredbklyn706\Desktop\FRST.exe
2014-05-16 21:07 - 2014-05-05 22:14 - 19274752 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-05-16 21:07 - 2014-05-05 22:14 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-05-16 21:07 - 2014-05-05 20:48 - 14367232 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-05-16 21:07 - 2014-05-05 20:48 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-05-16 21:07 - 2014-05-05 20:37 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-05-16 21:07 - 2014-05-05 20:26 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-05-16 21:03 - 2014-03-28 01:23 - 19759104 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-05-16 21:03 - 2014-03-27 23:18 - 17562112 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-05-16 21:02 - 2014-04-12 02:27 - 00172888 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-05-16 21:02 - 2014-04-12 02:10 - 00578048 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2014-05-16 21:02 - 2014-04-12 02:09 - 01043968 _____ (Microsoft Corporation) C:\windows\system32\usercpl.dll
2014-05-16 21:02 - 2014-04-12 02:09 - 00588288 _____ (Microsoft Corporation) C:\windows\system32\SHCore.dll
2014-05-16 21:02 - 2014-04-12 02:09 - 00208896 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-05-16 21:02 - 2014-04-12 02:09 - 00094720 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-05-16 21:02 - 2014-04-12 02:08 - 01281536 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-05-16 21:02 - 2014-04-12 02:08 - 00827904 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-05-16 21:02 - 2014-04-12 02:08 - 00439808 _____ (Microsoft Corporation) C:\windows\system32\lsm.dll
2014-05-16 21:02 - 2014-04-12 02:08 - 00318464 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-05-16 21:02 - 2014-04-12 02:07 - 00020480 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-05-16 21:02 - 2014-04-12 00:23 - 00961536 _____ (Microsoft Corporation) C:\windows\SysWOW64\usercpl.dll
2014-05-16 21:02 - 2014-04-12 00:23 - 00452608 _____ (Microsoft Corporation) C:\windows\SysWOW64\SHCore.dll
2014-05-16 21:02 - 2014-04-12 00:23 - 00273920 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-05-16 21:02 - 2014-04-12 00:23 - 00178688 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-05-16 21:02 - 2014-04-12 00:23 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-05-16 21:02 - 2014-04-12 00:22 - 00666624 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-05-16 21:02 - 2014-04-12 00:22 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-05-16 21:02 - 2014-04-11 23:58 - 00014848 _____ (Microsoft Corporation) C:\windows\system32\workerdd.dll
2014-05-16 21:02 - 2014-03-28 12:19 - 00035856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdBoot.sys
2014-05-16 21:02 - 2014-03-23 15:11 - 00269592 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdFilter.sys
2014-05-16 21:02 - 2014-03-10 20:32 - 06987096 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2014-05-16 21:02 - 2014-03-10 20:25 - 00100184 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2014-05-16 21:02 - 2014-03-10 17:41 - 00559104 _____ (Microsoft Corporation) C:\windows\SysWOW64\objsel.dll
2014-05-16 21:02 - 2014-03-10 17:41 - 00323072 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-05-16 21:02 - 2014-03-10 17:41 - 00038400 _____ (Microsoft Corporation) C:\windows\SysWOW64\dimsroam.dll
2014-05-16 21:02 - 2014-03-10 17:39 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2014-05-16 21:02 - 2014-03-10 17:38 - 00982016 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2014-05-16 21:02 - 2014-03-10 17:38 - 00684032 _____ (Microsoft Corporation) C:\windows\system32\objsel.dll
2014-05-16 21:02 - 2014-03-10 17:38 - 00419328 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-05-16 21:02 - 2014-03-10 17:38 - 00179712 _____ (Microsoft Corporation) C:\windows\system32\dpapisrv.dll
2014-05-16 21:02 - 2014-03-10 17:38 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2014-05-16 21:02 - 2014-03-10 17:38 - 00045056 _____ (Microsoft Corporation) C:\windows\system32\dimsroam.dll
2014-05-16 21:02 - 2014-03-10 17:38 - 00027648 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2014-05-16 21:02 - 2014-03-09 20:05 - 00668160 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2014-05-16 21:02 - 2014-03-09 18:27 - 00099840 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-05-16 21:02 - 2014-03-03 16:07 - 00570216 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2014-05-16 21:00 - 2014-03-28 01:23 - 01287168 _____ (Microsoft Corporation) C:\windows\system32\schedsvc.dll
2014-05-16 20:59 - 2014-05-16 20:59 - 00119000 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-16 20:59 - 2014-05-16 20:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-16 20:55 - 2014-05-16 20:55 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-05-16 20:55 - 2014-03-01 02:47 - 01258496 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2014-05-16 20:55 - 2014-03-01 02:47 - 01120768 _____ (Microsoft Corporation) C:\windows\system32\gpedit.dll
2014-05-16 20:55 - 2014-03-01 01:07 - 01075200 _____ (Microsoft Corporation) C:\windows\SysWOW64\gpedit.dll
2014-05-16 20:55 - 2014-02-28 23:59 - 00974848 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2014-05-16 20:55 - 2014-02-26 16:18 - 00621568 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys
2014-05-16 20:55 - 2014-02-26 16:18 - 00370688 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2014-05-16 20:55 - 2014-02-26 16:18 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys
2014-05-16 20:55 - 2014-02-26 16:18 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2014-05-16 20:55 - 2014-02-14 21:15 - 00078336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\IPMIDrv.sys
2014-05-16 20:54 - 2014-05-16 21:11 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\Desktop\mbar
2014-05-16 20:50 - 2014-05-16 20:52 - 12589848 _____ (Malwarebytes Corp.) C:\Users\abruzzeseredbklyn706\Desktop\mbar-1.07.0.1009.exe
2014-05-16 20:49 - 2014-05-16 20:49 - 00000998 _____ () C:\Users\abruzzeseredbklyn706\Desktop\checkup.txt
2014-05-16 20:46 - 2014-05-16 20:46 - 00854367 _____ () C:\Users\abruzzeseredbklyn706\Desktop\SecurityCheck.exe
2014-05-11 11:49 - 2014-05-11 11:49 - 00000429 _____ () C:\Users\abruzzeseredbklyn706\Desktop\aswMBR.txt
2014-05-11 11:48 - 2014-05-11 11:48 - 04745728 _____ (AVAST Software) C:\Users\abruzzeseredbklyn706\Desktop\aswMBR.exe
2014-05-11 11:08 - 2014-05-11 11:08 - 00001915 _____ () C:\Users\abruzzeseredbklyn706\Desktop\attach.zip
2014-05-11 10:05 - 2014-05-11 11:09 - 00016496 _____ () C:\Users\abruzzeseredbklyn706\Desktop\dds.txt
2014-05-11 10:05 - 2014-05-11 11:09 - 00005830 _____ () C:\Users\abruzzeseredbklyn706\Desktop\attach.txt
2014-05-11 09:59 - 2014-05-11 09:59 - 00688992 ____R (Swearware) C:\Users\abruzzeseredbklyn706\Desktop\dds.scr
2014-05-06 15:03 - 2014-04-19 02:39 - 00628024 _____ (Microsoft Corporation) C:\windows\system32\NotificationUI.exe
2014-05-06 15:03 - 2014-04-19 01:45 - 00693760 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll
2014-05-06 15:03 - 2014-04-19 01:45 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-06 15:03 - 2014-04-18 23:57 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll
2014-05-06 15:03 - 2014-04-18 23:57 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-03 14:43 - 2014-05-03 14:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HiDefMedia
2014-05-03 14:42 - 2014-05-03 14:42 - 00000000 ____D () C:\Program Files (x86)\HiDefMedia
2014-05-03 14:41 - 2014-05-03 14:41 - 00000002 _____ () C:\END
2014-05-03 14:41 - 2014-05-03 14:41 - 00000000 ____D () C:\Program Files (x86)\File Type Helper
2014-05-03 14:41 - 2014-05-03 14:41 - 00000000 ____D () C:\Program Files (x86)\Convert Files for Free

==================== One Month Modified Files and Folders =======

2014-05-17 20:34 - 2014-05-16 21:28 - 00012764 _____ () C:\Users\abruzzeseredbklyn706\Desktop\FRST.txt
2014-05-17 20:34 - 2014-05-16 21:28 - 00000000 ____D () C:\FRST
2014-05-17 20:33 - 2013-09-26 22:39 - 00003592 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2700142147-97012374-720385256-1001
2014-05-17 20:32 - 2014-01-22 11:45 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts
2014-05-17 20:32 - 2013-02-28 00:35 - 00000000 ____D () C:\ProgramData\WinClon
2014-05-17 20:29 - 2014-05-17 20:29 - 00000000 ___RD () C:\Users\abruzzeseredbklyn706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-05-17 20:28 - 2013-09-26 22:33 - 00000000 ___RD () C:\Users\abruzzeseredbklyn706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-17 20:28 - 2013-09-26 22:33 - 00000000 ___RD () C:\Users\abruzzeseredbklyn706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-17 20:27 - 2013-02-27 23:23 - 02077651 _____ () C:\windows\WindowsUpdate.log
2014-05-17 20:26 - 2012-08-05 14:07 - 00459830 _____ () C:\windows\PFRO.log
2014-05-17 20:26 - 2012-07-26 00:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-05-17 20:26 - 2012-07-25 22:26 - 00262144 ___SH () C:\windows\system32\config\BBI
2014-05-17 20:25 - 2012-07-26 01:12 - 00000000 ___RD () C:\windows\ToastData
2014-05-17 20:25 - 2012-07-26 01:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-17 20:25 - 2012-07-26 01:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-17 20:25 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\system32\SecureBootUpdates
2014-05-17 20:25 - 2012-07-26 01:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-05-17 20:25 - 2012-07-26 01:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-05-17 20:23 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-05-17 20:22 - 2013-10-08 17:33 - 93223848 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-05-17 20:22 - 2013-10-08 17:33 - 00000000 ____D () C:\windows\system32\MRT
2014-05-17 20:19 - 2013-02-28 00:47 - 00000000 ____D () C:\Users\EasySurvey
2014-05-17 20:06 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\system32\sru
2014-05-16 21:29 - 2014-05-16 21:29 - 00023839 _____ () C:\Users\abruzzeseredbklyn706\Desktop\Addition.txt
2014-05-16 21:27 - 2014-05-16 21:27 - 02067456 _____ (Farbar) C:\Users\abruzzeseredbklyn706\Desktop\FRST64.exe
2014-05-16 21:26 - 2014-05-16 21:25 - 01056768 _____ (Farbar) C:\Users\abruzzeseredbklyn706\Desktop\FRST.exe
2014-05-16 21:11 - 2014-05-16 20:54 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\Desktop\mbar
2014-05-16 20:59 - 2014-05-16 20:59 - 00119000 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-16 20:59 - 2014-05-16 20:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-16 20:55 - 2014-05-16 20:55 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-05-16 20:52 - 2014-05-16 20:50 - 12589848 _____ (Malwarebytes Corp.) C:\Users\abruzzeseredbklyn706\Desktop\mbar-1.07.0.1009.exe
2014-05-16 20:49 - 2014-05-16 20:49 - 00000998 _____ () C:\Users\abruzzeseredbklyn706\Desktop\checkup.txt
2014-05-16 20:46 - 2014-05-16 20:46 - 00854367 _____ () C:\Users\abruzzeseredbklyn706\Desktop\SecurityCheck.exe
2014-05-11 11:49 - 2014-05-11 11:49 - 00000429 _____ () C:\Users\abruzzeseredbklyn706\Desktop\aswMBR.txt
2014-05-11 11:48 - 2014-05-11 11:48 - 04745728 _____ (AVAST Software) C:\Users\abruzzeseredbklyn706\Desktop\aswMBR.exe
2014-05-11 11:09 - 2014-05-11 10:05 - 00016496 _____ () C:\Users\abruzzeseredbklyn706\Desktop\dds.txt
2014-05-11 11:09 - 2014-05-11 10:05 - 00005830 _____ () C:\Users\abruzzeseredbklyn706\Desktop\attach.txt
2014-05-11 11:08 - 2014-05-11 11:08 - 00001915 _____ () C:\Users\abruzzeseredbklyn706\Desktop\attach.zip
2014-05-11 11:05 - 2013-12-29 12:08 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\AppData\Local\CrashDumps
2014-05-11 10:45 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\rescache
2014-05-11 09:59 - 2014-05-11 09:59 - 00688992 ____R (Swearware) C:\Users\abruzzeseredbklyn706\Desktop\dds.scr
2014-05-08 09:08 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\WinStore
2014-05-05 22:14 - 2014-05-16 21:07 - 19274752 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-05-05 22:14 - 2014-05-16 21:07 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-05-05 20:48 - 2014-05-16 21:07 - 14367232 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-05-05 20:48 - 2014-05-16 21:07 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-05-05 20:37 - 2014-05-16 21:07 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-05-05 20:26 - 2014-05-16 21:07 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-05-03 14:43 - 2014-05-03 14:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HiDefMedia
2014-05-03 14:42 - 2014-05-03 14:42 - 00000000 ____D () C:\Program Files (x86)\HiDefMedia
2014-05-03 14:41 - 2014-05-03 14:41 - 00000002 _____ () C:\END
2014-05-03 14:41 - 2014-05-03 14:41 - 00000000 ____D () C:\Program Files (x86)\File Type Helper
2014-05-03 14:41 - 2014-05-03 14:41 - 00000000 ____D () C:\Program Files (x86)\Convert Files for Free
2014-05-01 13:37 - 2013-10-28 15:08 - 00694240 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-05-01 13:37 - 2013-10-28 15:08 - 00078296 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-19 02:39 - 2014-05-06 15:03 - 00628024 _____ (Microsoft Corporation) C:\windows\system32\NotificationUI.exe
2014-04-19 01:45 - 2014-05-06 15:03 - 00693760 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll
2014-04-19 01:45 - 2014-05-06 15:03 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-18 23:57 - 2014-05-06 15:03 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll
2014-04-18 23:57 - 2014-05-06 15:03 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-04-18 12:09 - 2013-12-29 11:42 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-04-17 13:26 - 2012-07-25 22:26 - 00262144 ___SH () C:\windows\system32\config\ELAM

Some content of TEMP:
====================
C:\Users\abruzzeseredbklyn706\AppData\Local\Temp\nsb97EF.exe
C:\Users\abruzzeseredbklyn706\AppData\Local\Temp\SPSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe
[2014-05-16 21:02] - [2014-04-12 02:10] - 0578048 ____A (Microsoft Corporation) 75DD70A14145499C9F7D903CF9A8C91B

C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-11 09:39

==================== End Of Log ============================

Hi Red Prince,

Glad to hear we are making progress. Let's continue . . .

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye2_zpse2245433.png.html) Disable Plug-ins in Google Chrome


Click the Chrome menu http://i1269.photobucket.com/albums/jj590/OCD-WTT/chromebrowsertoolbar.png on the browser toolbar.
Select Settings.
Scroll down to Show advanced settings...
Locate the Privacy Section, select Content Settings
In the pop up window scoll to Plug-Ins, select Disable individual plug-ins...
Locate the following plug-ins and set them to Disable:

downloadcypher.com

Exit Chrome settings menu.

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye2_zpse2245433.png.html) Disable FireFox plug-in


At the top of the Firefox window, click on the Firefox button (Tools menu in Windows XP), and then click Add-ons. The Add-ons Manager tab will open.
In the Add-ons Manager tab, select the Extensions or Appearance panel.
Select the add-on you wish to disable.

downloadcypher.com

Click the Disable button.
Click Restart now if it pops up. Your tabs will be saved and restored after the restart.

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye2_zpse2245433.png.html) Manage Add-Ons in Internet Explorer

Locate the http://i1269.photobucket.com/albums/jj590/OCD-WTT/ietoolsbutton.jpg (http://s1269.photobucket.com/user/OCD-WTT/media/ietoolsbutton.jpg.html) in the upper right hand corner of the Internet Explorer browser window.
Left click, then choose Manage add-ons > Toolbars and Extensions
Locate the following add-ons (if present)

downloadcypher.com

Select the add-on, and click the Disable button.
Do this for each entry present, then close

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) FRST Fix Script

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt



SearchScopes: HKCU - DefaultScope {CA263134-BB82-4DF6-B504-6BB870E632DA} URL =
SearchScopes: HKCU - {CA263134-BB82-4DF6-B504-6BB870E632DA} URL =


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) AdwCleaner v3: Scan & Clean (http://www.bleepingcomputer.com/download/adwcleaner/)

Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

Click on the Scan button.
AdwCleaner will begin to scan your computer like it did before.
After the scan has finished...
Click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a log file report (AdwCleaner[S0].txt) will open automatically.
Copy and paste the contents of that log file in your next reply.
A copy of that log file will also be saved in the C:\AdwCleaner folder.

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Reboot

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Re-run Farbar Recovery Scan Tool it should be on your desktop.


Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

=========================

In your next post please provide the following:

Fixlog.txt
AdwCleaner[S0].txt
Fresh FRST.txt
Update of symptoms experiencing

Hi OCD

sorry for a few days delay; working on my neighbor's computer, so timing isn't always easy......

regarding your last instructions:

1. I could not find google chrome on the toolbar, so couldn't do anything with that
2. I could not find firefox plug-in anywhere on toolbar, so didn't do anything with that either
3. could not find downloadcypher.com in the IE add-ons, so nothing done with that

All other instructions were followed and overall not much changes as far as pop-ups, but maybe these are normal pop-ups (java and Microsoft update recommendation)? Oh, and just got an eboom pop up as I type this with music blasting, so I guess still not cleaned.

see logs you requested below:

Adaware:


# AdwCleaner v3.210 - Report created 20/05/2014 at 21:15:47
# Updated 19/05/2014 by Xplode
# Operating System : Windows 8 (64 bits)
# Username : abruzzeseredbklyn706 - REDPRINCE
# Running from : C:\Users\abruzzeseredbklyn706\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HiDefMedia
Folder Deleted : C:\Program Files (x86)\File Type Helper
Folder Deleted : C:\Program Files (x86)\HiDefMedia
Folder Deleted : C:\windows\SysWOW64\SearchProtect
Folder Deleted : C:\Users\abruzzeseredbklyn706\AppData\Roaming\Activeris
Folder Deleted : C:\Users\abruzzeseredbklyn706\Documents\Optimizer Pro
File Deleted : C:\END

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ActiverisAntiMalware_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ActiverisAntiMalware_RASMANCS
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16537


*************************

AdwCleaner[R0].txt - [1542 octets] - [20/05/2014 21:14:22]
AdwCleaner[S0].txt - [1450 octets] - [20/05/2014 21:15:47]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1510 octets] ##########


FRST. TXT:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-05-2014
Ran by abruzzeseredbklyn706 (administrator) on REDPRINCE on 20-05-2014 21:21:50
Running from C:\Users\abruzzeseredbklyn706\Desktop
Platform: Windows 8 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
() C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFreeUpdt.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Weather Warnings LLC) C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\StormAlerts.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
() C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\StormAlertsApp.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Support Center\GuaranaAgent.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13263072 2012-12-12] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1260256 2013-01-04] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [766080 2012-10-31] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-10-31] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM\...\Run: [Bitcasa] => C:\Program Files\Bitcasa\Bitcasa.exe [4365824 2012-12-27] (Bitcasa, Inc)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2872176 2012-10-08] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2012-04-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-04-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-14] (Symantec Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2700142147-97012374-720385256-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-2700142147-97012374-720385256-1001\...\Run: [PC Driver Kit] => C:\Program Files (x86)\PC Driver Kit\PCDKLauncher.exe [201528 2013-10-07] (PC Health Labs)
Startup: C:\Users\abruzzeseredbklyn706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Storm Alerts.lnk
ShortcutTarget: Storm Alerts.lnk -> C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\StormAlerts.exe (Weather Warnings LLC)
Startup: C:\Users\abruzzeseredbklyn706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormAlerts.lnk
ShortcutTarget: StormAlerts.lnk -> C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\StormAlertsApp.exe ()
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung13.msn.com
SearchScopes: HKLM - DefaultScope {CA263134-BB82-4DF6-B504-6BB870E632DA} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM - {CA263134-BB82-4DF6-B504-6BB870E632DA} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM-x32 - {CA263134-BB82-4DF6-B504-6BB870E632DA} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKCU - DefaultScope {CA263134-BB82-4DF6-B504-6BB870E632DA} URL =
SearchScopes: HKCU - {CA263134-BB82-4DF6-B504-6BB870E632DA} URL =
BHO: ConvertFilesforFree - {59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB} - C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFree_x64.dll (Convert Files for Free)
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: ConvertFilesforFree - {59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB} - C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFree.dll (Convert Files for Free)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

==================== Services (Whitelisted) =================

R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [172104 2013-01-26] (Adobe Systems Incorporated)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [231040 2012-10-31] (Qualcomm Atheros Commnucations)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 ConvertFilesforFreeUpdt; C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFreeUpdt.exe [252928 2014-04-07] ()
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1591176 2012-11-30] (Samsung Electronics CO., LTD.)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [90992 2012-10-08] (ELAN Microelectronics Corp.)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-14] (Symantec Corporation)
R2 SWUpdateService; C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe [2883120 2013-01-24] (Samsung Electronics CO., LTD.)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-10-31] (Atheros)

==================== Drivers (Whitelisted) ====================

R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-10-31] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [352456 2012-08-05] (EldoS Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-24] (CyberLink)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-09] (Corel Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-20 21:17 - 2014-05-20 21:17 - 00000000 ___RD () C:\Users\abruzzeseredbklyn706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-05-20 21:14 - 2014-05-20 21:15 - 00000000 ____D () C:\AdwCleaner
2014-05-20 21:13 - 2014-05-20 21:13 - 01326389 _____ () C:\Users\abruzzeseredbklyn706\Desktop\AdwCleaner.exe
2014-05-16 21:29 - 2014-05-16 21:29 - 00023839 _____ () C:\Users\abruzzeseredbklyn706\Desktop\Addition.txt
2014-05-16 21:28 - 2014-05-20 21:21 - 00012455 _____ () C:\Users\abruzzeseredbklyn706\Desktop\FRST.txt
2014-05-16 21:28 - 2014-05-20 21:21 - 00000000 ____D () C:\FRST
2014-05-16 21:27 - 2014-05-16 21:27 - 02067456 _____ (Farbar) C:\Users\abruzzeseredbklyn706\Desktop\FRST64.exe
2014-05-16 21:25 - 2014-05-16 21:26 - 01056768 _____ (Farbar) C:\Users\abruzzeseredbklyn706\Desktop\FRST.exe
2014-05-16 21:07 - 2014-05-05 22:14 - 19274752 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-05-16 21:07 - 2014-05-05 22:14 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-05-16 21:07 - 2014-05-05 20:48 - 14367232 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-05-16 21:07 - 2014-05-05 20:48 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-05-16 21:07 - 2014-05-05 20:37 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-05-16 21:07 - 2014-05-05 20:26 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-05-16 21:03 - 2014-03-28 01:23 - 19759104 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-05-16 21:03 - 2014-03-27 23:18 - 17562112 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-05-16 21:02 - 2014-04-12 02:27 - 00172888 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-05-16 21:02 - 2014-04-12 02:10 - 00578048 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2014-05-16 21:02 - 2014-04-12 02:09 - 01043968 _____ (Microsoft Corporation) C:\windows\system32\usercpl.dll
2014-05-16 21:02 - 2014-04-12 02:09 - 00588288 _____ (Microsoft Corporation) C:\windows\system32\SHCore.dll
2014-05-16 21:02 - 2014-04-12 02:09 - 00208896 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-05-16 21:02 - 2014-04-12 02:09 - 00094720 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-05-16 21:02 - 2014-04-12 02:08 - 01281536 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-05-16 21:02 - 2014-04-12 02:08 - 00827904 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-05-16 21:02 - 2014-04-12 02:08 - 00439808 _____ (Microsoft Corporation) C:\windows\system32\lsm.dll
2014-05-16 21:02 - 2014-04-12 02:08 - 00318464 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-05-16 21:02 - 2014-04-12 02:07 - 00020480 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-05-16 21:02 - 2014-04-12 00:23 - 00961536 _____ (Microsoft Corporation) C:\windows\SysWOW64\usercpl.dll
2014-05-16 21:02 - 2014-04-12 00:23 - 00452608 _____ (Microsoft Corporation) C:\windows\SysWOW64\SHCore.dll
2014-05-16 21:02 - 2014-04-12 00:23 - 00273920 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-05-16 21:02 - 2014-04-12 00:23 - 00178688 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-05-16 21:02 - 2014-04-12 00:23 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-05-16 21:02 - 2014-04-12 00:22 - 00666624 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-05-16 21:02 - 2014-04-12 00:22 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-05-16 21:02 - 2014-04-11 23:58 - 00014848 _____ (Microsoft Corporation) C:\windows\system32\workerdd.dll
2014-05-16 21:02 - 2014-03-28 12:19 - 00035856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdBoot.sys
2014-05-16 21:02 - 2014-03-23 15:11 - 00269592 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdFilter.sys
2014-05-16 21:02 - 2014-03-10 20:32 - 06987096 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2014-05-16 21:02 - 2014-03-10 20:25 - 00100184 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2014-05-16 21:02 - 2014-03-10 17:41 - 00559104 _____ (Microsoft Corporation) C:\windows\SysWOW64\objsel.dll
2014-05-16 21:02 - 2014-03-10 17:41 - 00323072 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-05-16 21:02 - 2014-03-10 17:41 - 00038400 _____ (Microsoft Corporation) C:\windows\SysWOW64\dimsroam.dll
2014-05-16 21:02 - 2014-03-10 17:39 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2014-05-16 21:02 - 2014-03-10 17:38 - 00982016 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2014-05-16 21:02 - 2014-03-10 17:38 - 00684032 _____ (Microsoft Corporation) C:\windows\system32\objsel.dll
2014-05-16 21:02 - 2014-03-10 17:38 - 00419328 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-05-16 21:02 - 2014-03-10 17:38 - 00179712 _____ (Microsoft Corporation) C:\windows\system32\dpapisrv.dll
2014-05-16 21:02 - 2014-03-10 17:38 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2014-05-16 21:02 - 2014-03-10 17:38 - 00045056 _____ (Microsoft Corporation) C:\windows\system32\dimsroam.dll
2014-05-16 21:02 - 2014-03-10 17:38 - 00027648 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2014-05-16 21:02 - 2014-03-09 20:05 - 00668160 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2014-05-16 21:02 - 2014-03-09 18:27 - 00099840 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-05-16 21:02 - 2014-03-03 16:07 - 00570216 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2014-05-16 21:00 - 2014-03-28 01:23 - 01287168 _____ (Microsoft Corporation) C:\windows\system32\schedsvc.dll
2014-05-16 20:59 - 2014-05-16 20:59 - 00119000 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-16 20:59 - 2014-05-16 20:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-16 20:55 - 2014-05-16 20:55 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-05-16 20:55 - 2014-03-01 02:47 - 01258496 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2014-05-16 20:55 - 2014-03-01 02:47 - 01120768 _____ (Microsoft Corporation) C:\windows\system32\gpedit.dll
2014-05-16 20:55 - 2014-03-01 01:07 - 01075200 _____ (Microsoft Corporation) C:\windows\SysWOW64\gpedit.dll
2014-05-16 20:55 - 2014-02-28 23:59 - 00974848 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2014-05-16 20:55 - 2014-02-26 16:18 - 00621568 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys
2014-05-16 20:55 - 2014-02-26 16:18 - 00370688 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2014-05-16 20:55 - 2014-02-26 16:18 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys
2014-05-16 20:55 - 2014-02-26 16:18 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2014-05-16 20:55 - 2014-02-14 21:15 - 00078336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\IPMIDrv.sys
2014-05-16 20:54 - 2014-05-16 21:11 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\Desktop\mbar
2014-05-16 20:50 - 2014-05-16 20:52 - 12589848 _____ (Malwarebytes Corp.) C:\Users\abruzzeseredbklyn706\Desktop\mbar-1.07.0.1009.exe
2014-05-16 20:49 - 2014-05-16 20:49 - 00000998 _____ () C:\Users\abruzzeseredbklyn706\Desktop\checkup.txt
2014-05-16 20:46 - 2014-05-16 20:46 - 00854367 _____ () C:\Users\abruzzeseredbklyn706\Desktop\SecurityCheck.exe
2014-05-11 11:49 - 2014-05-11 11:49 - 00000429 _____ () C:\Users\abruzzeseredbklyn706\Desktop\aswMBR.txt
2014-05-11 11:48 - 2014-05-11 11:48 - 04745728 _____ (AVAST Software) C:\Users\abruzzeseredbklyn706\Desktop\aswMBR.exe
2014-05-11 11:08 - 2014-05-11 11:08 - 00001915 _____ () C:\Users\abruzzeseredbklyn706\Desktop\attach.zip
2014-05-11 10:05 - 2014-05-11 11:09 - 00016496 _____ () C:\Users\abruzzeseredbklyn706\Desktop\dds.txt
2014-05-11 10:05 - 2014-05-11 11:09 - 00005830 _____ () C:\Users\abruzzeseredbklyn706\Desktop\attach.txt
2014-05-11 09:59 - 2014-05-11 09:59 - 00688992 ____R (Swearware) C:\Users\abruzzeseredbklyn706\Desktop\dds.scr
2014-05-06 15:03 - 2014-04-19 02:39 - 00628024 _____ (Microsoft Corporation) C:\windows\system32\NotificationUI.exe
2014-05-06 15:03 - 2014-04-19 01:45 - 00693760 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll
2014-05-06 15:03 - 2014-04-19 01:45 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-06 15:03 - 2014-04-18 23:57 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll
2014-05-06 15:03 - 2014-04-18 23:57 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-03 14:41 - 2014-05-03 14:41 - 00000000 ____D () C:\Program Files (x86)\Convert Files for Free

==================== One Month Modified Files and Folders =======

2014-05-20 21:22 - 2014-05-16 21:28 - 00012455 _____ () C:\Users\abruzzeseredbklyn706\Desktop\FRST.txt
2014-05-20 21:21 - 2014-05-16 21:28 - 00000000 ____D () C:\FRST
2014-05-20 21:20 - 2013-02-28 00:35 - 00000000 ____D () C:\ProgramData\WinClon
2014-05-20 21:19 - 2014-01-22 11:45 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts
2014-05-20 21:17 - 2014-05-20 21:17 - 00000000 ___RD () C:\Users\abruzzeseredbklyn706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-05-20 21:17 - 2013-12-29 11:42 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\AppData\Roaming\Skype
2014-05-20 21:17 - 2013-02-27 23:23 - 01108489 _____ () C:\windows\WindowsUpdate.log
2014-05-20 21:16 - 2012-08-05 14:07 - 00460144 _____ () C:\windows\PFRO.log
2014-05-20 21:16 - 2012-07-26 00:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-05-20 21:16 - 2012-07-25 22:26 - 00262144 ___SH () C:\windows\system32\config\BBI
2014-05-20 21:15 - 2014-05-20 21:14 - 00000000 ____D () C:\AdwCleaner
2014-05-20 21:13 - 2014-05-20 21:13 - 01326389 _____ () C:\Users\abruzzeseredbklyn706\Desktop\AdwCleaner.exe
2014-05-20 21:11 - 2013-09-26 22:39 - 00003592 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2700142147-97012374-720385256-1001
2014-05-20 21:00 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\system32\sru
2014-05-17 20:28 - 2013-09-26 22:33 - 00000000 ___RD () C:\Users\abruzzeseredbklyn706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-17 20:28 - 2013-09-26 22:33 - 00000000 ___RD () C:\Users\abruzzeseredbklyn706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-17 20:25 - 2012-07-26 01:12 - 00000000 ___RD () C:\windows\ToastData
2014-05-17 20:25 - 2012-07-26 01:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-17 20:25 - 2012-07-26 01:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-17 20:25 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\system32\SecureBootUpdates
2014-05-17 20:25 - 2012-07-26 01:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-05-17 20:25 - 2012-07-26 01:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-05-17 20:23 - 2013-10-08 17:33 - 00000000 ____D () C:\windows\system32\MRT
2014-05-17 20:23 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-05-17 20:22 - 2013-10-08 17:33 - 93223848 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-05-17 20:19 - 2013-02-28 00:47 - 00000000 ____D () C:\Users\EasySurvey
2014-05-16 21:29 - 2014-05-16 21:29 - 00023839 _____ () C:\Users\abruzzeseredbklyn706\Desktop\Addition.txt
2014-05-16 21:27 - 2014-05-16 21:27 - 02067456 _____ (Farbar) C:\Users\abruzzeseredbklyn706\Desktop\FRST64.exe
2014-05-16 21:26 - 2014-05-16 21:25 - 01056768 _____ (Farbar) C:\Users\abruzzeseredbklyn706\Desktop\FRST.exe
2014-05-16 21:11 - 2014-05-16 20:54 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\Desktop\mbar
2014-05-16 20:59 - 2014-05-16 20:59 - 00119000 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-16 20:59 - 2014-05-16 20:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-16 20:55 - 2014-05-16 20:55 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-05-16 20:52 - 2014-05-16 20:50 - 12589848 _____ (Malwarebytes Corp.) C:\Users\abruzzeseredbklyn706\Desktop\mbar-1.07.0.1009.exe
2014-05-16 20:49 - 2014-05-16 20:49 - 00000998 _____ () C:\Users\abruzzeseredbklyn706\Desktop\checkup.txt
2014-05-16 20:46 - 2014-05-16 20:46 - 00854367 _____ () C:\Users\abruzzeseredbklyn706\Desktop\SecurityCheck.exe
2014-05-11 11:49 - 2014-05-11 11:49 - 00000429 _____ () C:\Users\abruzzeseredbklyn706\Desktop\aswMBR.txt
2014-05-11 11:48 - 2014-05-11 11:48 - 04745728 _____ (AVAST Software) C:\Users\abruzzeseredbklyn706\Desktop\aswMBR.exe
2014-05-11 11:09 - 2014-05-11 10:05 - 00016496 _____ () C:\Users\abruzzeseredbklyn706\Desktop\dds.txt
2014-05-11 11:09 - 2014-05-11 10:05 - 00005830 _____ () C:\Users\abruzzeseredbklyn706\Desktop\attach.txt
2014-05-11 11:08 - 2014-05-11 11:08 - 00001915 _____ () C:\Users\abruzzeseredbklyn706\Desktop\attach.zip
2014-05-11 11:05 - 2013-12-29 12:08 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\AppData\Local\CrashDumps
2014-05-11 10:45 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\rescache
2014-05-11 09:59 - 2014-05-11 09:59 - 00688992 ____R (Swearware) C:\Users\abruzzeseredbklyn706\Desktop\dds.scr
2014-05-08 09:08 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\WinStore
2014-05-05 22:14 - 2014-05-16 21:07 - 19274752 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-05-05 22:14 - 2014-05-16 21:07 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-05-05 20:48 - 2014-05-16 21:07 - 14367232 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-05-05 20:48 - 2014-05-16 21:07 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-05-05 20:37 - 2014-05-16 21:07 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-05-05 20:26 - 2014-05-16 21:07 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-05-03 14:41 - 2014-05-03 14:41 - 00000000 ____D () C:\Program Files (x86)\Convert Files for Free
2014-05-01 13:37 - 2013-10-28 15:08 - 00694240 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-05-01 13:37 - 2013-10-28 15:08 - 00078296 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl

Some content of TEMP:
====================
C:\Users\abruzzeseredbklyn706\AppData\Local\Temp\nsb97EF.exe
C:\Users\abruzzeseredbklyn706\AppData\Local\Temp\Quarantine.exe
C:\Users\abruzzeseredbklyn706\AppData\Local\Temp\SPSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe
[2014-05-16 21:02] - [2014-04-12 02:10] - 0578048 ____A (Microsoft Corporation) 75DD70A14145499C9F7D903CF9A8C91B

C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-11 09:39

==================== End Of Log ============================


FIX LOG:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-05-2014
Ran by abruzzeseredbklyn706 at 2014-05-20 21:11:09 Run:2
Running from C:\Users\abruzzeseredbklyn706\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
SearchScopes: HKCU - DefaultScope {CA263134-BB82-4DF6-B504-6BB870E632DA} URL =
SearchScopes: HKCU - {CA263134-BB82-4DF6-B504-6BB870E632DA} URL =
*****************

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CA263134-BB82-4DF6-B504-6BB870E632DA} => Key deleted successfully.
HKCR\CLSID\{CA263134-BB82-4DF6-B504-6BB870E632DA} => Key not found.

==== End of Fixlog ====

Hi Red Prince,


sorry for a few days delay; working on my neighbor's computer, so timing isn't always easy......
Thanks for the reminder. I will allow extra time between replies to compensate for this.


as far as pop-ups, but maybe these are normal pop-ups (java and Microsoft update recommendation)
Yes, these are most likely normal updates. But Java is not showing as being installed, so I'm a bit unsure why you are getting pop-ups to update.

The Windows update will probably include and update from Windows 8 to 8.1. If your neighbor does not want to update to 8.1 then you can ignore this update notice. With that being said, you should always have the latest updates available for your operating system to help patch any issues that may have been corrected since the last update.


eboom pop up as I type this with music blasting
Please explain what you mean by an eboom pop-up.
Also does the pop up indicate any information as to what program might be causing it?
Is there any information in the header of the pop-up window?

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) FRST Fix Script

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt



() C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFreeUpdt.exe
BHO: ConvertFilesforFree - {59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB} - C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFree_x64.dll (Convert Files for Free)
BHO-x32: ConvertFilesforFree - {59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB} - C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFree.dll (Convert Files for Free)
R2 ConvertFilesforFreeUpdt; C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFreeUpdt.exe [252928 2014-04-07] ()
2014-05-03 14:41 - 2014-05-03 14:41 - 00000000 ____D () C:\Program Files (x86)\Convert Files for Free


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Re- run AdwCleaner

It should be on your desktop

Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

Click on the Scan button.
AdwCleaner will begin to scan your computer like it did before.
After the scan has finished...
This time, click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a log file report (AdwCleaner[S0].txt) will open automatically.
Copy and paste the contents of that log file in your next reply.
A copy of that log file will also be saved in the C:\AdwCleaner folder.

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Junkware Removal Tool

Download Junkware Removal Tool (http://thisisudax.org/downloads/JRT.exe) to your desktop.

Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

Shut down your protection software now to avoid potential conflicts.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Re-run Farbar Recovery Scan Tool it should be on your desktop.


Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

=========================

In your next post please provide the following:

FRST fixlog.txt
AdwCleaner[S1].txt
JRT.txt
Fresh FRST.txt
Update on performance.

Hi OCD

A couple of notes:

1. I will be out of town until Sunday so I won't be able to help Red Prince until I return ( I am loopy by the way)

2. I've tried to do some "print screen" shots but I can't figure out why this computer won't paste the "print Screen" into the field. These new keyboards with the "Fn" button are confusing. The reason is that I want to show you some of the popups you were asking about. Regarding Eboom, I can't recall what it was, but it was an annoying pop up with music playing in the background. If I could figure out how to do "print screen" I could paste the image so you could see all the parameters you were asking about. Overall, it still seems as though there are some "popups" which is why I would like to be able to "print screen" them so you can see what they really amount to.

3. I assume this is normal, but when I run FRST sometimes, I get a "pending" notice, but I just assume it has completed it's task....it probably has, it just doesn't always look "finished".

4. I didn't know that you can upgrade your OS from 8.0 to 8.1 via online updates, I thought it was part of the "BIOS". I've heard that 8.0 is pretty bad...so if there is a way to make Red Prince's system more secure, i'm all for it.

Below are the logs you requested, and thank you so much for your patience and your help, I know Red Prince appreciates it (he is 80 years old) and I love him dearly as a neighbor and a friend.

Adaware log:

# AdwCleaner v3.210 - Report created 22/05/2014 at 20:43:06
# Updated 19/05/2014 by Xplode
# Operating System : Windows 8 (64 bits)
# Username : abruzzeseredbklyn706 - REDPRINCE
# Running from : C:\Users\abruzzeseredbklyn706\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****


***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16537


*************************

AdwCleaner[R0].txt - [1542 octets] - [20/05/2014 21:14:22]
AdwCleaner[R1].txt - [760 octets] - [22/05/2014 20:40:34]
AdwCleaner[R2].txt - [819 octets] - [22/05/2014 20:42:06]
AdwCleaner[S0].txt - [1590 octets] - [20/05/2014 21:15:47]
AdwCleaner[S1].txt - [741 octets] - [22/05/2014 20:43:06]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [800 octets] ##########


FRST log:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-05-2014
Ran by abruzzeseredbklyn706 (administrator) on REDPRINCE on 22-05-2014 20:54:55
Running from C:\Users\abruzzeseredbklyn706\Desktop
Platform: Windows 8 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Weather Warnings LLC) C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\StormAlerts.exe
() C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\StormAlertsApp.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
() C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\StormAlertsBrowser.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13263072 2012-12-12] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1260256 2013-01-04] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [766080 2012-10-31] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-10-31] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM\...\Run: [Bitcasa] => C:\Program Files\Bitcasa\Bitcasa.exe [4365824 2012-12-27] (Bitcasa, Inc)
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2872176 2012-10-08] (ELAN Microelectronics Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2012-04-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-04-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-14] (Symantec Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2700142147-97012374-720385256-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-2700142147-97012374-720385256-1001\...\Run: [PC Driver Kit] => C:\Program Files (x86)\PC Driver Kit\PCDKLauncher.exe [201528 2013-10-07] (PC Health Labs)
Startup: C:\Users\abruzzeseredbklyn706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Storm Alerts.lnk
ShortcutTarget: Storm Alerts.lnk -> C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\StormAlerts.exe (Weather Warnings LLC)
Startup: C:\Users\abruzzeseredbklyn706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\StormAlerts.lnk
ShortcutTarget: StormAlerts.lnk -> C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\StormAlertsApp.exe ()
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung13.msn.com
SearchScopes: HKLM - DefaultScope {CA263134-BB82-4DF6-B504-6BB870E632DA} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM - {CA263134-BB82-4DF6-B504-6BB870E632DA} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM-x32 - {CA263134-BB82-4DF6-B504-6BB870E632DA} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKCU - DefaultScope {CA263134-BB82-4DF6-B504-6BB870E632DA} URL =
SearchScopes: HKCU - {CA263134-BB82-4DF6-B504-6BB870E632DA} URL =
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

==================== Services (Whitelisted) =================

R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [172104 2013-01-26] (Adobe Systems Incorporated)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [231040 2012-10-31] (Qualcomm Atheros Commnucations)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1591176 2012-11-30] (Samsung Electronics CO., LTD.)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [90992 2012-10-08] (ELAN Microelectronics Corp.)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-14] (Symantec Corporation)
R2 SWUpdateService; C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe [2883120 2013-01-24] (Samsung Electronics CO., LTD.)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-10-31] (Atheros)

==================== Drivers (Whitelisted) ====================

R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-10-31] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [352456 2012-08-05] (EldoS Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-24] (CyberLink)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-09] (Corel Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-22 20:53 - 2014-05-22 20:53 - 00000701 _____ () C:\Users\abruzzeseredbklyn706\Desktop\JRT.txt
2014-05-22 20:48 - 2014-05-22 20:48 - 00000000 ____D () C:\windows\ERUNT
2014-05-22 20:47 - 2014-05-22 20:47 - 01016261 _____ (Thisisu) C:\Users\abruzzeseredbklyn706\Desktop\JRT.exe
2014-05-22 20:45 - 2014-05-22 20:45 - 00000000 ___RD () C:\Users\abruzzeseredbklyn706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-05-20 21:14 - 2014-05-22 20:43 - 00000000 ____D () C:\AdwCleaner
2014-05-20 21:13 - 2014-05-20 21:13 - 01326389 _____ () C:\Users\abruzzeseredbklyn706\Desktop\AdwCleaner.exe
2014-05-16 21:29 - 2014-05-16 21:29 - 00023839 _____ () C:\Users\abruzzeseredbklyn706\Desktop\Addition.txt
2014-05-16 21:28 - 2014-05-22 20:54 - 00011998 _____ () C:\Users\abruzzeseredbklyn706\Desktop\FRST.txt
2014-05-16 21:28 - 2014-05-22 20:54 - 00000000 ____D () C:\FRST
2014-05-16 21:27 - 2014-05-16 21:27 - 02067456 _____ (Farbar) C:\Users\abruzzeseredbklyn706\Desktop\FRST64.exe
2014-05-16 21:25 - 2014-05-16 21:26 - 01056768 _____ (Farbar) C:\Users\abruzzeseredbklyn706\Desktop\FRST.exe
2014-05-16 21:07 - 2014-05-05 22:14 - 19274752 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-05-16 21:07 - 2014-05-05 22:14 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-05-16 21:07 - 2014-05-05 20:48 - 14367232 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-05-16 21:07 - 2014-05-05 20:48 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-05-16 21:07 - 2014-05-05 20:37 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-05-16 21:07 - 2014-05-05 20:26 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-05-16 21:03 - 2014-03-28 01:23 - 19759104 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-05-16 21:03 - 2014-03-27 23:18 - 17562112 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-05-16 21:02 - 2014-04-12 02:27 - 00172888 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-05-16 21:02 - 2014-04-12 02:10 - 00578048 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2014-05-16 21:02 - 2014-04-12 02:09 - 01043968 _____ (Microsoft Corporation) C:\windows\system32\usercpl.dll
2014-05-16 21:02 - 2014-04-12 02:09 - 00588288 _____ (Microsoft Corporation) C:\windows\system32\SHCore.dll
2014-05-16 21:02 - 2014-04-12 02:09 - 00208896 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-05-16 21:02 - 2014-04-12 02:09 - 00094720 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-05-16 21:02 - 2014-04-12 02:08 - 01281536 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-05-16 21:02 - 2014-04-12 02:08 - 00827904 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-05-16 21:02 - 2014-04-12 02:08 - 00439808 _____ (Microsoft Corporation) C:\windows\system32\lsm.dll
2014-05-16 21:02 - 2014-04-12 02:08 - 00318464 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-05-16 21:02 - 2014-04-12 02:07 - 00020480 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-05-16 21:02 - 2014-04-12 00:23 - 00961536 _____ (Microsoft Corporation) C:\windows\SysWOW64\usercpl.dll
2014-05-16 21:02 - 2014-04-12 00:23 - 00452608 _____ (Microsoft Corporation) C:\windows\SysWOW64\SHCore.dll
2014-05-16 21:02 - 2014-04-12 00:23 - 00273920 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-05-16 21:02 - 2014-04-12 00:23 - 00178688 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-05-16 21:02 - 2014-04-12 00:23 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-05-16 21:02 - 2014-04-12 00:22 - 00666624 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-05-16 21:02 - 2014-04-12 00:22 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-05-16 21:02 - 2014-04-11 23:58 - 00014848 _____ (Microsoft Corporation) C:\windows\system32\workerdd.dll
2014-05-16 21:02 - 2014-03-28 12:19 - 00035856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdBoot.sys
2014-05-16 21:02 - 2014-03-23 15:11 - 00269592 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdFilter.sys
2014-05-16 21:02 - 2014-03-10 20:32 - 06987096 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2014-05-16 21:02 - 2014-03-10 20:25 - 00100184 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2014-05-16 21:02 - 2014-03-10 17:41 - 00559104 _____ (Microsoft Corporation) C:\windows\SysWOW64\objsel.dll
2014-05-16 21:02 - 2014-03-10 17:41 - 00323072 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-05-16 21:02 - 2014-03-10 17:41 - 00038400 _____ (Microsoft Corporation) C:\windows\SysWOW64\dimsroam.dll
2014-05-16 21:02 - 2014-03-10 17:39 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2014-05-16 21:02 - 2014-03-10 17:38 - 00982016 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2014-05-16 21:02 - 2014-03-10 17:38 - 00684032 _____ (Microsoft Corporation) C:\windows\system32\objsel.dll
2014-05-16 21:02 - 2014-03-10 17:38 - 00419328 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-05-16 21:02 - 2014-03-10 17:38 - 00179712 _____ (Microsoft Corporation) C:\windows\system32\dpapisrv.dll
2014-05-16 21:02 - 2014-03-10 17:38 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2014-05-16 21:02 - 2014-03-10 17:38 - 00045056 _____ (Microsoft Corporation) C:\windows\system32\dimsroam.dll
2014-05-16 21:02 - 2014-03-10 17:38 - 00027648 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2014-05-16 21:02 - 2014-03-09 20:05 - 00668160 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2014-05-16 21:02 - 2014-03-09 18:27 - 00099840 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-05-16 21:02 - 2014-03-03 16:07 - 00570216 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2014-05-16 21:00 - 2014-03-28 01:23 - 01287168 _____ (Microsoft Corporation) C:\windows\system32\schedsvc.dll
2014-05-16 20:59 - 2014-05-16 20:59 - 00119000 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-16 20:59 - 2014-05-16 20:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-16 20:55 - 2014-05-16 20:55 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-05-16 20:55 - 2014-03-01 02:47 - 01258496 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2014-05-16 20:55 - 2014-03-01 02:47 - 01120768 _____ (Microsoft Corporation) C:\windows\system32\gpedit.dll
2014-05-16 20:55 - 2014-03-01 01:07 - 01075200 _____ (Microsoft Corporation) C:\windows\SysWOW64\gpedit.dll
2014-05-16 20:55 - 2014-02-28 23:59 - 00974848 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2014-05-16 20:55 - 2014-02-26 16:18 - 00621568 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys
2014-05-16 20:55 - 2014-02-26 16:18 - 00370688 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2014-05-16 20:55 - 2014-02-26 16:18 - 00247808 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys
2014-05-16 20:55 - 2014-02-26 16:18 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2014-05-16 20:55 - 2014-02-14 21:15 - 00078336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\IPMIDrv.sys
2014-05-16 20:54 - 2014-05-16 21:11 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\Desktop\mbar
2014-05-16 20:50 - 2014-05-16 20:52 - 12589848 _____ (Malwarebytes Corp.) C:\Users\abruzzeseredbklyn706\Desktop\mbar-1.07.0.1009.exe
2014-05-16 20:49 - 2014-05-16 20:49 - 00000998 _____ () C:\Users\abruzzeseredbklyn706\Desktop\checkup.txt
2014-05-16 20:46 - 2014-05-16 20:46 - 00854367 _____ () C:\Users\abruzzeseredbklyn706\Desktop\SecurityCheck.exe
2014-05-11 11:49 - 2014-05-11 11:49 - 00000429 _____ () C:\Users\abruzzeseredbklyn706\Desktop\aswMBR.txt
2014-05-11 11:48 - 2014-05-11 11:48 - 04745728 _____ (AVAST Software) C:\Users\abruzzeseredbklyn706\Desktop\aswMBR.exe
2014-05-11 11:08 - 2014-05-11 11:08 - 00001915 _____ () C:\Users\abruzzeseredbklyn706\Desktop\attach.zip
2014-05-11 10:05 - 2014-05-11 11:09 - 00016496 _____ () C:\Users\abruzzeseredbklyn706\Desktop\dds.txt
2014-05-11 10:05 - 2014-05-11 11:09 - 00005830 _____ () C:\Users\abruzzeseredbklyn706\Desktop\attach.txt
2014-05-11 09:59 - 2014-05-11 09:59 - 00688992 ____R (Swearware) C:\Users\abruzzeseredbklyn706\Desktop\dds.scr
2014-05-06 15:03 - 2014-04-19 02:39 - 00628024 _____ (Microsoft Corporation) C:\windows\system32\NotificationUI.exe
2014-05-06 15:03 - 2014-04-19 01:45 - 00693760 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll
2014-05-06 15:03 - 2014-04-19 01:45 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-06 15:03 - 2014-04-18 23:57 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll
2014-05-06 15:03 - 2014-04-18 23:57 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll

==================== One Month Modified Files and Folders =======

2014-05-22 20:55 - 2014-05-16 21:28 - 00011998 _____ () C:\Users\abruzzeseredbklyn706\Desktop\FRST.txt
2014-05-22 20:54 - 2014-05-16 21:28 - 00000000 ____D () C:\FRST
2014-05-22 20:53 - 2014-05-22 20:53 - 00000701 _____ () C:\Users\abruzzeseredbklyn706\Desktop\JRT.txt
2014-05-22 20:48 - 2014-05-22 20:48 - 00000000 ____D () C:\windows\ERUNT
2014-05-22 20:47 - 2014-05-22 20:47 - 01016261 _____ (Thisisu) C:\Users\abruzzeseredbklyn706\Desktop\JRT.exe
2014-05-22 20:47 - 2013-02-28 00:35 - 00000000 ____D () C:\ProgramData\WinClon
2014-05-22 20:47 - 2013-02-27 23:23 - 01182850 _____ () C:\windows\WindowsUpdate.log
2014-05-22 20:46 - 2014-01-22 11:45 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts
2014-05-22 20:45 - 2014-05-22 20:45 - 00000000 ___RD () C:\Users\abruzzeseredbklyn706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-05-22 20:44 - 2013-12-29 11:42 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\AppData\Roaming\Skype
2014-05-22 20:43 - 2014-05-20 21:14 - 00000000 ____D () C:\AdwCleaner
2014-05-22 20:43 - 2012-08-05 14:07 - 00460458 _____ () C:\windows\PFRO.log
2014-05-22 20:43 - 2012-07-26 00:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-05-22 20:43 - 2012-07-25 22:26 - 00262144 ___SH () C:\windows\system32\config\BBI
2014-05-22 20:25 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\system32\sru
2014-05-20 21:13 - 2014-05-20 21:13 - 01326389 _____ () C:\Users\abruzzeseredbklyn706\Desktop\AdwCleaner.exe
2014-05-20 21:11 - 2013-09-26 22:39 - 00003592 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2700142147-97012374-720385256-1001
2014-05-17 20:28 - 2013-09-26 22:33 - 00000000 ___RD () C:\Users\abruzzeseredbklyn706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-17 20:28 - 2013-09-26 22:33 - 00000000 ___RD () C:\Users\abruzzeseredbklyn706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-17 20:25 - 2012-07-26 01:12 - 00000000 ___RD () C:\windows\ToastData
2014-05-17 20:25 - 2012-07-26 01:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-17 20:25 - 2012-07-26 01:12 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-17 20:25 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\system32\SecureBootUpdates
2014-05-17 20:25 - 2012-07-26 01:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-05-17 20:25 - 2012-07-26 01:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-05-17 20:23 - 2013-10-08 17:33 - 00000000 ____D () C:\windows\system32\MRT
2014-05-17 20:23 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-05-17 20:22 - 2013-10-08 17:33 - 93223848 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-05-17 20:19 - 2013-02-28 00:47 - 00000000 ____D () C:\Users\EasySurvey
2014-05-16 21:29 - 2014-05-16 21:29 - 00023839 _____ () C:\Users\abruzzeseredbklyn706\Desktop\Addition.txt
2014-05-16 21:27 - 2014-05-16 21:27 - 02067456 _____ (Farbar) C:\Users\abruzzeseredbklyn706\Desktop\FRST64.exe
2014-05-16 21:26 - 2014-05-16 21:25 - 01056768 _____ (Farbar) C:\Users\abruzzeseredbklyn706\Desktop\FRST.exe
2014-05-16 21:11 - 2014-05-16 20:54 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\Desktop\mbar
2014-05-16 20:59 - 2014-05-16 20:59 - 00119000 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-16 20:59 - 2014-05-16 20:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-16 20:55 - 2014-05-16 20:55 - 00091352 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-05-16 20:52 - 2014-05-16 20:50 - 12589848 _____ (Malwarebytes Corp.) C:\Users\abruzzeseredbklyn706\Desktop\mbar-1.07.0.1009.exe
2014-05-16 20:49 - 2014-05-16 20:49 - 00000998 _____ () C:\Users\abruzzeseredbklyn706\Desktop\checkup.txt
2014-05-16 20:46 - 2014-05-16 20:46 - 00854367 _____ () C:\Users\abruzzeseredbklyn706\Desktop\SecurityCheck.exe
2014-05-11 11:49 - 2014-05-11 11:49 - 00000429 _____ () C:\Users\abruzzeseredbklyn706\Desktop\aswMBR.txt
2014-05-11 11:48 - 2014-05-11 11:48 - 04745728 _____ (AVAST Software) C:\Users\abruzzeseredbklyn706\Desktop\aswMBR.exe
2014-05-11 11:09 - 2014-05-11 10:05 - 00016496 _____ () C:\Users\abruzzeseredbklyn706\Desktop\dds.txt
2014-05-11 11:09 - 2014-05-11 10:05 - 00005830 _____ () C:\Users\abruzzeseredbklyn706\Desktop\attach.txt
2014-05-11 11:08 - 2014-05-11 11:08 - 00001915 _____ () C:\Users\abruzzeseredbklyn706\Desktop\attach.zip
2014-05-11 11:05 - 2013-12-29 12:08 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\AppData\Local\CrashDumps
2014-05-11 10:45 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\rescache
2014-05-11 09:59 - 2014-05-11 09:59 - 00688992 ____R (Swearware) C:\Users\abruzzeseredbklyn706\Desktop\dds.scr
2014-05-08 09:08 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\WinStore
2014-05-05 22:14 - 2014-05-16 21:07 - 19274752 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-05-05 22:14 - 2014-05-16 21:07 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-05-05 20:48 - 2014-05-16 21:07 - 14367232 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-05-05 20:48 - 2014-05-16 21:07 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-05-05 20:37 - 2014-05-16 21:07 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-05-05 20:26 - 2014-05-16 21:07 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-05-01 13:37 - 2013-10-28 15:08 - 00694240 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-05-01 13:37 - 2013-10-28 15:08 - 00078296 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl

Some content of TEMP:
====================
C:\Users\abruzzeseredbklyn706\AppData\Local\Temp\nsb97EF.exe
C:\Users\abruzzeseredbklyn706\AppData\Local\Temp\Quarantine.exe
C:\Users\abruzzeseredbklyn706\AppData\Local\Temp\SPSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe
[2014-05-16 21:02] - [2014-04-12 02:10] - 0578048 ____A (Microsoft Corporation) 75DD70A14145499C9F7D903CF9A8C91B

C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-11 09:39

==================== End Of Log ============================

Junkware log:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 8 x64
Ran by abruzzeseredbklyn706 on Thu 05/22/2014 at 20:48:27.09
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Failed to delete: [Folder] "C:\ProgramData\boost_interprocess"



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 05/22/2014 at 20:53:20.31
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


FRST List Log:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 15-05-2014
Ran by abruzzeseredbklyn706 at 2014-05-22 20:39:36 Run:3
Running from C:\Users\abruzzeseredbklyn706\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************

() C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFreeUpdt.exe
BHO: ConvertFilesforFree - {59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB} - C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFree_x64.dll (Convert Files for Free)
BHO-x32: ConvertFilesforFree - {59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB} - C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFree.dll (Convert Files for Free)
R2 ConvertFilesforFreeUpdt; C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFreeUpdt.exe [252928 2014-04-07] ()
2014-05-03 14:41 - 2014-05-03 14: 41 - 00000000 ____D () C:\Program Files (x86)\Convert Files for Free
*****************

[1916] C:\Program Files (x86)\Convert Files for Free\ConvertFilesforFreeUpdt.exe => Process closed successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB} => Key deleted successfully.
HKCR\CLSID\{59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB} => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{59A062A1-5ECA-4a1a-BC44-B2A9283A8ACB} => Key deleted successfully.
ConvertFilesforFreeUpdt => Service deleted successfully.
C:\Program Files (x86)\Convert Files for Free => Moved successfully.

==== End of Fixlog ====

Hi Red Prince,


I will be out of town until Sunday so I won't be able to help Red Prince until I return
No problem, just continue when you return. I will leave the thread open until I hear back from you.

= = = = = = = = = = = = = = = = = = = =

There is a tool that comes with Windows that should handle the task your looking for. It's called the Snipping Tool, follow this link for directions on how to use it.
http://windows.microsoft.com/en-us/windows/use-snipping-tool-capture-screen-shots#1TC=windows-8

OR

How to take a screenshot in Windows 8
http://blog.laptopmag.com/how-to-take-a-screenshot-in-windows-8

= = = = = = = = = = = = = = = = = = = =

Your FRST logs you have posted are complete logs so the tool is working fine.

= = = = = = = = = = = = = = = = = = = =

Windows 8 upgrade to 8.1
Here is a tutorial about how the upgrade process works. The best way to keep the computer as secure as possible is to have all the latest updates, and to always have a firewall and an anti-virus program installed and active.
http://windows.microsoft.com/en-us/windows-8/update-from-windows-8-tutorial

If you are contemplating doing the upgrade to 8.1 please hold off for now until we get all the issues sorted out. Then we will make sure everything is in place to ensure the security of the system.

= = = = = = = = = = = = = = = = = = = =

I won't post any new instructions until you can get me the screenshots of the pop-ups. But as a side note the last FRST log is looking good, so we are making progress.:bigthumb:

Hi OCD
I'm back. Much to my surprise, while I was gone, Red Prince surprised me by updating his operating system to 8.1. When he told me he had clicked the link requesting the update be done, I admonished him saying that you had advised we do nothing while still working on the system....but, what are you gonna do? I looked at the system info and surprisingly, it seems to have taken: he said it took many hours for it to actually upload. In any case, unless he did some harm, at least he has a better operating system now.

I figured out how to take screenshots based on the info you provided, but I can't seem to paste it into this window, so I just attached it as a .png file. The only pop ups I am now seeing are a Java request and a request to upgrade media player (even with the .exe file already to go! FYI, I closed out and did not run or install this file). Both of these screenshots have been attached to this thread for your review.

Hopefully, Red Prince's computer is pretty clean at this point and maybe time for anti-virus program. Can you tell from the data you've reviewed if he has Webroot installed? He has the disk (although it is dated now) but I don't know if he ever really installed it.

Thanks OCD, looking forward to your response.

Hi Red Prince,


The upgrade to 8.1 shouldn't be of any concern. I just thought it would be easier to do it at the end, but it will not interfere with our progress.
As for the 2 pop-ups you keep getting. Go ahead and install the files they are asking you to. Reboot then see if the pop-ups return, if so let me know.
Webroot, does not appear to installed or running at this time. The computer is running the Windows Firewall, and Windows Defender as an anti-virus. If you choose to install the Webroot software he has be sure to disable the Windows Defender via the Control Panel.

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Malwarebytes' Anti-Malware

Download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php) (save it to your desktop).


Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

Once the program has loaded, select the Update tab to get the latest updates before performing the scan.
Select Perform quick scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected .
When completed, a log will open in Notepad. Please save it to a convenient location and post the results.
Note: If you receive a notice that some of the items couldn't be removed, that they have been added to the delete on reboot list, please reboot.

=========================


http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) ESET Online Scanner

*Note:

It is recommended to disable on-board antivirus program and anti-spyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your anti-spyware programs.

** You need to run your browser with Administrator Rights, to do so right click your browsers short cut and select "Run as Administrator".

= = = = = = = = = = = = = = = = = = = =

Go here to run ESET Online Scanner (http://www.eset.eu/online-scanner)

(Note: You can use Internet Explorer or FireFox for this scan. If you use FireFox you will be asked to install an additional component. Please allow this.)


Place a check mark in the box YES, I accept the Terms Of Use
Click the Start button.
Now click the Install button.
Click Start. The scanner engine will initialize and update.
Place a check mark in the box beside Remove found threats.
Click the Scan button. The scan will now run, please be patient.
When the scan finishes click the Details tab.
Copy and paste the contents of the C:\Program Files\ESET\log.txt into your next reply.

Note - when ESET doesn't find any threats, no report will be created.

Re-enable your Antivirus software.

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Re-run Farbar Recovery Scan Tool it should be on your desktop.


Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.

=========================

In your next post please provide the following:

MBAM.txt
ESET'S log.txt
FRST.txt
How is the computer running?

OCD
I am getting fried, IE ckeeps closing on me and I cant' get my message to you. having problems. I updated java and there are much more pop ups now. I will attach screen shots. malwarebytes log said over 1000 issues! see log attached before and after. couldn't figure out how to run esat as administrator....going to send this then attachments as I have already spent two hours on red princes machine and keep having IE close on me unexpectedly...I wrote an entire description and attached logs and it closed on me....I will send in separate posts.. see malware logs before and after first...


now its telling me my text is too long...I am dumping a log and will try and post screen shots tomorrow


dang it I cannot post this log it is way too long.....I don't know what to do

HELPPPPPP

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/28/2014
Scan Time: 8:33:09 PM
Logfile: malwarebytes log1.txt
Administrator: No

Version: 2.00.2.1012
Malware Database: v2014.05.29.03
Rootkit Database: v2014.05.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: abruzzeseredbklyn706

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 271053
Time Elapsed: 12 min, 22 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 7
PUP.Optional.Sizlsearch.A, C:\Program Files (x86)\sizlsearch\updatesizlsearch.exe, 4760, , [3ceb74e398e35fd7a0306ffe33cec040]
PUP.Optional.Sambreel.A, C:\Program Files (x86)\sizlsearch\sizlsearch.FirstRun.exe, 4796, , [979069eea9d282b42da8f164788942be]
Adware.Adpeak, C:\Program Files\003\vxlsnyaiet64.exe, 4688, , [5bccc691c3b8f93da5236ae02adaa45c]
PUP.Optional.AdPeak.A, C:\Program Files\003\vxlsnyaiet64.exe, 4688, , [47e03f18a7d4a29421c2cec347bb06fa]
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\StormAlertsApp.exe, 5480, , [d651bf984f2c77bfaeda693f4cb6da26]
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\StormAlerts.exe, 4984, , [d651bf984f2c77bfaeda693f4cb6da26]
PUP.Optional.SupraSavings.A, C:\Program Files\suprasavings\SecureAssist.exe, 3404, , [c265a0b72754b38316efdcbe6f93e41c]

Modules: 2
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\2rs3.dll, , [2ff844138dee3bfbc2babd8c6b9929d7],
PUP.Optional.Sizlsearch.A, C:\Program Files (x86)\sizlsearch\sizlsearchBHO.dll, , [3aed71e6413a59dd24ab7fee897851af],

Registry Keys: 73
PUP.Optional.Sizlsearch.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update sizlsearch, , [3ceb74e398e35fd7a0306ffe33cec040],
Adware.Adpeak, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\vxlsnyaiet64, , [5bccc691c3b8f93da5236ae02adaa45c],
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{10AD2C61-0898-4348-8600-14A342F22AC3}, , [2ff844138dee3bfbc2babd8c6b9929d7],
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{10AD2C61-0898-4348-8600-14A342F22AC3}, , [2ff844138dee3bfbc2babd8c6b9929d7],
PUP.Optional.SupraSavings.A, HKU\S-1-5-21-2700142147-97012374-720385256-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{10AD2C61-0898-4348-8600-14A342F22AC3}, , [2ff844138dee3bfbc2babd8c6b9929d7],
PUP.Optional.SupraSavings.A, HKU\S-1-5-21-2700142147-97012374-720385256-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{10AD2C61-0898-4348-8600-14A342F22AC3}, , [2ff844138dee3bfbc2babd8c6b9929d7],
PUP.Optional.Sizlsearch.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{36d96925-abfa-4eb8-b630-305e905a930d}, , [3aed71e6413a59dd24ab7fee897851af],
PUP.Optional.Sizlsearch.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{15ae08db-fbb7-4f64-9795-f14a1640f072}, , [3aed71e6413a59dd24ab7fee897851af],
PUP.Optional.Sizlsearch.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{AD36574C-B9D6-4579-A839-8EABE783778B}, , [3aed71e6413a59dd24ab7fee897851af],
PUP.Optional.Sizlsearch.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{AD36574C-B9D6-4579-A839-8EABE783778B}, , [3aed71e6413a59dd24ab7fee897851af],
PUP.Optional.Sizlsearch.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{15ae08db-fbb7-4f64-9795-f14a1640f072}, , [3aed71e6413a59dd24ab7fee897851af],
PUP.Optional.Sizlsearch.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{36D96925-ABFA-4EB8-B630-305E905A930D}, , [3aed71e6413a59dd24ab7fee897851af],
PUP.Optional.Sizlsearch.A, HKU\S-1-5-21-2700142147-97012374-720385256-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{36D96925-ABFA-4EB8-B630-305E905A930D}, , [3aed71e6413a59dd24ab7fee897851af],
PUP.Optional.Sizlsearch.A, HKU\S-1-5-21-2700142147-97012374-720385256-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{36D96925-ABFA-4EB8-B630-305E905A930D}, , [3aed71e6413a59dd24ab7fee897851af],
PUP.Optional.AdPeak.A, HKLM\SOFTWARE\CLASSES\APPID\{76A60138-58B3-4e27-85FB-8FEF344A8998}, , [9196183f6d0e4aecc13478b6729003fd],
PUP.Optional.AdPeak.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{76A60138-58B3-4E27-85FB-8FEF344A8998}, , [9196183f6d0e4aecc13478b6729003fd],
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, , [899ef364b3c802342588a2c356aca957],
PUP.Optional.BrowseFox.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}, , [899ef364b3c802342588a2c356aca957],
PUP.Optional.FreeFileConverter.A, HKLM\SOFTWARE\CLASSES\ConvertFilesforFree.1, , [10177dda2259c76f3728cd62f70bb848],
PUP.Optional.FreeFileConverter.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\ConvertFilesforFree.1, , [b86ff166ee8dd16575eaba75857d36ca],
PUP.Optional.StormAlerts.A, HKU\S-1-5-21-2700142147-97012374-720385256-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\StormAlerts, , [bf68094e1a61cd6904cccc87a25f58a8],
PUP.Optional.AdPeak.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\vxlsnyaiet64, , [47e03f18a7d4a29421c2cec347bb06fa],
PUP.Optional.SearchProtect.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\CltMngSvc, , [46e11245ea91f3432c6823a68380956b],
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\SearchProtect, , [46e11245ea91f3432c6823a68380956b],
PUP.Optional.Sizlsearch.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\sizlsearch, , [c2658ec9dc9f9f97a8e9923c47bc6f91],
PUP.Optional.RRSavings.A, HKLM\SOFTWARE\Rr Savings, , [0423421592e970c61feebdd9ce34728e],
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\suprasavings, , [33f493c4eb90ec4aa085adee768cfb05],
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\suprasavings, , [6bbca7b086f569cd6fe2abedf70b9070],
PUP.Optional.Sizlsearch.A, HKLM\SOFTWARE\WOW6432NODE\sizlsearch, , [64c3e275b6c5fe381e74b6183ec5f808],
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\WOW6432NODE\SupraSavings, , [9e89bc9bfc7f95a1c2feebaddf2329d7],
PUP.Optional.FreeFileConverter.A, HKLM\SOFTWARE\WOW6432NODE\ZUPDATER\ConvertFilesforFreeUpdt.exe, , [ba6de17684f7ed49ae413e5dab5705fb],
PUP.Optional.SupraSavings.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SECUREASSIST, , [c265a0b72754b38316efdcbe6f93e41c],
PUP.Optional.Sizlsearch.A, HKU\S-1-5-21-2700142147-97012374-720385256-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\sizlsearch, , [2cfb8ccb611a03332d660ac4ca39a15f],
PUP.Optional.SupraSavings.A, HKU\S-1-5-21-2700142147-97012374-720385256-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SupraSavings, , [02255dfaf586f83e2303d6c5b949a45c],
PUP.Optional.RRSavings.A, HKU\S-1-5-21-2700142147-97012374-720385256-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Rr Savings, , [6dbafe59b0cb10263ada237355ad8a76],
PUP.Optional.SupraSavings.A, HKU\S-1-5-21-2700142147-97012374-720385256-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\Supra Savings, , [1413ea6d5625ec4afe16e7b3ff035fa1],
PUP.Optional.SupraSavings.A, HKU\S-1-5-21-2700142147-97012374-720385256-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\suprasavings, , [0c1b2532dc9f2610ae793d5e867c36ca],
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{9863E762-BACC-46E4-8CAA-2A6ADA06B65B}, , [3ee959feb1ca91a5e93ae799db276799],
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{039D611A-7085-4E78-99E1-1BC6F49314C1}, , [3ee959feb1ca91a5e93ae799db276799],
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}, , [3ee959feb1ca91a5e93ae799db276799],
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}, , [3ee959feb1ca91a5e93ae799db276799],
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}, , [3ee959feb1ca91a5e93ae799db276799],
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{37A2ED38-A271-4338-92F0-2597C63AB0D6}, , [3ee959feb1ca91a5e93ae799db276799],
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}, , [3ee959feb1ca91a5e93ae799db276799],
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{3F54B9ED-DBB6-4AC2-9136-9598304A4088}, , [3ee959feb1ca91a5e93ae799db276799],
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}, , [3ee959feb1ca91a5e93ae799db276799],
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}, , [3ee959feb1ca91a5e93ae799db276799],
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{60EEBE82-A0B9-4D4B-A227-ECF69CE21BB5}, , [3ee959feb1ca91a5e93ae799db276799],
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{70215BB2-D45B-4D40-A467-32AF0FF8036F}, , [3ee959feb1ca91a5e93ae799db276799],
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{820B6267-576D-4A2D-94C4-980D227A0C4E}, , [3ee959feb1ca91a5e93ae799db276799],
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}, , [3ee959feb1ca91a5e93ae799db276799],
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{9EF718B4-A84D-4E46-B365-7DF81E4CF73E}, , [3ee959feb1ca91a5e93ae799db276799],
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{C1F5E799-B218-4C32-B189-3C389BA140BB}, , [3ee959feb1ca91a5e93ae799db276799],
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E8D63DD4-ACE0-47F1-836C-69E60B5366FD}, , [3ee959feb1ca91a5e93ae799db276799],
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{F60C9408-3110-4C98-A139-ABE1EE1111DD}, , [3ee959feb1ca91a5e93ae799db276799],
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{039D611A-7085-4E78-99E1-1BC6F49314C1}, , [3ee959feb1ca91a5e93ae799db276799],
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{0FCE4F01-64EC-42F1-83E1-1E08D38605D2}, , [3ee959feb1ca91a5e93ae799db276799],
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{1A2A195A-A0F9-4006-AF02-3F05EEFDE792}, , [3ee959feb1ca91a5e93ae799db276799],
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{2D9DB233-DC4B-4677-946C-5FA5ABCF506B}, , [3ee959feb1ca91a5e93ae799db276799],
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{37A2ED38-A271-4338-92F0-2597C63AB0D6}, , [3ee959feb1ca91a5e93ae799db276799],
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3AE76A17-C344-4A83-81CE-65EFEE41E42D}, , [3ee959feb1ca91a5e93ae799db276799],
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{3F54B9ED-DBB6-4AC2-9136-9598304A4088}, , [3ee959feb1ca91a5e93ae799db276799],
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4C0A69B0-CE97-42B7-86FC-08280C99C74D}, , [3ee959feb1ca91a5e93ae799db276799],
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{4E9EB4D5-C929-4005-AC62-1856B1DA5A24}, , [3ee959feb1ca91a5e93ae799db276799],
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{60EEBE82-A0B9-4D4B-A227-ECF69CE21BB5}, , [3ee959feb1ca91a5e93ae799db276799],
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{70215BB2-D45B-4D40-A467-32AF0FF8036F}, , [3ee959feb1ca91a5e93ae799db276799],
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{820B6267-576D-4A2D-94C4-980D227A0C4E}, , [3ee959feb1ca91a5e93ae799db276799],
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{8FAF962C-3EDE-405E-B1D0-62B8235C6044}, , [3ee959feb1ca91a5e93ae799db276799],
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9EF718B4-A84D-4E46-B365-7DF81E4CF73E}, , [3ee959feb1ca91a5e93ae799db276799],
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{C1F5E799-B218-4C32-B189-3C389BA140BB}, , [3ee959feb1ca91a5e93ae799db276799],
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E8D63DD4-ACE0-47F1-836C-69E60B5366FD}, , [3ee959feb1ca91a5e93ae799db276799],
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{F60C9408-3110-4C98-A139-ABE1EE1111DD}, , [3ee959feb1ca91a5e93ae799db276799],
PUP.Optional.SupraSavings.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{9863E762-BACC-46E4-8CAA-2A6ADA06B65B}, , [3ee959feb1ca91a5e93ae799db276799],

Registry Values: 1
PUP.Optional.SupraSavings.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SECUREASSIST|ImagePath, c:\Program Files\SupraSavings\SecureAssist.exe, , [c265a0b72754b38316efdcbe6f93e41c]

Registry Data: 3
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll c:\progra~2\optimi~1\optpro~2.dll, Good: (), Bad: (c:\progra~2\searchprotect\searchprotect\bin\spvc32loader.dll),,[46e11245ea91f3432c6823a68380956b]
PUP.Optional.SearchProtect.A, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINDOWS|AppInit_DLLs, C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll C:\PROGRA~2\OPTIMI~1\OPTPRO~3.DLL, Good: (), Bad: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll),,[46e11245ea91f3432c6823a68380956b]
PUP.Optional.Trovi.A, HKU\S-1-5-21-2700142147-97012374-720385256-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.trovi.com/?gd=&ctid=CT3319709&octid=EB_ORIGINAL_CTID&ISID=MCB6F9008-0864-4F09-9DD9-3C6CFAB60F2F&SearchSource=55&CUI=&UM=5&UP=SPE8491576-F5C6-4836-AFA3-9987B8A13553&SSPV=, Good: (www.google.com), Bad: (http://www.trovi.com/?gd=&ctid=CT3319709&octid=EB_ORIGINAL_CTID&ISID=MCB6F9008-0864-4F09-9DD9-3C6CFAB60F2F&SearchSource=55&CUI=&UM=5&UP=SPE8491576-F5C6-4836-AFA3-9987B8A13553&SSPV=),,[1017b4a36813082ecbbe3918d331d927]

Folders: 65
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0122104542, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0122112003, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0122112003.522, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0122115406, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0129223433, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0130110949, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0131071221, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0131071747, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0201105916, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0208101419, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0208102733, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0208103018, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0218132552, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0218201628, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0221075516, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0224110430, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0306162915, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0307100625, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0307111336, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0308115143, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0308134004, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0320082359, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0320085640, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0326193456, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0327083825, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0402145032, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0404210211, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0408120936, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0414152451, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0422140007, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0428092141, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0506094153, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0509101030, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0510073503, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0513111223, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0513183346, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0513201155, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0522103235, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0522105936, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0208102045, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Storm Alerts, , [ea3d2e2973085adc711893150bf7df21],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect, , [46e11245ea91f3432c6823a68380956b],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main, , [46e11245ea91f3432c6823a68380956b],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\bin, , [46e11245ea91f3432c6823a68380956b],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\Main\rep, , [46e11245ea91f3432c6823a68380956b],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect, , [46e11245ea91f3432c6823a68380956b],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin, , [46e11245ea91f3432c6823a68380956b],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\rep, , [46e11245ea91f3432c6823a68380956b],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI, , [46e11245ea91f3432c6823a68380956b],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\bin, , [46e11245ea91f3432c6823a68380956b],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs, , [46e11245ea91f3432c6823a68380956b],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\bubble, , [46e11245ea91f3432c6823a68380956b],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\Images, , [46e11245ea91f3432c6823a68380956b],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\libs, , [46e11245ea91f3432c6823a68380956b],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protection, , [46e11245ea91f3432c6823a68380956b],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\protectionDS, , [46e11245ea91f3432c6823a68380956b],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\settings, , [46e11245ea91f3432c6823a68380956b],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\dialogs\uninstall, , [46e11245ea91f3432c6823a68380956b],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\rep, , [46e11245ea91f3432c6823a68380956b],
PUP.Optional.Sizlsearch.A, C:\Program Files (x86)\sizlsearch, , [c2658ec9dc9f9f97a8e9923c47bc6f91],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\Weather_Warnings_LLC\StormAlerts.exe_Url_ad2keg0knijc1tp5144i3dsmhhgxpmck, , [aa7d0e496912eb4b6a38bbbf37cb5ea2],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\Weather_Warnings_LLC\StormAlerts.exe_Url_ad2keg0knijc1tp5144i3dsmhhgxpmck\1.4.0.0, , [aa7d0e496912eb4b6a38bbbf37cb5ea2],
PUP.Optional.SupraSavings.A, C:\Program Files\suprasavings, , [3ee959feb1ca91a5e93ae799db276799],
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings, , [1d0a78dfa3d8979fc75c0977639fd12f],

Files: 897
PUP.Optional.Sizlsearch.A, C:\Program Files (x86)\sizlsearch\updatesizlsearch.exe, , [3ceb74e398e35fd7a0306ffe33cec040],
PUP.Optional.Sambreel.A, C:\Program Files (x86)\sizlsearch\sizlsearch.FirstRun.exe, , [979069eea9d282b42da8f164788942be],
Adware.Adpeak, C:\Program Files\003\vxlsnyaiet64.exe, , [5bccc691c3b8f93da5236ae02adaa45c],
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\2rs3.dll, , [2ff844138dee3bfbc2babd8c6b9929d7],
PUP.Optional.Sizlsearch.A, C:\Program Files (x86)\sizlsearch\sizlsearchBHO.dll, , [3aed71e6413a59dd24ab7fee897851af],
PUP.Optional.AdPeak.A, C:\temp\InstallFilter64.msi, , [a681abac2d4ec76f8de5a39ade227c84],
PUP.Optional.SupraSavings.A, C:\temp\t.msi, , [69be0b4c5e1dbf77a9d38cbdbb4913ed],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\StormAlertsuninstall.exe, , [bf68094e1a61cd6904cccc87a25f58a8],
PUP.Optional.SupraSavings.A, C:\Windows\Installer\1a8271b9.msi, , [7ea983d49ddebc7acdaf84c5ae56f60a],
PUP.Optional.AdPeak.A, C:\Windows\Installer\1a88766f.msi, , [da4d9fb8dc9fb77fbeb4db62649cea16],
PUP.Optional.AdPeak.A, C:\Program Files\003\vxlsnyaiet64.exe, , [47e03f18a7d4a29421c2cec347bb06fa],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\StormAlertsU.dat, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\StormAlertsApp.exe, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\StormAlertsApp0.dat, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\StormAlertsBrowser.exe, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\StormAlertsK.dat, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\uninstall.exe, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\ICSharpCode.SharpZipLib.dll, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\mod.StormAlertsApp0.dat, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\SAUpdater.exe, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\StormAlerts.exe, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\StormAlerts.exe.config, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0122104542\3645.26.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0122104542\3645.0.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0122104542\3645.1.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0122104542\3645.10.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0122104542\3645.11.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0122104542\3645.12.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0122104542\3645.13.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0122104542\3645.14.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0122104542\3645.15.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0122104542\3645.16.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0122104542\3645.17.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0122104542\3645.18.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0122104542\3645.19.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0122104542\3645.2.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0122104542\3645.20.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0122104542\3645.21.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0122104542\3645.22.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0122104542\3645.23.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0122104542\3645.24.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0122104542\3645.25.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0122104542\mergetree, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0122104542\3645.27.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0122104542\3645.28.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0122104542\3645.29.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0122104542\3645.3.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0122104542\3645.30.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0122104542\3645.31.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0122104542\3645.32.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0122104542\3645.33.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0122104542\3645.34.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0122104542\3645.35.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0122104542\3645.36.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0122104542\3645.37.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0122104542\3645.38.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0122104542\3645.39.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0122104542\3645.4.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0122104542\3645.40.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0122104542\3645.41.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0122104542\3645.42.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0122104542\3645.43.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0122104542\3645.44.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0122104542\3645.45.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0122104542\3645.46.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0122104542\3645.47.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0122104542\3645.48.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0122104542\3645.49.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0122104542\3645.5.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0122104542\3645.50.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0122104542\3645.51.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0122104542\3645.52.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0122104542\3645.6.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0122104542\3645.7.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0122104542\3645.8.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0122104542\3645.9.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0122112003\799.0.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0122112003\799.1.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0122112003.522\3644.0.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0122112003.522\3644.1.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0122115406\3645.0.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0122115406\3645.1.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0122115406\3645.2.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0122115406\3645.3.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0129223433\3651.0.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0129223433\3651.1.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0130110949\3651.100.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0130110949\3651.101.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0130110949\3651.102.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0130110949\3651.103.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0130110949\3651.104.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0130110949\3651.105.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0130110949\3651.106.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0130110949\3651.107.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0130110949\3651.108.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0130110949\3651.109.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0130110949\3651.110.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0130110949\3651.111.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0130110949\3651.88.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0130110949\3651.89.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0130110949\3651.90.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0130110949\3651.91.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0130110949\3651.92.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0130110949\3651.93.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0130110949\3651.94.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0130110949\3651.95.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0130110949\3651.96.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0130110949\3651.97.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0130110949\3651.98.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0130110949\3651.99.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0130110949\3651.113.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0130110949\3651.114.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0130110949\3651.115.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0130110949\3651.116.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0130110949\3651.117.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0130110949\3651.118.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0130110949\3651.119.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0130110949\3651.120.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0130110949\3651.121.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0130110949\3651.122.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0130110949\3651.123.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0130110949\3651.124.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0130110949\3651.125.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0130110949\3651.126.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0130110949\3651.127.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0130110949\3651.128.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0130110949\3651.129.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0130110949\3651.131.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0130110949\3651.132.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0130110949\3651.133.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0130110949\3651.134.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0130110949\3651.135.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0130110949\3651.136.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0130110949\3651.137.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0130110949\3651.138.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0130110949\3651.139.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0130110949\3651.140.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0130110949\3651.141.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0130110949\3651.142.tmp, , [d651bf984f2c77bfaeda693f4cb6da26],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts\0130110949\3651.143.tmp, , [

Hi Red Prince,

What you are doing for your neighbor is admirable. Try not to get frustrated, this process is generally not completed in a few steps. What may be happening in between the time you have access to the machine is he/she is getting additional adware/malware. What you might want to do is ask him/her to limit the amount of time they spend surfing, or at the very least try not and click on too many links other than what they search for specifically.

Also, for you, have you tried a different browser? (Firefox, Chrome, Safari) If IE continues to give you problems consider downloading one of the ones mentioned above to get through the cleaning process. If your posts are too large, just break them up into smaller portions and post. If you fear the browser is going to fail you post what you have ready, then just continue to add until you have posted all the details you wanted to.

With Malwarebytes Anti-Malware, you will need to re-run it. But this time be sure to "Remove the Found Threats".

Post whatever you can, when you can. We will work on this for as long as it takes to get the machine running properly.

If the browser will not allow you to successfully copy and paste the logs, feel free to just attach them for review.

thanks OCD. Sorry for "losing it" last night. I was getting frustrated because I am across the street at my neighbor's (he's 80 so....) and i should be home with my family.

I am logging in to write this from work, so not at his computer now but will respond with a new malwarebytes log tonight or tomorrow night.

I wanted to point out that all the renewed popups, which include one i saw before we cleaned called "Optimizer Pro" seem to have occurred right after i downloaded Java, which wanted me to add a whole bunch of other features, some of which i may have inadvertently added, others that i declined. But i am pretty sure that downloaded that Java update (could it have been a phony Java request???) all the problems came back. Also, for some reason, his home page is now Google home instead of MSN, so something re-directed it, but since it is Google, i assume it isn't a virus but rather some option i must have checked inadvertently.

Finally, the setup process for Malwarebytes was different on the version i downloaded than you described. There was no option available for a quick scan, so i think i had to do a full scan. Also, i did remove the threats last time.

But i will check it again tonight or tomorrow night and try to run it again and post you the log.

thanks much for all your help and especially your patience!

Chris

Hi Red Prince,


thanks much for all your help and especially your patience!
Thank you! But I believe you have the harder job of the two of us. :bow:


Check and see if Optimizer Pro shows in the Control Panel. If so remove it.
Also while in the Control Panel, remove all versions of Java listed.
Reboot, then get the latest version of Java by visiting here (http://java.com/en/) This will ensure you have an authentic version of Java. Also during installation be mindful of the "extras" that may try to install. Reboot once again after you have finished.
As far as his homepage changing, you are correct that one of the programs you installed may be responsible. What browser is he using? I will provide instructions to change it back to what he wants. If you know how to do it feel free to make the adjustment on your own.
So, when you have access please provide the latest MBAM log with items removed. If MBAM runs smoothly, continue on with the ESET scan. Be advised that ESET may take quit awhile to complete. (hours)
If you have time, also include a fresh FRST scan. But only if you've had time to do the MBAM & ESET.

Hopefully, that all makes sense. If not I apologize and just post what you can.

Hi OCD

So I went to control panel and found optimizer pro and uninstalled it.

Interestingly, I did not see any Java programs installed....so I didn't do anything as far as installing the Java you linked to....yet.

I ran Malwarebytes and the log is not nearly as bad as last time and I am attaching it below.....machine seems pretty (praying) okay......right now (fingers crossed). I reset home page to MSN for Red Prince.

I am going to run ESAT and go home and then come back and post the log after it has run overnight.....talk to you soon

thanks again

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 5/30/2014
Scan Time: 9:10:43 PM
Logfile: malwarebytes log.txt
Administrator: No

Version: 2.00.2.1012
Malware Database: v2014.05.31.01
Rootkit Database: v2014.05.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: abruzzeseredbklyn706

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 270899
Time Elapsed: 9 min, 51 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 2
PUP.Optional.CouponDownloader.A, HKU\S-1-5-21-2700142147-97012374-720385256-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{10AD2C61-0898-4348-8600-14A342F22AC3}, Quarantined, [816c2d2a8bf0a096f50134fa1ae8ff01],
PUP.Optional.Sizlsearch.A, HKU\S-1-5-21-2700142147-97012374-720385256-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{36D96925-ABFA-4EB8-B630-305E905A930D}, Quarantined, [ea03b0a7c4b7d561b6deec47ce3451af],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 7
Rogue.Multiple, C:\ProgramData\374311380, Quarantined, [4e9f11464a312f07292da9c155ad33cd],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\bin, Quarantined, [47a66dea3d3e1026207914675ea4f010],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin, Quarantined, [86670c4be8932a0cff9b95e6689a946c],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\Weather_Warnings_LLC\StormAlerts.exe_Url_ad2keg0knijc1tp5144i3dsmhhgxpmck, Quarantined, [bc315ef9a7d40f27b75b1a6208fa7789],
PUP.Optional.StormAlerts.A, C:\Users\abruzzeseredbklyn706\AppData\Local\Weather_Warnings_LLC\StormAlerts.exe_Url_ad2keg0knijc1tp5144i3dsmhhgxpmck\1.4.0.0, Quarantined, [bc315ef9a7d40f27b75b1a6208fa7789],
PUP.Optional.SupraSavings.A, C:\Program Files\suprasavings, Quarantined, [5b92cc8bcdaefa3ca1f20b768280619f],
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings, Quarantined, [618c04530477a98d781b9fe27c8638c8],

Files: 10
PUP.Optional.Conduit.A, C:\Users\abruzzeseredbklyn706\AppData\Local\Temp\nsb7311.exe, Quarantined, [787522357308f2445badfd86b74abf41],
PUP.Optional.Conduit.A, C:\Users\abruzzeseredbklyn706\AppData\Local\Temp\nsy45A6.exe, Quarantined, [707dadaa5b20be78cc3c453e35cc1be5],
PUP.Optional.Conduit.A, C:\Users\abruzzeseredbklyn706\AppData\Local\Temp\nsj4A1E\SpSetup.exe, Quarantined, [d51891c65c1f979f4eba810217eaf50b],
PUP.Optional.AdPeak.A, C:\Program Files\003\vxlsnyaiet64.exe, Quarantined, [a845c59236455bdb6d1b9ff508fa57a9],
Rogue.Multiple, C:\ProgramData\374311380\BIT57A4.tmp, Quarantined, [4e9f11464a312f07292da9c155ad33cd],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe, Quarantined, [47a66dea3d3e1026207914675ea4f010],
PUP.Optional.SearchProtect.A, C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe, Quarantined, [86670c4be8932a0cff9b95e6689a946c],
PUP.Optional.SupraSavings.A, C:\Program Files\suprasavings\PCProxyDLL64.dll, Quarantined, [5b92cc8bcdaefa3ca1f20b768280619f],
PUP.Optional.SupraSavings.A, C:\Program Files\suprasavings\SecureAssist.exe, Quarantined, [5b92cc8bcdaefa3ca1f20b768280619f],
PUP.Optional.SupraSavings.A, C:\Program Files (x86)\SupraSavings\2rs3.dll, Quarantined, [618c04530477a98d781b9fe27c8638c8],

Physical Sectors: 0
(No malicious items detected)


(end)

Hi OCD
back again after the ESAT scan. It ran last night and finished and found 2 threats which were quarantined. Interestingly, the threats were identified as "JAVA LIVE", I've attached a screen shot for you to see. so maybe I did download a bogus java program by accident before.

In any case, when it was done, there was no details button to click and no indication that there was any way to save a report. Let me know if I need to run it again, but I didn't see where a report could be saved. It just had a "finished" button to click and that was it.

I've attached a screen shot. Let me know what else I should do.

I've also run FRST again and attaching a log below:

11521

Not sure why the FRST log did not post in the last thread but here it is again:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-05-2014
Ran by abruzzeseredbklyn706 (administrator) on REDPRINCE on 31-05-2014 13:19:18
Running from C:\Users\abruzzeseredbklyn706\Desktop
Platform: Windows 8.1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\ismagent.exe
() C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\updateui.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2872176 2012-10-08] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13263072 2012-12-12] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1260256 2013-01-04] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [766080 2012-10-31] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-10-31] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM\...\Run: [Bitcasa] => C:\Program Files\Bitcasa\Bitcasa.exe [4365824 2012-12-27] (Bitcasa, Inc)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2012-04-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-04-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-14] (Symantec Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2700142147-97012374-720385256-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-2700142147-97012374-720385256-1001\...\Run: [PC Driver Kit] => C:\Program Files (x86)\PC Driver Kit\PCDKLauncher.exe [201528 2013-10-07] (PC Health Labs)
AppInit_DLLs: C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\SPVC64~1.DLL => C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\SPVC64~1.DLL File Not Found
AppInit_DLLs-x32: c:\progra~2\search~1\search~1\bin\spvc32~1.dll => "c:\progra~2\search~1\search~1\bin\spvc32~1.dll" File Not Found
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://t.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung13.msn.com
SearchScopes: HKLM - DefaultScope {CA263134-BB82-4DF6-B504-6BB870E632DA} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM - {CA263134-BB82-4DF6-B504-6BB870E632DA} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM-x32 - {CA263134-BB82-4DF6-B504-6BB870E632DA} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3319709&octid=EB_ORIGINAL_CTID&ISID=MCB6F9008-0864-4F09-9DD9-3C6CFAB60F2F&SearchSource=58&CUI=&UM=5&UP=SPE8491576-F5C6-4836-AFA3-9987B8A13553&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3319709&octid=EB_ORIGINAL_CTID&ISID=MCB6F9008-0864-4F09-9DD9-3C6CFAB60F2F&SearchSource=58&CUI=&UM=5&UP=SPE8491576-F5C6-4836-AFA3-9987B8A13553&q={searchTerms}&SSPV=
SearchScopes: HKCU - {CA263134-BB82-4DF6-B504-6BB870E632DA} URL =
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

==================== Services (Whitelisted) =================

R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [172104 2013-01-26] (Adobe Systems Incorporated)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [231040 2012-10-31] (Qualcomm Atheros Commnucations)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1591176 2012-11-30] (Samsung Electronics CO., LTD.)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-14] (Symantec Corporation)
R2 SWUpdateService; C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe [2883120 2013-01-24] (Samsung Electronics CO., LTD.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-05-23] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-05-23] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-10-31] (Atheros)

==================== Drivers (Whitelisted) ====================

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Windows (R) Win 7 DDK provider)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-10-31] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [352456 2012-08-05] (EldoS Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-24] (CyberLink)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-09] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2014-03-18] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-09] (Corel Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924504 2014-03-18] (Microsoft Corporation)
R2 SAWFP; C:\WINDOWS\system32\Drivers\SAWFP64.sys [41768 2014-03-18] (SecureAssist)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2014-03-18] (Microsoft Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2014-03-18] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-05-23] (Microsoft Corporation)
R0 Wof; C:\Windows\System32\Drivers\Wof.sys [157016 2014-05-23] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-31 13:18 - 2014-05-31 13:18 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\Desktop\FRST-OlderVersion
2014-05-30 21:38 - 2014-05-30 21:38 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-30 21:25 - 2014-05-30 21:25 - 00000000 ___RD () C:\Users\abruzzeseredbklyn706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-05-28 21:15 - 2014-05-28 21:15 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2014-05-28 20:23 - 2014-03-18 15:12 - 00041768 _____ (SecureAssist) C:\WINDOWS\system32\Drivers\SAWFP64.sys
2014-05-28 20:22 - 2014-05-28 20:22 - 00000919 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-28 20:22 - 2014-05-28 20:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-28 20:22 - 2014-05-28 20:22 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-28 20:22 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-05-28 20:22 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-05-28 20:18 - 2014-05-28 20:21 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\abruzzeseredbklyn706\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-28 20:17 - 2014-05-28 20:17 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\Documents\Optimizer Pro
2014-05-28 20:15 - 2014-05-30 22:58 - 00000000 ____D () C:\Program Files (x86)\JavaLive! Manager
2014-05-28 20:15 - 2014-05-28 20:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JavaLive! Manager
2014-05-28 20:14 - 2014-05-28 20:48 - 00000000 ____D () C:\temp
2014-05-28 20:13 - 2014-05-30 21:21 - 00000000 ____D () C:\Program Files\003
2014-05-28 20:10 - 2014-05-28 20:59 - 00000000 ____D () C:\Program Files (x86)\sizlsearch
2014-05-28 20:09 - 2014-05-28 20:48 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-05-28 20:09 - 2014-05-28 20:09 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\AppData\Local\SearchProtect
2014-05-26 21:01 - 2014-05-05 21:40 - 23544320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-05-26 21:01 - 2014-05-05 20:25 - 17382912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-05-26 21:01 - 2014-05-05 20:00 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-05-26 21:01 - 2014-05-05 19:10 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-05-26 20:58 - 2014-04-08 15:46 - 00086688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt_map.dll
2014-05-26 20:58 - 2014-04-08 15:46 - 00028320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt100.dll
2014-05-26 20:58 - 2014-04-08 11:54 - 00080032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt_map.dll
2014-05-26 20:58 - 2014-04-08 11:54 - 00026784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt100.dll
2014-05-26 20:49 - 2014-05-26 20:49 - 00000284 _____ () C:\Users\abruzzeseredbklyn706\Desktop\My Verizon Login Email, Voicemail, Calls Verizon.url
2014-05-23 20:11 - 2014-05-31 13:11 - 00003990 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{CD8E812C-A22F-4D92-846F-C8431B9273A3}
2014-05-23 20:11 - 2014-05-23 20:11 - 00000000 __SHD () C:\Users\abruzzeseredbklyn706\AppData\Local\EmieUserList
2014-05-23 20:11 - 2014-05-23 20:11 - 00000000 __SHD () C:\Users\abruzzeseredbklyn706\AppData\Local\EmieSiteList
2014-05-23 20:01 - 2014-05-23 20:01 - 00001438 _____ () C:\Users\abruzzeseredbklyn706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-23 20:01 - 2014-05-23 20:01 - 00000020 ___SH () C:\Users\abruzzeseredbklyn706\ntuser.ini
2014-05-23 17:26 - 2014-05-23 20:02 - 00000000 ___DC () C:\WINDOWS\Panther
2014-05-23 17:26 - 2014-05-23 17:26 - 00000000 __SHD () C:\Recovery
2014-05-23 17:25 - 2014-05-23 17:25 - 00308224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wusa.exe
2014-05-23 17:25 - 2014-05-23 17:25 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wusa.exe
2014-05-23 17:24 - 2014-05-23 17:24 - 02900992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 02641920 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 02479616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 02373784 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2014-05-23 17:24 - 2014-05-23 17:24 - 02331000 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 02270208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 02141912 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 02133504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 02088160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2014-05-23 17:24 - 2014-05-23 17:24 - 02030080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 02013016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2014-05-23 17:24 - 2014-05-23 17:24 - 01843712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 01816576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 01779800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 01764864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 01679128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 01656832 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 01557848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2014-05-23 17:24 - 2014-05-23 17:24 - 01542768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 01351168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 01339240 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 01306624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 01291200 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 01112536 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 01095488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 01066496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2014-05-23 17:24 - 2014-05-23 17:24 - 01036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 01015808 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00924160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00887296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00836096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00834560 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2014-05-23 17:24 - 2014-05-23 17:24 - 00800256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00717312 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00669696 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00655360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00621568 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2014-05-23 17:24 - 2014-05-23 17:24 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00518552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00512000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidprov.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00488280 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00467800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2014-05-23 17:24 - 2014-05-23 17:24 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlangpui.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2014-05-23 17:24 - 2014-05-23 17:24 - 00406912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00390488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00387210 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-05-23 17:24 - 2014-05-23 17:24 - 00386560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlangpui.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00379224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2014-05-23 17:24 - 2014-05-23 17:24 - 00376152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2014-05-23 17:24 - 2014-05-23 17:24 - 00360512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidprov.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00356848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00355832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationApi.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SessEnv.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\pdh.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00283648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2014-05-23 17:24 - 2014-05-23 17:24 - 00280576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SessEnv.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmWmiPl.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\spp.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00264192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2014-05-23 17:24 - 2014-05-23 17:24 - 00262656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LocationApi.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00254976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pdh.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spp.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00212992 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00201216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReInfo.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00197632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWfdProvider.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReInfo.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00171008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00157016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys
2014-05-23 17:24 - 2014-05-23 17:24 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2014-05-23 17:24 - 2014-05-23 17:24 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00136024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2014-05-23 17:24 - 2014-05-23 17:24 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2014-05-23 17:24 - 2014-05-23 17:24 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpnpmgr.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevPropMgr.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00113648 _____ (Microsoft Corporation) C:\WINDOWS\system32\userenv.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2014-05-23 17:24 - 2014-05-23 17:24 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvinst.exe
2014-05-23 17:24 - 2014-05-23 17:24 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvinst.exe
2014-05-23 17:24 - 2014-05-23 17:24 - 00094016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\userenv.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMapi.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\davclnt.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxproxy.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\w32tm.exe
2014-05-23 17:24 - 2014-05-23 17:24 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\IPMIDrv.sys
2014-05-23 17:24 - 2014-05-23 17:24 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\w32tm.exe
2014-05-23 17:24 - 2014-05-23 17:24 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\l2gpstore.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\l2gpstore.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvcfg.exe
2014-05-23 17:24 - 2014-05-23 17:24 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpipreg.sys
2014-05-23 17:24 - 2014-05-23 17:24 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SetNetworkLocation.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sxproxy.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys
2014-05-23 17:24 - 2014-05-23 17:24 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialMigrationHandler.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll
2014-05-23 17:22 - 2014-05-23 17:22 - 03464192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-05-23 17:22 - 2014-05-23 17:22 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-05-23 17:22 - 2014-05-23 17:22 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-05-23 17:22 - 2014-05-23 17:22 - 01705472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-05-23 17:22 - 2014-05-23 17:22 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-05-23 17:22 - 2014-05-23 17:22 - 00921088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-05-23 17:22 - 2014-05-23 17:22 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-05-23 17:22 - 2014-05-23 17:22 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-05-23 17:22 - 2014-05-23 17:22 - 00754688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-05-23 17:22 - 2014-05-23 17:22 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-05-23 17:22 - 2014-05-23 17:22 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-05-23 17:22 - 2014-05-23 17:22 - 00419928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2014-05-23 17:22 - 2014-05-23 17:22 - 00381440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-05-23 17:22 - 2014-05-23 17:22 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-23 17:22 - 2014-05-23 17:22 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2014-05-23 17:22 - 2014-05-23 17:22 - 00190976 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2014-05-23 17:22 - 2014-05-23 17:22 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-23 17:22 - 2014-05-23 17:22 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-05-23 17:22 - 2014-05-23 17:22 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-05-23 17:22 - 2014-05-23 17:22 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-05-23 17:22 - 2014-05-23 17:22 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-05-23 17:22 - 2014-05-23 17:22 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-05-23 17:22 - 2014-05-23 17:22 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-05-23 17:22 - 2014-05-23 17:22 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-05-23 17:22 - 2014-05-23 17:22 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-05-23 17:22 - 2014-05-23 17:22 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-05-23 17:22 - 2014-05-23 17:22 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2014-05-23 17:21 - 2014-05-23 17:21 - 00257880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-05-23 17:21 - 2014-05-23 17:21 - 00123224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-05-23 17:21 - 2014-05-23 17:21 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-05-23 17:20 - 2014-05-23 17:20 - 21268952 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 18755672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 16872448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 08652800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 07425368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2014-05-23 17:20 - 2014-05-23 17:20 - 07173120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 06645248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 05833216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 05774848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 05104640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 04269056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-05-23 17:20 - 2014-05-23 17:20 - 03359744 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 02688000 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 02518360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-05-23 17:20 - 2014-05-23 17:20 - 02144984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 02124840 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 02100736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 01797896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 01584128 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 01527296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 01466856 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 01436160 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2014-05-23 17:20 - 2014-05-23 17:20 - 01411584 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 01403856 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 01379064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 01308160 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 01287168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 01222656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 01209616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 01200288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2014-05-23 17:20 - 2014-05-23 17:20 - 01126912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 01029120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 01025024 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00955904 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00918528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00881616 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00872448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-05-23 17:20 - 2014-05-23 17:20 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00836608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00805376 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00765408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00731648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00731648 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00718336 _____ (Microsoft Corporation) C:\WINDOWS\system32\swprv.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00707048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2014-05-23 17:20 - 2014-05-23 17:20 - 00669856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00629760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00609448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00589656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2014-05-23 17:20 - 2014-05-23 17:20 - 00565536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-05-23 17:20 - 2014-05-23 17:20 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-05-23 17:20 - 2014-05-23 17:20 - 00518544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00491744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\GeofenceMonitorService.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00486912 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2014-05-23 17:20 - 2014-05-23 17:20 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00467496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00463256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00449536 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2014-05-23 17:20 - 2014-05-23 17:20 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-05-23 17:20 - 2014-05-23 17:20 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00407016 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2014-05-23 17:20 - 2014-05-23 17:20 - 00406504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2014-05-23 17:20 - 2014-05-23 17:20 - 00387896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00384856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2014-05-23 17:20 - 2014-05-23 17:20 - 00372568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2014-05-23 17:20 - 2014-05-23 17:20 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2014-05-23 17:20 - 2014-05-23 17:20 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00364640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00360792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2014-05-23 17:20 - 2014-05-23 17:20 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GeofenceMonitorService.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00337240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2014-05-23 17:20 - 2014-05-23 17:20 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2014-05-23 17:20 - 2014-05-23 17:20 - 00326024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00324888 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00310616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2014-05-23 17:20 - 2014-05-23 17:20 - 00307304 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00305768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00300544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00285144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00275800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2014-05-23 17:20 - 2014-05-23 17:20 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\rstrui.exe
2014-05-23 17:20 - 2014-05-23 17:20 - 00263424 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2014-05-23 17:20 - 2014-05-23 17:20 - 00250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2014-05-23 17:20 - 2014-05-23 17:20 - 00244880 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2014-05-23 17:20 - 2014-05-23 17:20 - 00233912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00230808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2014-05-23 17:20 - 2014-05-23 17:20 - 00201920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00201216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00191488 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpchttp.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00180056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2014-05-23 17:20 - 2014-05-23 17:20 - 00178184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00130144 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00125496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00111528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpapi.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00098584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2014-05-23 17:20 - 2014-05-23 17:20 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\srclient.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srclient.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\energyprov.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\tlscsp.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tlscsp.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00032600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ploptin.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00028408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe
2014-05-23 17:20 - 2014-05-23 17:20 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8thk.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanhlp.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanhlp.dll
2014-05-23 17:19 - 2014-05-23 17:19 - 00262144 _____ () C:\WINDOWS\system32\config\userdiff
2014-05-23 17:17 - 2014-05-23 17:17 - 00000000 ____D () C:\Program Files\Reference Assemblies
2014-05-23 17:17 - 2014-05-23 17:17 - 00000000 ____D () C:\Program Files\MSBuild
2014-05-23 17:17 - 2014-05-23 17:17 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies
2014-05-23 17:17 - 2014-05-23 17:17 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-05-23 17:16 - 2013-08-02 21:48 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2014-05-23 17:16 - 2013-08-02 21:48 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2014-05-23 17:16 - 2013-08-02 21:48 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2014-05-23 17:16 - 2013-08-02 21:41 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2014-05-23 17:16 - 2013-08-02 21:41 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-05-23 17:16 - 2013-08-02 21:41 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2014-05-23 16:52 - 2014-05-31 13:19 - 01061584 _____ () C:\WINDOWS\WindowsUpdate.log
2014-05-23 16:51 - 2014-05-23 16:51 - 00022744 _____ () C:\WINDOWS\system32\emptyregdb.dat
2014-05-23 16:41 - 2014-05-23 16:41 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-05-23 16:37 - 2014-05-23 16:37 - 00000000 ____D () C:\WINDOWS\system32\config\bbimigrate
2014-05-23 16:36 - 2014-05-31 13:19 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\AppData\Local\Temp
2014-05-23 16:36 - 2014-05-23 20:01 - 00000000 ____D () C:\Users\abruzzeseredbklyn706
2014-05-23 16:36 - 2014-05-23 16:51 - 00020958 _____ () C:\WINDOWS\diagwrn.xml
2014-05-23 16:36 - 2014-05-23 16:51 - 00020958 _____ () C:\WINDOWS\diagerr.xml
2014-05-23 16:36 - 2014-05-23 16:37 - 00000000 ___RD () C:\Users\abruzzeseredbklyn706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-23 16:36 - 2014-05-23 16:37 - 00000000 ___RD () C:\Users\abruzzeseredbklyn706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-05-23 16:36 - 2014-03-18 03:13 - 00000369 _____ () C:\Users\abruzzeseredbklyn706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2014-05-23 16:36 - 2014-03-18 03:13 - 00000369 _____ () C:\Users\abruzzeseredbklyn706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2014-05-23 16:36 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\abruzzeseredbklyn706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-05-23 16:36 - 2013-08-22 08:36 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-05-23 16:30 - 2014-05-23 16:39 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-05-23 16:30 - 2014-03-20 07:53 - 00064000 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2014-05-23 16:30 - 2014-03-20 07:53 - 00060416 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2014-05-23 16:29 - 2014-05-23 16:39 - 00000000 ____D () C:\Program Files\Elantech
2014-05-23 16:29 - 2014-05-23 16:29 - 00000000 ____D () C:\WINDOWS\SysWOW64\RTCOM
2014-05-23 16:29 - 2014-05-23 16:29 - 00000000 ____D () C:\WINDOWS\system32\SRSLabs
2014-05-23 16:29 - 2014-05-23 16:29 - 00000000 ____D () C:\Program Files\Realtek
2014-05-23 15:46 - 2014-05-23 16:51 - 00006611 _____ () C:\WINDOWS\comsetup.log
2014-05-22 20:53 - 2014-05-22 20:53 - 00000701 _____ () C:\Users\abruzzeseredbklyn706\Desktop\JRT.txt
2014-05-22 20:48 - 2014-05-22 20:48 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-05-22 20:47 - 2014-05-22 20:47 - 01016261 _____ (Thisisu) C:\Users\abruzzeseredbklyn706\Desktop\JRT.exe
2014-05-20 21:14 - 2014-05-22 20:43 - 00000000 ____D () C:\AdwCleaner
2014-05-20 21:13 - 2014-05-20 21:13 - 01326389 _____ () C:\Users\abruzzeseredbklyn706\Desktop\AdwCleaner.exe
2014-05-16 21:29 - 2014-05-16 21:29 - 00023839 _____ () C:\Users\abruzzeseredbklyn706\Desktop\Addition.txt
2014-05-16 21:28 - 2014-05-31 13:19 - 00013754 _____ () C:\Users\abruzzeseredbklyn706\Desktop\FRST.txt
2014-05-16 21:28 - 2014-05-31 13:18 - 00000000 ____D () C:\FRST
2014-05-16 21:27 - 2014-05-31 13:18 - 02066944 _____ (Farbar) C:\Users\abruzzeseredbklyn706\Desktop\FRST64.exe
2014-05-16 20:59 - 2014-05-30 21:10 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32

balance of log:


\Drivers\MBAMSwissArmy.sys
2014-05-16 20:59 - 2014-05-28 20:22 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-16 20:55 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-05-16 20:54 - 2014-05-16 21:11 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\Desktop\mbar
2014-05-16 20:50 - 2014-05-16 20:52 - 12589848 _____ (Malwarebytes Corp.) C:\Users\abruzzeseredbklyn706\Desktop\mbar-1.07.0.1009.exe
2014-05-16 20:49 - 2014-05-16 20:49 - 00000998 _____ () C:\Users\abruzzeseredbklyn706\Desktop\checkup.txt
2014-05-16 20:46 - 2014-05-16 20:46 - 00854367 _____ () C:\Users\abruzzeseredbklyn706\Desktop\SecurityCheck.exe
2014-05-11 11:49 - 2014-05-11 11:49 - 00000429 _____ () C:\Users\abruzzeseredbklyn706\Desktop\aswMBR.txt
2014-05-11 11:48 - 2014-05-11 11:48 - 04745728 _____ (AVAST Software) C:\Users\abruzzeseredbklyn706\Desktop\aswMBR.exe
2014-05-11 11:08 - 2014-05-11 11:08 - 00001915 _____ () C:\Users\abruzzeseredbklyn706\Desktop\attach.zip
2014-05-11 10:05 - 2014-05-11 11:09 - 00016496 _____ () C:\Users\abruzzeseredbklyn706\Desktop\dds.txt
2014-05-11 10:05 - 2014-05-11 11:09 - 00005830 _____ () C:\Users\abruzzeseredbklyn706\Desktop\attach.txt
2014-05-11 09:59 - 2014-05-11 09:59 - 00688992 ____R (Swearware) C:\Users\abruzzeseredbklyn706\Desktop\dds.scr

==================== One Month Modified Files and Folders =======

2014-05-31 13:19 - 2014-05-23 16:52 - 01061584 _____ () C:\WINDOWS\WindowsUpdate.log
2014-05-31 13:19 - 2014-05-23 16:36 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\AppData\Local\Temp
2014-05-31 13:19 - 2014-05-16 21:28 - 00013754 _____ () C:\Users\abruzzeseredbklyn706\Desktop\FRST.txt
2014-05-31 13:19 - 2014-05-16 21:28 - 00000000 ____D () C:\FRST
2014-05-31 13:18 - 2014-05-31 13:18 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\Desktop\FRST-OlderVersion
2014-05-31 13:18 - 2014-05-16 21:27 - 02066944 _____ (Farbar) C:\Users\abruzzeseredbklyn706\Desktop\FRST64.exe
2014-05-31 13:18 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-05-31 13:11 - 2014-05-23 20:11 - 00003990 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{CD8E812C-A22F-4D92-846F-C8431B9273A3}
2014-05-30 23:00 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-05-30 22:59 - 2014-05-28 20:15 - 00000000 ____D () C:\Program Files (x86)\JavaLive! Manager
2014-05-30 21:43 - 2013-09-26 22:39 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2700142147-97012374-720385256-1001
2014-05-30 21:38 - 2014-05-30 21:38 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-30 21:28 - 2013-02-28 00:35 - 00000000 ____D () C:\ProgramData\WinClon
2014-05-30 21:25 - 2014-05-30 21:25 - 00000000 ___RD () C:\Users\abruzzeseredbklyn706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-05-30 21:24 - 2014-03-18 02:54 - 00005174 _____ () C:\WINDOWS\PFRO.log
2014-05-30 21:24 - 2013-08-22 07:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-05-30 21:23 - 2013-08-22 06:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-05-30 21:21 - 2014-05-28 20:13 - 00000000 ____D () C:\Program Files\003
2014-05-30 21:21 - 2014-01-22 11:45 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\AppData\Local\Weather_Warnings_LLC
2014-05-30 21:21 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\Resources
2014-05-30 21:10 - 2014-05-16 20:59 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-30 21:10 - 2014-03-18 03:03 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-05-28 21:15 - 2014-05-28 21:15 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2014-05-28 21:15 - 2013-08-22 07:46 - 00286200 _____ () C:\WINDOWS\setupact.log
2014-05-28 20:59 - 2014-05-28 20:10 - 00000000 ____D () C:\Program Files (x86)\sizlsearch
2014-05-28 20:48 - 2014-05-28 20:14 - 00000000 ____D () C:\temp
2014-05-28 20:48 - 2014-05-28 20:09 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-05-28 20:48 - 2014-01-22 11:45 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Storm Alerts
2014-05-28 20:48 - 2014-01-22 11:45 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts
2014-05-28 20:48 - 2013-09-26 22:33 - 00000000 ___RD () C:\Users\abruzzeseredbklyn706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-28 20:31 - 2012-07-26 00:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-05-28 20:28 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\restore
2014-05-28 20:23 - 2014-03-21 12:27 - 00005656 _____ () C:\WINDOWS\system32\SecureAssist.ini
2014-05-28 20:23 - 2014-03-21 12:27 - 00002608 _____ () C:\WINDOWS\SysWOW64\SecureAssistOff.ini
2014-05-28 20:23 - 2014-03-21 12:27 - 00002608 _____ () C:\WINDOWS\system32\SecureAssistOff.ini
2014-05-28 20:22 - 2014-05-28 20:22 - 00000919 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-28 20:22 - 2014-05-28 20:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-28 20:22 - 2014-05-28 20:22 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-28 20:22 - 2014-05-16 20:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-28 20:21 - 2014-05-28 20:18 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\abruzzeseredbklyn706\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-28 20:18 - 2013-02-28 00:25 - 00000000 ____D () C:\ProgramData\Temp
2014-05-28 20:17 - 2014-05-28 20:17 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\Documents\Optimizer Pro
2014-05-28 20:15 - 2014-05-28 20:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JavaLive! Manager
2014-05-28 20:09 - 2014-05-28 20:09 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\AppData\Local\SearchProtect
2014-05-27 08:17 - 2013-09-26 22:30 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\AppData\Local\Packages
2014-05-27 08:16 - 2013-02-28 00:39 - 00000000 ____D () C:\ProgramData\Adobe
2014-05-26 20:49 - 2014-05-26 20:49 - 00000284 _____ () C:\Users\abruzzeseredbklyn706\Desktop\My Verizon Login Email, Voicemail, Calls Verizon.url
2014-05-23 20:11 - 2014-05-23 20:11 - 00000000 __SHD () C:\Users\abruzzeseredbklyn706\AppData\Local\EmieUserList
2014-05-23 20:11 - 2014-05-23 20:11 - 00000000 __SHD () C:\Users\abruzzeseredbklyn706\AppData\Local\EmieSiteList
2014-05-23 20:03 - 2013-09-26 22:34 - 00000000 ____D () C:\WINDOWS\System32\Tasks\WPD
2014-05-23 20:02 - 2014-05-23 17:26 - 00000000 ___DC () C:\WINDOWS\Panther
2014-05-23 20:01 - 2014-05-23 20:01 - 00001438 _____ () C:\Users\abruzzeseredbklyn706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-23 20:01 - 2014-05-23 20:01 - 00000020 ___SH () C:\Users\abruzzeseredbklyn706\ntuser.ini
2014-05-23 20:01 - 2014-05-23 16:36 - 00000000 ____D () C:\Users\abruzzeseredbklyn706
2014-05-23 20:01 - 2013-09-26 22:33 - 00000000 ___RD () C:\Users\abruzzeseredbklyn706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-23 17:26 - 2014-05-23 17:26 - 00000000 __SHD () C:\Recovery
2014-05-23 17:26 - 2013-08-22 08:36 - 00262144 _____ () C:\WINDOWS\system32\config\BCD-Template
2014-05-23 17:25 - 2014-05-23 17:25 - 00308224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wusa.exe
2014-05-23 17:25 - 2014-05-23 17:25 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wusa.exe
2014-05-23 17:25 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\setup
2014-05-23 17:24 - 2014-05-23 17:24 - 02900992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 02641920 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 02479616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 02373784 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2014-05-23 17:24 - 2014-05-23 17:24 - 02331000 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 02270208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 02141912 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 02133504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 02088160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2014-05-23 17:24 - 2014-05-23 17:24 - 02030080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 02013016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2014-05-23 17:24 - 2014-05-23 17:24 - 01843712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 01816576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 01779800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 01764864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 01679128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 01656832 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 01557848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2014-05-23 17:24 - 2014-05-23 17:24 - 01542768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 01351168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 01339240 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 01306624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 01291200 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 01112536 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 01095488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 01066496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2014-05-23 17:24 - 2014-05-23 17:24 - 01036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 01015808 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00924160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00887296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00836096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00834560 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2014-05-23 17:24 - 2014-05-23 17:24 - 00800256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00717312 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00669696 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00655360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00621568 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2014-05-23 17:24 - 2014-05-23 17:24 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00518552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00512000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidprov.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00488280 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00467800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2014-05-23 17:24 - 2014-05-23 17:24 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlangpui.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2014-05-23 17:24 - 2014-05-23 17:24 - 00406912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00390488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00387210 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-05-23 17:24 - 2014-05-23 17:24 - 00386560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlangpui.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00379224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2014-05-23 17:24 - 2014-05-23 17:24 - 00376152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2014-05-23 17:24 - 2014-05-23 17:24 - 00360512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidprov.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00356848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00355832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationApi.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SessEnv.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\pdh.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00283648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2014-05-23 17:24 - 2014-05-23 17:24 - 00280576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SessEnv.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmWmiPl.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\spp.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00264192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2014-05-23 17:24 - 2014-05-23 17:24 - 00262656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LocationApi.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00254976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pdh.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spp.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00212992 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00201216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReInfo.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00197632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWfdProvider.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReInfo.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00171008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00157016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys
2014-05-23 17:24 - 2014-05-23 17:24 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2014-05-23 17:24 - 2014-05-23 17:24 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00136024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2014-05-23 17:24 - 2014-05-23 17:24 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2014-05-23 17:24 - 2014-05-23 17:24 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpnpmgr.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevPropMgr.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00113648 _____ (Microsoft Corporation) C:\WINDOWS\system32\userenv.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2014-05-23 17:24 - 2014-05-23 17:24 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvinst.exe
2014-05-23 17:24 - 2014-05-23 17:24 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvinst.exe
2014-05-23 17:24 - 2014-05-23 17:24 - 00094016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\userenv.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMapi.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\davclnt.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxproxy.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\w32tm.exe
2014-05-23 17:24 - 2014-05-23 17:24 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\IPMIDrv.sys
2014-05-23 17:24 - 2014-05-23 17:24 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\w32tm.exe
2014-05-23 17:24 - 2014-05-23 17:24 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\l2gpstore.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\l2gpstore.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvcfg.exe
2014-05-23 17:24 - 2014-05-23 17:24 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpipreg.sys
2014-05-23 17:24 - 2014-05-23 17:24 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SetNetworkLocation.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sxproxy.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys
2014-05-23 17:24 - 2014-05-23 17:24 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialMigrationHandler.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll
2014-05-23 17:22 - 2014-05-23 17:22 - 03464192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-05-23 17:22 - 2014-05-23 17:22 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-05-23 17:22 - 2014-05-23 17:22 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-05-23 17:22 - 2014-05-23 17:22 - 01705472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-05-23 17:22 - 2014-05-23 17:22 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-05-23 17:22 - 2014-05-23 17:22 - 00921088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-05-23 17:22 - 2014-05-23 17:22 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-05-23 17:22 - 2014-05-23 17:22 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-05-23 17:22 - 2014-05-23 17:22 - 00754688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-05-23 17:22 - 2014-05-23 17:22 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-05-23 17:22 - 2014-05-23 17:22 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-05-23 17:22 - 2014-05-23 17:22 - 00419928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2014-05-23 17:22 - 2014-05-23 17:22 - 00381440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-05-23 17:22 - 2014-05-23 17:22 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-23 17:22 - 2014-05-23 17:22 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2014-05-23 17:22 - 2014-05-23 17:22 - 00190976 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2014-05-23 17:22 - 2014-05-23 17:22 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-23 17:22 - 2014-05-23 17:22 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-05-23 17:22 - 2014-05-23 17:22 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-05-23 17:22 - 2014-05-23 17:22 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-05-23 17:22 - 2014-05-23 17:22 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-05-23 17:22 - 2014-05-23 17:22 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-05-23 17:22 - 2014-05-23 17:22 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-05-23 17:22 - 2014-05-23 17:22 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-05-23 17:22 - 2014-05-23 17:22 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-05-23 17:22 - 2014-05-23 17:22 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-05-23 17:22 - 2014-05-23 17:22 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2014-05-23 17:22 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-05-23 17:22 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\SecureBootUpdates
2014-05-23 17:21 - 2014-05-23 17:21 - 00257880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-05-23 17:21 - 2014-05-23 17:21 - 00123224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-05-23 17:21 - 2014-05-23 17:21 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-05-23 17:21 - 2013-08-22 08:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-05-23 17:21 - 2013-08-22 08:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2014-05-23 17:21 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-23 17:21 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-23 17:21 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-05-23 17:21 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-05-23 17:20 - 2014-05-23 17:20 - 21268952 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 18755672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 16872448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 08652800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 07425368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2014-05-23 17:20 - 2014-05-23 17:20 - 07173120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 06645248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 05833216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 05774848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 05104640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 04269056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-05-23 17:20 - 2014-05-23 17:20 - 03359744 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 02688000 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 02518360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-05-23 17:20 - 2014-05-23 17:20 - 02144984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 02124840 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 02100736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 01797896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 01584128 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 01527296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 01466856 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 01436160 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2014-05-23 17:20 - 2014-05-23 17:20 - 01411584 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 01403856 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 01379064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 01308160 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 01287168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 01222656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 01209616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 01200288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2014-05-23 17:20 - 2014-05-23 17:20 - 01126912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 01029120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 01025024 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00955904 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00918528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00881616 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00872448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-05-23 17:20 - 2014-05-23 17:20 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00836608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00805376 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00765408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00731648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00731648 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00718336 _____ (Microsoft Corporation) C:\WINDOWS\system32\swprv.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00707048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2014-05-23 17:20 - 2014-05-23 17:20 - 00669856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00629760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00609448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00589656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2014-05-23 17:20 - 2014-05-23 17:20 - 00565536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-05-23 17:20 - 2014-05-23 17:20 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-05-23 17:20 - 2014-05-23 17:20 - 00518544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00491744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\GeofenceMonitorService.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00486912 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2014-05-23 17:20 - 2014-05-23 17:20 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00467496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00463256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00449536 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2014-05-23 17:20 - 2014-05-23 17:20 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-05-23 17:20 - 2014-05-23 17:20 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00407016 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2014-05-23 17:20 - 2014-05-23 17:20 - 00406504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2014-05-23 17:20 - 2014-05-23 17:20 - 00387896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00384856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2014-05-23 17:20 - 2014-05-23 17:20 - 00372568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2014-05-23 17:20 - 2014-05-23 17:20 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2014-05-23 17:20 - 2014-05-23 17:20 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00364640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00360792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2014-05-23 17:20 - 2014-05-23 17:20 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GeofenceMonitorService.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00337240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2014-05-23 17:20 - 2014-05-23 17:20 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2014-05-23 17:20 - 2014-05-23 17:20 - 00326024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00324888 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00310616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2014-05-23 17:20 - 2014-05-23 17:20 - 00307304 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00305768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00300544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00285144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00275800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2014-05-23 17:20 - 2014-05-23 17:20 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\rstrui.exe
2014-05-23 17:20 - 2014-05-23 17:20 - 00263424 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2014-05-23 17:20 - 2014-05-23 17:20 - 00250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2014-05-23 17:20 - 2014-05-23 17:20 - 00244880 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2014-05-23 17:20 - 2014-05-23 17:20 - 00233912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00230808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2014-05-23 17:20 - 2014-05-23 17:20 - 00201920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00201216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00191488 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpchttp.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00180056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2014-05-23 17:20 - 2014-05-23 17:20 - 00178184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00130144 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00125496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00111528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpapi.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00098584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2014-05-23 17:20 - 2014-05-23 17:20 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\srclient.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srclient.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\energyprov.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\tlscsp.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tlscsp.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00032600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ploptin.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00028408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe
2014-05-23 17:20 - 2014-05-23 17:20 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8thk.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanhlp.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanhlp.dll
2014-05-23 17:19 - 2014-05-23 17:19 - 00262144 _____ () C:\WINDOWS\system32\config\userdiff
2014-05-23 17:17 - 2014-05-23 17:17 - 00000000 ____D () C:\Program Files\Reference Assemblies
2014-05-23 17:17 - 2014-05-23 17:17 - 00000000 ____D () C:\Program Files\MSBuild
2014-05-23 17:17 - 2014-05-23 17:17 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies
2014-05-23 17:17 - 2014-05-23 17:17 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-05-23 16:55 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-05-23 16:52 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\Registration
2014-05-23 16:52 - 2013-08-22 06:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-05-23 16:51 - 2014-05-23 16:51 - 00022744 _____ () C:\WINDOWS\system32\emptyregdb.dat
2014-05-23 16:51 - 2014-05-23 16:36 - 00020958 _____ () C:\WINDOWS\diagwrn.xml
2014-05-23 16:51 - 2014-05-23 16:36 - 00020958 _____ () C:\WINDOWS\diagerr.xml
2014-05-23 16:51 - 2014-05-23 15:46 - 00006611 _____ () C:\WINDOWS\comsetup.log
2014-05-23 16:48 - 2013-08-22 08:36 - 00000000 __RSD () C:\WINDOWS\Media
2014-05-23 16:48 - 2013-08-22 08:36 - 00000000 __RHD () C:\Users\Public\Libraries
2014-05-23 16:44 - 2013-08-22 07:44 - 03347520 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-05-23 16:43 - 2014-01-22 11:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Driver Kit
2014-05-23 16:43 - 2014-01-18 13:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InstallConverter
2014-05-23 16:43 - 2013-12-29 11:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-05-23 16:43 - 2013-08-22 06:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2014-05-23 16:43 - 2013-02-28 00:55 - 00000000 ____D () C:\WINDOWS\fr
2014-05-23 16:43 - 2013-02-28 00:54 - 00000000 ____D () C:\WINDOWS\es
2014-05-23 16:43 - 2013-02-28 00:54 - 00000000 ____D () C:\WINDOWS\en
2014-05-23 16:43 - 2013-02-28 00:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel AppUp(SM) center
2014-05-23 16:43 - 2013-02-28 00:28 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Power2Go 8
2014-05-23 16:43 - 2013-02-28 00:27 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 10
2014-05-23 16:43 - 2013-02-28 00:21 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BT Program
2014-05-23 16:43 - 2013-02-28 00:19 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2014-05-23 16:43 - 2013-02-27 23:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2014-05-23 16:41 - 2014-05-23 16:41 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-05-23 16:41 - 2014-03-18 02:32 - 00000000 ____D () C:\WINDOWS\SysWOW64\WCN
2014-05-23 16:41 - 2014-03-18 02:32 - 00000000 ____D () C:\WINDOWS\SysWOW64\sysprep
2014-05-23 16:41 - 2014-03-18 02:32 - 00000000 ____D () C:\WINDOWS\system32\WCN
2014-05-23 16:41 - 2013-08-22 08:37 - 00004893 _____ () C:\WINDOWS\DtcInstall.log
2014-05-23 16:41 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\MUI
2014-05-23 16:41 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\migwiz
2014-05-23 16:41 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\IME
2014-05-23 16:41 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\WinBioPlugIns
2014-05-23 16:41 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\spool
2014-05-23 16:41 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-05-23 16:41 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\MUI
2014-05-23 16:41 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\IME
2014-05-23 16:41 - 2013-08-22 06:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\SMI
2014-05-23 16:41 - 2013-08-22 06:36 - 00000000 ____D () C:\WINDOWS\system32\oobe
2014-05-23 16:41 - 2012-07-25 22:37 - 00000000 ____D () C:\Users\Default.migrated
2014-05-23 16:40 - 2013-08-22 08:43 - 00000000 ____D () C:\WINDOWS\DigitalLocker
2014-05-23 16:40 - 2013-08-22 08:36 - 00000000 __SHD () C:\Program Files (x86)\Windows Sidebar
2014-05-23 16:40 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-05-23 16:40 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\IME
2014-05-23 16:40 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\Help
2014-05-23 16:40 - 2013-02-28 01:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitcasa
2014-05-23 16:40 - 2013-02-28 00:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PopCap Games
2014-05-23 16:40 - 2012-08-05 14:11 - 00000000 ____D () C:\ProgramData\PRICache
2014-05-23 16:39 - 2014-05-23 16:30 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-05-23 16:39 - 2014-05-23 16:29 - 00000000 ____D () C:\Program Files\Elantech
2014-05-23 16:39 - 2013-08-22 08:36 - 00000000 __SHD () C:\Program Files\Windows Sidebar
2014-05-23 16:39 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files\Common Files\System
2014-05-23 16:39 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-05-23 16:37 - 2014-05-23 16:37 - 00000000 ____D () C:\WINDOWS\system32\config\bbimigrate
2014-05-23 16:37 - 2014-05-23 16:36 - 00000000 ___RD () C:\Users\abruzzeseredbklyn706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-23 16:37 - 2014-05-23 16:36 - 00000000 ___RD () C:\Users\abruzzeseredbklyn706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-05-23 16:37 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\Recovery
2014-05-23 16:30 - 2013-08-22 07:46 - 00000084 _____ () C:\WINDOWS\setuperr.log
2014-05-23 16:29 - 2014-05-23 16:29 - 00000000 ____D () C:\WINDOWS\SysWOW64\RTCOM
2014-05-23 16:29 - 2014-05-23 16:29 - 00000000 ____D () C:\WINDOWS\system32\SRSLabs
2014-05-23 16:29 - 2014-05-23 16:29 - 00000000 ____D () C:\Program Files\Realtek
2014-05-23 16:28 - 2013-08-22 06:36 - 00000000 __RHD () C:\Users\Default
2014-05-23 16:07 - 2013-02-27 23:23 - 01446159 _____ () C:\WINDOWS\WindowsUpdate (1).log
2014-05-23 14:31 - 2012-07-26 01:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent
2014-05-22 21:14 - 2013-12-29 11:42 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\AppData\Roaming\Skype
2014-05-22 20:53 - 2014-05-22 20:53 - 00000701 _____ () C:\Users\abruzzeseredbklyn706\Desktop\JRT.txt
2014-05-22 20:48 - 2014-05-22 20:48 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-05-22 20:47 - 2014-05-22 20:47 - 01016261 _____ (Thisisu) C:\Users\abruzzeseredbklyn706\Desktop\JRT.exe
2014-05-22 20:43 - 2014-05-20 21:14 - 00000000 ____D () C:\AdwCleaner
2014-05-20 21:13 - 2014-05-20 21:13 - 01326389 _____ () C:\Users\abruzzeseredbklyn706\Desktop\AdwCleaner.exe
2014-05-17 20:23 - 2013-10-08 17:33 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-05-17 20:22 - 2013-10-08 17:33 - 93223848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-05-17 20:19 - 2013-02-28 00:47 - 00000000 ____D () C:\Users\EasySurvey
2014-05-16 21:29 - 2014-05-16 21:29 - 00023839 _____ () C:\Users\abruzzeseredbklyn706\Desktop\Addition.txt
2014-05-16 21:11 - 2014-05-16 20:54 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\Desktop\mbar
2014-05-16 20:52 - 2014-05-16 20:50 - 12589848 _____ (Malwarebytes Corp.) C:\Users\abruzzeseredbklyn706\Desktop\mbar-1.07.0.1009.exe
2014-05-16 20:49 - 2014-05-16 20:49 - 00000998 _____ () C:\Users\abruzzeseredbklyn706\Desktop\checkup.txt
2014-05-16 20:46 - 2014-05-16 20:46 - 00854367 _____ () C:\Users\abruzzeseredbklyn706\Desktop\SecurityCheck.exe
2014-05-12 07:26 - 2014-05-28 20:22 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-05-12 07:26 - 2014-05-16 20:55 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-05-12 07:25 - 2014-05-28 20:22 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-05-11 11:49 - 2014-05-11 11:49 - 00000429 _____ () C:\Users\abruzzeseredbklyn706\Desktop\aswMBR.txt
2014-05-11 11:48 - 2014-05-11 11:48 - 04745728 _____ (AVAST Software) C:\Users\abruzzeseredbklyn706\Desktop\aswMBR.exe
2014-05-11 11:09 - 2014-05-11 10:05 - 00016496 _____ () C:\Users\abruzzeseredbklyn706\Desktop\dds.txt
2014-05-11 11:09 - 2014-05-11 10:05 - 00005830 _____ () C:\Users\abruzzeseredbklyn706\Desktop\attach.txt
2014-05-11 11:08 - 2014-05-11 11:08 - 00001915 _____ () C:\Users\abruzzeseredbklyn706\Desktop\attach.zip
2014-05-11 11:05 - 2013-12-29 12:08 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\AppData\Local\CrashDumps
2014-05-11 09:59 - 2014-05-11 09:59 - 00688992 ____R (Swearware) C:\Users\abruzzeseredbklyn706\Desktop\dds.scr
2014-05-05 21:40 - 2014-05-26 21:01 - 23544320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-05-05 20:25 - 2014-05-26 21:01 - 17382912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-05-05 20:00 - 2014-05-26 21:01 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-05-05 19:10 - 2014-05-26 21:01 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-05-01 13:30 - 2013-08-22 08:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-05-01 13:30 - 2013-08-22 08:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2014-05-23 17:20] - [2014-05-23 17:20] - 0407016 ____A (Microsoft Corporation) 067CB90C277DB4A737D5DEABA3055972

C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2014-05-23 17:20] - [2014-05-23 17:20] - 0310616 ____A (Microsoft Corporation) 4BB9BC49DEE1A319EC58274A7BBED663



LastRegBack: 2014-05-23 16:27

==================== End Of Log ============================

Hi Red Prince,

Glad we seem to making some progress. It does appear that the Java Live was a piece of malware based on the screenshot you provided. There are still a few items listed in the FRST scan, so let's attack those and see where we are after this next fix.

Go ahead and use the information provide earlier to install Java, then reboot and continue. Be careful so Java doesn't install any "third party extras".

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) FRST Fix Script

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt



AppInit_DLLs: C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\SPVC64~1.DLL => C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\SPVC64~1.DLL File Not Found
AppInit_DLLs-x32: c:\progra~2\search~1\search~1\bin\spvc32~1.dll => "c:\progra~2\search~1\search~1\bin\spvc32~1.dll" File Not Found
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3319709&octid=EB_ORIGINAL_CTID&ISID=MCB6F9008-0864-4F09-9DD9-3C6CFAB60F2F&SearchSource=58&CUI=&UM=5&UP=SPE8491576-F5C6-4836-AFA3-9987B8A13553&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3319709&octid=EB_ORIGINAL_CTID&ISID=MCB6F9008-0864-4F09-9DD9-3C6CFAB60F2F&SearchSource=58&CUI=&UM=5&UP=SPE8491576-F5C6-4836-AFA3-9987B8A13553&q={searchTerms}&SSPV=
SearchScopes: HKCU - {CA263134-BB82-4DF6-B504-6BB870E632DA} URL =
2014-05-28 20:17 - 2014-05-28 20:17 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\Documents\Optimizer Pro
2014-05-28 20:15 - 2014-05-30 22:58 - 00000000 ____D () C:\Program Files (x86)\JavaLive! Manager
2014-05-28 20:15 - 2014-05-28 20:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JavaLive! Manager
2014-05-28 20:14 - 2014-05-28 20:48 - 00000000 ____D () C:\temp
2014-05-28 20:13 - 2014-05-30 21:21 - 00000000 ____D () C:\Program Files\003
2014-05-28 20:10 - 2014-05-28 20:59 - 00000000 ____D () C:\Program Files (x86)\sizlsearch
2014-05-28 20:09 - 2014-05-28 20:48 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-05-28 20:09 - 2014-05-28 20:09 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\AppData\Local\SearchProtect
2014-05-28 20:48 - 2014-01-22 11:45 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Storm Alerts
2014-05-28 20:48 - 2014-01-22 11:45 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Reboot

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Re-run Farbar Recovery Scan Tool it should be on your desktop.


Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
=========================

In your next post please provide the following:

Fixlog.txt
New FRST.txt
How does the computer seem to be running?

Hi OCD

Computer seems to be running pretty good. I haven't seen any popups lately. I did attach a screen shot of a dialogue box that popped up after re-booting after the first FRST reboot you requested. Seems like "something" changed the home page back to Bing but still...no issues after that Maybe it is an IE interjection, seems pretty harmless but the language "a program on your computer has corrupted..." is kind of weird sounding. Anyways....


I've attached the fixlog and fix test as you requested.

Hopefully, we are pretty clean at this point. Thanks again for your help.

FRST Scan results:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-06-2014
Ran by abruzzeseredbklyn706 (administrator) on REDPRINCE on 02-06-2014 20:40:15
Running from C:\Users\abruzzeseredbklyn706\Desktop
Platform: Windows 8.1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe\livecomm.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Support Center\GuaranaAgent.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2872176 2012-10-08] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13263072 2012-12-12] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1260256 2013-01-04] (Realtek Semiconductor)
HKLM\...\Run: [BtTray] => C:\Program Files (x86)\Bluetooth Suite\BtTray.exe [766080 2012-10-31] (Qualcomm Atheros)
HKLM\...\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [127616 2012-10-31] (Qualcomm Atheros Commnucations)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM\...\Run: [Bitcasa] => C:\Program Files\Bitcasa\Bitcasa.exe [4365824 2012-12-27] (Bitcasa, Inc)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2012-04-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-04-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-13] (Intel Corporation)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-14] (Symantec Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2700142147-97012374-720385256-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-2700142147-97012374-720385256-1001\...\Run: [PC Driver Kit] => C:\Program Files (x86)\PC Driver Kit\PCDKLauncher.exe [201528 2013-10-07] (PC Health Labs)
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://t.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung13.msn.com
SearchScopes: HKLM - DefaultScope {CA263134-BB82-4DF6-B504-6BB870E632DA} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM - {CA263134-BB82-4DF6-B504-6BB870E632DA} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKLM-x32 - {CA263134-BB82-4DF6-B504-6BB870E632DA} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MASMJS
SearchScopes: HKCU - DefaultScope {CA263134-BB82-4DF6-B504-6BB870E632DA} URL =
SearchScopes: HKCU - {CA263134-BB82-4DF6-B504-6BB870E632DA} URL =
BHO: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

==================== Services (Whitelisted) =================

R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [172104 2013-01-26] (Adobe Systems Incorporated)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [231040 2012-10-31] (Qualcomm Atheros Commnucations)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1591176 2012-11-30] (Samsung Electronics CO., LTD.)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-14] (Symantec Corporation)
R2 SWUpdateService; C:\Program Files (x86)\Samsung\SW Update\SWMAgent.exe [2883120 2013-01-24] (Samsung Electronics CO., LTD.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-05-23] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-05-23] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-10-31] (Atheros)

==================== Drivers (Whitelisted) ====================

S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Windows (R) Win 7 DDK provider)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-10-31] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [352456 2012-08-05] (EldoS Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-24] (CyberLink)
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-09] (Intel Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2014-03-18] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-09] (Corel Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924504 2014-03-18] (Microsoft Corporation)
R2 SAWFP; C:\WINDOWS\system32\Drivers\SAWFP64.sys [41768 2014-03-18] (SecureAssist)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2014-03-18] (Microsoft Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2014-03-18] (Microsoft Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-05-23] (Microsoft Corporation)
R0 Wof; C:\Windows\System32\Drivers\Wof.sys [157016 2014-05-23] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-06-02 20:36 - 2014-06-02 20:36 - 00000000 ___RD () C:\Users\abruzzeseredbklyn706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-06-02 20:26 - 2014-06-02 20:26 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\AppData\Roaming\Oracle
2014-06-02 20:24 - 2014-06-02 20:24 - 00000000 ____D () C:\ProgramData\Sun
2014-06-02 20:24 - 2014-06-02 20:24 - 00000000 ____D () C:\ProgramData\Oracle
2014-06-02 20:24 - 2014-06-02 20:23 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-06-02 20:23 - 2014-06-02 20:23 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-06-02 20:23 - 2014-06-02 20:23 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-06-02 20:23 - 2014-06-02 20:23 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-06-02 20:23 - 2014-06-02 20:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-02 20:23 - 2014-06-02 20:23 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-02 20:19 - 2014-06-02 20:19 - 00918952 _____ (Oracle Corporation) C:\Users\abruzzeseredbklyn706\Downloads\JavaSetup7u60.com
2014-05-31 13:18 - 2014-06-02 20:33 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\Desktop\FRST-OlderVersion
2014-05-30 21:38 - 2014-05-30 21:38 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-28 21:15 - 2014-05-28 21:15 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2014-05-28 20:23 - 2014-03-18 15:12 - 00041768 _____ (SecureAssist) C:\WINDOWS\system32\Drivers\SAWFP64.sys
2014-05-28 20:22 - 2014-05-28 20:22 - 00000919 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-28 20:22 - 2014-05-28 20:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-28 20:22 - 2014-05-28 20:22 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-28 20:22 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-05-28 20:22 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-05-28 20:18 - 2014-05-28 20:21 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\abruzzeseredbklyn706\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-26 21:01 - 2014-05-05 21:40 - 23544320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-05-26 21:01 - 2014-05-05 20:25 - 17382912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-05-26 21:01 - 2014-05-05 20:00 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-05-26 21:01 - 2014-05-05 19:10 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-05-26 20:58 - 2014-04-08 15:46 - 00086688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt_map.dll
2014-05-26 20:58 - 2014-04-08 15:46 - 00028320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mrt100.dll
2014-05-26 20:58 - 2014-04-08 11:54 - 00080032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt_map.dll
2014-05-26 20:58 - 2014-04-08 11:54 - 00026784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mrt100.dll
2014-05-26 20:49 - 2014-05-26 20:49 - 00000284 _____ () C:\Users\abruzzeseredbklyn706\Desktop\My Verizon Login Email, Voicemail, Calls Verizon.url
2014-05-23 20:11 - 2014-06-02 20:14 - 00003990 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{CD8E812C-A22F-4D92-846F-C8431B9273A3}
2014-05-23 20:11 - 2014-05-23 20:11 - 00000000 __SHD () C:\Users\abruzzeseredbklyn706\AppData\Local\EmieUserList
2014-05-23 20:11 - 2014-05-23 20:11 - 00000000 __SHD () C:\Users\abruzzeseredbklyn706\AppData\Local\EmieSiteList
2014-05-23 20:01 - 2014-05-23 20:01 - 00001438 _____ () C:\Users\abruzzeseredbklyn706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-23 20:01 - 2014-05-23 20:01 - 00000020 ___SH () C:\Users\abruzzeseredbklyn706\ntuser.ini
2014-05-23 17:26 - 2014-05-23 20:02 - 00000000 ___DC () C:\WINDOWS\Panther
2014-05-23 17:26 - 2014-05-23 17:26 - 00000000 __SHD () C:\Recovery
2014-05-23 17:25 - 2014-05-23 17:25 - 00308224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wusa.exe
2014-05-23 17:25 - 2014-05-23 17:25 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wusa.exe
2014-05-23 17:24 - 2014-05-23 17:24 - 02900992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 02641920 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 02479616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 02373784 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2014-05-23 17:24 - 2014-05-23 17:24 - 02331000 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 02270208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 02141912 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 02133504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 02088160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2014-05-23 17:24 - 2014-05-23 17:24 - 02030080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 02013016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2014-05-23 17:24 - 2014-05-23 17:24 - 01843712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 01816576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 01779800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 01764864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 01679128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 01656832 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 01557848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2014-05-23 17:24 - 2014-05-23 17:24 - 01542768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 01351168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 01339240 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 01306624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 01291200 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 01112536 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 01095488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 01066496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2014-05-23 17:24 - 2014-05-23 17:24 - 01036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 01015808 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00924160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00887296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00836096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00834560 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2014-05-23 17:24 - 2014-05-23 17:24 - 00800256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00717312 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00669696 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00655360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00621568 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2014-05-23 17:24 - 2014-05-23 17:24 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00518552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00512000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidprov.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00488280 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00467800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2014-05-23 17:24 - 2014-05-23 17:24 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlangpui.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2014-05-23 17:24 - 2014-05-23 17:24 - 00406912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00390488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00387210 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-05-23 17:24 - 2014-05-23 17:24 - 00386560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlangpui.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00379224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2014-05-23 17:24 - 2014-05-23 17:24 - 00376152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2014-05-23 17:24 - 2014-05-23 17:24 - 00360512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidprov.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00356848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00355832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationApi.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SessEnv.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\pdh.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00283648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2014-05-23 17:24 - 2014-05-23 17:24 - 00280576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SessEnv.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmWmiPl.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\spp.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00264192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2014-05-23 17:24 - 2014-05-23 17:24 - 00262656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LocationApi.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00254976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pdh.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spp.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00212992 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00201216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReInfo.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00197632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWfdProvider.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReInfo.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00171008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00157016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys
2014-05-23 17:24 - 2014-05-23 17:24 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2014-05-23 17:24 - 2014-05-23 17:24 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00136024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2014-05-23 17:24 - 2014-05-23 17:24 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2014-05-23 17:24 - 2014-05-23 17:24 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpnpmgr.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevPropMgr.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00113648 _____ (Microsoft Corporation) C:\WINDOWS\system32\userenv.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2014-05-23 17:24 - 2014-05-23 17:24 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvinst.exe
2014-05-23 17:24 - 2014-05-23 17:24 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvinst.exe
2014-05-23 17:24 - 2014-05-23 17:24 - 00094016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\userenv.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMapi.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\davclnt.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxproxy.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\w32tm.exe
2014-05-23 17:24 - 2014-05-23 17:24 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\IPMIDrv.sys
2014-05-23 17:24 - 2014-05-23 17:24 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\w32tm.exe
2014-05-23 17:24 - 2014-05-23 17:24 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\l2gpstore.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\l2gpstore.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvcfg.exe
2014-05-23 17:24 - 2014-05-23 17:24 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpipreg.sys
2014-05-23 17:24 - 2014-05-23 17:24 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SetNetworkLocation.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sxproxy.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys
2014-05-23 17:24 - 2014-05-23 17:24 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialMigrationHandler.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll
2014-05-23 17:22 - 2014-05-23 17:22 - 03464192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-05-23 17:22 - 2014-05-23 17:22 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-05-23 17:22 - 2014-05-23 17:22 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-05-23 17:22 - 2014-05-23 17:22 - 01705472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-05-23 17:22 - 2014-05-23 17:22 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-05-23 17:22 - 2014-05-23 17:22 - 00921088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-05-23 17:22 - 2014-05-23 17:22 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-05-23 17:22 - 2014-05-23 17:22 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-05-23 17:22 - 2014-05-23 17:22 - 00754688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-05-23 17:22 - 2014-05-23 17:22 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-05-23 17:22 - 2014-05-23 17:22 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-05-23 17:22 - 2014-05-23 17:22 - 00419928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2014-05-23 17:22 - 2014-05-23 17:22 - 00381440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-05-23 17:22 - 2014-05-23 17:22 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-23 17:22 - 2014-05-23 17:22 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2014-05-23 17:22 - 2014-05-23 17:22 - 00190976 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2014-05-23 17:22 - 2014-05-23 17:22 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-23 17:22 - 2014-05-23 17:22 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-05-23 17:22 - 2014-05-23 17:22 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-05-23 17:22 - 2014-05-23 17:22 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-05-23 17:22 - 2014-05-23 17:22 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-05-23 17:22 - 2014-05-23 17:22 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-05-23 17:22 - 2014-05-23 17:22 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-05-23 17:22 - 2014-05-23 17:22 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-05-23 17:22 - 2014-05-23 17:22 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-05-23 17:22 - 2014-05-23 17:22 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-05-23 17:22 - 2014-05-23 17:22 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2014-05-23 17:21 - 2014-05-23 17:21 - 00257880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-05-23 17:21 - 2014-05-23 17:21 - 00123224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-05-23 17:21 - 2014-05-23 17:21 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-05-23 17:20 - 2014-05-23 17:20 - 21268952 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 18755672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 16872448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 08652800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 07425368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2014-05-23 17:20 - 2014-05-23 17:20 - 07173120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 06645248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 05833216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 05774848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 05104640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 04269056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-05-23 17:20 - 2014-05-23 17:20 - 03359744 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 02688000 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 02518360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-05-23 17:20 - 2014-05-23 17:20 - 02144984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 02124840 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 02100736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 01797896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 01584128 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 01527296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 01466856 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 01436160 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2014-05-23 17:20 - 2014-05-23 17:20 - 01411584 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 01403856 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 01379064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 01308160 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 01287168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 01222656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 01209616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 01200288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2014-05-23 17:20 - 2014-05-23 17:20 - 01126912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 01029120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 01025024 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00955904 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00918528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00881616 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00872448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-05-23 17:20 - 2014-05-23 17:20 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00836608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00805376 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00765408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00731648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00731648 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00718336 _____ (Microsoft Corporation) C:\WINDOWS\system32\swprv.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00707048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2014-05-23 17:20 - 2014-05-23 17:20 - 00669856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00629760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00609448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00589656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2014-05-23 17:20 - 2014-05-23 17:20 - 00565536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-05-23 17:20 - 2014-05-23 17:20 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-05-23 17:20 - 2014-05-23 17:20 - 00518544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00491744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\GeofenceMonitorService.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00486912 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2014-05-23 17:20 - 2014-05-23 17:20 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00467496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00463256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00449536 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2014-05-23 17:20 - 2014-05-23 17:20 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-05-23 17:20 - 2014-05-23 17:20 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00407016 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2014-05-23 17:20 - 2014-05-23 17:20 - 00406504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2014-05-23 17:20 - 2014-05-23 17:20 - 00387896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00384856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2014-05-23 17:20 - 2014-05-23 17:20 - 00372568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2014-05-23 17:20 - 2014-05-23 17:20 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2014-05-23 17:20 - 2014-05-23 17:20 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00364640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00360792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2014-05-23 17:20 - 2014-05-23 17:20 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GeofenceMonitorService.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00337240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2014-05-23 17:20 - 2014-05-23 17:20 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2014-05-23 17:20 - 2014-05-23 17:20 - 00326024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00324888 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00310616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2014-05-23 17:20 - 2014-05-23 17:20 - 00307304 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00305768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00300544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00285144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00275800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2014-05-23 17:20 - 2014-05-23 17:20 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\rstrui.exe
2014-05-23 17:20 - 2014-05-23 17:20 - 00263424 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2014-05-23 17:20 - 2014-05-23 17:20 - 00250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2014-05-23 17:20 - 2014-05-23 17:20 - 00244880 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2014-05-23 17:20 - 2014-05-23 17:20 - 00233912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00230808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2014-05-23 17:20 - 2014-05-23 17:20 - 00201920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00201216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00191488 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpchttp.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00180056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2014-05-23 17:20 - 2014-05-23 17:20 - 00178184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00130144 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00125496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00111528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpapi.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00098584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2014-05-23 17:20 - 2014-05-23 17:20 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\srclient.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srclient.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\energyprov.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\tlscsp.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tlscsp.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00032600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ploptin.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00028408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe
2014-05-23 17:20 - 2014-05-23 17:20 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8thk.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanhlp.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanhlp.dll
2014-05-23 17:19 - 2014-05-23 17:19 - 00262144 _____ () C:\WINDOWS\system32\config\userdiff
2014-05-23 17:17 - 2014-05-23 17:17 - 00000000 ____D () C:\Program Files\Reference Assemblies
2014-05-23 17:17 - 2014-05-23 17:17 - 00000000 ____D () C:\Program Files\MSBuild
2014-05-23 17:17 - 2014-05-23 17:17 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies
2014-05-23 17:17 - 2014-05-23 17:17 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-05-23 17:16 - 2013-08-02 21:48 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2014-05-23 17:16 - 2013-08-02 21:48 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2014-05-23 17:16 - 2013-08-02 21:48 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2014-05-23 17:16 - 2013-08-02 21:41 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2014-05-23 17:16 - 2013-08-02 21:41 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-05-23 17:16 - 2013-08-02 21:41 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2014-05-23 16:52 - 2014-06-02 20:34 - 01836459 _____ () C:\WINDOWS\WindowsUpdate.log
2014-05-23 16:51 - 2014-05-23 16:51 - 00022744 _____ () C:\WINDOWS\system32\emptyregdb.dat
2014-05-23 16:41 - 2014-05-23 16:41 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-05-23 16:37 - 2014-05-23 16:37 - 00000000 ____D () C:\WINDOWS\system32\config\bbimigrate
2014-05-23 16:36 - 2014-06-02 20:40 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\AppData\Local\Temp
2014-05-23 16:36 - 2014-05-23 20:01 - 00000000 ____D () C:\Users\abruzzeseredbklyn706
2014-05-23 16:36 - 2014-05-23 16:51 - 00020958 _____ () C:\WINDOWS\diagwrn.xml
2014-05-23 16:36 - 2014-05-23 16:51 - 00020958 _____ () C:\WINDOWS\diagerr.xml
2014-05-23 16:36 - 2014-05-23 16:37 - 00000000 ___RD () C:\Users\abruzzeseredbklyn706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-23 16:36 - 2014-05-23 16:37 - 00000000 ___RD () C:\Users\abruzzeseredbklyn706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-05-23 16:36 - 2014-03-18 03:13 - 00000369 _____ () C:\Users\abruzzeseredbklyn706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2014-05-23 16:36 - 2014-03-18 03:13 - 00000369 _____ () C:\Users\abruzzeseredbklyn706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2014-05-23 16:36 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\abruzzeseredbklyn706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-05-23 16:36 - 2013-08-22 08:36 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-05-23 16:30 - 2014-05-23 16:39 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-05-23 16:30 - 2014-03-20 07:53 - 00064000 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2014-05-23 16:30 - 2014-03-20 07:53 - 00060416 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2014-05-23 16:29 - 2014-05-23 16:39 - 00000000 ____D () C:\Program Files\Elantech
2014-05-23 16:29 - 2014-05-23 16:29 - 00000000 ____D () C:\WINDOWS\SysWOW64\RTCOM
2014-05-23 16:29 - 2014-05-23 16:29 - 00000000 ____D () C:\WINDOWS\system32\SRSLabs
2014-05-23 16:29 - 2014-05-23 16:29 - 00000000 ____D () C:\Program Files\Realtek
2014-05-23 15:46 - 2014-05-23 16:51 - 00006611 _____ () C:\WINDOWS\comsetup.log
2014-05-22 20:53 - 2014-05-22 20:53 - 00000701 _____ () C:\Users\abruzzeseredbklyn706\Desktop\JRT.txt
2014-05-22 20:48 - 2014-05-22 20:48 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-05-22 20:47 - 2014-05-22 20:47 - 01016261 _____ (Thisisu) C:\Users\abruzzeseredbklyn706\Desktop\JRT.exe
2014-05-20 21:14 - 2014-05-22 20:43 - 00000000 ____D () C:\AdwCleaner
2014-05-20 21:13 - 2014-05-20 21:13 - 01326389 _____ () C:\Users\abruzzeseredbklyn706\Desktop\AdwCleaner.exe
2014-05-16 21:29 - 2014-05-16 21:29 - 00023839 _____ () C:\Users\abruzzeseredbklyn706\Desktop\Addition.txt
2014-05-16 21:28 - 2014-06-02 20:40 - 00013862 _____ () C:\Users\abruzzeseredbklyn706\Desktop\FRST.txt
2014-05-16 21:28 - 2014-06-02 20:40 - 00000000 ____D () C:\FRST
2014-05-16 21:27 - 2014-06-02 20:33 - 02068992 _____ (Farbar) C:\Users\abruzzeseredbklyn706\Desktop\FRST64.exe
2014-05-16 20:59 - 2014-05-30 21:10 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-16 20:59 - 2014-05-28 20:22 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-16 20:55 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-05-16 20:54 - 2014-05-16 21:11 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\Desktop\mbar
2014-05-16 20:50 - 2014-05-16 20:52 - 12589848 _____ (Malwarebytes Corp.) C:\Users\abruzzeseredbklyn706\Desktop\mbar-

Balance of log:

1.07.0.1009.exe
2014-05-16 20:49 - 2014-05-16 20:49 - 00000998 _____ () C:\Users\abruzzeseredbklyn706\Desktop\checkup.txt
2014-05-16 20:46 - 2014-05-16 20:46 - 00854367 _____ () C:\Users\abruzzeseredbklyn706\Desktop\SecurityCheck.exe
2014-05-11 11:49 - 2014-05-11 11:49 - 00000429 _____ () C:\Users\abruzzeseredbklyn706\Desktop\aswMBR.txt
2014-05-11 11:48 - 2014-05-11 11:48 - 04745728 _____ (AVAST Software) C:\Users\abruzzeseredbklyn706\Desktop\aswMBR.exe
2014-05-11 11:08 - 2014-05-11 11:08 - 00001915 _____ () C:\Users\abruzzeseredbklyn706\Desktop\attach.zip
2014-05-11 10:05 - 2014-05-11 11:09 - 00016496 _____ () C:\Users\abruzzeseredbklyn706\Desktop\dds.txt
2014-05-11 10:05 - 2014-05-11 11:09 - 00005830 _____ () C:\Users\abruzzeseredbklyn706\Desktop\attach.txt
2014-05-11 09:59 - 2014-05-11 09:59 - 00688992 ____R (Swearware) C:\Users\abruzzeseredbklyn706\Desktop\dds.scr

==================== One Month Modified Files and Folders =======

2014-06-02 20:40 - 2014-05-23 16:52 - 01837153 _____ () C:\WINDOWS\WindowsUpdate.log
2014-06-02 20:40 - 2014-05-23 16:36 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\AppData\Local\Temp
2014-06-02 20:40 - 2014-05-16 21:28 - 00013862 _____ () C:\Users\abruzzeseredbklyn706\Desktop\FRST.txt
2014-06-02 20:40 - 2014-05-16 21:28 - 00000000 ____D () C:\FRST
2014-06-02 20:39 - 2013-02-28 00:35 - 00000000 ____D () C:\ProgramData\WinClon
2014-06-02 20:38 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-06-02 20:36 - 2014-06-02 20:36 - 00000000 ___RD () C:\Users\abruzzeseredbklyn706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-06-02 20:35 - 2013-08-22 07:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-06-02 20:33 - 2014-05-31 13:18 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\Desktop\FRST-OlderVersion
2014-06-02 20:33 - 2014-05-16 21:27 - 02068992 _____ (Farbar) C:\Users\abruzzeseredbklyn706\Desktop\FRST64.exe
2014-06-02 20:27 - 2014-03-18 02:54 - 00005524 _____ () C:\WINDOWS\PFRO.log
2014-06-02 20:26 - 2014-06-02 20:26 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\AppData\Roaming\Oracle
2014-06-02 20:24 - 2014-06-02 20:24 - 00000000 ____D () C:\ProgramData\Sun
2014-06-02 20:24 - 2014-06-02 20:24 - 00000000 ____D () C:\ProgramData\Oracle
2014-06-02 20:23 - 2014-06-02 20:24 - 00264616 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2014-06-02 20:23 - 2014-06-02 20:23 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaw.exe
2014-06-02 20:23 - 2014-06-02 20:23 - 00175528 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\java.exe
2014-06-02 20:23 - 2014-06-02 20:23 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-06-02 20:23 - 2014-06-02 20:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-06-02 20:23 - 2014-06-02 20:23 - 00000000 ____D () C:\Program Files (x86)\Java
2014-06-02 20:19 - 2014-06-02 20:19 - 00918952 _____ (Oracle Corporation) C:\Users\abruzzeseredbklyn706\Downloads\JavaSetup7u60.com
2014-06-02 20:14 - 2014-05-23 20:11 - 00003990 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{CD8E812C-A22F-4D92-846F-C8431B9273A3}
2014-06-02 20:11 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-05-30 21:43 - 2013-09-26 22:39 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2700142147-97012374-720385256-1001
2014-05-30 21:38 - 2014-05-30 21:38 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-05-30 21:23 - 2013-08-22 06:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-05-30 21:21 - 2014-01-22 11:45 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\AppData\Local\Weather_Warnings_LLC
2014-05-30 21:21 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\Resources
2014-05-30 21:10 - 2014-05-16 20:59 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-05-30 21:10 - 2014-03-18 03:03 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-05-28 21:15 - 2014-05-28 21:15 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2014-05-28 21:15 - 2013-08-22 07:46 - 00286200 _____ () C:\WINDOWS\setupact.log
2014-05-28 20:48 - 2013-09-26 22:33 - 00000000 ___RD () C:\Users\abruzzeseredbklyn706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-28 20:31 - 2012-07-26 00:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-05-28 20:28 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\restore
2014-05-28 20:23 - 2014-03-21 12:27 - 00005656 _____ () C:\WINDOWS\system32\SecureAssist.ini
2014-05-28 20:23 - 2014-03-21 12:27 - 00002608 _____ () C:\WINDOWS\SysWOW64\SecureAssistOff.ini
2014-05-28 20:23 - 2014-03-21 12:27 - 00002608 _____ () C:\WINDOWS\system32\SecureAssistOff.ini
2014-05-28 20:22 - 2014-05-28 20:22 - 00000919 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-05-28 20:22 - 2014-05-28 20:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-28 20:22 - 2014-05-28 20:22 - 00000000 ____D () C:\Program Files\Malwarebytes Anti-Malware
2014-05-28 20:22 - 2014-05-16 20:59 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-28 20:21 - 2014-05-28 20:18 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\abruzzeseredbklyn706\Downloads\mbam-setup-2.0.2.1012.exe
2014-05-28 20:18 - 2013-02-28 00:25 - 00000000 ____D () C:\ProgramData\Temp
2014-05-27 08:17 - 2013-09-26 22:30 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\AppData\Local\Packages
2014-05-27 08:16 - 2013-02-28 00:39 - 00000000 ____D () C:\ProgramData\Adobe
2014-05-26 20:49 - 2014-05-26 20:49 - 00000284 _____ () C:\Users\abruzzeseredbklyn706\Desktop\My Verizon Login Email, Voicemail, Calls Verizon.url
2014-05-23 20:11 - 2014-05-23 20:11 - 00000000 __SHD () C:\Users\abruzzeseredbklyn706\AppData\Local\EmieUserList
2014-05-23 20:11 - 2014-05-23 20:11 - 00000000 __SHD () C:\Users\abruzzeseredbklyn706\AppData\Local\EmieSiteList
2014-05-23 20:03 - 2013-09-26 22:34 - 00000000 ____D () C:\WINDOWS\System32\Tasks\WPD
2014-05-23 20:02 - 2014-05-23 17:26 - 00000000 ___DC () C:\WINDOWS\Panther
2014-05-23 20:01 - 2014-05-23 20:01 - 00001438 _____ () C:\Users\abruzzeseredbklyn706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-23 20:01 - 2014-05-23 20:01 - 00000020 ___SH () C:\Users\abruzzeseredbklyn706\ntuser.ini
2014-05-23 20:01 - 2014-05-23 16:36 - 00000000 ____D () C:\Users\abruzzeseredbklyn706
2014-05-23 20:01 - 2013-09-26 22:33 - 00000000 ___RD () C:\Users\abruzzeseredbklyn706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-23 17:26 - 2014-05-23 17:26 - 00000000 __SHD () C:\Recovery
2014-05-23 17:26 - 2013-08-22 08:36 - 00262144 _____ () C:\WINDOWS\system32\config\BCD-Template
2014-05-23 17:25 - 2014-05-23 17:25 - 00308224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wusa.exe
2014-05-23 17:25 - 2014-05-23 17:25 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wusa.exe
2014-05-23 17:25 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\setup
2014-05-23 17:24 - 2014-05-23 17:24 - 02900992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 02641920 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 02479616 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 02373784 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2014-05-23 17:24 - 2014-05-23 17:24 - 02331000 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 02270208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 02141912 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 02133504 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 02088160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2014-05-23 17:24 - 2014-05-23 17:24 - 02030080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 02013016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2014-05-23 17:24 - 2014-05-23 17:24 - 01843712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 01816576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 01779800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 01764864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 01679128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 01656832 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 01557848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2014-05-23 17:24 - 2014-05-23 17:24 - 01542768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 01351168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 01339240 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 01306624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 01291200 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 01112536 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 01095488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 01066496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2014-05-23 17:24 - 2014-05-23 17:24 - 01036288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 01015808 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00924160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00887296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00836096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00834560 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2014-05-23 17:24 - 2014-05-23 17:24 - 00800256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00717312 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00669696 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00655360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00621568 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2014-05-23 17:24 - 2014-05-23 17:24 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00518552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00512000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidprov.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00488280 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00467800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2014-05-23 17:24 - 2014-05-23 17:24 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlangpui.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2014-05-23 17:24 - 2014-05-23 17:24 - 00406912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.Printing.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00390488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00387210 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-05-23 17:24 - 2014-05-23 17:24 - 00386560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlangpui.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00379224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2014-05-23 17:24 - 2014-05-23 17:24 - 00376152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2014-05-23 17:24 - 2014-05-23 17:24 - 00360512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidprov.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00356848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00355832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationApi.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SessEnv.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\pdh.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00283648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2014-05-23 17:24 - 2014-05-23 17:24 - 00280576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SessEnv.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmWmiPl.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\spp.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00264192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2014-05-23 17:24 - 2014-05-23 17:24 - 00262656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LocationApi.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00254976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pdh.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spp.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00212992 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00201216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReInfo.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00197632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWfdProvider.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReInfo.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00171008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00157016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys
2014-05-23 17:24 - 2014-05-23 17:24 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2014-05-23 17:24 - 2014-05-23 17:24 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00136024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
2014-05-23 17:24 - 2014-05-23 17:24 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2014-05-23 17:24 - 2014-05-23 17:24 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpnpmgr.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevPropMgr.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00113648 _____ (Microsoft Corporation) C:\WINDOWS\system32\userenv.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2014-05-23 17:24 - 2014-05-23 17:24 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvinst.exe
2014-05-23 17:24 - 2014-05-23 17:24 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvinst.exe
2014-05-23 17:24 - 2014-05-23 17:24 - 00094016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\userenv.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMapi.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\davclnt.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxproxy.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\w32tm.exe
2014-05-23 17:24 - 2014-05-23 17:24 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\IPMIDrv.sys
2014-05-23 17:24 - 2014-05-23 17:24 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\w32tm.exe
2014-05-23 17:24 - 2014-05-23 17:24 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\l2gpstore.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\l2gpstore.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvcfg.exe
2014-05-23 17:24 - 2014-05-23 17:24 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpipreg.sys
2014-05-23 17:24 - 2014-05-23 17:24 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SetNetworkLocation.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sxproxy.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys
2014-05-23 17:24 - 2014-05-23 17:24 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialMigrationHandler.dll
2014-05-23 17:24 - 2014-05-23 17:24 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll
2014-05-23 17:22 - 2014-05-23 17:22 - 03464192 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2014-05-23 17:22 - 2014-05-23 17:22 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-05-23 17:22 - 2014-05-23 17:22 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-05-23 17:22 - 2014-05-23 17:22 - 01705472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
2014-05-23 17:22 - 2014-05-23 17:22 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2014-05-23 17:22 - 2014-05-23 17:22 - 00921088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-05-23 17:22 - 2014-05-23 17:22 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2014-05-23 17:22 - 2014-05-23 17:22 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2014-05-23 17:22 - 2014-05-23 17:22 - 00754688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-05-23 17:22 - 2014-05-23 17:22 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2014-05-23 17:22 - 2014-05-23 17:22 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2014-05-23 17:22 - 2014-05-23 17:22 - 00419928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2014-05-23 17:22 - 2014-05-23 17:22 - 00381440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
2014-05-23 17:22 - 2014-05-23 17:22 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-23 17:22 - 2014-05-23 17:22 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2014-05-23 17:22 - 2014-05-23 17:22 - 00190976 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2014-05-23 17:22 - 2014-05-23 17:22 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-05-23 17:22 - 2014-05-23 17:22 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
2014-05-23 17:22 - 2014-05-23 17:22 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
2014-05-23 17:22 - 2014-05-23 17:22 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
2014-05-23 17:22 - 2014-05-23 17:22 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
2014-05-23 17:22 - 2014-05-23 17:22 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
2014-05-23 17:22 - 2014-05-23 17:22 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2014-05-23 17:22 - 2014-05-23 17:22 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2014-05-23 17:22 - 2014-05-23 17:22 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
2014-05-23 17:22 - 2014-05-23 17:22 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
2014-05-23 17:22 - 2014-05-23 17:22 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2014-05-23 17:22 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-05-23 17:22 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\SecureBootUpdates
2014-05-23 17:21 - 2014-05-23 17:21 - 00257880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-05-23 17:21 - 2014-05-23 17:21 - 00123224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-05-23 17:21 - 2014-05-23 17:21 - 00035856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-05-23 17:21 - 2013-08-22 08:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-05-23 17:21 - 2013-08-22 08:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2014-05-23 17:21 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-23 17:21 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-23 17:21 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-05-23 17:21 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-05-23 17:20 - 2014-05-23 17:20 - 21268952 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 18755672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 16872448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 08652800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 07425368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2014-05-23 17:20 - 2014-05-23 17:20 - 07173120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 06645248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 05833216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 05774848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 05104640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 04269056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-05-23 17:20 - 2014-05-23 17:20 - 03359744 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 02688000 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 02518360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-05-23 17:20 - 2014-05-23 17:20 - 02144984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 02124840 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 02100736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 01797896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 01584128 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 01527296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 01466856 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 01436160 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2014-05-23 17:20 - 2014-05-23 17:20 - 01411584 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 01403856 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 01379064 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 01308160 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 01287168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 01230336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 01222656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Streaming.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 01209616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 01200288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2014-05-23 17:20 - 2014-05-23 17:20 - 01126912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 01029120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 01025024 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Streaming.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00955904 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00918528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00881616 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00872448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-05-23 17:20 - 2014-05-23 17:20 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00836608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00805376 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00765408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00731648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00731648 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00718336 _____ (Microsoft Corporation) C:\WINDOWS\system32\swprv.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00707048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00677376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2014-05-23 17:20 - 2014-05-23 17:20 - 00669856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00629760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00609448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00589656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2014-05-23 17:20 - 2014-05-23 17:20 - 00565536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2014-05-23 17:20 - 2014-05-23 17:20 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-05-23 17:20 - 2014-05-23 17:20 - 00518544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00491744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00491520 _____ (Microsoft Corporation) C:\WINDOWS\system32\GeofenceMonitorService.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00486912 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2014-05-23 17:20 - 2014-05-23 17:20 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00467496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00463256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00462336 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00449536 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2014-05-23 17:20 - 2014-05-23 17:20 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2014-05-23 17:20 - 2014-05-23 17:20 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00407016 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2014-05-23 17:20 - 2014-05-23 17:20 - 00406504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2014-05-23 17:20 - 2014-05-23 17:20 - 00387896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00384856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2014-05-23 17:20 - 2014-05-23 17:20 - 00372568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2014-05-23 17:20 - 2014-05-23 17:20 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2014-05-23 17:20 - 2014-05-23 17:20 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00364640 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00360792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fltMgr.sys
2014-05-23 17:20 - 2014-05-23 17:20 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GeofenceMonitorService.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00337240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
2014-05-23 17:20 - 2014-05-23 17:20 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2014-05-23 17:20 - 2014-05-23 17:20 - 00326024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00324888 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00313344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00310616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2014-05-23 17:20 - 2014-05-23 17:20 - 00307304 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00305768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00300544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00285144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\resutils.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00275800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msiscsi.sys
2014-05-23 17:20 - 2014-05-23 17:20 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\rstrui.exe
2014-05-23 17:20 - 2014-05-23 17:20 - 00263424 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2014-05-23 17:20 - 2014-05-23 17:20 - 00250368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpencom.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2014-05-23 17:20 - 2014-05-23 17:20 - 00244880 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2014-05-23 17:20 - 2014-05-23 17:20 - 00233912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00230808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resutils.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00209920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdpencom.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2014-05-23 17:20 - 2014-05-23 17:20 - 00201920 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVideoDSP.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00201216 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00191488 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpchttp.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00180056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2014-05-23 17:20 - 2014-05-23 17:20 - 00178184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVideoDSP.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00130144 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00125496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00111528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpapi.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00098584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2014-05-23 17:20 - 2014-05-23 17:20 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\srclient.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsgqec.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srclient.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\energyprov.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsgqec.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\tlscsp.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tlscsp.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00032600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ploptin.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00028408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe
2014-05-23 17:20 - 2014-05-23 17:20 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8thk.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanhlp.dll
2014-05-23 17:20 - 2014-05-23 17:20 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanhlp.dll
2014-05-23 17:19 - 2014-05-23 17:19 - 00262144 _____ () C:\WINDOWS\system32\config\userdiff
2014-05-23 17:17 - 2014-05-23 17:17 - 00000000 ____D () C:\Program Files\Reference Assemblies
2014-05-23 17:17 - 2014-05-23 17:17 - 00000000 ____D () C:\Program Files\MSBuild
2014-05-23 17:17 - 2014-05-23 17:17 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies
2014-05-23 17:17 - 2014-05-23 17:17 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-05-23 16:55 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-05-23 16:52 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\Registration
2014-05-23 16:52 - 2013-08-22 06:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-05-23 16:51 - 2014-05-23 16:51 - 00022744 _____ () C:\WINDOWS\system32\emptyregdb.dat
2014-05-23 16:51 - 2014-05-23 16:36 - 00020958 _____ () C:\WINDOWS\diagwrn.xml
2014-05-23 16:51 - 2014-05-23 16:36 - 00020958 _____ () C:\WINDOWS\diagerr.xml
2014-05-23 16:51 - 2014-05-23 15:46 - 00006611 _____ () C:\WINDOWS\comsetup.log
2014-05-23 16:48 - 2013-08-22 08:36 - 00000000 __RSD () C:\WINDOWS\Media
2014-05-23 16:48 - 2013-08-22 08:36 - 00000000 __RHD () C:\Users\Public\Libraries
2014-05-23 16:44 - 2013-08-22 07:44 - 03347520 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-05-23 16:43 - 2014-01-22 11:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Driver Kit
2014-05-23 16:43 - 2014-01-18 13:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\InstallConverter
2014-05-23 16:43 - 2013-12-29 11:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2014-05-23 16:43 - 2013-08-22 06:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2014-05-23 16:43 - 2013-02-28 00:55 - 00000000 ____D () C:\WINDOWS\fr
2014-05-23 16:43 - 2013-02-28 00:54 - 00000000 ____D () C:\WINDOWS\es
2014-05-23 16:43 - 2013-02-28 00:54 - 00000000 ____D () C:\WINDOWS\en
2014-05-23 16:43 - 2013-02-28 00:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel AppUp(SM) center
2014-05-23 16:43 - 2013-02-28 00:28 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Power2Go 8
2014-05-23 16:43 - 2013-02-28 00:27 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 10
2014-05-23 16:43 - 2013-02-28 00:21 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BT Program
2014-05-23 16:43 - 2013-02-28 00:19 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2014-05-23 16:43 - 2013-02-27 23:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2014-05-23 16:41 - 2014-05-23 16:41 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-05-23 16:41 - 2014-03-18 02:32 - 00000000 ____D () C:\WINDOWS\SysWOW64\WCN
2014-05-23 16:41 - 2014-03-18 02:32 - 00000000 ____D () C:\WINDOWS\SysWOW64\sysprep
2014-05-23 16:41 - 2014-03-18 02:32 - 00000000 ____D () C:\WINDOWS\system32\WCN
2014-05-23 16:41 - 2013-08-22 08:37 - 00004893 _____ () C:\WINDOWS\DtcInstall.log
2014-05-23 16:41 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\MUI
2014-05-23 16:41 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\migwiz
2014-05-23 16:41 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\IME
2014-05-23 16:41 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\WinBioPlugIns
2014-05-23 16:41 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\spool
2014-05-23 16:41 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-05-23 16:41 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\MUI
2014-05-23 16:41 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\IME
2014-05-23 16:41 - 2013-08-22 06:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\SMI
2014-05-23 16:41 - 2013-08-22 06:36 - 00000000 ____D () C:\WINDOWS\system32\oobe
2014-05-23 16:41 - 2012-07-25 22:37 - 00000000 ____D () C:\Users\Default.migrated
2014-05-23 16:40 - 2013-08-22 08:43 - 00000000 ____D () C:\WINDOWS\DigitalLocker
2014-05-23 16:40 - 2013-08-22 08:36 - 00000000 __SHD () C:\Program Files (x86)\Windows Sidebar
2014-05-23 16:40 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-05-23 16:40 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\IME
2014-05-23 16:40 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\Help
2014-05-23 16:40 - 2013-02-28 01:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitcasa
2014-05-23 16:40 - 2013-02-28 00:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PopCap Games
2014-05-23 16:40 - 2012-08-05 14:11 - 00000000 ____D () C:\ProgramData\PRICache
2014-05-23 16:39 - 2014-05-23 16:30 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-05-23 16:39 - 2014-05-23 16:29 - 00000000 ____D () C:\Program Files\Elantech
2014-05-23 16:39 - 2013-08-22 08:36 - 00000000 __SHD () C:\Program Files\Windows Sidebar
2014-05-23 16:39 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files\Common Files\System
2014-05-23 16:39 - 2013-08-22 08:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-05-23 16:37 - 2014-05-23 16:37 - 00000000 ____D () C:\WINDOWS\system32\config\bbimigrate
2014-05-23 16:37 - 2014-05-23 16:36 - 00000000 ___RD () C:\Users\abruzzeseredbklyn706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-05-23 16:37 - 2014-05-23 16:36 - 00000000 ___RD () C:\Users\abruzzeseredbklyn706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-05-23 16:37 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\Recovery
2014-05-23 16:30 - 2013-08-22 07:46 - 00000084 _____ () C:\WINDOWS\setuperr.log
2014-05-23 16:29 - 2014-05-23 16:29 - 00000000 ____D () C:\WINDOWS\SysWOW64\RTCOM
2014-05-23 16:29 - 2014-05-23 16:29 - 00000000 ____D () C:\WINDOWS\system32\SRSLabs
2014-05-23 16:29 - 2014-05-23 16:29 - 00000000 ____D () C:\Program Files\Realtek
2014-05-23 16:28 - 2013-08-22 06:36 - 00000000 __RHD () C:\Users\Default
2014-05-23 16:07 - 2013-02-27 23:23 - 01446159 _____ () C:\WINDOWS\WindowsUpdate (1).log
2014-05-23 14:31 - 2012-07-26 01:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent
2014-05-22 21:14 - 2013-12-29 11:42 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\AppData\Roaming\Skype
2014-05-22 20:53 - 2014-05-22 20:53 - 00000701 _____ () C:\Users\abruzzeseredbklyn706\Desktop\JRT.txt
2014-05-22 20:48 - 2014-05-22 20:48 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-05-22 20:47 - 2014-05-22 20:47 - 01016261 _____ (Thisisu) C:\Users\abruzzeseredbklyn706\Desktop\JRT.exe
2014-05-22 20:43 - 2014-05-20 21:14 - 00000000 ____D () C:\AdwCleaner
2014-05-20 21:13 - 2014-05-20 21:13 - 01326389 _____ () C:\Users\abruzzeseredbklyn706\Desktop\AdwCleaner.exe
2014-05-17 20:23 - 2013-10-08 17:33 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-05-17 20:22 - 2013-10-08 17:33 - 93223848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-05-17 20:19 - 2013-02-28 00:47 - 00000000 ____D () C:\Users\EasySurvey
2014-05-16 21:29 - 2014-05-16 21:29 - 00023839 _____ () C:\Users\abruzzeseredbklyn706\Desktop\Addition.txt
2014-05-16 21:11 - 2014-05-16 20:54 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\Desktop\mbar
2014-05-16 20:52 - 2014-05-16 20:50 - 12589848 _____ (Malwarebytes Corp.) C:\Users\abruzzeseredbklyn706\Desktop\mbar-1.07.0.1009.exe
2014-05-16 20:49 - 2014-05-16 20:49 - 00000998 _____ () C:\Users\abruzzeseredbklyn706\Desktop\checkup.txt
2014-05-16 20:46 - 2014-05-16 20:46 - 00854367 _____ () C:\Users\abruzzeseredbklyn706\Desktop\SecurityCheck.exe
2014-05-12 07:26 - 2014-05-28 20:22 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2014-05-12 07:26 - 2014-05-16 20:55 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2014-05-12 07:25 - 2014-05-28 20:22 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-05-11 11:49 - 2014-05-11 11:49 - 00000429 _____ () C:\Users\abruzzeseredbklyn706\Desktop\aswMBR.txt
2014-05-11 11:48 - 2014-05-11 11:48 - 04745728 _____ (AVAST Software) C:\Users\abruzzeseredbklyn706\Desktop\aswMBR.exe
2014-05-11 11:09 - 2014-05-11 10:05 - 00016496 _____ () C:\Users\abruzzeseredbklyn706\Desktop\dds.txt
2014-05-11 11:09 - 2014-05-11 10:05 - 00005830 _____ () C:\Users\abruzzeseredbklyn706\Desktop\attach.txt
2014-05-11 11:08 - 2014-05-11 11:08 - 00001915 _____ () C:\Users\abruzzeseredbklyn706\Desktop\attach.zip
2014-05-11 11:05 - 2013-12-29 12:08 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\AppData\Local\CrashDumps
2014-05-11 09:59 - 2014-05-11 09:59 - 00688992 ____R (Swearware) C:\Users\abruzzeseredbklyn706\Desktop\dds.scr
2014-05-05 21:40 - 2014-05-26 21:01 - 23544320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-05-05 20:25 - 2014-05-26 21:01 - 17382912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-05-05 20:00 - 2014-05-26 21:01 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-05-05 19:10 - 2014-05-26 21:01 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe
[2014-05-23 17:20] - [2014-05-23 17:20] - 0407016 ____A (Microsoft Corporation) 067CB90C277DB4A737D5DEABA3055972

C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2014-05-23 17:20] - [2014-05-23 17:20] - 0310616 ____A (Microsoft Corporation) 4BB9BC49DEE1A319EC58274A7BBED663



LastRegBack: 2014-05-23 16:27

==================== End Of Log ============================



Fix log:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 02-06-2014
Ran by abruzzeseredbklyn706 at 2014-06-02 20:33:20 Run:4
Running from C:\Users\abruzzeseredbklyn706\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
AppInit_DLLs: C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\SPVC64~1.DLL => C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\SPVC64~1.DLL File Not Found
AppInit_DLLs-x32: c:\progra~2\search~1\search~1\bin\spvc32~1.dll => "c:\progra~2\search~1\search~1\bin\spvc32~1.dll" File Not Found
SearchScopes: HKCU - DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3319709&octid=EB_ORIGINAL_CTID&ISID=MCB6F9008-0864-4F09-9DD9-3C6CFAB60F2F&SearchSource=58&CUI=&UM=5&UP=SPE8491576-F5C6-4836-AFA3-9987B8A13553&q={searchTerms}&SSPV=
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://www.trovi.com/Results.aspx?gd=&ctid=CT3319709&octid=EB_ORIGINAL_CTID&ISID=MCB6F9008-0864-4F09-9DD9-3C6CFAB60F2F&SearchSource=58&CUI=&UM=5&UP=SPE8491576-F5C6-4836-AFA3-9987B8A13553&q={searchTerms}&SSPV=
SearchScopes: HKCU - {CA263134-BB82-4DF6-B504-6BB870E632DA} URL =
2014-05-28 20:17 - 2014-05-28 20:17 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\Documents\Optimizer Pro
2014-05-28 20:15 - 2014-05-30 22:58 - 00000000 ____D () C:\Program Files (x86)\JavaLive! Manager
2014-05-28 20:15 - 2014-05-28 20:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JavaLive! Manager
2014-05-28 20:14 - 2014-05-28 20:48 - 00000000 ____D () C:\temp
2014-05-28 20:13 - 2014-05-30 21:21 - 00000000 ____D () C:\Program Files\003
2014-05-28 20:10 - 2014-05-28 20:59 - 00000000 ____D () C:\Program Files (x86)\sizlsearch
2014-05-28 20:09 - 2014-05-28 20:48 - 00000000 ____D () C:\Program Files (x86)\SearchProtect
2014-05-28 20:09 - 2014-05-28 20:09 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\AppData\Local\SearchProtect
2014-05-28 20:48 - 2014-01-22 11:45 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Storm Alerts
2014-05-28 20:48 - 2014-01-22 11:45 - 00000000 ____D () C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts
*****************

"C:\PROGRA~2\SEARCH~1\SEARCH~1\bin\SPVC64~1.DLL" => Value Data removed successfully.
"c:\progra~2\search~1\search~1\bin\spvc32~1.dll" => Value Data removed successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key deleted successfully.
HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CA263134-BB82-4DF6-B504-6BB870E632DA} => Key deleted successfully.
HKCR\CLSID\{CA263134-BB82-4DF6-B504-6BB870E632DA} => Key not found.
C:\Users\abruzzeseredbklyn706\Documents\Optimizer Pro => Moved successfully.
C:\Program Files (x86)\JavaLive! Manager => Moved successfully.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JavaLive! Manager => Moved successfully.
C:\temp => Moved successfully.
C:\Program Files\003 => Moved successfully.
C:\Program Files (x86)\sizlsearch => Moved successfully.
C:\Program Files (x86)\SearchProtect => Moved successfully.
C:\Users\abruzzeseredbklyn706\AppData\Local\SearchProtect => Moved successfully.
C:\Users\abruzzeseredbklyn706\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Storm Alerts => Moved successfully.
C:\Users\abruzzeseredbklyn706\AppData\Local\StormAlerts => Moved successfully.

==== End of Fixlog ====

Hi Red Prince,


Hopefully, we are pretty clean at this point.
Yes I believe we are almost there. I know your time is valuable, so I have included extra instructions in case you feel we are at the point where we can wrap this up.


Seems like "something" changed the home page back to Bing but still...no issues after that Maybe it is an IE interjection, seems pretty harmless but the language "a program on your computer has corrupted..." is kind of weird sounding.
If you continue to have issues with IE, you can always reset it back to it's default condition. It's not necessary to make this change unless he is still having issues. If you take this step you will probably have to reset his homepage if it is other than MSN.

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Reset Internet Explorer

Go to the Start menu > Control Panel > Look in the upper right hand corner and make sure the "Category" drop down menu says Small or Large Icons
Locate Internet Options > Advanced tab > Reset button at the bottom of the menu.

=========================


Hopefully, we are pretty clean at this point.
The logs you provided appear clean. :bigthumb:

If you are still experiencing any issues stop here and post back what issues remain.

=========================

We have a few items to take care of before we get to the All Clean Speech.

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Remove Disinfection Tools


Download Delfix (http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/9-delfix)
Tick the following boxes:
Remove disinfection tools
Create registry backup
Purge system restore
http://i1269.photobucket.com/albums/jj590/OCD-WTT/Delfix_zpsdf2d8f9c.gif (http://s1269.photobucket.com/user/OCD-WTT/media/Delfix_zpsdf2d8f9c.gif.html)
Click Run
Any other tools and files found can simply be deleted or uninstall via the Control Panel.

= = = = = = = = = = = = = = = = = = = =

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) Removing/Uninstalling AdwCleaner:

Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

Click on the Uninstall button.
Click Yes when asked are you sure you want to uninstall.
Both AdwCleaner.exe, its folder and all logs will be removed.

=========================

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif (http://s1269.photobucket.com/user/OCD-WTT/media/bullseye_zpse9eaf36e.gif.html) You can now delete any tools and/or logs remaining on your desktop.

=========================

With the above items taken care of let's move on to the All Clean part of the process.

The following procedures are recommendations for helping to keep your system running smoothly. If you are currently satisfied with how your system is running some or all of these may not pertain to you. Implement what you need.

This infection appears to have been cleaned, but I can not give you any absolute guarantees. As a precaution, I would go ahead and change all of your passwords as this is especially important after an infection.

Any of the logs that you created for use in the forums or remaining tools that have not yet been removed can be deleted so they aren't cluttering up your desktop.

Here are some tips to reduce the potential for spyware infection in the future:

Make your Internet Explorer more secure - This can be done by following these simple instructions:

From within Internet Explorer click on the Tools menu and then click on Options.
Click once on the Security tab
Click once on the Internet icon so it becomes highlighted.
Click once on the Custom Level button.
Change the Download signed ActiveX controls to Prompt
Change the Download unsigned ActiveX controls to Disable
Change the Initialize and script ActiveX controls not marked as safe to Disable
Change the Installation of desktop items to Prompt
Change the Launching programs and files in an IFRAME to Prompt
Change the Navigate sub-frames across different domains to Prompt
When all these settings have been made, click on the OK button.
If it prompts you as to whether or not you want to save the settings, press the Yes button.
Next press the Apply button and then the OK to exit the Internet Properties page.
Make your Mozilla Firefox more secure - This can be done by adding these add-ons:


NoScript (https://addons.mozilla.org/en-US/firefox/addon/noscript/?src=ss)
AdBlockPlus (https://addons.mozilla.org/en-US/firefox/addon/adblock-plus/)

Use and update an anti-virus software - I can not overemphasize the need for you to use and update your anti-virus application on a regular basis. With the ever increasing number of new variants of malware arriving on the scene daily, you become very susceptible to an attack without updated protection.

Free Anti-Virus

Avast Free Antivirus (http://download.cnet.com/Avast-Free-Antivirus/3000-2239_4-10019223.html)
Avira Free Antivirus 2013 (http://download.cnet.com/Avira-Free-Antivirus-2013/3000-2239_4-10322935.html)
PC Tools AntiVirus Free (http://download.cnet.com/PC-Tools-AntiVirus-Free/3000-2239_4-10625067.html)
Ad-Aware Free Antivirus + (http://download.cnet.com/Ad-Aware-Free-Antivirus/3000-8022_4-10045910.html)

Free Firewall
Using a third-party firewall will allow you to give/deny access for applications that want to go online. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a firewall in its default configuration can lower your risk greatly. A tutorial on firewalls can be found here (http://www.bleepingcomputer.com/forums/tutorial60.html).

Online Armor Free (http://download.cnet.com/Online-Armor-Free/3000-10435_4-10426782.html)
Agnitum Outpost Firewall Free (http://download.cnet.com/Agnitum-Outpost-Firewall-Free/3000-10435_4-10913746.html)
Comodo Firewall (http://download.cnet.com/Comodo-Firewall/3000-10435_4-75181464.html)

Make sure you keep your Windows OS current. Windows XP users can visit Windows update (http://v4.windowsupdate.microsoft.com/en/default.asp) regularly to download and install any critical updates and service packs. Windows Vista/7 users can open the Start menu > All Programs > Windows Update > Check for Updates (in left hand task pane) to update these systems. Without these you are leaving the back door open.

Consider a custom hosts file such as MVPS HOSTS (http://www.mvps.org/winhelp2002/hosts.htm). This custom hosts file effectively blocks a wide range of unwanted ads, banners, 3rd party Cookies, 3rd party page counters, web bugs, and many hijackers. For information on how to download and install, please read this tutorial by WinHelp2002 (http://www.mvps.org/winhelp2002/hosts.htm)
Note: Be sure to follow the instructions to disable the DNS Client service before installing a custom hosts file.

WOT (http://www.mywot.com/) (Web of Trust) As "Googling" is such an integral part of internet life, this free browser add on warns you about risky websites that try to scam visitors, deliver malware or send spam. It is especially helpful when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites. WOT has an add-on available for Firefox, Internet Explorer as well as Google Chrome.

Finally, I strongly recommend that you read TonyKlein's good advice So how did I get infected in the first place? (http://www.geekstogo.com/forum/index.php?autocom=custom&page=How_did_I)

Please reply to this thread once more if you are satisfied so that we can mark the problem as resolved.

Hi OCD

The computer seems pretty clean and pretty stable. I haven't seen any pop ups lately. I cleaned up the work on the desktop with Del Fix and uninstalled the other programs.

One question, I attached a screenshot of uninstall page because I see a program called "Norton online backup". I am in the process of installing AVAST for Red Prince but was wondering if I should delete this Norton tool to avoid any conflicts?

Also, I've attached the delfix log only because at the bottom, it looks like it deleted a windows update and a java update......is it supposed to do that or maybe I am just not understanding. The log is attached below.

So overall things seem really good and I am very grateful, as is Red prince, for your help on getting his machine clean.

Do you think he should buy an antivirus software or do you think the free AVAST software should be sufficient for his needs?

I will stay tuned to see what your responses are on the above before signing out.

thanks again!

here is the log:

11532

Hi Red Prince,

Very glad I have been able to get everything back on track. :bigthumb:


One question, I attached a screenshot of uninstall page because I see a program called "Norton online backup". I am in the process of installing AVAST for Red Prince but was wondering if I should delete this Norton tool to avoid any conflicts?
Norton Online Backup is not the same as Norton Anti-Virus, so it shouldn't cause any conflicts. It appears to be just a way to back up data online. You can go ahead and uninstall it if you think it may cause confusion as to what it is for. It would probably never be used anyway. Most people do their backups to an external hard drive.


Also, I've attached the delfix log only because at the bottom, it looks like it deleted a windows update and a java update......is it supposed to do that or maybe I am just not understanding. The log is attached below.
You seem to have only attached the screenshot of the Norton Online Backup.


Do you think he should buy an antivirus software or do you think the free AVAST software should be sufficient for his needs?
Avast should be just fine. There is no need to purchase an anti-virus program. If he should choose to buy any additional security software I would recommend the premium version of Malwarebytes. It is not an anti-virus program, but a real-time scanner that scans the system daily for malware.

Hi OCD

I thought I had cut and pasted the delfix log into the thread but I see that it didn't take. Unfortunately I didn't save it so I can't re-paste but I guess I won't be too worried about what it deleted as I can't imagine it would do any significant harm.

Let me know if you think there is anything else we need to do at this point. I downloaded AVAST and it seems to be running fine although it seems to slow his browsing down a bit.

Thanks again for all your help. You guys are saints!

Hi Red Prince,

The Delfix log should pose no issue.


Let me know if you think there is anything else we need to do at this point.
I think we have covered everything, unless you have any questions for me.


I downloaded AVAST and it seems to be running fine although it seems to slow his browsing down a bit.
The only other alternative is to try different AV's and see if there is any improvement. But the difference would be negligible.


Thanks again for all your help.
Your are quite welcome. :)

Hi OCD

I've re-checked Red Prince's computer and it is running smoothly with no problems. No pop-ups or anything, so I think at this point it is all clear and good to go.

Thanks so much again for your help. I think we can close out the thread now.

Best wishes to you.

Chris

Hi Chris,

You're very welcome. Glad I was able to help. :bigthumb:

I'm happy Red Prince's computer is back to normal. You deserve a pat on the back as well for your kindness. The world could use a few more neighbors like you. Have a great day.

Since this issue appears to be resolved ... this Topic will be closed.