Page 2 of 2 FirstFirst 12
Results 11 to 18 of 18

Thread: Logs are too long to post

  1. #11
    Junior Member frankhero's Avatar
    Join Date
    Jul 2014
    Posts
    18

    Default to answer your question

    you never said what your experiencing to make you think your infected,

    and you never said what your experiencing to make you think your infected,
    Ken,
    the reason i'm worried is because of the event logs i've been seening.



    RE: THE FOLLOWING DNS event log -

    I changed my computer name to remove the .LAN suffix.
    haven't tested the results yet

    Warning 7/27/2014 2:36:10 AM DNS Client Events 8016 (1028)
    Log Name: System
    Source: Microsoft-Windows-DNS-Client
    Date: 7/27/2014 2:36:10 AM
    Event ID: 8016
    Task Category: (1028)
    Level: Warning
    Keywords:
    User: NETWORK SERVICE
    Computer: e.LAN
    Description:
    The system failed to register host (A or AAAA) resource records (RRs) for network adapter
    with settings:

    Adapter Name : {4684F351-2781-4D68-9DE2-AF7E992AA295}
    Host Name : e
    Primary Domain Suffix : LAN
    DNS server list :
    64.59.184.13, 64.59.190.242
    Sent update to server : <?>
    IP Address(es) :
    192.168.0.11

    The reason the system could not register these RRs was because the DNS server failed the update request. The most likely cause of this is that the authoritative DNS server required to process this update request has a lock in place on the zone, probably because a zone transfer is in progress.

    You can manually retry DNS registration of the network adapter and its settings by typing 'ipconfig /registerdns' at the command prompt. If problems still persist, contact your DNS server or network systems administrator.
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
    <Provider Name="Microsoft-Windows-DNS-Client" Guid="{1C95126E-7EEA-49A9-A3FE-A378B03DDB4D}" />
    <EventID>8016</EventID>
    <Version>0</Version>
    <Level>3</Level>
    <Task>1028</Task>
    <Opcode>0</Opcode>
    <Keywords>0x4000000000000000</Keywords>
    <TimeCreated SystemTime="2014-07-27T08:36:10.010047400Z" />
    <EventRecordID>65863</EventRecordID>
    <Correlation />
    <Execution ProcessID="1368" ThreadID="2100" />
    <Channel>System</Channel>
    <Computer>e.LAN</Computer>
    <Security UserID="S-1-5-20" />
    </System>
    <EventData>
    <Data Name="AdapterName">{4684F351-2781-4D68-9DE2-AF7E992AA295}</Data>
    <Data Name="HostName">e</Data>
    <Data Name="AdapterSuffixName">LAN</Data>
    <Data Name="DnsServerList"> 64.59.184.13, 64.59.190.242</Data>
    <Data Name="Sent UpdateServer">&lt;?&gt;</Data>
    <Data Name="Ipaddress">192.168.0.11</Data>
    <Data Name="ErrorCode">9002</Data>
    </EventData>
    </Event>...

    AND

    Log Name: Microsoft-Windows-Windows Firewall With Advanced Security/Firewall
    Source: Microsoft-Windows-Windows Firewall With Advanced Security
    Date: 7/27/2014 2:42:24 AM
    Event ID: 2010
    Task Category: None
    Level: Information
    Keywords:
    User: LOCAL SERVICE
    Computer: e.LAN
    Description:
    Network profile changed on an interface.

    Adapter GUID: {4684F351-2781-4D68-9DE2-AF7E992AA295}
    Adapter Name: wireless_0
    Old Profile: Public
    New Profile: Private
    Event Xml:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
    <System>
    <Provider Name="Microsoft-Windows-Windows Firewall With Advanced Security" Guid="{D1BC9AFF-2ABF-4D71-9146-ECB2A986EB85}" />
    <EventID>2010</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8000000000000000</Keywords>
    <TimeCreated SystemTime="2014-07-27T08:42:24.347162500Z" />
    <EventRecordID>46444</EventRecordID>
    <Correlation />
    <Execution ProcessID="1564" ThreadID="6644" />
    <Channel>Microsoft-Windows-Windows Firewall With Advanced Security/Firewall</Channel>
    <Computer>e.LAN</Computer>
    <Security UserID="S-1-5-19" />
    </System>
    <EventData>
    <Data Name="InterfaceGuid">{4684F351-2781-4D68-9DE2-AF7E992AA295}</Data>
    <Data Name="InterfaceName">wireless_0</Data>

    <Data Name="OldProfile">4</Data>
    <Data Name="NewProfile">2</Data>
    </EventData>
    </Event>

    AND re: ABOVE EVENT ID IS 2010; also included are 2002,2011,2005,2004. all one after another.

    AND

    USING NETSTAT I'VE NOTICED A PERSISTENT ROUTE WHOSE NETWORK AND GATEWAY I DON'T RECOGNIZE

    ===========================================================================

    IPv4 Route Table
    ===========================================================================
    Active Routes:
    Network Destination Netmask Gateway Interface Metric
    0.0.0.0 0.0.0.0 192.168.0.1 192.168.0.11 25
    127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
    127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
    127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
    169.254.0.0 255.255.0.0 192.168.0.12 192.168.0.11 26
    192.168.0.0 255.255.255.0 On-link 192.168.0.11 281
    192.168.0.11 255.255.255.255 On-link 192.168.0.11 281
    192.168.0.255 255.255.255.255 On-link 192.168.0.11 281
    224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
    224.0.0.0 240.0.0.0 On-link 192.168.0.11 281
    255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
    255.255.255.255 255.255.255.255 On-link 192.168.0.11 281
    ===========================================================================
    Persistent Routes:
    Network Address Netmask Gateway Address Metric
    169.254.0.0 255.255.0.0 192.168.0.12 1
    ===========================================================================

  2. #12
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Morning Frank,

    Go ahead and run Malwarebytes and remove that junk and post the log


    Then, run FRST again but this time do not check

    List BCD
    Drivers MD5
    Shortcut txt

    As far as the network, once your clean and all looks ok, then if your still having issues with it I will link you to a good site that deals with Networking
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  3. #13
    Junior Member frankhero's Avatar
    Join Date
    Jul 2014
    Posts
    18

    Default Thought i posted this already

    ken,
    here are the logs you requested.

    Thanks,
    frank
    Attached Files Attached Files

  4. #14
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Open notepad (Start =>All Programs => Accessories => Notepad).
    Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
    Save it to the same directory as frst.exe (or frst64.exe) as fixlist.txt. (it has to be right next to FRST/64)

    Start
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
    FF NetworkProxy: "http", "localhost"
    FF NetworkProxy: "http_port", 8080
    FF NetworkProxy: "type", 1
    2014-07-19 11:14 - 2014-07-19 11:14 - 00019203 _____ () C:\Users\e\Downloads\[kickass.to]offensive.security.wireless.attacks.wifu.v2.0.torrent
    2014-07-24 05:19 - 2013-09-19 07:02 - 00000000 ____D () C:\Users\e\AppData\Roaming\BitTorrent
    2014-07-19 11:14 - 2014-07-19 11:14 - 00019203 _____ () C:\Users\e\Downloads\[kickass.to]offensive.security.wireless.attacks.wifu.v2.0.torrent
    Hosts:
    End
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Then open FRST64 and click on fix
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


    Then let me know how your system is behaving now
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  5. #15
    Junior Member frankhero's Avatar
    Join Date
    Jul 2014
    Posts
    18

    Default fix .txt log

    ken,
    thanks for your patience... so it was my understanding that i wasn't supposed to scan again right? just hit fix. that\s what i did anyway.

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-07-2014 01
    Ran by e (ATTENTION: The logged in user is not administrator) on e on 28-07-2014 11:46:30
    Running from C:\Users\e\Desktop\Antiattacker
    Platform: Windows 8.1 (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal

    The only official download link for FRST:
    Download link for 32-Bit version: http://www.bleepingcomputer.com/down...an-tool/dl/81/
    Download link for 64-Bit Version: http://www.bleepingcomputer.com/down...an-tool/dl/82/
    Download link from any site other than Bleeping Computer is unpermitted or outdated.
    See tutorial for FRST: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    (Intel Corporation) C:\Windows\System32\igfxEM.exe
    (Intel Corporation) C:\Windows\System32\igfxHK.exe
    (Intel Corporation) C:\Windows\System32\igfxTray.exe
    (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
    () C:\Windows\System32\spool\drivers\x64\3\WrtMon.exe
    () C:\Windows\System32\spool\drivers\x64\3\WrtProc.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (CANON INC.) C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE
    (Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
    (Akamai Technologies, Inc.) C:\Users\e\AppData\Local\Akamai\netsession_win.exe
    (Apache Software Foundation) C:\Webserver\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    (Akamai Technologies, Inc.) C:\Users\e\AppData\Local\Akamai\netsession_win.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
    (Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
    (Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
    (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20498_x64__8wekyb3d8bbwe\livecomm.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\WWAHost.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\System32\WWAHost.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Microsoft Corporation) C:\Windows\System32\prevhost.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2013-07-12] (IDT, Inc.)
    HKLM\...\Run: [WrtMon.exe] => C:\WINDOWS\system32\spool\drivers\x64\3\WrtMon.exe [20480 2006-09-20] ()
    HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll",TrayApp
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3053808 2013-07-26] (Synaptics Incorporated)
    HKLM\...\Run: [MFNetworkScanUtility] => C:\Program Files\Canon\Canon MF Network Scan Utility\CNMFSUT6.EXE [486552 2012-09-27] (CANON INC.)
    HKLM\...\Run: [IntelPROSet] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [4876528 2014-01-17] (Intel(R) Corporation)
    HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-07] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-05-07] (Oracle Corporation)
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-04-23] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-07-08] (Apple Inc.)
    HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-07-23] (Hewlett-Packard)
    Winlogon\Notify\igfxcui: igfxdev.dll [X]
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKU\S-1-5-21-3935980490-2378437961-526367122-1001\...\Run: [Akamai NetSession Interface] => C:\Users\e\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
    HKU\S-1-5-21-3935980490-2378437961-526367122-1001\...\Policies\Explorer: []
    HKU\S-1-5-21-3935980490-2378437961-526367122-1001\...\MountPoints2: {073f0977-515c-11e2-be71-806e6f6e6963} - "E:\MInst.exe"
    HKU\S-1-5-21-3935980490-2378437961-526367122-1001\...\MountPoints2: {11e356cc-9e49-11e3-bed4-84a6c8863282} - "F:\LaunchU3.exe" -a
    HKU\S-1-5-21-3935980490-2378437961-526367122-1001\...\MountPoints2: {e968cacc-821f-11e3-bec4-84a6c8863282} - "F:\AutoLaunch.exe"
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\aiStarter.lnk
    ShortcutTarget: aiStarter.lnk -> C:\Program Files (x86)\AppInventor\aiStarter.exe ()
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Apache Servers.lnk
    ShortcutTarget: Monitor Apache Servers.lnk -> C:\Webserver\Apache Software Foundation\Apache2.2\bin\ApacheMonitor.exe (Apache Software Foundation)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk.disabled
    ShortcutTarget: QuickBooks Update Agent.lnk.disabled -> C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe (Intuit Canada ULC.)
    Startup: C:\Users\e\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk.disabled
    ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk.disabled -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
    SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\system32\CbFsMntNtf3.dll (EldoS Corporation)
    SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\WINDOWS\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
    ShellIconOverlayIdentifiers: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    ShellIconOverlayIdentifiers: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    ShellIconOverlayIdentifiers: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    ShellIconOverlayIdentifiers: AutoCAD Digital Signatures Icon Overlay Handler -> {36A21736-36C2-4C11-8ACB-D4136F2B57BD} => C:\WINDOWS\system32\AcSignIcon.dll (Autodesk, Inc.)
    ShellIconOverlayIdentifiers: EldosIconOverlay -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\WINDOWS\system32\CbFsMntNtf3.dll (EldoS Corporation)
    ShellIconOverlayIdentifiers-x32: EldosIconOverlay -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\WINDOWS\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
    BootExecute: autocheck autochk * sdnclean64.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://g.msn.com/HPCON13/4
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.ca.msn.com/
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9FA99D4DF817CF01
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-CA
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON13/4
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON13/4
    SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
    SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJS
    SearchScopes: HKLM - {4DABDDBA-3607-487A-BF21-92E49C647822} URL = http://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/706-156705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    SearchScopes: HKLM-x32 - DefaultScope value is missing.
    SearchScopes: HKLM-x32 - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.com/rover/1/706-156705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    SearchScopes: HKCU - URL http://search.conduit.com/Results.aspx?ctid=CT3320218&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=4&UP=SP19AC0FCF-EB89-40DE-9886-B7E591B04D49&q={searchTerms}&SSPV=
    SearchScopes: HKCU - SuggestionsURL_JSON http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}
    SearchScopes: HKCU - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL =
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
    BHO-x32: Microsoft Web Test Recorder 12.0 Helper -> {432dd630-7e03-4c97-9d62-b99f52df4fc2} -> C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
    Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - No File
    Handler-x32: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2011\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
    Tcpip\Parameters: [DhcpNameServer] 64.59.184.13 64.59.190.242

    FireFox:
    ========
    FF ProfilePath: C:\Users\e\AppData\Roaming\Mozilla\Firefox\Profiles\na5z5xw6.default
    FF NetworkProxy: "http", "localhost"
    FF NetworkProxy: "http_port", 8080
    FF NetworkProxy: "type", 1
    FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF64_14_0_0_145.dll ()
    FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF Plugin: @java.com/DTPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @lastpass.com/NPLastPass - C:\Program Files (x86)\LastPass\nplastpass64.dll (LastPass)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin: adobe.com/AdobeAAMDetect - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
    FF Plugin-x32: @adobe.com/FlashPlayer - C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\WINDOWS\system32\Adobe\Director\np32dsw_1210150.dll No File
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 - C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
    FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 - C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll (DivX, LLC)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @lastpass.com/NPLastPass - C:\Program Files (x86)\LastPass\nplastpass.dll (LastPass)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
    FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\e\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)
    FF Plugin HKCU: hp.com/HPDetect - C:\Users\e\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll (HP)
    FF Plugin HKCU: LWAPlugin15.8 - C:\Users\e\AppData\Roaming\Mozilla\Plugins\npLWAPlugin15.8.dll (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Users\e\AppData\Roaming\mozilla\plugins\npLWAPlugin15.8.dll (Microsoft Corporation)
    FF HKLM-x32\...\Firefox\Extensions: [{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}] - C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.8.0.14\coFFFw

    Chrome:
    =======
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-31]
    CHR Extension: (Google Wallet) - C:\Users\e\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AdAppMgrSvc; C:\Program Files (x86)\Common Files\Autodesk Shared\AppManager\R1\AdAppMgrSvc.exe [581000 2014-04-01] (Autodesk Inc.)
    R2 Autodesk Content Service; C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [31192 2014-02-07] (Autodesk, Inc.)
    R2 BrcmSetSecurity; C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe [283296 2013-07-26] (Intel Corporation)
    S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [405208 2014-07-03] (BlueStack Systems, Inc.)
    R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384728 2014-07-03] (BlueStack Systems, Inc.)
    R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [773848 2014-07-03] (BlueStack Systems, Inc.)
    S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2014-03-14] (Microsoft Corporation)
    S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2013-08-22] (Microsoft Corporation) [File not signed]
    R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
    R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-14] (Realsil Microelectronics Inc.) [File not signed]
    R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-21] (Intel Corporation)
    R2 Intel(R) Bluetooth Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [160712 2013-03-11] (Intel Corporation)
    R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
    R2 lmhosts; C:\Windows\system32\svchost.exe [37768 2013-08-22] (Microsoft Corporation)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
    R2 MerakiPCCAgent; C:\Program Files (x86)\Meraki\PCC Agent 1.0.86\m_agent_service.exe [2721810 2013-06-18] () [File not signed]
    R2 metasploitPostgreSQL; C:\metasploit\postgresql\bin\pg_ctl.exe [76800 2014-04-10] (PostgreSQL Global Development Group) [File not signed]
    R2 metasploitProSvc; C:\metasploit\ruby\bin\ruby.exe [70239 2014-06-05] (http://www.ruby-lang.org/) [File not signed]
    R2 metasploitThin; C:\metasploit\ruby\bin\ruby.exe [70239 2014-06-05] (http://www.ruby-lang.org/) [File not signed]
    R2 metasploitWorker; C:\metasploit\ruby\bin\ruby.exe [70239 2014-06-05] (http://www.ruby-lang.org/) [File not signed]
    R2 mitsijm2015; C:\Program Files\Autodesk\Inventor 2015\Moldflow\bin\mitsijm.exe [968480 2013-10-11] (Autodesk, Inc.)
    S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-17] ()
    R2 NlaSvc; C:\Windows\System32\svchost.exe [37768 2013-08-22] (Microsoft Corporation)
    R2 nsi; C:\Windows\system32\svchost.exe [37768 2013-08-22] (Microsoft Corporation)
    R2 QBCFMonitorService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe [24576 2011-11-28] (Intuit) [File not signed]
    S3 QBFCService; C:\Program Files (x86)\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe [61440 2008-11-18] (Intuit Inc.) [File not signed]
    R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
    S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
    S4 TlntSvr; C:\Windows\System32\tlntsvr.exe [146944 2014-03-06] (Microsoft Corporation)
    S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [87728 2013-10-04] (Microsoft Corporation)
    S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [76800 2014-01-16] (Microsoft Corporation)
    R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
    R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-01-17] (Intel® Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36096 2013-12-13] (Advanced Micro Devices, Inc.)
    R2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-07-03] (BlueStack Systems)
    S3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1362232 2013-02-14] (Motorola Solutions, Inc.)
    R3 cbfs3; C:\Windows\System32\drivers\cbfs3.sys [352144 2012-04-09] (EldoS Corporation)
    R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
    R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2014-05-12] (Malwarebytes Corporation)
    R1 mirrorv3; C:\Windows\system32\DRIVERS\rminiv3.sys [5632 2012-12-18] (Famatech International Corp.)
    S3 NdisImPlatformMp; C:\Windows\system32\DRIVERS\NdisImPlatform.sys [124928 2013-08-22] (Microsoft Corporation)
    R3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3349984 2014-02-24] (Intel Corporation)
    R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2013-07-28] (CACE Technologies, Inc.)
    S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [269968 2012-07-04] (Realtek Semiconductor Corp.)
    R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
    S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-24] (Synaptics Incorporated)
    R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2013-07-26] (Synaptics Incorporated)
    R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [206744 2013-06-20] (Windows (R) Win 7 DDK provider)
    R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
    R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
    S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-09] (Windows (R) Win 7 DDK provider)
    S3 ATP; \SystemRoot\system32\DRIVERS\cmdatp.sys [X]
    S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]
    U3 aswMBR; \??\C:\Users\ADMINI~1\AppData\Local\Temp\aswMBR.sys [X]
    U3 aswVmm; \??\C:\Users\ADMINI~1\AppData\Local\Temp\aswVmm.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-07-28 00:40 - 2014-07-28 00:40 - 00000144 _____ () C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
    2014-07-28 00:32 - 2014-07-28 00:34 - 00000000 ____D () C:\Program Files\iTunes
    2014-07-28 00:32 - 2014-07-28 00:34 - 00000000 ____D () C:\Program Files (x86)\iTunes
    2014-07-28 00:32 - 2014-07-28 00:32 - 00000000 ____D () C:\Program Files\iPod
    2014-07-28 00:32 - 2014-07-28 00:32 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
    2014-07-27 01:43 - 2014-07-27 17:06 - 00005922 _____ () C:\WINDOWS\PFRO.log
    2014-07-27 01:39 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\WINDOWS\SysWOW64\sqlite3.dll
    2014-07-27 00:52 - 2014-07-27 00:52 - 00000000 ____D () C:\WINDOWS\ERUNT
    2014-07-27 00:03 - 2014-07-27 01:41 - 00000000 ____D () C:\AdwCleaner
    2014-07-26 23:46 - 2014-07-28 00:19 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2014-07-26 23:45 - 2014-07-26 23:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-07-26 23:45 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
    2014-07-26 23:45 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
    2014-07-26 23:45 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
    2014-07-26 08:49 - 2014-07-26 08:50 - 00000000 ____D () C:\Program Files\7-Zip
    2014-07-26 01:24 - 2014-07-26 01:26 - 00000000 ____D () C:\Users\frank
    2014-07-25 10:12 - 2014-07-25 10:55 - 00000610 _____ () C:\procs.html
    2014-07-25 10:07 - 2014-07-25 10:08 - 19049228 _____ () C:\baseline.xml
    2014-07-25 02:12 - 2014-07-25 07:01 - 00000794 _____ () C:\WINDOWS\setupact.log
    2014-07-25 02:12 - 2014-07-25 02:12 - 00000000 _____ () C:\WINDOWS\setuperr.log
    2014-07-24 21:38 - 2014-07-28 11:46 - 00000000 ____D () C:\FRST
    2014-07-24 19:45 - 2014-07-24 19:45 - 00000207 _____ () C:\WINDOWS\tweaking.com-regbackup-e-Microsoft-Windows-8.1-(64-bit).dat
    2014-07-24 19:44 - 2014-07-24 19:44 - 00000000 ____D () C:\RegBackup
    2014-07-24 19:43 - 2014-07-24 19:43 - 00000000 ____D () C:\Tweaking.com
    2014-07-24 19:43 - 2014-07-24 19:43 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
    2014-07-24 15:42 - 2014-07-28 11:15 - 01415054 _____ () C:\WINDOWS\WindowsUpdate.log
    2014-07-23 13:11 - 2014-07-23 13:11 - 00000000 ____D () C:\Android
    2014-07-23 12:46 - 2014-07-23 12:52 - 00000000 ____D () C:\AndroidSDK
    2014-07-23 12:42 - 2014-07-23 12:42 - 00000000 ____D () C:\Program Files (x86)\BlueStacks
    2014-07-22 16:10 - 2014-07-09 22:16 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
    2014-07-22 16:10 - 2014-07-09 22:03 - 04756992 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
    2014-07-22 16:10 - 2014-07-09 21:33 - 01120256 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
    2014-07-21 05:25 - 2014-07-21 05:34 - 00000000 ____D () C:\WINDOWS\pss
    2014-07-19 05:02 - 2014-07-19 05:24 - 00000000 ____D () C:\Users\TEMP
    2014-07-18 22:05 - 2014-07-18 22:16 - 00000000 ____D () C:\metasploit
    2014-07-17 01:44 - 2014-07-17 01:44 - 00030046 _____ () C:\results.txt
    2014-07-16 16:30 - 2014-07-16 16:47 - 00000000 ____D () C:\cygwin64
    2014-07-15 19:42 - 2014-07-15 19:42 - 00000147 _____ () C:\WINDOWS\ODBC.INI
    2014-07-15 08:17 - 2014-07-15 08:17 - 00000000 ____D () C:\LocalMachine
    2014-07-12 01:17 - 2014-07-12 01:17 - 00000000 ____D () C:\Program Files (x86)\Overlook Fing 2.2
    2014-07-11 16:42 - 2014-07-11 16:42 - 00000451 _____ () C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
    2014-07-11 04:20 - 2014-07-11 04:20 - 00049541 _____ () C:\WINDOWS\SysWOW64\CCCInstall_201407110420128603.log
    2014-07-11 04:20 - 2014-07-11 04:20 - 00000000 ____D () C:\Program Files (x86)\Advanced Micro Devices, Inc
    2014-07-11 04:13 - 2014-07-11 04:13 - 00000000 ____D () C:\Intel
    2014-07-11 04:09 - 2014-07-11 04:09 - 00227476 _____ () C:\WINDOWS\SysWOW64\dd_vcredist_x86_1_vcRuntimeAdditional_x86.log
    2014-07-11 04:09 - 2014-07-11 04:09 - 00146198 _____ () C:\WINDOWS\SysWOW64\dd_vcredist_x86_0_vcRuntimeMinimum_x86.log
    2014-07-11 04:07 - 2014-07-11 04:07 - 00000000 ____D () C:\AMD
    2014-07-11 04:03 - 2014-05-03 05:29 - 01726224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
    2014-07-11 04:03 - 2014-05-03 03:20 - 01473080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
    2014-07-11 04:03 - 2014-05-02 21:30 - 02641920 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
    2014-07-11 04:03 - 2014-05-02 21:27 - 02317824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
    2014-07-11 04:03 - 2014-04-30 23:44 - 01025536 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
    2014-07-11 04:03 - 2014-04-29 22:23 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
    2014-07-11 04:03 - 2014-04-29 21:42 - 00403968 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
    2014-07-11 04:03 - 2014-04-28 16:40 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
    2014-07-11 04:03 - 2014-04-26 16:03 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
    2014-07-11 04:03 - 2014-04-26 14:14 - 02144984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
    2014-07-11 04:03 - 2014-04-14 03:37 - 02125344 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
    2014-07-11 04:03 - 2014-04-14 02:08 - 01797896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
    2014-07-11 04:02 - 2014-06-05 08:13 - 00216368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
    2014-07-11 04:02 - 2014-06-05 07:14 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
    2014-07-11 04:02 - 2014-06-01 20:10 - 00423768 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
    2014-07-11 04:02 - 2014-05-31 04:07 - 00467800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
    2014-07-11 04:02 - 2014-05-31 04:07 - 00440664 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
    2014-07-11 04:02 - 2014-05-31 04:07 - 00419672 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
    2014-07-11 04:02 - 2014-05-31 04:07 - 00089944 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
    2014-07-11 04:02 - 2014-05-31 04:07 - 00027480 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
    2014-07-11 04:02 - 2014-05-31 00:30 - 00037376 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
    2014-07-11 04:02 - 2014-05-31 00:27 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
    2014-07-11 04:02 - 2014-05-31 00:27 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFPf.sys
    2014-07-11 04:02 - 2014-05-31 00:26 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WUDFRd.sys
    2014-07-11 04:02 - 2014-05-30 22:01 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFHost.exe
    2014-07-11 04:02 - 2014-05-30 22:01 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
    2014-07-11 04:02 - 2014-05-30 22:01 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFSvc.dll
    2014-07-11 04:02 - 2014-05-27 09:53 - 02518360 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
    2014-07-11 04:02 - 2014-05-27 03:56 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DaOtpCredentialProvider.dll
    2014-07-11 04:02 - 2014-05-27 03:53 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DaOtpCredentialProvider.dll
    2014-07-11 04:02 - 2014-05-16 22:59 - 16871936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
    2014-07-11 04:02 - 2014-05-16 22:13 - 12711424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
    2014-07-11 04:02 - 2014-05-13 01:01 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\BulkOperationHost.exe
    2014-07-11 04:02 - 2014-05-12 23:07 - 02844160 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
    2014-07-11 04:02 - 2014-05-12 22:41 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
    2014-07-11 04:02 - 2014-05-12 22:26 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
    2014-07-11 04:02 - 2014-05-12 21:59 - 01035264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
    2014-07-11 04:02 - 2014-05-12 21:31 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll
    2014-07-11 04:02 - 2014-05-02 23:36 - 00997888 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
    2014-07-11 04:02 - 2014-05-02 23:19 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncobjapi.dll
    2014-07-11 04:02 - 2014-05-02 23:08 - 00301056 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedynos.dll
    2014-07-11 04:02 - 2014-05-02 23:07 - 00262656 _____ (Microsoft Corporation) C:\WINDOWS\system32\framedyn.dll
    2014-07-11 04:02 - 2014-05-02 22:46 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncobjapi.dll
    2014-07-11 04:02 - 2014-05-02 22:37 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\framedynos.dll
    2014-07-11 04:02 - 2014-05-02 22:37 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\framedyn.dll
    2014-07-11 04:02 - 2014-05-02 17:26 - 00050745 _____ () C:\WINDOWS\system32\srms.dat
    2014-07-11 04:02 - 2014-04-30 00:43 - 00071680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwififlt.sys
    2014-07-11 04:02 - 2014-04-30 00:41 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
    2014-07-11 04:02 - 2014-04-30 00:41 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\agilevpn.sys
    2014-07-11 04:02 - 2014-04-30 00:41 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
    2014-07-11 04:02 - 2014-04-29 23:45 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe
    2014-07-11 04:02 - 2014-04-29 22:48 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Robocopy.exe
    2014-07-11 04:02 - 2014-04-29 22:24 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc6.dll
    2014-07-11 04:02 - 2014-04-29 22:23 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
    2014-07-11 04:02 - 2014-04-29 22:23 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc.dll
    2014-07-11 04:02 - 2014-04-29 22:14 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
    2014-07-11 04:02 - 2014-04-29 21:59 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
    2014-07-11 04:02 - 2014-04-29 21:46 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
    2014-07-11 04:02 - 2014-04-29 21:46 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
    2014-07-11 04:02 - 2014-04-29 21:46 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc6.dll
    2014-07-11 04:02 - 2014-04-29 21:45 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc.dll
    2014-07-11 04:02 - 2014-04-26 10:39 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
    2014-07-11 04:02 - 2014-04-13 23:18 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d8thk.dll
    2014-07-11 04:02 - 2014-04-09 00:11 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
    2014-07-11 04:02 - 2014-04-08 23:20 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
    2014-07-10 05:44 - 2014-07-18 22:07 - 00000000 ____D () C:\Program Files\WinPcap
    2014-07-09 23:34 - 2014-07-09 23:34 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
    2014-07-09 16:42 - 2014-07-09 16:42 - 00000000 ____D () C:\muttildae hacker
    2014-07-09 12:33 - 2014-04-13 21:29 - 01018880 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
    2014-07-09 03:00 - 2014-07-09 03:00 - 00000000 ____D () C:\sql
    2014-07-09 02:55 - 2014-06-18 19:39 - 23464448 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2014-07-09 02:55 - 2014-06-18 18:48 - 02768384 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2014-07-09 02:55 - 2014-06-18 18:16 - 17276416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2014-07-09 02:55 - 2014-06-18 18:09 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
    2014-07-09 02:55 - 2014-06-18 17:51 - 05721088 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2014-07-09 02:55 - 2014-06-18 17:50 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
    2014-07-09 02:55 - 2014-06-18 17:48 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
    2014-07-09 02:55 - 2014-06-18 17:46 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
    2014-07-09 02:55 - 2014-06-18 17:39 - 00608768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
    2014-07-09 02:55 - 2014-06-18 17:33 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
    2014-07-09 02:55 - 2014-06-18 17:32 - 02179072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2014-07-09 02:55 - 2014-06-18 17:27 - 02040832 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
    2014-07-09 02:55 - 2014-06-18 17:12 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
    2014-07-09 02:55 - 2014-06-18 16:59 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
    2014-07-09 02:55 - 2014-06-18 16:58 - 02266112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2014-07-09 02:55 - 2014-06-18 16:58 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
    2014-07-09 02:55 - 2014-06-18 16:57 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
    2014-07-09 02:55 - 2014-06-18 16:52 - 04254720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2014-07-09 02:55 - 2014-06-18 16:51 - 13527040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2014-07-09 02:55 - 2014-06-18 16:49 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
    2014-07-09 02:55 - 2014-06-18 16:45 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
    2014-07-09 02:55 - 2014-06-18 16:35 - 11742208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2014-07-09 02:55 - 2014-06-18 16:34 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2014-07-09 02:55 - 2014-06-18 16:15 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
    2014-07-09 02:55 - 2014-06-18 16:13 - 01791488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2014-07-09 02:55 - 2014-06-18 16:09 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2014-07-09 02:55 - 2014-06-18 16:07 - 00704512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
    2014-07-09 02:55 - 2014-06-16 16:26 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
    2014-07-09 02:55 - 2014-06-16 16:24 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
    2014-07-09 02:55 - 2014-06-06 08:20 - 04190720 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
    2014-07-09 02:55 - 2014-06-06 07:04 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
    2014-07-09 02:55 - 2014-06-06 06:18 - 00488960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
    2014-07-09 02:55 - 2014-05-29 21:03 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
    2014-07-09 02:55 - 2014-05-29 06:02 - 00565576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
    2014-07-09 02:55 - 2014-05-29 01:55 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
    2014-07-09 02:55 - 2014-05-29 00:40 - 00735232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
    2014-07-09 02:55 - 2014-05-29 00:37 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
    2014-07-09 02:55 - 2014-05-28 23:34 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
    2014-07-09 02:55 - 2014-05-28 23:27 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2014-07-09 02:54 - 2014-05-31 04:07 - 00054776 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
    2014-07-09 02:54 - 2014-05-31 04:06 - 00555736 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
    2014-07-09 02:54 - 2014-05-30 21:40 - 13287936 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
    2014-07-09 02:54 - 2014-05-30 21:30 - 11792384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
    2014-07-09 02:54 - 2014-05-30 21:12 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
    2014-07-09 02:54 - 2014-05-30 21:06 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
    2014-07-09 02:54 - 2014-05-30 21:03 - 00827392 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
    2014-07-09 02:54 - 2014-05-30 21:01 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
    2014-07-09 02:54 - 2014-05-30 20:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
    2014-07-09 02:54 - 2014-05-30 20:54 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
    2014-07-09 02:54 - 2014-05-30 20:48 - 03463680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2014-07-09 02:54 - 2014-05-30 20:37 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
    2014-07-09 02:54 - 2014-05-30 20:36 - 00923136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
    2014-07-09 02:54 - 2014-05-30 20:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
    2014-07-09 02:54 - 2014-05-30 20:32 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
    2014-07-09 02:49 - 2014-07-09 02:49 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
    2014-07-08 16:03 - 2014-07-08 16:03 - 00000000 ____D () C:\Program Files (x86)\iExplorer
    2014-07-08 16:03 - 2012-04-09 16:27 - 00352144 _____ (EldoS Corporation) C:\WINDOWS\system32\Drivers\cbfs3.sys
    2014-07-08 16:03 - 2012-04-09 16:27 - 00223760 _____ (EldoS Corporation) C:\WINDOWS\SysWOW64\CbFsNetRdr3.dll
    2014-07-08 16:03 - 2012-04-09 16:27 - 00190480 _____ (EldoS Corporation) C:\WINDOWS\system32\CbFsMntNtf3.dll
    2014-07-08 16:03 - 2012-04-09 16:27 - 00158224 _____ (EldoS Corporation) C:\WINDOWS\SysWOW64\CbFsMntNtf3.dll
    2014-07-08 16:03 - 2012-04-09 16:27 - 00141328 _____ (EldoS Corporation) C:\WINDOWS\system32\CbFsNetRdr3.dll
    2014-07-06 20:52 - 2014-07-06 20:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-07-05 17:43 - 2014-07-05 20:47 - 00000000 ____D () C:\mssqlscan
    2014-07-05 17:06 - 2014-07-05 17:06 - 00000000 ____D () C:\ncat
    2014-07-05 17:02 - 2014-07-05 17:04 - 00000000 ____D () C:\Program Files\Wireshark
    2014-07-05 11:10 - 2014-07-05 11:10 - 00868373 _____ () C:\WINDOWS\system32\wfpdiag.cab
    2014-07-05 08:10 - 2014-07-05 08:11 - 00000000 ____D () C:\Ruby193
    2014-07-05 07:38 - 2014-07-05 07:38 - 00000000 ____D () C:\~
    2014-07-04 22:16 - 2014-07-04 22:19 - 00000000 ____D () C:\PortQryUI
    2014-07-04 22:08 - 2014-07-11 05:52 - 00000000 ____D () C:\WINDOWS\SysWOW64\rserver30
    2014-06-29 08:01 - 2014-06-29 08:46 - 00000000 ____D () C:\Webserver
    2014-06-28 20:40 - 2014-06-28 20:40 - 00000000 ____D () C:\Program Files (x86)\AppInventor

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-07-28 11:46 - 2014-07-24 21:38 - 00000000 ____D () C:\FRST
    2014-07-28 11:15 - 2014-07-24 15:42 - 01415054 _____ () C:\WINDOWS\WindowsUpdate.log
    2014-07-28 11:12 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\sru
    2014-07-28 00:40 - 2014-07-28 00:40 - 00000144 _____ () C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
    2014-07-28 00:34 - 2014-07-28 00:32 - 00000000 ____D () C:\Program Files\iTunes
    2014-07-28 00:34 - 2014-07-28 00:32 - 00000000 ____D () C:\Program Files (x86)\iTunes
    2014-07-28 00:32 - 2014-07-28 00:32 - 00000000 ____D () C:\Program Files\iPod
    2014-07-28 00:32 - 2014-07-28 00:32 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
    2014-07-28 00:30 - 2013-08-03 00:36 - 00000000 ____D () C:\Program Files\Common Files\Apple
    2014-07-28 00:19 - 2014-07-26 23:46 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2014-07-27 22:34 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
    2014-07-27 22:22 - 2014-01-16 21:09 - 00000000 ____D () C:\Users\Administrator
    2014-07-27 17:53 - 2013-08-22 08:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2014-07-27 17:52 - 2013-08-22 07:25 - 04456448 ___SH () C:\WINDOWS\system32\config\BBI
    2014-07-27 17:06 - 2014-07-27 01:43 - 00005922 _____ () C:\WINDOWS\PFRO.log
    2014-07-27 16:14 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
    2014-07-27 10:30 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\System
    2014-07-27 01:44 - 2013-09-15 07:53 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2014-07-27 01:44 - 2013-07-27 00:16 - 00000366 _____ () C:\WINDOWS\Tasks\HPCeeScheduleFore.job
    2014-07-27 01:44 - 2013-07-04 23:52 - 00000928 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2014-07-27 01:44 - 2013-07-04 23:52 - 00000924 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2014-07-27 01:43 - 2013-08-30 19:08 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
    2014-07-27 01:43 - 2013-08-30 19:08 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
    2014-07-27 01:43 - 2013-08-22 08:44 - 00698712 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
    2014-07-27 01:41 - 2014-07-27 00:03 - 00000000 ____D () C:\AdwCleaner
    2014-07-27 00:52 - 2014-07-27 00:52 - 00000000 ____D () C:\WINDOWS\ERUNT
    2014-07-27 00:39 - 2014-06-15 12:04 - 00000000 ____D () C:\Program Files (x86)\Notepad++
    2014-07-26 23:45 - 2014-07-26 23:45 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-07-26 08:50 - 2014-07-26 08:49 - 00000000 ____D () C:\Program Files\7-Zip
    2014-07-26 01:26 - 2014-07-26 01:24 - 00000000 ____D () C:\Users\frank
    2014-07-25 10:55 - 2014-07-25 10:12 - 00000610 _____ () C:\procs.html
    2014-07-25 10:08 - 2014-07-25 10:07 - 19049228 _____ () C:\baseline.xml
    2014-07-25 07:04 - 2013-11-14 01:28 - 00960608 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
    2014-07-25 07:01 - 2014-07-25 02:12 - 00000794 _____ () C:\WINDOWS\setupact.log
    2014-07-25 03:56 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\rescache
    2014-07-25 02:12 - 2014-07-25 02:12 - 00000000 _____ () C:\WINDOWS\setuperr.log
    2014-07-24 19:45 - 2014-07-24 19:45 - 00000207 _____ () C:\WINDOWS\tweaking.com-regbackup-e-Microsoft-Windows-8.1-(64-bit).dat
    2014-07-24 19:44 - 2014-07-24 19:44 - 00000000 ____D () C:\RegBackup
    2014-07-24 19:43 - 2014-07-24 19:43 - 00000000 ____D () C:\Tweaking.com
    2014-07-24 19:43 - 2014-07-24 19:43 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
    2014-07-24 19:36 - 2013-10-16 14:37 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
    2014-07-24 05:18 - 2014-04-07 15:42 - 00000000 ____D () C:\WINDOWS\Minidump
    2014-07-23 20:24 - 2014-01-16 21:09 - 00000000 ____D () C:\Users\e
    2014-07-23 13:11 - 2014-07-23 13:11 - 00000000 ____D () C:\Android
    2014-07-23 12:52 - 2014-07-23 12:46 - 00000000 ____D () C:\AndroidSDK
    2014-07-23 12:42 - 2014-07-23 12:42 - 00000000 ____D () C:\Program Files (x86)\BlueStacks
    2014-07-22 19:36 - 2012-07-26 01:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
    2014-07-21 05:34 - 2014-07-21 05:25 - 00000000 ____D () C:\WINDOWS\pss
    2014-07-19 05:24 - 2014-07-19 05:02 - 00000000 ____D () C:\Users\TEMP
    2014-07-18 22:16 - 2014-07-18 22:05 - 00000000 ____D () C:\metasploit
    2014-07-18 22:07 - 2014-07-10 05:44 - 00000000 ____D () C:\Program Files\WinPcap
    2014-07-18 10:47 - 2013-08-22 05:31 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\TFTP.EXE
    2014-07-18 05:48 - 2013-07-12 00:33 - 00000052 _____ () C:\WINDOWS\SysWOW64\DOErrors.log
    2014-07-17 04:25 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\tracing
    2014-07-17 01:44 - 2014-07-17 01:44 - 00030046 _____ () C:\results.txt
    2014-07-16 16:47 - 2014-07-16 16:30 - 00000000 ____D () C:\cygwin64
    2014-07-15 19:42 - 2014-07-15 19:42 - 00000147 _____ () C:\WINDOWS\ODBC.INI
    2014-07-15 18:48 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\Registration
    2014-07-15 08:17 - 2014-07-15 08:17 - 00000000 ____D () C:\LocalMachine
    2014-07-12 01:17 - 2014-07-12 01:17 - 00000000 ____D () C:\Program Files (x86)\Overlook Fing 2.2
    2014-07-11 16:42 - 2014-07-11 16:42 - 00000451 _____ () C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
    2014-07-11 15:36 - 2014-01-16 21:09 - 00000000 ____D () C:\Users\e
    2014-07-11 14:24 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
    2014-07-11 14:24 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\FileManager
    2014-07-11 14:24 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\Camera
    2014-07-11 05:54 - 2014-01-24 13:00 - 00000000 ____D () C:\Program Files (x86)\MultiBit-0.5.16
    2014-07-11 05:52 - 2014-07-04 22:08 - 00000000 ____D () C:\WINDOWS\SysWOW64\rserver30
    2014-07-11 04:20 - 2014-07-11 04:20 - 00049541 _____ () C:\WINDOWS\SysWOW64\CCCInstall_201407110420128603.log
    2014-07-11 04:20 - 2014-07-11 04:20 - 00000000 ____D () C:\Program Files (x86)\Advanced Micro Devices, Inc
    2014-07-11 04:19 - 2012-12-28 18:13 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
    2014-07-11 04:19 - 2012-09-11 22:14 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
    2014-07-11 04:13 - 2014-07-11 04:13 - 00000000 ____D () C:\Intel
    2014-07-11 04:09 - 2014-07-11 04:09 - 00227476 _____ () C:\WINDOWS\SysWOW64\dd_vcredist_x86_1_vcRuntimeAdditional_x86.log
    2014-07-11 04:09 - 2014-07-11 04:09 - 00146198 _____ () C:\WINDOWS\SysWOW64\dd_vcredist_x86_0_vcRuntimeMinimum_x86.log
    2014-07-11 04:07 - 2014-07-11 04:07 - 00000000 ____D () C:\AMD
    2014-07-11 04:02 - 2014-04-23 21:46 - 00233912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
    2014-07-11 04:00 - 2014-06-10 23:11 - 00428888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
    2014-07-09 23:34 - 2014-07-09 23:34 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
    2014-07-09 22:16 - 2014-07-22 16:10 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
    2014-07-09 22:03 - 2014-07-22 16:10 - 04756992 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
    2014-07-09 21:33 - 2014-07-22 16:10 - 01120256 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
    2014-07-09 16:42 - 2014-07-09 16:42 - 00000000 ____D () C:\muttildae hacker
    2014-07-09 14:39 - 2013-08-22 09:36 - 00000000 ___RD () C:\WINDOWS\ToastData
    2014-07-09 14:39 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\WinStore
    2014-07-09 12:38 - 2013-08-04 11:47 - 00000000 ____D () C:\WINDOWS\system32\MRT
    2014-07-09 12:35 - 2013-07-04 23:49 - 96441528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2014-07-09 12:32 - 2013-11-14 01:17 - 00000000 ____D () C:\Program Files\Windows Journal
    2014-07-09 03:00 - 2014-07-09 03:00 - 00000000 ____D () C:\sql
    2014-07-09 02:49 - 2014-07-09 02:49 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSReset.exe
    2014-07-08 16:03 - 2014-07-08 16:03 - 00000000 ____D () C:\Program Files (x86)\iExplorer
    2014-07-08 15:42 - 2014-04-24 22:48 - 00000000 ____D () C:\Temp
    2014-07-08 14:53 - 2014-03-02 15:58 - 00000000 ____D () C:\Program Files (x86)\QuickTime
    2014-07-06 20:52 - 2014-07-06 20:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-07-05 20:47 - 2014-07-05 17:43 - 00000000 ____D () C:\mssqlscan
    2014-07-05 17:15 - 2014-01-17 00:48 - 00000000 ____D () C:\OEAT
    2014-07-05 17:06 - 2014-07-05 17:06 - 00000000 ____D () C:\ncat
    2014-07-05 17:04 - 2014-07-05 17:02 - 00000000 ____D () C:\Program Files\Wireshark
    2014-07-05 12:41 - 2013-08-22 07:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
    2014-07-05 11:10 - 2014-07-05 11:10 - 00868373 _____ () C:\WINDOWS\system32\wfpdiag.cab
    2014-07-05 08:11 - 2014-07-05 08:10 - 00000000 ____D () C:\Ruby193
    2014-07-05 07:38 - 2014-07-05 07:38 - 00000000 ____D () C:\~
    2014-07-04 22:19 - 2014-07-04 22:16 - 00000000 ____D () C:\PortQryUI
    2014-06-29 08:46 - 2014-06-29 08:01 - 00000000 ____D () C:\Webserver
    2014-06-28 20:40 - 2014-06-28 20:40 - 00000000 ____D () C:\Program Files (x86)\AppInventor

    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

    ==================== End Of Log ============================

  6. #16
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    There should have been a Fixlog.txt log on your desktop but thats ok, I can see what it removed


    2014-07-05 07:38 - 2014-07-05 07:38 - 00000000 ____D () C:\~ <--Whats in this folder ?
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

  7. #17
    Junior Member frankhero's Avatar
    Join Date
    Jul 2014
    Posts
    18

    Default tilde

    That's an .ssh key. one i made using Cygwin. Its my github repository key. my copy. so is that is for the malware end of it? i've noticed a few more issues on my end... not saying it malware... but could use some guidance as to who to go ask. first the networking issue... and to expand on it, i called up my ARP tables and the list is filled with ip address all linked back to on MAC address... it being 00:0D:29:ED:28:5B. dont' know if its always like that but i just noticed it now... i did a netsh arp flush and still nothing changed.. there are 16 entries on the table and they all return that mac address... also "SYSTEMINFO" at cmd returns an error "invalid class" after browsing around this has lead me to believe that i may have some corrupt wmi files... i was going to download a fix from microsoft, but i've only just noticed that none of their pages are https, nor are they verified... i'll try again later using IE since i was using chrome, which may be the issue. any suggestions are welcome... thanks for all you've done so far!

  8. #18
    Security Expert ken545's Avatar
    Join Date
    Nov 2005
    Location
    Florida's SpaceCoast
    Posts
    15,208

    Default

    Frank, my pleasure helping you. Your logs appear to be clean

    As far as the network, a lot of us forums work together, I would like you to post at Whatthetechs Networking forum as there more into networks and there inner functions than I am, as what I do is mostly Malware Removal.

    First go here and register, like Safer it free
    http://forums.whatthetech.com/


    Then post here in there Networking forum
    http://forums.whatthetech.com/index.php?showforum=128


    They will be more adapt to answer any network questions you may have


    Double click on AdwCleaner.exe to run the tool again.
    • Click on the Uninstall button.
    • Click Yes when asked are you sure you want to uninstall.
    • Both AdwCleaner.exe, its folder and all logs will be removed.



    ==========================================================


    Please download DelFix and save the file to your Desktop.

    • Double-click DelFix.exe to run the program.
    • Place a checkmark next to the following items:

    *Activate UAC
    *Remove disinfection tools
    *Create registry backup
    *Reset System Settings


    Click the Run button

    This will remove the specialised tools we used to clean your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually



    ==========================================================






    Safe Surfn
    Ken
    Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014

    ERROR MESSAGE 386
    No KeyBoard Detected
    Press F1 To Continue

    Just a reminder that threads will be closed if no reply in 3 days.

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •