Hi,

I went onto freethemesandtemplates.blogspot.com yesterday looking at Wordpress themes. The page tried to download but McAfee blocked and quarantined the file showing it had the following virus: Trojan - Artemis! A9D9670AA481.

Today: Intenet Explorer is doing weird things like changing my homepage to one called about:blank.

Help would be really appreciated.

Thanks,

Dan.

NB.

Because I have been asked to attach the logs and not include them across two posts I have had to add the rest of FRST.txt over four attachments because of the forum upload limits. Also, the maximum number of attachments is 5, so I have had to include the asw.MBR is the next post anyway.

_______________________

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-11-2014 01
Ran by Daniel (administrator) on DANIELS-LAPTOP on 28-11-2014 12:56:26
Running from C:\Users\Daniel\Desktop
Loaded Profile: Daniel (Available profiles: Daniel & Administrator & Classic .NET AppPool & .NET v4.5 & DefaultAppPool & .NET v2.0 & .NET v4.5 Classic & .NET v2.0 Classic)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Conexant Systems Inc.) C:\Windows\System32\CxAudMsg64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\Bin\IpOverUsbSvc.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation) C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
() C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Conexant Systems, Inc.) C:\Windows\SysWOW64\SASrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Conexant Systems, Inc.) C:\Program Files\CONEXANT\cAudioFilterAgent\CAudioFilterAgent64.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe
(Pokki) C:\Users\Daniel\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe
(Pokki) C:\Users\Daniel\AppData\Local\Pokki\Engine\HostAppService.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Pokki) C:\Users\Daniel\AppData\Local\Pokki\Engine\HostAppService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Pokki) C:\Users\Daniel\AppData\Local\Pokki\Engine\StartMenuIndexer.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Lenovo) C:\Program Files\Lenovo\Lenovo Solution Center\LSCNotify.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\OFFICE11\WINWORD.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\OFFICE11\OUTLOOK.EXE
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_239.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-31] (Intel Corporation)
HKLM\...\Run: [RtsFT] => C:\WINDOWS\RTFTrack.exe [6340312 2013-07-19] (Realtek semiconductor)
HKLM\...\Run: [cAudioFilterAgent] => C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe [903384 2013-07-25] (Conexant Systems, Inc.)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SACpl.exe [1647616 2012-06-13] (Conexant Systems, Inc.)
HKLM\...\Run: [Energy Manager] => C:\Program Files (x86)\Lenovo\Energy Manager\Energy Manager.exe [15813616 2013-11-29] (Lenovo(beijing) Limited)
HKLM\...\Run: [Lenovo Utility] => C:\Program Files (x86)\Lenovo\Energy Manager\Utility.exe [80880 2013-11-29] (Lenovo(beijing) Limited)
HKLM\...\Run: [IntelliPoint] => c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2417032 2011-08-01] (Microsoft Corporation)
HKLM-x32\...\Run: [Lenovo App Shop] => C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\ismagent.exe [156000 2013-07-18] (Intel Corporation)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [214312 2011-12-07] (CyberLink Corp.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-09-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [88984 2013-03-10] (Elaborate Bytes AG)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-09-07] ( (Qualcomm®Atheros®))
HKLM\...\Policies\Explorer: [NoFolderOptions] 0
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2228433086-130700982-1473003571-1001\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON
HKU\S-1-5-21-2228433086-130700982-1473003571-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [22065760 2014-10-01] (Skype Technologies S.A.)
HKU\S-1-5-21-2228433086-130700982-1473003571-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-2228433086-130700982-1473003571-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-10-17] (Apple Inc.)
HKU\S-1-5-21-2228433086-130700982-1473003571-1001\...\Run: [BrowserChoice] => C:\Windows\BrowserChoice\browserchoice.exe [86816 2013-08-22] (Microsoft Corporation)
HKU\S-1-5-21-2228433086-130700982-1473003571-1001\...\Run: [MySQL Notifier] => C:\Program Files (x86)\MySQL\MySQL Notifier 1.1\MySqlNotifier.exe [773120 2014-09-03] (Oracle Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2228433086-130700982-1473003571-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> DefaultScope {1BFEC185-0D04-40DF-ACF3-5057D4300A85} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {1BFEC185-0D04-40DF-ACF3-5057D4300A85} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB
SearchScopes: HKLM-x32 -> DefaultScope {1BFEC185-0D04-40DF-ACF3-5057D4300A85} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {1BFEC185-0D04-40DF-ACF3-5057D4300A85} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB
SearchScopes: HKU\S-1-5-21-2228433086-130700982-1473003571-1001 -> {1BFEC185-0D04-40DF-ACF3-5057D4300A85} URL =
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: http - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\2wept432.default
FF Homepage: hxxp://www.sky.com
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2228433086-130700982-1473003571-1001: intel.com/AppUp -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp.dll (Intel)
FF Plugin HKU\S-1-5-21-2228433086-130700982-1473003571-1001: intel.com/AppUpx64 -> C:\Program Files (x86)\Lenovo\LenovoAppShop\bin\npAppUp_x64.dll (Intel)
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-11-18]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-11-18]
FF Extension: No Name - {4ED1F68A-5463-4931-9384-8FFF5ED91D92} [Not Found]

Chrome:
=======
CHR HomePage: Default -> https://www.google.com/
CHR StartupUrls: Default -> "https://www.google.com/"
CHR Profile: C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-11-19]
CHR Extension: (Google Docs) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-11-19]
CHR Extension: (Google Drive) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-11-19]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-19]
CHR Extension: (YouTube) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-11-19]
CHR Extension: (Google Search) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-11-19]
CHR Extension: (Google Sheets) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-11-19]
CHR Extension: (SiteAdvisor) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-11-19]
CHR Extension: (Google Wallet) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-11-19]
CHR Extension: (Gmail) - C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-11-19]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-11-19]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-09-07] (Windows (R) Win 7 DDK provider)
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) [File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-31] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-12] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-12] (Intel(R) Corporation)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\Bin\IpOverUsbSvc.exe [22744 2014-10-15] (Microsoft Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-08-08] (Intel Corporation)
S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [272776 2014-10-16] ()
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [603424 2014-09-04] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1041192 2014-08-20] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-06-20] (McAfee, Inc.)
R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [189912 2014-06-20] (McAfee, Inc.)
R2 MsDepSvc; C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [88720 2014-05-05] (Microsoft Corporation)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 MSSQL$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [62379184 2014-07-10] (Microsoft Corporation)
R2 MySQL56; C:\Program Files\MySQL\MySQL Server 5.6\bin\mysqld.exe [13031424 2014-09-11] () [File not signed]
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2013-07-24] (Nitro PDF Software)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
S4 SQLAgent$SQLEXPRESS; c:\Program Files\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [442536 2014-07-10] (Microsoft Corporation)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
R2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2013-11-29] ()
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-11-19] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [546304 2014-11-19] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-22] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-09-07] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3859968 2013-08-16] (Qualcomm Atheros Communications, Inc.)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-07] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\System32\drivers\BthLEEnum.sys [226304 2013-12-04] (Microsoft Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [72128 2014-06-20] (McAfee, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-08-08] (Intel Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [181704 2014-06-20] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [313544 2014-06-20] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [70600 2014-06-20] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [523792 2014-06-20] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [786296 2014-06-20] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [445512 2014-08-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96592 2014-08-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [348552 2014-06-20] (McAfee, Inc.)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3344352 2013-07-08] (Intel Corporation)
S4 RsFx0153; C:\Windows\System32\DRIVERS\RsFx0153.sys [322736 2014-07-10] (Microsoft Corporation)
S3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8247640 2013-07-19] (Realtek Semiconductor Corp.)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-09-13] (Synaptics Incorporated)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-22] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-14] ("CyberLink)
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]
S3 MFE_RR; \??\C:\Users\Daniel\AppData\Local\Temp\mfe_rr.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-11-28 12:56 - 2014-11-28 12:57 - 00024151 _____ () C:\Users\Daniel\Desktop\FRST.txt
2014-11-28 12:55 - 2014-11-28 12:56 - 00000000 ____D () C:\FRST
2014-11-28 12:54 - 2014-11-28 12:54 - 00000207 _____ () C:\WINDOWS\tweaking.com-regbackup-DANIELS-LAPTOP-Microsoft-Windows-8.1-(64-bit).dat
2014-11-28 12:53 - 2014-11-28 12:53 - 02117632 _____ (Farbar) C:\Users\Daniel\Desktop\FRST64.exe
2014-11-28 12:52 - 2014-11-28 12:52 - 00002262 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2014-11-28 12:52 - 2014-11-28 12:52 - 00000000 ____D () C:\RegBackup
2014-11-28 12:52 - 2014-11-28 12:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-11-28 12:52 - 2014-11-28 12:52 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-11-28 12:51 - 2014-11-28 12:51 - 04215584 _____ () C:\Users\Daniel\Desktop\tweaking.com_registry_backup_setup.exe
2014-11-28 11:10 - 2014-11-28 11:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-11-27 20:29 - 2014-11-27 20:29 - 00003134 _____ () C:\WINDOWS\System32\Tasks\{269C8AD7-1979-4457-A275-86612F3AC068}
2014-11-27 19:53 - 2014-11-27 19:53 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-27 16:03 - 2014-11-27 16:03 - 00094896 _____ () C:\Users\Daniel\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-24 21:30 - 2014-11-24 21:30 - 12173312 _____ () C:\Users\Daniel\Downloads\mysql-connector-net-6.9.5(1).msi
2014-11-24 18:30 - 2014-11-24 18:30 - 00003672 _____ () C:\WINDOWS\System32\Tasks\MySQLNotifierTask
2014-11-24 18:21 - 2014-11-24 21:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MySQL
2014-11-24 15:04 - 2014-11-24 15:06 - 12173312 _____ () C:\Users\Daniel\Downloads\mysql-connector-net-6.9.5.msi
2014-11-23 11:41 - 2014-11-25 14:27 - 00000000 ____D () C:\Users\Daniel\AppData\Local\CrashDumps
2014-11-23 11:02 - 2014-11-23 11:02 - 00000000 ____D () C:\Users\Daniel\SkyDrive
2014-11-22 13:19 - 2014-11-22 13:19 - 00001158 _____ () C:\Users\Daniel\Desktop\My Computer.lnk
2014-11-21 17:27 - 2014-11-21 17:27 - 00000678 _____ () C:\Users\Daniel\Desktop\OneDrive.lnk
2014-11-21 16:57 - 2014-11-23 10:42 - 00003110 _____ () C:\WINDOWS\System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2228433086-130700982-1473003571-1001
2014-11-21 16:14 - 2014-11-21 16:15 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-21 16:14 - 2014-11-21 16:14 - 00098216 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2014-11-21 16:14 - 2014-11-21 16:14 - 00000000 ____D () C:\ProgramData\Sun
2014-11-21 16:14 - 2014-11-21 16:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-21 16:14 - 2014-11-21 16:14 - 00000000 ____D () C:\Program Files (x86)\Java
2014-11-21 15:49 - 2014-07-24 15:28 - 00419648 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2014-11-21 15:49 - 2014-07-24 15:28 - 00412992 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2014-11-21 15:49 - 2014-07-24 15:28 - 00280384 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2014-11-21 15:49 - 2014-07-24 15:28 - 00143680 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys
2014-11-21 15:49 - 2014-07-24 15:23 - 00125472 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
2014-11-21 15:49 - 2014-07-24 15:20 - 00645592 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2014-11-21 15:49 - 2014-07-24 15:20 - 00263400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2014-11-21 15:49 - 2014-07-24 15:16 - 02574208 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
2014-11-21 15:49 - 2014-07-24 15:16 - 00211216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVol.exe
2014-11-21 15:49 - 2014-07-24 15:07 - 02009920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2014-11-21 15:49 - 2014-07-24 15:05 - 01660048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2014-11-21 15:49 - 2014-07-24 15:05 - 01519560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2014-11-21 15:49 - 2014-07-24 15:05 - 01488008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2014-11-21 15:49 - 2014-07-24 15:05 - 01356840 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2014-11-21 15:49 - 2014-07-24 15:03 - 02141920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-11-21 15:49 - 2014-07-24 15:03 - 00882136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2014-11-21 15:49 - 2014-07-24 15:03 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2014-11-21 15:49 - 2014-07-24 15:03 - 00233888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2014-11-21 15:49 - 2014-07-24 15:03 - 00205512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll
2014-11-21 15:49 - 2014-07-24 13:50 - 00098048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2014-11-21 15:49 - 2014-07-24 13:48 - 02410976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
2014-11-21 15:49 - 2014-07-24 13:48 - 00180208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVol.exe
2014-11-21 15:49 - 2014-07-24 13:46 - 00477200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2014-11-21 15:49 - 2014-07-24 13:36 - 02145472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-11-21 15:49 - 2014-07-24 13:36 - 00707536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2014-11-21 15:49 - 2014-07-24 13:36 - 00355800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2014-11-21 15:49 - 2014-07-24 13:36 - 00180720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll
2014-11-21 15:49 - 2014-07-24 11:51 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRUM.DLL
2014-11-21 15:49 - 2014-07-24 11:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDYAK.DLL
2014-11-21 15:49 - 2014-07-24 11:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTT102.DLL
2014-11-21 15:49 - 2014-07-24 11:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTAT.DLL
2014-11-21 15:49 - 2014-07-24 11:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRU1.DLL
2014-11-21 15:49 - 2014-07-24 11:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDBASH.DLL
2014-11-21 15:49 - 2014-07-24 11:51 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRU.DLL
2014-11-21 15:49 - 2014-07-24 11:46 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\IPMIDrv.sys
2014-11-21 15:49 - 2014-07-24 11:45 - 00076800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
2014-11-21 15:49 - 2014-07-24 11:44 - 00674816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2014-11-21 15:49 - 2014-07-24 11:43 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2014-11-21 15:49 - 2014-07-24 11:42 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2014-11-21 15:49 - 2014-07-24 11:42 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\NdisImPlatform.sys
2014-11-21 15:49 - 2014-07-24 11:41 - 00118272 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2014-11-21 15:49 - 2014-07-24 11:06 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasnap.dll
2014-11-21 15:49 - 2014-07-24 11:05 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll
2014-11-21 15:49 - 2014-07-24 11:05 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2014-11-21 15:49 - 2014-07-24 10:52 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDYAK.DLL
2014-11-21 15:49 - 2014-07-24 10:52 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDTT102.DLL
2014-11-21 15:49 - 2014-07-24 10:52 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDTAT.DLL
2014-11-21 15:49 - 2014-07-24 10:51 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRUM.DLL
2014-11-21 15:49 - 2014-07-24 10:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRU1.DLL
2014-11-21 15:49 - 2014-07-24 10:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDBASH.DLL
2014-11-21 15:49 - 2014-07-24 10:51 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRU.DLL
2014-11-21 15:49 - 2014-07-24 10:49 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersGPExt.dll
2014-11-21 15:49 - 2014-07-24 10:32 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\powercfg.cpl
2014-11-21 15:49 - 2014-07-24 10:20 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2014-11-21 15:49 - 2014-07-24 10:18 - 01089024 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpedit.dll
2014-11-21 15:49 - 2014-07-24 10:12 - 00878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll
2014-11-21 15:49 - 2014-07-24 10:10 - 01844224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2014-11-21 15:49 - 2014-07-24 10:10 - 00834560 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
2014-11-21 15:49 - 2014-07-24 10:10 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2014-11-21 15:49 - 2014-07-24 10:10 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasnap.dll
2014-11-21 15:49 - 2014-07-24 10:05 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
2014-11-21 15:49 - 2014-07-24 09:52 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2014-11-21 15:49 - 2014-07-24 09:44 - 16874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-11-21 15:49 - 2014-07-24 09:42 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\powercfg.cpl
2014-11-21 15:49 - 2014-07-24 09:40 - 00557056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintDialogs.dll
2014-11-21 15:49 - 2014-07-24 09:39 - 00770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2014-11-21 15:49 - 2014-07-24 09:33 - 01741824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2014-11-21 15:49 - 2014-07-24 09:32 - 01048064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpedit.dll
2014-11-21 15:49 - 2014-07-24 09:27 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
2014-11-21 15:49 - 2014-07-24 09:25 - 00832512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenter.dll
2014-11-21 15:49 - 2014-07-24 09:24 - 01817088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll
2014-11-21 15:49 - 2014-07-24 09:21 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2014-11-21 15:49 - 2014-07-24 09:18 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2014-11-21 15:49 - 2014-07-24 09:16 - 12730880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-11-21 15:49 - 2014-07-24 09:14 - 00443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2014-11-21 15:49 - 2014-07-24 09:12 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2014-11-21 15:49 - 2014-07-24 09:11 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\conhost.exe
2014-11-21 15:49 - 2014-07-24 09:11 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2014-11-21 15:49 - 2014-07-24 09:10 - 00540672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2014-11-21 15:49 - 2014-07-24 09:04 - 00492032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintDialogs.dll
2014-11-21 15:49 - 2014-07-24 09:04 - 00183808 _____ (Microsoft Corp.) C:\WINDOWS\system32\Defrag.exe
2014-11-21 15:49 - 2014-07-24 09:03 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
2014-11-21 15:49 - 2014-07-24 09:02 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2014-11-21 15:49 - 2014-07-24 08:58 - 00105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2014-11-21 15:49 - 2014-07-24 08:53 - 01261056 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2014-11-21 15:49 - 2014-07-24 08:53 - 00449536 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
2014-11-21 15:49 - 2014-07-24 08:49 - 01287680 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2014-11-21 15:49 - 2014-07-24 08:49 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2014-11-21 15:49 - 2014-07-24 08:48 - 00659968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2014-11-21 15:49 - 2014-07-24 08:47 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2014-11-21 15:49 - 2014-07-24 08:43 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2014-11-21 15:49 - 2014-07-24 08:39 - 02397184 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2014-11-21 15:49 - 2014-07-24 08:38 - 00371200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2014-11-21 15:49 - 2014-07-24 08:36 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2014-11-21 15:49 - 2014-07-24 08:32 - 01532416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2014-11-21 15:49 - 2014-07-24 08:30 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2014-11-21 15:49 - 2014-07-24 08:29 - 00439296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2014-11-21 15:49 - 2014-07-24 08:28 - 00595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2014-11-21 15:49 - 2014-07-24 08:23 - 01404416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2014-11-21 15:49 - 2014-07-24 08:22 - 00487936 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2014-11-21 15:49 - 2014-07-24 08:21 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2014-11-21 15:49 - 2014-07-24 08:21 - 00302080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
2014-11-21 15:49 - 2014-07-24 08:18 - 01144320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2014-11-21 15:49 - 2014-07-24 08:18 - 00795136 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2014-11-21 15:49 - 2014-07-24 08:16 - 00505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\VAN.dll
2014-11-21 15:49 - 2014-07-24 08:16 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2014-11-21 15:49 - 2014-07-24 08:15 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2014-11-21 15:49 - 2014-07-24 08:15 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2014-11-21 15:49 - 2014-07-24 08:13 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
2014-11-21 15:49 - 2014-07-24 08:10 - 00889344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2014-11-21 15:49 - 2014-07-24 08:10 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2014-11-21 15:49 - 2014-07-24 08:08 - 00321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2014-11-21 15:49 - 2014-07-24 08:05 - 00448000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VAN.dll
2014-11-21 15:49 - 2014-07-24 08:01 - 01992192 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
2014-11-21 15:49 - 2014-07-24 08:00 - 02100736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
2014-11-21 15:49 - 2014-07-24 07:58 - 00432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2014-11-21 15:49 - 2014-07-24 07:58 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2014-11-21 15:49 - 2014-07-24 07:54 - 01290752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
2014-11-21 15:49 - 2014-07-24 07:50 - 01182208 _____ (Microsoft Corporation) C:\WINDOWS\system32\printui.dll
2014-11-21 15:49 - 2014-07-24 07:47 - 00576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2014-11-21 15:49 - 2014-07-24 07:44 - 01057792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\printui.dll
2014-11-21 15:49 - 2014-07-24 07:41 - 00459264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2014-11-21 15:49 - 2014-07-24 07:28 - 01600000 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2014-11-21 15:49 - 2014-07-24 04:11 - 00513544 _____ () C:\WINDOWS\SysWOW64\locale.nls
2014-11-21 15:49 - 2014-07-24 04:11 - 00513544 _____ () C:\WINDOWS\system32\locale.nls
2014-11-21 15:49 - 2014-07-12 05:55 - 00268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
2014-11-21 15:49 - 2014-07-12 04:58 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
2014-11-21 15:49 - 2014-07-04 12:59 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
2014-11-21 15:49 - 2014-07-04 10:29 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSip.dll
2014-11-21 15:49 - 2014-07-04 10:20 - 01656832 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2014-11-21 15:49 - 2014-07-04 10:06 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxSip.dll
2014-11-21 15:49 - 2014-07-04 10:00 - 01351168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2014-11-21 15:49 - 2014-07-04 09:30 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2014-11-21 15:49 - 2014-07-04 09:27 - 00474112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2014-11-21 15:49 - 2014-06-27 06:22 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2014-11-21 15:49 - 2014-06-26 00:32 - 01029632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2014-11-21 15:49 - 2014-06-26 00:29 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2014-11-21 15:49 - 2014-06-19 23:37 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2014-11-21 15:49 - 2014-06-19 02:13 - 00310080 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2014-11-21 15:49 - 2014-06-14 06:03 - 02389504 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2014-11-21 15:49 - 2014-06-14 05:46 - 02071552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2014-11-21 15:49 - 2014-06-07 12:46 - 00216368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2014-11-21 15:49 - 2014-06-07 10:20 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2014-11-21 15:49 - 2014-06-05 14:00 - 01118040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2014-11-21 15:49 - 2014-06-05 10:18 - 01018368 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2014-11-21 15:49 - 2014-06-05 09:42 - 00889856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2014-11-21 15:49 - 2014-05-31 05:00 - 01463808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2014-11-21 15:49 - 2014-05-31 04:18 - 01319936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2014-11-21 15:49 - 2014-05-29 06:23 - 00427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
2014-11-21 15:49 - 2014-05-29 05:25 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
2014-11-21 15:49 - 2014-05-26 07:26 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2014-11-21 15:49 - 2014-05-10 10:12 - 00387896 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2014-11-21 15:49 - 2014-05-10 08:46 - 00335680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2014-11-21 15:49 - 2014-05-06 04:41 - 00486744 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll
2014-11-21 15:49 - 2014-05-06 00:55 - 00391000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll
2014-11-21 15:49 - 2014-03-25 02:27 - 00160600 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmmbase.dll
2014-11-21 15:49 - 2014-03-25 02:27 - 00123920 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmm.dll
2014-11-21 15:49 - 2014-03-25 01:20 - 00128568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmm.dll
2014-11-21 15:49 - 2014-03-25 01:20 - 00127544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmmbase.dll
2014-11-21 15:46 - 2014-11-21 15:46 - 00000000 __SHD () C:\Users\Daniel\AppData\Local\EmieBrowserModeList
2014-11-21 14:54 - 2014-04-14 03:29 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2014-11-21 14:49 - 2014-10-13 02:33 - 00116032 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2014-11-21 14:49 - 2014-10-11 00:58 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2014-11-21 14:49 - 2014-10-11 00:53 - 03607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2014-11-21 14:49 - 2014-10-08 07:30 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2014-11-21 14:49 - 2014-10-08 07:09 - 00428032 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
2014-11-21 14:49 - 2014-10-08 06:27 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll
2014-11-21 14:49 - 2014-10-08 05:32 - 02773504 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-11-21 14:49 - 2014-10-08 05:19 - 02459136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-11-21 14:49 - 2014-08-15 00:36 - 00146752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpioclx.sys
2014-11-21 14:49 - 2014-07-30 01:56 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll
2014-11-21 14:49 - 2014-07-29 05:22 - 00205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcpmon.dll
2014-11-21 14:49 - 2014-05-30 03:03 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2014-11-21 14:49 - 2014-03-13 07:42 - 00308224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wusa.exe
2014-11-21 14:49 - 2014-03-13 06:51 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wusa.exe
2014-11-21 14:48 - 2014-09-22 04:38 - 01519488 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2014-11-21 14:48 - 2014-09-22 03:06 - 00258368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
2014-11-21 14:48 - 2014-09-22 03:06 - 00114496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys
2014-11-21 14:48 - 2014-09-22 02:49 - 00035320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
2014-11-21 14:48 - 2014-09-19 00:16 - 01346048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2014-11-21 14:48 - 2014-09-02 22:08 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2014-11-21 14:48 - 2014-09-02 22:08 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winshfhc.dll
2014-11-21 14:48 - 2014-08-23 05:18 - 02149376 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2014-11-21 14:48 - 2014-08-23 05:03 - 01346048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2014-11-21 14:48 - 2014-06-09 22:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2014-11-21 14:48 - 2014-06-09 22:13 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2014-11-21 14:48 - 2014-05-19 06:31 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvcfg.exe
2014-11-21 14:48 - 2014-05-19 06:21 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvinst.exe
2014-11-21 14:48 - 2014-05-19 05:23 - 00098816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvinst.exe
2014-11-21 14:47 - 2014-10-31 05:28 - 25110016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-11-21 14:47 - 2014-10-31 05:05 - 02884096 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-11-21 14:47 - 2014-10-31 04:50 - 06040064 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-11-21 14:47 - 2014-10-31 04:30 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
2014-11-21 14:47 - 2014-10-31 03:59 - 14390272 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-11-21 14:47 - 2014-10-31 03:45 - 02365440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-11-21 14:47 - 2014-10-31 03:42 - 19781632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-11-21 14:47 - 2014-10-31 03:32 - 01550336 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-11-21 14:47 - 2014-10-31 03:18 - 02277376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-11-21 14:47 - 2014-10-31 02:46 - 04298240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-11-21 14:47 - 2014-10-31 02:30 - 12819456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-11-21 14:47 - 2014-10-31 02:17 - 01892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-11-21 14:47 - 2014-10-31 02:13 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-11-21 14:47 - 2014-10-07 06:28 - 00500016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2014-11-21 14:47 - 2014-10-07 06:27 - 00482872 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2014-11-21 14:47 - 2014-10-07 06:27 - 00394120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2014-11-21 14:47 - 2014-10-07 06:27 - 00272248 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2014-11-21 14:47 - 2014-10-07 06:27 - 00108432 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2014-11-21 14:47 - 2014-10-07 03:34 - 00370424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2014-11-21 14:47 - 2014-10-07 03:34 - 00344536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2014-11-21 14:47 - 2014-10-07 03:33 - 00424544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2014-11-21 14:47 - 2014-10-07 01:54 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2014-11-21 14:47 - 2014-10-07 01:46 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2014-11-21 14:47 - 2014-08-23 07:48 - 02374784 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2014-11-21 14:47 - 2014-08-23 07:13 - 02084520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2014-11-21 14:47 - 2014-08-23 06:10 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
2014-11-21 14:47 - 2014-08-23 05:32 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
2014-11-21 14:47 - 2014-08-23 04:33 - 00796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2014-11-21 14:47 - 2014-05-13 07:01 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\BulkOperationHost.exe
2014-11-21 14:47 - 2014-05-03 05:36 - 00997888 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2014-11-21 14:47 - 2014-05-03 05:19 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncobjapi.dll
2014-11-21 14:47 - 2014-05-03 05:08 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedynos.dll
2014-11-21 14:47 - 2014-05-03 05:07 - 00262656 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedyn.dll
2014-11-21 14:47 - 2014-05-03 04:46 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncobjapi.dll
2014-11-21 14:47 - 2014-05-03 04:37 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\framedynos.dll
2014-11-21 14:47 - 2014-05-03 04:37 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\framedyn.dll
2014-11-21 14:47 - 2014-05-02 23:26 - 00050745 _____ () C:\WINDOWS\system32\srms.dat

aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2014-11-28 12:59:35
-----------------------------
12:59:35.997 OS Version: Windows x64 6.2.9200
12:59:35.997 Number of processors: 8 586 0x3C03
12:59:35.997 ComputerName: DANIELS-LAPTOP UserName: Daniel
12:59:38.040 Initialize success
12:59:38.198 VM: initialized successfully
12:59:38.199 VM: Intel CPU BiosDisabled
13:03:00.101 AVAST engine defs: 14112800
13:04:58.796 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000033
13:04:58.798 Disk 0 Vendor: ST1000LM024_HN-M101MBB 2BA30001 Size: 953869MB BusType: 11
13:04:58.996 Disk 0 MBR read successfully
13:04:58.998 Disk 0 MBR scan
13:04:59.009 Disk 0 unknown MBR code
13:04:59.012 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
13:04:59.048 Disk 0 scanning C:\WINDOWS\system32\drivers
13:05:16.915 Service scanning
13:05:54.987 Modules scanning
13:05:55.001 Disk 0 trace - called modules:
13:05:55.023 ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll iaStorA.sys
13:05:55.048 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe001584e3640]
13:05:55.064 3 CLASSPNP.SYS[fffff800216ba27b] -> nt!IofCallDriver -> \Device\00000033[0xffffe00155dbe060]
13:05:55.989 AVAST engine scan C:\WINDOWS
13:05:58.540 AVAST engine scan C:\WINDOWS\system32
13:15:36.787 AVAST engine scan C:\WINDOWS\system32\drivers
13:16:18.901 AVAST engine scan C:\Users\Daniel
13:20:23.060 Disk 0 MBR has been saved successfully to "C:\Users\Daniel\Desktop\MBR.dat"
13:20:23.079 The log file has been saved successfully to "C:\Users\Daniel\Desktop\aswMBR.txt"

McAfee blocked and quarantined the file showing it had the following virus: Trojan - Artemis! A9D9670AA481.
Can you open McAfee and find what file it's showing as infected?

Pokki from SweetLabs has been found to be bundled with 3rd party software <--need to remove/uninstall this

Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)



start
CloseProcesses:
(Pokki) C:\Users\Daniel\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe
(Pokki) C:\Users\Daniel\AppData\Local\Pokki\Engine\HostAppService.exe
(Pokki) C:\Users\Daniel\AppData\Local\Pokki\Engine\StartMenuIndexer.exe
HKU\S-1-5-21-2228433086-130700982-1473003571-1001\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON
SearchScopes: HKLM -> DefaultScope {1BFEC185-0D04-40DF-ACF3-5057D4300A85} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {1BFEC185-0D04-40DF-ACF3-5057D4300A85} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB
SearchScopes: HKLM-x32 -> DefaultScope {1BFEC185-0D04-40DF-ACF3-5057D4300A85} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {1BFEC185-0D04-40DF-ACF3-5057D4300A85} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB
SearchScopes: HKU\S-1-5-21-2228433086-130700982-1473003571-1001 -> {1BFEC185-0D04-40DF-ACF3-5057D4300A85} URL =
FF Extension: No Name - {4ED1F68A-5463-4931-9384-8FFF5ED91D92} [Not Found]
Task: {04E97A79-B502-42E8-BB60-B2FB53FBC605} - System32\Tasks\MySQL\Installer\ManifestUpdate => C:\Program Files (x86)\MySQL\MySQL Installer for Windows\MySQLInstallerConsole.exe [2014-09-18] (Oracle Corporation) <==== ATTENTION
2014-11-19 18:05 - 2013-11-29 15:54 - 00000000 ____D () C:\Users\DefaultAppPool\AppData\Local\Pokki
2014-11-19 17:23 - 2013-11-29 15:54 - 00000000 ____D () C:\Users\Classic .NET AppPool\AppData\Local\Pokki
2014-11-19 17:23 - 2013-11-29 15:54 - 00000000 ____D () C:\Users\.NET v2.0\AppData\Local\Pokki
2014-11-19 17:23 - 2013-11-29 15:54 - 00000000 ____D () C:\Users\.NET v2.0 Classic\AppData\Local\Pokki
2014-11-19 17:13 - 2013-11-29 15:54 - 00000000 ____D () C:\Users\.NET v4.5\AppData\Local\Pokki
2014-11-19 17:13 - 2013-11-29 15:54 - 00000000 ____D () C:\Users\.NET v4.5 Classic\AppData\Local\Pokki
C:\Users\Daniel\AppData\Local\Temp\oct8AE9.tmp.exe
C:\Users\Daniel\AppData\Local\Temp\SkypeSetup.exe
EmptyTemp:
Hosts:
End


Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

~~~~~~~~~~~~~~~~~~~

the next 2 tools may not run, try and it will good if not, move to the next.

-AdwCleaner-by Xplode

Click on this link to download : ADWCleaner (http://www.bleepingcomputer.com/download/adwcleaner/)
Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

Do not click on any links in the top Advertisment.


http://thespykiller.co.uk/files/adwcleaner_download.png

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.
NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why (http://www.im-infected.com/hijacker/isearch-avg-comsearch-hijacker.html) and Here (http://nojesusnopeas.blogspot.com/2012/08/sorry-but-avg-secure-search-is-malware.html). You can always Reinstall (http://www.avg.com/us-en/secure-search) it.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


http://imageshack.us/a/img841/7292/thisisujrt.gif
Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/) to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.


~~~~~~~~~~~~~~
please post
Fixlog.txt
C:\AdwCleaner.txt
JRT.txt

Hi Juliet,

Thank you, for your support.

In response to your comments:

1/. Can you open McAfee and find what file it's showing as infected?

C:\Users\Daniel\AppData\LocalTemp\wf2Be71i.exe.part (please see attached image)

2/. Pokki from SweetLabs has been found to be bundled with 3rd party software <--need to remove/uninstall this

I was going to reply saying that the Pokki Start Menu came preinstalled by Lenovo and I haven't had any issues with it or the PC. Therefore, I want to keep this because I will not be able to cope with Windows 8.1 without it. But, it's gone so I will try to get used to Windows 8 without it - it was slow anyway!

Everything ran OK; Windows security and McAfee didn't like the JRT though. Please find the logs below.

I really appreciate your help. Thanks again.

______________________________

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-11-2014 01
Ran by Daniel at 2014-11-29 17:45:08 Run:1
Running from C:\Users\Daniel\Desktop
Loaded Profile: Daniel (Available profiles: Daniel & Administrator & Classic .NET AppPool & .NET v4.5 & DefaultAppPool & .NET v2.0 & .NET v4.5 Classic & .NET v2.0 Classic)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
(Pokki) C:\Users\Daniel\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe
(Pokki) C:\Users\Daniel\AppData\Local\Pokki\Engine\HostAppService.exe
(Pokki) C:\Users\Daniel\AppData\Local\Pokki\Engine\StartMenuIndexer.exe
HKU\S-1-5-21-2228433086-130700982-1473003571-1001\...\Run: [Pokki] => "%LOCALAPPDATA%\Pokki\Engine\HostAppServiceUpdater.exe" /LOGON
SearchScopes: HKLM -> DefaultScope {1BFEC185-0D04-40DF-ACF3-5057D4300A85} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {1BFEC185-0D04-40DF-ACF3-5057D4300A85} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB
SearchScopes: HKLM-x32 -> DefaultScope {1BFEC185-0D04-40DF-ACF3-5057D4300A85} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {1BFEC185-0D04-40DF-ACF3-5057D4300A85} URL = http://www.bing.com/search?q={searchTerms}&form=IE11TR&src=IE11TR&pc=LCJB
SearchScopes: HKU\S-1-5-21-2228433086-130700982-1473003571-1001 -> {1BFEC185-0D04-40DF-ACF3-5057D4300A85} URL =
FF Extension: No Name - {4ED1F68A-5463-4931-9384-8FFF5ED91D92} [Not Found]
Task: {04E97A79-B502-42E8-BB60-B2FB53FBC605} - System32\Tasks\MySQL\Installer\ManifestUpdate => C:\Program Files (x86)\MySQL\MySQL Installer for Windows\MySQLInstallerConsole.exe [2014-09-18] (Oracle Corporation) <==== ATTENTION
2014-11-19 18:05 - 2013-11-29 15:54 - 00000000 ____D () C:\Users\DefaultAppPool\AppData\Local\Pokki
2014-11-19 17:23 - 2013-11-29 15:54 - 00000000 ____D () C:\Users\Classic .NET AppPool\AppData\Local\Pokki
2014-11-19 17:23 - 2013-11-29 15:54 - 00000000 ____D () C:\Users\.NET v2.0\AppData\Local\Pokki
2014-11-19 17:23 - 2013-11-29 15:54 - 00000000 ____D () C:\Users\.NET v2.0 Classic\AppData\Local\Pokki
2014-11-19 17:13 - 2013-11-29 15:54 - 00000000 ____D () C:\Users\.NET v4.5\AppData\Local\Pokki
2014-11-19 17:13 - 2013-11-29 15:54 - 00000000 ____D () C:\Users\.NET v4.5 Classic\AppData\Local\Pokki
C:\Users\Daniel\AppData\Local\Temp\oct8AE9.tmp.exe
C:\Users\Daniel\AppData\Local\Temp\SkypeSetup.exe
EmptyTemp:
Hosts:
End
*****************

Processes closed successfully.
C:\Users\Daniel\AppData\Local\Pokki\Engine\HostAppServiceUpdater.exe => No running process found
C:\Users\Daniel\AppData\Local\Pokki\Engine\HostAppService.exe => No running process found
C:\Users\Daniel\AppData\Local\Pokki\Engine\StartMenuIndexer.exe => No running process found
HKU\S-1-5-21-2228433086-130700982-1473003571-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Pokki => value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1BFEC185-0D04-40DF-ACF3-5057D4300A85}" => Key deleted successfully.
"HKCR\CLSID\{1BFEC185-0D04-40DF-ACF3-5057D4300A85}" => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{1BFEC185-0D04-40DF-ACF3-5057D4300A85}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{1BFEC185-0D04-40DF-ACF3-5057D4300A85}" => Key not found.
"HKU\S-1-5-21-2228433086-130700982-1473003571-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1BFEC185-0D04-40DF-ACF3-5057D4300A85}" => Key deleted successfully.
"HKCR\CLSID\{1BFEC185-0D04-40DF-ACF3-5057D4300A85}" => Key not found.
FF Extension: No Name - {4ED1F68A-5463-4931-9384-8FFF5ED91D92} [Not Found] not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{04E97A79-B502-42E8-BB60-B2FB53FBC605}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{04E97A79-B502-42E8-BB60-B2FB53FBC605}" => Key deleted successfully.
C:\Windows\System32\Tasks\MySQL\Installer\ManifestUpdate => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MySQL\Installer\ManifestUpdate" => Key deleted successfully.
C:\Users\DefaultAppPool\AppData\Local\Pokki => Moved successfully.
C:\Users\Classic .NET AppPool\AppData\Local\Pokki => Moved successfully.
C:\Users\.NET v2.0\AppData\Local\Pokki => Moved successfully.
C:\Users\.NET v2.0 Classic\AppData\Local\Pokki => Moved successfully.
C:\Users\.NET v4.5\AppData\Local\Pokki => Moved successfully.
C:\Users\.NET v4.5 Classic\AppData\Local\Pokki => Moved successfully.
C:\Users\Daniel\AppData\Local\Temp\oct8AE9.tmp.exe => Moved successfully.
C:\Users\Daniel\AppData\Local\Temp\SkypeSetup.exe => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 917.9 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====
_______________________________

# AdwCleaner v4.102 - Report created 29/11/2014 at 18:00:32
# Updated 23/11/2014 by Xplode
# Database : 2014-11-27.1 [Live]
# Operating System : Windows 8.1 (64 bits)
# Username : Daniel - DANIELS-LAPTOP
# Running from : C:\Users\Daniel\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Daniel\AppData\Local\Pokki
Folder Deleted : C:\Users\Public\Pokki

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Classes\pokki
Key Deleted : HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
Key Deleted : HKCU\Software\Classes\Directory\shell\pokki
Key Deleted : HKCU\Software\Classes\Drive\shell\pokki
Key Deleted : HKCU\Software\Classes\lnkfile\shell\pokki
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A75BE48D-BF58-4A8B-B96C-F9A09DFB9844}
Key Deleted : HKCU\Software\Pokki
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17416


-\\ Mozilla Firefox v33.1.1 (x86 en-GB)


-\\ Google Chrome v39.0.2171.71

[C:\Users\Daniel\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://uk.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [1512 octets] - [29/11/2014 17:56:41]
AdwCleaner[S0].txt - [1412 octets] - [29/11/2014 18:00:32]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1472 octets] ##########
____________________________

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.0 (11.29.2014:1)
OS: Windows 8.1 x64
Ran by Daniel on 29/11/2014 at 18:27:13.12
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29/11/2014 at 18:29:40.38
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Windows security and McAfee didn't like the JRT though
Your using windows 8.1, some tools want run well and thats one of them.

C:\Users\Daniel\AppData\LocalTemp\wf2Be71i.exe.part

Can you search for wf2Be71i.exe on your computer to see what application it might be attached to?, have you recently downloaded something?
the good thing about it is, it was located in a temp file directory.

Download Malwarebytes' Anti-Malware (http://www.malwarebytes.org/mbam-download.php) to your desktop.


Windows XP : Double click on the icon to run it.
Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"




http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMDashboard_zpsddef9b5f.gif (http://s1269.photobucket.com/user/OCD-WTT/media/MBAMDashboard_zpsddef9b5f.gif.html)



On the Dashboard click on Update Now
Go to the Setting Tab
Under Setting go to Detection and Protection
Under PUP and PUM make sure both are set to show Treat Dections as Malware
Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
Then on the Dashboard click on Scan
Make sure to select THREAT SCAN
Then click on Scan
When the scan is finished and the log pops up...select Copy to Clipboard
Please paste the log back into this thread for review
Exit Malwarebytes


~~~~~~~~~~~~~~~~~

What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
Most reliable and thorough.
The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
This scanner can take quite a bit of time to run, depending of course how full your computer is.


Go here (http://www.eset.com/us/online-scanner/) to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

Note:
For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how (http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html).
Click the blue Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
Click on Advanced Settings
Make sure that the option Remove found threats is unticked.
Ensure these options are ticked

Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology


Click Start
Wait for the scan to finish
When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
Close the ESET online scan.



Please post
Malwarebytes log
Eset log

How's your computer now?

Hi Juliet,

Apologies for the lengthy reply.

Re: Can you search for wf2Be71i.exe on your computer to see what application it might be attached to?

I have attached two screenshots of the temp folder contents.

Re: have you recently downloaded something?

When this happened, I wanted to download a Wordpress theme at freethemesandtemplates.blogspot.com, but when I was checking the download page to see if the site was safe the download began automatically.

McAfee detailed that it had caught and quarantined the download; so, I presume the application it was attached to got stopped by McAfee. Then again, something must have got through because internet explorer started changing the homepage and doing weird things. I can't understand how this happened if McAfee had supposedly caught the virus?

When I researched internet explorer changing the homepage to about:blank on Google lots of posts about the Artemis Virus were listed.

Does ESTET always produce a log, because one wasn't produced when the scan finished?

The summary, shown in the attached screenshot detailed that no threats were found. Although, I'm now wondering if ESET ran OK because although McAfee real time protection was turned off during the ESET scan, McAfee began a scheduled weekly scan before ESET had finished.

This didn't appear to affect the ESET scan; however, following the scan my PC would not return to the desktop. It was really weird; the PC purple start screen background appeared while on desktop view; there were no desktop icons visible, but the open apps showed on the taskbar however, not as icons, but as little window menu bars with the X to close them at the right.

It seemed as though the PC had slipped into a cross between safe mode where everything is bigger and out of focus and the start menu. This has never happened before.

Please find the Malwarebytes log below; no ESET log seemed to be produced.

Thanks.
____________________________________

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 30/11/2014
Scan Time: 11:05:44
Logfile:
Administrator: Yes

Version: 2.00.3.1025
Malware Database: v2014.11.30.04
Rootkit Database: v2014.11.29.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: Daniel

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 660727
Time Elapsed: 38 min, 52 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Hi Juliet,

Update:

I have just noticed that all my desktop icons/ shortcuts have been rearranged. This also happened when the PC went weird after the ESET scan.

This definitely just happened because prior to or during the scan I created new shortcuts to the control panel and a few other services following the removal of the start menu app.

Do you think this behaviour could be the virus or Windows? I've never seen it before.

Before all this happened, I was going to say the PC seems fine.

Thanks

From the screen shots, those temp files can be deleted and the other highlighted was a wordpad file?, not sure why?

Good to know Eset find nothing.

windows-7-desktop-icons-rearrange (https://social.technet.microsoft.com/Forums/windows/en-US/f20210cc-ba8e-44e1-a94c-4f7262e90c06/windows-7-desktop-icons-rearrange-on-reboot-screenshots-included?forum=w7itproui) <-- this is a long read through but had several tips on adjusting the system for the issue.


When this happened, I wanted to download a Wordpress theme at freethemesandtemplates.blogspot.com, but when I was checking the download page to see if the site was safe the download began automatically.
Look for this theme and see if it made it's way on the computer and delete it if found.


~~~~~~~~~~~~~~~~~~`

http://i1269.photobucket.com/albums/jj590/OCD-WTT/bullseye_zpse9eaf36e.gif Malwarebytes Anti-Rootkit

Download Malwarebytes Anti-Rootkit (http://downloads.malwarebytes.org/file/mbar)
Once the file has been downloaded, right click on the downloaded file and select the Extract all menu option.
Follow the instructions to extract the ZIP file to a folder called mbar-versionnumber on your desktop.
Once the ZIP file has been extracted, open the folder and when that folder opens, double-click on the mbar folder.
Double-click on the mbar.exe file to launch Malwarebytes Anti-Rootkit.
After you double-click on the mbar.exe file, you may receive a User Account Control (UAC) message if you are sure you wish to allow the program to run. Please allow to start Malwarebytes Anti-Rootkit correctly.
Malwarebytes Anti-Rootkit will now install necessary drivers that are required for the program to operate correctly.
If you receive a DDA driver message like could not load DDA driver, click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer and will start automatically.

http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMAnti-Rootkit1_zps4613be8c.png


Please click by the introduction screen on the Next button to continue.


http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMAnti-Rootkit2update_zpsf85fca28.png


Next you will see the Update Database screen.
Click on the Update button so Malwarebytes Anti-Rootkit can download the latest definition updates.


http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMAnti-Rootkitupdatecomplete_zpscf9f4cdb.png


When the update has finished, click on the Next button.

http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMAnti-Rootkitscan_zps9b346fe7.png


Next you can select some basic scanning options. Make sure the Drivers, Sectors, and System scan targets are selected before you click on the Scan button.
Malwarebytes Anti-Rootkit will now start scanning your computer for rootkits. This scan can take some time, so please be patient.


http://i1269.photobucket.com/albums/jj590/OCD-WTT/MBAMAnti-Rootkitscan-results_zps9f0fdf8e.png


When the scan with Malwarebytes Anti-Rootkit is finished, the program will display a screen with the results from the scan.
Make sure everything is selected and that the option to create a restore point is checked.
Next click on the Cleanup button. Malwarebytes Anti-Rootkit will then prompt you to reboot your computer.
Click on Yes button to restart your computer.


There will now be two log files created in the mbar folder called system-log.txt and one that starts with mbar-log.
The mbar-log file will always start with mbar-log, but the rest will be named using a timestamp indicating the time it was run.

For example, mbar-log-2012-11-12 (19-13-32).txt corresponds to mbar-log-year-month-day (hour-minute-second).txt.


The system-log.txt contains information about each time you have run MBAR and contains diagnostic information from the program.


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Hi Juliet,

Explorer is still doing weird things. After I downloaded Malwarebytes Anti-Rootkit I couldn't get it to run initially because another Malwarebytes programme was running. In the end, I exited the other Malwarebytes program through the system tray, but that was after restarting my PC to try to close the program.

Following the reboot I couldn't restart the previous internet explorer session because everything in explorer's recent history had been deleted - on it's own. Another weird behaviour?

So you think the desktop icons moving are a coincidence? I have tried some of the ideas in the post you directed me too; fingers crossed they work.

I can't find the Wordpress theme on my computer. Malwarebytes Anti-Rootkit didn't find anything either; I have attached an image of the scan results.

Thanks for the help and info.

We can try a few things for IE

http://java.com/en/download/help/disable_browser.xml
How do I disable Java in my web browser?

a. Do you have any registry cleaner, cc cleaner, or auto delete temp files software installed on your computer?
b. Are you using Desktop or Modern UI Internet Explorer 10?
I would suggest you to try troubleshooting steps:
a. Open Internet Explorer browser.
b. Press Windows key + R.
c. Type “inetcpl.cpl”.
d. Click OK.
e. Select on General tab.
f. Under set up Select “start with tabs from the last session”
g. Under browsing history uncheck “delete browsing history on exit”.
and the restore previous tabs option can be selected. under Settings in that section, "Temporary Internet Files" is set to "Automatically" with an adequate size
h. Click on apply and OK.



Press Ctrl+Alt+Del
Open Task manager
While IE opened with tabs, under procesess, find iexplore.exe (not iexplore.exe *32)
Right click and end process
next start of IE, at the bottom, you should see an option to restore last session

~~~~~~~~~~~~~`

Also please download Windows Repair (all in one) from here (http://www.tweaking.com/content/page/windows_repair_all_in_one.html)

http://www.bleepstatic.com/download/screenshots/w/windows-repair-all-in-one-portable/step-4-tab.jpg
Install the program then go to step 4 and create a new system restore point and new registry backup.

Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:
http://i1.ifrm.com/228/109/upload/p22001645.gif



NEXT
On the the Start Repairs tab => Click the Start
http://www.bleepstatic.com/download/screenshots/w/windows-repair-all-in-one-portable/start-repairs-tab.jpg


Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):
http://i1.ifrm.com/228/109/upload/p22001647.gif

Click on box next to the Restart System when Finished. Then click on Start.

Hi Juliet,

Re: Do you have any registry cleaner, cc cleaner, or auto delete temp files software installed on your computer?

No, I try to stay well clear of software like this.

Re: Are you using Desktop or Modern UI Internet Explorer 10?

I have the desktop version of Internet Explorer 11 installed.

The desktop icons seem OK now; fingers crossed.

Regarding the internet explorer troubleshooting steps, I had those settings in place already; but, thanks anyway.

Finally, regarding the All in One Windows repair tool: I ran CheckDisk and sure enough errors were found. I run this tool regularly and I haven't found errors before on this PC; it's only a few months old.

So, I followed the instructions in your post. Afterwards, I ran the sfc/ scannow tool from the elevated command prompt and all was fine. However, I ran the All in One Windows repair tool CheckDisk pre-scan again and errors were found.

That said, I noted the comments about false errors being reported when running the tool in read only mode, and that if the Windows check doesn't report any errors all should be OK; therefore, as Windows now reports all is OK, I presume that all is indeed well again.

I have attached a few images that I took during the process for reference.

Thank you, so much. We are looking good here again (I think).

Daniel.

I think your looking good here too. Use the computer for the day and let's see if any malware issues pop up.

Then we'll remove tools and quarantine folders and I'll post my preventive tips :)

Hello Juliet.

OK; will do.

I will post back later and let you know how I get on. Have a good day, and thank you, for all your help so far.

We're glad to help :)

Hi Juliet,

So far, my PC seems to be much better.

I'm also happy that you convinced me to drop the Pokki Start Menu app too. It forced me to use the new Windows menu which is much faster. And, now I have got the new style menu set up how I want it, I am pretty much back to where I was before.

If you could now assist me to remove the tools and any quarantined folders I would again be most grateful.

Thanks,

Daniel.

Hi Juliet,

So far, my PC seems to be much better.

I'm also happy that you convinced me to drop the Pokki Start Menu app too. It forced me to use the new Windows menu which is much faster. And, now I have got the new style menu set up how I want it, I am pretty much back to where I was before.

If you could now assist me to remove the tools and any quarantined folders I would again be most grateful.

Thanks,

Daniel.

It's all good news and glad to hear it!!

http://i.imgur.com/AFZxnZc.jpg DelFix

Please download DelFix (http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/9-delfix) and save the file to your Desktop.
Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:

Activate UAC
Remove disinfection tools
Create registry backup
Purge system restore



Click the Run button.

-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).


Answers to common security questions - Best Practices (http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/) by quietman7, MVP
How Malware Spreads - How did I get infected? (http://www.bleepingcomputer.com/forums/t/287710/how-malware-spreads-how-did-i-get-infected/) by quietman7, MVP
Simple and easy ways to keep your computer safe and secure on the Internet (http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/) by Lawrence Abrams, MVP
How to Prevent Malware (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html) by miekiemoes, MVP
How to backup and restore your data using Cobian Backup (http://www.bleepingcomputer.com/tutorials/backup-and-restore-data-with-cobian-backup/) by YourHighness
Slow Computer/browser? It May Not Be Malware (http://www.bleepingcomputer.com/forums/t/87058/slow-computerbrowser-check-here-first;-it-may-not-be-malware/) by quietman7, MVP


The following programmes come highly recommended in the security community.

http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xKsUqI5A.png.pagespeed.ic.vn1Hlvqi8h.jpgAdBlock (https://adblockplus.org/en/firefox) is a browser add-on that blocks annoying banners, pop-ups and video ads.
http://i.imgur.com/E8I37RF.pngCryptoPrevent (https://www.foolishit.com/) places policy restrictions on loading points for ransomware (eg.CryptoPrevent), preventing your files from being encrypted.
http://i.imgur.com/EG85Vjt.png Malwarebytes Anti-Exploit (https://www.malwarebytes.org/antiexploit/) (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/x6YRrgUC.png.pagespeed.ic.HjgFxjvw2Z.jpgMalwarebytes Anti-Malware Premium (https://www.malwarebytes.org/) (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xjv4nhMJ.png.pagespeed.ic.A5YbWn1eDO.png NoScript (http://noscript.net/) is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
http://i.imgur.com/3O8r9Uq.png (http://www.sandboxie.com/) Sandboxie (http://www.sandboxie.com/) isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/DgW1XL2.png.pagespeed.ce.v1OlJl_ZAS.png Secuina PSI (http://secunia.com/vulnerability_scanning/personal/) will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xj1OLIec.png.pagespeed.ic.k6hhwopU0q.jpg SpywareBlaster (https://www.brightfort.com/spywareblaster.html) is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xJEP5iWI.png.pagespeed.ic.4tmM1lM7DQ.pngWeb of Trust (https://www.mywot.com/) (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.

Hi Juliet,

I followed your instructions and most of the software that I downloaded over the past few days was uninstalled; I removed the rest through 'Program and Features'.

The work that you guys do is much needed; not everyone has the knowledge or the cash to get viruses sorted out. Personally speaking, I really appreciate your help.

So, thank you and Merry Christmas.

Daniel.

I enjoyed helping.

`·»Merry Christmas«·´ to you too!

Glad we could help. :)http://i204.photobucket.com/albums/bb106/Juliet702/sparkle.gif

Since this issue appears resolved ... this Topic is closed.