Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Think I have something that Malwarebytes and Superantispyware cant fix.


  • This topic is locked This topic is locked
34 replies to this topic

#1 foxerryan

foxerryan

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 20 November 2013 - 08:29 PM

Running a windows 7 laptop with i3 processor and 6gb of ram

 

Been having problems for about a week now..... I first noticed that Firefox became hijacked with popups on ebay.com under the search bar and on either side of the page.

 

Couldnt fix the problem with any malware scanners so ended up deleting firefox and used IE 10 for a short while but then started noticing that certain buttons wouldnt work or pictures wouldnt load.... etc.. so went to google chrome which seems to be working fine... BUT.... 

 

What the next problem is... is that the computer would start to give a black screen after a wakeup after hibernation.. and I would have to manually shut down by holding the power button.

 

So I disabled hibernate.... now I have been noticing that when the computer is left alone for a few hours (like overnight) I can't open any programs... they won't open.

 

Things like Office starter wont load, paint won't load, control panel won't open.
 

If I log off and then log back onto my windows username I can open programs again... but SOMETIMES even the start menu option to log off the user won't work... So I have to shut the computer down then log in after a shutdown.

 

Creating a windows new user didn't solve the problem.

 

Here is my dds.txt

 

Thank you.

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16720  BrowserJavaVersion: 10.45.2
Run by Snake at 17:15:48 on 2013-11-20
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.5921.3950 [GMT -8:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\FBAgent.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Program Files (x86)\ASUS\FaceLogon\smartlogon.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\IObit\Advanced Spyware Remover\ASRsrv.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files\ASUS\P4G\BatteryLife.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Program Files (x86)\IObit\Advanced Spyware Remover\ASRtray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Windows\splwow64.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://sandiego.craigslist.org/
mWinlogon: Userinit = userinit.exe,
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - 
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - 
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S
mRun: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
mRun: [Advanced Spyware Remover] "C:\Program Files (x86)\IObit\Advanced Spyware Remover\ASRtray.exe" /autostart
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2d4cb59a-7bc9-4d62-bd1c-80114d0ec33f} - C:\Program Files (x86)\ClipGet\ClipGet.exe
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{75F6440B-8FA8-4846-9F47-490FBFC855E6} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{A67B20E0-AB18-425A-9662-512F429E4F16} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{A67B20E0-AB18-425A-9662-512F429E4F16}\34963736F63383335323 : DHCPNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{A67B20E0-AB18-425A-9662-512F429E4F16}\35E616B656 : DHCPNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: weDownload Manager Pro: {11111111-1111-1111-1111-110411361128} - 
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3 
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]
R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2012-1-31 379520]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 ASRservice;ASRservice;C:\Program Files (x86)\IObit\Advanced Spyware Remover\ASRsrv.exe [2013-11-9 697104]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-2-11 907600]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-2-11 997712]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-3-27 185688]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-1-31 2656280]
R3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2011-3-17 74840]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-10-3 129512]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-10-3 394728]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-2-11 1304912]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2011-1-24 58128]
R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2011-1-24 274944]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2011-12-20 142632]
R3 iBtFltCoex;iBtFltCoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2011-1-24 59904]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-12-20 317440]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-12-20 169584]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560]
S3 ExpressInvoiceService;Express Invoice;C:\Program Files (x86)\NCH Software\ExpressInvoice\expressinvoice.exe [2013-11-8 2599464]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-5-1 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-2-18 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2011-2-18 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-4-30 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-11-20 19:53:59 -------- d-----w- C:\Users\Snake\AppData\Local\{B99C1368-48B7-4A40-B059-65005F44D888}
2013-11-20 07:53:46 -------- d-----w- C:\Users\Snake\AppData\Local\{E3D708CD-C47B-417E-8238-C36AEF4CD42B}
2013-11-20 07:53:46 -------- d-----w- C:\Users\Snake\AppData\Local\{417A65F4-8618-4C15-B90C-57894D0CF23B}
2013-11-19 21:13:15 -------- d-----w- C:\extensions
2013-11-19 19:53:23 -------- d-----w- C:\Users\Snake\AppData\Local\{61C910AB-2814-4794-B893-5B76BB8B65AA}
2013-11-19 07:29:30 -------- d-----w- C:\Users\Snake\AppData\Local\{3C62BA6D-C9C9-4392-B14E-81219A0AAC93}
2013-11-18 19:29:19 -------- d-----w- C:\Users\Snake\AppData\Local\{250CAD59-8330-473D-A791-F2AE67F4A8AF}
2013-11-18 18:13:47 -------- d-----w- C:\Users\Snake\AppData\Roaming\GlarySoft
2013-11-18 07:28:55 -------- d-----w- C:\Users\Snake\AppData\Local\{B7B929CF-F134-4FA9-B786-230DBCB70438}
2013-11-17 19:28:31 -------- d-----w- C:\Users\Snake\AppData\Local\{6CBE9B7D-837B-4D2D-928F-2C5F8B561C2E}
2013-11-17 07:28:07 -------- d-----w- C:\Users\Snake\AppData\Local\{8BD05946-CD4E-465D-9B1B-9BD526A116E3}
2013-11-16 19:27:44 -------- d-----w- C:\Users\Snake\AppData\Local\{0D200330-6174-4153-8AA3-65074F00D209}
2013-11-16 07:27:32 -------- d-----w- C:\Users\Snake\AppData\Local\{033CFD4F-21F0-4466-8DD7-4BFA32CE0FD0}
2013-11-15 19:27:21 -------- d-----w- C:\Users\Snake\AppData\Local\{84BA644D-8CF8-4BAE-A32D-D4F2ABBDB2F6}
2013-11-15 07:59:29 -------- d-----w- C:\Users\Snake\AppData\Roaming\Malwarebytes
2013-11-15 07:26:57 -------- d-----w- C:\Users\Snake\AppData\Local\{C06D1D51-F76A-4168-ACEF-C57A2AE471B1}
2013-11-14 19:26:33 -------- d-----w- C:\Users\Snake\AppData\Local\{C1120F68-85AA-499A-B86F-50CB4F4CD578}
2013-11-14 07:26:22 -------- d-----w- C:\Users\Snake\AppData\Local\{232A5A87-944F-4635-AE48-04352B115712}
2013-11-14 06:26:02 -------- d-----w- C:\Users\Snake\AppData\Local\SoftGrid Client
2013-11-14 06:26:01 -------- d-----w- C:\Users\Snake\AppData\Roaming\SoftGrid Client
2013-11-14 04:43:49 -------- d-----w- C:\Users\Snake\AppData\Roaming\FLEXnet
2013-11-14 04:43:48 -------- d-----w- C:\Users\Snake\AppData\Roaming\Nuance
2013-11-14 04:43:44 -------- d-----w- C:\Users\Snake\AppData\Roaming\Zeon
2013-11-13 19:25:58 -------- d-----w- C:\Users\Snake\AppData\Local\{77474E2E-F6BF-408A-8599-BBE559EEE564}
2013-11-13 07:51:24 -------- d-----w- C:\Users\Snake\AppData\Roaming\CoreFTP
2013-11-13 07:29:05 -------- d-----r- C:\Desktop
2013-11-13 07:25:35 -------- d-----w- C:\Users\Snake\AppData\Local\{951995C6-7FEB-41A4-9F9A-1605E11A2793}
2013-11-13 07:25:21 -------- d-----w- C:\Users\Snake\AppData\Roaming\Windows Live Writer
2013-11-13 07:25:21 -------- d-----w- C:\Users\Snake\AppData\Local\Windows Live Writer
2013-11-13 07:23:23 -------- d-----w- C:\Users\Snake\AppData\Local\Google
2013-11-13 07:22:36 -------- dc----w- C:\Users\Snake\AppData\Local\MigWiz
2013-11-13 07:21:07 -------- d-----w- C:\Users\Snake\AppData\Roaming\ASUS WebStorage
2013-11-12 06:16:59 -------- d-----w- C:\ProgramData\CanonIJ
2013-11-10 00:11:48 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-11-09 19:24:59 -------- d--h--w- C:\ProgramData\CanonIJMyPrinter
2013-11-09 11:12:32 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2013-11-09 11:02:16 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-11-09 10:37:48 10280728 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{94FD0732-D1E8-480C-B7C3-7D7F1B157A93}\mpengine.dll
2013-11-09 10:31:20 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2013-11-09 10:31:20 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2013-11-09 10:31:19 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2013-11-09 10:31:19 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2013-11-09 10:31:19 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2013-11-09 10:31:19 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2013-11-09 10:31:19 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2013-11-09 10:20:01 -------- d-----w- C:\Windows\System32\MRT
2013-11-09 10:12:43 46592 ----a-w- C:\Windows\SysWow64\fpb.rs
2013-11-09 10:11:54 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2013-11-09 10:10:59 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-11-09 10:08:22 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-11-09 10:08:22 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-11-09 10:03:16 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll
2013-11-09 10:03:16 1499136 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2013-11-09 10:03:16 1019904 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
2013-11-09 10:03:15 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2013-11-09 10:03:15 61440 ----a-w- C:\Program Files\Common Files\System\ado\msador15.dll
2013-11-09 10:03:15 57344 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msador15.dll
2013-11-09 10:03:15 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll
2013-11-09 10:03:15 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
2013-11-09 10:03:15 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
2013-11-09 10:03:15 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll
2013-11-09 10:03:15 212992 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
2013-11-09 10:03:15 143360 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msjro.dll
2013-11-09 10:03:15 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2013-11-09 09:59:39 67072 ----a-w- C:\Windows\splwow64.exe
2013-11-09 09:59:39 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2013-11-09 09:52:00 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2013-11-09 09:51:53 99840 ----a-w- C:\Windows\System32\wudriver.dll
2013-11-09 09:51:47 36864 ----a-w- C:\Windows\System32\wuapp.exe
2013-11-09 09:51:47 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2013-11-09 08:34:39 -------- d-----w- C:\ProgramData\IObit
2013-11-09 08:34:37 -------- d-----w- C:\Program Files (x86)\IObit
2013-11-09 06:54:34 67472 ------w- C:\Windows\SysWow64\IJRMF.exe
2013-11-09 06:52:24 -------- d-----w- C:\Program Files\Canon
2013-11-09 06:52:20 -------- d-----w- C:\ProgramData\CanonIJPLM
2013-11-08 22:24:18 -------- d-----w- C:\Program Files (x86)\NCH Software
2013-11-07 06:25:03 -------- d-----w- C:\ProgramData\Oracle
2013-11-07 03:58:35 -------- d-----w- C:\Program Files (x86)\weDownload Manager Pro
2013-11-05 21:35:35 91552 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
2013-11-05 21:35:34 91552 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
.
==================== Find3M  ====================
.
2013-11-21 01:06:21 45056 ----a-w- C:\Windows\SysWow64\acovcnt.exe
2013-11-09 11:02:16 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-10-09 00:41:13 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-09 00:41:13 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-09-14 01:10:19 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll
2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2013-09-03 21:35:10 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-08-29 02:17:48 5549504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-29 02:16:35 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-29 02:16:28 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-29 02:16:14 859648 ----a-w- C:\Windows\System32\tdh.dll
2013-08-29 02:13:28 878080 ----a-w- C:\Windows\System32\advapi32.dll
2013-08-29 01:51:45 3969472 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51:45 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50:31 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-29 01:50:30 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-29 01:50:16 619520 ----a-w- C:\Windows\SysWow64\tdh.dll
2013-08-29 01:48:17 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll
2013-08-29 01:48:15 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-08-29 00:49:53 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-29 00:49:52 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-29 00:49:52 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-29 00:49:49 2048 ----a-w- C:\Windows\SysWow64\user.exe
2013-08-28 01:21:06 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-08-28 01:12:33 461312 ----a-w- C:\Windows\System32\scavengeui.dll
.
============= FINISH: 17:16:34.65 ===============

Edited by foxerryan, 20 November 2013 - 08:38 PM.


BC AdBot (Login to Remove)

 


#2 foxerryan

foxerryan
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 20 November 2013 - 08:32 PM

Also forgot to ad that yesterday I tried to use my scanner and got a message that said there wasn't enough memory.... only 2 programs open were google chrome and windows live mail... when I closed both programs I could use the scanner.

 

I have had many more things open in the past and have never seen a low memory error ever.

 

Something is using the system memory.



#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:04 PM

Posted 25 November 2013 - 08:30 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/514880 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 foxerryan

foxerryan
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 25 November 2013 - 10:04 PM

Hi,

 

This laptop came preloaded with windows7 but no physical software cd's etc....

 

here is the updated dds.txt

 

Thanks,

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16720  BrowserJavaVersion: 10.45.2
Run by Snake at 19:03:08 on 2013-11-25
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.5921.2475 [GMT -8:00]
.
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\FBAgent.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\IObit\Advanced Spyware Remover\ASRsrv.exe
C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files\ASUS\P4G\BatteryLife.exe
C:\Windows\system32\taskeng.exe
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Logitech\SetPointP\SetPoint.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.EXE
C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
C:\Program Files (x86)\IObit\Advanced Spyware Remover\ASRtray.exe
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe
C:\Windows\splwow64.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\IObit\Advanced Spyware Remover\ASR.exe
C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://sandiego.craigslist.org/
mWinlogon: Userinit = userinit.exe,
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - 
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - 
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe /S
mRun: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE /logon
mRun: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
mRun: [Advanced Spyware Remover] "C:\Program Files (x86)\IObit\Advanced Spyware Remover\ASRtray.exe" /autostart
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\FANCYS~1.LNK - C:\Windows\Installer\{C944B4C5-1C4D-4D95-8AC0-7CEF13914131}\_77B5857C27147149171BE7.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2d4cb59a-7bc9-4d62-bd1c-80114d0ec33f} - C:\Program Files (x86)\ClipGet\ClipGet.exe
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{75F6440B-8FA8-4846-9F47-490FBFC855E6} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{A67B20E0-AB18-425A-9662-512F429E4F16} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{A67B20E0-AB18-425A-9662-512F429E4F16}\34963736F63383335323 : DHCPNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{A67B20E0-AB18-425A-9662-512F429E4F16}\35E616B656 : DHCPNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: weDownload Manager Pro: {11111111-1111-1111-1111-110411361128} - 
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3 
x64-Run: [BTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
x64-Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming
x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-Notify: LBTWlgn - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]
R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2012-1-31 379520]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 ASRservice;ASRservice;C:\Program Files (x86)\IObit\Advanced Spyware Remover\ASRsrv.exe [2013-11-9 697104]
R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-2-11 907600]
R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2011-2-11 997712]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 Garmin Core Update Service;Garmin Core Update Service;C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [2013-3-27 185688]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-1-31 2656280]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-10-3 129512]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-10-3 394728]
R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2011-2-11 1304912]
R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2011-1-24 58128]
R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2011-1-24 274944]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2011-12-20 142632]
R3 iBtFltCoex;iBtFltCoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2011-1-24 59904]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-12-20 317440]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-12-20 169584]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2011-3-17 74840]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-1 183560]
S3 ExpressInvoiceService;Express Invoice;C:\Program Files (x86)\NCH Software\ExpressInvoice\expressinvoice.exe [2013-11-8 2599464]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-5-1 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-10 56832]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-2-18 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2011-2-18 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-4-30 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-11-25 23:57:11 -------- d-----w- C:\Users\Snake\AppData\Local\{CF3BB459-7E9F-4892-BAD7-2140CD4E45F2}
2013-11-25 11:56:48 -------- d-----w- C:\Users\Snake\AppData\Local\{81B640A1-FE1F-4A6E-AA5F-E96D5BCB52DB}
2013-11-24 23:56:24 -------- d-----w- C:\Users\Snake\AppData\Local\{E442382B-4AA6-4ADE-B14B-4DBFA7F2E091}
2013-11-24 13:17:00 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{94FD0732-D1E8-480C-B7C3-7D7F1B157A93}\offreg.dll
2013-11-24 11:56:12 -------- d-----w- C:\Users\Snake\AppData\Local\{ADF47BB0-C8A2-498F-8296-9A355BB4A410}
2013-11-23 23:56:00 -------- d-----w- C:\Users\Snake\AppData\Local\{684A8179-875F-49E6-94CA-E45F30F6E889}
2013-11-23 07:55:19 -------- d-----w- C:\Users\Snake\AppData\Local\{72298020-34F9-4824-8A3F-A59F4771D58C}
2013-11-22 19:55:07 -------- d-----w- C:\Users\Snake\AppData\Local\{443D3E5B-81EB-493E-8E91-ECB868856BCC}
2013-11-22 07:54:56 -------- d-----w- C:\Users\Snake\AppData\Local\{F5EB6065-2FAC-40F5-8176-F4F8742A61AB}
2013-11-21 19:54:45 -------- d-----w- C:\Users\Snake\AppData\Local\{3790448E-C421-46AB-BF26-086E20C77300}
2013-11-21 07:54:22 -------- d-----w- C:\Users\Snake\AppData\Local\{275BFC88-C3EC-4FA1-B001-0221545196C1}
2013-11-20 19:53:59 -------- d-----w- C:\Users\Snake\AppData\Local\{B99C1368-48B7-4A40-B059-65005F44D888}
2013-11-20 07:53:46 -------- d-----w- C:\Users\Snake\AppData\Local\{E3D708CD-C47B-417E-8238-C36AEF4CD42B}
2013-11-20 07:53:46 -------- d-----w- C:\Users\Snake\AppData\Local\{417A65F4-8618-4C15-B90C-57894D0CF23B}
2013-11-19 21:13:15 -------- d-----w- C:\extensions
2013-11-19 19:53:23 -------- d-----w- C:\Users\Snake\AppData\Local\{61C910AB-2814-4794-B893-5B76BB8B65AA}
2013-11-19 07:29:30 -------- d-----w- C:\Users\Snake\AppData\Local\{3C62BA6D-C9C9-4392-B14E-81219A0AAC93}
2013-11-18 19:29:19 -------- d-----w- C:\Users\Snake\AppData\Local\{250CAD59-8330-473D-A791-F2AE67F4A8AF}
2013-11-18 18:13:47 -------- d-----w- C:\Users\Snake\AppData\Roaming\GlarySoft
2013-11-18 07:28:55 -------- d-----w- C:\Users\Snake\AppData\Local\{B7B929CF-F134-4FA9-B786-230DBCB70438}
2013-11-17 19:28:31 -------- d-----w- C:\Users\Snake\AppData\Local\{6CBE9B7D-837B-4D2D-928F-2C5F8B561C2E}
2013-11-17 07:28:07 -------- d-----w- C:\Users\Snake\AppData\Local\{8BD05946-CD4E-465D-9B1B-9BD526A116E3}
2013-11-16 19:27:44 -------- d-----w- C:\Users\Snake\AppData\Local\{0D200330-6174-4153-8AA3-65074F00D209}
2013-11-16 07:27:32 -------- d-----w- C:\Users\Snake\AppData\Local\{033CFD4F-21F0-4466-8DD7-4BFA32CE0FD0}
2013-11-15 19:27:21 -------- d-----w- C:\Users\Snake\AppData\Local\{84BA644D-8CF8-4BAE-A32D-D4F2ABBDB2F6}
2013-11-15 07:59:29 -------- d-----w- C:\Users\Snake\AppData\Roaming\Malwarebytes
2013-11-15 07:26:57 -------- d-----w- C:\Users\Snake\AppData\Local\{C06D1D51-F76A-4168-ACEF-C57A2AE471B1}
2013-11-14 19:26:33 -------- d-----w- C:\Users\Snake\AppData\Local\{C1120F68-85AA-499A-B86F-50CB4F4CD578}
2013-11-14 07:26:22 -------- d-----w- C:\Users\Snake\AppData\Local\{232A5A87-944F-4635-AE48-04352B115712}
2013-11-14 06:26:02 -------- d-----w- C:\Users\Snake\AppData\Local\SoftGrid Client
2013-11-14 06:26:01 -------- d-----w- C:\Users\Snake\AppData\Roaming\SoftGrid Client
2013-11-14 04:43:49 -------- d-----w- C:\Users\Snake\AppData\Roaming\FLEXnet
2013-11-14 04:43:48 -------- d-----w- C:\Users\Snake\AppData\Roaming\Nuance
2013-11-14 04:43:44 -------- d-----w- C:\Users\Snake\AppData\Roaming\Zeon
2013-11-13 19:25:58 -------- d-----w- C:\Users\Snake\AppData\Local\{77474E2E-F6BF-408A-8599-BBE559EEE564}
2013-11-13 07:51:24 -------- d-----w- C:\Users\Snake\AppData\Roaming\CoreFTP
2013-11-13 07:29:05 -------- d-----r- C:\Desktop
2013-11-13 07:25:35 -------- d-----w- C:\Users\Snake\AppData\Local\{951995C6-7FEB-41A4-9F9A-1605E11A2793}
2013-11-13 07:25:21 -------- d-----w- C:\Users\Snake\AppData\Roaming\Windows Live Writer
2013-11-13 07:25:21 -------- d-----w- C:\Users\Snake\AppData\Local\Windows Live Writer
2013-11-13 07:23:23 -------- d-----w- C:\Users\Snake\AppData\Local\Google
2013-11-13 07:22:36 -------- dc----w- C:\Users\Snake\AppData\Local\MigWiz
2013-11-13 07:21:07 -------- d-----w- C:\Users\Snake\AppData\Roaming\ASUS WebStorage
2013-11-12 06:16:59 -------- d-----w- C:\ProgramData\CanonIJ
2013-11-10 00:11:48 96168 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2013-11-09 19:24:59 -------- d--h--w- C:\ProgramData\CanonIJMyPrinter
2013-11-09 11:12:32 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2013-11-09 11:02:16 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-11-09 10:37:48 10280728 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{94FD0732-D1E8-480C-B7C3-7D7F1B157A93}\mpengine.dll
2013-11-09 10:31:20 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2013-11-09 10:31:20 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2013-11-09 10:31:19 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2013-11-09 10:31:19 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2013-11-09 10:31:19 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2013-11-09 10:31:19 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2013-11-09 10:31:19 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2013-11-09 10:20:01 -------- d-----w- C:\Windows\System32\MRT
2013-11-09 10:12:43 46592 ----a-w- C:\Windows\SysWow64\fpb.rs
2013-11-09 10:11:54 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2013-11-09 10:10:59 1192448 ----a-w- C:\Windows\System32\certutil.exe
2013-11-09 10:08:22 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2013-11-09 10:08:22 2048 ----a-w- C:\Windows\System32\tzres.dll
2013-11-09 10:03:16 466944 ----a-w- C:\Program Files\Common Files\System\ado\msadomd.dll
2013-11-09 10:03:16 1499136 ----a-w- C:\Program Files\Common Files\System\ado\msado15.dll
2013-11-09 10:03:16 1019904 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msado15.dll
2013-11-09 10:03:15 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2013-11-09 10:03:15 61440 ----a-w- C:\Program Files\Common Files\System\ado\msador15.dll
2013-11-09 10:03:15 57344 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msador15.dll
2013-11-09 10:03:15 495616 ----a-w- C:\Program Files\Common Files\System\ado\msadox.dll
2013-11-09 10:03:15 372736 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadox.dll
2013-11-09 10:03:15 352256 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msadomd.dll
2013-11-09 10:03:15 258048 ----a-w- C:\Program Files\Common Files\System\msadc\msadco.dll
2013-11-09 10:03:15 212992 ----a-w- C:\Program Files (x86)\Common Files\System\msadc\msadco.dll
2013-11-09 10:03:15 143360 ----a-w- C:\Program Files (x86)\Common Files\System\ado\msjro.dll
2013-11-09 10:03:15 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2013-11-09 09:59:39 67072 ----a-w- C:\Windows\splwow64.exe
2013-11-09 09:59:39 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2013-11-09 09:52:00 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2013-11-09 09:51:53 99840 ----a-w- C:\Windows\System32\wudriver.dll
2013-11-09 09:51:47 36864 ----a-w- C:\Windows\System32\wuapp.exe
2013-11-09 09:51:47 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2013-11-09 08:34:39 -------- d-----w- C:\ProgramData\IObit
2013-11-09 08:34:37 -------- d-----w- C:\Program Files (x86)\IObit
2013-11-09 06:54:34 67472 ------w- C:\Windows\SysWow64\IJRMF.exe
2013-11-09 06:52:24 -------- d-----w- C:\Program Files\Canon
2013-11-09 06:52:20 -------- d-----w- C:\ProgramData\CanonIJPLM
2013-11-08 22:24:18 -------- d-----w- C:\Program Files (x86)\NCH Software
2013-11-07 06:25:03 -------- d-----w- C:\ProgramData\Oracle
2013-11-07 03:58:35 -------- d-----w- C:\Program Files (x86)\weDownload Manager Pro
2013-11-05 21:35:35 91552 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
2013-11-05 21:35:34 91552 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
.
==================== Find3M  ====================
.
2013-11-25 20:52:09 45056 ----a-w- C:\Windows\SysWow64\acovcnt.exe
2013-11-09 11:02:16 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-10-09 00:41:13 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-09 00:41:13 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-09-14 01:10:19 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll
2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2013-09-03 21:35:10 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-08-29 02:17:48 5549504 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-08-29 02:16:35 1732032 ----a-w- C:\Windows\System32\ntdll.dll
2013-08-29 02:16:28 243712 ----a-w- C:\Windows\System32\wow64.dll
2013-08-29 02:16:14 859648 ----a-w- C:\Windows\System32\tdh.dll
2013-08-29 02:13:28 878080 ----a-w- C:\Windows\System32\advapi32.dll
2013-08-29 01:51:45 3969472 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-29 01:51:45 3914176 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-08-29 01:50:31 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2013-08-29 01:50:30 1292192 ----a-w- C:\Windows\SysWow64\ntdll.dll
2013-08-29 01:50:16 619520 ----a-w- C:\Windows\SysWow64\tdh.dll
2013-08-29 01:48:17 640512 ----a-w- C:\Windows\SysWow64\advapi32.dll
2013-08-29 01:48:15 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2013-08-29 00:49:53 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2013-08-29 00:49:52 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2013-08-29 00:49:52 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2013-08-29 00:49:49 2048 ----a-w- C:\Windows\SysWow64\user.exe
.
============= FINISH: 19:03:25.44 ===============


#5 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:04 PM

Posted 27 November 2013 - 03:25 PM

Hello foxerryan,

  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
      
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
      
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

      
  • Finally, please reply using the Post  button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.

 

 

1.

Download AdwCleaner

  • Double click on AdwCleaner.exe to run the tool.
    ***Note: Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select
    "Run as administrator"
  • Click the Scan button.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your next reply.
  • Or you can find the logfile at C:\AdwCleaner[R1].txt.

 

2.

Do you have a USB Flash Drive?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#6 foxerryan

foxerryan
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 28 November 2013 - 12:50 AM

Hi,

 

1) The log is below.

 

2) Yes I have a USB flash drive.

 

Thanks

 

# AdwCleaner v3.013 - Report created 27/11/2013 at 21:47:12
# Updated 24/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Snake - SNAKE
# Running from : C:\Users\Snake\Downloads\adwcleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\Program Files (x86)\NCH Software
Folder Deleted : C:\Program Files (x86)\weDownload Manager Pro
Folder Deleted : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Folder Deleted : C:\Users\Foxer\AppData\LocalLow\weDownload Manager Pro
Folder Deleted : C:\Users\Foxer\AppData\Roaming\yourfiledownloader
File Deleted : C:\Windows\System32\Tasks\YourFile Update
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFile_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFile_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFileUpdater_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YourFileUpdater_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{12986198-ba8e-4a3a-ae1b-377e1a55e60a}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3515fba9-7f95-44c2-bccc-9e70e3d88b29}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a4f15766-2979-4e81-8891-539543a4a8ff}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{b258ba13-0564-4c10-a1d1-af5ac70e1bbe}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ec259087-b854-4e33-b870-0eefc360604f}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{12986198-ba8e-4a3a-ae1b-377e1a55e60a}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3515fba9-7f95-44c2-bccc-9e70e3d88b29}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{a4f15766-2979-4e81-8891-539543a4a8ff}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{b258ba13-0564-4c10-a1d1-af5ac70e1bbe}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ec259087-b854-4e33-b870-0eefc360604f}
Key Deleted : HKCU\Software\FLEXnet
Key Deleted : HKCU\Software\NCH Software
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\weDownload Manager Pro
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\NCH Software
Key Deleted : HKLM\Software\YourFileDownloader
Key Deleted : HKLM\Software\weDownload Manager Pro
 
***** [ Browsers ] *****


#7 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:04 PM

Posted 29 November 2013 - 11:56 PM

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#8 foxerryan

foxerryan
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 30 November 2013 - 01:02 AM

Hi,

 

Here are both logs.

 

Thanks,

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 28-11-2013
Ran by Snake (administrator) on SNAKE on 29-11-2013 21:44:21
Running from C:\Users\Snake\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(IObit) C:\Program Files (x86)\IObit\Advanced Spyware Remover\ASRsrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Garmin Ltd or its subsidiaries) C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(ASUS) C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\btplayerctrl.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(ASUS) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(CANON INC.) C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(IObit) C:\Program Files (x86)\IObit\Advanced Spyware Remover\ASRtray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ASUS) C:\Windows\AsScrPro.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Mail\wlmail.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(IObit) C:\Program Files (x86)\IObit\Advanced Spyware Remover\ASR.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
() C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\OFFICEVIRT.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-12] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.)
HKLM\...\Run: [RtHDVBg] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-17] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] - rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE [2782096 2010-07-25] (CANON INC.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: C:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
HKLM-x32\...\Run: [Nuance PDF Reader-reminder] - C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini [371 2013-11-29] ()
HKLM-x32\...\Run: [ASUSPRP] - C:\Program Files (x86)\ASUS\APRP\aprp.exe [3331312 2011-10-17] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] - C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.108.222\AsusWSPanel.exe [737104 2011-07-29] (ecareme)
HKLM-x32\...\Run: [SonicMasterTray] - C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-09] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [ATKOSD2] - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5716608 2011-07-21] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-07] (ASUS)
HKLM-x32\...\Run: [HControlUser] - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [Wireless Console 3] - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2319536 2011-10-18] (ASUS)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [CanonSolutionMenuEx] - C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [1213848 2010-09-14] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] - C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [452016 2010-09-09] (CANON INC.)
HKLM-x32\...\Run: [Advanced Spyware Remover] - C:\Program Files (x86)\IObit\Advanced Spyware Remover\ASRtray.exe [1213952 2009-12-15] (IObit)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\Foxer\...\Run: [GarminExpressTrayApp] - C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1098072 2013-03-27] (Garmin Ltd or its subsidiaries)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sandiego.craigslist.org/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x093C693C41E0CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: weDownload Manager Pro - {11111111-1111-1111-1111-110411361128} - C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-bho64.dll No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO-x32: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

Chrome:
=======
CHR RestoreOnStartup: "hxxp://sandiego.craigslist.org/"
CHR Extension: (Google Docs) - C:\Users\Snake\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Snake\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Snake\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Snake\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (AdBlock) - C:\Users\Snake\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.14_0
CHR Extension: (Google Wallet) - C:\Users\Snake\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\Snake\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

==================== Services (Whitelisted) =================

R2 ASRservice; C:\Program Files (x86)\IObit\Advanced Spyware Remover\ASRsrv.exe [697104 2009-12-10] (IObit)
R2 Garmin Core Update Service; C:\Program Files (x86)\Garmin\Core Update Service\Garmin.Cartography.MapUpdate.CoreService.exe [185688 2013-03-27] (Garmin Ltd or its subsidiaries)
S3 ExpressInvoiceService; "C:\Program Files (x86)\NCH Software\ExpressInvoice\expressinvoice.exe" -service [x]

==================== Drivers (Whitelisted) ====================

R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
S3 BTATH_BUS; system32\DRIVERS\btath_bus.sys [x]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-11-29 21:44 - 2013-11-29 21:44 - 00013305 _____ C:\Users\Snake\Desktop\FRST.txt
2013-11-29 21:43 - 2013-11-29 21:43 - 00000000 ____D C:\FRST
2013-11-29 21:42 - 2013-11-29 21:42 - 01959024 _____ (Farbar) C:\Users\Snake\Desktop\FRST64.exe
2013-11-29 11:15 - 2013-11-29 11:15 - 00000000 ____D C:\Users\Snake\AppData\Local\{1264EDF0-DC07-4484-B854-C39F81230E93}
2013-11-28 23:15 - 2013-11-28 23:15 - 00000000 ____D C:\Users\Snake\AppData\Local\{DE1439EB-66EC-4C3E-A36E-53C6F62B6AB9}
2013-11-28 11:15 - 2013-11-28 11:15 - 00000000 ____D C:\Users\Snake\AppData\Local\{5DD61390-3731-4439-8685-7C7A7281ADE9}
2013-11-27 23:14 - 2013-11-27 23:15 - 00000000 ____D C:\Users\Snake\AppData\Local\{A16BBB32-CA56-43C2-B70B-4AC084347753}
2013-11-27 21:45 - 2013-11-27 21:47 - 00000000 ____D C:\AdwCleaner
2013-11-27 21:44 - 2013-11-27 21:45 - 01091882 _____ C:\Users\Snake\Downloads\adwcleaner.exe
2013-11-27 09:53 - 2013-11-27 09:53 - 00000000 ____D C:\Users\Snake\AppData\Local\{42C92F92-B8DC-4A29-AED7-C7F6F73B2D52}
2013-11-26 21:53 - 2013-11-26 21:53 - 00000000 ____D C:\Users\Snake\AppData\Local\{BAB368AC-8B93-409E-B5E6-40CD5802BF2A}
2013-11-26 16:40 - 2013-11-26 16:40 - 00000000 ____D C:\Users\Snake\AppData\Local\CrashDumps
2013-11-26 03:57 - 2013-11-26 03:57 - 00000000 ____D C:\Users\Snake\AppData\Local\{B1348E03-37AF-438B-AA8C-AB72DB58EDE0}
2013-11-25 19:03 - 2013-11-25 19:03 - 00025376 _____ C:\Users\Snake\Desktop\dds.txt
2013-11-25 19:03 - 2013-11-25 19:03 - 00006791 _____ C:\Users\Snake\Desktop\attach.txt
2013-11-25 15:57 - 2013-11-25 15:57 - 00000000 ____D C:\Users\Snake\AppData\Local\{CF3BB459-7E9F-4892-BAD7-2140CD4E45F2}
2013-11-25 03:56 - 2013-11-25 03:56 - 00000000 ____D C:\Users\Snake\AppData\Local\{81B640A1-FE1F-4A6E-AA5F-E96D5BCB52DB}
2013-11-24 20:22 - 2013-11-24 20:35 - 00000000 ____D C:\Users\Snake\Desktop\old mine
2013-11-24 15:56 - 2013-11-24 15:56 - 00000000 ____D C:\Users\Snake\AppData\Local\{E442382B-4AA6-4ADE-B14B-4DBFA7F2E091}
2013-11-24 03:56 - 2013-11-24 03:56 - 00000000 ____D C:\Users\Snake\AppData\Local\{ADF47BB0-C8A2-498F-8296-9A355BB4A410}
2013-11-23 20:13 - 2013-11-23 20:13 - 00819160 _____ (Google Inc.) C:\Users\Snake\Downloads\GoogleEarthPluginSetup.exe
2013-11-23 15:56 - 2013-11-23 15:56 - 00000000 ____D C:\Users\Snake\AppData\Local\{684A8179-875F-49E6-94CA-E45F30F6E889}
2013-11-22 23:55 - 2013-11-22 23:55 - 00000000 ____D C:\Users\Snake\AppData\Local\{72298020-34F9-4824-8A3F-A59F4771D58C}
2013-11-22 22:50 - 2013-11-22 22:50 - 00000399 _____ C:\Users\Snake\Downloads\pm-rrb.csv
2013-11-22 11:55 - 2013-11-22 11:55 - 00000000 ____D C:\Users\Snake\AppData\Local\{443D3E5B-81EB-493E-8E91-ECB868856BCC}
2013-11-21 23:54 - 2013-11-21 23:55 - 00000000 ____D C:\Users\Snake\AppData\Local\{F5EB6065-2FAC-40F5-8176-F4F8742A61AB}
2013-11-21 11:54 - 2013-11-21 11:54 - 00000000 ____D C:\Users\Snake\AppData\Local\{3790448E-C421-46AB-BF26-086E20C77300}
2013-11-20 23:54 - 2013-11-20 23:54 - 00000000 ____D C:\Users\Snake\AppData\Local\{275BFC88-C3EC-4FA1-B001-0221545196C1}
2013-11-20 12:31 - 2013-11-20 12:31 - 00688992 ____R (Swearware) C:\Users\Snake\Downloads\dds.com
2013-11-20 11:53 - 2013-11-20 11:54 - 00000000 ____D C:\Users\Snake\AppData\Local\{B99C1368-48B7-4A40-B059-65005F44D888}
2013-11-19 23:53 - 2013-11-20 11:01 - 00000000 ____D C:\Users\Snake\AppData\Local\{E3D708CD-C47B-417E-8238-C36AEF4CD42B}
2013-11-19 23:53 - 2013-11-19 23:53 - 00000000 ____D C:\Users\Snake\AppData\Local\{417A65F4-8618-4C15-B90C-57894D0CF23B}
2013-11-19 14:11 - 2013-11-27 11:59 - 00000544 _____ C:\Users\Snake\AppData\Roaming\ClipGet-FlvConverterDefaultSettings.xml
2013-11-19 13:13 - 2013-11-19 13:13 - 00000028 _____ C:\Users\Snake\AppData\Roaming\ClipGet-UpdatePerformed.txt
2013-11-19 13:13 - 2013-11-19 13:13 - 00000000 ____D C:\extensions
2013-11-19 11:53 - 2013-11-19 11:53 - 00000000 ____D C:\Users\Snake\AppData\Local\{61C910AB-2814-4794-B893-5B76BB8B65AA}
2013-11-18 23:29 - 2013-11-18 23:29 - 00000000 ____D C:\Users\Snake\AppData\Local\{3C62BA6D-C9C9-4392-B14E-81219A0AAC93}
2013-11-18 11:29 - 2013-11-18 11:29 - 00000000 ____D C:\Users\Snake\AppData\Local\{250CAD59-8330-473D-A791-F2AE67F4A8AF}
2013-11-18 10:13 - 2013-11-18 10:13 - 00000000 ____D C:\Users\Snake\AppData\Roaming\GlarySoft
2013-11-17 23:28 - 2013-11-17 23:29 - 00000000 ____D C:\Users\Snake\AppData\Local\{B7B929CF-F134-4FA9-B786-230DBCB70438}
2013-11-17 13:54 - 2013-11-17 13:57 - 00000000 ____D C:\Users\Snake\AppData\Roaming\Canon
2013-11-17 11:28 - 2013-11-17 11:28 - 00000000 ____D C:\Users\Snake\AppData\Local\{6CBE9B7D-837B-4D2D-928F-2C5F8B561C2E}
2013-11-16 23:28 - 2013-11-16 23:28 - 00000000 ____D C:\Users\Snake\AppData\Local\{8BD05946-CD4E-465D-9B1B-9BD526A116E3}
2013-11-16 11:27 - 2013-11-16 11:27 - 00000000 ____D C:\Users\Snake\AppData\Local\{0D200330-6174-4153-8AA3-65074F00D209}
2013-11-15 23:27 - 2013-11-15 23:27 - 00000000 ____D C:\Users\Snake\AppData\Local\{033CFD4F-21F0-4466-8DD7-4BFA32CE0FD0}
2013-11-15 11:27 - 2013-11-15 11:27 - 00000000 ____D C:\Users\Snake\AppData\Local\{84BA644D-8CF8-4BAE-A32D-D4F2ABBDB2F6}
2013-11-14 23:59 - 2013-11-14 23:59 - 00000000 ____D C:\Users\Snake\AppData\Roaming\Malwarebytes
2013-11-14 23:26 - 2013-11-14 23:27 - 00000000 ____D C:\Users\Snake\AppData\Local\{C06D1D51-F76A-4168-ACEF-C57A2AE471B1}
2013-11-14 11:26 - 2013-11-14 11:26 - 00000000 ____D C:\Users\Snake\AppData\Local\{C1120F68-85AA-499A-B86F-50CB4F4CD578}
2013-11-13 23:26 - 2013-11-13 23:26 - 00000000 ____D C:\Users\Snake\AppData\Local\{232A5A87-944F-4635-AE48-04352B115712}
2013-11-13 22:26 - 2013-11-28 23:37 - 00000000 ____D C:\Users\Snake\AppData\Roaming\SoftGrid Client
2013-11-13 22:26 - 2013-11-13 22:26 - 00000000 ____D C:\Users\Snake\AppData\Local\SoftGrid Client
2013-11-13 20:43 - 2013-11-13 20:43 - 00000000 ____D C:\Users\Snake\AppData\Roaming\Zeon
2013-11-13 20:43 - 2013-11-13 20:43 - 00000000 ____D C:\Users\Snake\AppData\Roaming\Nuance
2013-11-13 20:43 - 2013-11-13 20:43 - 00000000 ____D C:\Users\Snake\AppData\Roaming\FLEXnet
2013-11-13 20:19 - 2013-11-14 16:39 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-11-13 11:25 - 2013-11-13 11:26 - 00000000 ____D C:\Users\Snake\AppData\Local\{77474E2E-F6BF-408A-8599-BBE559EEE564}
2013-11-12 23:51 - 2013-11-21 18:00 - 00000000 ____D C:\Users\Snake\AppData\Roaming\CoreFTP
2013-11-12 23:48 - 2013-11-12 23:50 - 00000000 ____D C:\Users\Snake\Desktop\Music 1
2013-11-12 23:31 - 2013-11-22 23:56 - 00000000 ____D C:\Users\Snake\Desktop\New folder (3)
2013-11-12 23:29 - 2013-11-20 20:43 - 00000000 ____D C:\Users\Snake\Desktop\Blick's JOBS
2013-11-12 23:29 - 2013-09-13 23:28 - 00000000 _____ C:\Users\Snake\Desktop\17tumbamusic modest intentions morning in sydney.txt
2013-11-12 23:29 - 2013-07-11 13:50 - 00001890 _____ C:\Users\Snake\Desktop\Garmin Express.lnk
2013-11-12 23:29 - 2013-04-28 00:50 - 00001297 _____ C:\Users\Snake\Desktop\Free Audio CD Burner.lnk
2013-11-12 23:29 - 2012-05-01 16:28 - 00000993 _____ C:\Users\Snake\Desktop\Core FTP LE.lnk
2013-11-12 23:29 - 2009-07-13 20:55 - 00001230 _____ C:\Users\Snake\Desktop\Calculator.lnk
2013-11-12 23:29 - 2009-07-13 20:54 - 00001304 _____ C:\Users\Snake\Desktop\Notepad.lnk
2013-11-12 23:29 - 2009-07-13 20:54 - 00001242 _____ C:\Users\Snake\Desktop\Paint.lnk
2013-11-12 23:25 - 2013-11-13 19:27 - 00000000 ____D C:\Users\Snake\AppData\Roaming\Windows Live Writer
2013-11-12 23:25 - 2013-11-12 23:25 - 00000000 ____D C:\Users\Snake\AppData\Local\Windows Live Writer
2013-11-12 23:25 - 2013-11-12 23:25 - 00000000 ____D C:\Users\Snake\AppData\Local\{951995C6-7FEB-41A4-9F9A-1605E11A2793}
2013-11-12 23:23 - 2013-11-13 20:19 - 00000000 ____D C:\Users\Snake\AppData\Local\Google
2013-11-12 23:23 - 2013-11-12 23:23 - 00000000 ____D C:\Users\Snake\AppData\Roaming\Macromedia
2013-11-12 23:23 - 2013-11-12 23:23 - 00000000 ____D C:\Users\Snake\AppData\Roaming\Google
2013-11-12 23:22 - 2013-11-12 23:22 - 00000000 ___DC C:\Users\Snake\AppData\Local\MigWiz
2013-11-12 23:21 - 2013-11-12 23:21 - 00000000 ____D C:\Users\Snake\AppData\Roaming\ASUS WebStorage
2013-11-12 23:20 - 2013-11-12 23:20 - 00058016 _____ C:\Users\Snake\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-12 23:20 - 2013-11-12 23:20 - 00000000 ____D C:\Users\Snake\AppData\Roaming\Logitech
2013-11-12 23:20 - 2013-11-12 23:20 - 00000000 ____D C:\Users\Snake\AppData\Roaming\Apple Computer
2013-11-12 23:19 - 2013-11-12 23:20 - 00000000 ___RD C:\Users\Snake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-12 23:19 - 2013-11-12 23:20 - 00000000 ___RD C:\Users\Snake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-11-12 23:19 - 2013-11-12 23:19 - 00001415 _____ C:\Users\Snake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-12 23:19 - 2013-11-12 23:19 - 00000020 ___SH C:\Users\Snake\ntuser.ini
2013-11-12 23:19 - 2013-11-12 23:19 - 00000000 ____D C:\Users\Snake\AppData\Roaming\Adobe
2013-11-12 23:19 - 2013-11-12 23:19 - 00000000 ____D C:\Users\Snake\AppData\Local\VirtualStore
2013-11-12 23:19 - 2013-11-12 23:19 - 00000000 ____D C:\Users\Snake\AppData\Local\Power2Go
2013-11-12 23:19 - 2013-11-12 23:19 - 00000000 ____D C:\Users\Snake
2013-11-12 23:19 - 2009-07-13 20:54 - 00000000 ___RD C:\Users\Snake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-11-12 23:19 - 2009-07-13 20:49 - 00000000 ___RD C:\Users\Snake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-11-12 19:39 - 2013-11-12 19:40 - 00000000 ____D C:\Users\Foxer\AppData\Local\{C28A15A7-0422-4A93-90C1-636C10691972}
2013-11-11 23:28 - 2013-11-11 23:28 - 00000000 ____D C:\Users\Foxer\AppData\Local\{F630B419-C1D1-49A2-A5D5-E91223A65C8F}
2013-11-11 22:16 - 2013-11-11 22:16 - 00000000 ____D C:\ProgramData\CanonIJ
2013-11-11 11:28 - 2013-11-11 11:28 - 00000000 ____D C:\Users\Foxer\AppData\Local\{38E9CBC0-9BB9-439B-90A5-E25EE7FDF092}
2013-11-10 23:28 - 2013-11-10 23:28 - 00000000 ____D C:\Users\Foxer\AppData\Local\{66F21107-AB9C-451F-B38A-976C27E638F4}
2013-11-10 11:27 - 2013-11-10 11:27 - 00000000 ____D C:\Users\Foxer\AppData\Local\{FFB29359-779E-40C8-A7D9-CFF000905ABF}
2013-11-09 23:27 - 2013-11-09 23:27 - 00000000 ____D C:\Users\Foxer\AppData\Local\{B2B0BDF8-540B-43C2-9D14-2FA0BABD555E}
2013-11-09 16:11 - 2013-11-09 16:11 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-11-09 16:11 - 2013-11-09 16:11 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-11-09 16:11 - 2013-11-09 16:11 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-11-09 16:11 - 2013-11-09 16:11 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-11-09 16:11 - 2013-11-09 16:11 - 00000000 ____D C:\Program Files (x86)\Java
2013-11-09 11:27 - 2013-11-09 11:27 - 00000000 ____D C:\Users\Foxer\AppData\Local\{EC9AEA77-FB46-496D-B759-E9E01358E0FD}
2013-11-09 11:24 - 2013-11-09 11:24 - 00000000 ___HD C:\ProgramData\CanonIJMyPrinter
2013-11-09 03:05 - 2013-11-09 03:05 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-09 03:05 - 2013-11-09 03:05 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-09 03:05 - 2013-11-09 03:05 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-09 03:05 - 2013-11-09 03:05 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-09 03:05 - 2013-11-09 03:05 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-09 03:05 - 2013-11-09 03:05 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-09 03:05 - 2013-11-09 03:05 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 01054720 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-09 03:05 - 2013-11-09 03:05 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-09 03:05 - 2013-11-09 03:05 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-09 03:05 - 2013-11-09 03:05 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-09 03:05 - 2013-11-09 03:05 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-09 03:05 - 2013-11-09 03:05 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-09 03:05 - 2013-11-09 03:05 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-09 03:05 - 2013-11-09 03:05 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-09 03:05 - 2013-11-09 03:05 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-09 03:05 - 2013-11-09 03:05 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-09 03:05 - 2013-11-09 03:05 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-09 03:05 - 2013-11-09 03:05 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-09 03:05 - 2013-11-09 03:05 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-09 03:05 - 2013-11-09 03:05 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-09 03:05 - 2013-11-09 03:05 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-09 03:05 - 2013-11-09 03:05 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-09 03:05 - 2013-11-09 03:05 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-09 03:05 - 2013-11-09 03:05 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-09 03:05 - 2013-11-09 03:05 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-09 03:05 - 2013-11-09 03:05 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-09 03:02 - 2013-11-09 03:02 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-11-09 02:59 - 2013-11-09 16:29 - 00010839 _____ C:\Windows\IE10_main.log
2013-11-09 02:31 - 2012-07-25 19:08 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2013-11-09 02:31 - 2012-07-25 19:08 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2013-11-09 02:31 - 2012-07-25 19:08 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2013-11-09 02:31 - 2012-07-25 19:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2013-11-09 02:31 - 2012-07-25 19:08 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2013-11-09 02:31 - 2012-07-25 18:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2013-11-09 02:31 - 2012-07-25 18:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2013-11-09 02:31 - 2012-06-02 06:57 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2013-11-09 02:20 - 2013-11-09 02:22 - 00000000 ____D C:\Windows\system32\MRT
2013-11-09 02:20 - 2013-09-26 01:46 - 80541720 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-09 02:13 - 2013-08-28 18:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-11-09 02:13 - 2013-08-28 18:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-11-09 02:13 - 2013-08-28 18:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-11-09 02:13 - 2013-08-28 18:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-11-09 02:13 - 2013-08-28 18:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-11-09 02:13 - 2013-08-28 17:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-11-09 02:13 - 2013-08-28 17:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-11-09 02:13 - 2013-08-28 17:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-11-09 02:13 - 2013-08-28 17:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-11-09 02:13 - 2013-08-28 17:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-11-09 02:13 - 2013-08-28 17:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-11-09 02:13 - 2013-08-28 16:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-11-09 02:13 - 2013-08-28 16:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-11-09 02:13 - 2013-08-28 16:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-11-09 02:13 - 2013-08-28 16:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-11-09 02:13 - 2013-07-08 21:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-11-09 02:13 - 2013-07-08 20:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2013-11-09 02:13 - 2013-04-25 21:51 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-11-09 02:13 - 2013-04-25 20:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-11-09 02:12 - 2013-02-26 22:02 - 00111448 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2013-11-09 02:12 - 2013-02-26 21:48 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-09 02:12 - 2013-02-26 21:47 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2013-11-09 02:12 - 2013-02-26 20:49 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-09 02:12 - 2013-01-23 22:01 - 00223752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2013-11-09 02:12 - 2012-12-07 05:20 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2013-11-09 02:12 - 2012-12-07 05:15 - 02746368 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2013-11-09 02:12 - 2012-12-07 04:26 - 00308736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2013-11-09 02:12 - 2012-12-07 04:20 - 02576384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
2013-11-09 02:12 - 2012-12-07 03:20 - 00045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs
2013-11-09 02:12 - 2012-12-07 03:20 - 00044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs
2013-11-09 02:12 - 2012-12-07 03:20 - 00043520 _____ (Microsoft) C:\Windows\system32\csrr.rs
2013-11-09 02:12 - 2012-12-07 03:20 - 00030720 _____ (Microsoft) C:\Windows\system32\usk.rs
2013-11-09 02:12 - 2012-12-07 03:20 - 00023552 _____ (Microsoft) C:\Windows\system32\oflc.rs
2013-11-09 02:12 - 2012-12-07 03:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs
2013-11-09 02:12 - 2012-12-07 03:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs
2013-11-09 02:12 - 2012-12-07 03:19 - 00055296 _____ (Microsoft) C:\Windows\system32\cero.rs
2013-11-09 02:12 - 2012-12-07 03:19 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs
2013-11-09 02:12 - 2012-12-07 03:19 - 00046592 _____ (Microsoft) C:\Windows\system32\fpb.rs
2013-11-09 02:12 - 2012-12-07 03:19 - 00040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs
2013-11-09 02:12 - 2012-12-07 03:19 - 00021504 _____ (Microsoft) C:\Windows\system32\grb.rs
2013-11-09 02:12 - 2012-12-07 03:19 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi.rs
2013-11-09 02:12 - 2012-12-07 03:19 - 00015360 _____ (Microsoft) C:\Windows\system32\djctq.rs
2013-11-09 02:12 - 2012-12-07 02:46 - 00055296 _____ (Microsoft) C:\Windows\SysWOW64\cero.rs
2013-11-09 02:12 - 2012-12-07 02:46 - 00051712 _____ (Microsoft) C:\Windows\SysWOW64\esrb.rs
2013-11-09 02:12 - 2012-12-07 02:46 - 00046592 _____ (Microsoft) C:\Windows\SysWOW64\fpb.rs
2013-11-09 02:12 - 2012-12-07 02:46 - 00045568 _____ (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs
2013-11-09 02:12 - 2012-12-07 02:46 - 00044544 _____ (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs
2013-11-09 02:12 - 2012-12-07 02:46 - 00043520 _____ (Microsoft) C:\Windows\SysWOW64\csrr.rs
2013-11-09 02:12 - 2012-12-07 02:46 - 00040960 _____ (Microsoft) C:\Windows\SysWOW64\cob-au.rs
2013-11-09 02:12 - 2012-12-07 02:46 - 00030720 _____ (Microsoft) C:\Windows\SysWOW64\usk.rs
2013-11-09 02:12 - 2012-12-07 02:46 - 00023552 _____ (Microsoft) C:\Windows\SysWOW64\oflc.rs
2013-11-09 02:12 - 2012-12-07 02:46 - 00021504 _____ (Microsoft) C:\Windows\SysWOW64\grb.rs
2013-11-09 02:12 - 2012-12-07 02:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs
2013-11-09 02:12 - 2012-12-07 02:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs
2013-11-09 02:12 - 2012-12-07 02:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi.rs
2013-11-09 02:12 - 2012-12-07 02:46 - 00015360 _____ (Microsoft) C:\Windows\SysWOW64\djctq.rs
2013-11-09 02:12 - 2012-11-29 21:45 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2013-11-09 02:12 - 2012-11-29 21:45 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2013-11-09 02:12 - 2012-11-29 21:43 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2013-11-09 02:12 - 2012-11-29 15:17 - 00420064 _____ C:\Windows\SysWOW64\locale.nls
2013-11-09 02:12 - 2012-11-29 15:15 - 00420064 _____ C:\Windows\system32\locale.nls
2013-11-09 02:12 - 2012-06-01 21:50 - 00458704 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-09 02:12 - 2012-06-01 21:48 - 00151920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-09 02:12 - 2012-06-01 21:48 - 00095600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-09 02:12 - 2012-06-01 21:45 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-09 02:12 - 2012-06-01 20:40 - 00225280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-09 02:12 - 2012-06-01 20:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-09 02:12 - 2012-06-01 20:34 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-09 02:11 - 2013-09-13 17:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-09 02:11 - 2013-09-07 18:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-11-09 02:11 - 2013-09-07 18:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-11-09 02:11 - 2013-09-07 18:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-11-09 02:11 - 2013-08-01 18:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-11-09 02:11 - 2013-08-01 18:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-11-09 02:11 - 2013-08-01 18:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-11-09 02:11 - 2013-08-01 18:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-11-09 02:11 - 2013-08-01 18:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2013-11-09 02:11 - 2013-08-01 18:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-11-09 02:11 - 2013-08-01 18:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-11-09 02:11 - 2013-08-01 18:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-11-09 02:11 - 2013-08-01 18:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-11-09 02:11 - 2013-08-01 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-11-09 02:11 - 2013-08-01 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-11-09 02:11 - 2013-08-01 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-11-09 02:11 - 2013-08-01 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-11-09 02:11 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-11-09 02:11 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-11-09 02:11 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-11-09 02:11 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-11-09 02:11 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-11-09 02:11 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-11-09 02:11 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-11-09 02:11 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-11-09 02:11 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-11-09 02:11 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-11-09 02:11 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-11-09 02:11 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-11-09 02:11 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-11-09 02:11 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-11-09 02:11 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-11-09 02:11 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-11-09 02:11 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-11-09 02:11 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-11-09 02:11 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-11-09 02:11 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-11-09 02:11 - 2013-08-01 17:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2013-11-09 02:11 - 2013-08-01 17:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2013-11-09 02:11 - 2013-08-01 17:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2013-11-09 02:11 - 2013-08-01 17:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2013-11-09 02:11 - 2013-08-01 17:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-11-09 02:11 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-11-09 02:11 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-11-09 02:11 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-11-09 02:11 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-11-09 02:11 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-11-09 02:11 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-11-09 02:11 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-11-09 02:11 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-11-09 02:11 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-11-09 02:11 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-11-09 02:11 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-11-09 02:11 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2013-11-09 02:11 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-11-09 02:11 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-11-09 02:11 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2013-11-09 02:11 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-11-09 02:11 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-11-09 02:11 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-11-09 02:11 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-11-09 02:11 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-11-09 02:11 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-11-09 02:11 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2013-11-09 02:11 - 2013-08-01 17:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-11-09 02:11 - 2013-08-01 16:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-11-09 02:11 - 2013-08-01 16:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2013-11-09 02:11 - 2013-08-01 16:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-11-09 02:11 - 2013-08-01 16:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-11-09 02:11 - 2013-08-01 16:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2013-11-09 02:11 - 2013-06-25 14:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-11-09 02:11 - 2013-01-02 22:00 - 00288088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2013-11-09 02:11 - 2012-11-28 14:56 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2013-11-09 02:11 - 2012-11-28 14:56 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2013-11-09 02:11 - 2012-11-28 14:56 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2013-11-09 02:11 - 2012-08-22 10:12 - 00376688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2013-11-09 02:10 - 2013-08-04 18:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-11-09 02:10 - 2013-07-25 01:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-11-09 02:10 - 2013-07-25 00:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2013-11-09 02:10 - 2013-07-08 21:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-11-09 02:10 - 2013-07-08 21:46 - 01472512 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-09 02:10 - 2013-07-08 21:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-11-09 02:10 - 2013-07-08 21:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-11-09 02:10 - 2013-07-08 20:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2013-11-09 02:10 - 2013-07-08 20:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-09 02:10 - 2013-07-08 20:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-11-09 02:10 - 2013-07-08 20:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-11-09 02:10 - 2013-07-04 04:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-11-09 02:10 - 2013-07-04 04:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-11-09 02:10 - 2013-07-04 03:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-11-09 02:10 - 2013-07-04 03:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-11-09 02:10 - 2013-07-04 02:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-11-09 02:10 - 2013-06-05 21:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-11-09 02:10 - 2013-06-05 21:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-11-09 02:10 - 2013-06-05 21:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-11-09 02:10 - 2013-06-05 21:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-11-09 02:10 - 2013-06-05 20:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-11-09 02:10 - 2013-06-05 20:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-11-09 02:10 - 2013-06-05 20:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-11-09 02:10 - 2013-06-05 19:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-11-09 02:10 - 2013-06-05 19:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-11-09 02:10 - 2013-06-05 19:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-11-09 02:10 - 2013-05-12 21:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2013-11-09 02:10 - 2013-05-12 19:43 - 01192448 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2013-11-09 02:10 - 2013-05-12 19:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-11-09 02:10 - 2013-05-12 19:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-11-09 02:10 - 2013-05-09 21:49 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2013-11-09 02:10 - 2013-05-09 19:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-11-09 02:10 - 2013-04-25 15:30 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-11-09 02:10 - 2013-04-12 06:45 - 01656680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2013-11-09 02:10 - 2013-03-31 14:52 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-11-09 02:10 - 2013-02-14 22:08 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2013-11-09 02:10 - 2013-02-14 22:06 - 03717632 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2013-11-09 02:10 - 2013-02-14 22:02 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2013-11-09 02:10 - 2013-02-14 20:37 - 03217408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2013-11-09 02:10 - 2013-02-14 20:34 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2013-11-09 02:10 - 2013-02-14 19:25 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2013-11-09 02:10 - 2012-11-21 21:44 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2013-11-09 02:10 - 2012-11-21 20:45 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2013-11-09 02:10 - 2012-04-07 04:31 - 03216384 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2013-11-09 02:10 - 2012-04-07 03:26 - 02342400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2013-11-09 02:09 - 2013-08-27 17:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-11-09 02:09 - 2013-08-01 04:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-11-09 02:09 - 2013-07-25 18:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-11-09 02:09 - 2013-07-25 18:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-11-09 02:09 - 2013-07-25 17:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2013-11-09 02:09 - 2013-07-25 17:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2013-11-09 02:09 - 2013-07-20 02:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-11-09 02:09 - 2013-07-20 02:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-11-09 02:09 - 2013-07-12 02:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-11-09 02:09 - 2013-07-12 02:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-11-09 02:09 - 2013-07-02 20:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-11-09 02:09 - 2013-07-02 20:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-11-09 02:09 - 2013-07-02 20:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-11-09 02:09 - 2013-06-14 20:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-11-09 02:09 - 2013-06-03 22:00 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-11-09 02:09 - 2013-06-03 20:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2013-11-09 02:09 - 2013-04-09 22:01 - 00265064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2013-11-09 02:09 - 2013-03-18 21:53 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2013-11-09 02:09 - 2013-03-18 21:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2013-11-09 02:09 - 2013-02-11 20:12 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2013-11-09 02:09 - 2012-11-19 21:48 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-09 02:09 - 2012-11-19 20:51 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-09 02:09 - 2012-11-01 21:59 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2013-11-09 02:09 - 2012-11-01 21:11 - 00376832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2013-11-09 02:09 - 2012-10-09 10:17 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2013-11-09 02:09 - 2012-10-09 10:17 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2013-11-09 02:09 - 2012-10-09 09:40 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2013-11-09 02:09 - 2012-10-09 09:40 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2013-11-09 02:09 - 2012-08-22 10:12 - 00950128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2013-11-09 02:09 - 2012-08-21 13:01 - 00245760 _____ (Microsoft Corporation) C:\Windows\system32\OxpsConverter.exe
2013-11-09 02:09 - 2012-08-10 16:56 - 00715776 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2013-11-09 02:09 - 2012-08-10 15:56 - 00542208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2013-11-09 02:09 - 2012-07-06 12:07 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2013-11-09 02:09 - 2012-07-04 14:16 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll
2013-11-09 02:09 - 2012-07-04 14:13 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\browser.dll
2013-11-09 02:09 - 2012-07-04 14:13 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\browcli.dll
2013-11-09 02:09 - 2012-07-04 13:16 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2013-11-09 02:09 - 2012-07-04 13:14 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2013-11-09 02:09 - 2012-07-04 12:26 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys
2013-11-09 02:09 - 2012-05-13 21:26 - 00956928 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2013-11-09 02:09 - 2012-05-05 00:36 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2013-11-09 02:09 - 2012-05-04 23:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2013-11-09 02:09 - 2012-04-30 21:40 - 00209920 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2013-11-09 02:09 - 2012-04-25 21:41 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2013-11-09 02:09 - 2012-04-25 21:41 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\rdpwsx.dll
2013-11-09 02:09 - 2012-04-25 21:34 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\rdrmemptylst.exe
2013-11-09 02:09 - 2012-03-16 23:58 - 00075120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys
2013-11-09 02:09 - 2011-02-03 03:25 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2013-11-09 02:08 - 2013-07-18 17:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-11-09 02:08 - 2013-07-18 17:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2013-11-09 02:06 - 2013-08-27 17:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-11-09 02:06 - 2013-07-04 04:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-11-09 02:06 - 2013-07-04 03:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-11-09 02:06 - 2012-11-22 19:13 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2013-11-09 02:06 - 2012-10-31 21:43 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2013-11-09 02:06 - 2012-10-31 21:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2013-11-09 02:06 - 2012-10-31 20:47 - 01389568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2013-11-09 02:06 - 2012-10-31 20:47 - 01236992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2013-11-09 02:06 - 2012-10-03 09:44 - 00303104 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2013-11-09 02:06 - 2012-10-03 09:44 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll
2013-11-09 02:06 - 2012-10-03 09:44 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2013-11-09 02:06 - 2012-10-03 09:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2013-11-09 02:06 - 2012-10-03 09:44 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2013-11-09 02:06 - 2012-10-03 09:42 - 00569344 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2013-11-09 02:06 - 2012-10-03 08:42 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2013-11-09 02:06 - 2012-10-03 08:42 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2013-11-09 02:06 - 2012-10-03 08:42 - 00018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2013-11-09 02:06 - 2012-10-03 08:07 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2013-11-09 02:06 - 2012-09-25 14:47 - 00078336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2013-11-09 02:06 - 2012-09-25 14:46 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll
2013-11-09 02:06 - 2012-04-27 19:55 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2013-11-09 02:06 - 2012-01-12 23:12 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2013-11-09 02:06 - 2010-06-25 19:55 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2013-11-09 02:06 - 2010-06-25 19:24 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2013-11-09 02:03 - 2012-06-05 22:02 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2013-11-09 02:03 - 2012-06-05 21:03 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2013-11-09 01:59 - 2012-02-10 22:36 - 00559104 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2013-11-09 01:59 - 2012-02-10 22:36 - 00067072 _____ (Microsoft Corporation) C:\Windows\splwow64.exe
2013-11-09 01:52 - 2012-06-02 14:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2013-11-09 01:52 - 2012-06-02 14:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2013-11-09 01:52 - 2012-06-02 14:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2013-11-09 01:52 - 2012-06-02 14:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2013-11-09 01:51 - 2012-06-02 15:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2013-11-09 01:51 - 2012-06-02 15:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2013-11-09 01:51 - 2012-06-02 14:19 - 00701976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2013-11-09 01:51 - 2012-06-02 14:19 - 00038424 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2013-11-09 01:51 - 2012-06-02 14:15 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2013-11-09 00:34 - 2013-11-09 00:34 - 00001088 _____ C:\Users\Public\Desktop\Advanced Spyware Remover.lnk
2013-11-09 00:34 - 2013-11-09 00:34 - 00000000 ____D C:\ProgramData\IObit
2013-11-09 00:34 - 2013-11-09 00:34 - 00000000 ____D C:\Program Files (x86)\IObit
2013-11-08 23:21 - 2013-11-08 23:21 - 00000000 ____D C:\Users\Foxer\AppData\Local\{6A5801EA-9F6B-41A5-9823-8B01A938CE56}
2013-11-08 22:54 - 2010-08-20 08:43 - 00067472 ____N (CANON INC.) C:\Windows\SysWOW64\IJRMF.exe
2013-11-08 22:52 - 2013-11-11 22:16 - 00000000 ____D C:\ProgramData\CanonIJPLM
2013-11-08 22:52 - 2013-11-08 22:52 - 00000000 ____D C:\Program Files\Canon
2013-11-08 14:37 - 2013-11-08 14:37 - 00000000 ____D C:\ProgramData\Google
2013-11-08 14:37 - 2013-11-08 14:37 - 00000000 ____D C:\Program Files\Google
2013-11-08 14:24 - 2013-11-29 21:38 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-08 14:24 - 2013-11-29 14:38 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-08 14:24 - 2013-11-23 20:15 - 00000000 ____D C:\Program Files (x86)\Google
2013-11-08 14:24 - 2013-11-09 12:40 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2013-11-08 14:24 - 2013-11-08 14:33 - 00003892 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-11-08 14:24 - 2013-11-08 14:33 - 00003640 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-11-08 14:24 - 2013-11-08 14:24 - 00001184 _____ C:\Users\Public\Desktop\Express Invoice.lnk
2013-11-08 14:24 - 2013-11-08 14:24 - 00000000 ____D C:\Users\Foxer\AppData\Local\Google
2013-11-08 11:21 - 2013-11-08 11:21 - 00000000 ____D C:\Users\Foxer\AppData\Local\{87B8419F-091B-49EC-B814-5D0F89F5516B}
2013-11-08 03:29 - 2013-11-08 03:29 - 663832771 _____ C:\Windows\MEMORY.DMP
2013-11-08 03:29 - 2013-11-08 03:29 - 00863736 _____ C:\Windows\Minidump\110813-14866-01.dmp
2013-11-08 03:29 - 2013-11-08 03:29 - 00000000 ____D C:\Windows\Minidump
2013-11-07 20:00 - 2013-11-07 20:00 - 00000000 ____D C:\Users\Foxer\AppData\Local\{2F2721C4-A9D1-4893-A2BF-F4E919F22B73}
2013-11-06 22:25 - 2013-11-09 16:12 - 00000000 ____D C:\ProgramData\Oracle
2013-11-06 22:25 - 2013-11-06 22:25 - 00000000 ____D C:\ProgramData\McAfee
2013-11-06 22:24 - 2013-11-06 22:24 - 00915368 _____ (Oracle Corporation) C:\Users\Foxer\Downloads\jxpiinstall(1).exe
2013-11-06 12:08 - 2013-11-06 12:08 - 00000000 ____D C:\Users\Foxer\AppData\Local\{277DCCD9-F3E2-465D-8940-D7912734DA28}
2013-11-06 00:08 - 2013-11-06 00:08 - 00000000 ____D C:\Users\Foxer\AppData\Local\{969A575A-A0FD-4D23-8013-3E7470DE6CF0}
2013-11-05 13:35 - 2013-11-07 20:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-05 12:08 - 2013-11-05 12:08 - 00000000 ____D C:\Users\Foxer\AppData\Local\{4B384C13-C18A-4B86-81E3-E7346D3F644E}
2013-11-04 23:00 - 2013-11-04 23:00 - 00000000 ____D C:\Users\Foxer\AppData\Local\{5AF1B910-490B-4351-ABE5-847C7929E6CD}
2013-11-04 11:00 - 2013-11-04 11:00 - 00000000 ____D C:\Users\Foxer\AppData\Local\{919D7547-441E-4543-9A4A-A4F8C9B5073F}
2013-11-03 23:00 - 2013-11-03 23:00 - 00000000 ____D C:\Users\Foxer\AppData\Local\{C6DDE1D8-4044-4E53-92E9-79E1E7B7AAEC}
2013-11-03 10:59 - 2013-11-03 11:00 - 00000000 ____D C:\Users\Foxer\AppData\Local\{5278C5B2-E203-4D8C-85C2-A88C99D04B4C}
2013-11-02 21:49 - 2013-11-02 21:50 - 00000000 ____D C:\Users\Foxer\AppData\Local\{D5397514-B402-4CF9-A60C-D222CB074263}
2013-11-02 09:49 - 2013-11-02 09:49 - 00000000 ____D C:\Users\Foxer\AppData\Local\{004C774A-5901-4F5E-9F25-391EBB6D4D70}
2013-11-01 21:49 - 2013-11-01 21:49 - 00000000 ____D C:\Users\Foxer\AppData\Local\{F09F513D-52C6-4408-AE43-0D9CE8266617}
2013-11-01 09:49 - 2013-11-01 09:49 - 00000000 ____D C:\Users\Foxer\AppData\Local\{E508D9E4-6F70-437A-9D80-1BC7D125B7B0}
2013-10-31 21:49 - 2013-10-31 21:49 - 00000000 ____D C:\Users\Foxer\AppData\Local\{EA1ED79D-E421-4ECB-B82A-E393A66B5C5B}
2013-10-31 09:48 - 2013-10-31 09:49 - 00000000 ____D C:\Users\Foxer\AppData\Local\{CE3D7248-FA71-476A-87FE-0B90469A57E8}
2013-10-30 21:03 - 2013-10-30 21:03 - 00000000 ____D C:\Users\Foxer\AppData\Local\{65DBFA81-67A1-48B2-873C-3BE1F9782D89}
2013-10-30 09:03 - 2013-10-30 09:03 - 00000000 ____D C:\Users\Foxer\AppData\Local\{973067D1-67A5-48C1-B066-5668DE547449}
2013-10-30 01:52 - 2013-10-30 01:52 - 23294592 _____ (Mozilla) C:\Users\Foxer\Downloads\Firefox_Setup_25.0.exe

==================== One Month Modified Files and Folders =======

2013-11-29 21:44 - 2013-11-29 21:44 - 00013305 _____ C:\Users\Snake\Desktop\FRST.txt
2013-11-29 21:43 - 2013-11-29 21:43 - 00000000 ____D C:\FRST
2013-11-29 21:42 - 2013-11-29 21:42 - 01959024 _____ (Farbar) C:\Users\Snake\Desktop\FRST64.exe
2013-11-29 21:38 - 2013-11-08 14:24 - 00000896 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-11-29 21:14 - 2012-04-30 09:24 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-11-29 14:38 - 2013-11-08 14:24 - 00000892 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-11-29 11:15 - 2013-11-29 11:15 - 00000000 ____D C:\Users\Snake\AppData\Local\{1264EDF0-DC07-4484-B854-C39F81230E93}
2013-11-29 10:37 - 2009-07-13 20:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-29 10:37 - 2009-07-13 20:45 - 00009920 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-29 10:34 - 2009-07-13 21:13 - 00795104 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-29 10:33 - 2012-01-31 09:59 - 01413856 _____ C:\Windows\WindowsUpdate.log
2013-11-29 10:30 - 2012-09-19 23:08 - 00000324 _____ C:\Windows\Tasks\GlaryInitialize.job
2013-11-29 10:30 - 2012-04-27 21:56 - 00000000 ___HD C:\ASUS.DAT
2013-11-29 10:30 - 2012-01-31 10:17 - 00045056 _____ C:\Windows\SysWOW64\acovcnt.exe
2013-11-29 10:30 - 2009-07-13 21:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-29 10:30 - 2009-07-13 20:51 - 00066085 _____ C:\Windows\setupact.log
2013-11-28 23:37 - 2013-11-13 22:26 - 00000000 ____D C:\Users\Snake\AppData\Roaming\SoftGrid Client
2013-11-28 23:15 - 2013-11-28 23:15 - 00000000 ____D C:\Users\Snake\AppData\Local\{DE1439EB-66EC-4C3E-A36E-53C6F62B6AB9}
2013-11-28 11:15 - 2013-11-28 11:15 - 00000000 ____D C:\Users\Snake\AppData\Local\{5DD61390-3731-4439-8685-7C7A7281ADE9}
2013-11-27 23:15 - 2013-11-27 23:14 - 00000000 ____D C:\Users\Snake\AppData\Local\{A16BBB32-CA56-43C2-B70B-4AC084347753}
2013-11-27 21:47 - 2013-11-27 21:45 - 00000000 ____D C:\AdwCleaner
2013-11-27 21:45 - 2013-11-27 21:44 - 01091882 _____ C:\Users\Snake\Downloads\adwcleaner.exe
2013-11-27 11:59 - 2013-11-19 14:11 - 00000544 _____ C:\Users\Snake\AppData\Roaming\ClipGet-FlvConverterDefaultSettings.xml
2013-11-27 09:53 - 2013-11-27 09:53 - 00000000 ____D C:\Users\Snake\AppData\Local\{42C92F92-B8DC-4A29-AED7-C7F6F73B2D52}
2013-11-26 21:53 - 2013-11-26 21:53 - 00000000 ____D C:\Users\Snake\AppData\Local\{BAB368AC-8B93-409E-B5E6-40CD5802BF2A}
2013-11-26 16:40 - 2013-11-26 16:40 - 00000000 ____D C:\Users\Snake\AppData\Local\CrashDumps
2013-11-26 03:57 - 2013-11-26 03:57 - 00000000 ____D C:\Users\Snake\AppData\Local\{B1348E03-37AF-438B-AA8C-AB72DB58EDE0}
2013-11-25 19:03 - 2013-11-25 19:03 - 00025376 _____ C:\Users\Snake\Desktop\dds.txt
2013-11-25 19:03 - 2013-11-25 19:03 - 00006791 _____ C:\Users\Snake\Desktop\attach.txt
2013-11-25 15:57 - 2013-11-25 15:57 - 00000000 ____D C:\Users\Snake\AppData\Local\{CF3BB459-7E9F-4892-BAD7-2140CD4E45F2}
2013-11-25 03:56 - 2013-11-25 03:56 - 00000000 ____D C:\Users\Snake\AppData\Local\{81B640A1-FE1F-4A6E-AA5F-E96D5BCB52DB}
2013-11-24 20:35 - 2013-11-24 20:22 - 00000000 ____D C:\Users\Snake\Desktop\old mine
2013-11-24 15:56 - 2013-11-24 15:56 - 00000000 ____D C:\Users\Snake\AppData\Local\{E442382B-4AA6-4ADE-B14B-4DBFA7F2E091}
2013-11-24 03:56 - 2013-11-24 03:56 - 00000000 ____D C:\Users\Snake\AppData\Local\{ADF47BB0-C8A2-498F-8296-9A355BB4A410}
2013-11-23 20:15 - 2013-11-08 14:24 - 00000000 ____D C:\Program Files (x86)\Google
2013-11-23 20:13 - 2013-11-23 20:13 - 00819160 _____ (Google Inc.) C:\Users\Snake\Downloads\GoogleEarthPluginSetup.exe
2013-11-23 15:56 - 2013-11-23 15:56 - 00000000 ____D C:\Users\Snake\AppData\Local\{684A8179-875F-49E6-94CA-E45F30F6E889}
2013-11-22 23:56 - 2013-11-12 23:31 - 00000000 ____D C:\Users\Snake\Desktop\New folder (3)
2013-11-22 23:55 - 2013-11-22 23:55 - 00000000 ____D C:\Users\Snake\AppData\Local\{72298020-34F9-4824-8A3F-A59F4771D58C}
2013-11-22 22:50 - 2013-11-22 22:50 - 00000399 _____ C:\Users\Snake\Downloads\pm-rrb.csv
2013-11-22 11:55 - 2013-11-22 11:55 - 00000000 ____D C:\Users\Snake\AppData\Local\{443D3E5B-81EB-493E-8E91-ECB868856BCC}
2013-11-21 23:55 - 2013-11-21 23:54 - 00000000 ____D C:\Users\Snake\AppData\Local\{F5EB6065-2FAC-40F5-8176-F4F8742A61AB}
2013-11-21 18:00 - 2013-11-12 23:51 - 00000000 ____D C:\Users\Snake\AppData\Roaming\CoreFTP
2013-11-21 11:54 - 2013-11-21 11:54 - 00000000 ____D C:\Users\Snake\AppData\Local\{3790448E-C421-46AB-BF26-086E20C77300}
2013-11-20 23:54 - 2013-11-20 23:54 - 00000000 ____D C:\Users\Snake\AppData\Local\{275BFC88-C3EC-4FA1-B001-0221545196C1}
2013-11-20 20:43 - 2013-11-12 23:29 - 00000000 ____D C:\Users\Snake\Desktop\Blick's JOBS
2013-11-20 12:31 - 2013-11-20 12:31 - 00688992 ____R (Swearware) C:\Users\Snake\Downloads\dds.com
2013-11-20 11:54 - 2013-11-20 11:53 - 00000000 ____D C:\Users\Snake\AppData\Local\{B99C1368-48B7-4A40-B059-65005F44D888}
2013-11-20 11:01 - 2013-11-19 23:53 - 00000000 ____D C:\Users\Snake\AppData\Local\{E3D708CD-C47B-417E-8238-C36AEF4CD42B}
2013-11-19 23:53 - 2013-11-19 23:53 - 00000000 ____D C:\Users\Snake\AppData\Local\{417A65F4-8618-4C15-B90C-57894D0CF23B}
2013-11-19 13:13 - 2013-11-19 13:13 - 00000028 _____ C:\Users\Snake\AppData\Roaming\ClipGet-UpdatePerformed.txt
2013-11-19 13:13 - 2013-11-19 13:13 - 00000000 ____D C:\extensions
2013-11-19 11:53 - 2013-11-19 11:53 - 00000000 ____D C:\Users\Snake\AppData\Local\{61C910AB-2814-4794-B893-5B76BB8B65AA}
2013-11-18 23:29 - 2013-11-18 23:29 - 00000000 ____D C:\Users\Snake\AppData\Local\{3C62BA6D-C9C9-4392-B14E-81219A0AAC93}
2013-11-18 11:29 - 2013-11-18 11:29 - 00000000 ____D C:\Users\Snake\AppData\Local\{250CAD59-8330-473D-A791-F2AE67F4A8AF}
2013-11-18 10:13 - 2013-11-18 10:13 - 00000000 ____D C:\Users\Snake\AppData\Roaming\GlarySoft
2013-11-17 23:29 - 2013-11-17 23:28 - 00000000 ____D C:\Users\Snake\AppData\Local\{B7B929CF-F134-4FA9-B786-230DBCB70438}
2013-11-17 13:57 - 2013-11-17 13:54 - 00000000 ____D C:\Users\Snake\AppData\Roaming\Canon
2013-11-17 11:28 - 2013-11-17 11:28 - 00000000 ____D C:\Users\Snake\AppData\Local\{6CBE9B7D-837B-4D2D-928F-2C5F8B561C2E}
2013-11-16 23:28 - 2013-11-16 23:28 - 00000000 ____D C:\Users\Snake\AppData\Local\{8BD05946-CD4E-465D-9B1B-9BD526A116E3}
2013-11-16 11:27 - 2013-11-16 11:27 - 00000000 ____D C:\Users\Snake\AppData\Local\{0D200330-6174-4153-8AA3-65074F00D209}
2013-11-15 23:27 - 2013-11-15 23:27 - 00000000 ____D C:\Users\Snake\AppData\Local\{033CFD4F-21F0-4466-8DD7-4BFA32CE0FD0}
2013-11-15 11:27 - 2013-11-15 11:27 - 00000000 ____D C:\Users\Snake\AppData\Local\{84BA644D-8CF8-4BAE-A32D-D4F2ABBDB2F6}
2013-11-15 08:43 - 2011-10-17 19:58 - 00146516 _____ C:\Windows\PFRO.log
2013-11-14 23:59 - 2013-11-14 23:59 - 00000000 ____D C:\Users\Snake\AppData\Roaming\Malwarebytes
2013-11-14 23:27 - 2013-11-14 23:26 - 00000000 ____D C:\Users\Snake\AppData\Local\{C06D1D51-F76A-4168-ACEF-C57A2AE471B1}
2013-11-14 16:39 - 2013-11-13 20:19 - 00002185 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-11-14 11:26 - 2013-11-14 11:26 - 00000000 ____D C:\Users\Snake\AppData\Local\{C1120F68-85AA-499A-B86F-50CB4F4CD578}
2013-11-13 23:26 - 2013-11-13 23:26 - 00000000 ____D C:\Users\Snake\AppData\Local\{232A5A87-944F-4635-AE48-04352B115712}
2013-11-13 22:26 - 2013-11-13 22:26 - 00000000 ____D C:\Users\Snake\AppData\Local\SoftGrid Client
2013-11-13 20:43 - 2013-11-13 20:43 - 00000000 ____D C:\Users\Snake\AppData\Roaming\Zeon
2013-11-13 20:43 - 2013-11-13 20:43 - 00000000 ____D C:\Users\Snake\AppData\Roaming\Nuance
2013-11-13 20:43 - 2013-11-13 20:43 - 00000000 ____D C:\Users\Snake\AppData\Roaming\FLEXnet
2013-11-13 20:19 - 2013-11-12 23:23 - 00000000 ____D C:\Users\Snake\AppData\Local\Google
2013-11-13 20:09 - 2009-07-13 21:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-11-13 19:27 - 2013-11-12 23:25 - 00000000 ____D C:\Users\Snake\AppData\Roaming\Windows Live Writer
2013-11-13 11:57 - 2009-07-13 19:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-11-13 11:26 - 2013-11-13 11:25 - 00000000 ____D C:\Users\Snake\AppData\Local\{77474E2E-F6BF-408A-8599-BBE559EEE564}
2013-11-12 23:50 - 2013-11-12 23:48 - 00000000 ____D C:\Users\Snake\Desktop\Music 1
2013-11-12 23:25 - 2013-11-12 23:25 - 00000000 ____D C:\Users\Snake\AppData\Local\Windows Live Writer
2013-11-12 23:25 - 2013-11-12 23:25 - 00000000 ____D C:\Users\Snake\AppData\Local\{951995C6-7FEB-41A4-9F9A-1605E11A2793}
2013-11-12 23:23 - 2013-11-12 23:23 - 00000000 ____D C:\Users\Snake\AppData\Roaming\Macromedia
2013-11-12 23:23 - 2013-11-12 23:23 - 00000000 ____D C:\Users\Snake\AppData\Roaming\Google
2013-11-12 23:22 - 2013-11-12 23:22 - 00000000 ___DC C:\Users\Snake\AppData\Local\MigWiz
2013-11-12 23:21 - 2013-11-12 23:21 - 00000000 ____D C:\Users\Snake\AppData\Roaming\ASUS WebStorage
2013-11-12 23:20 - 2013-11-12 23:20 - 00058016 _____ C:\Users\Snake\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-12 23:20 - 2013-11-12 23:20 - 00000000 ____D C:\Users\Snake\AppData\Roaming\Logitech
2013-11-12 23:20 - 2013-11-12 23:20 - 00000000 ____D C:\Users\Snake\AppData\Roaming\Apple Computer
2013-11-12 23:20 - 2013-11-12 23:19 - 00000000 ___RD C:\Users\Snake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-12 23:20 - 2013-11-12 23:19 - 00000000 ___RD C:\Users\Snake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-11-12 23:19 - 2013-11-12 23:19 - 00001415 _____ C:\Users\Snake\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-12 23:19 - 2013-11-12 23:19 - 00000020 ___SH C:\Users\Snake\ntuser.ini
2013-11-12 23:19 - 2013-11-12 23:19 - 00000000 ____D C:\Users\Snake\AppData\Roaming\Adobe
2013-11-12 23:19 - 2013-11-12 23:19 - 00000000 ____D C:\Users\Snake\AppData\Local\VirtualStore
2013-11-12 23:19 - 2013-11-12 23:19 - 00000000 ____D C:\Users\Snake\AppData\Local\Power2Go
2013-11-12 23:19 - 2013-11-12 23:19 - 00000000 ____D C:\Users\Snake
2013-11-12 19:40 - 2013-11-12 19:39 - 00000000 ____D C:\Users\Foxer\AppData\Local\{C28A15A7-0422-4A93-90C1-636C10691972}
2013-11-11 23:28 - 2013-11-11 23:28 - 00000000 ____D C:\Users\Foxer\AppData\Local\{F630B419-C1D1-49A2-A5D5-E91223A65C8F}
2013-11-11 22:16 - 2013-11-11 22:16 - 00000000 ____D C:\ProgramData\CanonIJ
2013-11-11 22:16 - 2013-11-08 22:52 - 00000000 ____D C:\ProgramData\CanonIJPLM
2013-11-11 11:28 - 2013-11-11 11:28 - 00000000 ____D C:\Users\Foxer\AppData\Local\{38E9CBC0-9BB9-439B-90A5-E25EE7FDF092}
2013-11-10 23:28 - 2013-11-10 23:28 - 00000000 ____D C:\Users\Foxer\AppData\Local\{66F21107-AB9C-451F-B38A-976C27E638F4}
2013-11-10 11:27 - 2013-11-10 11:27 - 00000000 ____D C:\Users\Foxer\AppData\Local\{FFB29359-779E-40C8-A7D9-CFF000905ABF}
2013-11-09 23:27 - 2013-11-09 23:27 - 00000000 ____D C:\Users\Foxer\AppData\Local\{B2B0BDF8-540B-43C2-9D14-2FA0BABD555E}
2013-11-09 16:29 - 2013-11-09 02:59 - 00010839 _____ C:\Windows\IE10_main.log
2013-11-09 16:12 - 2013-11-06 22:25 - 00000000 ____D C:\ProgramData\Oracle
2013-11-09 16:11 - 2013-11-09 16:11 - 00264616 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2013-11-09 16:11 - 2013-11-09 16:11 - 00175016 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2013-11-09 16:11 - 2013-11-09 16:11 - 00174504 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2013-11-09 16:11 - 2013-11-09 16:11 - 00096168 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2013-11-09 16:11 - 2013-11-09 16:11 - 00000000 ____D C:\Program Files (x86)\Java
2013-11-09 12:40 - 2013-11-08 14:24 - 00000000 ____D C:\Windows\System32\Tasks\NCH Software
2013-11-09 12:07 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\rescache
2013-11-09 11:31 - 2012-01-31 10:15 - 00002186 _____ C:\Windows\system32\AutoRunFilter.ini
2013-11-09 11:31 - 2012-01-31 10:15 - 00001336 _____ C:\Windows\system32\ServiceFilter.ini
2013-11-09 11:27 - 2013-11-09 11:27 - 00000000 ____D C:\Users\Foxer\AppData\Local\{EC9AEA77-FB46-496D-B759-E9E01358E0FD}
2013-11-09 11:25 - 2012-04-27 21:57 - 00058016 _____ C:\Users\Foxer\AppData\Local\GDIPFONTCACHEV1.DAT
2013-11-09 11:24 - 2013-11-09 11:24 - 00000000 ___HD C:\ProgramData\CanonIJMyPrinter
2013-11-09 11:24 - 2012-04-27 21:57 - 00001415 _____ C:\Users\Foxer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-11-09 11:24 - 2012-04-27 21:57 - 00000000 ___RD C:\Users\Foxer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-11-09 11:24 - 2012-04-27 21:57 - 00000000 ___RD C:\Users\Foxer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-11-09 11:22 - 2012-10-28 09:24 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-11-09 11:22 - 2012-10-28 09:24 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-11-09 11:22 - 2009-07-13 20:45 - 00275712 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-09 11:20 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files\Windows Defender
2013-11-09 11:20 - 2009-07-13 21:32 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2013-11-09 11:19 - 2009-07-13 23:45 - 00000000 ____D C:\Program Files\Windows Journal
2013-11-09 11:19 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\zh-HK
2013-11-09 11:19 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\SysWOW64\tr-TR
2013-11-09 11:19 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\zh-HK
2013-11-09 11:19 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\system32\tr-TR
2013-11-09 11:19 - 2009-07-13 19:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-11-09 11:14 - 2012-05-01 19:24 - 00000000 ____D C:\Users\Foxer\AppData\Roaming\SoftGrid Client
2013-11-09 03:33 - 2012-05-01 19:23 - 00000000 ____D C:\Program Files (x86)\Microsoft Application Virtualization Client
2013-11-09 03:33 - 2011-10-17 20:17 - 00811800 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2013-11-09 03:05 - 2013-11-09 03:05 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-11-09 03:05 - 2013-11-09 03:05 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-09 03:05 - 2013-11-09 03:05 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-09 03:05 - 2013-11-09 03:05 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-11-09 03:05 - 2013-11-09 03:05 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-11-09 03:05 - 2013-11-09 03:05 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-09 03:05 - 2013-11-09 03:05 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 01054720 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-09 03:05 - 2013-11-09 03:05 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00523264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-09 03:05 - 2013-11-09 03:05 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-11-09 03:05 - 2013-11-09 03:05 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00270848 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00242200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-09 03:05 - 2013-11-09 03:05 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-09 03:05 - 2013-11-09 03:05 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-11-09 03:05 - 2013-11-09 03:05 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-09 03:05 - 2013-11-09 03:05 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-11-09 03:05 - 2013-11-09 03:05 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-11-09 03:05 - 2013-11-09 03:05 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-09 03:05 - 2013-11-09 03:05 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-09 03:05 - 2013-11-09 03:05 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-09 03:05 - 2013-11-09 03:05 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-11-09 03:05 - 2013-11-09 03:05 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-11-09 03:05 - 2013-11-09 03:05 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-11-09 03:05 - 2013-11-09 03:05 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-09 03:05 - 2013-11-09 03:05 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-11-09 03:05 - 2013-11-09 03:05 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-09 03:05 - 2013-11-09 03:05 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-11-09 03:05 - 2013-11-09 03:05 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-09 03:05 - 2013-11-09 03:05 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-11-09 03:02 - 2013-11-09 03:02 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 01988096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-11-09 03:02 - 2013-11-09 03:02 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-11-09 02:22 - 2013-11-09 02:20 - 00000000 ____D C:\Windows\system32\MRT
2013-11-09 00:34 - 2013-11-09 00:34 - 00001088 _____ C:\Users\Public\Desktop\Advanced Spyware Remover.lnk
2013-11-09 00:34 - 2013-11-09 00:34 - 00000000 ____D C:\ProgramData\IObit
2013-11-09 00:34 - 2013-11-09 00:34 - 00000000 ____D C:\Program Files (x86)\IObit
2013-11-08 23:21 - 2013-11-08 23:21 - 00000000 ____D C:\Users\Foxer\AppData\Local\{6A5801EA-9F6B-41A5-9823-8B01A938CE56}
2013-11-08 22:58 - 2012-04-29 18:47 - 00000000 ____D C:\Program Files (x86)\Canon
2013-11-08 22:58 - 2009-07-13 19:20 - 00000000 __RSD C:\Windows\Media
2013-11-08 22:54 - 2012-04-29 18:52 - 00002077 _____ C:\Users\Public\Desktop\Canon Solution Menu EX.lnk
2013-11-08 22:54 - 2012-04-29 18:52 - 00000000 ____D C:\ProgramData\CanonIJWSpt
2013-11-08 22:52 - 2013-11-08 22:52 - 00000000 ____D C:\Program Files\Canon
2013-11-08 22:52 - 2012-04-29 18:50 - 00002356 _____ C:\Users\Public\Desktop\Canon MX410 series On-screen Manual.lnk
2013-11-08 14:37 - 2013-11-08 14:37 - 00000000 ____D C:\ProgramData\Google
2013-11-08 14:37 - 2013-11-08 14:37 - 00000000 ____D C:\Program Files\Google
2013-11-08 14:33 - 2013-11-08 14:24 - 00003892 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-11-08 14:33 - 2013-11-08 14:24 - 00003640 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-11-08 14:24 - 2013-11-08 14:24 - 00001184 _____ C:\Users\Public\Desktop\Express Invoice.lnk
2013-11-08 14:24 - 2013-11-08 14:24 - 00000000 ____D C:\Users\Foxer\AppData\Local\Google
2013-11-08 11:53 - 2012-08-29 11:09 - 00000000 ____D C:\Users\Foxer\AppData\Local\CrashDumps
2013-11-08 11:21 - 2013-11-08 11:21 - 00000000 ____D C:\Users\Foxer\AppData\Local\{87B8419F-091B-49EC-B814-5D0F89F5516B}
2013-11-08 03:29 - 2013-11-08 03:29 - 663832771 _____ C:\Windows\MEMORY.DMP
2013-11-08 03:29 - 2013-11-08 03:29 - 00863736 _____ C:\Windows\Minidump\110813-14866-01.dmp
2013-11-08 03:29 - 2013-11-08 03:29 - 00000000 ____D C:\Windows\Minidump
2013-11-07 20:40 - 2013-11-05 13:35 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-11-07 20:00 - 2013-11-07 20:00 - 00000000 ____D C:\Users\Foxer\AppData\Local\{2F2721C4-A9D1-4893-A2BF-F4E919F22B73}
2013-11-06 22:25 - 2013-11-06 22:25 - 00000000 ____D C:\ProgramData\McAfee
2013-11-06 22:24 - 2013-11-06 22:24 - 00915368 _____ (Oracle Corporation) C:\Users\Foxer\Downloads\jxpiinstall(1).exe
2013-11-06 12:08 - 2013-11-06 12:08 - 00000000 ____D C:\Users\Foxer\AppData\Local\{277DCCD9-F3E2-465D-8940-D7912734DA28}
2013-11-06 00:08 - 2013-11-06 00:08 - 00000000 ____D C:\Users\Foxer\AppData\Local\{969A575A-A0FD-4D23-8013-3E7470DE6CF0}
2013-11-05 12:08 - 2013-11-05 12:08 - 00000000 ____D C:\Users\Foxer\AppData\Local\{4B384C13-C18A-4B86-81E3-E7346D3F644E}
2013-11-05 04:48 - 2013-04-27 12:08 - 00000544 _____ C:\Users\Foxer\AppData\Roaming\ClipGet-FlvConverterDefaultSettings.xml
2013-11-05 02:12 - 2012-05-01 16:28 - 00000000 ____D C:\Users\Foxer\AppData\Roaming\CoreFTP
2013-11-04 23:00 - 2013-11-04 23:00 - 00000000 ____D C:\Users\Foxer\AppData\Local\{5AF1B910-490B-4351-ABE5-847C7929E6CD}
2013-11-04 11:00 - 2013-11-04 11:00 - 00000000 ____D C:\Users\Foxer\AppData\Local\{919D7547-441E-4543-9A4A-A4F8C9B5073F}
2013-11-03 23:00 - 2013-11-03 23:00 - 00000000 ____D C:\Users\Foxer\AppData\Local\{C6DDE1D8-4044-4E53-92E9-79E1E7B7AAEC}
2013-11-03 11:00 - 2013-11-03 10:59 - 00000000 ____D C:\Users\Foxer\AppData\Local\{5278C5B2-E203-4D8C-85C2-A88C99D04B4C}
2013-11-02 21:50 - 2013-11-02 21:49 - 00000000 ____D C:\Users\Foxer\AppData\Local\{D5397514-B402-4CF9-A60C-D222CB074263}
2013-11-02 09:49 - 2013-11-02 09:49 - 00000000 ____D C:\Users\Foxer\AppData\Local\{004C774A-5901-4F5E-9F25-391EBB6D4D70}
2013-11-01 21:49 - 2013-11-01 21:49 - 00000000 ____D C:\Users\Foxer\AppData\Local\{F09F513D-52C6-4408-AE43-0D9CE8266617}
2013-11-01 09:49 - 2013-11-01 09:49 - 00000000 ____D C:\Users\Foxer\AppData\Local\{E508D9E4-6F70-437A-9D80-1BC7D125B7B0}
2013-10-31 21:49 - 2013-10-31 21:49 - 00000000 ____D C:\Users\Foxer\AppData\Local\{EA1ED79D-E421-4ECB-B82A-E393A66B5C5B}
2013-10-31 09:49 - 2013-10-31 09:48 - 00000000 ____D C:\Users\Foxer\AppData\Local\{CE3D7248-FA71-476A-87FE-0B90469A57E8}
2013-10-30 21:03 - 2013-10-30 21:03 - 00000000 ____D C:\Users\Foxer\AppData\Local\{65DBFA81-67A1-48B2-873C-3BE1F9782D89}
2013-10-30 09:03 - 2013-10-30 09:03 - 00000000 ____D C:\Users\Foxer\AppData\Local\{973067D1-67A5-48C1-B066-5668DE547449}
2013-10-30 01:52 - 2013-10-30 01:52 - 23294592 _____ (Mozilla) C:\Users\Foxer\Downloads\Firefox_Setup_25.0.exe

Some content of TEMP:
====================
C:\Users\Snake\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2013-11-20 00:52

==================== End Of Log ============================

 

 

 

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 28-11-2013
Ran by Snake at 2013-11-29 21:45:25
Running from C:\Users\Snake\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

7-Zip 9.19 (x64 edition) (Version: 9.19.00.0)
Adobe Flash Player 11 ActiveX (x32 Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.117)
Advanced Spyware Remover (x32 Version: 2.0)
Alcor Micro USB Card Reader (x32 Version: 1.2.0117.08443)
Apple Application Support (x32 Version: 2.3.4)
Apple Mobile Device Support (Version: 6.1.0.13)
Apple Software Update (x32 Version: 2.1.3.127)
Asmedia ASM104x USB 3.0 Host Controller Driver (x32 Version: 1.14.2.0)
ASUS AI Recovery (x32 Version: 1.0.19)
ASUS FaceLogon (x32 Version: 1.0.0013)
ASUS FancyStart (x32 Version: 1.1.1)
ASUS LifeFrame3 (x32 Version: 3.0.28)
ASUS Live Update (x32 Version: 3.1.0)
ASUS Power4Gear Hybrid (Version: 1.1.50)
ASUS Splendid Video Enhancement Technology (x32 Version: 1.02.0037)
ASUS Virtual Camera (x32 Version: 1.0.24)
ASUS WebStorage (x32 Version: 3.0.108.222)
AsusScr_K3 Series_ENG (x32 Version: 1.0.0001)
AsusVibe2.0 (x32 Version: 2.0.7.142)
ATK Package (x32 Version: 1.0.0014)
Big Fish: Game Manager (x32 Version: 3.2.0.6)
Bing Bar (x32 Version: 7.0.610.0)
Bonjour (Version: 3.0.0.10)
Canon Easy-PhotoPrint EX (x32)
Canon Easy-WebPrint EX (x32)
Canon IJ Network Scanner Selector EX (x32)
Canon IJ Network Tool (x32)
Canon Inkjet Printer Driver Add-On Module V2.00
Canon MP Navigator EX 4.1 (x32)
Canon MX410 series MP Drivers
Canon MX410 series User Registration (x32)
Canon My Printer (x32)
Canon Solution Menu EX (x32)
Canon Speed Dial Utility (x32)
Cisco Connect (x32 Version: 1.4.12263.1)
ClipGet 3.7 (x32)
Control ActiveX de Windows Live Mesh para conexiones remotas (x32 Version: 15.4.5722.2)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (x32 Version: 15.4.5722.2)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (x32 Version: 15.4.5722.2)
Core FTP LE (x32)
Coupon Printer for Windows (x32 Version: 5.0.0.1)
CyberLink LabelPrint (x32 Version: 2.5.3624)
CyberLink Media Suite (x32 Version: 8.0.2926)
CyberLink Power2Go (x32 Version: 7.0.0.1126)
D3DX10 (x32 Version: 15.4.2368.0902)
Dark Parables: The Final Cinderella Collector's Edition (x32)
Elevated Installer (x32 Version: 2.1.13)
eReg (x32 Version: 1.20.138.34)
ETDWare PS/2-X64 8.0.5.3_WHQL (Version: 8.0.5.3)
Express Invoice (x32 Version: 3.92)
Fast Boot (Version: 1.0.10)
Free Audio CD Burner version 2.0.22.1201 (x32 Version: 2.0.22.1201)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922)
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922)
Garmin Express (x32 Version: 2.1.13)
Garmin Express Tray (x32 Version: 2.1.13)
Garmin Update Service (x32 Version: 2.1.13)
Glary Utilities 2.49.0.1600 (x32 Version: 2.49.0.1600)
Google Chrome (x32 Version: 31.0.1650.57)
Google Earth Plug-in (x32 Version: 7.1.2.2041)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0)
Google Toolbar for Internet Explorer (x32 Version: 7.5.4601.54)
Google Update Helper (x32 Version: 1.3.21.165)
Intel® Control Center (x32 Version: 1.2.1.1007)
Intel® Management Engine Components (x32 Version: 7.0.0.1144)
Intel® Processor Graphics (x32 Version: 8.15.10.2462)
Intel® PROSet/Wireless Software for Bluetooth® Technology (Version: 1.0.2.0518)
Java 7 Update 45 (x32 Version: 7.0.450)
Java Auto Updater (x32 Version: 2.1.9.8)
Junk Mail filter update (x32 Version: 15.4.3502.0922)
Logitech SetPoint 6.32 (Version: 6.32.20)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300)
Mesh Runtime (x32 Version: 15.4.5722.2)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft .NET Framework 4 Extended (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6015.5000)
Microsoft Office 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000)
Microsoft Office Click-to-Run 2010 (x32 Version: 14.0.4763.1000)
Microsoft Office Starter 2010 - English (x32 Version: 14.0.4763.1000)
Microsoft Primary Interoperability Assemblies 2005 (x32 Version: 8.0.50727.42)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (x32 Version: 3.1.0000)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.50727.42)
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.59192)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161)
MSVCRT (x32 Version: 15.4.2862.0708)
MSVCRT_amd64 (x32 Version: 15.4.2862.0708)
Nuance PDF Reader (x32 Version: 6.00.0041)
Qualcomm Atheros WiFi Driver Installation (x32 Version: 9.2)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6304)
Sonic Focus (x32 Version: 1.00.0000)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (x32 Version: 3)
Update for Microsoft .NET Framework 4 Extended (KB2468871) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2533523) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2600217) (x32 Version: 1)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3) (x32 Version: 3)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3502.0922)
Windows Live Essentials (x32 Version: 15.4.3555.0308)
Windows Live Family Safety (Version: 15.4.3555.0308)
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0)
Windows Live Installer (x32 Version: 15.4.3502.0922)
Windows Live Language Selector (Version: 15.4.3555.0308)
Windows Live Mail (x32 Version: 15.4.3502.0922)
Windows Live Mesh (x32 Version: 15.4.3502.0922)
Windows Live Mesh ActiveX Control for Remote Connections (x32 Version: 15.4.5722.2)
Windows Live Messenger (x32 Version: 15.4.3538.0513)
Windows Live MIME IFilter (Version: 15.4.3502.0922)
Windows Live Movie Maker (x32 Version: 15.4.3502.0922)
Windows Live Photo Common (x32 Version: 15.4.3502.0922)
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922)
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109)
Windows Live Remote Client (Version: 15.4.5722.2)
Windows Live Remote Client Resources (Version: 15.4.5722.2)
Windows Live Remote Service (Version: 15.4.5722.2)
Windows Live Remote Service Resources (Version: 15.4.5722.2)
Windows Live SOXE (x32 Version: 15.4.3502.0922)
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922)
Windows Live UX Platform (x32 Version: 15.4.3502.0922)
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109)
Windows Live Writer (x32 Version: 15.4.3502.0922)
Windows Live Writer Resources (x32 Version: 15.4.3502.0922)
Windows Live 影像中心 (x32 Version: 15.4.3502.0922)
Windows Live 照片库 (x32 Version: 15.4.3502.0922)
Windows Live 程式集 (x32 Version: 15.4.3502.0922)
Windows Live 软件包 (x32 Version: 15.4.3502.0922)
WinFlash (x32 Version: 2.32.3)
Wireless Console 3 (x32 Version: 3.0.25)
用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文) (x32 Version: 15.4.5722.2)
適用遠端連線的 Windows Live Mesh ActiveX 控制項 (x32 Version: 15.4.5722.2)

==================== Restore Points  =========================

10-11-2013 00:11:31 Installed Java 7 Update 45
17-11-2013 08:50:20 Scheduled Checkpoint
25-11-2013 08:00:01 Scheduled Checkpoint

==================== Hosts content: ==========================

2009-07-13 18:34 - 2009-06-10 13:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {004D0E85-E3EF-49F0-89D5-8045379FD986} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2011-12-06] (ASUS)
Task: {057EAAE0-ABAC-475D-9128-A32AF968E138} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-08] (Google Inc.)
Task: {06D0C4FF-CEF1-4F75-92B7-47DAE61E38AB} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {17DDA38D-3EE0-4786-B08C-D9943014F22B} - System32\Tasks\RealCreateProcessScheduledTask279521156S-1-5-21-2934102048-3708924941-104112852-1000 => C:\Program Files (x86)\Real\RealPlayer\realplay.exe
Task: {2225CC06-0498-411D-8A9C-3E0B362B4EDE} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-2934102048-3708924941-104112852-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {417C5D2D-5E1D-4AB9-A4E0-2DAC7D458BF1} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2011-07-21] (ASUS)
Task: {4F7FD688-87EA-42F6-AE73-467D545B19B6} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe [2011-10-03] (ASUS)
Task: {833441BD-2DC3-4C38-A3E6-4C96990A572D} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2011-11-30] (ASUSTeK Computer Inc.)
Task: {8B5FBCB3-B4D4-4CFD-8BA9-CAA4D604466A} - \YourFile Update No Task File
Task: {AC151F41-8D58-473F-AC3E-2966C69B9F7A} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-2934102048-3708924941-104112852-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {BCD8746A-C6B6-4D98-9538-AE1E24ED9043} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-08] (Adobe Systems Incorporated)
Task: {D2127FE0-6676-469C-A7A6-E26C1BFFCB5F} - System32\Tasks\GlaryInitialize => C:\Program Files (x86)\Glary Utilities\initialize.exe [2012-09-11] (Glarysoft Ltd)
Task: {D4CD2826-C7EE-4190-846E-F3DE7682DD56} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2011-11-15] (ASUS)
Task: {E2DA5EB6-52E9-4134-9116-784F54ADC123} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-11-08] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GlaryInitialize.job => C:\Program Files (x86)\Glary Utilities\initialize.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-07-14 16:11 - 2010-07-14 16:11 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2011-12-20 03:55 - 2011-07-25 23:37 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-10-07 01:39 - 2011-10-07 01:39 - 01304856 _____ () C:\Program Files\Logitech\SetPointP\Macros\MacroCore.dll
2012-02-20 20:29 - 2012-02-20 20:29 - 00087912 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-02-20 20:28 - 2012-02-20 20:28 - 01242472 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-03-21 16:46 - 2013-03-21 16:46 - 00377344 _____ () C:\Program Files (x86)\Garmin\Core Update Service\GpsImgWrapper.dll
2011-12-06 16:21 - 2011-12-06 16:21 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2011-11-30 14:28 - 2011-11-30 14:28 - 00211456 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\alvupdt.dll
2007-07-12 11:11 - 2007-07-12 11:11 - 01163264 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll
2013-11-09 00:34 - 2009-02-12 15:26 - 00044032 _____ () C:\Program Files (x86)\IObit\Advanced Spyware Remover\madDisAsm_.bpl
2013-11-09 00:34 - 2009-02-12 15:26 - 00167424 _____ () C:\Program Files (x86)\IObit\Advanced Spyware Remover\madBasic_.bpl
2010-08-20 09:57 - 2010-08-20 09:57 - 00619816 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2010-08-20 09:57 - 2010-08-20 09:57 - 00013096 _____ () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2013-11-14 16:39 - 2013-11-14 03:28 - 00702416 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libglesv2.dll
2013-11-14 16:39 - 2013-11-14 03:28 - 00099792 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\libegl.dll
2013-11-14 16:39 - 2013-11-14 03:29 - 04055504 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll
2013-11-14 16:39 - 2013-11-14 03:29 - 00399312 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll
2013-11-14 16:39 - 2013-11-14 03:28 - 01619408 _____ () C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ffmpegsumo.dll
2013-11-09 00:34 - 2009-12-10 16:53 - 00511312 _____ () C:\Program Files (x86)\IObit\Advanced Spyware Remover\sqlite3.dll
2013-11-09 00:34 - 2009-01-12 18:56 - 00071504 _____ () C:\Program Files (x86)\IObit\Advanced Spyware Remover\taskdll.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:0F64164E
AlternateDataStreams: C:\ProgramData\Temp:10CB85CA
AlternateDataStreams: C:\ProgramData\Temp:120B3AFD
AlternateDataStreams: C:\ProgramData\Temp:2AD33723
AlternateDataStreams: C:\ProgramData\Temp:2AE74FF9
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:3C4BD225
AlternateDataStreams: C:\ProgramData\Temp:3D4B733E
AlternateDataStreams: C:\ProgramData\Temp:40EE25BB
AlternateDataStreams: C:\ProgramData\Temp:43CBFAB2
AlternateDataStreams: C:\ProgramData\Temp:48862C37
AlternateDataStreams: C:\ProgramData\Temp:54403233
AlternateDataStreams: C:\ProgramData\Temp:69F562A6
AlternateDataStreams: C:\ProgramData\Temp:71A89A93
AlternateDataStreams: C:\ProgramData\Temp:A6FE7BCC
AlternateDataStreams: C:\ProgramData\Temp:B504E4C2
AlternateDataStreams: C:\ProgramData\Temp:BCF55336
AlternateDataStreams: C:\ProgramData\Temp:C900B47A
AlternateDataStreams: C:\ProgramData\Temp:CA0CE093
AlternateDataStreams: C:\ProgramData\Temp:CF61CE5A
AlternateDataStreams: C:\ProgramData\Temp:FFC3922F

==================== Safe Mode (whitelisted) ===================

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/26/2013 04:40:50 PM) (Source: ASRservice) (User: )
Description: The handle is invalid

Error: (11/26/2013 04:40:50 PM) (Source: ASRservice) (User: )
Description: The handle is invalid

Error: (11/26/2013 04:40:08 PM) (Source: Application Error) (User: )
Description: Faulting application name: wlmail.exe, version: 15.4.3555.308, time stamp: 0x4f59707e
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229, time stamp: 0x51fb1116
Exception code: 0xc06d007e
Fault offset: 0x0000c41f
Faulting process id: 0x582ac
Faulting application start time: 0xwlmail.exe0
Faulting application path: wlmail.exe1
Faulting module path: wlmail.exe2
Report Id: wlmail.exe3

Error: (11/15/2013 08:43:16 AM) (Source: ASRservice) (User: )
Description: The handle is invalid

Error: (11/15/2013 08:43:16 AM) (Source: ASRservice) (User: )
Description: The handle is invalid

Error: (11/12/2013 11:26:25 PM) (Source: Application Error) (User: )
Description: Faulting application name: FBAgent.exe, version: 1.0.10.0, time stamp: 0x4d6f576c
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000374
Fault offset: 0x00000000000c4102
Faulting process id: 0x514
Faulting application start time: 0xFBAgent.exe0
Faulting application path: FBAgent.exe1
Faulting module path: FBAgent.exe2
Report Id: FBAgent.exe3

Error: (11/12/2013 06:55:18 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 30061

Error: (11/12/2013 06:55:18 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 30061

Error: (11/12/2013 06:55:18 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/12/2013 06:55:17 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 29032

System errors:
=============
Error: (11/28/2013 11:37:58 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (11/27/2013 00:00:47 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (11/25/2013 00:52:30 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (11/21/2013 05:37:35 PM) (Source: Microsoft-Windows-BitLocker-Driver) (User: NT AUTHORITY)
Description: Encrypted volume check: Volume information on F: cannot be read.

Error: (11/19/2013 10:55:26 AM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (11/19/2013 10:54:17 AM) (Source: DCOM) (User: )
Description: {ED1D0FDF-4414-470A-A56D-CFB68623FC58}

Error: (11/17/2013 02:02:56 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (11/17/2013 02:02:56 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (11/17/2013 02:02:56 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (11/17/2013 02:02:56 PM) (Source: Service Control Manager) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Microsoft Office Sessions:
=========================
Error: (11/26/2013 04:40:50 PM) (Source: ASRservice)(User: )
Description: The handle is invalid

Error: (11/26/2013 04:40:50 PM) (Source: ASRservice)(User: )
Description: The handle is invalid

Error: (11/26/2013 04:40:08 PM) (Source: Application Error)(User: )
Description: wlmail.exe15.4.3555.3084f59707eKERNELBASE.dll6.1.7601.1822951fb1116c06d007e0000c41f582ac01ceeb0937df4c11C:\Program Files (x86)\Windows Live\Mail\wlmail.exeC:\Windows\syswow64\KERNELBASE.dll766f9330-56fc-11e3-bc6e-0015833d0a57

Error: (11/15/2013 08:43:16 AM) (Source: ASRservice)(User: )
Description: The handle is invalid

Error: (11/15/2013 08:43:16 AM) (Source: ASRservice)(User: )
Description: The handle is invalid

Error: (11/12/2013 11:26:25 PM) (Source: Application Error)(User: )
Description: FBAgent.exe1.0.10.04d6f576cntdll.dll6.1.7601.18247521eaf24c000037400000000000c410251401cee02638c859a4C:\Windows\system32\FBAgent.exeC:\Windows\SYSTEM32\ntdll.dlle6a1b0c5-4c34-11e3-bcc4-0015833d0a57

Error: (11/12/2013 06:55:18 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 30061

Error: (11/12/2013 06:55:18 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 30061

Error: (11/12/2013 06:55:18 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (11/12/2013 06:55:17 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 29032

==================== Memory info ===========================

Percentage of memory in use: 42%
Total physical RAM: 5921.14 MB
Available physical RAM: 3414.97 MB
Total Pagefile: 11840.46 MB
Available Pagefile: 8893.58 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:279.45 GB) (Free:183.17 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (DATA) (Fixed) (Total:394.18 GB) (Free:394.08 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: E3102A4B)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=279 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=394 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#9 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:04 PM

Posted 30 November 2013 - 01:29 PM

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

 

How is your machine running now?

 

 

 

[attachment=144478:fixlist.txt]


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#10 foxerryan

foxerryan
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 30 November 2013 - 02:18 PM

Hi,

 

It seems to give me the problems when I leave the computer on overnight.... then in the morning when I try to open programs they won't open.

 

I'll have to wait a day or two to see if things have been fixed.... as far as Firefox is concerned I deleted it and am using google chrome now so I don't know if the ad hijacking is gone from firefox.

 

Here is the fixlog.txt

 

thanks

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-11-2013
Ran by Snake at 2013-11-30 11:15:41 Run:1
Running from C:\Users\Snake\Desktop
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://sandiego.craigslist.org/
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: weDownload Manager Pro - {11111111-1111-1111-1111-110411361128} - C:\Program Files (x86)\weDownload Manager Pro\weDownload Manager Pro-bho64.dll No File
CHR RestoreOnStartup: "hxxp://sandiego.craigslist.org/"
C:\Users\Snake\AppData\Local\Temp\Quarantine.exe
AlternateDataStreams: C:\ProgramData\Temp:0F64164E
AlternateDataStreams: C:\ProgramData\Temp:10CB85CA
AlternateDataStreams: C:\ProgramData\Temp:120B3AFD
AlternateDataStreams: C:\ProgramData\Temp:2AD33723
AlternateDataStreams: C:\ProgramData\Temp:2AE74FF9
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\ProgramData\Temp:3C4BD225
AlternateDataStreams: C:\ProgramData\Temp:3D4B733E
AlternateDataStreams: C:\ProgramData\Temp:40EE25BB
AlternateDataStreams: C:\ProgramData\Temp:43CBFAB2
AlternateDataStreams: C:\ProgramData\Temp:48862C37
AlternateDataStreams: C:\ProgramData\Temp:54403233
AlternateDataStreams: C:\ProgramData\Temp:69F562A6
AlternateDataStreams: C:\ProgramData\Temp:71A89A93
AlternateDataStreams: C:\ProgramData\Temp:A6FE7BCC
AlternateDataStreams: C:\ProgramData\Temp:B504E4C2
AlternateDataStreams: C:\ProgramData\Temp:BCF55336
AlternateDataStreams: C:\ProgramData\Temp:C900B47A
AlternateDataStreams: C:\ProgramData\Temp:CA0CE093
AlternateDataStreams: C:\ProgramData\Temp:CF61CE5A
AlternateDataStreams: C:\ProgramData\Temp:FFC3922F
*****************
 
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key deleted successfully.
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110411361128} => Key deleted successfully.
HKCR\CLSID\{11111111-1111-1111-1111-110411361128} => Key deleted successfully.
CHR RestoreOnStartup: "hxxp://sandiego.craigslist.org/" ==> The Chrome "Settings" can be used to fix the entry.
C:\Users\Snake\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\ProgramData\Temp => ":0F64164E" ADS removed successfully.
C:\ProgramData\Temp => ":10CB85CA" ADS removed successfully.
C:\ProgramData\Temp => ":120B3AFD" ADS removed successfully.
C:\ProgramData\Temp => ":2AD33723" ADS removed successfully.
C:\ProgramData\Temp => ":2AE74FF9" ADS removed successfully.
C:\ProgramData\Temp => ":2CB9631F" ADS removed successfully.
C:\ProgramData\Temp => ":3C4BD225" ADS removed successfully.
C:\ProgramData\Temp => ":3D4B733E" ADS removed successfully.
C:\ProgramData\Temp => ":40EE25BB" ADS removed successfully.
C:\ProgramData\Temp => ":43CBFAB2" ADS removed successfully.
C:\ProgramData\Temp => ":48862C37" ADS removed successfully.
C:\ProgramData\Temp => ":54403233" ADS removed successfully.
C:\ProgramData\Temp => ":69F562A6" ADS removed successfully.
C:\ProgramData\Temp => ":71A89A93" ADS removed successfully.
C:\ProgramData\Temp => ":A6FE7BCC" ADS removed successfully.
C:\ProgramData\Temp => ":B504E4C2" ADS removed successfully.
C:\ProgramData\Temp => ":BCF55336" ADS removed successfully.
C:\ProgramData\Temp => ":C900B47A" ADS removed successfully.
C:\ProgramData\Temp => ":CA0CE093" ADS removed successfully.
C:\ProgramData\Temp => ":CF61CE5A" ADS removed successfully.
C:\ProgramData\Temp => ":FFC3922F" ADS removed successfully.
 
==== End of Fixlog ====


#11 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:04 PM

Posted 30 November 2013 - 02:21 PM

Go ahead and run this tool also :

 

Download Windows Repair (all in one) from this site

Install the program then run it.

Go to Step 2 and allow it to run CheckDisk by clicking on Do It button:

p22001645.gif



Once that is done then go to Step 3 and allow it to run System File Check by clicking on Do It button:

p22001646.gif


Go to Step 4 and under "System Restore" click on Create button:

p22001644.gif


Go to Start Repairs tab and click Start button.

p22001166.gif


Please ensure that ONLY items seen in the image below are ticked as indicated (they're all checked by default):

p22001647.gif

Click on box next to the Restart System when Finished. Then click on Start.


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#12 foxerryan

foxerryan
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 30 November 2013 - 10:30 PM

ok I did that... seems like things are loading slower now since the last restart...

 

 

 

 

(edit) the initial startup was slow but after that things seem to be loading like before....

 

I'll leave the computer on for a night or two then see if I have the same problems loading programs.

 

Thanks for the help,


Edited by foxerryan, 30 November 2013 - 11:04 PM.


#13 foxerryan

foxerryan
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 01 December 2013 - 02:51 PM

Hmm well i woke up this morning and tried to open microsoft word starter and it won't open... double clicking on the icon does nothing...

 

The shut down menu on the start menu is also doing the same thing.... it won't let me click on the small arrow next to where it says "shut down" so I can't restart the computer or log off this user.

 

If I log off and then log on back again I can open MS word.... but now the only option I have is to shut down and then start up again.

 

 

(EDIT) Also wanted to note that I just received an email and am unable to open it or any other emails with windows live mail.

 

The error says: "One or more parts of this message could not be displayed" with an OK box.. when clicked another error box appears saying "a problem occurred while trying to open this message, please try again"


Edited by foxerryan, 01 December 2013 - 03:42 PM.


#14 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:03:04 PM

Posted 03 December 2013 - 03:23 PM

1.

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    image000q.png
  • Put a checkmark beside loaded modules.
    2012081514h0118.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    2012081517h0349.png
  • Click the Start Scan button.
    19695967.jpg
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    67776163.jpg
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    62117367.jpg
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.

 

 

2.

Install Recovery Console and Run ComboFix

This tool is not a toy. If used the wrong way you could trash your computer. Please use only under direction of a Helper. If you decide to do so anyway, please do not blame me or ComboFix.

Download Combofix from any of the links below, and save it to your desktop

Link 1
Link 2

  • Close/disable all anti-virus and anti-malware programs so they do not interfere with the running of ComboFix. Refer to this page if you are not sure how.
  • Close any open windows, including this one.
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.  It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • If you did not have it installed, you will see the prompt below. Choose YES.
  • RcAuto1.gif
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Note:The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode. This allows us to more easily help you
should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

  • Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

    whatnext.png
  • Click on Yes, to continue scanning for malware.
  • When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).
Leave your computer alone while ComboFix is running.
ComboFix will restart your computer if malware is found; allow it to do so.


Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.
 


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#15 foxerryan

foxerryan
  • Topic Starter

  • Members
  • 21 posts
  • OFFLINE
  •  
  • Local time:12:04 PM

Posted 03 December 2013 - 04:14 PM

Hi,

 

I ran tdskiller and it found nothing.

 

I ran combofix and it deleted a couple files, after the scan was done a log was created and there was no system restart.

 

Deleted files:

 

c:\windows\msvcr71.dll
c:\windows\SysWow64\FlashPlayerApp.exe
 
 
I can paste the log if you need it.
 
 
 
Thanks,





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users