Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Zeroaccess rootkit found


  • This topic is locked This topic is locked
58 replies to this topic

#1 mazz99

mazz99

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:02:54 AM

Posted 12 November 2013 - 02:24 AM

 This is what came up after using RKILL
 
* ALERT: ZEROACCESS rootkit symptoms found!
 
     * C:\Windows\Installer\{b93732d6-b308-ce93-f8e0-3f457f76a2f2}\ [ZA Dir]
     * C:\Windows\Installer\{b93732d6-b308-ce93-f8e0-3f457f76a2f2}\L\ [ZA Dir]
     * C:\Windows\Installer\{b93732d6-b308-ce93-f8e0-3f457f76a2f2}\U\ [ZA Dir]
 
I have followed the instructions for downloading and running DDS.  I hope the files attach ok ( I am a complete novice)
 
I would be so grateful if you could help me with this problem. Many thanks in advance x

Attached Files



BC AdBot (Login to Remove)

 


#2 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:54 AM

Posted 12 November 2013 - 04:29 AM

Hello! Welcome to BleepingComputer Forums! :welcome:
My name is Georgi and and I will be helping you with your computer problems.

Before we begin, please note the following:

  • I will working be on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The logs can take some time to research, so please be patient with me.
  • Stay with the topic until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  • Instructions that I give are for your system only!
  • Please do not run any tools until requested ! The reason for this is so I know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process.
  • Please perform all steps in the order received. If you can't understand something don't hesitate to ask.
  • Again I would like to remind you to make no further changes to your computer unless I direct you to do so. I will not help you if you do not follow my instructions.

 

 

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

 

 

Regards,
Georgi


cXfZ4wS.png


#3 mazz99

mazz99
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:02:54 AM

Posted 12 November 2013 - 09:30 AM

Hi. and thank you so much for your help,
I hope I have done this right, I am a nervous wreck, messing with things I don't understand lol
Just to let you know, (hope its not important,) but windows installed updates when I booted the computer after sending you the DDS logs.
It did it automatically and I didn't know how to stop it....sorry
 
Marion x
 
 
 
 
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-11-2013 01
Ran by Marion (administrator) on MARION-PC on 12-11-2013 14:19:26
Running from C:\Users\Marion\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(Enigma Software Group USA, LLC.) C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\loggingserver.exe
(AMD) C:\Windows\system32\atieclxx.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(SlimWare Utilities, Inc.) C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
(Uniblue Systems Ltd) C:\Program Files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe
(Uniblue Systems Ltd) C:\Program Files (x86)\Uniblue\PowerSuite\powersuite_monitor.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Microsoft Corporation) C:\Windows\sysWOW64\wbem\wmiprvse.exe
(Uniblue Systems Limited) C:\Program Files (x86)\Uniblue\PowerSuite\powersuite.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozy, Inc.) C:\Program Files\MozyHome\mozybackup.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) c:\PROGRA~1\mcafee.com\agent\mcagent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozy, Inc.) C:\Program Files\MozyHome\mozybackup.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Internet Explorer\IELowutil.exe
(PC-Doctor, Inc.) C:\Program Files\My Dell\uaclauncher.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKCU\...\Policies\Explorer: [NoRecentDocsMenu] 0
HKCU\...\Policies\Explorer: [NoThumbnailCache] 1
HKCU\...\Policies\Explorer: [NoSaveSettings] 0
MountPoints2: {5d811904-4669-11df-a7f4-806e6f6e6963} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL D:\Install_CCAHBundleAges5-8.msi
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
AppInit_DLLs-x32:   [ ] ()
Startup: C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop (1).ini ()
Startup: C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop (2).ini ()
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://virginmedia.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x547E9281C373CB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKLM-x32 - DefaultScope {DBFBB281-A745-4F20-B142-EB544D75557F} URL = 
SearchScopes: HKCU - DefaultScope {DBFBB281-A745-4F20-B142-EB544D75557F} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3292715&CUI=UN18051235811025663&UM=2
SearchScopes: HKCU - {A753159B-7604-4426-AF07-A8153F3B1107} URL = http://uk.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKCU - ÛŸÆîZ§’2¹Þpv¨IÍá*X(Ž2s(ÛÎÀJºÔÓµ± vË°!×—(ä¼48иpatm6êo^Mp`Ëõ÷_i£w˜¾!„Áû†x¢8€ÙjÀÿþ ´Ñ;áa´[¦†8 º~RÙxœòÜ8'£-)x­ä­ URL = 
BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} -  No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} 
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} 
DPF: HKLM-x32 {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553570000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\17.1.2\ViProtocol.dll (AVG Secure Search)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
 
Chrome: 
=======
CHR HomePage: hxxp://www.virginmedia.com/
CHR RestoreOnStartup: "hxxp://www.virginmedia.com/"
CHR Extension: (Google Docs) - C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_1
CHR Extension: (Google Drive) - C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (AVG Secure Search) - C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\17.1.2.1_0
CHR Extension: (Google Wallet) - C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_1
CHR Extension: (Gmail) - C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx
CHR HKLM-x32\...\Chrome\Extension: [ndibdjnfmopecpmkdieinmbadjfpblof] - C:\ProgramData\AVG Secure Search\ChromeExt\17.1.2.1\avg.crx
 
==================== Services (Whitelisted) =================
 
S3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [121616 2013-10-02] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [383608 2012-11-16] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.)
R2 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.)
R2 mozybackup; C:\Program Files\MozyHome\mozybackup.exe [55112 2013-03-26] (Mozy, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1444120 2013-10-01] (Trusteer Ltd.)
R2 SpyHunter 4 Service; C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [1025408 2013-10-18] (Enigma Software Group USA, LLC.)
R2 vToolbarUpdater17.1.2; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\ToolbarUpdater.exe [1734680 2013-11-10] (AVG Secure Search)
S2 iconmgr; 
 
==================== Drivers (Whitelisted) ====================
 
S0 amdkmafd; C:\Windows\System32\DRIVERS\amdkmafd.sys [21600 2013-04-27] (Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [36096 2013-09-11] (Advanced Micro Devices, Inc.)
S3 atillk64; C:\dell\drivers\R267410\atillk64.sys [14608 2006-07-19] (ATI Technologies Inc.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [46368 2013-11-10] (AVG Technologies)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13088 2011-03-02] ()
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2012-06-22] ()
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)
R1 mozyFilter; C:\Windows\System32\DRIVERS\mozy.sys [67808 2013-05-21] (Mozy, Inc.)
R3 pmkbdfltr; C:\Windows\System32\DRIVERS\pmkbdfltr.sys [18832 2012-08-04] (PenMount)
R1 RapportCerberus_59849; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys [606672 2013-10-19] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [284176 2013-10-01] (Trusteer Ltd.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [317808 2013-10-01] (Trusteer Ltd.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [399312 2013-10-01] (Trusteer Ltd.)
S3 RimUsb; No ImagePath
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2013-11-12] ()
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-11-12 14:20 - 2013-11-12 14:20 - 01957590 _____ (Farbar) C:\Users\Marion\Downloads\FRST64 (1).exe
2013-11-12 14:19 - 2013-11-12 14:19 - 00000000 ____D C:\FRST
2013-11-12 14:18 - 2013-11-12 14:18 - 01957590 _____ (Farbar) C:\Users\Marion\Downloads\FRST64.exe
2013-11-12 08:54 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-11-12 08:51 - 2013-11-12 08:51 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-12 08:51 - 2013-11-12 08:51 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-12 08:51 - 2013-11-12 08:51 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-12 08:51 - 2013-11-12 08:51 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-12 08:51 - 2013-11-12 08:51 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-12 08:51 - 2013-11-12 08:51 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-12 08:51 - 2013-11-12 08:51 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-12 08:51 - 2013-11-12 08:51 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-12 08:51 - 2013-11-12 08:51 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-12 08:51 - 2013-11-12 08:51 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-12 08:51 - 2013-11-12 08:51 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-12 08:51 - 2013-11-12 08:51 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-12 08:51 - 2013-11-12 08:51 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-12 08:51 - 2013-11-12 08:51 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-12 08:51 - 2013-11-12 08:51 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-12 08:51 - 2013-11-12 08:51 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-12 08:51 - 2013-11-12 08:51 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-12 08:51 - 2013-11-12 08:51 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-12 08:51 - 2013-11-12 08:51 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-12 08:51 - 2013-11-12 08:51 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-12 08:51 - 2013-11-12 08:51 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-12 08:51 - 2013-11-12 08:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-12 08:51 - 2013-11-12 08:51 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-12 08:51 - 2013-11-12 08:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-12 08:51 - 2013-11-12 08:51 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-12 08:51 - 2013-11-12 08:51 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-12 08:51 - 2013-11-12 08:51 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-12 08:51 - 2013-11-12 08:51 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-12 08:50 - 2013-11-12 08:54 - 00007785 _____ C:\Windows\IE11_main.log
2013-11-12 07:03 - 2013-11-12 07:07 - 00024329 _____ C:\Users\Marion\Desktop\dds.txt
2013-11-12 07:03 - 2013-11-12 07:03 - 00015013 _____ C:\Users\Marion\Desktop\attach.txt
2013-11-12 07:01 - 2013-11-12 07:01 - 00688992 _____ (Swearware) C:\Users\Marion\Downloads\dds (1).com
2013-11-12 07:00 - 2013-11-12 07:00 - 00688992 ____R (Swearware) C:\Users\Marion\Downloads\dds.com
2013-11-12 00:43 - 2013-11-12 00:44 - 00002930 _____ C:\Users\Marion\Desktop\Rkill.txt
2013-11-12 00:43 - 2013-11-12 00:43 - 01898232 _____ (Bleeping Computer, LLC) C:\Users\Marion\Downloads\rkill.com
2013-11-12 00:43 - 2013-11-12 00:43 - 00000000 ____D C:\Users\Marion\Desktop\rkill
2013-11-12 00:24 - 2013-11-12 00:24 - 00000000 ____D C:\Users\Marion\AppData\Local\Deployment
2013-11-12 00:23 - 2013-11-12 00:23 - 00001139 _____ C:\Users\Marion\Desktop\System Checkup.lnk
2013-11-12 00:23 - 2013-11-12 00:23 - 00000000 ____D C:\Program Files (x86)\iolo
2013-11-12 00:14 - 2013-11-12 00:14 - 23960472 _____ (NVIDIA Corporation) C:\Users\Marion\Downloads\GeForce_Experience_v1.7.0.0.exe
2013-11-11 23:49 - 2013-11-11 23:49 - 00003176 _____ C:\Windows\System32\Tasks\{E6B8E692-52A0-47F0-B48E-F36ED5E0D9C5}
2013-11-11 18:38 - 2013-11-11 18:38 - 00000000 ____D C:\Users\Marion\Downloads\Autoruns
2013-11-11 18:29 - 2013-11-11 18:29 - 00550371 _____ C:\Users\Marion\Downloads\Autoruns.zip
2013-11-11 17:52 - 2013-11-11 17:52 - 00001417 _____ C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-11 17:39 - 2013-11-11 17:39 - 00001428 _____ C:\Windows\PFRO.log
2013-11-11 12:17 - 2013-11-11 12:17 - 00987961 _____ C:\Users\Marion\Downloads\MS STEPIEN.zip
2013-11-11 12:08 - 2013-11-11 12:08 - 00001912 _____ C:\Users\Public\Desktop\Play Mini Robot Wars.lnk
2013-11-11 12:08 - 2013-11-11 12:08 - 00001260 _____ C:\Users\Public\Desktop\More Great Games.lnk
2013-11-11 12:08 - 2013-11-11 12:08 - 00000000 ____D C:\Users\Marion\AppData\Roaming\Picsoft
2013-11-11 12:08 - 2013-11-11 12:08 - 00000000 ____D C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mini Robot Wars
2013-11-11 12:08 - 2013-11-11 12:08 - 00000000 ____D C:\Program Files (x86)\Mini Robot Wars
2013-11-11 11:58 - 2013-11-11 11:58 - 00001900 _____ C:\Users\Public\Desktop\Play Peggle Deluxe.lnk
2013-11-11 11:58 - 2013-11-11 11:58 - 00000000 ____D C:\Program Files (x86)\Peggle Deluxe
2013-11-11 11:53 - 2013-11-11 11:53 - 00236648 _____ (Big Fish Games) C:\Users\Marion\Downloads\peggle_s1_l1_gF1465T1L1_d2194852066.exe
2013-11-11 11:45 - 2013-11-11 11:45 - 00001743 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-11-11 11:44 - 2013-11-11 11:45 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-11 11:44 - 2013-11-11 11:45 - 00000000 ____D C:\Program Files\iTunes
2013-11-11 11:44 - 2013-11-11 11:45 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-11-11 11:44 - 2013-11-11 11:44 - 00000000 ____D C:\Program Files\iPod
2013-11-11 11:01 - 2013-11-12 14:05 - 00000448 _____ C:\Windows\setupact.log
2013-11-11 11:01 - 2013-11-11 11:01 - 00000000 _____ C:\Windows\setuperr.log
2013-11-10 10:21 - 2013-11-10 10:21 - 00000000 ____D C:\Users\Marion\AppData\Local\AVG Secure Search
2013-11-10 09:44 - 2013-11-10 10:21 - 00000000 ____D C:\ProgramData\Innovative Solutions
2013-11-10 09:44 - 2013-11-10 09:44 - 00000000 ____D C:\Users\Marion\AppData\Local\Innovative Solutions
2013-11-10 09:44 - 2013-11-10 09:44 - 00000000 ____D C:\Program Files (x86)\Innovative Solutions
2013-11-10 09:44 - 2009-11-05 13:24 - 00042496 _____ C:\Windows\SysWOW64\AdvUninstCPL.cpl
2013-11-10 09:43 - 2013-11-10 09:43 - 00000000 ____D C:\ProgramData\AVG Secure Search
2013-11-10 09:43 - 2013-11-10 09:42 - 00046368 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2013-11-10 09:42 - 2013-11-10 09:42 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2013-11-10 09:40 - 2013-11-10 09:40 - 21548944 _____ (Innovative Solutions                                        ) C:\Users\Marion\Downloads\Advanced_Uninstaller11.exe
2013-11-05 07:43 - 2013-11-05 07:43 - 00272664 _____ (Trusteer Ltd.) C:\Users\Marion\Downloads\RapportSetup.exe
2013-11-03 09:32 - 2013-11-11 17:39 - 00000396 _____ C:\Windows\Tasks\SpyHunter4.job
2013-11-03 09:32 - 2013-11-11 11:36 - 00003082 _____ C:\Windows\System32\Tasks\SpyHunter4
2013-11-03 03:19 - 2013-11-03 03:19 - 00001613 _____ C:\spyhunter.fix
2013-11-03 03:19 - 2013-10-18 15:01 - 00285747 _____ C:\shldr
2013-11-03 03:19 - 2013-10-18 15:01 - 00008192 _____ C:\shldr.mbr
2013-11-03 01:37 - 2013-11-03 01:37 - 00000000 _____ C:\autoexec.bat
2013-11-03 01:36 - 2013-11-03 09:36 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-11-03 01:36 - 2013-11-03 01:36 - 00000000 ____D C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2013-11-03 01:36 - 2013-11-03 01:36 - 00000000 ____D C:\sh4ldr
2013-11-03 01:36 - 2012-06-22 11:01 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2013-11-03 01:33 - 2013-11-03 01:33 - 00819208 _____ (Google Inc.) C:\Users\Marion\Downloads\ChromeSetup.exe
2013-11-02 12:06 - 2013-11-02 12:06 - 00000000 ____D C:\Users\Marion\AppData\Local\NativeMessaging
2013-11-02 12:05 - 2013-11-02 12:07 - 00000009 _____ C:\END
2013-11-02 10:13 - 2013-11-02 10:13 - 00000000 __SHD C:\found.001
2013-11-02 01:48 - 2013-11-02 01:48 - 00003766 _____ C:\Windows\System32\Tasks\Driver Detective-RTMUpdater
2013-11-02 01:48 - 2013-11-02 01:48 - 00003762 _____ C:\Windows\System32\Tasks\Driver Detective-RTMRules
2013-11-02 01:47 - 2013-11-02 01:47 - 00004302 _____ C:\Windows\System32\Tasks\Driver Detective-RTMScan
2013-11-01 23:43 - 2013-11-01 23:44 - 00000000 ____D C:\Program Files (x86)\Drawn - Dark Flight
2013-11-01 23:43 - 2013-11-01 23:43 - 00000000 ____D C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Drawn - Dark Flight
2013-10-31 22:57 - 2013-10-31 22:57 - 01520376 _____ (Uniblue Systems Limited                                     ) C:\Users\Marion\Downloads\powersuite.exe
2013-10-27 19:51 - 2013-11-10 09:57 - 00000000 ____D C:\Users\Marion\AppData\Roaming\Pengu Wars
2013-10-27 19:46 - 2013-10-27 19:46 - 00000000 ____D C:\Users\Marion\AppData\Roaming\Melesta
2013-10-27 19:21 - 2013-10-27 19:21 - 00002189 _____ C:\Users\Public\Desktop\Play SpongeBob SquarePants Obstacle Odyssey.lnk
2013-10-27 19:20 - 2013-10-27 19:21 - 00000000 ____D C:\Program Files (x86)\SpongeBob SquarePants Obstacle Odyssey
2013-10-27 19:20 - 2013-10-27 19:20 - 00001911 _____ C:\Users\Public\Desktop\Play Nick Jr. Bingo.lnk
2013-10-27 19:20 - 2013-10-27 19:20 - 00000000 ____D C:\Program Files (x86)\Nick Jr. Bingo
2013-10-27 19:11 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2013-10-27 19:11 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2013-10-27 19:11 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2013-10-27 19:11 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2013-10-27 19:11 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2013-10-27 19:11 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2013-10-27 19:11 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2013-10-27 19:11 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2013-10-27 19:11 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2013-10-27 19:11 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2013-10-27 19:11 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2013-10-27 19:11 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2013-10-27 19:11 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2013-10-27 19:10 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2013-10-27 19:09 - 2013-10-27 19:11 - 00000000 ____D C:\Program Files (x86)\Dark Manor - A Hidden Object Mystery
2013-10-27 19:09 - 2013-10-27 19:09 - 00000000 ____D C:\Users\Marion\AppData\Roaming\Nimbus Games
2013-10-27 19:09 - 2013-10-27 19:09 - 00000000 ____D C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dark Manor - A Hidden Object Mystery
2013-10-27 19:08 - 2013-10-27 19:08 - 00002002 _____ C:\Users\Public\Desktop\Play Putt-Putt Saves the Zoo.lnk
2013-10-27 19:08 - 2013-10-27 19:08 - 00000000 ____D C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Putt-Putt Saves the Zoo
2013-10-27 19:08 - 2013-10-27 19:08 - 00000000 ____D C:\Program Files (x86)\Putt-Putt Saves the Zoo
2013-10-24 19:10 - 2013-10-24 19:22 - 00000000 ____D C:\Users\Marion\AppData\Roaming\The Witch and The Warrior
2013-10-24 18:44 - 2013-10-24 18:44 - 00000000 ____D C:\Users\Marion\AppData\Roaming\Skyborn
2013-10-23 11:38 - 2013-10-23 12:06 - 00000000 ____D C:\Users\Marion\AppData\Roaming\viking_saga_bfg_en
2013-10-23 11:37 - 2013-10-23 11:37 - 00001890 _____ C:\Users\Public\Desktop\Play Viking Saga.lnk
2013-10-23 11:36 - 2013-10-23 11:37 - 00000000 ____D C:\Program Files (x86)\Viking Saga
2013-10-23 11:36 - 2013-10-23 11:36 - 00000000 ____D C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viking Saga
2013-10-23 11:34 - 2013-10-23 11:34 - 00236648 _____ (Big Fish Games) C:\Users\Marion\Downloads\viking-saga_s1_l1_gF7645T1L1_d2182559580.exe
2013-10-22 13:52 - 2013-10-22 13:52 - 00000000 ____D C:\Users\Marion\AppData\Roaming\kidoz
2013-10-21 12:36 - 2013-11-03 03:19 - 00003134 _____ C:\Windows\System32\Tasks\{3AC193AA-B7EA-48D2-9D49-39099EF51B2B}
2013-10-21 12:33 - 2013-10-21 12:33 - 02712592 _____ C:\Users\Marion\Downloads\R199967.exe
2013-10-21 10:58 - 2013-10-21 10:58 - 00027305 _____ C:\Users\Marion\Downloads\DellPerformanceDiagnostic (1).diagcab
2013-10-21 10:46 - 2013-10-21 10:46 - 00027305 _____ C:\Users\Marion\Downloads\DellPerformanceDiagnostic.diagcab
2013-10-19 10:59 - 2013-11-10 09:56 - 00000000 ____D C:\Users\Marion\AppData\Roaming\InstallShield
2013-10-19 09:46 - 2013-10-19 09:46 - 02445208 _____ C:\Users\Marion\Downloads\R213714.EXE
2013-10-19 09:46 - 2013-10-19 09:46 - 00571728 _____ C:\Users\Marion\Downloads\R205900.exe
2013-10-19 09:44 - 2013-10-19 09:45 - 110976048 _____ C:\Users\Marion\Downloads\R227524.exe
2013-10-19 09:44 - 2013-10-19 09:44 - 02911266 _____ C:\Users\Marion\Downloads\BH20N-C106 (1).zip
2013-10-18 19:42 - 2013-10-18 19:43 - 154092488 _____ (Advanced Micro Devices, Inc.) C:\Users\Marion\Downloads\13-1-legacy_vista_win7_win8_64_dd_ccc.exe
2013-10-18 19:41 - 2013-10-18 19:42 - 415761013 _____ C:\Users\Marion\Downloads\13.151-130819a-161838C-EDG_Direct.zip
2013-10-18 19:37 - 2013-10-18 19:37 - 217681405 _____ C:\Users\Marion\Downloads\AMD_Catalyst_13.4_Vista_W7_W8_WHQL.zip
2013-10-18 19:15 - 2013-10-18 19:15 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2013-10-18 19:15 - 2013-10-18 19:15 - 00000000 ____D C:\Program Files\Realtek
2013-10-18 19:14 - 2013-03-29 20:42 - 03379272 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2013-10-18 19:14 - 2013-03-29 16:10 - 00449481 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2013-10-18 19:14 - 2013-03-27 15:57 - 00135240 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2013-10-18 19:14 - 2013-03-26 16:06 - 02797128 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2013-10-18 19:14 - 2013-03-26 14:40 - 03693128 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2013-10-18 19:14 - 2013-03-12 17:16 - 00613448 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2013-10-18 19:14 - 2013-02-20 17:55 - 01284680 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2013-10-18 19:14 - 2013-02-19 17:52 - 00991816 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2013-10-18 19:14 - 2012-06-08 15:23 - 00083072 _____ (Creative Technology Ltd.) C:\Windows\system32\MBWrp64.dll
2013-10-18 19:14 - 2012-06-08 15:21 - 00897152 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO64.dll
2013-10-18 19:14 - 2012-06-08 15:21 - 00753280 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBAPO32.dll
2013-10-18 19:14 - 2011-12-20 14:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2013-10-18 19:14 - 2011-12-16 13:57 - 00065112 _____ (Creative Technology Ltd.) C:\Windows\system32\MBppld64.dll
2013-10-18 19:14 - 2011-11-22 15:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2013-10-18 19:14 - 2010-11-08 06:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2013-10-18 19:14 - 2010-11-08 06:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2013-10-18 19:14 - 2010-11-08 06:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2013-10-18 19:14 - 2010-11-08 06:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2013-10-18 19:14 - 2010-11-08 06:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2013-10-18 19:14 - 2010-11-08 06:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2013-10-18 19:14 - 2010-11-03 17:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2013-10-18 19:14 - 2009-11-24 08:55 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2013-10-18 19:14 - 2009-11-24 08:55 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2013-10-18 19:14 - 2009-11-18 06:13 - 00060504 _____ (Creative Technology Ltd.) C:\Windows\system32\MBPPCn64.dll
2013-10-18 19:13 - 2013-03-26 16:04 - 02734624 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2013-10-18 19:13 - 2013-03-23 02:43 - 00208072 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2013-10-18 19:13 - 2012-06-20 16:26 - 00110592 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2013-10-18 19:13 - 2012-03-08 10:47 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2013-10-18 19:05 - 2013-10-18 19:52 - 00000000 ____D C:\Program Files (x86)\Realtek
2013-10-18 19:00 - 2013-01-16 15:02 - 02079816 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2013-10-18 18:31 - 2013-10-18 18:31 - 00000000 ____D C:\Users\Marion\Downloads\Driver Whiz
2013-10-18 18:30 - 2013-11-10 09:54 - 00000000 ____D C:\ProgramData\UAB
2013-10-18 18:30 - 2013-10-18 18:30 - 00004294 _____ C:\Windows\System32\Tasks\Driver Whiz-RTMScan
2013-10-18 18:30 - 2013-10-18 18:30 - 00003758 _____ C:\Windows\System32\Tasks\Driver Whiz-RTMUpdater
2013-10-18 18:30 - 2013-10-18 18:30 - 00003750 _____ C:\Windows\System32\Tasks\Driver Whiz-RTMRules
2013-10-18 18:30 - 2013-10-18 18:30 - 00000000 ____D C:\Users\Marion\AppData\Local\PC_Drivers_Headquarters
2013-10-18 18:30 - 2013-10-18 18:30 - 00000000 ____D C:\ProgramData\Driver Whiz
2013-10-18 18:28 - 2013-10-18 18:28 - 00000000 ____D C:\Program Files (x86)\Driver Whiz
2013-10-18 18:24 - 2013-10-18 18:24 - 01998248 _____ (Driver Whiz) C:\Users\Marion\Downloads\Driverwhiz.exe
2013-10-18 18:18 - 2013-11-10 09:56 - 00000000 ____D C:\Users\Marion\AppData\Roaming\Foresight Software
2013-10-18 18:18 - 2013-10-18 18:18 - 00000000 ____D C:\Users\Marion\AppData\Roaming\DriverCure
2013-10-18 18:17 - 2013-11-10 09:54 - 00000000 ____D C:\ProgramData\Foresight Software
2013-10-18 16:36 - 2013-10-18 16:36 - 00003200 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest
2013-10-18 16:35 - 2013-10-18 16:35 - 00000000 ____D C:\ProgramData\PC-Doctor for Windows
2013-10-18 16:35 - 2013-10-18 16:35 - 00000000 ____D C:\Program Files\Dell Support Center
2013-10-18 16:08 - 2013-11-12 14:07 - 00000338 _____ C:\Windows\Tasks\spmonitor.job
2013-10-18 16:08 - 2013-10-18 16:08 - 00002506 _____ C:\Windows\System32\Tasks\spmonitor
2013-10-18 16:02 - 2013-10-18 16:02 - 00003156 _____ C:\Windows\System32\Tasks\{22156837-0D2A-4D1C-9926-C830D0C78353}
2013-10-18 13:22 - 2013-10-18 13:22 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-10-17 00:12 - 2012-12-10 14:48 - 00044544 _____ (Research in Motion Ltd) C:\Windows\system32\Drivers\RimSerial_AMD64.sys
2013-10-13 11:43 - 2013-10-13 11:43 - 00010591 _____ C:\Users\Marion\Downloads\dellsystemdetect (1).application
 
==================== One Month Modified Files and Folders =======
 
2013-11-12 14:20 - 2013-11-12 14:20 - 01957590 _____ (Farbar) C:\Users\Marion\Downloads\FRST64 (1).exe
2013-11-12 14:19 - 2013-11-12 14:19 - 00000000 ____D C:\FRST
2013-11-12 14:18 - 2013-11-12 14:18 - 01957590 _____ (Farbar) C:\Users\Marion\Downloads\FRST64.exe
2013-11-12 14:15 - 2012-10-12 16:41 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{2FEB0AF2-5F46-46CD-93EC-3787D0FAA976}
2013-11-12 14:15 - 2010-04-12 19:29 - 01373600 _____ C:\Windows\WindowsUpdate.log
2013-11-12 14:07 - 2013-10-18 16:08 - 00000338 _____ C:\Windows\Tasks\spmonitor.job
2013-11-12 14:07 - 2013-08-13 10:17 - 00000420 _____ C:\Windows\Tasks\DriverUpdate Startup.job
2013-11-12 14:07 - 2013-04-06 11:59 - 00000354 _____ C:\Windows\Tasks\powersuite_monitor.job
2013-11-12 14:05 - 2013-11-11 11:01 - 00000448 _____ C:\Windows\setupact.log
2013-11-12 14:05 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-12 14:04 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-11-12 08:54 - 2013-11-12 08:50 - 00007785 _____ C:\Windows\IE11_main.log
2013-11-12 08:51 - 2013-11-12 08:51 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-12 08:51 - 2013-11-12 08:51 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-12 08:51 - 2013-11-12 08:51 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-12 08:51 - 2013-11-12 08:51 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-12 08:51 - 2013-11-12 08:51 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-12 08:51 - 2013-11-12 08:51 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-12 08:51 - 2013-11-12 08:51 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-12 08:51 - 2013-11-12 08:51 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-12 08:51 - 2013-11-12 08:51 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-12 08:51 - 2013-11-12 08:51 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-12 08:51 - 2013-11-12 08:51 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-12 08:51 - 2013-11-12 08:51 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-12 08:51 - 2013-11-12 08:51 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-12 08:51 - 2013-11-12 08:51 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-12 08:51 - 2013-11-12 08:51 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-12 08:51 - 2013-11-12 08:51 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-12 08:51 - 2013-11-12 08:51 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-12 08:51 - 2013-11-12 08:51 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-12 08:51 - 2013-11-12 08:51 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-12 08:51 - 2013-11-12 08:51 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-12 08:51 - 2013-11-12 08:51 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-12 08:51 - 2013-11-12 08:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-12 08:51 - 2013-11-12 08:51 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-12 08:51 - 2013-11-12 08:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-12 08:51 - 2013-11-12 08:51 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-12 08:51 - 2013-11-12 08:51 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-12 08:51 - 2013-11-12 08:51 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-12 08:51 - 2013-11-12 08:51 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-12 08:49 - 2012-01-30 09:13 - 00000000 ____D C:\ProgramData\NVIDIA
2013-11-12 08:48 - 2012-01-29 17:04 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-11-12 08:30 - 2013-06-28 16:40 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-12 08:30 - 2013-03-26 09:41 - 00005030 _____ C:\Windows\mozy.blk
2013-11-12 08:30 - 2013-03-26 09:41 - 00000804 _____ C:\Windows\mozy.flt
2013-11-12 08:09 - 2010-04-12 15:40 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-12 07:07 - 2013-11-12 07:03 - 00024329 _____ C:\Users\Marion\Desktop\dds.txt
2013-11-12 07:03 - 2013-11-12 07:03 - 00015013 _____ C:\Users\Marion\Desktop\attach.txt
2013-11-12 07:01 - 2013-11-12 07:01 - 00688992 _____ (Swearware) C:\Users\Marion\Downloads\dds (1).com
2013-11-12 07:00 - 2013-11-12 07:00 - 00688992 ____R (Swearware) C:\Users\Marion\Downloads\dds.com
2013-11-12 06:50 - 2009-07-14 04:45 - 00014832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-12 06:50 - 2009-07-14 04:45 - 00014832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-12 06:40 - 2013-08-13 10:17 - 00002848 _____ C:\Windows\System32\Tasks\DriverUpdate Startup
2013-11-12 06:40 - 2011-11-12 14:21 - 00016152 _____ C:\Windows\system32\Drivers\SWDUMon.sys
2013-11-12 06:40 - 2010-04-12 15:40 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-12 00:44 - 2013-11-12 00:43 - 00002930 _____ C:\Users\Marion\Desktop\Rkill.txt
2013-11-12 00:43 - 2013-11-12 00:43 - 01898232 _____ (Bleeping Computer, LLC) C:\Users\Marion\Downloads\rkill.com
2013-11-12 00:43 - 2013-11-12 00:43 - 00000000 ____D C:\Users\Marion\Desktop\rkill
2013-11-12 00:24 - 2013-11-12 00:24 - 00000000 ____D C:\Users\Marion\AppData\Local\Deployment
2013-11-12 00:23 - 2013-11-12 00:23 - 00001139 _____ C:\Users\Marion\Desktop\System Checkup.lnk
2013-11-12 00:23 - 2013-11-12 00:23 - 00000000 ____D C:\Program Files (x86)\iolo
2013-11-12 00:23 - 2011-12-11 15:37 - 00000000 ____D C:\ProgramData\iolo
2013-11-12 00:14 - 2013-11-12 00:14 - 23960472 _____ (NVIDIA Corporation) C:\Users\Marion\Downloads\GeForce_Experience_v1.7.0.0.exe
2013-11-11 23:49 - 2013-11-11 23:49 - 00003176 _____ C:\Windows\System32\Tasks\{E6B8E692-52A0-47F0-B48E-F36ED5E0D9C5}
2013-11-11 19:51 - 2010-04-15 18:17 - 00000000 ___RD C:\Users\Marion\Desktop\GAMES
2013-11-11 19:49 - 2010-04-15 18:18 - 00000000 ____D C:\Users\Marion\Desktop\Maintainence
2013-11-11 18:38 - 2013-11-11 18:38 - 00000000 ____D C:\Users\Marion\Downloads\Autoruns
2013-11-11 18:29 - 2013-11-11 18:29 - 00550371 _____ C:\Users\Marion\Downloads\Autoruns.zip
2013-11-11 17:52 - 2013-11-11 17:52 - 00001417 _____ C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-11 17:39 - 2013-11-11 17:39 - 00001428 _____ C:\Windows\PFRO.log
2013-11-11 17:39 - 2013-11-03 09:32 - 00000396 _____ C:\Windows\Tasks\SpyHunter4.job
2013-11-11 12:17 - 2013-11-11 12:17 - 00987961 _____ C:\Users\Marion\Downloads\MS STEPIEN.zip
2013-11-11 12:08 - 2013-11-11 12:08 - 00001912 _____ C:\Users\Public\Desktop\Play Mini Robot Wars.lnk
2013-11-11 12:08 - 2013-11-11 12:08 - 00001260 _____ C:\Users\Public\Desktop\More Great Games.lnk
2013-11-11 12:08 - 2013-11-11 12:08 - 00000000 ____D C:\Users\Marion\AppData\Roaming\Picsoft
2013-11-11 12:08 - 2013-11-11 12:08 - 00000000 ____D C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mini Robot Wars
2013-11-11 12:08 - 2013-11-11 12:08 - 00000000 ____D C:\Program Files (x86)\Mini Robot Wars
2013-11-11 11:59 - 2010-04-15 17:16 - 00000000 ____D C:\ProgramData\Big Fish Games
2013-11-11 11:58 - 2013-11-11 11:58 - 00001900 _____ C:\Users\Public\Desktop\Play Peggle Deluxe.lnk
2013-11-11 11:58 - 2013-11-11 11:58 - 00000000 ____D C:\Program Files (x86)\Peggle Deluxe
2013-11-11 11:57 - 2013-08-28 17:38 - 00000000 ____D C:\BigFishCache
2013-11-11 11:53 - 2013-11-11 11:53 - 00236648 _____ (Big Fish Games) C:\Users\Marion\Downloads\peggle_s1_l1_gF1465T1L1_d2194852066.exe
2013-11-11 11:45 - 2013-11-11 11:45 - 00001743 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-11-11 11:45 - 2013-11-11 11:44 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-11 11:45 - 2013-11-11 11:44 - 00000000 ____D C:\Program Files\iTunes
2013-11-11 11:45 - 2013-11-11 11:44 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-11-11 11:44 - 2013-11-11 11:44 - 00000000 ____D C:\Program Files\iPod
2013-11-11 11:36 - 2013-11-03 09:32 - 00003082 _____ C:\Windows\System32\Tasks\SpyHunter4
2013-11-11 11:01 - 2013-11-11 11:01 - 00000000 _____ C:\Windows\setuperr.log
2013-11-10 13:53 - 2010-04-12 15:40 - 00000000 ____D C:\Users\Marion\AppData\Local\Apple
2013-11-10 11:21 - 2010-04-12 15:28 - 00000000 ____D C:\Users\Marion\AppData\Roaming\Adobe
2013-11-10 11:20 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\system32\NDF
2013-11-10 10:21 - 2013-11-10 10:21 - 00000000 ____D C:\Users\Marion\AppData\Local\AVG Secure Search
2013-11-10 10:21 - 2013-11-10 09:44 - 00000000 ____D C:\ProgramData\Innovative Solutions
2013-11-10 10:06 - 2011-09-09 16:33 - 00000000 __SHD C:\AI_RecycleBin
2013-11-10 09:58 - 2010-04-12 09:07 - 00000000 ____D C:\Users\Marion\Tracing
2013-11-10 09:57 - 2013-10-27 19:51 - 00000000 ____D C:\Users\Marion\AppData\Roaming\Pengu Wars
2013-11-10 09:57 - 2013-01-14 14:55 - 00000000 ____D C:\Users\Marion\AppData\Roaming\Strongvault
2013-11-10 09:57 - 2012-06-29 21:49 - 00000000 ____D C:\Users\Marion\AppData\Roaming\vcards
2013-11-10 09:56 - 2013-10-19 10:59 - 00000000 ____D C:\Users\Marion\AppData\Roaming\InstallShield
2013-11-10 09:56 - 2013-10-18 18:18 - 00000000 ____D C:\Users\Marion\AppData\Roaming\Foresight Software
2013-11-10 09:56 - 2012-06-29 21:49 - 00000000 ____D C:\Users\Marion\AppData\Roaming\GirlsDateChat
2013-11-10 09:56 - 2011-04-09 13:30 - 00000000 ____D C:\Users\Marion\AppData\Roaming\CyberLink
2013-11-10 09:56 - 2010-08-11 14:13 - 00000000 ____D C:\Users\Marion\AppData\Roaming\ATI
2013-11-10 09:56 - 2010-04-28 18:55 - 00000000 ____D C:\Users\Marion\AppData\Roaming\Ancient Quest of Saqqarah__bfg
2013-11-10 09:56 - 2010-04-12 15:32 - 00000000 ____D C:\Users\Marion\AppData\Roaming\Google
2013-11-10 09:55 - 2012-01-13 14:34 - 00000000 __SHD C:\Users\Marion\AppData\Local\{b93732d6-b308-ce93-f8e0-3f457f76a2f2}
2013-11-10 09:55 - 2011-04-09 13:22 - 00000000 ____D C:\Users\Marion\AppData\Local\PCM4Everio
2013-11-10 09:55 - 2010-04-12 15:44 - 00000000 ____D C:\Users\Marion\AppData\Local\Apple Computer
2013-11-10 09:55 - 2010-04-12 15:32 - 00000000 ____D C:\Users\Marion\AppData\Local\Google
2013-11-10 09:55 - 2010-04-12 15:31 - 00000000 ____D C:\Users\Marion\AppData\Local\Adobe
2013-11-10 09:54 - 2013-10-18 18:30 - 00000000 ____D C:\ProgramData\UAB
2013-11-10 09:54 - 2013-10-18 18:17 - 00000000 ____D C:\ProgramData\Foresight Software
2013-11-10 09:54 - 2013-09-29 16:38 - 00000000 ____D C:\teac
2013-11-10 09:54 - 2013-02-04 15:51 - 00000000 ____D C:\ProgramData\Elephant Games
2013-11-10 09:54 - 2013-02-04 13:35 - 00000000 ____D C:\ProgramData\Publisher
2013-11-10 09:54 - 2011-10-21 13:26 - 00000000 ____D C:\ProgramData\Ask
2013-11-10 09:54 - 2010-04-18 07:09 - 00000000 ____D C:\ProgramData\GOA
2013-11-10 09:54 - 2010-04-17 15:36 - 00000000 ____D C:\ProgramData\Braintonik
2013-11-10 09:54 - 2010-04-15 15:12 - 00000000 ____D C:\BigFishGamesCache
2013-11-10 09:54 - 2010-04-13 16:22 - 00000000 ____D C:\ProgramData\Uniblue
2013-11-10 09:54 - 2010-04-12 15:31 - 00000000 ____D C:\ProgramData\Adobe
2013-11-10 09:54 - 2009-07-14 05:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-11-10 09:54 - 2009-07-14 03:20 - 00000000 __RHD C:\Users\Default
2013-11-10 09:44 - 2013-11-10 09:44 - 00000000 ____D C:\Users\Marion\AppData\Local\Innovative Solutions
2013-11-10 09:44 - 2013-11-10 09:44 - 00000000 ____D C:\Program Files (x86)\Innovative Solutions
2013-11-10 09:43 - 2013-11-10 09:43 - 00000000 ____D C:\ProgramData\AVG Secure Search
2013-11-10 09:42 - 2013-11-10 09:43 - 00046368 _____ (AVG Technologies) C:\Windows\system32\Drivers\avgtpx64.sys
2013-11-10 09:42 - 2013-11-10 09:42 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2013-11-10 09:40 - 2013-11-10 09:40 - 21548944 _____ (Innovative Solutions                                        ) C:\Users\Marion\Downloads\Advanced_Uninstaller11.exe
2013-11-08 15:14 - 2013-08-13 10:02 - 00000000 ____D C:\ProgramData\PCDr
2013-11-05 08:04 - 2010-09-29 12:34 - 00000000 ____D C:\Users\Marion\AppData\Roaming\Clip Art Collection
2013-11-05 07:43 - 2013-11-05 07:43 - 00272664 _____ (Trusteer Ltd.) C:\Users\Marion\Downloads\RapportSetup.exe
2013-11-03 09:36 - 2013-11-03 01:36 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-11-03 03:19 - 2013-11-03 03:19 - 00001613 _____ C:\spyhunter.fix
2013-11-03 03:19 - 2013-10-21 12:36 - 00003134 _____ C:\Windows\System32\Tasks\{3AC193AA-B7EA-48D2-9D49-39099EF51B2B}
2013-11-03 03:19 - 2010-04-28 20:14 - 00002996 _____ C:\Windows\System32\Tasks\{8BE61F1A-482F-4F92-A41D-A2297BA37556}
2013-11-03 01:37 - 2013-11-03 01:37 - 00000000 _____ C:\autoexec.bat
2013-11-03 01:36 - 2013-11-03 01:36 - 00000000 ____D C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2013-11-03 01:36 - 2013-11-03 01:36 - 00000000 ____D C:\sh4ldr
2013-11-03 01:33 - 2013-11-03 01:33 - 00819208 _____ (Google Inc.) C:\Users\Marion\Downloads\ChromeSetup.exe
2013-11-03 01:19 - 2013-04-06 19:41 - 00000000 ____D C:\Users\Marion\AppData\Local\Akamai
2013-11-02 12:07 - 2013-11-02 12:05 - 00000009 _____ C:\END
2013-11-02 12:06 - 2013-11-02 12:06 - 00000000 ____D C:\Users\Marion\AppData\Local\NativeMessaging
2013-11-02 10:13 - 2013-11-02 10:13 - 00000000 __SHD C:\found.001
2013-11-02 01:48 - 2013-11-02 01:48 - 00003766 _____ C:\Windows\System32\Tasks\Driver Detective-RTMUpdater
2013-11-02 01:48 - 2013-11-02 01:48 - 00003762 _____ C:\Windows\System32\Tasks\Driver Detective-RTMRules
2013-11-02 01:47 - 2013-11-02 01:47 - 00004302 _____ C:\Windows\System32\Tasks\Driver Detective-RTMScan
2013-11-02 01:33 - 2012-09-29 08:31 - 00000000 ____D C:\Users\Marion\AppData\Roaming\AlawarEntertainment
2013-11-01 23:44 - 2013-11-01 23:43 - 00000000 ____D C:\Program Files (x86)\Drawn - Dark Flight
2013-11-01 23:43 - 2013-11-01 23:43 - 00000000 ____D C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Drawn - Dark Flight
2013-11-01 19:27 - 2010-04-28 20:21 - 00000000 ____D C:\Users\Marion\AppData\Roaming\Big Fish Games
2013-11-01 09:22 - 2009-07-14 05:13 - 00793338 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-31 23:01 - 2013-09-11 23:33 - 00002522 _____ C:\Windows\System32\Tasks\powersuite_monitor
2013-10-31 22:57 - 2013-10-31 22:57 - 01520376 _____ (Uniblue Systems Limited                                     ) C:\Users\Marion\Downloads\powersuite.exe
2013-10-27 19:46 - 2013-10-27 19:46 - 00000000 ____D C:\Users\Marion\AppData\Roaming\Melesta
2013-10-27 19:21 - 2013-10-27 19:21 - 00002189 _____ C:\Users\Public\Desktop\Play SpongeBob SquarePants Obstacle Odyssey.lnk
2013-10-27 19:21 - 2013-10-27 19:20 - 00000000 ____D C:\Program Files (x86)\SpongeBob SquarePants Obstacle Odyssey
2013-10-27 19:20 - 2013-10-27 19:20 - 00001911 _____ C:\Users\Public\Desktop\Play Nick Jr. Bingo.lnk
2013-10-27 19:20 - 2013-10-27 19:20 - 00000000 ____D C:\Program Files (x86)\Nick Jr. Bingo
2013-10-27 19:11 - 2013-10-27 19:09 - 00000000 ____D C:\Program Files (x86)\Dark Manor - A Hidden Object Mystery
2013-10-27 19:09 - 2013-10-27 19:09 - 00000000 ____D C:\Users\Marion\AppData\Roaming\Nimbus Games
2013-10-27 19:09 - 2013-10-27 19:09 - 00000000 ____D C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dark Manor - A Hidden Object Mystery
2013-10-27 19:08 - 2013-10-27 19:08 - 00002002 _____ C:\Users\Public\Desktop\Play Putt-Putt Saves the Zoo.lnk
2013-10-27 19:08 - 2013-10-27 19:08 - 00000000 ____D C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Putt-Putt Saves the Zoo
2013-10-27 19:08 - 2013-10-27 19:08 - 00000000 ____D C:\Program Files (x86)\Putt-Putt Saves the Zoo
2013-10-26 00:21 - 2010-04-12 07:40 - 00000000 ____D C:\Users\Marion
2013-10-24 19:22 - 2013-10-24 19:10 - 00000000 ____D C:\Users\Marion\AppData\Roaming\The Witch and The Warrior
2013-10-24 18:44 - 2013-10-24 18:44 - 00000000 ____D C:\Users\Marion\AppData\Roaming\Skyborn
2013-10-23 12:06 - 2013-10-23 11:38 - 00000000 ____D C:\Users\Marion\AppData\Roaming\viking_saga_bfg_en
2013-10-23 11:37 - 2013-10-23 11:37 - 00001890 _____ C:\Users\Public\Desktop\Play Viking Saga.lnk
2013-10-23 11:37 - 2013-10-23 11:36 - 00000000 ____D C:\Program Files (x86)\Viking Saga
2013-10-23 11:36 - 2013-10-23 11:36 - 00000000 ____D C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viking Saga
2013-10-23 11:34 - 2013-10-23 11:34 - 00236648 _____ (Big Fish Games) C:\Users\Marion\Downloads\viking-saga_s1_l1_gF7645T1L1_d2182559580.exe
2013-10-22 13:52 - 2013-10-22 13:52 - 00000000 ____D C:\Users\Marion\AppData\Roaming\kidoz
2013-10-21 12:33 - 2013-10-21 12:33 - 02712592 _____ C:\Users\Marion\Downloads\R199967.exe
2013-10-21 10:58 - 2013-10-21 10:58 - 00027305 _____ C:\Users\Marion\Downloads\DellPerformanceDiagnostic (1).diagcab
2013-10-21 10:46 - 2013-10-21 10:46 - 00027305 _____ C:\Users\Marion\Downloads\DellPerformanceDiagnostic.diagcab
2013-10-19 10:59 - 2010-08-11 14:21 - 00000000 ____D C:\Program Files (x86)\Intel
2013-10-19 10:59 - 2010-08-11 14:20 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-10-19 09:46 - 2013-10-19 09:46 - 02445208 _____ C:\Users\Marion\Downloads\R213714.EXE
2013-10-19 09:46 - 2013-10-19 09:46 - 00571728 _____ C:\Users\Marion\Downloads\R205900.exe
2013-10-19 09:45 - 2013-10-19 09:44 - 110976048 _____ C:\Users\Marion\Downloads\R227524.exe
2013-10-19 09:44 - 2013-10-19 09:44 - 02911266 _____ C:\Users\Marion\Downloads\BH20N-C106 (1).zip
2013-10-18 19:52 - 2013-10-18 19:05 - 00000000 ____D C:\Program Files (x86)\Realtek
2013-10-18 19:43 - 2013-10-18 19:42 - 154092488 _____ (Advanced Micro Devices, Inc.) C:\Users\Marion\Downloads\13-1-legacy_vista_win7_win8_64_dd_ccc.exe
2013-10-18 19:42 - 2013-10-18 19:41 - 415761013 _____ C:\Users\Marion\Downloads\13.151-130819a-161838C-EDG_Direct.zip
2013-10-18 19:37 - 2013-10-18 19:37 - 217681405 _____ C:\Users\Marion\Downloads\AMD_Catalyst_13.4_Vista_W7_W8_WHQL.zip
2013-10-18 19:15 - 2013-10-18 19:15 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2013-10-18 19:15 - 2013-10-18 19:15 - 00000000 ____D C:\Program Files\Realtek
2013-10-18 18:31 - 2013-10-18 18:31 - 00000000 ____D C:\Users\Marion\Downloads\Driver Whiz
2013-10-18 18:30 - 2013-10-18 18:30 - 00004294 _____ C:\Windows\System32\Tasks\Driver Whiz-RTMScan
2013-10-18 18:30 - 2013-10-18 18:30 - 00003758 _____ C:\Windows\System32\Tasks\Driver Whiz-RTMUpdater
2013-10-18 18:30 - 2013-10-18 18:30 - 00003750 _____ C:\Windows\System32\Tasks\Driver Whiz-RTMRules
2013-10-18 18:30 - 2013-10-18 18:30 - 00000000 ____D C:\Users\Marion\AppData\Local\PC_Drivers_Headquarters
2013-10-18 18:30 - 2013-10-18 18:30 - 00000000 ____D C:\ProgramData\Driver Whiz
2013-10-18 18:28 - 2013-10-18 18:28 - 00000000 ____D C:\Program Files (x86)\Driver Whiz
2013-10-18 18:24 - 2013-10-18 18:24 - 01998248 _____ (Driver Whiz) C:\Users\Marion\Downloads\Driverwhiz.exe
2013-10-18 18:18 - 2013-10-18 18:18 - 00000000 ____D C:\Users\Marion\AppData\Roaming\DriverCure
2013-10-18 16:36 - 2013-10-18 16:36 - 00003200 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest
2013-10-18 16:36 - 2013-08-13 10:01 - 00000000 ____D C:\Program Files\My Dell
2013-10-18 16:35 - 2013-10-18 16:35 - 00000000 ____D C:\ProgramData\PC-Doctor for Windows
2013-10-18 16:35 - 2013-10-18 16:35 - 00000000 ____D C:\Program Files\Dell Support Center
2013-10-18 16:08 - 2013-10-18 16:08 - 00002506 _____ C:\Windows\System32\Tasks\spmonitor
2013-10-18 16:08 - 2010-04-13 14:41 - 00000000 ____D C:\Program Files (x86)\Uniblue
2013-10-18 16:02 - 2013-10-18 16:02 - 00003156 _____ C:\Windows\System32\Tasks\{22156837-0D2A-4D1C-9926-C830D0C78353}
2013-10-18 15:01 - 2013-11-03 03:19 - 00285747 _____ C:\shldr
2013-10-18 15:01 - 2013-11-03 03:19 - 00008192 _____ C:\shldr.mbr
2013-10-18 13:22 - 2013-10-18 13:22 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-10-18 13:22 - 2011-08-28 12:43 - 00001931 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-10-17 00:12 - 2012-04-25 13:41 - 00003361 _____ C:\Users\Marion\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2013-10-17 00:12 - 2012-04-25 13:41 - 00002191 _____ C:\Users\Public\Desktop\BlackBerry Desktop Software.lnk
2013-10-17 00:10 - 2012-04-25 13:42 - 00001694 _____ C:\Users\Marion\AppData\Roaming\Rim.Desktop.Exception.log
2013-10-17 00:10 - 2012-04-25 13:42 - 00001540 _____ C:\Users\Marion\AppData\Roaming\Rim.DesktopHelper.Exception.log
2013-10-15 16:46 - 2013-09-29 17:02 - 00000000 ____D C:\Program Files (x86)\FixCleaner
2013-10-15 16:37 - 2009-07-14 05:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-14 23:04 - 2010-04-12 15:40 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-14 23:04 - 2010-04-12 15:40 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-14 18:00 - 2013-11-12 08:54 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-10-13 12:31 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\rescache
2013-10-13 11:43 - 2013-10-13 11:43 - 00010591 _____ C:\Users\Marion\Downloads\dellsystemdetect (1).application
2013-10-13 11:12 - 2013-09-29 17:02 - 00000000 ____D C:\Users\Marion\AppData\Roaming\FixCleaner
 
ZeroAccess:
C:\Windows\Installer\{b93732d6-b308-ce93-f8e0-3f457f76a2f2}
 
Files to move or delete:
====================
C:\Users\Marion\GoToAssistDownloadHelper (1).exe
C:\Users\Marion\GoToAssistDownloadHelper (2).exe
C:\Users\Marion\jagex_runescape_preferences (1).dat
C:\Users\Marion\jagex_runescape_preferences (2).dat
C:\Users\Marion\jagex_runescape_preferences.dat
C:\Users\Marion\jagex_runescape_preferences2 (1).dat
C:\Users\Marion\jagex_runescape_preferences2 (2).dat
C:\Users\Marion\jagex_runescape_preferences2.dat
C:\Users\Marion\ntuser (1).dat
C:\Users\Marion\ntuser (2).dat
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-11-10 14:59
 
==================== End Of Log ============================
 
 
 
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-11-2013 01
Ran by Marion at 2013-11-12 14:20:52
Running from C:\Users\Marion\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
 
==================== Installed Programs ======================
 
 Update for Microsoft Office 2007 (KB2508958) (x32)
Acrobat.com (x32 Version: 2.0.0)
Acrobat.com (x32 Version: 2.0.0.0)
Adobe Acrobat 4.0 (x32)
Adobe AIR (x32 Version: 1.5.3.9130)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Reader XI (11.0.05) (x32 Version: 11.0.05)
Advanced Uninstaller PRO - Version 11 (x32 Version: 11)
Akamai NetSession Interface (HKCU)
All My Gods (x32)
Amazon MP3 Downloader 1.0.9 (x32)
AMD APP SDK Runtime (Version: 2.5.793.1)
AMD Catalyst Install Manager (Version: 3.0.851.0)
AMD Drag and Drop Transcoding (Version: 2.00.0000)
AMD Media Foundation Decoders (Version: 1.0.61025.2207)
Apple Application Support (x32 Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (x32 Version: 2.1.3.127)
ATI Catalyst Registration (x32 Version: 3.00.0000)
AVG Security Toolbar (x32 Version: 17.1.2.1)
Awakening: Moonfell Wood (x32)
Awakening: The Dreamless Castle (x32)
Big Fish: Game Manager (x32 Version: 3.2.0.6)
BlackBerry Desktop Software 7.1 (x32 Version: 7.1.0.41)
Bonjour (Version: 3.0.0.10)
Canon MP260 series MP Drivers
Catalyst Control Center - Branding (x32 Version: 1.00.0000)
Catalyst Control Center (x32 Version: 2011.1025.2231.38573)
Catalyst Control Center Graphics Previews Common (x32 Version: 2011.1025.2231.38573)
Catalyst Control Center InstallProxy (x32 Version: 2011.1025.2231.38573)
CCC Help English (x32 Version: 2011.1025.2230.38573)
ccc-utility64 (Version: 2011.1025.2231.38573)
City of Fools (x32)
Clip Art Collection (x32 Version: 1.0.0.0)
Computer Classroom at Home Ages 5-8 Bundle (x32 Version: 2.1.0)
Computer Classroom at Home Ages 7-10 Bundle (x32 Version: 2.1.0)
D3DX10 (x32 Version: 15.4.2368.0902)
Dark Manor: A Hidden Object Mystery (x32)
Digital Photo Navigator 1.5 (x32)
Dora Saves the Crystal Kingdom (x32)
Dora the Explorer: Swiper's Big Adventure! (x32)
Doras Carnival 2: At the Boardwalk (x32)
Drawn: Dark Flight ® (x32)
Driver Whiz (x32 Version: 8.1)
DriverUpdate (x32 Version: 2.2.30452)
Faerie Solitaire (x32)
Fast Duplicate File Finder 3.7.0.1 (x32 Version: 3.7.0.1)
Google Chrome (x32 Version: 30.0.1599.101)
Google Earth (x32 Version: 7.1.1.1888)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4601.54)
Google Update Helper (x32 Version: 1.3.21.165)
House of 1000 Doors: The Palm of Zoroaster (x32)
iCloud (Version: 3.0.2.163)
Intel® Network Connections 15.2.89.0 (Version: 15.2.89.0)
Internet Explorer (Enable DEP)
InWorldz Viewer 1.4.4.2 (x32 Version: 1.4.4.2)
iTunes (Version: 11.1.3.8)
Jar of Marbles II: Journey to the West (x32)
Java 7 Update 17 (x32 Version: 7.0.170)
Java Auto Updater (x32 Version: 2.1.9.0)
Java™ 6 Update 21 (64-bit) (Version: 6.0.210)
Java™ 6 Update 37 (x32 Version: 6.0.370)
Jigs@w Puzzle 2 (x32)
Jump Ahead Preschool
Jump Ahead Preschool (x32)
Jump Ahead Starting Maths
Jump Ahead Starting Maths (x32)
Jump Ahead Starting Reading
Jump Ahead Starting Reading (x32)
Jump Ahead Starting School
Jump Ahead Starting School (x32)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Kingdom Chronicles (x32)
La Casa De Dora (x32)
Legends of Atlantis: Exodus (x32)
Magic Maze (x32)
Margrave: The Blacksmith's Daughter (x32)
McAfee Security Scan Plus (Version: 3.8.130.8)
McAfee SecurityCenter (x32 Version: 11.6.511)
McAfee Virtual Technician (x32 Version: 6.0.0.0)
Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322)
Microsoft .NET Framework 1.1 (x32)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30320)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (x32 Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Live Add-in 1.5 (x32 Version: 2.0.4024.1)
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32)
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (x32 Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (Version: 10.0.30319)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219)
Mini Robot Wars (x32)
MobileMe Control Panel (Version: 3.1.8.0)
MozyHome (Version: 2.22.0.313)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
MSXML 4.0 SP2 (KB954430) (x32 Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (x32 Version: 4.20.9876.0)
My Dell (Version: 3.4.6308.28)
mySupermarket Companion (x32 Version: 1.26.153.2)
Nick Jr. Bingo (x32)
NVIDIA Control Panel 307.83 (Version: 307.83)
NVIDIA Display Control Panel (Version: 6.14.12.5896)
NVIDIA Graphics Driver 307.83 (Version: 307.83)
NVIDIA Install Application (Version: 2.1002.109.706)
NVIDIA Update 1.10.8 (Version: 1.10.8)
NVIDIA Update Components (Version: 1.10.8)
Open Clip Art Library (x32 Version: 0.18)
Open Clip Art Library Packages (HKCU)
Peggle Deluxe (x32)
Plants vs. Zombies (x32)
Plumeboom: The First Chapter (x32)
PowerCinema NE for Everio (x32 Version: NE)
Powersuite (x32 Version: 4.1.7.1)
Puppetshow: Return to Joyville (x32)
Putt-Putt Saves the Zoo (x32)
PVSonyDll (Version: 1.00.0001)
QuickTime (x32 Version: 7.74.80.86)
Rangy Lil's Wild West Adventure (x32)
Rapport (Version: 3.5.1205.15)
Rapport (x32 Version: 3.5.1304.9)
RegHunter (Version: 1.3.3.1613)
Samsung Kies (x32 Version: 2.5.3.13043_14)
SAMSUNG USB Driver for Mobile Phones (Version: 1.5.23.0)
SecondLifeViewer (remove only) (x32)
Shared C Run-time for x64 (Version: 10.0.0)
SpeedUpMyPC (x32 Version: 5.3.8.0)
SpongeBob SquarePants Diner Dash (x32)
SpongeBob SquarePants Obstacle Odyssey (x32)
SpyHunter (Version: 4.16.5.4290)
Strimko (x32)
swMSM (x32 Version: 12.0.0.1)
System Checkup 3.4 (x32 Version: 3.4.4.12)
System Requirements Lab (x32)
SystemTweaker (x32 Version: 2.0.7.1)
The Lord of the Rings FREE Trial  (x32 Version: 1.00.0000)
The Timebuilders: Caveman's Prophecy (x32)
The Timebuilders: Pyramid Rising (x32)
Trial of the Gods: Ariadne's Journey (x32)
Trusteer Endpoint Protection (x32 Version: 3.5.1304.9)
Update for 2007 Microsoft Office System (KB967642) (x32)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32)
Update for Microsoft Office OneNote 2007 Help (KB963670) (x32)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32)
Update for Microsoft Office Script Editor Help (KB963671) (x32)
Update for Microsoft Office Word 2007 Help (KB963665) (x32)
Viking Saga (x32)
Virus 3 (x32)
When In Rome (x32)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
 
==================== Restore Points  =========================
 
10-11-2013 09:44:34 After installing Advanced Uninstaller PRO
10-11-2013 14:13:07 Windows Backup
12-11-2013 07:50:22 Windows Update
12-11-2013 08:47:01 Windows Update
 
==================== Hosts content: ==========================
 
2009-07-14 02:34 - 2009-06-10 21:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {069D1EEA-545B-4D2E-AAD6-779D658C77FA} - \Browser Manager No Task File
Task: {071303DE-42E5-46C2-86AF-1F731D8C071B} - System32\Tasks\{33245A59-F0F2-46CE-867C-F5F4D2C0D48F} => C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe [2013-04-23] ()
Task: {10C633CA-6939-4F6F-8A79-E11C3CCC5CCA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-08] (Adobe Systems Incorporated)
Task: {1BD09DB0-E253-4607-8160-C39926061C0F} - System32\Tasks\{E8EE7691-E7A6-4D0F-95C5-1D7105D0510C} => D:\Launcher.exe
Task: {22106E91-4A56-4A8E-9D60-409CC6E0986D} - System32\Tasks\{52E91A87-8D2B-44E6-A69F-3DDDB257978F} => D:\Launcher.exe
Task: {2990C8F7-8144-496A-87E5-88B79807B8ED} - System32\Tasks\{6F5E2C34-E717-4664-A83B-D7159EF6D07F} => C:\Users\Marion\Downloads\iTunes64Setup.exe [2013-10-12] (Apple Inc.)
Task: {2A7D7872-30D1-46A7-B28A-C64D46E7BDB2} - System32\Tasks\{D07CFD38-DFB2-4B4C-B6AF-91A5776C0EF7} => D:\Launcher.exe
Task: {38214030-792B-4411-BD7C-EB0A41E9D1D1} - System32\Tasks\SpyHunter4 => C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe [2013-10-18] (Enigma Software Group USA, LLC.)
Task: {38893593-0589-4322-ABCA-966F645471FC} - System32\Tasks\Driver Whiz-RTMRules => C:\Program Files (x86)\Driver Whiz\Driver Whiz\DriverWhiz.exe [2013-09-19] (PC Drivers Headquarters)
Task: {3DF65EDF-B97F-412F-8785-83C6F615EF83} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-04-12] (Google Inc.)
Task: {52F50095-0149-4B0E-9BD7-A9CF99304B58} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-23] (Microsoft Corporation)
Task: {621016DD-5A25-48F4-8F02-06D7EDA00F7C} - System32\Tasks\SystemToolsDailyTest => C:\Windows\System32\uaclauncher.exe
Task: {77A9FD6B-CEED-4920-8989-DE61D4BDDF7F} - System32\Tasks\{8BE61F1A-482F-4F92-A41D-A2297BA37556} => C:\Program Files (x86)\Ancient Quest of Saqqarah\Uninstall.exe
Task: {790A5ED6-A963-42C9-BE72-B28115A2F7D6} - System32\Tasks\AdobeFlashPlayerUpdate => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe
Task: {79DB6F0A-C345-42F0-AB2F-F435F0592122} - System32\Tasks\Driver Whiz-RTMScan => C:\Program Files (x86)\Driver Whiz\Driver Whiz\DriverWhiz.exe [2013-09-19] (PC Drivers Headquarters)
Task: {7B1F1A56-9AEE-49B4-88C8-218D27F47633} - System32\Tasks\{E869473B-8DF7-44D2-982E-6CEB00B70382} => D:\Launcher.exe
Task: {8592870B-6419-4534-BCAE-9815A6822B1B} - System32\Tasks\{E6428A7D-9FAD-4DD9-9811-974BB71D2A69} => C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe [2013-09-05] (Adobe Systems Incorporated)
Task: {884D971E-84F3-433C-AB2E-8227FA0F2844} - System32\Tasks\{1530B131-D287-465B-8B32-8B990AB9D482} => D:\Launcher.exe
Task: {95300AAC-CD59-4597-9C58-C5E16D478406} - System32\Tasks\AdobeFlashPlayerUpdate 2 => C:\Windows\SysWOW64\FlashPlayerUpdateService.exe
Task: {9EAAF747-3F6E-4910-B2FB-862FBE8B63DA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-04-12] (Google Inc.)
Task: {9F4CCCD9-E538-4F69-8A6F-B471767EB633} - System32\Tasks\{5A11AAF2-E341-438C-8B51-F0E2F85B0F17} => C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe [2013-09-05] (Adobe Systems Incorporated)
Task: {A3842946-6D06-4F6F-94F7-6C6E12561540} - System32\Tasks\Driver Detective-RTMUpdater => C:\Program Files (x86)\Driver Whiz\Driver Whiz\DriverWhiz.exe [2013-09-19] (PC Drivers Headquarters)
Task: {B3F33BDA-3848-400D-8BCB-82012AC85E03} - System32\Tasks\{8F843DAC-D60E-48CC-AACB-40BC75A3BAE5} => C:\Program Files (x86)\CyberLink\PCM4Everio\PCM4Everio.exe [2008-04-03] (CyberLink Corp.)
Task: {B693D94C-DD8C-4823-9170-4FBA3D05010A} - System32\Tasks\Driver Detective-RTMScan => C:\Program Files (x86)\Driver Whiz\Driver Whiz\DriverWhiz.exe [2013-09-19] (PC Drivers Headquarters)
Task: {B9CC0C75-3F50-4FD5-AE00-480473FE8D64} - System32\Tasks\Driver Detective-RTMRules => C:\Program Files (x86)\Driver Whiz\Driver Whiz\DriverWhiz.exe [2013-09-19] (PC Drivers Headquarters)
Task: {BB3D54A6-1E0E-4C17-A961-33C5CF3160BF} - System32\Tasks\DriverUpdate Startup => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe [2013-06-22] (SlimWare Utilities, Inc.)
Task: {BD890C1E-1FC5-4A77-94C6-F0DF8870C5D2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {BE4EFA73-85F6-4C91-A477-047246666E49} - System32\Tasks\spmonitor => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe [2013-05-21] (Uniblue Systems Ltd)
Task: {C03B6840-3796-4DAF-B034-50F585EEF694} - \PC Optimizer Pro64 startups No Task File
Task: {E7470244-D9BB-45BA-8570-4D49D29F1A27} - System32\Tasks\Driver Whiz-RTMUpdater => C:\Program Files (x86)\Driver Whiz\Driver Whiz\DriverWhiz.exe [2013-09-19] (PC Drivers Headquarters)
Task: {F76D21C7-11ED-4E0F-BFAB-CD4A587BC9A6} - System32\Tasks\{A6BC3431-DC15-47ED-8C83-29E0FAF1414A} => C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe [2013-09-05] (Adobe Systems Incorporated)
Task: {F8143F7B-989E-4E96-8E31-7194444500C9} - System32\Tasks\{DFBB89E6-CB60-4E48-9927-C41841028930} => C:\Program Files (x86)\CyberLink\PCM4Everio\PCM4Everio.exe [2008-04-03] (CyberLink Corp.)
Task: {F822BDBB-A5E2-49D7-A438-1B5F635AE37F} - System32\Tasks\{7BF6CB23-D7FD-4494-AEB2-C632689824F4} => C:\Program Files (x86)\DriverFinder\DriverFinder.exe
Task: {FB0E4312-F2A9-4217-9695-68397DCFA9BB} - System32\Tasks\powersuite_monitor => C:\Program Files (x86)\Uniblue\PowerSuite\powersuite_monitor.exe [2013-08-29] (Uniblue Systems Ltd)
Task: {FD5A6E70-5AB9-477B-A15B-E2E5EA07DD5A} - System32\Tasks\{369DC989-9870-4F32-AFB2-93743ECA60BD} => C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe [2013-09-05] (Adobe Systems Incorporated)
Task: {FE779028-BF68-478A-91FF-8C3588E0A429} - System32\Tasks\{B7635771-3824-42DE-B707-DBF2BD123D5F} => D:\Launcher.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DriverUpdate Startup.job => C:\Program Files (x86)\DriverUpdate\DriverUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\powersuite_monitor.job => C:\Program Files (x86)\Uniblue\PowerSuite\powersuite_monitor.exe
Task: C:\Windows\Tasks\spmonitor.job => C:\Program Files (x86)\Uniblue\SpeedUpMyPC\spmonitor.exe
Task: C:\Windows\Tasks\SpyHunter4.job => C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-03-11 12:53 - 2013-10-19 11:06 - 01127152 _____ () C:\ProgramData\Trusteer\Rapport\store\exts\RapportMS\baseline\RapportMS.dll
2011-06-24 21:56 - 2011-06-24 21:56 - 00087328 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2011-06-24 21:56 - 2011-06-24 21:56 - 01241888 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-11-10 09:43 - 2013-11-10 09:42 - 00519704 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\17.1.2\log4cplusU.dll
2013-04-06 11:59 - 2013-08-29 00:21 - 01045800 _____ () C:\Program Files (x86)\Uniblue\PowerSuite\ui_dll.dll
2013-04-06 11:59 - 2013-08-29 00:21 - 20764456 _____ () C:\Program Files (x86)\Uniblue\PowerSuite\libcef.dll
2013-10-31 23:01 - 2013-08-29 00:21 - 00588584 _____ () C:\Program Files (x86)\Uniblue\PowerSuite\locale\en\resources.dll
2013-04-06 11:58 - 2013-08-29 00:21 - 01100600 _____ () C:\Program Files (x86)\Uniblue\PowerSuite\avcodec-53.dll
2013-04-06 11:58 - 2013-08-29 00:21 - 00123704 _____ () C:\Program Files (x86)\Uniblue\PowerSuite\avutil-51.dll
2013-04-06 11:58 - 2013-08-29 00:21 - 00190264 _____ () C:\Program Files (x86)\Uniblue\PowerSuite\avformat-53.dll
2013-04-06 11:59 - 2013-08-29 00:21 - 00628520 _____ () C:\Program Files (x86)\Uniblue\PowerSuite\libglesv2.dll
2013-04-06 11:59 - 2013-08-29 00:21 - 00118056 _____ () C:\Program Files (x86)\Uniblue\PowerSuite\libegl.dll
2012-06-27 14:09 - 2012-06-27 14:09 - 00557056 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2013-10-18 13:12 - 2013-10-09 00:01 - 00698832 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libglesv2.dll
2013-10-18 13:12 - 2013-10-09 00:01 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\libegl.dll
2013-10-18 13:12 - 2013-10-09 00:02 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\pdf.dll
2013-10-18 13:12 - 2013-10-09 00:02 - 00415184 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ppGoogleNaClPluginChrome.dll
2013-10-18 13:12 - 2013-10-09 00:01 - 01604560 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\ffmpegsumo.dll
2013-10-18 13:12 - 2013-10-09 00:02 - 13584336 _____ () C:\Program Files (x86)\Google\Chrome\Application\30.0.1599.101\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\ProgramData\TEMP:025C72E5
AlternateDataStreams: C:\ProgramData\TEMP:07D9FF25
AlternateDataStreams: C:\ProgramData\TEMP:10CFA7D4
AlternateDataStreams: C:\ProgramData\TEMP:114BD271
AlternateDataStreams: C:\ProgramData\TEMP:15752405
AlternateDataStreams: C:\ProgramData\TEMP:160ADF0B
AlternateDataStreams: C:\ProgramData\TEMP:1663E41B
AlternateDataStreams: C:\ProgramData\TEMP:206470A5
AlternateDataStreams: C:\ProgramData\TEMP:24164710
AlternateDataStreams: C:\ProgramData\TEMP:258D2F8B
AlternateDataStreams: C:\ProgramData\TEMP:2A66F1C3
AlternateDataStreams: C:\ProgramData\TEMP:2AE74FF9
AlternateDataStreams: C:\ProgramData\TEMP:2BE0B2D7
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
AlternateDataStreams: C:\ProgramData\TEMP:2DF93164
AlternateDataStreams: C:\ProgramData\TEMP:30DA8392
AlternateDataStreams: C:\ProgramData\TEMP:35629AE6
AlternateDataStreams: C:\ProgramData\TEMP:38E2864F
AlternateDataStreams: C:\ProgramData\TEMP:39B14E09
AlternateDataStreams: C:\ProgramData\TEMP:438C7496
AlternateDataStreams: C:\ProgramData\TEMP:4C3504B5
AlternateDataStreams: C:\ProgramData\TEMP:500F73A8
AlternateDataStreams: C:\ProgramData\TEMP:5080697C
AlternateDataStreams: C:\ProgramData\TEMP:54403233
AlternateDataStreams: C:\ProgramData\TEMP:5DABFF83
AlternateDataStreams: C:\ProgramData\TEMP:5EC3C304
AlternateDataStreams: C:\ProgramData\TEMP:60AC3BC3
AlternateDataStreams: C:\ProgramData\TEMP:64170090
AlternateDataStreams: C:\ProgramData\TEMP:6C7EBDC3
AlternateDataStreams: C:\ProgramData\TEMP:6E6A4F42
AlternateDataStreams: C:\ProgramData\TEMP:70B3C619
AlternateDataStreams: C:\ProgramData\TEMP:726D640A
AlternateDataStreams: C:\ProgramData\TEMP:789BBF3F
AlternateDataStreams: C:\ProgramData\TEMP:7BA6D322
AlternateDataStreams: C:\ProgramData\TEMP:7BA83BF4
AlternateDataStreams: C:\ProgramData\TEMP:7FA0D639
AlternateDataStreams: C:\ProgramData\TEMP:803039D6
AlternateDataStreams: C:\ProgramData\TEMP:8247A199
AlternateDataStreams: C:\ProgramData\TEMP:83FDB6DC
AlternateDataStreams: C:\ProgramData\TEMP:8AC20936
AlternateDataStreams: C:\ProgramData\TEMP:8BCF4DE2
AlternateDataStreams: C:\ProgramData\TEMP:8C12CFCD
AlternateDataStreams: C:\ProgramData\TEMP:8E11CC80
AlternateDataStreams: C:\ProgramData\TEMP:8F4E260C
AlternateDataStreams: C:\ProgramData\TEMP:9033BDFB
AlternateDataStreams: C:\ProgramData\TEMP:91730504
AlternateDataStreams: C:\ProgramData\TEMP:9AC79996
AlternateDataStreams: C:\ProgramData\TEMP:9D6EAEC3
AlternateDataStreams: C:\ProgramData\TEMP:9DB67071
AlternateDataStreams: C:\ProgramData\TEMP:A31B5E9B
AlternateDataStreams: C:\ProgramData\TEMP:A4AF8D0D
AlternateDataStreams: C:\ProgramData\TEMP:A57500CB
AlternateDataStreams: C:\ProgramData\TEMP:A69FAA24
AlternateDataStreams: C:\ProgramData\TEMP:B1FBBD09
AlternateDataStreams: C:\ProgramData\TEMP:B91EDB04
AlternateDataStreams: C:\ProgramData\TEMP:BB1102D7
AlternateDataStreams: C:\ProgramData\TEMP:BDE339B9
AlternateDataStreams: C:\ProgramData\TEMP:BDE93B22
AlternateDataStreams: C:\ProgramData\TEMP:C2E091F5
AlternateDataStreams: C:\ProgramData\TEMP:C67CB31A
AlternateDataStreams: C:\ProgramData\TEMP:CD6E25A6
AlternateDataStreams: C:\ProgramData\TEMP:CF75D88F
AlternateDataStreams: C:\ProgramData\TEMP:D07517E1
AlternateDataStreams: C:\ProgramData\TEMP:D453E38B
AlternateDataStreams: C:\ProgramData\TEMP:D92485C9
AlternateDataStreams: C:\ProgramData\TEMP:E402E439
AlternateDataStreams: C:\ProgramData\TEMP:E6D148BC
AlternateDataStreams: C:\ProgramData\TEMP:E70FD81B
AlternateDataStreams: C:\ProgramData\TEMP:EB86F355
AlternateDataStreams: C:\ProgramData\TEMP:ED194880
AlternateDataStreams: C:\ProgramData\TEMP:EDDBC69E
AlternateDataStreams: C:\ProgramData\TEMP:F35AE645
AlternateDataStreams: C:\ProgramData\TEMP:F5E30F6A
AlternateDataStreams: C:\ProgramData\TEMP:F5FC5DCE
AlternateDataStreams: C:\ProgramData\TEMP:F7061E5F
AlternateDataStreams: C:\ProgramData\TEMP:F9E10A82
AlternateDataStreams: C:\ProgramData\TEMP:FBA79096
AlternateDataStreams: C:\ProgramData\TEMP:FBD274CF
AlternateDataStreams: C:\ProgramData\TEMP:FBFC061F
AlternateDataStreams: C:\ProgramData\TEMP:FD786DCA
 
==================== Safe Mode (whitelisted) ===================
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/11/2013 01:05:12 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (11/11/2013 01:04:54 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.
 
Error: (11/10/2013 03:01:02 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (11/10/2013 03:00:56 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.
 
Error: (11/10/2013 02:07:56 PM) (Source: Application Hang) (User: )
Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 5a4
 
Start Time: 01cede0a541edd5c
 
Termination Time: 14
 
Application Path: C:\Windows\Explorer.EXE
 
Report Id: 73c0b043-4a11-11e3-addf-00219b1c2f23
 
Error: (11/10/2013 11:30:06 AM) (Source: Application Hang) (User: )
Description: The program Explorer.EXE version 6.1.7601.17567 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: f40
 
Start Time: 01cede0268f44e84
 
Termination Time: 78
 
Application Path: C:\Windows\Explorer.EXE
 
Report Id: 66722bc4-49fb-11e3-aee3-00219b1c2f23
 
Error: (11/08/2013 02:46:14 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (11/08/2013 02:46:04 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.
 
Error: (11/05/2013 11:18:42 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8"1".
Dependent Assembly Microsoft.VC90.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="9.0.21022.8" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (11/05/2013 11:18:38 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "assemblyIdentity1".Error in manifest or policy file "assemblyIdentity2" on line assemblyIdentity3.
The value "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR" of attribute "version" in element "assemblyIdentity" is invalid.
 
 
System errors:
=============
Error: (11/12/2013 02:08:24 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
 
Error: (11/12/2013 02:05:48 PM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
amdkmafd
 
Error: (11/12/2013 02:05:39 PM) (Source: Service Control Manager) (User: )
Description: The IconManager service failed to start due to the following error: 
%%3
 
Error: (11/12/2013 06:41:07 AM) (Source: Service Control Manager) (User: )
Description: The iPod Service service failed to start due to the following error: 
%%1053
 
Error: (11/12/2013 06:41:07 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the iPod Service service to connect.
 
Error: (11/12/2013 06:41:07 AM) (Source: DCOM) (User: )
Description: 1053iPod Service{063D34A4-BF84-4B8D-B699-E8CA06504DDE}
 
Error: (11/12/2013 06:40:17 AM) (Source: Service Control Manager) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
amdkmafd
 
Error: (11/12/2013 06:40:08 AM) (Source: Service Control Manager) (User: )
Description: The IconManager service failed to start due to the following error: 
%%3
 
Error: (11/12/2013 00:04:41 AM) (Source: Service Control Manager) (User: )
Description: The NVIDIA Update Service Daemon service failed to start due to the following error: 
%%1069
 
Error: (11/12/2013 00:04:41 AM) (Source: Service Control Manager) (User: )
Description: The nvUpdatusService service was unable to log on as .\UpdatusUser with the currently configured password due to the following error: 
%%1330
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Percentage of memory in use: 33%
Total physical RAM: 6135.18 MB
Available physical RAM: 4106.74 MB
Total Pagefile: 12275.36 MB
Available Pagefile: 9506.44 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:596.07 GB) (Free:485.03 GB) NTFS
Drive d: (CCatHBNDLE) (CDROM) (Total:0.22 GB) (Free:0 GB) CDFS
Drive f: (Iomega HDD) (Fixed) (Total:298.09 GB) (Free:243 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 596 GB) (Disk ID: E8000000)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=596 GB) - (Type=07 NTFS)
 
========================================================
Disk: 6 (Size: 298 GB) (Disk ID: 4572CB26)
Partition 1: (Not Active) - (Size=298 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#4 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:54 AM

Posted 12 November 2013 - 04:11 PM

Hi,

 

 

Registry Editor / Cleaner Warning !!



The following is referring to RegHunter, SpeedUpMyPC, System Checkup 3.4, SystemTweaker, Driver Whiz, all iolo, slimware and uniblue products.

Please be aware that bleepingcomputer staff do not recommend the usage of registry cleaners / tools due to the following facts:

  • Registry tools can cause irreparable damage to your Operating System
  • Registry tools can, as a result of the above, render your pc to be inoperable.

This is done, assuming that the major audience here at this board might be inexperienced users and thus a suggested safeguard from our side.
If you feel you have the need for a registry cleaner, then you are just as welcome to keep it. This is what we refer to an "optional fix" and is up to the user, so just take this as a recommendation from my side.


For more information about why you should avoid using a such programs please take a look here => Registry Cleaners and System Tweaking Tools

 

 

 

 

So my advice is to uninstall the following software if you are not advanced user to avoid problems further on:

 

RegHunter (Version: 1.3.3.1613)
SpeedUpMyPC (x32 Version: 5.3.8.0)
System Checkup 3.4 (x32 Version: 3.4.4.12)
SystemTweaker (x32 Version: 2.0.7.1)
Driver Whiz
all iolo, slimware and uniblue related products

 

Go ahead and uninstall AVG Security Toolbar (x32 Version: 17.1.2.1) if you don't use it as well.

 
Please download the following file => and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

Run FRST and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 
 

Regards,
Georgi


Edited by B-boy/StyLe/, 03 February 2016 - 05:50 AM.

cXfZ4wS.png


#5 mazz99

mazz99
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:02:54 AM

Posted 13 November 2013 - 06:18 AM

 
Hi Georgi,
 
So sorry, I really am useless at this.
 
I tried and tried to get them both on the desktop but all I managed was to get the files on there, not the tools.
 
Anyway I have done what you said and the results are below. (Though not from desktop at least I don't think so)  
It took me ages to unsubscribe to the tools you suggested I delete, they don't make it easy :(
 
 
Thank goodness there are people out there like you !
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-11-2013
Ran by Marion (administrator) on MARION-PC on 13-11-2013 11:08:07
Running from C:\Users\Marion\Downloads
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(Trusteer Ltd.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.21.165\GoogleCrashHandler64.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.130\SSScheduler.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozy, Inc.) C:\Program Files\MozyHome\mozybackup.exe
(Mozy, Inc.) C:\Program Files\MozyHome\mozybackup.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(McAfee, Inc.) c:\PROGRA~1\mcafee.com\agent\mcagent.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Marion\Downloads\FRST64 (2).exe
(Farbar) C:\Users\Marion\Downloads\FRST64 (2).exe
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKCU\...\Policies\Explorer: [NoRecentDocsMenu] 0
HKCU\...\Policies\Explorer: [NoThumbnailCache] 1
HKCU\...\Policies\Explorer: [NoSaveSettings] 0
MountPoints2: {5d811904-4669-11df-a7f4-806e6f6e6963} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL D:\Install_CCAHBundleAges5-8.msi
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
AppInit_DLLs-x32:   [ ] ()
Startup: C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop (1).ini ()
Startup: C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop (2).ini ()
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://virginmedia.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x547E9281C373CB01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKLM-x32 - DefaultScope {DBFBB281-A745-4F20-B142-EB544D75557F} URL = 
SearchScopes: HKCU - DefaultScope {DBFBB281-A745-4F20-B142-EB544D75557F} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3292715&CUI=UN18051235811025663&UM=2
SearchScopes: HKCU - {A753159B-7604-4426-AF07-A8153F3B1107} URL = http://uk.search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKCU - ÛŸÆîZ§’2¹Þpv¨IÍá*X(Ž2s(ÛÎÀJºÔÓµ± vË°!×—(ä¼48иpatm6êo^Mp`Ëõ÷_i£w˜¾!„Áû†x¢8€ÙjÀÿþ ´Ñ;áa´[¦†8 º~RÙxœòÜ8'£-)x­ä­ URL = 
BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} -  No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: MSS+ Identifier - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.130\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
DPF: HKLM {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} 
DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455} 
DPF: HKLM-x32 {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553570000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100
 
Chrome: 
=======
CHR HomePage: hxxp://www.virginmedia.com/
CHR RestoreOnStartup: "hxxp://www.virginmedia.com/"
CHR Extension: (Google Docs) - C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_1
CHR Extension: (Google Drive) - C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Google Wallet) - C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_1
CHR Extension: (Gmail) - C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx
 
==================== Services (Whitelisted) =================
 
S3 Blackberry Device Manager; C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe [577536 2013-01-18] (Research In Motion Limited)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [121616 2013-10-02] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.130\McCHSvc.exe [288776 2013-09-06] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcmscsvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McNASvc; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [383608 2012-11-16] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [241456 2013-02-19] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [218760 2013-02-19] (McAfee, Inc.)
R2 mfevtp; C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe [182752 2013-02-19] (McAfee, Inc.)
R2 mozybackup; C:\Program Files\MozyHome\mozybackup.exe [55112 2013-03-26] (Mozy, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [1444120 2013-10-01] (Trusteer Ltd.)
S2 iconmgr; 
 
==================== Drivers (Whitelisted) ====================
 
S0 amdkmafd; C:\Windows\System32\DRIVERS\amdkmafd.sys [21600 2013-04-27] (Advanced Micro Devices, Inc.)
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [36096 2013-09-11] (Advanced Micro Devices, Inc.)
S3 atillk64; C:\dell\drivers\R267410\atillk64.sys [14608 2006-07-19] (ATI Technologies Inc.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-02-19] (McAfee, Inc.)
R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [13088 2011-03-02] ()
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [196440 2012-04-20] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179280 2013-02-19] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [309840 2013-02-19] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [515968 2013-02-19] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [771536 2013-02-19] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [106552 2013-02-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [340216 2013-02-19] (McAfee, Inc.)
R1 mozyFilter; C:\Windows\System32\DRIVERS\mozy.sys [67808 2013-05-21] (Mozy, Inc.)
R3 pmkbdfltr; C:\Windows\System32\DRIVERS\pmkbdfltr.sys [18832 2012-08-04] (PenMount)
R1 RapportCerberus_59849; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_59849.sys [606672 2013-10-19] ()
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [284176 2013-10-01] (Trusteer Ltd.)
R0 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [317808 2013-10-01] (Trusteer Ltd.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [399312 2013-10-01] (Trusteer Ltd.)
S3 RimUsb; No ImagePath
R3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [44544 2012-12-10] (Research in Motion Ltd)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 SWDUMon; C:\Windows\System32\DRIVERS\SWDUMon.sys [16152 2013-11-13] ()
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-11-13 11:07 - 2013-11-13 11:07 - 01957610 _____ (Farbar) C:\Users\Marion\Downloads\FRST64 (2).exe
2013-11-13 11:05 - 2013-11-13 11:05 - 01957610 _____ (Farbar) C:\Users\Marion\Downloads\FRST64 (1).exe
2013-11-13 11:02 - 2013-11-13 11:02 - 00001116 _____ C:\Users\Marion\Downloads\FRST64 - Shortcut.lnk
2013-11-13 11:01 - 2013-11-13 11:01 - 01957610 _____ (Farbar) C:\Users\Marion\Downloads\FRST64.exe
2013-11-13 10:51 - 2013-11-13 10:51 - 00012886 _____ C:\Users\Marion\Desktop\fixlist (1).txt
2013-11-13 10:50 - 2013-11-13 10:50 - 00012886 _____ C:\Users\Marion\Downloads\fixlist.txt
2013-11-13 10:45 - 2013-11-13 10:45 - 00000000 ____D C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP
2013-11-13 10:22 - 2013-11-13 10:22 - 00000000 ____D C:\Windows\F94A63D79A61403B8F6F90B1BF77211A.TMP
2013-11-12 15:35 - 2013-11-12 15:36 - 00000000 ____D C:\Users\Marion\Desktop\New folder
2013-11-12 15:33 - 2013-11-13 11:08 - 00015492 _____ C:\Users\Marion\Downloads\FRST.txt
2013-11-12 14:46 - 2013-11-13 09:36 - 00003440 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2013-11-12 14:20 - 2013-11-12 14:21 - 00033714 _____ C:\Users\Marion\Downloads\Addition.txt
2013-11-12 14:19 - 2013-11-12 14:19 - 00000000 ____D C:\FRST
2013-11-12 08:54 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-11-12 08:51 - 2013-11-12 08:51 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-12 08:51 - 2013-11-12 08:51 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-12 08:51 - 2013-11-12 08:51 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-12 08:51 - 2013-11-12 08:51 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-12 08:51 - 2013-11-12 08:51 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-12 08:51 - 2013-11-12 08:51 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-12 08:51 - 2013-11-12 08:51 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-12 08:51 - 2013-11-12 08:51 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-12 08:51 - 2013-11-12 08:51 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-12 08:51 - 2013-11-12 08:51 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-12 08:51 - 2013-11-12 08:51 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-12 08:51 - 2013-11-12 08:51 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-12 08:51 - 2013-11-12 08:51 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-12 08:51 - 2013-11-12 08:51 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-12 08:51 - 2013-11-12 08:51 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-12 08:51 - 2013-11-12 08:51 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-12 08:51 - 2013-11-12 08:51 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-12 08:51 - 2013-11-12 08:51 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-12 08:51 - 2013-11-12 08:51 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-12 08:51 - 2013-11-12 08:51 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-12 08:51 - 2013-11-12 08:51 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-12 08:51 - 2013-11-12 08:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-12 08:51 - 2013-11-12 08:51 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-12 08:51 - 2013-11-12 08:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-12 08:51 - 2013-11-12 08:51 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-12 08:51 - 2013-11-12 08:51 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-12 08:51 - 2013-11-12 08:51 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-12 08:51 - 2013-11-12 08:51 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-12 08:50 - 2013-11-12 08:54 - 00007785 _____ C:\Windows\IE11_main.log
2013-11-12 07:01 - 2013-11-12 07:01 - 00688992 _____ (Swearware) C:\Users\Marion\Downloads\dds (1).com
2013-11-12 07:00 - 2013-11-12 07:00 - 00688992 ____R (Swearware) C:\Users\Marion\Downloads\dds.com
2013-11-12 00:43 - 2013-11-12 00:43 - 01898232 _____ (Bleeping Computer, LLC) C:\Users\Marion\Downloads\rkill.com
2013-11-12 00:24 - 2013-11-12 00:24 - 00000000 ____D C:\Users\Marion\AppData\Local\Deployment
2013-11-12 00:14 - 2013-11-12 00:14 - 23960472 _____ (NVIDIA Corporation) C:\Users\Marion\Downloads\GeForce_Experience_v1.7.0.0.exe
2013-11-11 23:49 - 2013-11-11 23:49 - 00003176 _____ C:\Windows\System32\Tasks\{E6B8E692-52A0-47F0-B48E-F36ED5E0D9C5}
2013-11-11 18:38 - 2013-11-11 18:38 - 00000000 ____D C:\Users\Marion\Downloads\Autoruns
2013-11-11 18:29 - 2013-11-11 18:29 - 00550371 _____ C:\Users\Marion\Downloads\Autoruns.zip
2013-11-11 17:52 - 2013-11-11 17:52 - 00001417 _____ C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-11 17:39 - 2013-11-13 10:25 - 00002390 _____ C:\Windows\PFRO.log
2013-11-11 12:17 - 2013-11-11 12:17 - 00987961 _____ C:\Users\Marion\Downloads\MS STEPIEN.zip
2013-11-11 12:08 - 2013-11-11 12:08 - 00001912 _____ C:\Users\Public\Desktop\Play Mini Robot Wars.lnk
2013-11-11 12:08 - 2013-11-11 12:08 - 00001260 _____ C:\Users\Public\Desktop\More Great Games.lnk
2013-11-11 12:08 - 2013-11-11 12:08 - 00000000 ____D C:\Users\Marion\AppData\Roaming\Picsoft
2013-11-11 12:08 - 2013-11-11 12:08 - 00000000 ____D C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mini Robot Wars
2013-11-11 12:08 - 2013-11-11 12:08 - 00000000 ____D C:\Program Files (x86)\Mini Robot Wars
2013-11-11 11:58 - 2013-11-11 11:58 - 00001900 _____ C:\Users\Public\Desktop\Play Peggle Deluxe.lnk
2013-11-11 11:58 - 2013-11-11 11:58 - 00000000 ____D C:\Program Files (x86)\Peggle Deluxe
2013-11-11 11:53 - 2013-11-11 11:53 - 00236648 _____ (Big Fish Games) C:\Users\Marion\Downloads\peggle_s1_l1_gF1465T1L1_d2194852066.exe
2013-11-11 11:45 - 2013-11-11 11:45 - 00001743 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-11-11 11:44 - 2013-11-11 11:45 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-11 11:44 - 2013-11-11 11:45 - 00000000 ____D C:\Program Files\iTunes
2013-11-11 11:44 - 2013-11-11 11:45 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-11-11 11:44 - 2013-11-11 11:44 - 00000000 ____D C:\Program Files\iPod
2013-11-11 11:01 - 2013-11-13 10:26 - 00000560 _____ C:\Windows\setupact.log
2013-11-11 11:01 - 2013-11-11 11:01 - 00000000 _____ C:\Windows\setuperr.log
2013-11-10 09:44 - 2013-11-10 10:21 - 00000000 ____D C:\ProgramData\Innovative Solutions
2013-11-10 09:44 - 2013-11-10 09:44 - 00000000 ____D C:\Users\Marion\AppData\Local\Innovative Solutions
2013-11-10 09:44 - 2013-11-10 09:44 - 00000000 ____D C:\Program Files (x86)\Innovative Solutions
2013-11-10 09:44 - 2009-11-05 13:24 - 00042496 _____ C:\Windows\SysWOW64\AdvUninstCPL.cpl
2013-11-10 09:40 - 2013-11-10 09:40 - 21548944 _____ (Innovative Solutions                                        ) C:\Users\Marion\Downloads\Advanced_Uninstaller11.exe
2013-11-05 07:43 - 2013-11-05 07:43 - 00272664 _____ (Trusteer Ltd.) C:\Users\Marion\Downloads\RapportSetup.exe
2013-11-03 09:32 - 2013-11-11 17:39 - 00000396 _____ C:\Windows\Tasks\SpyHunter4.job
2013-11-03 09:32 - 2013-11-11 11:36 - 00003082 _____ C:\Windows\System32\Tasks\SpyHunter4
2013-11-03 03:19 - 2013-11-03 03:19 - 00001613 _____ C:\spyhunter.fix
2013-11-03 03:19 - 2013-10-18 15:01 - 00285747 _____ C:\shldr
2013-11-03 03:19 - 2013-10-18 15:01 - 00008192 _____ C:\shldr.mbr
2013-11-03 01:37 - 2013-11-03 01:37 - 00000000 _____ C:\autoexec.bat
2013-11-03 01:36 - 2013-11-03 09:36 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-11-03 01:36 - 2013-11-03 01:36 - 00000000 ____D C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2013-11-03 01:33 - 2013-11-03 01:33 - 00819208 _____ (Google Inc.) C:\Users\Marion\Downloads\ChromeSetup.exe
2013-11-02 12:06 - 2013-11-02 12:06 - 00000000 ____D C:\Users\Marion\AppData\Local\NativeMessaging
2013-11-02 12:05 - 2013-11-02 12:07 - 00000009 _____ C:\END
2013-11-02 10:13 - 2013-11-02 10:13 - 00000000 __SHD C:\found.001
2013-11-02 01:48 - 2013-11-02 01:48 - 00003766 _____ C:\Windows\System32\Tasks\Driver Detective-RTMUpdater
2013-11-02 01:48 - 2013-11-02 01:48 - 00003762 _____ C:\Windows\System32\Tasks\Driver Detective-RTMRules
2013-11-02 01:47 - 2013-11-02 01:47 - 00004302 _____ C:\Windows\System32\Tasks\Driver Detective-RTMScan
2013-11-01 23:43 - 2013-11-01 23:44 - 00000000 ____D C:\Program Files (x86)\Drawn - Dark Flight
2013-11-01 23:43 - 2013-11-01 23:43 - 00000000 ____D C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Drawn - Dark Flight
2013-10-31 22:57 - 2013-10-31 22:57 - 01520376 _____ (Uniblue Systems Limited                                     ) C:\Users\Marion\Downloads\powersuite.exe
2013-10-27 19:51 - 2013-11-10 09:57 - 00000000 ____D C:\Users\Marion\AppData\Roaming\Pengu Wars
2013-10-27 19:46 - 2013-10-27 19:46 - 00000000 ____D C:\Users\Marion\AppData\Roaming\Melesta
2013-10-27 19:21 - 2013-10-27 19:21 - 00002189 _____ C:\Users\Public\Desktop\Play SpongeBob SquarePants Obstacle Odyssey.lnk
2013-10-27 19:20 - 2013-10-27 19:21 - 00000000 ____D C:\Program Files (x86)\SpongeBob SquarePants Obstacle Odyssey
2013-10-27 19:20 - 2013-10-27 19:20 - 00001911 _____ C:\Users\Public\Desktop\Play Nick Jr. Bingo.lnk
2013-10-27 19:20 - 2013-10-27 19:20 - 00000000 ____D C:\Program Files (x86)\Nick Jr. Bingo
2013-10-27 19:11 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2013-10-27 19:11 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2013-10-27 19:11 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2013-10-27 19:11 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2013-10-27 19:11 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2013-10-27 19:11 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2013-10-27 19:11 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2013-10-27 19:11 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2013-10-27 19:11 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2013-10-27 19:11 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2013-10-27 19:11 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2013-10-27 19:11 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2013-10-27 19:11 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2013-10-27 19:10 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2013-10-27 19:09 - 2013-10-27 19:11 - 00000000 ____D C:\Program Files (x86)\Dark Manor - A Hidden Object Mystery
2013-10-27 19:09 - 2013-10-27 19:09 - 00000000 ____D C:\Users\Marion\AppData\Roaming\Nimbus Games
2013-10-27 19:09 - 2013-10-27 19:09 - 00000000 ____D C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dark Manor - A Hidden Object Mystery
2013-10-27 19:08 - 2013-10-27 19:08 - 00002002 _____ C:\Users\Public\Desktop\Play Putt-Putt Saves the Zoo.lnk
2013-10-27 19:08 - 2013-10-27 19:08 - 00000000 ____D C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Putt-Putt Saves the Zoo
2013-10-27 19:08 - 2013-10-27 19:08 - 00000000 ____D C:\Program Files (x86)\Putt-Putt Saves the Zoo
2013-10-24 19:10 - 2013-10-24 19:22 - 00000000 ____D C:\Users\Marion\AppData\Roaming\The Witch and The Warrior
2013-10-24 18:44 - 2013-10-24 18:44 - 00000000 ____D C:\Users\Marion\AppData\Roaming\Skyborn
2013-10-23 11:38 - 2013-10-23 12:06 - 00000000 ____D C:\Users\Marion\AppData\Roaming\viking_saga_bfg_en
2013-10-23 11:37 - 2013-10-23 11:37 - 00001890 _____ C:\Users\Public\Desktop\Play Viking Saga.lnk
2013-10-23 11:36 - 2013-10-23 11:37 - 00000000 ____D C:\Program Files (x86)\Viking Saga
2013-10-23 11:36 - 2013-10-23 11:36 - 00000000 ____D C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viking Saga
2013-10-23 11:34 - 2013-10-23 11:34 - 00236648 _____ (Big Fish Games) C:\Users\Marion\Downloads\viking-saga_s1_l1_gF7645T1L1_d2182559580.exe
2013-10-22 13:52 - 2013-10-22 13:52 - 00000000 ____D C:\Users\Marion\AppData\Roaming\kidoz
2013-10-21 12:36 - 2013-11-03 03:19 - 00003134 _____ C:\Windows\System32\Tasks\{3AC193AA-B7EA-48D2-9D49-39099EF51B2B}
2013-10-21 12:33 - 2013-10-21 12:33 - 02712592 _____ C:\Users\Marion\Downloads\R199967.exe
2013-10-21 10:58 - 2013-10-21 10:58 - 00027305 _____ C:\Users\Marion\Downloads\DellPerformanceDiagnostic (1).diagcab
2013-10-21 10:46 - 2013-10-21 10:46 - 00027305 _____ C:\Users\Marion\Downloads\DellPerformanceDiagnostic.diagcab
2013-10-19 10:59 - 2013-11-10 09:56 - 00000000 ____D C:\Users\Marion\AppData\Roaming\InstallShield
2013-10-19 09:46 - 2013-10-19 09:46 - 02445208 _____ C:\Users\Marion\Downloads\R213714.EXE
2013-10-19 09:46 - 2013-10-19 09:46 - 00571728 _____ C:\Users\Marion\Downloads\R205900.exe
2013-10-19 09:44 - 2013-10-19 09:45 - 110976048 _____ C:\Users\Marion\Downloads\R227524.exe
2013-10-19 09:44 - 2013-10-19 09:44 - 02911266 _____ C:\Users\Marion\Downloads\BH20N-C106 (1).zip
2013-10-18 19:42 - 2013-10-18 19:43 - 154092488 _____ (Advanced Micro Devices, Inc.) C:\Users\Marion\Downloads\13-1-legacy_vista_win7_win8_64_dd_ccc.exe
2013-10-18 19:41 - 2013-10-18 19:42 - 415761013 _____ C:\Users\Marion\Downloads\13.151-130819a-161838C-EDG_Direct.zip
2013-10-18 19:37 - 2013-10-18 19:37 - 217681405 _____ C:\Users\Marion\Downloads\AMD_Catalyst_13.4_Vista_W7_W8_WHQL.zip
2013-10-18 19:15 - 2013-10-18 19:15 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2013-10-18 19:15 - 2013-10-18 19:15 - 00000000 ____D C:\Program Files\Realtek
2013-10-18 19:14 - 2013-03-29 20:42 - 03379272 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2013-10-18 19:14 - 2013-03-29 16:10 - 00449481 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2013-10-18 19:14 - 2013-03-27 15:57 - 00135240 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2013-10-18 19:14 - 2013-03-26 16:06 - 02797128 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2013-10-18 19:14 - 2013-03-26 14:40 - 03693128 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2013-10-18 19:14 - 2013-03-12 17:16 - 00613448 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2013-10-18 19:14 - 2013-02-20 17:55 - 01284680 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2013-10-18 19:14 - 2013-02-19 17:52 - 00991816 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2013-10-18 19:14 - 2012-06-08 15:23 - 00083072 _____ (Creative Technology Ltd.) C:\Windows\system32\MBWrp64.dll
2013-10-18 19:14 - 2012-06-08 15:21 - 00897152 _____ (Creative Technology Ltd.) C:\Windows\system32\MBAPO64.dll
2013-10-18 19:14 - 2012-06-08 15:21 - 00753280 _____ (Creative Technology Ltd.) C:\Windows\SysWOW64\MBAPO32.dll
2013-10-18 19:14 - 2011-12-20 14:32 - 00331880 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2013-10-18 19:14 - 2011-12-16 13:57 - 00065112 _____ (Creative Technology Ltd.) C:\Windows\system32\MBppld64.dll
2013-10-18 19:14 - 2011-11-22 15:28 - 00014952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2013-10-18 19:14 - 2010-11-08 06:31 - 00375128 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2013-10-18 19:14 - 2010-11-08 06:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2013-10-18 19:14 - 2010-11-08 06:31 - 00310104 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2013-10-18 19:14 - 2010-11-08 06:31 - 00204120 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2013-10-18 19:14 - 2010-11-08 06:31 - 00101208 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2013-10-18 19:14 - 2010-11-08 06:31 - 00078680 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2013-10-18 19:14 - 2010-11-03 17:30 - 00149608 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2013-10-18 19:14 - 2009-11-24 08:55 - 00518896 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2013-10-18 19:14 - 2009-11-24 08:55 - 00155888 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2013-10-18 19:14 - 2009-11-18 06:13 - 00060504 _____ (Creative Technology Ltd.) C:\Windows\system32\MBPPCn64.dll
2013-10-18 19:13 - 2013-03-26 16:04 - 02734624 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2013-10-18 19:13 - 2013-03-23 02:43 - 00208072 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2013-10-18 19:13 - 2012-06-20 16:26 - 00110592 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2013-10-18 19:13 - 2012-03-08 10:47 - 00108640 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2013-10-18 19:05 - 2013-10-18 19:52 - 00000000 ____D C:\Program Files (x86)\Realtek
2013-10-18 19:00 - 2013-01-16 15:02 - 02079816 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2013-10-18 18:31 - 2013-10-18 18:31 - 00000000 ____D C:\Users\Marion\Downloads\Driver Whiz
2013-10-18 18:30 - 2013-10-18 18:30 - 00000000 ____D C:\ProgramData\Driver Whiz
2013-10-18 18:24 - 2013-10-18 18:24 - 01998248 _____ (Driver Whiz) C:\Users\Marion\Downloads\Driverwhiz.exe
2013-10-18 18:18 - 2013-11-10 09:56 - 00000000 ____D C:\Users\Marion\AppData\Roaming\Foresight Software
2013-10-18 18:18 - 2013-10-18 18:18 - 00000000 ____D C:\Users\Marion\AppData\Roaming\DriverCure
2013-10-18 18:17 - 2013-11-10 09:54 - 00000000 ____D C:\ProgramData\Foresight Software
2013-10-18 16:36 - 2013-10-18 16:36 - 00003200 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest
2013-10-18 16:35 - 2013-10-18 16:35 - 00000000 ____D C:\ProgramData\PC-Doctor for Windows
2013-10-18 16:35 - 2013-10-18 16:35 - 00000000 ____D C:\Program Files\Dell Support Center
2013-10-18 16:02 - 2013-10-18 16:02 - 00003156 _____ C:\Windows\System32\Tasks\{22156837-0D2A-4D1C-9926-C830D0C78353}
2013-10-18 13:22 - 2013-10-18 13:22 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-10-17 00:12 - 2012-12-10 14:48 - 00044544 _____ (Research in Motion Ltd) C:\Windows\system32\Drivers\RimSerial_AMD64.sys
 
==================== One Month Modified Files and Folders =======
 
2013-11-13 11:09 - 2013-11-12 15:33 - 00015492 _____ C:\Users\Marion\Downloads\FRST.txt
2013-11-13 11:09 - 2010-04-12 15:40 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-13 11:07 - 2013-11-13 11:07 - 01957610 _____ (Farbar) C:\Users\Marion\Downloads\FRST64 (2).exe
2013-11-13 11:05 - 2013-11-13 11:05 - 01957610 _____ (Farbar) C:\Users\Marion\Downloads\FRST64 (1).exe
2013-11-13 11:02 - 2013-11-13 11:02 - 00001116 _____ C:\Users\Marion\Downloads\FRST64 - Shortcut.lnk
2013-11-13 11:01 - 2013-11-13 11:01 - 01957610 _____ (Farbar) C:\Users\Marion\Downloads\FRST64.exe
2013-11-13 10:51 - 2013-11-13 10:51 - 00012886 _____ C:\Users\Marion\Desktop\fixlist (1).txt
2013-11-13 10:50 - 2013-11-13 10:50 - 00012886 _____ C:\Users\Marion\Downloads\fixlist.txt
2013-11-13 10:45 - 2013-11-13 10:45 - 00000000 ____D C:\Windows\72AAF4551E54475BB0AB5413C78D0E63.TMP
2013-11-13 10:42 - 2013-06-28 16:40 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-11-13 10:42 - 2013-06-28 16:40 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-11-13 10:42 - 2013-06-28 16:40 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2013-11-13 10:42 - 2013-06-28 16:40 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-13 10:42 - 2010-04-12 15:31 - 00000000 ____D C:\Users\Marion\AppData\Local\Adobe
2013-11-13 10:35 - 2009-07-14 04:45 - 00014832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-13 10:35 - 2009-07-14 04:45 - 00014832 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-13 10:31 - 2010-04-12 19:29 - 01501164 _____ C:\Windows\WindowsUpdate.log
2013-11-13 10:26 - 2013-11-11 11:01 - 00000560 _____ C:\Windows\setupact.log
2013-11-13 10:26 - 2010-04-12 15:40 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-13 10:26 - 2009-07-14 05:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-13 10:25 - 2013-11-11 17:39 - 00002390 _____ C:\Windows\PFRO.log
2013-11-13 10:22 - 2013-11-13 10:22 - 00000000 ____D C:\Windows\F94A63D79A61403B8F6F90B1BF77211A.TMP
2013-11-13 10:10 - 2012-10-12 16:41 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{2FEB0AF2-5F46-46CD-93EC-3787D0FAA976}
2013-11-13 09:36 - 2013-11-12 14:46 - 00003440 _____ C:\Windows\System32\Tasks\PCDEventLauncherTask
2013-11-13 09:30 - 2010-04-13 14:46 - 00000000 ____D C:\Users\Marion\AppData\Roaming\Uniblue
2013-11-13 09:30 - 2010-04-13 14:41 - 00000000 ____D C:\Program Files (x86)\Uniblue
2013-11-13 09:29 - 2011-12-11 15:37 - 00000000 ____D C:\ProgramData\iolo
2013-11-13 09:28 - 2011-11-12 14:21 - 00000000 ____D C:\Program Files (x86)\DriverUpdate
2013-11-13 08:35 - 2011-11-12 14:21 - 00016152 _____ C:\Windows\system32\Drivers\SWDUMon.sys
2013-11-12 16:08 - 2010-04-12 07:58 - 00000000 ____D C:\Users\Marion\AppData\Local\Microsoft Games
2013-11-12 15:52 - 2010-04-12 07:58 - 00000000 ____D C:\Windows\System32\Tasks\Games
2013-11-12 15:40 - 2013-08-28 17:38 - 00000000 ____D C:\BigFishCache
2013-11-12 15:36 - 2013-11-12 15:35 - 00000000 ____D C:\Users\Marion\Desktop\New folder
2013-11-12 15:08 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\rescache
2013-11-12 14:21 - 2013-11-12 14:20 - 00033714 _____ C:\Users\Marion\Downloads\Addition.txt
2013-11-12 14:19 - 2013-11-12 14:19 - 00000000 ____D C:\FRST
2013-11-12 14:04 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-11-12 08:54 - 2013-11-12 08:50 - 00007785 _____ C:\Windows\IE11_main.log
2013-11-12 08:51 - 2013-11-12 08:51 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-12 08:51 - 2013-11-12 08:51 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-12 08:51 - 2013-11-12 08:51 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-12 08:51 - 2013-11-12 08:51 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-12 08:51 - 2013-11-12 08:51 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-12 08:51 - 2013-11-12 08:51 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-12 08:51 - 2013-11-12 08:51 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-12 08:51 - 2013-11-12 08:51 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-12 08:51 - 2013-11-12 08:51 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-12 08:51 - 2013-11-12 08:51 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-12 08:51 - 2013-11-12 08:51 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-12 08:51 - 2013-11-12 08:51 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-12 08:51 - 2013-11-12 08:51 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-12 08:51 - 2013-11-12 08:51 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-12 08:51 - 2013-11-12 08:51 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-12 08:51 - 2013-11-12 08:51 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-12 08:51 - 2013-11-12 08:51 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-12 08:51 - 2013-11-12 08:51 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-12 08:51 - 2013-11-12 08:51 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-12 08:51 - 2013-11-12 08:51 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-12 08:51 - 2013-11-12 08:51 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-12 08:51 - 2013-11-12 08:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-12 08:51 - 2013-11-12 08:51 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-12 08:51 - 2013-11-12 08:51 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-12 08:51 - 2013-11-12 08:51 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-12 08:51 - 2013-11-12 08:51 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-12 08:51 - 2013-11-12 08:51 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-12 08:51 - 2013-11-12 08:51 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-12 08:51 - 2013-11-12 08:51 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-12 08:49 - 2012-01-30 09:13 - 00000000 ____D C:\ProgramData\NVIDIA
2013-11-12 08:48 - 2012-01-29 17:04 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2013-11-12 08:30 - 2013-03-26 09:41 - 00005030 _____ C:\Windows\mozy.blk
2013-11-12 08:30 - 2013-03-26 09:41 - 00000804 _____ C:\Windows\mozy.flt
2013-11-12 07:01 - 2013-11-12 07:01 - 00688992 _____ (Swearware) C:\Users\Marion\Downloads\dds (1).com
2013-11-12 07:00 - 2013-11-12 07:00 - 00688992 ____R (Swearware) C:\Users\Marion\Downloads\dds.com
2013-11-12 00:43 - 2013-11-12 00:43 - 01898232 _____ (Bleeping Computer, LLC) C:\Users\Marion\Downloads\rkill.com
2013-11-12 00:24 - 2013-11-12 00:24 - 00000000 ____D C:\Users\Marion\AppData\Local\Deployment
2013-11-12 00:14 - 2013-11-12 00:14 - 23960472 _____ (NVIDIA Corporation) C:\Users\Marion\Downloads\GeForce_Experience_v1.7.0.0.exe
2013-11-11 23:49 - 2013-11-11 23:49 - 00003176 _____ C:\Windows\System32\Tasks\{E6B8E692-52A0-47F0-B48E-F36ED5E0D9C5}
2013-11-11 19:51 - 2010-04-15 18:17 - 00000000 ___RD C:\Users\Marion\Desktop\GAMES
2013-11-11 19:49 - 2010-04-15 18:18 - 00000000 ____D C:\Users\Marion\Desktop\Maintainence
2013-11-11 18:38 - 2013-11-11 18:38 - 00000000 ____D C:\Users\Marion\Downloads\Autoruns
2013-11-11 18:29 - 2013-11-11 18:29 - 00550371 _____ C:\Users\Marion\Downloads\Autoruns.zip
2013-11-11 17:52 - 2013-11-11 17:52 - 00001417 _____ C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-11 17:39 - 2013-11-03 09:32 - 00000396 _____ C:\Windows\Tasks\SpyHunter4.job
2013-11-11 12:17 - 2013-11-11 12:17 - 00987961 _____ C:\Users\Marion\Downloads\MS STEPIEN.zip
2013-11-11 12:08 - 2013-11-11 12:08 - 00001912 _____ C:\Users\Public\Desktop\Play Mini Robot Wars.lnk
2013-11-11 12:08 - 2013-11-11 12:08 - 00001260 _____ C:\Users\Public\Desktop\More Great Games.lnk
2013-11-11 12:08 - 2013-11-11 12:08 - 00000000 ____D C:\Users\Marion\AppData\Roaming\Picsoft
2013-11-11 12:08 - 2013-11-11 12:08 - 00000000 ____D C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mini Robot Wars
2013-11-11 12:08 - 2013-11-11 12:08 - 00000000 ____D C:\Program Files (x86)\Mini Robot Wars
2013-11-11 11:59 - 2010-04-15 17:16 - 00000000 ____D C:\ProgramData\Big Fish Games
2013-11-11 11:58 - 2013-11-11 11:58 - 00001900 _____ C:\Users\Public\Desktop\Play Peggle Deluxe.lnk
2013-11-11 11:58 - 2013-11-11 11:58 - 00000000 ____D C:\Program Files (x86)\Peggle Deluxe
2013-11-11 11:53 - 2013-11-11 11:53 - 00236648 _____ (Big Fish Games) C:\Users\Marion\Downloads\peggle_s1_l1_gF1465T1L1_d2194852066.exe
2013-11-11 11:45 - 2013-11-11 11:45 - 00001743 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-11-11 11:45 - 2013-11-11 11:44 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-11-11 11:45 - 2013-11-11 11:44 - 00000000 ____D C:\Program Files\iTunes
2013-11-11 11:45 - 2013-11-11 11:44 - 00000000 ____D C:\Program Files (x86)\iTunes
2013-11-11 11:44 - 2013-11-11 11:44 - 00000000 ____D C:\Program Files\iPod
2013-11-11 11:36 - 2013-11-03 09:32 - 00003082 _____ C:\Windows\System32\Tasks\SpyHunter4
2013-11-11 11:01 - 2013-11-11 11:01 - 00000000 _____ C:\Windows\setuperr.log
2013-11-10 13:53 - 2010-04-12 15:40 - 00000000 ____D C:\Users\Marion\AppData\Local\Apple
2013-11-10 11:21 - 2010-04-12 15:28 - 00000000 ____D C:\Users\Marion\AppData\Roaming\Adobe
2013-11-10 11:20 - 2009-07-14 03:20 - 00000000 ____D C:\Windows\system32\NDF
2013-11-10 10:21 - 2013-11-10 09:44 - 00000000 ____D C:\ProgramData\Innovative Solutions
2013-11-10 10:06 - 2011-09-09 16:33 - 00000000 __SHD C:\AI_RecycleBin
2013-11-10 09:58 - 2010-04-12 09:07 - 00000000 ____D C:\Users\Marion\Tracing
2013-11-10 09:57 - 2013-10-27 19:51 - 00000000 ____D C:\Users\Marion\AppData\Roaming\Pengu Wars
2013-11-10 09:57 - 2013-01-14 14:55 - 00000000 ____D C:\Users\Marion\AppData\Roaming\Strongvault
2013-11-10 09:57 - 2012-06-29 21:49 - 00000000 ____D C:\Users\Marion\AppData\Roaming\vcards
2013-11-10 09:56 - 2013-10-19 10:59 - 00000000 ____D C:\Users\Marion\AppData\Roaming\InstallShield
2013-11-10 09:56 - 2013-10-18 18:18 - 00000000 ____D C:\Users\Marion\AppData\Roaming\Foresight Software
2013-11-10 09:56 - 2012-06-29 21:49 - 00000000 ____D C:\Users\Marion\AppData\Roaming\GirlsDateChat
2013-11-10 09:56 - 2011-04-09 13:30 - 00000000 ____D C:\Users\Marion\AppData\Roaming\CyberLink
2013-11-10 09:56 - 2010-08-11 14:13 - 00000000 ____D C:\Users\Marion\AppData\Roaming\ATI
2013-11-10 09:56 - 2010-04-28 18:55 - 00000000 ____D C:\Users\Marion\AppData\Roaming\Ancient Quest of Saqqarah__bfg
2013-11-10 09:56 - 2010-04-12 15:32 - 00000000 ____D C:\Users\Marion\AppData\Roaming\Google
2013-11-10 09:55 - 2012-01-13 14:34 - 00000000 __SHD C:\Users\Marion\AppData\Local\{b93732d6-b308-ce93-f8e0-3f457f76a2f2}
2013-11-10 09:55 - 2011-04-09 13:22 - 00000000 ____D C:\Users\Marion\AppData\Local\PCM4Everio
2013-11-10 09:55 - 2010-04-12 15:44 - 00000000 ____D C:\Users\Marion\AppData\Local\Apple Computer
2013-11-10 09:55 - 2010-04-12 15:32 - 00000000 ____D C:\Users\Marion\AppData\Local\Google
2013-11-10 09:54 - 2013-10-18 18:17 - 00000000 ____D C:\ProgramData\Foresight Software
2013-11-10 09:54 - 2013-09-29 16:38 - 00000000 ____D C:\teac
2013-11-10 09:54 - 2013-02-04 15:51 - 00000000 ____D C:\ProgramData\Elephant Games
2013-11-10 09:54 - 2013-02-04 13:35 - 00000000 ____D C:\ProgramData\Publisher
2013-11-10 09:54 - 2011-10-21 13:26 - 00000000 ____D C:\ProgramData\Ask
2013-11-10 09:54 - 2010-04-18 07:09 - 00000000 ____D C:\ProgramData\GOA
2013-11-10 09:54 - 2010-04-17 15:36 - 00000000 ____D C:\ProgramData\Braintonik
2013-11-10 09:54 - 2010-04-15 15:12 - 00000000 ____D C:\BigFishGamesCache
2013-11-10 09:54 - 2010-04-13 16:22 - 00000000 ____D C:\ProgramData\Uniblue
2013-11-10 09:54 - 2010-04-12 15:31 - 00000000 ____D C:\ProgramData\Adobe
2013-11-10 09:54 - 2009-07-14 05:32 - 00000000 ____D C:\Program Files\Windows Sidebar
2013-11-10 09:54 - 2009-07-14 03:20 - 00000000 __RHD C:\Users\Default
2013-11-10 09:44 - 2013-11-10 09:44 - 00000000 ____D C:\Users\Marion\AppData\Local\Innovative Solutions
2013-11-10 09:44 - 2013-11-10 09:44 - 00000000 ____D C:\Program Files (x86)\Innovative Solutions
2013-11-10 09:40 - 2013-11-10 09:40 - 21548944 _____ (Innovative Solutions                                        ) C:\Users\Marion\Downloads\Advanced_Uninstaller11.exe
2013-11-08 15:14 - 2013-08-13 10:02 - 00000000 ____D C:\ProgramData\PCDr
2013-11-05 08:04 - 2010-09-29 12:34 - 00000000 ____D C:\Users\Marion\AppData\Roaming\Clip Art Collection
2013-11-05 07:43 - 2013-11-05 07:43 - 00272664 _____ (Trusteer Ltd.) C:\Users\Marion\Downloads\RapportSetup.exe
2013-11-03 09:36 - 2013-11-03 01:36 - 00000000 ____D C:\Program Files\Enigma Software Group
2013-11-03 03:19 - 2013-11-03 03:19 - 00001613 _____ C:\spyhunter.fix
2013-11-03 03:19 - 2013-10-21 12:36 - 00003134 _____ C:\Windows\System32\Tasks\{3AC193AA-B7EA-48D2-9D49-39099EF51B2B}
2013-11-03 03:19 - 2010-04-28 20:14 - 00002996 _____ C:\Windows\System32\Tasks\{8BE61F1A-482F-4F92-A41D-A2297BA37556}
2013-11-03 01:37 - 2013-11-03 01:37 - 00000000 _____ C:\autoexec.bat
2013-11-03 01:36 - 2013-11-03 01:36 - 00000000 ____D C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2013-11-03 01:33 - 2013-11-03 01:33 - 00819208 _____ (Google Inc.) C:\Users\Marion\Downloads\ChromeSetup.exe
2013-11-03 01:19 - 2013-04-06 19:41 - 00000000 ____D C:\Users\Marion\AppData\Local\Akamai
2013-11-02 12:07 - 2013-11-02 12:05 - 00000009 _____ C:\END
2013-11-02 12:06 - 2013-11-02 12:06 - 00000000 ____D C:\Users\Marion\AppData\Local\NativeMessaging
2013-11-02 10:13 - 2013-11-02 10:13 - 00000000 __SHD C:\found.001
2013-11-02 01:48 - 2013-11-02 01:48 - 00003766 _____ C:\Windows\System32\Tasks\Driver Detective-RTMUpdater
2013-11-02 01:48 - 2013-11-02 01:48 - 00003762 _____ C:\Windows\System32\Tasks\Driver Detective-RTMRules
2013-11-02 01:47 - 2013-11-02 01:47 - 00004302 _____ C:\Windows\System32\Tasks\Driver Detective-RTMScan
2013-11-02 01:33 - 2012-09-29 08:31 - 00000000 ____D C:\Users\Marion\AppData\Roaming\AlawarEntertainment
2013-11-01 23:44 - 2013-11-01 23:43 - 00000000 ____D C:\Program Files (x86)\Drawn - Dark Flight
2013-11-01 23:43 - 2013-11-01 23:43 - 00000000 ____D C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Drawn - Dark Flight
2013-11-01 19:27 - 2010-04-28 20:21 - 00000000 ____D C:\Users\Marion\AppData\Roaming\Big Fish Games
2013-11-01 09:22 - 2009-07-14 05:13 - 00793338 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-31 22:57 - 2013-10-31 22:57 - 01520376 _____ (Uniblue Systems Limited                                     ) C:\Users\Marion\Downloads\powersuite.exe
2013-10-27 19:46 - 2013-10-27 19:46 - 00000000 ____D C:\Users\Marion\AppData\Roaming\Melesta
2013-10-27 19:21 - 2013-10-27 19:21 - 00002189 _____ C:\Users\Public\Desktop\Play SpongeBob SquarePants Obstacle Odyssey.lnk
2013-10-27 19:21 - 2013-10-27 19:20 - 00000000 ____D C:\Program Files (x86)\SpongeBob SquarePants Obstacle Odyssey
2013-10-27 19:20 - 2013-10-27 19:20 - 00001911 _____ C:\Users\Public\Desktop\Play Nick Jr. Bingo.lnk
2013-10-27 19:20 - 2013-10-27 19:20 - 00000000 ____D C:\Program Files (x86)\Nick Jr. Bingo
2013-10-27 19:11 - 2013-10-27 19:09 - 00000000 ____D C:\Program Files (x86)\Dark Manor - A Hidden Object Mystery
2013-10-27 19:09 - 2013-10-27 19:09 - 00000000 ____D C:\Users\Marion\AppData\Roaming\Nimbus Games
2013-10-27 19:09 - 2013-10-27 19:09 - 00000000 ____D C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dark Manor - A Hidden Object Mystery
2013-10-27 19:08 - 2013-10-27 19:08 - 00002002 _____ C:\Users\Public\Desktop\Play Putt-Putt Saves the Zoo.lnk
2013-10-27 19:08 - 2013-10-27 19:08 - 00000000 ____D C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Putt-Putt Saves the Zoo
2013-10-27 19:08 - 2013-10-27 19:08 - 00000000 ____D C:\Program Files (x86)\Putt-Putt Saves the Zoo
2013-10-26 00:21 - 2010-04-12 07:40 - 00000000 ____D C:\Users\Marion
2013-10-24 19:22 - 2013-10-24 19:10 - 00000000 ____D C:\Users\Marion\AppData\Roaming\The Witch and The Warrior
2013-10-24 18:44 - 2013-10-24 18:44 - 00000000 ____D C:\Users\Marion\AppData\Roaming\Skyborn
2013-10-23 12:06 - 2013-10-23 11:38 - 00000000 ____D C:\Users\Marion\AppData\Roaming\viking_saga_bfg_en
2013-10-23 11:37 - 2013-10-23 11:37 - 00001890 _____ C:\Users\Public\Desktop\Play Viking Saga.lnk
2013-10-23 11:37 - 2013-10-23 11:36 - 00000000 ____D C:\Program Files (x86)\Viking Saga
2013-10-23 11:36 - 2013-10-23 11:36 - 00000000 ____D C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Viking Saga
2013-10-23 11:34 - 2013-10-23 11:34 - 00236648 _____ (Big Fish Games) C:\Users\Marion\Downloads\viking-saga_s1_l1_gF7645T1L1_d2182559580.exe
2013-10-22 13:52 - 2013-10-22 13:52 - 00000000 ____D C:\Users\Marion\AppData\Roaming\kidoz
2013-10-21 12:33 - 2013-10-21 12:33 - 02712592 _____ C:\Users\Marion\Downloads\R199967.exe
2013-10-21 10:58 - 2013-10-21 10:58 - 00027305 _____ C:\Users\Marion\Downloads\DellPerformanceDiagnostic (1).diagcab
2013-10-21 10:46 - 2013-10-21 10:46 - 00027305 _____ C:\Users\Marion\Downloads\DellPerformanceDiagnostic.diagcab
2013-10-19 10:59 - 2010-08-11 14:21 - 00000000 ____D C:\Program Files (x86)\Intel
2013-10-19 10:59 - 2010-08-11 14:20 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-10-19 09:46 - 2013-10-19 09:46 - 02445208 _____ C:\Users\Marion\Downloads\R213714.EXE
2013-10-19 09:46 - 2013-10-19 09:46 - 00571728 _____ C:\Users\Marion\Downloads\R205900.exe
2013-10-19 09:45 - 2013-10-19 09:44 - 110976048 _____ C:\Users\Marion\Downloads\R227524.exe
2013-10-19 09:44 - 2013-10-19 09:44 - 02911266 _____ C:\Users\Marion\Downloads\BH20N-C106 (1).zip
2013-10-18 19:52 - 2013-10-18 19:05 - 00000000 ____D C:\Program Files (x86)\Realtek
2013-10-18 19:43 - 2013-10-18 19:42 - 154092488 _____ (Advanced Micro Devices, Inc.) C:\Users\Marion\Downloads\13-1-legacy_vista_win7_win8_64_dd_ccc.exe
2013-10-18 19:42 - 2013-10-18 19:41 - 415761013 _____ C:\Users\Marion\Downloads\13.151-130819a-161838C-EDG_Direct.zip
2013-10-18 19:37 - 2013-10-18 19:37 - 217681405 _____ C:\Users\Marion\Downloads\AMD_Catalyst_13.4_Vista_W7_W8_WHQL.zip
2013-10-18 19:15 - 2013-10-18 19:15 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2013-10-18 19:15 - 2013-10-18 19:15 - 00000000 ____D C:\Program Files\Realtek
2013-10-18 18:31 - 2013-10-18 18:31 - 00000000 ____D C:\Users\Marion\Downloads\Driver Whiz
2013-10-18 18:30 - 2013-10-18 18:30 - 00000000 ____D C:\ProgramData\Driver Whiz
2013-10-18 18:24 - 2013-10-18 18:24 - 01998248 _____ (Driver Whiz) C:\Users\Marion\Downloads\Driverwhiz.exe
2013-10-18 18:18 - 2013-10-18 18:18 - 00000000 ____D C:\Users\Marion\AppData\Roaming\DriverCure
2013-10-18 16:36 - 2013-10-18 16:36 - 00003200 _____ C:\Windows\System32\Tasks\SystemToolsDailyTest
2013-10-18 16:36 - 2013-08-13 10:01 - 00000000 ____D C:\Program Files\My Dell
2013-10-18 16:35 - 2013-10-18 16:35 - 00000000 ____D C:\ProgramData\PC-Doctor for Windows
2013-10-18 16:35 - 2013-10-18 16:35 - 00000000 ____D C:\Program Files\Dell Support Center
2013-10-18 16:02 - 2013-10-18 16:02 - 00003156 _____ C:\Windows\System32\Tasks\{22156837-0D2A-4D1C-9926-C830D0C78353}
2013-10-18 15:01 - 2013-11-03 03:19 - 00285747 _____ C:\shldr
2013-10-18 15:01 - 2013-11-03 03:19 - 00008192 _____ C:\shldr.mbr
2013-10-18 13:22 - 2013-10-18 13:22 - 00000000 ____D C:\Program Files\McAfee Security Scan
2013-10-18 13:22 - 2011-08-28 12:43 - 00001931 _____ C:\Users\Public\Desktop\McAfee Security Scan Plus.lnk
2013-10-17 00:12 - 2012-04-25 13:41 - 00003361 _____ C:\Users\Marion\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
2013-10-17 00:12 - 2012-04-25 13:41 - 00002191 _____ C:\Users\Public\Desktop\BlackBerry Desktop Software.lnk
2013-10-17 00:10 - 2012-04-25 13:42 - 00001694 _____ C:\Users\Marion\AppData\Roaming\Rim.Desktop.Exception.log
2013-10-17 00:10 - 2012-04-25 13:42 - 00001540 _____ C:\Users\Marion\AppData\Roaming\Rim.DesktopHelper.Exception.log
2013-10-15 16:46 - 2013-09-29 17:02 - 00000000 ____D C:\Program Files (x86)\FixCleaner
2013-10-15 16:37 - 2009-07-14 05:08 - 00032608 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-10-14 23:04 - 2010-04-12 15:40 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-10-14 23:04 - 2010-04-12 15:40 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-10-14 18:00 - 2013-11-12 08:54 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
 
ZeroAccess:
C:\Windows\Installer\{b93732d6-b308-ce93-f8e0-3f457f76a2f2}
 
Files to move or delete:
====================
C:\Users\Marion\GoToAssistDownloadHelper (1).exe
C:\Users\Marion\GoToAssistDownloadHelper (2).exe
C:\Users\Marion\jagex_runescape_preferences (1).dat
C:\Users\Marion\jagex_runescape_preferences (2).dat
C:\Users\Marion\jagex_runescape_preferences.dat
C:\Users\Marion\jagex_runescape_preferences2 (1).dat
C:\Users\Marion\jagex_runescape_preferences2 (2).dat
C:\Users\Marion\jagex_runescape_preferences2.dat
C:\Users\Marion\ntuser (1).dat
C:\Users\Marion\ntuser (2).dat
 
 
Some content of TEMP:
====================
C:\Users\Marion\AppData\Local\Temp\UNINSTALL.EXE
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2013-11-10 14:59
 
==================== End Of Log ============================


#6 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:54 AM

Posted 13 November 2013 - 08:52 AM

Hello,

 

 

Simple download and copy fixlist.txt and FRST.exe to a folder of your choice and then start FRST and click on the Fix button and then attach the fixlog.txt to your next reply.

 

DYpiUEb.png

 

 

Regards,

Georgi


cXfZ4wS.png


#7 mazz99

mazz99
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:02:54 AM

Posted 13 November 2013 - 03:10 PM

Ok this is what came up :-

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-11-2013 01
Ran by Marion at 2013-11-13 20:08:10 Run:1
Running from C:\Users\Marion\Downloads
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
MountPoints2: {5d811904-4669-11df-a7f4-806e6f6e6963} - C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL D:\Install_CCAHBundleAges5-8.msi
AppInit_DLLs-x32:   [ ] ()
Startup: C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop (1).ini ()
Startup: C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop (2).ini ()
SearchScopes: HKCU - DefaultScope {DBFBB281-A745-4F20-B142-EB544D75557F} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3292715&CUI=UN18051235811025663&UM=2
SearchScopes: HKCU - ÛŸÆîZ§’2¹Þpv¨IÍá*X(Ž2s(ÛÎÀJºÔÓµ± vË°!×—(ä¼48иpatm6êo^Mp`Ëõ÷_i£w˜¾!„Áû†x¢8€ÙjÀÿþ ´Ñ;áa´[¦†8 º~RÙxœòÜ8'£-)x­ä­ URL = 
2013-10-21 12:36 - 2013-11-03 03:19 - 00003134 _____ C:\Windows\System32\Tasks\{3AC193AA-B7EA-48D2-9D49-39099EF51B2B}
2013-10-18 16:02 - 2013-10-18 16:02 - 00003156 _____ C:\Windows\System32\Tasks\{22156837-0D2A-4D1C-9926-C830D0C78353}
2013-11-10 09:54 - 2011-10-21 13:26 - 00000000 ____D C:\ProgramData\Ask
2013-11-02 10:13 - 2013-11-02 10:13 - 00000000 __SHD C:\found.001
C:\Windows\Installer\{b93732d6-b308-ce93-f8e0-3f457f76a2f2}
Task: {C03B6840-3796-4DAF-B034-50F585EEF694} - \PC Optimizer Pro64 startups No Task File
AlternateDataStreams: C:\ProgramData\TEMP:025C72E5
AlternateDataStreams: C:\ProgramData\TEMP:07D9FF25
AlternateDataStreams: C:\ProgramData\TEMP:10CFA7D4
AlternateDataStreams: C:\ProgramData\TEMP:114BD271
AlternateDataStreams: C:\ProgramData\TEMP:15752405
AlternateDataStreams: C:\ProgramData\TEMP:160ADF0B
AlternateDataStreams: C:\ProgramData\TEMP:1663E41B
AlternateDataStreams: C:\ProgramData\TEMP:206470A5
AlternateDataStreams: C:\ProgramData\TEMP:24164710
AlternateDataStreams: C:\ProgramData\TEMP:258D2F8B
AlternateDataStreams: C:\ProgramData\TEMP:2A66F1C3
AlternateDataStreams: C:\ProgramData\TEMP:2AE74FF9
AlternateDataStreams: C:\ProgramData\TEMP:2BE0B2D7
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
AlternateDataStreams: C:\ProgramData\TEMP:2DF93164
AlternateDataStreams: C:\ProgramData\TEMP:30DA8392
AlternateDataStreams: C:\ProgramData\TEMP:35629AE6
AlternateDataStreams: C:\ProgramData\TEMP:38E2864F
AlternateDataStreams: C:\ProgramData\TEMP:39B14E09
AlternateDataStreams: C:\ProgramData\TEMP:438C7496
AlternateDataStreams: C:\ProgramData\TEMP:4C3504B5
AlternateDataStreams: C:\ProgramData\TEMP:500F73A8
AlternateDataStreams: C:\ProgramData\TEMP:5080697C
AlternateDataStreams: C:\ProgramData\TEMP:54403233
AlternateDataStreams: C:\ProgramData\TEMP:5DABFF83
AlternateDataStreams: C:\ProgramData\TEMP:5EC3C304
AlternateDataStreams: C:\ProgramData\TEMP:60AC3BC3
AlternateDataStreams: C:\ProgramData\TEMP:64170090
AlternateDataStreams: C:\ProgramData\TEMP:6C7EBDC3
AlternateDataStreams: C:\ProgramData\TEMP:6E6A4F42
AlternateDataStreams: C:\ProgramData\TEMP:70B3C619
AlternateDataStreams: C:\ProgramData\TEMP:726D640A
AlternateDataStreams: C:\ProgramData\TEMP:789BBF3F
AlternateDataStreams: C:\ProgramData\TEMP:7BA6D322
AlternateDataStreams: C:\ProgramData\TEMP:7BA83BF4
AlternateDataStreams: C:\ProgramData\TEMP:7FA0D639
AlternateDataStreams: C:\ProgramData\TEMP:803039D6
AlternateDataStreams: C:\ProgramData\TEMP:8247A199
AlternateDataStreams: C:\ProgramData\TEMP:83FDB6DC
AlternateDataStreams: C:\ProgramData\TEMP:8AC20936
AlternateDataStreams: C:\ProgramData\TEMP:8BCF4DE2
AlternateDataStreams: C:\ProgramData\TEMP:8C12CFCD
AlternateDataStreams: C:\ProgramData\TEMP:8E11CC80
AlternateDataStreams: C:\ProgramData\TEMP:8F4E260C
AlternateDataStreams: C:\ProgramData\TEMP:9033BDFB
AlternateDataStreams: C:\ProgramData\TEMP:91730504
AlternateDataStreams: C:\ProgramData\TEMP:9AC79996
AlternateDataStreams: C:\ProgramData\TEMP:9D6EAEC3
AlternateDataStreams: C:\ProgramData\TEMP:9DB67071
AlternateDataStreams: C:\ProgramData\TEMP:A31B5E9B
AlternateDataStreams: C:\ProgramData\TEMP:A4AF8D0D
AlternateDataStreams: C:\ProgramData\TEMP:A57500CB
AlternateDataStreams: C:\ProgramData\TEMP:A69FAA24
AlternateDataStreams: C:\ProgramData\TEMP:B1FBBD09
AlternateDataStreams: C:\ProgramData\TEMP:B91EDB04
AlternateDataStreams: C:\ProgramData\TEMP:BB1102D7
AlternateDataStreams: C:\ProgramData\TEMP:BDE339B9
AlternateDataStreams: C:\ProgramData\TEMP:BDE93B22
AlternateDataStreams: C:\ProgramData\TEMP:C2E091F5
AlternateDataStreams: C:\ProgramData\TEMP:C67CB31A
AlternateDataStreams: C:\ProgramData\TEMP:CD6E25A6
AlternateDataStreams: C:\ProgramData\TEMP:CF75D88F
AlternateDataStreams: C:\ProgramData\TEMP:D07517E1
AlternateDataStreams: C:\ProgramData\TEMP:D453E38B
AlternateDataStreams: C:\ProgramData\TEMP:D92485C9
AlternateDataStreams: C:\ProgramData\TEMP:E402E439
AlternateDataStreams: C:\ProgramData\TEMP:E6D148BC
AlternateDataStreams: C:\ProgramData\TEMP:E70FD81B
AlternateDataStreams: C:\ProgramData\TEMP:EB86F355
AlternateDataStreams: C:\ProgramData\TEMP:ED194880
AlternateDataStreams: C:\ProgramData\TEMP:EDDBC69E
AlternateDataStreams: C:\ProgramData\TEMP:F35AE645
AlternateDataStreams: C:\ProgramData\TEMP:F5E30F6A
AlternateDataStreams: C:\ProgramData\TEMP:F5FC5DCE
AlternateDataStreams: C:\ProgramData\TEMP:F7061E5F
AlternateDataStreams: C:\ProgramData\TEMP:F9E10A82
AlternateDataStreams: C:\ProgramData\TEMP:FBA79096
AlternateDataStreams: C:\ProgramData\TEMP:FBD274CF
AlternateDataStreams: C:\ProgramData\TEMP:FBFC061F
AlternateDataStreams: C:\ProgramData\TEMP:FD786DCA
end
*****************
 
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5d811904-4669-11df-a7f4-806e6f6e6963} => Key deleted successfully.
HKCR\CLSID\{5d811904-4669-11df-a7f4-806e6f6e6963} => Key not found.
HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully.
C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop (1).ini => Moved successfully.
C:\Users\Marion\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop (2).ini => Moved successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{087a7792-10bb-455d-bd55-427d589addf5} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{087a7792-10bb-455d-bd55-427d589addf5} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{087a7792-10bb-455d-bd55-427d589addf5} => Key deleted successfully.
HKCR\CLSID\{087a7792-10bb-455d-bd55-427d589addf5} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B16D4423-A93F-4EF2-BE8E-4E6CFEC23362} => Key deleted successfully.
HKCR\CLSID\{B16D4423-A93F-4EF2-BE8E-4E6CFEC23362} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DBFBB281-A745-4F20-B142-EB544D75557F} => Key deleted successfully.
HKCR\CLSID\{DBFBB281-A745-4F20-B142-EB544D75557F} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ÛŸÆîZ§’2¹Þpv¨IÍá*X(Ž2s(ÛÎÀJºÔÓµ± vË°!×—(ä¼48иpatm6êo^Mp`Ëõ÷_i£w˜¾!„Áû†x¢8€ÙjÀÿþ ´Ñ;áa´[¦†8 º~RÙxœòÜ8'£-)x­ä­ => Key not found.
HKCR\CLSID\ÛŸÆîZ§’2¹Þpv¨IÍá*X(Ž2s(ÛÎÀJºÔÓµ± vË°!×—(ä¼48иpatm6êo^Mp`Ëõ÷_i£w˜¾!„Áû†x¢8€ÙjÀÿþ ´Ñ;áa´[¦†8 º~RÙxœòÜ8'£-)x­ä­ => Key not found.
C:\Windows\System32\Tasks\{3AC193AA-B7EA-48D2-9D49-39099EF51B2B} => Moved successfully.
C:\Windows\System32\Tasks\{22156837-0D2A-4D1C-9926-C830D0C78353} => Moved successfully.
C:\ProgramData\Ask => Moved successfully.
C:\found.001 => Moved successfully.
C:\Windows\Installer\{b93732d6-b308-ce93-f8e0-3f457f76a2f2} => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C03B6840-3796-4DAF-B034-50F585EEF694} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C03B6840-3796-4DAF-B034-50F585EEF694} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC Optimizer Pro64 startups => Key not found.
C:\ProgramData\TEMP => ":025C72E5" ADS removed successfully.
C:\ProgramData\TEMP => ":07D9FF25" ADS removed successfully.
C:\ProgramData\TEMP => ":10CFA7D4" ADS removed successfully.
C:\ProgramData\TEMP => ":114BD271" ADS removed successfully.
C:\ProgramData\TEMP => ":15752405" ADS removed successfully.
C:\ProgramData\TEMP => ":160ADF0B" ADS removed successfully.
C:\ProgramData\TEMP => ":1663E41B" ADS removed successfully.
C:\ProgramData\TEMP => ":206470A5" ADS removed successfully.
C:\ProgramData\TEMP => ":24164710" ADS removed successfully.
C:\ProgramData\TEMP => ":258D2F8B" ADS removed successfully.
C:\ProgramData\TEMP => ":2A66F1C3" ADS removed successfully.
C:\ProgramData\TEMP => ":2AE74FF9" ADS removed successfully.
C:\ProgramData\TEMP => ":2BE0B2D7" ADS removed successfully.
C:\ProgramData\TEMP => ":2CB9631F" ADS removed successfully.
C:\ProgramData\TEMP => ":2DF93164" ADS removed successfully.
C:\ProgramData\TEMP => ":30DA8392" ADS removed successfully.
C:\ProgramData\TEMP => ":35629AE6" ADS removed successfully.
C:\ProgramData\TEMP => ":38E2864F" ADS removed successfully.
C:\ProgramData\TEMP => ":39B14E09" ADS removed successfully.
C:\ProgramData\TEMP => ":438C7496" ADS removed successfully.
C:\ProgramData\TEMP => ":4C3504B5" ADS removed successfully.
C:\ProgramData\TEMP => ":500F73A8" ADS removed successfully.
C:\ProgramData\TEMP => ":5080697C" ADS removed successfully.
C:\ProgramData\TEMP => ":54403233" ADS removed successfully.
C:\ProgramData\TEMP => ":5DABFF83" ADS removed successfully.
C:\ProgramData\TEMP => ":5EC3C304" ADS removed successfully.
C:\ProgramData\TEMP => ":60AC3BC3" ADS removed successfully.
C:\ProgramData\TEMP => ":64170090" ADS removed successfully.
C:\ProgramData\TEMP => ":6C7EBDC3" ADS removed successfully.
C:\ProgramData\TEMP => ":6E6A4F42" ADS removed successfully.
C:\ProgramData\TEMP => ":70B3C619" ADS removed successfully.
C:\ProgramData\TEMP => ":726D640A" ADS removed successfully.
C:\ProgramData\TEMP => ":789BBF3F" ADS removed successfully.
C:\ProgramData\TEMP => ":7BA6D322" ADS removed successfully.
C:\ProgramData\TEMP => ":7BA83BF4" ADS removed successfully.
C:\ProgramData\TEMP => ":7FA0D639" ADS removed successfully.
C:\ProgramData\TEMP => ":803039D6" ADS removed successfully.
C:\ProgramData\TEMP => ":8247A199" ADS removed successfully.
C:\ProgramData\TEMP => ":83FDB6DC" ADS removed successfully.
C:\ProgramData\TEMP => ":8AC20936" ADS removed successfully.
C:\ProgramData\TEMP => ":8BCF4DE2" ADS removed successfully.
C:\ProgramData\TEMP => ":8C12CFCD" ADS removed successfully.
C:\ProgramData\TEMP => ":8E11CC80" ADS removed successfully.
C:\ProgramData\TEMP => ":8F4E260C" ADS removed successfully.
C:\ProgramData\TEMP => ":9033BDFB" ADS removed successfully.
C:\ProgramData\TEMP => ":91730504" ADS removed successfully.
C:\ProgramData\TEMP => ":9AC79996" ADS removed successfully.
C:\ProgramData\TEMP => ":9D6EAEC3" ADS removed successfully.
C:\ProgramData\TEMP => ":9DB67071" ADS removed successfully.
C:\ProgramData\TEMP => ":A31B5E9B" ADS removed successfully.
C:\ProgramData\TEMP => ":A4AF8D0D" ADS removed successfully.
C:\ProgramData\TEMP => ":A57500CB" ADS removed successfully.
C:\ProgramData\TEMP => ":A69FAA24" ADS removed successfully.
C:\ProgramData\TEMP => ":B1FBBD09" ADS removed successfully.
C:\ProgramData\TEMP => ":B91EDB04" ADS removed successfully.
C:\ProgramData\TEMP => ":BB1102D7" ADS removed successfully.
C:\ProgramData\TEMP => ":BDE339B9" ADS removed successfully.
C:\ProgramData\TEMP => ":BDE93B22" ADS removed successfully.
C:\ProgramData\TEMP => ":C2E091F5" ADS removed successfully.
C:\ProgramData\TEMP => ":C67CB31A" ADS removed successfully.
C:\ProgramData\TEMP => ":CD6E25A6" ADS removed successfully.
C:\ProgramData\TEMP => ":CF75D88F" ADS removed successfully.
C:\ProgramData\TEMP => ":D07517E1" ADS removed successfully.
C:\ProgramData\TEMP => ":D453E38B" ADS removed successfully.
C:\ProgramData\TEMP => ":D92485C9" ADS removed successfully.
C:\ProgramData\TEMP => ":E402E439" ADS removed successfully.
C:\ProgramData\TEMP => ":E6D148BC" ADS removed successfully.
C:\ProgramData\TEMP => ":E70FD81B" ADS removed successfully.
C:\ProgramData\TEMP => ":EB86F355" ADS removed successfully.
C:\ProgramData\TEMP => ":ED194880" ADS removed successfully.
C:\ProgramData\TEMP => ":EDDBC69E" ADS removed successfully.
C:\ProgramData\TEMP => ":F35AE645" ADS removed successfully.
C:\ProgramData\TEMP => ":F5E30F6A" ADS removed successfully.
C:\ProgramData\TEMP => ":F5FC5DCE" ADS removed successfully.
C:\ProgramData\TEMP => ":F7061E5F" ADS removed successfully.
C:\ProgramData\TEMP => ":F9E10A82" ADS removed successfully.
C:\ProgramData\TEMP => ":FBA79096" ADS removed successfully.
C:\ProgramData\TEMP => ":FBD274CF" ADS removed successfully.
C:\ProgramData\TEMP => ":FBFC061F" ADS removed successfully.
C:\ProgramData\TEMP => ":FD786DCA" ADS removed successfully.
 
==== End of Fixlog ====


#8 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:54 AM

Posted 14 November 2013 - 06:12 AM

Hello,

 

 

Nice work! :)
Let's check for leftovers.

The most of them should take no more than 5 minutes each.

 

 

 

STEP 1

 

  • Please download RKill by Grinler from the link below and save it to your desktop.

    Rkill
     
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply.
  • A log pops up at the end of the run. This log file is located at C:\rkill.log.
  • Please copy and past the results at pastebin.com and post the link to the log in your next reply.



STEP 2




  • Please download RogueKiller.exe and save to the desktop.
  • Close all windows and browsers
  • Right-click the program and select 'Run as Administrator'
  • Press the scan button.
  • A report opens on the desktop named - RKreport.txt
  • Please copy and past the results at pastebin.com and post the link to the log in your next reply.

 

 

STEP 3



Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    image000q.png
  • Put a checkmark beside loaded modules.
    Sbf88.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    JtwHB.png
  • Click the Start Scan button.
    19695967.jpg
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    67776163.jpg
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    62117367.jpg
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and past the results at pastebin.com and post the link to the log in your next reply.



STEP 4




  • Please download the newest version of Malwarebytes' Anti-Malware and install it.
  • Please start the application by double-click on it's icon.
  • Once the program has loaded go to the UPDATE tab and check for updates.
  • When the update is complete, select the Scanner tab
  • Select Perform quick scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad.
  • Please save it to a convenient location and copy and past the results at pastebin.com and post the link to the log in your next reply.




STEP 5



Please download Farbar Service Scanner and run it on the computer with the issue.


  • Make sure that all options are checked.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and past the results at pastebin.com and post the link to the log in your next reply.



STEP 6



Please download AdwCleaner by Xplode and save to your Desktop.


  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Please copy and past the results at pastebin.com and post the link to the log in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

 

 

 

Regards,

Georgi


cXfZ4wS.png


#9 mazz99

mazz99
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:02:54 AM

Posted 14 November 2013 - 09:25 AM

Hi, thanks so much for your help, here are the first four reports you asked for, the rest will follow asap

 

 

http://pastebin.com/scFVK7rM

 

http://pastebin.com/dSXD9n9n

 

http://pastebin.com/XEJSMNNs

 

http://pastebin.com/KSZULABj



#10 mazz99

mazz99
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:02:54 AM

Posted 14 November 2013 - 04:15 PM

http://pastebin.com/40qzqCM3

 

 

http://pastebin.com/cp2B4u5i

 

 

Here are the final two, hope I have done it right

 

Many thanks again

 

Marion xx



#11 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:54 AM

Posted 14 November 2013 - 04:50 PM

Hi,

 

You posted the logs in private state and I can't access them.

Can you please re-upload them.

Thanks!

 

 

Regards,

Georgi


cXfZ4wS.png


#12 mazz99

mazz99
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:02:54 AM

Posted 14 November 2013 - 07:12 PM

Thank you for your patience. I hope these are right now x

 

 

 

http://pastebin.com/FgJJ1uVY

 

http://pastebin.com/C6BsFn3R

 

http://pastebin.com/TuR5N6dH

 

http://pastebin.com/cn9z368y

 

http://pastebin.com/wrsR2MBq

 

http://pastebin.com/nbchQtP7



#13 B-boy/StyLe/

B-boy/StyLe/

    Bleepin' Freestyler


  • Malware Response Team
  • 8,307 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Bulgaria
  • Local time:05:54 AM

Posted 15 November 2013 - 05:23 AM

Hello,

 

 

You uploaded the MBAM log twice instead of the Rkill log.

Please re-upload the Rkill log as well in your next reply.

 

The rest of the logs are clean:

 

Double click on AdwCleaner.exe to run the tool again.

  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished. this time click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

 

 

 

We are almost done here:

Let's check for malware remnants so we can be sure everything is gone.

 

 

 

STEP 1

 

 

1.Please download HitmanPro.

  • For 32-bit Operating System - dEMD6.gif.
  • This is the mirror - dEMD6.gif
  • For 64-bit Operating System - dEMD6.gif
  • This is the mirror - dEMD6.gif

2.Launch the program by double clicking on the 5vo5F.jpg icon. (Windows Vista/7 users right click on the HitmanPro icon and select run as administrator).

Note: If the program won't run please then open the program while holding down the left CTRL key until the program is loaded.

3.Click on the next button. You must agree with the terms of EULA. (if asked)

4.Check the box beside "No, I only want to perform a one-time scan to check this computer".

5.Click on the next button.

6.The program will start to scan the computer. The scan will typically take no more than 2-3 minutes.

7.When the scan is done click on drop-down menu of the found entries (if any) and choose - Apply to all => Ignore <= IMPORTANT!!!

 

8.Click on the next button.

9.Click on the "Save Log" button.

10.Save that file to your desktop and post the content of that file in your next reply.

 

Note: if there isn't a dropdown menu when the scan is done then please don't delete anything and close HitmanPro

Navigate to C:\ProgramData\HitmanPro\Logs open the report and copy and paste it to your next reply.

 

 

STEP 2

 

 

Download Security Check by screen317 from here.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

 

 

Regards,

Georgi


cXfZ4wS.png


#14 mazz99

mazz99
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:02:54 AM

Posted 15 November 2013 - 10:47 AM

Hi Georgi,

 

To avoid confusing myself (easy done) I have sent the Rkill file first!

 

The rest will follow, Thanks for your patience (again)

 

 

http://pastebin.com/8qkyKKCG



#15 mazz99

mazz99
  • Topic Starter

  • Members
  • 36 posts
  • OFFLINE
  •  
  • Local time:02:54 AM

Posted 15 November 2013 - 11:38 AM

Here we go, hope its ok 
 
# AdwCleaner v3.012 - Report created 15/11/2013 at 15:55:03
# Updated 11/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Marion - MARION-PC
# Running from : C:\Users\Marion\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files (x86)\myfree codec
Folder Deleted : C:\Users\Marion\AppData\Roaming\DriverCure
Folder Deleted : C:\Users\Marion\AppData\Roaming\strongvault
File Deleted : C:\END
File Deleted : C:\Users\Marion\AppData\Local\Temp\Uninstall.exe
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\speedupmypc
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3292715
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKCU\Software\Uniblue
Key Deleted : HKLM\Software\Uniblue
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.16428
 
 
-\\ Google Chrome v30.0.1599.101
 
[ File : C:\Users\Marion\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
 

[code=auto:0]
HitmanPro 3.7.8.208
www.hitmanpro.com
 
   Computer name . . . . : MARION-PC
   Windows . . . . . . . : 6.1.1.7601.X64/8
   User name . . . . . . : Marion-PC\Marion
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free
 
   Scan date . . . . . . : 2013-11-15 16:22:49
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 3m 16s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
 
   Threats . . . . . . . : 0
   Traces  . . . . . . . : 12
 
   Objects scanned . . . : 1,801,599
   Files scanned . . . . : 84,813
   Remnants scanned  . . : 592,775 files / 1,124,011 keys
 
Potential Unwanted Programs _________________________________________________
 
   HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager.1\ (Babylon)
   HKLM\SOFTWARE\Classes\secman.OutlookSecurityManager\ (Babylon)
   HKU\S-1-5-21-1013639583-4134777893-1337409647-1001\Software\Microsoft\Internet Explorer\Approved Extensions\{98889811-442D-49DD-99D7-DC866BE87DBC} (Claro)
   HKU\S-1-5-21-1013639583-4134777893-1337409647-1005\Software\AppDataLow\Software\Crossrider\ (iPumper)
   HKU\S-1-5-21-1013639583-4134777893-1337409647-1005\Software\AppDataLow\Software\Smartbar\ (Conduit)
   HKU\S-1-5-21-1013639583-4134777893-1337409647-1005\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} (Claro)
   HKU\S-1-5-21-1013639583-4134777893-1337409647-1005\Software\Microsoft\Internet Explorer\Approved Extensions\{98889811-442D-49DD-99D7-DC866BE87DBC} (Claro)
   HKU\S-1-5-21-1013639583-4134777893-1337409647-1005\Software\Microsoft\Internet Explorer\Main\bProtector Start Page (Claro)
   HKU\S-1-5-21-1013639583-4134777893-1337409647-1005\Software\Microsoft\Internet Explorer\SearchScopes\bProtectorDefaultScope (Claro)
   HKU\S-1-5-21-1013639583-4134777893-1337409647-1005\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings\ (Claro)
   HKU\S-1-5-21-1013639583-4134777893-1337409647-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}\ (Babylon)
   HKU\S-1-5-21-1013639583-4134777893-1337409647-1005\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}\ (Delta Search)

 
 
 
 Results of screen317's Security Check version 0.99.77  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
McAfee Anti-Virus and Anti-Spyware   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware version 1.75.0.1300  
 Java™ 6 Update 37  
 Java 7 Update 17  
 Java version out of Date! 
 Adobe Reader XI  
 Google Chrome 30.0.1599.101  
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbamgui.exe  
 Malwarebytes' Anti-Malware mbamscheduler.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 
 
 

This is what I have.  Hope its ok

 

Marion






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users