PDA

View Full Version : Executable Trojans-009 found: Advice toward next step?



Goldenvoice
2015-01-15, 19:48
Acquired a used computer last week, been cleaning out previous users files, have rum Avast (clean), Malwarebytes (clean) now Spybot. Among a big list of the typical stuff Spybot will pick up on a machine that it's never been run on, it has identified a high risk item.
I'm not sure if I should simply let Spybot "do its job", or if at this point I need to take another tack.

I scanned the stickies, and have read through: http://forums.spybot.info/showthread.php?288-quot-BEFORE-You-POST-quot-(Please-read-this-Procedure-Before-Requesting-Assistance)-Updated
Not sure if I need to follow these steps, or not; Advice needed and greatly appreciated.

11967

11968


Search results from Spybot - Search & Destroy

1/15/2015 9:14:46 AM
Scan took 00:22:50.
33 items found.

Babylon.Toolbar: [SBI $3BE29F71] Settings (Registry Key, nothing done)
HKEY_CLASSES_ROOT\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}

Babylon.Toolbar: [SBI $3BE29F71] Settings (Registry Key, nothing done)
HKEY_CLASSES_ROOT\AppID\{BDB69379-802F-4eaf-B541-F8DE92DD98DB}

Babylon.Toolbar: [SBI $DEB52F26] Program directory (Directory, nothing done)
C:\ProgramData\Babylon\

Babylon.Toolbar: [SBI $D1EDD9CA] Settings (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Babylon

ilivid.Toolbar: [SBI $11AD089B] User settings (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2826877253-2716156986-1703609734-500\Software\Microsoft\Internet Explorer\SearchScopes\DefaultScope

ilivid.Toolbar: [SBI $02FE75BF] Settings (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

ilivid.Toolbar: [SBI $02FE75BF] Settings (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}

W3i.IQ5.fraud: [SBI $678078F9] Settings (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\W3i

Delta.Toolbar: [SBI $924A2839] Settings (Registry Key, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Babylon\Babylon Client

Win32.Downloader.bltu: [SBI $F553E068] Executable (File, nothing done)
C:\user.js
Properties.size=317
Properties.md5=E21F5EB2F97F6007ECA00785DBABCBBE
Properties.filedate=1348104810
Properties.filedatetext=2012-09-19 17:33:30

DoubleClick: [SBI $4E2AF2AC] Tracking cookie (Internet Explorer (User): Administrator) (Browser: Cookie, nothing done)


Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2826877253-2716156986-1703609734-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2826877253-2716156986-1703609734-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent

MS Media Player: [SBI $5C51E349] Client ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2826877253-2716156986-1703609734-500\Software\Microsoft\MediaPlayer\Player\Settings\Client ID

MS Direct3D: [SBI $7FB7B83F] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2826877253-2716156986-1703609734-500\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name

MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name

Windows Explorer: [SBI $D20DA0AD] Recent file global history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-2826877253-2716156986-1703609734-500\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs

Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2826877253-2716156986-1703609734-500\Software\Microsoft\Windows Media\WMSDK\General\ComputerName

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-2826877253-2716156986-1703609734-500\Software\Microsoft\Windows Media\WMSDK\General\UniqueID

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
HKEY_USERS\S-1-5-20\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
HKEY_USERS\S-1-5-21-2826877253-2716156986-1703609734-500\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber

Cookie: [SBI $49804B54] Browser: Cookie (10) (Browser: Cookie, nothing done)


Cache: [SBI $49804B54] Browser: Cache (182) (Browser: Cache, nothing done)


History: [SBI $49804B54] Browser: History (18) (Browser: History, nothing done)



--- Spybot - Search & Destroy version: 2.4.40.131 DLL (build: 20140425) ---

I would go ahead and run FRST and post, but I'm not even sure what to do with Spybot results in the meantime - it's just open, showing results, and awaiting my commands.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2015 01
Ran by Administrator (administrator) on WILL-PC on 15-01-2015 13:20:37
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available profiles: UpdatusUser & Administrator)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVG Secure Search) C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_MAY2013_TB.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
() C:\Windows\SysWOW64\HsMgr.exe
() C:\Windows\system\HsMgr64.exe
(Microsoft Corporation) C:\Program Files\Zune\ZuneLauncher.exe
(CMedia) C:\Program Files\ASUS Xonar Essence STX Audio\Customapp\AsusAudioCenter.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Cmaudio8788] => C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd
HKLM\...\Run: [Cmaudio8788GX] => C:\Windows\syswow64\HsMgr.exe [200704 2008-07-11] ()
HKLM\...\Run: [Cmaudio8788GX64] => C:\Windows\system\HsMgr64.exe [282112 2008-07-11] ()
HKLM\...\Run: [Zune Launcher] => C:\Program Files\Zune\ZuneLauncher.exe [163552 2011-08-05] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1796056 2014-08-19] (NVIDIA Corporation)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-15] (AVAST Software)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [AllowLegacyWebView] 1
HKLM\...\Policies\Explorer: [AllowUnhashedWebView] 1
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-2826877253-2716156986-1703609734-500\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKU\S-1-5-21-2826877253-2716156986-1703609734-500 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - !{95B7759C-8C7F-4BF1-B163-73684A933233} - No File
Toolbar: HKLM - No Name - !{98889811-442D-49dd-99D7-DC866BE87DBC} - No File
Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKLM-x32 - No Name - !{95B7759C-8C7F-4BF1-B163-73684A933233} - No File
Toolbar: HKLM-x32 - No Name - !{98889811-442D-49dd-99D7-DC866BE87DBC} - No File
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 206.212.237.1 206.212.237.2

FireFox:
========
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @divx.com/DivX Browser Plugin,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.4.1 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.4.1 -> C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{23fcfd51-4958-4f00-80a3-ae97e717ed8b}] - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5
FF Extension: DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012-04-03]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-01-15]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [fgobjbnkdcloecmfmbicmeiodgenihbh] - C:\Users\Will\AppData\LocalLow\Playbryte\Chrome.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-01-15]
CHR HKLM-x32\...\Chrome\Extension: [ilckobikkmajlmhhdenkhonjkoaneclk] - C:\Program Files (x86)\WinZip Courier\wzwmcgc.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [nneajnkjbffgblleaoojgaacokifdkhm] - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx [2011-12-12]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-15] (AVAST Software)
S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [73728 2004-10-22] (Macrovision Corporation) [File not signed]
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2635552 2015-01-13] (IObit)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-01-15] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [87912 2015-01-15] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-01-15] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-01-15] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-01-15] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-01-15] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-01-15] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-01-15] ()
R3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [1266688 2010-09-16] (C-Media Inc)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [53760 2012-09-28] (Apple, Inc.) [File not signed]
S2 iPodDrv; \??\C:\Windows\system32\drivers\iPodDrv.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-15 13:20 - 2015-01-15 13:20 - 00012814 _____ () C:\Users\Administrator\Desktop\FRST.txt
2015-01-15 13:20 - 2015-01-15 13:20 - 00000000 ____D () C:\FRST
2015-01-15 13:14 - 2015-01-15 13:15 - 05198336 _____ (AVAST Software) C:\Users\Administrator\Desktop\aswMBR.exe
2015-01-15 13:08 - 2015-01-15 13:08 - 02125312 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2015-01-15 13:02 - 2015-01-15 13:02 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-WILL-PC-Microsoft-Windows-7-Ultimate-(64-bit).dat
2015-01-15 13:01 - 2015-01-15 13:01 - 00000000 ____D () C:\RegBackup
2015-01-15 12:58 - 2015-01-15 12:58 - 00002235 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-01-15 12:58 - 2015-01-15 12:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-01-15 12:58 - 2015-01-15 12:58 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2015-01-15 12:53 - 2015-01-15 12:53 - 04215584 _____ () C:\Users\Administrator\Desktop\tweaking.com_registry_backup_setup.exe
2015-01-15 12:52 - 2015-01-15 09:49 - 00000398 _____ () C:\Users\Administrator\Desktop\SPYBOT my POST Executable Trojans-009 found Advice toward next step.url
2015-01-15 12:52 - 2015-01-15 09:09 - 00000443 _____ () C:\Users\Administrator\Desktop\BEFORE You POST(Please read this Procedure Before Requesting Assistance)- Updated.url
2015-01-15 09:14 - 2015-01-15 09:14 - 00012364 _____ () C:\Users\Administrator\Desktop\Scan Results.150115-0914.txt
2015-01-15 08:25 - 2009-06-10 13:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hosts.20150115-082505.backup
2015-01-15 08:09 - 2015-01-15 08:26 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-01-15 08:09 - 2015-01-15 08:12 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-01-15 08:09 - 2015-01-15 08:09 - 00001391 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2015-01-15 08:09 - 2015-01-15 08:09 - 00001379 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2015-01-15 08:09 - 2015-01-15 08:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2015-01-15 08:09 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2015-01-15 07:55 - 2015-01-15 07:55 - 00000816 _____ () C:\Windows\PFRO.log
2015-01-15 07:55 - 2015-01-15 07:55 - 00000056 _____ () C:\Windows\setupact.log
2015-01-15 07:55 - 2015-01-15 07:55 - 00000000 _____ () C:\Windows\setuperr.log
2015-01-15 01:17 - 2015-01-15 01:18 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-01-15 01:17 - 2015-01-15 01:17 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-01-15 01:17 - 2015-01-15 01:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-01-15 01:17 - 2015-01-15 01:17 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-01-15 01:17 - 2015-01-15 01:17 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-01-15 01:17 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-01-15 01:17 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-01-15 01:17 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-01-15 00:24 - 2015-01-15 00:24 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\AVAST Software
2015-01-15 00:21 - 2015-01-15 00:21 - 00001964 _____ () C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-01-15 00:21 - 2015-01-15 00:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-01-15 00:20 - 2015-01-15 00:24 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-01-15 00:20 - 2015-01-15 00:21 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2015-01-15 00:20 - 2015-01-15 00:21 - 00087912 _____ (AVAST Software) C:\Windows\system32\Drivers\aswmonflt.sys
2015-01-15 00:20 - 2015-01-15 00:20 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2015-01-15 00:20 - 2015-01-15 00:20 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2015-01-15 00:20 - 2015-01-15 00:20 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-01-15 00:20 - 2015-01-15 00:20 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2015-01-15 00:20 - 2015-01-15 00:20 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2015-01-15 00:20 - 2015-01-15 00:20 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-01-15 00:20 - 2015-01-15 00:20 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2015-01-15 00:20 - 2015-01-15 00:20 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-01-15 00:19 - 2015-01-15 00:19 - 00000000 ____D () C:\Program Files\AVAST Software
2015-01-15 00:12 - 2015-01-15 00:19 - 00000000 ____D () C:\ProgramData\AVAST Software
2015-01-14 23:35 - 2015-01-14 23:35 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieUserList
2015-01-14 23:35 - 2015-01-14 23:35 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieSiteList
2015-01-14 23:35 - 2015-01-14 23:35 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieBrowserModeList
2015-01-14 22:51 - 2014-12-11 09:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-01-14 22:46 - 2014-12-12 21:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-01-14 22:46 - 2014-12-12 19:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-01-14 22:30 - 2014-08-28 18:07 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-01-14 22:29 - 2014-09-04 18:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-01-14 22:29 - 2014-09-04 17:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-01-14 21:39 - 2015-01-14 21:39 - 00000000 ____D () C:\Users\Administrator\AppData\Local\NVIDIA
2015-01-14 21:14 - 2014-05-08 01:32 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-01-14 21:07 - 2013-10-01 18:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2015-01-14 21:07 - 2013-10-01 18:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2015-01-14 21:07 - 2013-10-01 18:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-01-14 21:07 - 2013-10-01 17:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2015-01-14 21:07 - 2013-10-01 17:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2015-01-14 21:07 - 2013-10-01 17:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-01-14 21:07 - 2013-10-01 17:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2015-01-14 21:07 - 2013-10-01 16:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-01-14 21:07 - 2013-10-01 16:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2015-01-14 21:07 - 2013-10-01 16:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2015-01-14 21:07 - 2013-10-01 16:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-01-14 21:07 - 2013-10-01 15:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-01-14 21:07 - 2013-10-01 15:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-01-14 21:07 - 2013-10-01 15:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-01-14 21:07 - 2013-10-01 14:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2015-01-14 21:04 - 2015-01-14 21:04 - 00771088 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-01-14 21:01 - 2012-08-23 06:13 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-01-14 21:01 - 2012-08-23 06:10 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-01-14 21:01 - 2012-08-23 03:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2015-01-14 21:01 - 2012-08-23 02:51 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2015-01-14 21:00 - 2014-07-02 09:44 - 00609240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-01-14 20:52 - 2015-01-14 20:52 - 00002052 _____ () C:\Windows\epplauncher.mif
2015-01-14 19:32 - 2014-11-21 18:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-01-14 19:31 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2015-01-14 19:31 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2015-01-14 19:31 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2015-01-14 19:31 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2015-01-14 19:31 - 2014-07-08 18:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2015-01-14 19:31 - 2014-07-08 17:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2015-01-14 19:31 - 2014-07-08 17:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2015-01-14 19:31 - 2014-07-08 17:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2015-01-14 19:31 - 2014-07-08 17:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2015-01-14 19:31 - 2014-07-08 17:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2015-01-14 19:31 - 2014-07-08 14:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2015-01-14 19:31 - 2014-07-08 14:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2015-01-14 19:17 - 2013-07-20 02:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-01-14 19:17 - 2013-07-20 02:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-01-14 18:43 - 2013-05-09 21:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-01-14 18:43 - 2013-05-09 21:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-01-14 18:43 - 2013-05-09 20:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-01-14 18:43 - 2013-05-09 20:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-01-14 18:36 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2015-01-14 18:32 - 2015-01-14 18:32 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-01-14 18:32 - 2015-01-14 18:32 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-01-14 18:32 - 2015-01-14 18:32 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-01-14 18:32 - 2015-01-14 18:32 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-01-14 18:32 - 2015-01-14 18:32 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-01-14 18:32 - 2015-01-14 18:32 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-01-14 18:32 - 2015-01-14 18:32 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-01-14 18:32 - 2015-01-14 18:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-01-14 18:32 - 2015-01-14 18:32 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-01-14 18:32 - 2015-01-14 18:32 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-01-14 18:32 - 2015-01-14 18:32 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-01-14 18:32 - 2015-01-14 18:32 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-01-14 18:32 - 2015-01-14 18:32 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-01-14 18:32 - 2015-01-14 18:32 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-01-14 18:32 - 2015-01-14 18:32 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-01-14 18:32 - 2015-01-14 18:32 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-01-14 18:32 - 2015-01-14 18:32 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-01-14 18:32 - 2015-01-14 18:32 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-01-14 18:32 - 2015-01-14 18:32 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2015-01-14 18:32 - 2015-01-14 18:32 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-01-14 18:32 - 2015-01-14 18:32 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-01-14 18:32 - 2015-01-14 18:32 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-01-14 18:32 - 2015-01-14 18:32 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-01-14 18:32 - 2015-01-14 18:32 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-01-14 18:32 - 2015-01-14 18:32 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-01-14 18:32 - 2015-01-14 18:32 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-01-14 18:32 - 2015-01-14 18:32 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2015-01-14 18:32 - 2015-01-14 18:32 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-01-14 18:32 - 2015-01-14 18:32 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-01-14 18:32 - 2015-01-14 18:32 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2015-01-14 18:32 - 2015-01-14 18:32 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2015-01-14 18:32 - 2015-01-14 18:32 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-01-14 18:32 - 2015-01-14 18:32 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-01-14 18:32 - 2015-01-14 18:32 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-01-14 18:32 - 2015-01-14 18:32 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-01-14 18:32 - 2015-01-14 18:32 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-01-14 18:32 - 2015-01-14 18:32 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-01-14 18:32 - 2015-01-14 18:32 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-01-14 18:32 - 2015-01-14 18:32 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-01-14 18:32 - 2015-01-14 18:32 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-01-14 18:32 - 2015-01-14 18:32 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-01-14 18:32 - 2015-01-14 18:32 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-01-14 18:32 - 2015-01-14 18:32 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-01-14 18:32 - 2015-01-14 18:32 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2015-01-14 18:32 - 2015-01-14 18:32 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-01-14 18:32 - 2015-01-14 18:32 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-01-14 18:32 - 2015-01-14 18:32 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2015-01-14 18:32 - 2015-01-14 18:32 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-01-14 18:32 - 2015-01-14 18:32 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-01-14 18:32 - 2015-01-14 18:32 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-01-14 18:32 - 2015-01-14 18:32 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2015-01-14 18:32 - 2015-01-14 18:32 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2015-01-14 18:32 - 2015-01-14 18:32 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-01-14 18:32 - 2015-01-14 18:32 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2015-01-14 18:32 - 2015-01-14 18:32 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2015-01-14 18:32 - 2015-01-14 18:32 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-01-14 18:32 - 2015-01-14 18:32 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2015-01-14 18:32 - 2015-01-14 18:32 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2015-01-14 18:32 - 2015-01-14 18:32 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-01-14 18:32 - 2015-01-14 18:32 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2015-01-14 18:32 - 2015-01-14 18:32 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-01-14 18:32 - 2015-01-14 18:32 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-01-14 18:32 - 2015-01-14 18:32 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-01-14 18:32 - 2015-01-14 18:32 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2015-01-14 18:32 - 2015-01-14 18:32 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-01-14 18:32 - 2015-01-14 18:32 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-01-14 18:32 - 2015-01-14 18:32 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-01-14 18:32 - 2015-01-14 18:32 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2015-01-14 18:32 - 2015-01-14 18:32 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-01-14 18:32 - 2015-01-14 18:32 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2015-01-14 18:32 - 2015-01-14 18:32 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-01-14 18:32 - 2015-01-14 18:32 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2015-01-14 18:32 - 2015-01-14 18:32 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2015-01-14 18:32 - 2015-01-14 18:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-01-14 18:32 - 2015-01-14 18:32 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2015-01-14 18:32 - 2015-01-14 18:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-01-14 18:32 - 2015-01-14 18:32 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2015-01-14 18:32 - 2015-01-14 18:32 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2015-01-14 18:32 - 2015-01-14 18:32 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2015-01-14 18:32 - 2015-01-14 18:32 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-01-14 18:32 - 2015-01-14 18:32 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-01-14 18:32 - 2015-01-14 18:32 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2015-01-14 18:32 - 2015-01-14 18:32 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-01-14 18:32 - 2015-01-14 18:32 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2015-01-14 18:32 - 2015-01-14 18:32 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-01-14 18:32 - 2015-01-14 18:32 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2015-01-14 18:32 - 2015-01-14 18:32 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-01-14 18:32 - 2015-01-14 18:32 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-01-14 18:32 - 2015-01-14 18:32 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2015-01-14 18:32 - 2015-01-14 18:32 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2015-01-14 18:32 - 2015-01-14 18:32 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-01-14 18:32 - 2015-01-14 18:32 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2015-01-14 18:32 - 2015-01-14 18:32 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-01-14 18:32 - 2015-01-14 18:32 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-01-14 18:32 - 2015-01-14 18:32 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-01-14 18:32 - 2015-01-14 18:32 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2015-01-14 18:32 - 2015-01-14 18:32 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-01-14 18:32 - 2015-01-14 18:32 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-01-14 18:32 - 2015-01-14 18:32 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2015-01-14 18:32 - 2015-01-14 18:32 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2015-01-14 18:32 - 2015-01-14 18:32 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-01-14 18:32 - 2015-01-14 18:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-01-14 18:32 - 2015-01-14 18:32 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-01-14 18:32 - 2015-01-14 18:32 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-01-14 18:32 - 2015-01-14 18:32 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-01-14 17:47 - 2014-10-17 18:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-01-14 17:47 - 2014-10-17 17:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-01-14 17:47 - 2014-07-06 18:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-01-14 17:47 - 2014-07-06 18:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-01-14 17:47 - 2014-07-06 18:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-01-14 17:47 - 2014-07-06 18:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-01-14 17:47 - 2014-07-06 17:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-01-14 17:47 - 2014-07-06 17:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-01-14 17:47 - 2014-07-06 17:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-01-14 17:47 - 2014-07-06 17:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-01-14 17:35 - 2014-06-26 18:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2015-01-14 17:35 - 2014-06-26 17:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2015-01-14 17:31 - 2015-01-14 17:34 - 00000000 ____D () C:\Windows\system32\MRT
2015-01-14 17:28 - 2014-06-30 14:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2015-01-14 17:28 - 2014-06-30 14:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2015-01-14 17:28 - 2014-06-05 22:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2015-01-14 17:28 - 2014-06-05 22:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2015-01-14 17:28 - 2014-03-09 13:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2015-01-14 17:28 - 2014-03-09 13:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2015-01-14 17:28 - 2014-03-09 13:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2015-01-14 17:28 - 2014-03-09 13:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2015-01-14 17:19 - 2013-10-05 12:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-01-14 17:19 - 2013-10-05 11:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-01-14 17:19 - 2013-07-08 21:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-01-14 17:19 - 2013-07-08 21:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-01-14 17:19 - 2013-07-08 20:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-01-14 17:19 - 2013-07-08 20:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-01-14 17:17 - 2014-06-23 19:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-01-14 17:17 - 2014-06-23 18:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-01-14 17:17 - 2013-11-23 10:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-01-14 17:17 - 2013-11-23 09:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-01-14 17:17 - 2013-10-03 18:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2015-01-14 17:17 - 2013-10-03 17:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2015-01-14 17:17 - 2013-08-28 18:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-01-14 17:17 - 2013-08-28 18:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-01-14 17:17 - 2013-08-28 18:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-01-14 17:17 - 2013-08-28 17:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-01-14 17:17 - 2013-08-28 17:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-01-14 17:17 - 2013-08-28 17:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-01-14 17:17 - 2013-07-04 04:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-01-14 17:16 - 2014-09-19 01:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-01-14 17:16 - 2014-09-19 01:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-01-14 17:16 - 2014-09-19 01:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-01-14 17:16 - 2014-09-19 01:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-01-14 17:16 - 2014-09-19 01:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-01-14 17:16 - 2014-09-19 01:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-01-14 17:16 - 2014-09-19 01:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-01-14 17:16 - 2014-09-19 01:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-01-14 17:16 - 2014-09-19 01:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-01-14 17:16 - 2014-09-19 01:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-01-14 17:16 - 2014-09-19 01:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-01-14 17:16 - 2014-09-19 01:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-01-14 17:16 - 2014-08-01 03:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2015-01-14 17:16 - 2014-08-01 03:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2015-01-14 17:16 - 2014-06-24 18:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-01-14 17:16 - 2014-06-24 17:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-01-14 17:16 - 2014-06-18 14:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2015-01-14 17:16 - 2014-06-18 14:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2015-01-14 17:16 - 2014-06-18 14:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2015-01-14 17:16 - 2014-06-18 14:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2015-01-14 17:16 - 2014-06-18 14:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2015-01-14 17:16 - 2014-06-18 14:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2015-01-14 17:16 - 2014-06-17 18:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2015-01-14 17:16 - 2014-06-17 17:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2015-01-14 17:16 - 2014-04-04 18:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2015-01-14 17:16 - 2014-04-04 18:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2015-01-14 17:16 - 2014-03-26 06:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-01-14 17:16 - 2014-03-26 06:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-01-14 17:16 - 2014-03-26 06:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-01-14 17:16 - 2014-03-26 06:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-01-14 17:16 - 2014-03-04 01:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2015-01-14 17:16 - 2014-03-04 01:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-01-14 17:16 - 2014-03-04 01:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2015-01-14 17:16 - 2014-03-04 01:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2015-01-14 17:16 - 2014-03-04 01:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2015-01-14 17:16 - 2014-03-04 01:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2015-01-14 17:16 - 2014-03-04 01:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2015-01-14 17:16 - 2014-03-04 01:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2015-01-14 17:16 - 2014-03-04 01:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2015-01-14 17:16 - 2014-03-04 01:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2015-01-14 17:16 - 2014-03-04 01:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2015-01-14 17:16 - 2014-03-04 01:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2015-01-14 17:16 - 2014-03-04 01:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2015-01-14 17:16 - 2014-03-04 01:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2015-01-14 17:16 - 2014-03-04 01:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2015-01-14 17:16 - 2014-03-04 01:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-01-14 17:16 - 2013-12-03 18:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2015-01-14 17:16 - 2013-12-03 18:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2015-01-14 17:16 - 2013-12-03 18:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2015-01-14 17:16 - 2013-12-03 18:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2015-01-14 17:16 - 2013-12-03 18:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2015-01-14 17:16 - 2013-12-03 18:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2015-01-14 17:16 - 2013-12-03 18:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2015-01-14 17:16 - 2013-12-03 18:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2015-01-14 17:16 - 2013-12-03 18:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2015-01-14 17:16 - 2013-12-03 18:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2015-01-14 17:16 - 2013-12-03 18:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2015-01-14 17:16 - 2013-12-03 18:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2015-01-14 17:16 - 2013-12-03 18:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2015-01-14 17:16 - 2013-12-03 18:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2015-01-14 17:16 - 2013-12-03 17:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2015-01-14 17:16 - 2013-12-03 17:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2015-01-14 17:16 - 2013-12-03 17:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2015-01-14 17:16 - 2013-12-03 17:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2015-01-14 17:16 - 2013-11-26 03:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2015-01-14 17:16 - 2013-11-26 00:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2015-01-14 17:16 - 2013-11-22 14:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-01-14 17:16 - 2013-10-03 18:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2015-01-14 17:16 - 2013-10-03 18:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2015-01-14 17:16 - 2013-10-03 17:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2015-01-14 17:16 - 2013-10-03 17:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2015-01-14 17:16 - 2013-09-07 18:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2015-01-14 17:16 - 2013-09-07 18:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2015-01-14 17:16 - 2013-07-25 01:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2015-01-14 17:16 - 2013-07-25 00:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2015-01-14 17:16 - 2013-07-04 04:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-01-14 17:16 - 2013-07-04 04:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-01-14 17:16 - 2013-07-04 03:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-01-14 17:16 - 2013-07-04 03:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-01-14 17:16 - 2013-06-25 14:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2015-01-14 17:16 - 2013-06-05 21:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-01-14 17:16 - 2013-06-05 21:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-01-14 17:16 - 2013-06-05 21:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-01-14 17:16 - 2013-06-05 21:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-01-14 17:16 - 2013-06-05 20:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-01-14 17:16 - 2013-06-05 20:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-01-14 17:16 - 2013-06-05 20:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-01-14 17:16 - 2013-06-05 19:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-01-14 17:16 - 2013-06-05 19:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-01-14 17:16 - 2013-06-05 19:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-01-14 17:15 - 2014-12-05 20:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-01-14 17:15 - 2014-12-05 19:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-01-14 17:15 - 2014-12-05 19:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-01-14 17:15 - 2014-09-24 18:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-01-14 17:15 - 2014-09-24 17:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-01-14 17:15 - 2014-07-16 18:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2015-01-14 17:15 - 2014-07-16 18:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2015-01-14 17:15 - 2014-07-16 18:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2015-01-14 17:15 - 2014-07-16 17:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2015-01-14 17:15 - 2014-07-16 17:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2015-01-14 17:15 - 2014-07-16 17:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2015-01-14 17:15 - 2014-06-06 02:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2015-01-14 17:15 - 2014-06-06 01:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2015-01-14 17:15 - 2014-05-29 22:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-01-14 17:15 - 2014-04-24 18:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-01-14 17:15 - 2014-04-24 18:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2015-01-14 17:15 - 2014-02-03 18:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2015-01-14 17:15 - 2014-02-03 18:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2015-01-14 17:15 - 2014-02-03 18:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2015-01-14 17:15 - 2014-02-03 18:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2015-01-14 17:15 - 2014-02-03 18:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2015-01-14 17:15 - 2014-01-28 18:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-01-14 17:15 - 2014-01-28 18:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-01-14 17:15 - 2014-01-27 18:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2015-01-14 17:15 - 2013-11-26 17:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2015-01-14 17:15 - 2013-11-26 17:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2015-01-14 17:15 - 2013-11-26 17:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2015-01-14 17:15 - 2013-11-26 17:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2015-01-14 17:15 - 2013-11-26 17:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2015-01-14 17:15 - 2013-11-26 17:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2015-01-14 17:15 - 2013-11-26 17:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2015-01-14 17:15 - 2013-10-29 18:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2015-01-14 17:15 - 2013-10-29 18:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2015-01-14 17:15 - 2013-10-18 18:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2015-01-14 17:15 - 2013-10-18 17:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2015-01-14 17:15 - 2013-08-04 18:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2015-01-14 17:15 - 2013-07-12 02:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2015-01-14 17:15 - 2013-07-12 02:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2015-01-14 17:15 - 2013-07-12 02:40 - 00109824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2015-01-14 17:15 - 2013-07-08 21:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-01-14 17:15 - 2013-07-08 20:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-01-14 17:15 - 2013-07-04 04:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-01-14 17:15 - 2013-07-04 03:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-01-14 17:15 - 2013-07-02 20:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2015-01-14 17:15 - 2013-07-02 20:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2015-01-14 17:14 - 2014-11-10 19:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-01-14 17:14 - 2014-11-10 19:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-01-14 17:14 - 2014-11-10 19:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-01-14 17:14 - 2014-11-10 18:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-01-14 17:14 - 2014-11-10 18:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-01-14 17:14 - 2014-11-10 18:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2015-01-14 17:14 - 2014-10-13 18:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-01-14 17:14 - 2014-10-13 18:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2015-01-14 17:14 - 2014-10-13 18:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-01-14 17:14 - 2014-10-13 18:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-01-14 17:14 - 2014-10-13 18:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-01-14 17:14 - 2014-10-13 17:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-01-14 17:14 - 2014-10-13 17:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-01-14 17:14 - 2014-10-13 17:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-01-14 17:14 - 2014-10-13 17:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-01-14 17:14 - 2014-04-11 18:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-01-14 17:14 - 2014-04-11 18:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-01-14 17:14 - 2014-04-11 18:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-01-14 17:14 - 2014-04-11 18:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-01-14 17:14 - 2014-04-11 18:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-01-14 17:13 - 2014-12-18 19:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-01-14 17:13 - 2014-12-18 17:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-01-14 17:13 - 2014-11-10 17:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-01-14 17:13 - 2014-08-22 18:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-01-14 17:13 - 2014-08-22 17:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-01-14 17:13 - 2014-08-20 22:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-01-14 17:13 - 2014-08-20 22:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-01-14 17:13 - 2014-08-20 22:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-01-14 17:13 - 2014-08-20 22:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-01-14 17:13 - 2014-08-11 18:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2015-01-14 17:13 - 2014-08-11 17:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2015-01-14 17:13 - 2014-03-04 01:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-01-14 17:13 - 2014-03-04 01:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-01-14 17:13 - 2014-03-04 01:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-01-14 17:13 - 2014-03-04 01:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-01-14 17:13 - 2014-03-04 01:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-01-14 17:13 - 2014-03-04 01:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-01-14 17:13 - 2014-03-04 01:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-01-14 17:13 - 2014-03-04 01:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-01-14 17:13 - 2014-03-04 01:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-01-14 17:13 - 2014-03-04 00:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-01-14 17:13 - 2014-03-04 00:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-01-14 17:13 - 2014-01-23 18:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2015-01-14 17:13 - 2013-10-11 18:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2015-01-14 17:13 - 2013-10-11 18:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2015-01-14 17:13 - 2013-10-11 18:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2015-01-14 17:13 - 2013-10-11 18:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2015-01-14 17:13 - 2013-10-11 18:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2015-01-14 17:13 - 2013-08-01 18:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-01-14 17:13 - 2013-08-01 18:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-01-14 17:13 - 2013-08-01 18:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-01-14 17:13 - 2013-08-01 18:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-01-14 17:13 - 2013-08-01 18:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-01-14 17:13 - 2013-08-01 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-01-14 17:13 - 2013-08-01 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-01-14 17:13 - 2013-08-01 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-01-14 17:13 - 2013-08-01 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-01-14 17:13 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-01-14 17:13 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-01-14 17:13 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-01-14 17:13 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-01-14 17:13 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-01-14 17:13 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-01-14 17:13 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-01-14 17:13 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-01-14 17:13 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-01-14 17:13 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-01-14 17:13 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-01-14 17:13 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-01-14 17:13 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-01-14 17:13 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-01-14 17:13 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-01-14 17:13 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-01-14 17:13 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-01-14 17:13 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-01-14 17:13 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-01-14 17:13 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-01-14 17:13 - 2013-08-01 17:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-01-14 17:13 - 2013-08-01 17:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-01-14 17:13 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-01-14 17:13 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-01-14 17:13 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-01-14 17:13 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-01-14 17:13 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-01-14 17:13 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-01-14 17:13 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-01-14 17:13 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-01-14 17:13 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-01-14 17:13 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-01-14 17:13 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-01-14 17:13 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-01-14 17:13 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-01-14 17:13 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-01-14 17:13 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-01-14 17:13 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-01-14 17:13 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-01-14 17:13 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-01-14 17:13 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-01-14 17:13 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-01-14 17:13 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-01-14 17:13 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-01-14 17:13 - 2013-08-01 17:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-01-14 17:13 - 2013-08-01 16:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-01-14 17:13 - 2013-08-01 16:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-01-14 17:13 - 2013-08-01 16:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-01-14 17:13 - 2013-08-01 16:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-01-14 17:13 - 2013-07-25 18:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2015-01-14 17:13 - 2013-07-25 17:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2015-01-14 17:12 - 2014-09-03 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2015-01-14 17:12 - 2014-09-03 21:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2015-01-14 17:12 - 2014-06-15 18:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2015-01-14 17:12 - 2013-10-11 18:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2015-01-14 17:12 - 2013-10-11 18:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2015-01-14 17:12 - 2013-10-11 18:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2015-01-14 17:12 - 2013-10-11 18:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2015-01-14 17:12 - 2013-10-11 17:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2015-01-14 17:12 - 2013-10-11 17:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2015-01-14 17:12 - 2013-10-11 17:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2015-01-14 17:12 - 2013-10-11 17:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2015-01-14 17:12 - 2013-08-27 17:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2015-01-14 17:11 - 2014-12-11 21:35 - 05553592 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-01-14 17:11 - 2014-12-11 21:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-01-14 17:11 - 2014-12-11 21:31 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-01-14 17:11 - 2014-12-11 21:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-01-14 17:11 - 2014-12-11 21:11 - 03971512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-01-14 17:11 - 2014-12-11 21:11 - 03916728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-01-14 17:11 - 2014-12-11 21:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-01-14 17:11 - 2014-11-07 19:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-01-14 17:11 - 2014-11-07 18:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-01-14 17:11 - 2014-10-29 18:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2015-01-14 17:11 - 2014-10-29 17:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2015-01-14 17:11 - 2014-10-13 18:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-01-14 17:11 - 2014-10-13 17:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-01-14 17:11 - 2014-10-09 16:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-01-14 17:11 - 2014-10-02 18:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2015-01-14 17:11 - 2014-10-02 18:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-01-14 17:11 - 2014-10-02 18:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2015-01-14 17:11 - 2014-10-02 18:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2015-01-14 17:11 - 2014-10-02 18:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2015-01-14 17:11 - 2014-10-02 18:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-01-14 17:11 - 2014-10-02 18:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-01-14 17:11 - 2014-10-02 18:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-01-14 17:11 - 2014-10-02 18:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-01-14 17:11 - 2014-10-02 18:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2015-01-14 17:11 - 2014-10-02 17:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2015-01-14 17:11 - 2014-10-02 17:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2015-01-14 17:11 - 2014-10-02 17:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2015-01-14 17:11 - 2014-10-02 17:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2015-01-14 17:11 - 2014-10-02 17:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-01-14 17:11 - 2014-10-02 17:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-01-14 17:11 - 2014-10-02 17:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2015-01-14 17:11 - 2014-10-02 17:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-01-14 17:11 - 2014-07-13 18:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-01-14 17:11 - 2014-07-13 17:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-01-14 17:11 - 2014-06-03 02:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-01-14 17:11 - 2014-06-03 02:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-01-14 17:11 - 2014-06-03 02:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-01-14 17:11 - 2014-06-03 01:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-01-14 17:11 - 2014-06-03 01:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-01-14 17:11 - 2013-08-01 18:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-01-14 17:11 - 2013-08-01 18:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-01-14 17:11 - 2013-08-01 17:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-01-14 17:11 - 2013-08-01 16:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-01-14 17:11 - 2013-04-09 15:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-01-14 17:11 - 2013-04-02 14:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-01-14 17:05 - 2014-10-24 17:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2015-01-14 17:05 - 2014-10-24 17:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2015-01-14 17:05 - 2014-10-17 18:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-01-14 17:05 - 2014-10-17 17:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-01-14 16:46 - 2014-05-14 08:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-01-14 16:46 - 2014-05-14 08:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-01-14 16:46 - 2014-05-14 08:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-01-14 16:46 - 2014-05-14 08:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-01-14 16:45 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-01-14 16:45 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-01-14 16:45 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-01-14 16:45 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-01-14 16:45 - 2014-05-14 08:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-01-14 16:45 - 2014-05-14 08:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-01-14 16:45 - 2014-05-14 08:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-01-14 16:45 - 2014-05-14 08:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-01-14 16:45 - 2014-05-14 08:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-01-14 16:45 - 2014-05-14 08:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-01-14 16:22 - 2015-01-14 16:22 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ProductData
2015-01-13 23:58 - 2015-01-13 23:58 - 00002884 _____ () C:\Windows\System32\Tasks\Uninstaller_SkipUac_Will
2015-01-13 20:55 - 2015-01-13 23:16 - 00002902 _____ () C:\Windows\System32\Tasks\Uninstaller_SkipUac_Administrator
2015-01-13 20:55 - 2015-01-13 20:55 - 00001252 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Uninstall Programs.lnk
2015-01-13 20:55 - 2015-01-13 20:55 - 00001228 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2015-01-13 20:55 - 2015-01-13 20:55 - 00000000 ____D () C:\ProgramData\ProductData
2015-01-13 20:55 - 2015-01-13 20:55 - 00000000 ____D () C:\ProgramData\IObit
2015-01-13 20:55 - 2015-01-13 20:55 - 00000000 ____D () C:\Program Files (x86)\IObit
2015-01-13 20:54 - 2015-01-13 20:55 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\IObit
2015-01-13 14:47 - 2015-01-13 14:47 - 00000000 ____D () C:\MGADiagToolOutput
2015-01-13 14:44 - 2015-01-13 14:44 - 00000000 ____D () C:\ProgramData\Office Genuine Advantage
2015-01-13 14:31 - 2015-01-13 14:31 - 00002132 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
2015-01-13 14:31 - 2015-01-13 14:31 - 00002120 _____ () C:\Users\Public\Desktop\Belarc Advisor.lnk
2015-01-13 14:31 - 2015-01-13 14:31 - 00000000 ____D () C:\Program Files (x86)\Belarc
2015-01-13 14:30 - 2015-01-13 14:30 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\WinRAR
2015-01-12 00:45 - 2015-01-12 00:45 - 00003130 _____ () C:\Windows\System32\Tasks\{5C387D68-8594-459C-97ED-8497B3D9EFA6}
2015-01-12 00:18 - 2015-01-14 19:00 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-01-12 00:18 - 2015-01-14 19:00 - 00001413 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-01-12 00:18 - 2015-01-14 19:00 - 00000000 ___RD () C:\Users\Administrator\Podcasts
2015-01-12 00:18 - 2015-01-12 00:18 - 00069600 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2015-01-12 00:18 - 2015-01-12 00:18 - 00000004 _____ () C:\Windows\SysWOW64\¸&„w¿‰w
2015-01-12 00:18 - 2015-01-12 00:18 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ASUS
2015-01-12 00:18 - 2015-01-12 00:18 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Apple Computer
2015-01-12 00:18 - 2015-01-12 00:18 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2015-01-12 00:17 - 2015-01-12 00:18 - 00000000 ____D () C:\Users\Administrator
2015-01-12 00:17 - 2015-01-12 00:17 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2015-01-12 00:17 - 2012-12-09 08:54 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\TuneUp Software
2015-01-12 00:17 - 2012-03-11 19:29 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Macromedia
2015-01-12 00:17 - 2009-07-13 20:54 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-12 00:17 - 2009-07-13 20:49 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-15 12:54 - 2009-07-13 21:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-15 12:28 - 2013-04-09 16:33 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-15 09:49 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2015-01-15 08:02 - 2009-07-13 20:45 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-15 08:02 - 2009-07-13 20:45 - 00020704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-15 07:59 - 2010-12-30 18:23 - 01133336 _____ () C:\Windows\WindowsUpdate.log
2015-01-15 07:55 - 2013-05-28 14:14 - 00000352 _____ () C:\Windows\Tasks\AVG-Secure-Search-Update_MAY2013_TB_rel.job
2015-01-15 07:55 - 2013-04-09 16:33 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-15 07:55 - 2010-12-30 19:07 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-01-15 07:55 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-15 01:12 - 2010-12-30 18:15 - 00000000 ____D () C:\Windows\Panther
2015-01-14 21:39 - 2009-07-13 19:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-14 21:30 - 2009-07-13 20:45 - 00304928 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-14 21:29 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-01-14 21:00 - 2010-12-30 19:07 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-01-14 21:00 - 2010-12-30 19:07 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-01-14 21:00 - 2010-12-30 19:06 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-01-14 18:58 - 2012-05-12 13:12 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-01-14 18:58 - 2012-05-12 13:12 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-01-14 18:55 - 2009-07-13 23:46 - 00000000 ____D () C:\Program Files\Windows Journal
2015-01-14 18:55 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-01-14 18:55 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-01-14 18:54 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files\Windows Defender
2015-01-14 18:54 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-01-14 18:43 - 2009-07-13 18:34 - 00000499 _____ () C:\Windows\win.ini
2015-01-14 17:42 - 2012-05-12 13:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-01-14 16:23 - 2013-04-09 16:33 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-01-14 16:23 - 2013-04-09 16:33 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-01-14 10:47 - 2011-01-04 15:52 - 00000376 _____ () C:\Windows\ODBC.INI
2015-01-14 10:21 - 2010-12-30 18:21 - 00000000 ____D () C:\Users\Will
2015-01-13 23:39 - 2012-12-12 20:32 - 00000000 ____D () C:\Program Files (x86)\Pando Networks
2015-01-13 23:15 - 2012-12-07 11:43 - 00000975 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-01-13 23:03 - 2013-06-17 10:27 - 00000000 ____D () C:\Program Files (x86)\Desktop Notepad
2015-01-12 01:57 - 2009-07-13 21:08 - 00032550 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-12 01:55 - 2012-09-19 17:30 - 00000000 ____D () C:\Users\Patrick
2015-01-12 01:35 - 2013-06-16 10:41 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-01-12 01:06 - 2012-03-10 11:28 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-12 01:05 - 2011-11-15 17:24 - 00000000 ____D () C:\Program Files (x86)\TeamSpeak 3 Client
2015-01-12 01:02 - 2011-01-01 02:45 - 00000000 ____D () C:\ProgramData\Skype
2015-01-12 00:53 - 2013-04-09 16:33 - 00000000 ____D () C:\Program Files (x86)\Google
2015-01-12 00:51 - 2011-02-10 15:56 - 00000000 ____D () C:\Program Files (x86)\ffdshow
2015-01-12 00:49 - 2011-01-19 15:51 - 00000000 ____D () C:\Program Files (x86)\foobar2000
2015-01-12 00:49 - 2009-07-13 21:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-01-12 00:48 - 2011-03-17 15:31 - 00000000 ____D () C:\ProgramData\MFAData
2015-01-12 00:42 - 2011-02-22 00:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
2015-01-12 00:42 - 2011-02-22 00:26 - 00000000 ____D () C:\Program Files (x86)\Amazon
2015-01-08 09:55 - 2010-12-30 19:26 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-31 13:12 - 2011-01-01 11:16 - 113365784 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-14 11:09

==================== End Of Log ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-01-2015 01
Ran by Administrator at 2015-01-15 13:21:12
Running from C:\Users\Administrator\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AC3File 0.6b (HKLM-x32\...\AC3File_is1) (Version: 0.6b - Alexander Vigovsky)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.10 - Michael Tippach)
ASUS Xonar Essence STX Audio Driver (HKLM\...\C-Media Oxygen HD Audio Driver) (Version: - )
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
Belarc Advisor 8.4 (HKLM-x32\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 3.25 - Piriform)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.1.8 - DivX, LLC)
ffdshow [rev 2527] [2008-12-19] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.2.6.1 - IObit)
Java(TM) 6 Update 26 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216023FF}) (Version: 6.0.260 - Oracle)
Java(TM) 7 Update 4 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217004FF}) (Version: 7.0.40 - Oracle)
JavaFX 2.1.0 (HKLM-x32\...\{1111706F-666A-4037-7777-210328764D10}) (Version: 2.1.0 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft LifeCam (HKLM\...\{5CE7E3F5-9803-4F32-AA89-2D8848A80109}) (Version: 3.60.253.0 - Microsoft Corporation)
Microsoft Office Basic Edition 2003 (HKLM-x32\...\{91130409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Motorola Mobile Drivers Installation 5.2.0 (HKLM\...\{1CCF1727-A817-4FEE-A028-5466FB542934}) (Version: 5.2.0 - Motorola Inc.)
NVIDIA 3D Vision Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 340.52 - NVIDIA Corporation)
NVIDIA Graphics Driver 340.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 340.52 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.10.0514 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.10.0514 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OverDrive Media Console (HKLM-x32\...\{D4AFC7AD-F637-4EDD-BC76-767E4AF78CE1}) (Version: 3.2.5 - OverDrive, Inc.)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
TI Connect 1.6 (HKLM-x32\...\{A8B94669-8654-4126-BD28-D0D2412CDED6}) (Version: 1.6 - Texas Instruments Inc)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 1.10.1 - Tweaking.com)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Virtual DJ Pro Full - Atomix Productions (HKLM-x32\...\Virtual DJ Pro Full - Atomix Productions) (Version: - )
Visual Studio 2008 x64 Redistributables (HKLM-x32\...\{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}) (Version: 10.0.0.2 - AVG Technologies)
Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
VLC media player 1.1.11 (HKLM-x32\...\VLC media player) (Version: 1.1.11 - VideoLAN)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinZip 15.5 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240C3}) (Version: 15.5.9579 - WinZip Computing, S.L. )
WinZip Courier (HKLM-x32\...\{CD95F661-A5C4-11AF-B2CC-ABCD21A325B5}) (Version: 3.0.9557 - WinZip Computing, S.L. )
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================

14-01-2015 16:43:41 Windows Update
14-01-2015 16:45:12 Windows Update
14-01-2015 17:27:32 Windows Update
14-01-2015 19:17:03 Windows Update
14-01-2015 19:33:42 Windows Update
14-01-2015 20:49:03 Windows Update
14-01-2015 20:57:04 Windows Update
14-01-2015 22:09:56 Windows Update
14-01-2015 22:31:02 Windows Update
14-01-2015 22:51:44 Windows Update
14-01-2015 23:29:34 New to me Clean & Updated 1-14-2015 Ground Zero!
15-01-2015 00:19:46 avast! antivirus system restore point

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2015-01-15 08:25 - 00450771 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com (http://www.007guard.com)
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com (http://www.008k.com)
127.0.0.1 008k.com
127.0.0.1 www.00hq.com (http://www.00hq.com)
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com (http://www.032439.com)
127.0.0.1 032439.com
127.0.0.1 www.0scan.com (http://www.0scan.com)
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com (http://www.1000gratisproben.com)
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com (http://www.1001namen.com)
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com (http://www.100888290cs.com)
127.0.0.1 www.100sexlinks.com (http://www.100sexlinks.com)
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com (http://www.10sek.com)
127.0.0.1 www.1-2005-search.com (http://www.1-2005-search.com)
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info (http://www.123fporn.info)
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com (http://www.123haustiereundmehr.com)
127.0.0.1 123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0A3FEAAF-C671-4726-8EB5-5778B3BCF411} - System32\Tasks\{A0DAC595-9484-4046-94D1-69189F482630} => pcalua.exe -a D:\autorun.exe -d D:\
Task: {30D64C9B-9CE5-4CA4-8A97-F11D87972D39} - System32\Tasks\{C0B0687F-F4DC-4459-AD7F-FCE72B324DF2} => Chrome.exe
Task: {3166E7BC-EF27-455C-8D9E-C56B5E0BE43A} - System32\Tasks\Java Update Scheduler => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-01-17] (Sun Microsystems, Inc.)
Task: {385C5CED-0285-4F4B-BFD9-59DD5DF43127} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-01-15] (AVAST Software)
Task: {3EBAE6EA-A504-43E2-97E9-29B21FE490B2} - System32\Tasks\{0FC7645B-2B4A-47B6-8721-87548941036C} => pcalua.exe -a C:\PROGRA~2\TIEDUC~1\DRIVER~1\InstDrvr.exe -d C:\Windows\SysWOW64 -c /I "C:\Program Files (x86)\TI Education\Driver Files\SilvrLnk.inf" /D "C:\Program Files (x86)\TI Education\Driver Files"
Task: {4E777C76-BA41-4F8E-8492-7676F67CCCEF} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-01-13] (IObit)
Task: {51A694B0-FBB7-4D29-A33C-3936B77E9BE7} - System32\Tasks\{B53F04CD-6912-4A8F-BA20-1B7924396310} => pcalua.exe -a "C:\Program Files (x86)\Steam\steam.exe" -c steam://uninstall/204360
Task: {5341D1F2-DADC-4380-B845-5B3B027FF7C7} - System32\Tasks\{65BFEB4A-2DC1-4F98-B43B-FF0CE3D8F9F5} => Chrome.exe
Task: {56271004-2928-482C-A047-80FBDC786842} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-09] (Google Inc.)
Task: {57C0ED57-CA2E-453B-9672-2D87DE1BF412} - System32\Tasks\Divx online update program => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2011-07-28] ()
Task: {60FBA380-76F8-46DD-8959-79C773B3B3B7} - System32\Tasks\{70CB1AF3-91C5-4813-ACED-D9EAF1F1465A} => pcalua.exe -a C:\Users\Will\Downloads\ASIO4ALL_2_10_English.exe -d C:\Users\Will\Downloads
Task: {6B850E09-10DA-4B2E-8889-C1B62B545A1A} - System32\Tasks\Adobe online update program => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
Task: {835A8C44-4EE6-4356-B31E-81CE8726B07B} - System32\Tasks\{5C387D68-8594-459C-97ED-8497B3D9EFA6} => pcalua.exe -a "C:\Program Files (x86)\Steam\steam.exe" -c steam://uninstall/48190
Task: {8409AB1F-E738-42E3-B187-F04F335EB577} - System32\Tasks\Uninstaller_SkipUac_Will => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-01-13] (IObit)
Task: {937DBBE0-18DF-4B7C-9B54-71D0B1C0996A} - System32\Tasks\{29E528FF-267E-4813-8EA4-8D7BEE96E856} => pcalua.exe -a D:\Setup.exe -d D:\
Task: {A39CE98A-BEE5-4610-B445-D7C143F37876} - System32\Tasks\Google Updater and Installer => C:\Users\Will\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {B03DFAC2-3729-4183-BC0C-DBF8078BD80B} - System32\Tasks\{75F14662-A693-4BF8-804C-447C66C14210} => pcalua.exe -a C:\PROGRA~2\TIEDUC~1\DRIVER~1\InstDrvr.exe -d C:\Windows\SysWOW64 -c /Q
Task: {B11835D5-F2A1-4380-AD61-33504A7FE2BC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-09] (Google Inc.)
Task: {B4C7E69A-86D2-42E2-AC2D-1EC73A6026AA} - System32\Tasks\AVG-Secure-Search-Update_MAY2013_TB_rel => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_MAY2013_TB.exe [2013-05-28] (AVG Secure Search)
Task: {D610B32C-F443-4A89-AAAD-122C27B4E301} - System32\Tasks\ROC_REG_JAN_DELETE => C:\ProgramData\AVG January 2013 Campaign\ROC.exe [2013-01-16] ()
Task: {DE396B76-FD4A-451E-8C2F-561423AF7E5B} - System32\Tasks\{2FEECB39-62AA-4449-883A-D91FD2B80DD3} => C:\Program Files (x86)\Skype\\Phone\Skype.exe
Task: {E9E2E37E-7583-437A-8C67-9F3B17217F27} - System32\Tasks\{31D1C0C7-824F-4F67-AB42-3454314ADD88} => C:\Program Files (x86)\Microsoft Games\Fable - The Lost Chapters\Fable.exe
Task: {FF1F42D5-BD8B-48B6-8593-49A791630328} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2012-11-23] (Piriform Ltd)
Task: C:\Windows\Tasks\AVG-Secure-Search-Update_MAY2013_TB_rel.job => C:\Program Files (x86)\AVG SafeGuard toolbar\AVG-Secure-Search-Update_MAY2013_TB.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\ROC_REG_JAN_DELETE.job => C:\ProgramData\AVG January 2013 Campaign\ROC.exe

==================== Loaded Modules (whitelisted) =============

2012-11-18 00:57 - 2014-07-02 10:55 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2010-12-30 19:40 - 2008-07-11 15:04 - 00200704 ____N () C:\Windows\SysWOW64\HsMgr.exe
2010-12-30 19:40 - 2008-07-11 15:03 - 00282112 ____N () C:\Windows\system\HsMgr64.exe
2015-01-15 00:28 - 2015-01-15 00:28 - 02910720 _____ () C:\Program Files\AVAST Software\Avast\defs\15011500\algo.dll
2015-01-15 12:56 - 2015-01-15 12:56 - 02910720 _____ () C:\Program Files\AVAST Software\Avast\defs\15011502\algo.dll
2010-12-30 19:40 - 2009-05-11 18:01 - 00143360 ____N () C:\Program Files\ASUS Xonar Essence STX Audio\Customapp\VmixP8.dll
2015-01-15 00:20 - 2015-01-15 00:20 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-01-15 08:09 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-01-15 08:09 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-01-15 08:09 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-01-15 08:09 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-01-15 08:09 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-2826877253-2716156986-1703609734-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-2826877253-2716156986-1703609734-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2826877253-2716156986-1703609734-1002 - Limited - Enabled)
UpdatusUser (S-1-5-21-2826877253-2716156986-1703609734-1005 - Limited - Enabled) => C:\Users\UpdatusUser

==================== Faulty Device Manager Devices =============

Name: iPodDrv
Description: iPodDrv
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: iPodDrv
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Marvell 91xx Config ATA Device
Description: Marvell 91xx Config ATA Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/15/2015 00:19:46 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary qqqiwipf.

System Error:
The system cannot find the file specified.
.

Error: (01/14/2015 09:05:23 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070003

Error: (01/14/2015 08:52:46 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: Will-PC)
Description: HRESULT:0x8004FF0A
Description:Microsoft Security Essentials installation was canceled. You canceled the Security Essentials installation on your computer. Error code:0x8004FF0A.

Error: (01/14/2015 07:00:32 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "System.ServiceModel, Version=3.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil". The error returned was Error: The specified assembly is not installed.
.

Error: (01/14/2015 07:00:32 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "System.Runtime.Serialization, Version=3.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil". The error returned was Error: The specified assembly is not installed.
.

Error: (01/14/2015 07:00:32 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "System.Runtime.Remoting, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil". The error returned was Error: The specified assembly is not installed.
.

Error: (01/14/2015 07:00:32 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "System.Web.RegularExpressions, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies . The error returned was Error: The specified assembly is not installed.
.

Error: (01/14/2015 07:00:32 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "System.Web, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=amd64" /NoDependencies . The error returned was Error: The specified assembly is not installed.
.

Error: (01/14/2015 07:00:31 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "ReachFramework, Version=3.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil". The error returned was Error: The specified assembly is not installed.
.

Error: (01/14/2015 07:00:31 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "PresentationCore, Version=3.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=amd64". The error returned was Error: The specified assembly is not installed.
.


System errors:
=============
Error: (01/15/2015 07:57:31 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error:
%%1069

Error: (01/15/2015 07:57:31 AM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error:
%%1330

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (01/15/2015 07:55:24 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The iPodDrv service failed to start due to the following error:
%%2

Error: (01/15/2015 07:55:05 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 35) (User: NT AUTHORITY)
Description: Performance power management features on processor 1 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.

Error: (01/15/2015 07:55:05 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 35) (User: NT AUTHORITY)
Description: Performance power management features on processor 5 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.

Error: (01/15/2015 07:55:05 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 35) (User: NT AUTHORITY)
Description: Performance power management features on processor 7 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.

Error: (01/15/2015 07:55:05 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 35) (User: NT AUTHORITY)
Description: Performance power management features on processor 3 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.

Error: (01/15/2015 07:55:05 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 35) (User: NT AUTHORITY)
Description: Performance power management features on processor 4 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.

Error: (01/15/2015 07:55:05 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 35) (User: NT AUTHORITY)
Description: Performance power management features on processor 6 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.

Error: (01/15/2015 07:55:05 AM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 35) (User: NT AUTHORITY)
Description: Performance power management features on processor 2 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.


Microsoft Office Sessions:
=========================
Error: (01/15/2015 00:19:46 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary qqqiwipf.

System Error:
The system cannot find the file specified.

Error: (01/14/2015 09:05:23 PM) (Source: .NET Runtime Optimization Service) (EventID: 1101) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - 1>Failed to compile: mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089 . Error code = 0x80070003
mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089

Error: (01/14/2015 08:52:46 PM) (Source: Microsoft Security Client Setup) (EventID: 100) (User: Will-PC)
Description: HRESULT:0x8004FF0A
Description:Microsoft Security Essentials installation was canceled. You canceled the Security Essentials installation on your computer. Error code:0x8004FF0A.

Error: (01/14/2015 07:00:32 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "System.ServiceModel, Version=3.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil". The error returned was Error: The specified assembly is not installed.
.

Error: (01/14/2015 07:00:32 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "System.Runtime.Serialization, Version=3.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil". The error returned was Error: The specified assembly is not installed.
.

Error: (01/14/2015 07:00:32 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "System.Runtime.Remoting, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b77a5c561934e089, processorArchitecture=msil". The error returned was Error: The specified assembly is not installed.
.

Error: (01/14/2015 07:00:32 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "System.Web.RegularExpressions, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=msil" /NoDependencies . The error returned was Error: The specified assembly is not installed.
.

Error: (01/14/2015 07:00:32 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "System.Web, Version=2.0.0.0, Culture=Neutral, PublicKeyToken=b03f5f7f11d50a3a, processorArchitecture=amd64" /NoDependencies . The error returned was Error: The specified assembly is not installed.
.

Error: (01/14/2015 07:00:31 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "ReachFramework, Version=3.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=msil". The error returned was Error: The specified assembly is not installed.
.

Error: (01/14/2015 07:00:31 PM) (Source: .NET Runtime Optimization Service) (EventID: 1107) (User: )
Description: .NET Runtime Optimization Service (clr_optimization_v4.0.30319_64) - Failed to execute command from the offline queue: uninstall "PresentationCore, Version=3.0.0.0, Culture=Neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=amd64". The error returned was Error: The specified assembly is not installed.
.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7 CPU 950 @ 3.07GHz
Percentage of memory in use: 45%
Total physical RAM: 4087.18 MB
Available physical RAM: 2232.7 MB
Total Pagefile: 8172.54 MB
Available Pagefile: 6285.63 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:882.06 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 00910090)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================


aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
Run date: 2015-01-15 13:22:42
-----------------------------
13:22:42.908 OS Version: Windows x64 6.1.7601 Service Pack 1
13:22:42.908 Number of processors: 8 586 0x1A05
13:22:42.908 ComputerName: WILL-PC UserName:
13:22:43.908 Initialize success
13:22:43.918 VM: initialized successfully
13:22:43.919 VM: Intel CPU BiosDisabled
13:22:46.930 AVAST engine defs: 15011502
13:23:32.260 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
13:23:32.262 Disk 0 Vendor: WDC_WD1002FAEX-00Z3A0 05.01D05 Size: 953869MB BusType: 3
13:23:32.362 Disk 0 MBR read successfully
13:23:32.364 Disk 0 MBR scan
13:23:32.366 Disk 0 Windows 7 default MBR code
13:23:32.369 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
13:23:32.374 Disk 0 Boot: NTFS code=1
13:23:32.376 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 953767 MB offset 206848
13:23:32.392 Disk 0 scanning C:\Windows\system32\drivers
13:23:39.965 Service scanning
13:23:54.710 Modules scanning
13:23:54.718 Disk 0 trace - called modules:
13:23:54.734 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
13:23:54.738 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80053e4790]
13:23:54.740 3 CLASSPNP.SYS[fffff8800180143f] -> nt!IofCallDriver -> [0xfffffa8005116520]
13:23:54.750 5 ACPI.sys[fffff88000f707a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0xfffffa8005112680]
13:23:55.640 AVAST engine scan C:\Windows
13:23:58.258 AVAST engine scan C:\Windows\system32
13:26:09.750 AVAST engine scan C:\Windows\system32\drivers
13:26:23.771 AVAST engine scan C:\Users\Administrator
13:26:46.564 AVAST engine scan C:\ProgramData
13:27:44.814 Disk 0 statistics 3873659/0/0 @ 9.97 MB/s
13:27:44.819 Scan finished successfully
13:29:22.205 Disk 0 MBR has been saved successfully to "C:\Users\Administrator\Desktop\MBR.dat"
13:29:22.209 The log file has been saved successfully to "C:\Users\Administrator\Desktop\aswMBR.txt"

Juliet
2015-01-16, 13:32
Please go to add/remove programs and uninstall anything you see for
IObit

~~~~
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG




start
CloseProcesses:
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CHR HKLM-x32\...\Chrome\Extension: [fgobjbnkdcloecmfmbicmeiodgenihbh] - C:\Users\Will\AppData\LocalLow\Playbryte\Chrome.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: - C:\Program Files (x86)\WinZip Courier\wzwmcgc.crx [Not Found]
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2635552 2015-01-13] (IObit)
Toolbar: HKLM - No Name - !{95B7759C-8C7F-4BF1-B163-73684A933233} - No File
Toolbar: HKLM - No Name - !{98889811-442D-49dd-99D7-DC866BE87DBC} - No File
Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKLM-x32 - No Name - !{95B7759C-8C7F-4BF1-B163-73684A933233} - No File
Toolbar: HKLM-x32 - No Name - !{98889811-442D-49dd-99D7-DC866BE87DBC} - No File
EmptyTemp:
Hosts:
End


Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

~~~

http://i.imgur.com/BY4dvz9.png AdwCleaner

Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/) and save the file to your Desktop.
Right-Click AdwCleaner.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Follow the prompts.
Click Scan.
Upon completion, click Report. A log (AdwCleaner[R0].txt) will open. Briefly check the log for anything you [i]know to be legitimate.
Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
Follow the prompts and allow your computer to reboot.
After rebooting, a log (AdwCleaner[S0].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


http://imageshack.us/a/img841/7292/thisisujrt.gif
Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/) to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

please post
Fixlog.txt
C:\AdwCleaner.txt
JRT.txt

Goldenvoice
2015-01-17, 06:11
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-01-2015 01
Ran by Administrator at 2015-01-16 19:39:15 Run:1
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available profiles: UpdatusUser & Administrator)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-results.com/sr?src=ieb&appid=113&systemid=406&sr=0&q={searchTerms}
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CHR HKLM-x32\...\Chrome\Extension: [fgobjbnkdcloecmfmbicmeiodgenihbh] - C:\Users\Will\AppData\LocalLow\Playbryte\Chrome.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [ilckobikkmajlmhhdenkhonjkoaneclk] - C:\Program Files (x86)\WinZip Courier\wzwmcgc.crx [Not Found]
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2635552 2015-01-13] (IObit)
Toolbar: HKLM - No Name - !{95B7759C-8C7F-4BF1-B163-73684A933233} - No File
Toolbar: HKLM - No Name - !{98889811-442D-49dd-99D7-DC866BE87DBC} - No File
Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKLM-x32 - No Name - !{95B7759C-8C7F-4BF1-B163-73684A933233} - No File
Toolbar: HKLM-x32 - No Name - !{98889811-442D-49dd-99D7-DC866BE87DBC} - No File
EmptyTemp:
Hosts:
End
*****************

Processes closed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" => Key deleted successfully.
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => Key deleted successfully.
HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => Key deleted successfully.
HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => Key deleted successfully.
HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4" => Key deleted successfully.
HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => Key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => Key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => Key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => Key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => Key not found.
"HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fgobjbnkdcloecmfmbicmeiodgenihbh" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\ilckobikkmajlmhhdenkhonjkoaneclk" => Key deleted successfully.
LiveUpdateSvc => Service deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\!{95B7759C-8C7F-4BF1-B163-73684A933233} => value deleted successfully.
HKCR\CLSID\!{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\!{98889811-442D-49dd-99D7-DC866BE87DBC} => value deleted successfully.
HKCR\CLSID\!{98889811-442D-49dd-99D7-DC866BE87DBC} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => value deleted successfully.
HKCR\Wow6432Node\CLSID\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\!{95B7759C-8C7F-4BF1-B163-73684A933233} => value deleted successfully.
HKCR\Wow6432Node\CLSID\!{95B7759C-8C7F-4BF1-B163-73684A933233} => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\!{98889811-442D-49dd-99D7-DC866BE87DBC} => value deleted successfully.
HKCR\Wow6432Node\CLSID\!{98889811-442D-49dd-99D7-DC866BE87DBC} => Key not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 92 MB temporary data.


The system needed a reboot.

==== End of Fixlog 19:39:36 ====

# AdwCleaner v4.107 - Report created 16/01/2015 at 19:52:28
# Updated 07/01/2015 by Xplode
# Database : 2015-01-13.2 [Live]
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Administrator - SUCCESSBOX
# Running from : C:\Users\Administrator\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\AVG Security Toolbar
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\Program Files (x86)\AVG SafeGuard toolbar
Folder Deleted : C:\Program Files (x86)\Playbryte

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\AVG Secure Search
Key Deleted : HKLM\SOFTWARE\Babylon

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17496


*************************

AdwCleaner[R0].txt - [1950 octets] - [16/01/2015 19:47:35]
AdwCleaner[S0].txt - [1895 octets] - [16/01/2015 19:52:28]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1955 octets] ##########


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows 7 Ultimate x64
Ran by Administrator on Fri 01/16/2015 at 19:59:48.36
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 01/16/2015 at 20:02:05.43
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Juliet
2015-01-17, 14:54
Please run a Threat Scan with Malwarebytes' Anti-Malware

Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link
Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button.
Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.

~~~~~~~~~~~~~

What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
Most reliable and thorough.
The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
This scanner can take quite a bit of time to run, depending of course how full your computer is.


Go here (http://www.eset.com/us/online-scanner/) to run an online scannner from ESET. Windows Vista/Windows 7/Windows 8 users will need to right click on their Internet Explorer shortcut, and select Run as Administrator

Note:
For browsers other than Internet Explorer, you will be prompted to download and install esetsmartinstaller_enu.exe. Click on the link and save the file to a convenient location. Double click on it to install and a new window will open. Follow the prompts.
Turn off the real time scanner of any existing antivirus program while performing the online scan. Here's how (http://www.techsupportforum.com/forums/f50/how-to-disable-your-security-applications-490111.html).
Click the blue Run ESET Online Scanner button
Tick the box next to YES, I accept the Terms of Use.
Click Start
When asked, allow the program to install the "OnlineScanner.cab" activex control by clicking the Install button
Once the activex control is installed, on the next screen click on Enable detection of potentially unwanted applications
Click on Advanced Settings
Make sure that the option Remove found threats is unticked.
Ensure these options are ticked

Scan archives
Scan for potentially unsafe applications
Enable Anti-Stealth technology


Click Start
Wait for the scan to finish
When the scan is done, if it shows a screen that says "Threats found!", then click "List of found threats", and then click "Export to text file..."
Save that text file on your desktop. Copy and paste the contents of that log as a reply to this topic.
Close the ESET online scan.


*************************************

Please tell me how the computer is now.

Goldenvoice
2015-01-17, 20:41
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/17/2015
Scan Time: 8:26:31 AM
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.17.04
Rootkit Database: v2015.01.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Administrator

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 431050
Time Elapsed: 8 min, 1 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

C:\ProgramData\InstallMate\{5C0D0344-13BC-4E29-ACC2-5B9E87EE21B2}\_Setupx.dll a variant of Win32/InstalleRex.U potentially unwanted application
C:\Users\All Users\InstallMate\{5C0D0344-13BC-4E29-ACC2-5B9E87EE21B2}\_Setupx.dll a variant of Win32/InstalleRex.U potentially unwanted application
C:\Windows\Installer\11f9332.msi a variant of Win32/Systweak.L potentially unwanted application

Goldenvoice
2015-01-17, 20:53
Please tell me how the computer is now.

Computer has not displayed anything abnormal. Keep in mind I've only had it a week, and have only deleted previous user's files (that I could find), uninstalled programs, etc, so I have not really 'used' it - yet. Started running scans originally, as I'd like it clean before I start loading in my files, drivers, etc. In the past I have always started with a used machine by formatting and reinstalling the OS. 'tis a new thing to me to clean one out 'long hand', and very interesting to see what paces you have me putting it through :) Thank you for this.

Juliet
2015-01-17, 23:44
As far as I can see without something throwing out some type of warnings or errors, this should take care of it.


Open notepad. Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)



start
CloseProcesses:
C:\ProgramData\InstallMate\{5C0D0344-13BC-4E29-ACC2-5B9E87EE21B2}\_Setupx.dll
C:\Users\All Users\InstallMate\{5C0D0344-13BC-4E29-ACC2-5B9E87EE21B2}\_Setupx.dll
C:\Windows\Installer\11f9332.msi
EmptyTemp:
End


Open FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

Goldenvoice
2015-01-18, 01:59
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 17-01-2015 01
Ran by Administrator at 2015-01-17 15:42:49 Run:2
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available profiles: UpdatusUser & Administrator)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
CloseProcesses:
C:\ProgramData\InstallMate\{5C0D0344-13BC-4E29-ACC2-5B9E87EE21B2}\_Setupx.dll
C:\Users\All Users\InstallMate\{5C0D0344-13BC-4E29-ACC2-5B9E87EE21B2}\_Setupx.dll
C:\Windows\Installer\11f9332.msi
EmptyTemp:
End
*****************

Processes closed successfully.
C:\ProgramData\InstallMate\{5C0D0344-13BC-4E29-ACC2-5B9E87EE21B2}\_Setupx.dll => Moved successfully.
"C:\Users\All Users\InstallMate\{5C0D0344-13BC-4E29-ACC2-5B9E87EE21B2}\_Setupx.dll" => File/Directory not found.
C:\Windows\Installer\11f9332.msi => Moved successfully.
EmptyTemp: => Removed 2 MB temporary data.


The system needed a reboot.

==== End of Fixlog 15:42:55 ====

*** I was just scanning back through the original FRST.txt and noted it listed files within the last month. Got me thinking; this computer has sat idle for (?) a couple years.
Purchased from college student in his 3rd year - this was his High School gaming rig. He didn't even have a monitor to show me it worked, so -
my thinking is whatever Spybot throws as high-risk has been in the computer for a couple years. Not sure if that helps us at all, but for what it's worth. :)

Goldenvoice
2015-01-18, 02:04
Should I restart, then run a Spybot scan again and see what she lists?

Goldenvoice
2015-01-18, 09:20
OK, I didn't see how it could hurt, so I ran a Spybot SCAN only - things look the same (keep in mind I have NOT let Spybot 'clean' anything)
I right-clicked on the high-risk, went to file location, and independantly scanned the user.js file with Avast (says it's clean) and Spybot (says it's clean)...
Is this perhaps some sort of false positive?

11970

Juliet
2015-01-18, 14:49
Thats an old Java script, which will be fine once we remove all the older versions and update to the most recent.

Go to add/remove programs list
Remove all Java applications found

Go https://java.com/en/download/
download and install.

I think we're ready to remove tools and quarantine folders?

Goldenvoice
2015-01-18, 19:17
Java cleaned and updated with fresh install.
I'm ready - what's next?
And at what point do I let spybot clean? (or I guess you'll let me know :))

Juliet
2015-01-18, 19:42
You can allow SpyBot to clean what it finds now if you like. Don't think it will interfere with anything.

No more malware problems,

http://i.imgur.com/AFZxnZc.jpg DelFix

Please download DelFix (http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/9-delfix) and save the file to your Desktop.
Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:

Activate UAC
Remove disinfection tools


Click the Run button.

-- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).

~~~~~~~~~~~~~~


Answers to common security questions - Best Practices (http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/) by quietman7, MVP
How Malware Spreads - How did I get infected? (http://www.bleepingcomputer.com/forums/t/287710/how-malware-spreads-how-did-i-get-infected/) by quietman7, MVP
Simple and easy ways to keep your computer safe and secure on the Internet (http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/) by Lawrence Abrams, MVP
How to Prevent Malware (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html) by miekiemoes, MVP
How to backup and restore your data using Cobian Backup (http://www.bleepingcomputer.com/tutorials/backup-and-restore-data-with-cobian-backup/) by YourHighness
Slow Computer/browser? It May Not Be Malware (http://www.bleepingcomputer.com/forums/t/87058/slow-computerbrowser-check-here-first;-it-may-not-be-malware/) by quietman7, MVP


The following programmes come highly recommended in the security community.

http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xKsUqI5A.png.pagespeed.ic.vn1Hlvqi8h.jpgAdBlock (https://adblockplus.org/en/firefox) is a browser add-on that blocks annoying banners, pop-ups and video ads.
http://i.imgur.com/E8I37RF.pngCryptoPrevent (https://www.foolishit.com/) places policy restrictions on loading points for ransomware (eg.CryptoPrevent), preventing your files from being encrypted.
http://i.imgur.com/EG85Vjt.png Malwarebytes Anti-Exploit (https://www.malwarebytes.org/antiexploit/) (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/x6YRrgUC.png.pagespeed.ic.HjgFxjvw2Z.jpgMalwarebytes Anti-Malware Premium (https://www.malwarebytes.org/) (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xjv4nhMJ.png.pagespeed.ic.A5YbWn1eDO.png NoScript (http://noscript.net/) is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
http://i.imgur.com/3O8r9Uq.png (http://www.sandboxie.com/) Sandboxie (http://www.sandboxie.com/) isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
http://1-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/DgW1XL2.png.pagespeed.ce.v1OlJl_ZAS.png Secuina PSI (http://secunia.com/vulnerability_scanning/personal/) will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xj1OLIec.png.pagespeed.ic.k6hhwopU0q.jpg SpywareBlaster (https://www.brightfort.com/spywareblaster.html) is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xJEP5iWI.png.pagespeed.ic.4tmM1lM7DQ.pngWeb of Trust (https://www.mywot.com/) (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.

Goldenvoice
2015-01-18, 21:25
I've made a donation to the community.

Now is probably a good time to burn a rescue disk, yes?

Is there a link to the recommended programs you listed I'll be able to keep, to stay up to date on what's recommended?

Are all things from iObit NOT recommended?
(I've been using their un-installer, as well as Advanced System Care)

Also, opinion on Wise Care 365 ?

Thank you so much for your time and expertise; Happy Sunday :)

Juliet
2015-01-19, 00:42
I've made a donation to the community.

Now is probably a good time to burn a rescue disk, yes?

Is there a link to the recommended programs you listed I'll be able to keep, to stay up to date on what's recommended?

Are all things from i Obit NOT recommended?
(I've been using their un-installer, as well as Advanced System Care)

Also, opinion on Wise Care 365 ?

Thank you so much for your time and expertise; Happy Sunday :)

Thank you for the donation.

If you have a program in question let me know and I'll supply the added info on how to download, use, and update.

Please see post #6 (by AdvancedSetup) here https://forums.malwarebytes.org/index.php?/topic/162748-possible-malware-remnants-on-my-computer/?hl=%2Bremove+%2Biobit#entry924122

I can't recommend much for Wise Care 365, not saying it's not a good program I'm just not familiar with it but, I do not nor do the malware removal community suggest registry cleaning tools.

Goldenvoice
2015-01-20, 09:50
OK, I have issues (did I just say that?). IE11 keeps encountering problems and reopening the windows.

Problem signature:
Problem Event Name: BEX
Application Name: IEXPLORE.EXE
Application Version: 11.0.9600.17496
Application Timestamp: 546fddcc
Fault Module Name: StackHash_3484
Fault Module Version: 0.0.0.0
Fault Module Timestamp: 00000000
Exception Offset: 4f466850
Exception Code: c0000005
Exception Data: 00000008
OS Version: 6.1.7601.2.1.0.256.1
Locale ID: 1033
Additional Information 1: 3484
Additional Information 2: 3484bcb1378739ae0efc4fec3b6d0761
Additional Information 3: f401
Additional Information 4: f401f4a533f797b1014cf39d09b2f03e

Read our privacy statement online:
http://go.microsoft.com/fwlink/?linkid=104288&clcid=0x0409

If the online privacy statement is not available, please read our privacy statement offline:
C:\Windows\system32\en-US\erofflps.txt

I also get another warning about (was it addons?)

This has caused me to dig a little further - task manager list iexplorer with a 32 after it - strange, never seen that before, but...

Opened file location, and viewed properties, and found an unknown user. My other computer doesn't list that, and it looks rather suspicious to me...

I then tried downloading Firefox, and IE11 wouldn't let me do it - it just hung.
I was able to download and install chrome, and from there download and install Firefox - a brief journey into those browsers - seem fine.

Ideas?
Please look at the screen shot and let me know what you think.
Thanks again, Joe

11974

Goldenvoice
2015-01-20, 10:32
Account Unknown S-1-15-2-1
http://answers.microsoft.com/en-us/ie/forum/ie9-windows_7/account-unknown-s-1-15-2-1/74b45b08-5691-4388-b437-c6b9e70792d7


http://msdn.microsoft.com/en-us/library/cc980032.aspx

ALL_APP_PACKAGES
S-1-15-2-1
All applications running in an app package context.

Not sure if this is something with which you are familiar - or if I'm outside the realm of help you're willing to offer.
Or if any of this is abnormal, or has anything to do with the strange behavior of IE11.
;)

Goldenvoice
2015-01-20, 10:42
Oh, and I'm circle talking: just checked my wifes laptop running Windows 7, and it has the exact same user listed.

I did find the scannner from ESET still installed, and listed in the processes running, so uninstalled that and deleted the file.
*so far, so good. I'll keep doing a little basic browsing this evening with IE11 and see what happens.

Juliet
2015-01-20, 13:23
so far, so good. I'll keep doing a little basic browsing this evening with IE11 and see what happens
I think your learning good researching skills.

grrrrr IE!

Open the Internet Explorer Performance troubleshooter
If your computer is having problems browsing the web with Internet Explorer, try using the Internet Explorer Performance troubleshooter to fix the problem. It checks for common issues, such as whether you have enough space on your computer's hard disk to store temporary Internet files.
http://windows.microsoft.com/en-US/windows7/Open-the-Internet-Explorer-Performance-troubleshooter

Troubleshooting Internet Explorer Issues
http://www.sevenforums.com/tutorials/89919-troubleshooting-internet-explorer-issues.html

Goldenvoice
2015-01-20, 22:29
OK, I think I'm in the clear. Turns out it was Avast Online Security - research indicates I am far from being the only one experiencing problems with it in conjunction with IE.

I modified the install of Avast to remove it; now things seem to be doing very well.
My understanding is it served only to give quick advice on the safety of web addresses in search engines, but did not offer any "real" protection;
I am therefore still protected by Avast in the traditional "Antivirus" sort of way.
Also uninstalled Avast Gadget, Grimefighter, etc, that are not needed.
:)

Juliet
2015-01-20, 22:54
OK, I think I'm in the clear. Turns out it was Avast Online Security - research indicates I am far from being the only one experiencing problems with it in conjunction with IE.

I modified the install of Avast to remove it; now things seem to be doing very well.
My understanding is it served only to give quick advice on the safety of web addresses in search engines, but did not offer any "real" protection;
I am therefore still protected by Avast in the traditional "Antivirus" sort of way.
Also uninstalled Avast Gadget, Grimefighter, etc, that are not needed.
:)

We need you in our research community!
Well, things these days just aren't as simple as a few years back. I understand internet security in these software tools but, goes to show you they go to far.
Another way to call it is resources hog.

http://3-ps.googleusercontent.com/x/forums.whatthetech.com/i.imgur.com/xJEP5iWI.png.pagespeed.ic.4tmM1lM7DQ.pngWeb of Trust (https://www.mywot.com/) (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.
The above in my mind does the same thing and works with all antivirus applications out there that I know of.

OK, people gonna talk about us if we don't get this topic resolved.....LOL

Goldenvoice
2015-01-21, 12:18
Well, if I were any closer, I might have to bug you for a taste of that Southern Home Cookin' ;)

In the mean time, I'll just keep doin' my best to keep jumpin' the hurdles they keep throwin' our way!

Thanks again, Over and out,

Joe

Juliet
2015-01-21, 12:38
Southern Home Cookin known world wide!

Don't forget to run Delfix and please do read over my preventive tips.

Juliet
2015-01-24, 15:50
Glad we could help. :)http://i204.photobucket.com/albums/bb106/Juliet702/sparkle.gif

Since this issue appears resolved ... this Topic is closed.