Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Zekos


  • This topic is locked This topic is locked
25 replies to this topic

#1 pantherr

pantherr

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 10 April 2014 - 08:50 AM

I have been told that I have the latest Zekos. I run Windows 7 and get random audio sporadically in the background. I started trying to fix it with this: http://malwaretips.com/blogs/remove-random-audio-ads-virus/ and when that didn't work I came here and started this: http://www.bleepingcomputer.com/forums/t/530588/audio-playing-in-backround-virus/

I was directed to dl and run DDS and here is the info

 

net Explorer: 11.0.9600.16521
Run by Rachelle at 8:37:18 on 2014-04-10
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.12251.6760 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Program Files\HitmanPro\hmpsched.exe
C:\Program Files (x86)\AOL Computer Checkup\SDCService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\mfevtps.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\McAfee\MSC\McAPExe.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\AOL Computer Checkup\sdcCont.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\IndicatorOSD.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil64_13_0_0_182_ActiveX.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
C:\Windows\System32\MsSpellCheckingFacility.exe
C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
svchost.exe
C:\Windows\System32\Notepad.exe
C:\Program Files (x86)\Battle.net\Battle.net.4397\Battle.net.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - LocalServer32 - <no file>
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [Chicony_OSD] "C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [MakiwaraNotify] "C:\Program Files (x86)\AOL Computer Checkup\sdccont.exe" /dummy /cfg "C:\Program Files (x86)\AOL Computer Checkup\uiFramework\common\PCPowerCare.xml" /notificationtoaster /mutexname notificationtoaster /hideWindow
mRun: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
TCP: NameServer = 97.64.183.164 97.64.209.37
TCP: Interfaces\{E8781FEF-C398-409A-A254-D95B4C1C2030} : DHCPNameServer = 97.64.183.164 97.64.209.37
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: AOL Toolbar Loader: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - LocalServer32 - <no file>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-TB: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - LocalServer32 - <no file>
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX4
x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe"
x64-Run: [AthBtTray] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe"
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\MSC\McSnIePl64.dll
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-7-25 16152]
R1 A2DDA;A2 Direct Disk Access Support Driver;C:\EEK\Run\a2ddax64.sys [2014-4-9 26176]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-7-25 98208]
R2 AOL Computer Checkup;AOL Computer Checkup;C:\Program Files (x86)\AOL Computer Checkup\sdcService.exe [2014-1-21 586840]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe [2011-12-29 106144]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2014-1-13 198664]
R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2014-4-9 127752]
R2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2014-4-9 328928]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-7-25 13592]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-1-10 627936]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-4-7 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-4-7 857912]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
R2 McAPExe;McAfee AP Service;C:\Program Files\mcafee\MSC\McAPExe.exe [2014-4-9 178528]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2014-4-9 328928]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2014-4-9 328928]
R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2014-4-9 328928]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2014-4-9 328928]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2012-7-25 197960]
R2 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2011-3-13 311600]
R2 mfecore;McAfee Anti-Malware Core;C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe [2014-4-9 1025712]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2012-7-25 219752]
R2 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2011-3-13 783864]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2012-7-25 185792]
R2 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2011-3-13 344688]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-4-4 1593632]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-4-4 16939296]
R2 OSDSvc;ChiconyOSDService;C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe [2012-7-25 176128]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-7-25 1695040]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-7-25 363800]
R2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [2011-12-29 158880]
R2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [2012-7-25 76960]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2011-12-29 36000]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2011-12-29 338592]
R3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\System32\drivers\btath_avdt.sys [2011-12-29 110752]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2011-12-29 30368]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2011-12-29 167584]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2011-12-29 68256]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2011-12-29 280992]
R3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2011-12-29 548000]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2011-3-13 70592]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-7-25 331264]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-7-25 356120]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-7-25 787736]
R3 LVUVC64;Logitech HD Webcam C510(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-4-7 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-4-7 119512]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-4-7 63192]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2011-3-13 520696]
R3 mfencbdc;McAfee Inc. mfencbdc;C:\Windows\System32\drivers\mfencbdc.sys [2014-1-21 422712]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-4-4 39200]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-7-25 648808]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]
S2 CLKMSVC10_9EC60124;CyberLink Product - 2012/07/25 19:08:22;C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2012-3-27 242448]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 cleanhlp;cleanhlp;C:\EEK\Run\cleanhlp64.sys [2014-4-9 57024]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2014-4-9 197704]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-4-4 111616]
S3 mfencrk;McAfee Inc. mfencrk;C:\Windows\System32\drivers\mfencrk.sys [2014-1-21 96592]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2011-3-13 98728]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-4-5 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-04-10 00:45:27 -------- d-----w- C:\TDSSKiller_Quarantine
2014-04-09 23:12:18 -------- d-----w- C:\Users\Rachelle\AppData\Local\CrashDumps
2014-04-09 22:36:44 1748 ----a-w- C:\Windows\System32\regHiveData.bin
2014-04-09 22:22:39 -------- d-----w- C:\Windows\ERUNT
2014-04-09 22:18:26 -------- d-----w- C:\AdwCleaner
2014-04-09 21:30:54 -------- d-----w- C:\EEK
2014-04-09 21:28:12 12872 ----a-w- C:\Windows\System32\bootdelete.exe
2014-04-09 21:25:22 -------- d-----w- C:\Program Files\HitmanPro
2014-04-09 21:24:52 -------- d-----w- C:\ProgramData\HitmanPro
2014-04-09 21:09:14 -------- d-----w- C:\Users\Rachelle\AppData\Local\ElevatedDiagnostics
2014-04-09 19:45:46 197704 ----a-w- C:\Windows\System32\drivers\HipShieldK.sys
2014-04-09 19:45:30 -------- d-----w- C:\Program Files (x86)\McAfee.com
2014-04-09 19:45:16 -------- d-----w- C:\Program Files\McAfee.com
2014-04-09 19:45:15 -------- d-----w- C:\Program Files (x86)\McAfee
2014-04-09 02:14:35 -------- d-----w- C:\Users\Rachelle\AppData\Local\Adobe
2014-04-07 15:57:27 -------- d-----w- C:\ProgramData\VirtualizedApplications
2014-04-07 13:47:09 -------- d-----w- C:\Users\Rachelle\AppData\Roaming\SoftGrid Client
2014-04-07 13:47:09 -------- d-----w- C:\Users\Rachelle\AppData\Local\SoftGrid Client
2014-04-07 13:46:54 -------- d-----w- C:\Program Files (x86)\Microsoft Application Virtualization Client
2014-04-07 13:46:49 -------- d-----w- C:\Users\Rachelle\AppData\Roaming\TP
2014-04-07 12:44:51 119512 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-04-07 12:44:29 88280 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-04-07 12:44:29 63192 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-04-07 12:44:29 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-04-07 12:44:29 -------- d-----w- C:\ProgramData\Malwarebytes
2014-04-07 12:44:29 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-05 19:26:28 67072 ----a-w- C:\Windows\splwow64.exe
2014-04-05 19:26:28 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2014-04-05 08:51:08 -------- d-----w- C:\Windows\SysWow64\Wat
2014-04-05 08:51:08 -------- d-----w- C:\Windows\System32\Wat
2014-04-05 08:33:10 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2014-04-05 08:33:10 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2014-04-05 08:33:09 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2014-04-05 08:33:09 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2014-04-05 08:22:12 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2014-04-05 08:05:56 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2014-04-05 08:05:56 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2014-04-05 08:05:55 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2014-04-05 08:05:55 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2014-04-05 08:05:55 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2014-04-05 08:05:55 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2014-04-05 08:05:55 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2014-04-05 08:04:00 548864 ----a-w- C:\Windows\System32\vbscript.dll
2014-04-05 08:04:00 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-04-04 21:13:56 -------- d-----w- C:\Users\Rachelle\AppData\Local\NVIDIA Corporation
2014-04-04 21:13:48 511328 ----a-w- C:\Windows\System32\d3dx10_43.dll
2014-04-04 21:13:48 470880 ----a-w- C:\Windows\SysWow64\d3dx10_43.dll
2014-04-04 21:13:48 276832 ----a-w- C:\Windows\System32\d3dx11_43.dll
2014-04-04 21:13:48 248672 ----a-w- C:\Windows\SysWow64\d3dx11_43.dll
2014-04-04 21:13:48 2401112 ----a-w- C:\Windows\System32\D3DX9_43.dll
2014-04-04 21:13:48 1998168 ----a-w- C:\Windows\SysWow64\D3DX9_43.dll
2014-04-04 21:13:47 1179576 ----a-w- C:\Windows\System32\nvspcap64.dll
2014-04-04 21:13:47 1048152 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2014-04-04 21:13:23 39200 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2014-04-04 21:13:23 35104 ----a-w- C:\Windows\System32\nvaudcap64v.dll
2014-04-04 21:13:23 33056 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
2014-04-04 20:42:03 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-04-04 20:42:03 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-04-04 16:27:49 111448 ----a-w- C:\Windows\System32\consent.exe
2014-04-04 16:26:51 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2014-04-04 16:25:59 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2014-04-04 16:24:42 800768 ----a-w- C:\Windows\System32\usp10.dll
2014-04-04 16:23:55 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
2014-04-04 16:22:52 202752 ----a-w- C:\Windows\System32\scrrun.dll
2014-04-04 02:46:23 -------- d-----w- C:\Emergency
2014-04-04 02:39:05 -------- d-----w- C:\Windows\SMINST
2014-04-04 01:56:29 -------- d-----w- C:\Users\Rachelle\AppData\Roaming\Battle.net
2014-04-04 01:56:29 -------- d-----w- C:\Users\Rachelle\AppData\Local\Battle.net
2014-04-04 01:56:23 -------- d-----w- C:\ProgramData\Blizzard Entertainment
2014-04-04 01:56:23 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment
2014-04-04 01:56:23 -------- d-----w- C:\Program Files (x86)\Battle.net
2014-04-04 01:51:48 -------- d-----w- C:\ProgramData\Battle.net
2014-04-04 01:08:56 68608 ----a-w- C:\Windows\System32\taskhost.exe
2014-04-04 01:07:35 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2014-04-04 01:07:35 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2014-04-04 00:44:14 -------- d-----w- C:\Windows\SystemRepair
2014-04-04 00:43:42 -------- d-----w- C:\Users\Rachelle\AppData\Roaming\AOL
2014-04-04 00:43:37 -------- d-----w- C:\ProgramData\AOL Computer Checkup
2014-04-04 00:28:26 8537680 ----a-w- C:\ProgramData\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE
2014-04-04 00:26:29 -------- d-----w- C:\Users\Rachelle\Dropbox
2014-04-04 00:26:19 -------- d-----w- C:\Users\Rachelle\AppData\Roaming\Oberon Media
2014-04-04 00:26:19 -------- d-----w- C:\Users\Rachelle\AppData\Roaming\NVIDIA
2014-04-04 00:26:06 -------- d-----w- C:\Users\Rachelle\AppData\Roaming\Meridian93
2014-04-04 00:26:06 -------- d-----w- C:\Users\Rachelle\AppData\Roaming\Malwarebytes
2014-04-04 00:26:06 -------- d-----w- C:\Users\Rachelle\AppData\Roaming\Dropbox
2014-04-04 00:26:05 -------- d-----w- C:\Users\Rachelle\AppData\Local\Skype
2014-04-04 00:26:03 -------- d-----w- C:\Users\Rachelle\AppData\Local\Programs
2014-04-04 00:25:58 -------- d-----w- C:\Users\Rachelle\AppData\Local\Oberon Games
2014-04-04 00:25:58 -------- d-----w- C:\Users\Rachelle\AppData\Local\NVIDIA
2014-04-04 00:25:41 -------- d-----w- C:\Users\Rachelle\AppData\Local\LogiShrd
2014-04-04 00:25:38 -------- d-----w- C:\Users\Rachelle\AppData\Local\Google
2014-04-04 00:25:38 -------- d-----w- C:\Users\Rachelle\AppData\Local\Cyberlink
2014-04-04 00:25:38 -------- d-----w- C:\Users\Rachelle\AppData\Local\Blizzard Entertainment
2014-04-04 00:25:38 -------- d-----w- C:\Users\Rachelle\AppData\Local\Blizzard
2014-04-04 00:25:29 -------- d-----w- C:\Program Files\Ventrilo
2014-04-04 00:25:19 -------- d-----w- C:\Program Files\McAfee Security Scan
2014-04-04 00:25:02 -------- d-----w- C:\Program Files (x86)\YNAB 4
2014-04-04 00:23:59 -------- d-----w- C:\NVIDIA
2014-04-04 00:20:54 -------- d-----w- C:\TrustedID IDMonitor Identity Protection
2014-04-04 00:18:18 -------- d-----w- C:\Program Files (x86)\Dell Digital Delivery
2014-04-04 00:12:39 -------- d-----w- C:\Users\Rachelle\AppData\Roaming\Intel Corporation
2014-04-04 00:11:40 -------- d-----w- C:\Users\Rachelle\AppData\Local\BMExplorer
2014-04-04 00:11:39 -------- d-----w- C:\Users\Rachelle\AppData\Roaming\Atheros
2014-04-04 00:11:23 -------- d-sh--w- C:\$RECYCLE.BIN
2014-04-04 00:11:22 -------- d-----w- C:\Users\Rachelle\AppData\Local\VirtualStore
.
==================== Find3M  ====================
.
2014-04-09 02:15:10 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-09 02:15:10 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-04-04 01:08:09 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-03-01 05:17:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-03-01 05:16:26 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-03-01 04:52:55 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-03-01 04:51:59 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-03-01 04:33:52 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-03-01 04:33:34 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-03-01 04:32:59 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-03-01 04:23:49 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-01 04:11:20 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-03-01 03:54:33 5768704 ----a-w- C:\Windows\System32\jscript9.dll
2014-03-01 03:52:43 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-03-01 03:51:53 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-01 03:38:26 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-03-01 03:37:35 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-03-01 03:35:11 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-03-01 03:14:15 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-03-01 03:10:28 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-03-01 03:00:08 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-03-01 02:32:16 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-02-07 01:23:30 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-02-04 02:32:12 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-02-04 02:04:11 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-01-29 02:32:18 484864 ----a-w- C:\Windows\System32\wer.dll
2014-01-29 02:06:47 381440 ----a-w- C:\Windows\SysWow64\wer.dll
2014-01-28 02:32:46 228864 ----a-w- C:\Windows\System32\wwansvc.dll
2014-01-27 13:43:26 70592 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2014-01-27 13:37:32 344688 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2014-01-27 13:37:08 185792 ----a-w- C:\Windows\System32\mfevtps.exe
2014-01-27 13:33:26 783864 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2014-01-27 13:31:34 520696 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2014-01-27 13:30:06 311600 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2014-01-27 13:29:22 180272 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
2014-01-21 08:50:46 11336 ----a-w- C:\Windows\System32\drivers\mfeclnrk.sys
2014-01-21 08:50:24 96592 ----a-w- C:\Windows\System32\drivers\mfencrk.sys
2014-01-21 08:50:02 422712 ----a-w- C:\Windows\System32\drivers\mfencbdc.sys
.
============= FINISH:  8:37:58.47 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,731 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:58 PM

Posted 15 April 2014 - 09:00 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/530598 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 pantherr

pantherr
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 15 April 2014 - 09:21 AM

Attached File  Attach2.txt   14.06KB   0 downloads3. I don't know if I have the windows disk, I will look for it when I get home from work.

 

2.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.16521
Run by Rachelle at 9:15:29 on 2014-04-15
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.12251.9822 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
SP: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Program Files\HitmanPro\hmpsched.exe
C:\Program Files (x86)\AOL Computer Checkup\SDCService.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
c:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\mfevtps.exe
C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\McAfee\MSC\McAPExe.exe
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe
C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\IndicatorOSD.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\AOL Computer Checkup\sdcCont.exe
C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\Macromed\Flash\FlashUtil64_13_0_0_182_ActiveX.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
mWinlogon: Userinit = userinit.exe,
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - LocalServer32 - <no file>
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
mRun: [Chicony_OSD] "C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe"
mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [ShwiconXP9106] C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
mRun: [RemoteControl9] "C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe"
mRun: [PDVD9LanguageShortcut] "C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe"
mRun: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mRun: [MakiwaraNotify] "C:\Program Files (x86)\AOL Computer Checkup\sdccont.exe" /dummy /cfg "C:\Program Files (x86)\AOL Computer Checkup\uiFramework\common\PCPowerCare.xml" /notificationtoaster /mutexname notificationtoaster /hideWindow
mRun: [mcpltui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
TCP: NameServer = 97.64.183.164 97.64.209.37
TCP: Interfaces\{E8781FEF-C398-409A-A254-D95B4C1C2030} : DHCPNameServer = 97.64.183.164 97.64.209.37
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: AOL Toolbar Loader: {3ef64538-8b54-4573-b48f-4d34b0238ab2} - LocalServer32 - <no file>
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-TB: AOL Toolbar: {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - LocalServer32 - <no file>
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /MAXX4
x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe"
x64-Run: [AthBtTray] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe"
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\MSC\McSnIePl64.dll
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2012-7-25 16152]
R1 A2DDA;A2 Direct Disk Access Support Driver;C:\EEK\Run\a2ddax64.sys [2014-4-9 26176]
R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2012-7-25 98208]
R2 AOL Computer Checkup;AOL Computer Checkup;C:\Program Files (x86)\AOL Computer Checkup\sdcService.exe [2014-1-21 586840]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe [2011-12-29 106144]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2014-1-13 198664]
R2 HitmanProScheduler;HitmanPro Scheduler;C:\Program Files\HitmanPro\hmpsched.exe [2014-4-9 127752]
R2 HomeNetSvc;McAfee Home Network;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2014-4-9 328928]
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-7-25 13592]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-1-10 627936]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-4-7 1809720]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2014-4-7 857912]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe [2011-1-27 249936]
R2 McAPExe;McAfee AP Service;C:\Program Files\mcafee\MSC\McAPExe.exe [2014-4-9 178528]
R2 McMPFSvc;McAfee Personal Firewall Service;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2014-4-9 328928]
R2 McNaiAnn;McAfee VirusScan Announcer;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2014-4-9 328928]
R2 mcpltsvc;McAfee Platform Services;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2014-4-9 328928]
R2 McProxy;McAfee Proxy Service;C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [2014-4-9 328928]
R2 McShield;McAfee McShield;C:\Program Files\Common Files\mcafee\systemcore\mcshield.exe [2012-7-25 197960]
R2 mfeavfk;McAfee Inc. mfeavfk;C:\Windows\System32\drivers\mfeavfk.sys [2011-3-13 311600]
R2 mfecore;McAfee Anti-Malware Core;C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe [2014-4-9 1025712]
R2 mfefire;McAfee Firewall Core Service;C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe [2012-7-25 219752]
R2 mfehidk;McAfee Inc. mfehidk;C:\Windows\System32\drivers\mfehidk.sys [2011-3-13 783864]
R2 mfevtp;McAfee Validation Trust Protection Service;C:\Windows\System32\mfevtps.exe [2012-7-25 185792]
R2 mfewfpk;McAfee Inc. mfewfpk;C:\Windows\System32\drivers\mfewfpk.sys [2011-3-13 344688]
R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2014-4-4 1593632]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2014-4-4 16939296]
R2 OSDSvc;ChiconyOSDService;C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe [2012-7-25 176128]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2012-7-25 1695040]
R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-7-25 363800]
R2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [2011-12-29 158880]
R2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [2012-7-25 76960]
R3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2011-12-29 36000]
R3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE [2012-6-11 240208]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2011-12-29 338592]
R3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\System32\drivers\btath_avdt.sys [2011-12-29 110752]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2011-12-29 30368]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2011-12-29 167584]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2011-12-29 68256]
R3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2011-12-29 280992]
R3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2011-12-29 548000]
R3 cfwids;McAfee Inc. cfwids;C:\Windows\System32\drivers\cfwids.sys [2011-3-13 70592]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2012-7-25 331264]
R3 iusb3hub;Intel® USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2012-7-25 356120]
R3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2012-7-25 787736]
R3 LVUVC64;Logitech HD Webcam C510(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2014-4-7 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-4-7 119512]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-4-7 63192]
R3 mfefirek;McAfee Inc. mfefirek;C:\Windows\System32\drivers\mfefirek.sys [2011-3-13 520696]
R3 mfencbdc;McAfee Inc. mfencbdc;C:\Windows\System32\drivers\mfencbdc.sys [2014-1-21 422712]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2014-4-4 39200]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2012-7-25 648808]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
S2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE [2012-6-11 193616]
S2 CLKMSVC10_9EC60124;CyberLink Product - 2012/07/25 19:08:22;C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [2012-3-27 242448]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 cleanhlp;cleanhlp;C:\EEK\Run\cleanhlp64.sys [2014-4-9 57024]
S3 HipShieldK;McAfee Inc. HipShieldK;C:\Windows\System32\drivers\HipShieldK.sys [2014-4-9 197704]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-4-4 111616]
S3 mfencrk;McAfee Inc. mfencrk;C:\Windows\System32\drivers\mfencrk.sys [2014-1-21 96592]
S3 mferkdet;McAfee Inc. mferkdet;C:\Windows\System32\drivers\mferkdet.sys [2011-3-13 98728]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2014-4-5 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-04-10 00:45:27 -------- d-----w- C:\TDSSKiller_Quarantine
2014-04-09 23:12:18 -------- d-----w- C:\Users\Rachelle\AppData\Local\CrashDumps
2014-04-09 22:36:44 1748 ----a-w- C:\Windows\System32\regHiveData.bin
2014-04-09 22:22:39 -------- d-----w- C:\Windows\ERUNT
2014-04-09 22:18:26 -------- d-----w- C:\AdwCleaner
2014-04-09 21:30:54 -------- d-----w- C:\EEK
2014-04-09 21:28:12 12872 ----a-w- C:\Windows\System32\bootdelete.exe
2014-04-09 21:25:22 -------- d-----w- C:\Program Files\HitmanPro
2014-04-09 21:24:52 -------- d-----w- C:\ProgramData\HitmanPro
2014-04-09 21:09:14 -------- d-----w- C:\Users\Rachelle\AppData\Local\ElevatedDiagnostics
2014-04-09 19:45:46 197704 ----a-w- C:\Windows\System32\drivers\HipShieldK.sys
2014-04-09 19:45:30 -------- d-----w- C:\Program Files (x86)\McAfee.com
2014-04-09 19:45:16 -------- d-----w- C:\Program Files\McAfee.com
2014-04-09 19:45:15 -------- d-----w- C:\Program Files (x86)\McAfee
2014-04-09 02:14:35 -------- d-----w- C:\Users\Rachelle\AppData\Local\Adobe
2014-04-07 15:57:27 -------- d-----w- C:\ProgramData\VirtualizedApplications
2014-04-07 13:47:09 -------- d-----w- C:\Users\Rachelle\AppData\Roaming\SoftGrid Client
2014-04-07 13:47:09 -------- d-----w- C:\Users\Rachelle\AppData\Local\SoftGrid Client
2014-04-07 13:46:54 -------- d-----w- C:\Program Files (x86)\Microsoft Application Virtualization Client
2014-04-07 13:46:49 -------- d-----w- C:\Users\Rachelle\AppData\Roaming\TP
2014-04-07 12:44:51 119512 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-04-07 12:44:29 88280 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-04-07 12:44:29 63192 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-04-07 12:44:29 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-04-07 12:44:29 -------- d-----w- C:\ProgramData\Malwarebytes
2014-04-07 12:44:29 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-05 19:26:28 67072 ----a-w- C:\Windows\splwow64.exe
2014-04-05 19:26:28 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2014-04-05 08:51:08 -------- d-----w- C:\Windows\SysWow64\Wat
2014-04-05 08:51:08 -------- d-----w- C:\Windows\System32\Wat
2014-04-05 08:33:10 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2014-04-05 08:33:10 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2014-04-05 08:33:09 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2014-04-05 08:33:09 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2014-04-05 08:22:12 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2014-04-05 08:05:56 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2014-04-05 08:05:56 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2014-04-05 08:05:55 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2014-04-05 08:05:55 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2014-04-05 08:05:55 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2014-04-05 08:05:55 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2014-04-05 08:05:55 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2014-04-05 08:04:00 548864 ----a-w- C:\Windows\System32\vbscript.dll
2014-04-05 08:04:00 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-04-04 21:13:56 -------- d-----w- C:\Users\Rachelle\AppData\Local\NVIDIA Corporation
2014-04-04 21:13:48 511328 ----a-w- C:\Windows\System32\d3dx10_43.dll
2014-04-04 21:13:48 470880 ----a-w- C:\Windows\SysWow64\d3dx10_43.dll
2014-04-04 21:13:48 276832 ----a-w- C:\Windows\System32\d3dx11_43.dll
2014-04-04 21:13:48 248672 ----a-w- C:\Windows\SysWow64\d3dx11_43.dll
2014-04-04 21:13:48 2401112 ----a-w- C:\Windows\System32\D3DX9_43.dll
2014-04-04 21:13:48 1998168 ----a-w- C:\Windows\SysWow64\D3DX9_43.dll
2014-04-04 21:13:47 1179576 ----a-w- C:\Windows\System32\nvspcap64.dll
2014-04-04 21:13:47 1048152 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2014-04-04 21:13:23 39200 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2014-04-04 21:13:23 35104 ----a-w- C:\Windows\System32\nvaudcap64v.dll
2014-04-04 21:13:23 33056 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
2014-04-04 20:42:03 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2014-04-04 20:42:03 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2014-04-04 16:27:49 111448 ----a-w- C:\Windows\System32\consent.exe
2014-04-04 16:26:51 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2014-04-04 16:25:59 9216 ----a-w- C:\Windows\System32\rdrmemptylst.exe
2014-04-04 16:24:42 800768 ----a-w- C:\Windows\System32\usp10.dll
2014-04-04 16:23:55 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
2014-04-04 16:22:52 202752 ----a-w- C:\Windows\System32\scrrun.dll
2014-04-04 02:46:23 -------- d-----w- C:\Emergency
2014-04-04 02:39:05 -------- d-----w- C:\Windows\SMINST
2014-04-04 01:56:29 -------- d-----w- C:\Users\Rachelle\AppData\Roaming\Battle.net
2014-04-04 01:56:29 -------- d-----w- C:\Users\Rachelle\AppData\Local\Battle.net
2014-04-04 01:56:23 -------- d-----w- C:\ProgramData\Blizzard Entertainment
2014-04-04 01:56:23 -------- d-----w- C:\Program Files (x86)\Common Files\Blizzard Entertainment
2014-04-04 01:56:23 -------- d-----w- C:\Program Files (x86)\Battle.net
2014-04-04 01:51:48 -------- d-----w- C:\ProgramData\Battle.net
2014-04-04 01:08:56 68608 ----a-w- C:\Windows\System32\taskhost.exe
2014-04-04 01:07:35 1887232 ----a-w- C:\Windows\System32\d3d11.dll
2014-04-04 01:07:35 1505280 ----a-w- C:\Windows\SysWow64\d3d11.dll
2014-04-04 00:44:14 -------- d-----w- C:\Windows\SystemRepair
2014-04-04 00:43:42 -------- d-----w- C:\Users\Rachelle\AppData\Roaming\AOL
2014-04-04 00:43:37 -------- d-----w- C:\ProgramData\AOL Computer Checkup
2014-04-04 00:28:26 8537680 ----a-w- C:\ProgramData\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE
2014-04-04 00:26:29 -------- d-----w- C:\Users\Rachelle\Dropbox
2014-04-04 00:26:19 -------- d-----w- C:\Users\Rachelle\AppData\Roaming\Oberon Media
2014-04-04 00:26:19 -------- d-----w- C:\Users\Rachelle\AppData\Roaming\NVIDIA
2014-04-04 00:26:06 -------- d-----w- C:\Users\Rachelle\AppData\Roaming\Meridian93
2014-04-04 00:26:06 -------- d-----w- C:\Users\Rachelle\AppData\Roaming\Malwarebytes
2014-04-04 00:26:06 -------- d-----w- C:\Users\Rachelle\AppData\Roaming\Dropbox
2014-04-04 00:26:05 -------- d-----w- C:\Users\Rachelle\AppData\Local\Skype
2014-04-04 00:26:03 -------- d-----w- C:\Users\Rachelle\AppData\Local\Programs
2014-04-04 00:25:58 -------- d-----w- C:\Users\Rachelle\AppData\Local\Oberon Games
2014-04-04 00:25:58 -------- d-----w- C:\Users\Rachelle\AppData\Local\NVIDIA
2014-04-04 00:25:41 -------- d-----w- C:\Users\Rachelle\AppData\Local\LogiShrd
2014-04-04 00:25:38 -------- d-----w- C:\Users\Rachelle\AppData\Local\Google
2014-04-04 00:25:38 -------- d-----w- C:\Users\Rachelle\AppData\Local\Cyberlink
2014-04-04 00:25:38 -------- d-----w- C:\Users\Rachelle\AppData\Local\Blizzard Entertainment
2014-04-04 00:25:38 -------- d-----w- C:\Users\Rachelle\AppData\Local\Blizzard
2014-04-04 00:25:29 -------- d-----w- C:\Program Files\Ventrilo
2014-04-04 00:25:19 -------- d-----w- C:\Program Files\McAfee Security Scan
2014-04-04 00:25:02 -------- d-----w- C:\Program Files (x86)\YNAB 4
2014-04-04 00:23:59 -------- d-----w- C:\NVIDIA
2014-04-04 00:20:54 -------- d-----w- C:\TrustedID IDMonitor Identity Protection
2014-04-04 00:18:18 -------- d-----w- C:\Program Files (x86)\Dell Digital Delivery
2014-04-04 00:12:39 -------- d-----w- C:\Users\Rachelle\AppData\Roaming\Intel Corporation
2014-04-04 00:11:40 -------- d-----w- C:\Users\Rachelle\AppData\Local\BMExplorer
2014-04-04 00:11:39 -------- d-----w- C:\Users\Rachelle\AppData\Roaming\Atheros
2014-04-04 00:11:23 -------- d-sh--w- C:\$RECYCLE.BIN
2014-04-04 00:11:22 -------- d-----w- C:\Users\Rachelle\AppData\Local\VirtualStore
.
==================== Find3M  ====================
.
2014-04-09 02:15:10 70832 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-09 02:15:10 692400 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-04-04 01:08:09 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-03-01 05:17:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-03-01 05:16:26 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-03-01 04:52:55 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-03-01 04:51:59 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-03-01 04:33:52 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-03-01 04:33:34 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-03-01 04:32:59 708608 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-03-01 04:23:49 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-03-01 04:11:20 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-03-01 03:54:33 5768704 ----a-w- C:\Windows\System32\jscript9.dll
2014-03-01 03:52:43 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-03-01 03:51:53 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-03-01 03:38:26 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-03-01 03:37:35 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-03-01 03:35:11 2041856 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-03-01 03:14:15 4244480 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-03-01 03:10:28 2334208 ----a-w- C:\Windows\System32\wininet.dll
2014-03-01 03:00:08 1964032 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-03-01 02:32:16 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-02-07 01:23:30 3156480 ----a-w- C:\Windows\System32\win32k.sys
2014-02-04 02:32:12 624128 ----a-w- C:\Windows\System32\qedit.dll
2014-02-04 02:04:11 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2014-01-29 02:32:18 484864 ----a-w- C:\Windows\System32\wer.dll
2014-01-29 02:06:47 381440 ----a-w- C:\Windows\SysWow64\wer.dll
2014-01-28 02:32:46 228864 ----a-w- C:\Windows\System32\wwansvc.dll
2014-01-27 13:43:26 70592 ----a-w- C:\Windows\System32\drivers\cfwids.sys
2014-01-27 13:37:32 344688 ----a-w- C:\Windows\System32\drivers\mfewfpk.sys
2014-01-27 13:37:08 185792 ----a-w- C:\Windows\System32\mfevtps.exe
2014-01-27 13:33:26 783864 ----a-w- C:\Windows\System32\drivers\mfehidk.sys
2014-01-27 13:31:34 520696 ----a-w- C:\Windows\System32\drivers\mfefirek.sys
2014-01-27 13:30:06 311600 ----a-w- C:\Windows\System32\drivers\mfeavfk.sys
2014-01-27 13:29:22 180272 ----a-w- C:\Windows\System32\drivers\mfeapfk.sys
2014-01-21 08:50:46 11336 ----a-w- C:\Windows\System32\drivers\mfeclnrk.sys
2014-01-21 08:50:24 96592 ----a-w- C:\Windows\System32\drivers\mfencrk.sys
2014-01-21 08:50:02 422712 ----a-w- C:\Windows\System32\drivers\mfencbdc.sys
.
============= FINISH:  9:18:08.17 ===============
 


Edited by pantherr, 15 April 2014 - 09:25 AM.


#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:58 PM

Posted 16 April 2014 - 05:24 AM

Hello pantherr,



I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.

Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.





I would like you to run this program for me.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
search for file

I need to find out some more information about one of the files on the computer

Please run FRST like you did before but this time I would like you to

Type the following in the edit box after "Search:".

rpcss.dll

It then should look like:

Search: rpcss.dll

Click Search button and post the log (Search.txt) it makes to your reply.



When you reply to me it should be with 3 reports

FRST.txt
addition.txt
search.txt



Gringo

Edited by gringo_pr, 16 April 2014 - 05:26 AM.

I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 pantherr

pantherr
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 16 April 2014 - 02:07 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 16-04-2014 02
Ran by Rachelle (administrator) on RACHELLE-PC on 16-04-2014 13:58:51
Running from C:\Users\Rachelle\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Support.com, Inc.) C:\Program Files (x86)\AOL Computer Checkup\SDCService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
(Intel® Corporation) c:\Program Files\Intel\iCLS Client\HeciServer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(McAfee, Inc.) C:\Windows\system32\mfevtps.exe
(Dell, Inc.) C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Chicony) C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe
(SoftThinks SAS) C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Atheros) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
() C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Alcor Micro Corp.) C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
(DELL) C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\IndicatorOSD.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Support.com, Inc.) C:\Program Files (x86)\AOL Computer Checkup\sdcCont.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
() Q:\140066.enu\Office14\WINWORDC.EXE
() C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
() Q:\140066.enu\Office14\OffSpon.EXE
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\mcuicnt.exe
(Microsoft Corporation) C:\Windows\system32\calc.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Adobe Systems Incorporated) C:\Windows\system32\Macromed\Flash\FlashUtil64_13_0_0_182_ActiveX.exe

==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6457960 2011-12-23] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1156712 2011-11-15] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe [1014432 2011-12-29] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe [800416 2011-12-29] (Atheros Commnucations)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2234144 2014-01-20] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1179576 2014-01-20] (NVIDIA Corporation)
HKLM-x32\...\Run: [Chicony_OSD] => C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe [53248 2011-01-12] ()
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284440 2012-02-01] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-17] (Intel Corporation)
HKLM-x32\...\Run: [ShwiconXP9106] => C:\Program Files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe [237568 2010-03-10] (Alcor Micro Corp.)
HKLM-x32\...\Run: [RemoteControl9] => C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-10-01] (CyberLink Corp.)
HKLM-x32\...\Run: [PDVD9LanguageShortcut] => C:\Program Files (x86)\CyberLink\PowerDVD9\Language\Language.exe [50472 2010-09-17] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [76872 2012-03-27] (cyberlink)
HKLM-x32\...\Run: [Dell DataSafe Online] => C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe [1117528 2010-08-25] (Dell, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-01-28] (McAfee, Inc.)
HKLM-x32\...\Run: [MakiwaraNotify] => C:\Program Files (x86)\AOL Computer Checkup\sdccont.exe [84056 2014-01-21] (Support.com, Inc.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-01-28] (McAfee, Inc.)
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\S-1-5-21-2142868840-1198080995-3666999323-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20922016 2014-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-2142868840-1198080995-3666999323-1001\...\MountPoints2: {cd5932c8-d6c2-11e1-9ef9-806e6f6e6963} - D:\setup.exe
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/USCON/1
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - DefaultScope {F6DFAE89-12C9-4C83-9032-DB22754B9689} URL =
SearchScopes: HKCU - {F6DFAE89-12C9-4C83-9032-DB22754B9689} URL =
BHO: AOL Toolbar Loader - {3ef64538-8b54-4573-b48f-4d34b0238ab2} -  No File
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: CIESpeechBHO Class - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM - AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} -  No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - AOL Toolbar - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} -  No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\mcafee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 97.64.183.164 97.64.209.37
FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-04-09]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2014-04-09]
Chrome:
=======
CHR HomePage: hxxp://www.google.com/
CHR Extension: (Google Docs) - C:\Users\Rachelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-09]
CHR Extension: (Google Drive) - C:\Users\Rachelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-09]
CHR Extension: (YouTube) - C:\Users\Rachelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-09]
CHR Extension: (Google Search) - C:\Users\Rachelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-09]
CHR Extension: (SiteAdvisor) - C:\Users\Rachelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-04-09]
CHR Extension: (Google Wallet) - C:\Users\Rachelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-03]
CHR Extension: (Gmail) - C:\Users\Rachelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-09]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-04-09]
==================== Services (Whitelisted) =================
S2 0189031397601577mcinstcleanup; C:\Windows\TEMP\018903~1.EXE [836168 2014-03-13] (McAfee, Inc.)
R2 AOL Computer Checkup; C:\Program Files (x86)\AOL Computer Checkup\SDCService.exe [586840 2014-01-21] (Support.com, Inc.)
S2 CLKMSVC10_9EC60124; C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [242448 2012-03-27] (CyberLink)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2014-04-09] (SurfRight B.V.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [249936 2011-01-27] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-01-28] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McShield; C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe [197960 2011-03-13] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025712 2014-01-21] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-03-17] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [185792 2014-03-17] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1593632 2014-01-20] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [16939296 2014-01-20] (NVIDIA Corporation)
R2 OSDSvc; C:\Program Files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe [176128 2010-12-01] (Chicony)
R2 ZAtheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [158880 2011-12-29] (Atheros)
R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [76960 2011-12-26] (Atheros)
==================== Drivers (Whitelisted) ====================
R1 A2DDA; C:\EEK\RUN\a2ddax64.sys [26176 2014-04-09] (Emsisoft GmbH)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-03-17] (McAfee, Inc.)
S3 cleanhlp; C:\EEK\Run\cleanhlp64.sys [57024 2014-04-09] (Emsisoft GmbH)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-04-03] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [119512 2014-04-16] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-04-03] (Malwarebytes Corporation)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-03-17] (McAfee, Inc.)
U3 mfeapfk01; No ImagePath
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-03-17] (McAfee, Inc.)
U3 mfeavfk01; No ImagePath
U3 mfeavfk02; No ImagePath
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-03-17] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [783864 2014-03-17] (McAfee, Inc.)
U3 mfehidk01; No ImagePath
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [422712 2014-01-21] (McAfee, Inc.)
U3 mfencbdc01; No ImagePath
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-01-21] (McAfee, Inc.)
S3 mferkdet; C:\Windows\System32\drivers\mferkdet.sys [98728 2011-03-13] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [345456 2014-03-17] (McAfee, Inc.)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39200 2013-12-27] (NVIDIA Corporation)
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========
2014-04-16 13:58 - 2014-04-16 13:58 - 02158592 _____ (Farbar) C:\Users\Rachelle\Desktop\FRST64.exe
2014-04-16 13:58 - 2014-04-16 13:58 - 00020925 _____ () C:\Users\Rachelle\Desktop\FRST.txt
2014-04-16 13:58 - 2014-04-16 13:58 - 00000000 ____D () C:\FRST
2014-04-15 09:18 - 2014-04-15 09:18 - 00014395 _____ () C:\Users\Rachelle\Desktop\Attach2.txt
2014-04-15 09:11 - 2014-04-15 09:11 - 00000000 ___RD () C:\Users\Rachelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-04-10 08:38 - 2014-04-15 09:18 - 00032056 _____ () C:\Users\Rachelle\Desktop\dds.txt
2014-04-10 08:38 - 2014-04-15 09:18 - 00014395 _____ () C:\Users\Rachelle\Desktop\attach.txt
2014-04-09 19:45 - 2014-04-09 19:45 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-04-09 18:12 - 2014-04-14 12:47 - 00000000 ____D () C:\Users\Rachelle\AppData\Local\CrashDumps
2014-04-09 17:36 - 2014-04-09 17:36 - 00001748 _____ () C:\Windows\system32\regHiveData.bin
2014-04-09 17:30 - 2014-04-09 17:30 - 00000636 _____ () C:\Users\Rachelle\Desktop\JRT.txt
2014-04-09 17:22 - 2014-04-09 17:22 - 00000000 ____D () C:\Windows\ERUNT
2014-04-09 17:18 - 2014-04-09 18:33 - 00000000 ____D () C:\AdwCleaner
2014-04-09 16:30 - 2014-04-09 16:30 - 00000548 _____ () C:\Users\Rachelle\Desktop\Emsisoft Emergency Kit.lnk
2014-04-09 16:30 - 2014-04-09 16:30 - 00000000 ____D () C:\EEK
2014-04-09 16:28 - 2014-04-09 16:28 - 00027904 _____ () C:\Windows\system32\bootdelete.lst
2014-04-09 16:28 - 2014-04-09 16:28 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-04-09 16:25 - 2014-04-09 16:25 - 00001899 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-04-09 16:25 - 2014-04-09 16:25 - 00000000 ____D () C:\Program Files\HitmanPro
2014-04-09 16:24 - 2014-04-09 16:28 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-04-09 16:23 - 2014-04-09 16:23 - 00055689 _____ () C:\Users\Rachelle\Desktop\RKreport[0]_D_04092014_162333.txt
2014-04-09 16:23 - 2014-04-09 16:23 - 00055548 _____ () C:\Users\Rachelle\Desktop\RKreport[0]_S_04092014_162302.txt
2014-04-09 16:20 - 2014-04-09 16:24 - 00000000 ____D () C:\Users\Rachelle\Desktop\RK_Quarantine
2014-04-09 16:10 - 2014-04-10 08:11 - 00002954 _____ () C:\Users\Rachelle\Desktop\Rkill.txt
2014-04-09 15:31 - 2014-04-09 15:32 - 04118841 _____ () C:\Users\Rachelle\Downloads\tdsskiller.zip
2014-04-09 14:46 - 2014-04-15 19:49 - 00001846 _____ () C:\Users\Public\Desktop\McAfee Security Center.lnk
2014-04-09 14:45 - 2014-04-15 17:39 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-04-09 14:45 - 2014-04-09 14:45 - 00000000 ____D () C:\Program Files\McAfee.com
2014-04-09 14:45 - 2014-04-09 14:45 - 00000000 ____D () C:\Program Files (x86)\McAfee.com
2014-04-09 14:45 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2014-04-08 21:20 - 2014-04-16 13:57 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf539a45b81a1d.job
2014-04-08 21:20 - 2014-04-08 21:20 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cf539a45b81a1d
2014-04-08 21:15 - 2014-04-15 21:25 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-08 21:15 - 2014-04-08 21:26 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-08 21:15 - 2014-04-08 21:20 - 00003646 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-04-08 21:15 - 2014-04-08 21:15 - 00000000 ____D () C:\ProgramData\Google
2014-04-08 21:15 - 2014-04-08 21:15 - 00000000 ____D () C:\Program Files\Google
2014-04-08 21:14 - 2014-04-08 21:15 - 00000000 ____D () C:\Users\Rachelle\AppData\Local\Adobe
2014-04-08 03:01 - 2014-04-08 03:01 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-04-07 15:40 - 2014-04-09 15:32 - 04139872 _____ (Kaspersky Lab ZAO) C:\Users\Rachelle\Desktop\TDSSKiller.exe
2014-04-07 10:57 - 2014-04-07 10:58 - 00000306 _____ () C:\ProgramData\hpzinstall.log
2014-04-07 10:57 - 2014-04-07 10:57 - 00000000 ____D () C:\ProgramData\VirtualizedApplications
2014-04-07 10:57 - 2014-04-07 10:57 - 00000000 ____D () C:\ProgramData\HP
2014-04-07 08:52 - 2014-04-07 08:52 - 00000000 __RHD () C:\MSOCache
2014-04-07 08:47 - 2014-04-14 03:12 - 00000000 ____D () C:\Users\Rachelle\AppData\Roaming\SoftGrid Client
2014-04-07 08:47 - 2014-04-07 08:47 - 00000000 ____D () C:\Users\Rachelle\AppData\Local\SoftGrid Client
2014-04-07 08:46 - 2014-04-08 03:02 - 00000000 ____D () C:\Program Files (x86)\Microsoft Application Virtualization Client
2014-04-07 08:46 - 2014-04-07 08:47 - 00000000 ____D () C:\Users\Rachelle\AppData\Roaming\TP
2014-04-07 08:46 - 2014-04-07 08:46 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-04-07 07:44 - 2014-04-16 04:02 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-07 07:44 - 2014-04-09 15:19 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-07 07:44 - 2014-04-09 15:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-07 07:44 - 2014-04-07 07:44 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-07 07:44 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-07 07:44 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-07 07:44 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-04-06 12:50 - 2014-04-16 09:17 - 00000088 _____ () C:\Windows\system32\cgnqdp.rih
2014-04-06 12:40 - 2014-04-06 12:40 - 00000064 _____ () C:\Windows\system32\rvomn.hlk
2014-04-06 12:40 - 2014-04-06 12:40 - 00000000 _____ () C:\Windows\system32\thyp.eay
2014-04-06 12:24 - 2014-04-06 12:24 - 00305834 ____S () C:\Windows\system32\efqkqik.ckr
2014-04-05 14:26 - 2012-02-11 01:36 - 00559104 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2014-04-05 14:26 - 2012-02-11 01:36 - 00067072 _____ (Microsoft Corporation) C:\Windows\splwow64.exe
2014-04-05 03:33 - 2013-05-10 00:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-04-05 03:33 - 2013-05-10 00:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-04-05 03:33 - 2013-05-09 23:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-04-05 03:33 - 2013-05-09 23:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-04-05 03:05 - 2012-07-25 22:08 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2014-04-05 03:05 - 2012-07-25 22:08 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2014-04-05 03:05 - 2012-07-25 22:08 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2014-04-05 03:05 - 2012-07-25 22:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2014-04-05 03:05 - 2012-07-25 22:08 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2014-04-05 03:05 - 2012-07-25 21:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2014-04-05 03:05 - 2012-07-25 21:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2014-04-05 03:05 - 2012-06-02 09:57 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2014-04-05 03:04 - 2013-12-21 04:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-05 03:04 - 2013-12-21 03:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-04 16:13 - 2014-04-04 16:13 - 00001353 _____ () C:\Users\Public\Desktop\GeForce Experience.lnk
2014-04-04 16:13 - 2014-04-04 16:13 - 00000000 ____D () C:\Users\Rachelle\AppData\Local\NVIDIA Corporation
2014-04-04 16:13 - 2014-01-20 21:54 - 01179576 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-04-04 16:13 - 2014-01-20 21:54 - 01048152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-04-04 16:13 - 2013-12-27 13:42 - 00039200 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-04-04 16:13 - 2013-12-27 13:42 - 00035104 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2014-04-04 16:13 - 2013-12-27 13:42 - 00033056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-04-04 16:13 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2014-04-04 16:13 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2014-04-04 16:13 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2014-04-04 16:13 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2014-04-04 16:13 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2014-04-04 16:13 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2014-04-04 15:43 - 2014-03-01 01:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-04 15:43 - 2014-03-01 00:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-04 15:43 - 2014-03-01 00:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-04 15:43 - 2014-02-28 23:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-04 15:43 - 2014-02-28 23:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-04 15:43 - 2014-02-28 23:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-04 15:43 - 2014-02-28 23:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-04 15:43 - 2014-02-28 23:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-04 15:43 - 2014-02-28 23:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-04 15:43 - 2014-02-28 23:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-04 15:43 - 2014-02-28 23:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-04 15:43 - 2014-02-28 23:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-04 15:43 - 2014-02-28 23:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-04 15:43 - 2014-02-28 23:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-04 15:43 - 2014-02-28 23:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-04 15:43 - 2014-02-28 23:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-04 15:43 - 2014-02-28 23:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-04 15:43 - 2014-02-28 22:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-04 15:43 - 2014-02-28 22:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-04 15:43 - 2014-02-28 22:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-04 15:43 - 2014-02-28 22:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-04 15:43 - 2014-02-28 22:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-04 15:43 - 2014-02-28 22:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-04 15:43 - 2014-02-28 22:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-04 15:43 - 2014-02-28 22:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-04 15:43 - 2014-02-28 22:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-04 15:43 - 2014-02-28 22:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-04 15:43 - 2014-02-28 22:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-04 15:43 - 2014-02-28 22:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-04 15:43 - 2014-02-28 22:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-04 15:43 - 2014-02-28 22:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-04 15:43 - 2014-02-28 22:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-04 15:43 - 2014-02-28 22:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-04 15:43 - 2014-02-28 22:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-04 15:43 - 2014-02-28 21:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-04 15:43 - 2014-02-28 21:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-04 15:43 - 2014-02-28 21:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-04 15:43 - 2014-02-28 21:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-04 15:43 - 2014-02-28 21:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-04 15:43 - 2014-02-28 21:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-04 15:43 - 2013-12-24 18:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-04-04 15:43 - 2013-12-24 17:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-04-04 15:43 - 2013-11-26 03:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-04-04 15:43 - 2013-11-23 13:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-04-04 15:43 - 2013-11-23 12:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-04-04 15:43 - 2013-11-22 17:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-04-04 15:42 - 2014-02-03 21:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-04-04 15:42 - 2014-02-03 21:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-04-04 11:28 - 2014-01-27 21:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-04-04 11:28 - 2013-10-29 21:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2014-04-04 11:28 - 2013-10-29 21:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2014-04-04 11:28 - 2013-07-09 00:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-04-04 11:28 - 2013-07-08 23:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-04-04 11:28 - 2013-07-04 07:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2014-04-04 11:28 - 2013-07-04 06:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2014-04-04 11:28 - 2013-03-19 00:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2014-04-04 11:28 - 2013-02-15 01:08 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-04-04 11:28 - 2013-02-15 01:06 - 03717632 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-04-04 11:28 - 2013-02-15 01:02 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-04-04 11:28 - 2013-02-14 23:37 - 03217408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-04-04 11:28 - 2013-02-14 23:34 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-04-04 11:28 - 2013-02-14 22:25 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-04-04 11:28 - 2012-10-09 13:17 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2014-04-04 11:28 - 2012-10-09 13:17 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2014-04-04 11:28 - 2012-10-09 12:40 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2014-04-04 11:28 - 2012-10-09 12:40 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2014-04-04 11:27 - 2014-01-28 21:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-04-04 11:27 - 2014-01-28 21:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-04-04 11:27 - 2013-12-31 18:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-04-04 11:27 - 2013-12-31 18:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-04-04 11:27 - 2013-12-05 21:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-04-04 11:27 - 2013-12-05 21:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-04-04 11:27 - 2013-12-05 21:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-04-04 11:27 - 2013-12-05 21:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-04-04 11:27 - 2013-11-11 21:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-04-04 11:27 - 2013-11-11 21:07 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-04-04 11:27 - 2013-10-18 21:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-04-04 11:27 - 2013-10-18 20:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2014-04-04 11:27 - 2013-10-05 15:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-04-04 11:27 - 2013-10-05 14:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-04-04 11:27 - 2013-07-09 00:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-04-04 11:27 - 2013-07-09 00:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2014-04-04 11:27 - 2013-07-08 23:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-04-04 11:27 - 2013-07-08 23:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2014-04-04 11:27 - 2013-04-12 09:45 - 01656680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-04 11:27 - 2013-02-27 01:02 - 00111448 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-04-04 11:27 - 2013-02-27 00:47 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-04-04 11:26 - 2014-02-06 20:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-04-04 11:26 - 2013-12-03 21:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-04-04 11:26 - 2013-12-03 21:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-04-04 11:26 - 2013-12-03 21:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-04-04 11:26 - 2013-12-03 21:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-04-04 11:26 - 2013-12-03 21:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-04-04 11:26 - 2013-12-03 21:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-04-04 11:26 - 2013-12-03 21:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-04-04 11:26 - 2013-12-03 21:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-04-04 11:26 - 2013-12-03 21:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-04-04 11:26 - 2013-12-03 21:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-04-04 11:26 - 2013-12-03 21:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-04-04 11:26 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-04-04 11:26 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-04-04 11:26 - 2013-12-03 21:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-04-04 11:26 - 2013-12-03 20:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-04-04 11:26 - 2013-12-03 20:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-04-04 11:26 - 2013-12-03 20:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-04-04 11:26 - 2013-12-03 20:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-04-04 11:26 - 2013-11-26 20:42 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-04-04 11:26 - 2013-11-26 20:42 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-04-04 11:26 - 2013-11-26 20:42 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-04-04 11:26 - 2013-11-26 20:42 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-04-04 11:26 - 2013-11-26 20:42 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-04-04 11:26 - 2013-11-26 20:42 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-04-04 11:26 - 2013-11-26 20:42 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-04-04 11:26 - 2013-10-03 21:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2014-04-04 11:26 - 2013-10-03 21:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2014-04-04 11:26 - 2013-10-03 21:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-04-04 11:26 - 2013-10-03 21:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2014-04-04 11:26 - 2013-10-03 20:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2014-04-04 11:26 - 2013-10-03 20:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-04-04 11:26 - 2013-10-03 20:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2014-04-04 11:26 - 2013-10-03 20:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-04-04 11:26 - 2013-09-27 20:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-04-04 11:26 - 2013-09-24 21:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-04-04 11:26 - 2013-09-24 21:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-04-04 11:26 - 2013-09-24 21:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-04-04 11:26 - 2013-09-24 21:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-04-04 11:26 - 2013-09-24 21:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-04-04 11:26 - 2013-09-24 21:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-04-04 11:26 - 2013-09-24 21:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-04-04 11:26 - 2013-09-24 21:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-04-04 11:26 - 2013-09-24 20:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-04-04 11:26 - 2013-09-24 20:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-04-04 11:26 - 2013-09-24 20:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-04-04 11:26 - 2013-09-24 20:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-04-04 11:26 - 2013-09-24 20:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-04-04 11:26 - 2013-08-04 21:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2014-04-04 11:26 - 2013-08-01 21:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2014-04-04 11:26 - 2013-08-01 21:13 - 01161216 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-04 11:26 - 2013-08-01 21:13 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-04-04 11:26 - 2013-08-01 21:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2014-04-04 11:26 - 2013-08-01 21:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2014-04-04 11:26 - 2013-08-01 21:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2014-04-04 11:26 - 2013-08-01 21:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2014-04-04 11:26 - 2013-08-01 21:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2014-04-04 11:26 - 2013-08-01 21:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2014-04-04 11:26 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2014-04-04 11:26 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2014-04-04 11:26 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2014-04-04 11:26 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2014-04-04 11:26 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-04-04 11:26 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2014-04-04 11:26 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2014-04-04 11:26 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2014-04-04 11:26 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2014-04-04 11:26 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2014-04-04 11:26 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2014-04-04 11:26 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2014-04-04 11:26 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2014-04-04 11:26 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2014-04-04 11:26 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2014-04-04 11:26 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2014-04-04 11:26 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2014-04-04 11:26 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2014-04-04 11:26 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2014-04-04 11:26 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2014-04-04 11:26 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2014-04-04 11:26 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2014-04-04 11:26 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2014-04-04 11:26 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2014-04-04 11:26 - 2013-08-01 20:50 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-04 11:26 - 2013-08-01 20:50 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-04-04 11:26 - 2013-08-01 20:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2014-04-04 11:26 - 2013-08-01 20:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2014-04-04 11:26 - 2013-08-01 20:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2014-04-04 11:26 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2014-04-04 11:26 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2014-04-04 11:26 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2014-04-04 11:26 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2014-04-04 11:26 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2014-04-04 11:26 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2014-04-04 11:26 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2014-04-04 11:26 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2014-04-04 11:26 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2014-04-04 11:26 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2014-04-04 11:26 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2014-04-04 11:26 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2014-04-04 11:26 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-04-04 11:26 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2014-04-04 11:26 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2014-04-04 11:26 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2014-04-04 11:26 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2014-04-04 11:26 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2014-04-04 11:26 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2014-04-04 11:26 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2014-04-04 11:26 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2014-04-04 11:26 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2014-04-04 11:26 - 2013-08-01 20:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2014-04-04 11:26 - 2013-08-01 19:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2014-04-04 11:26 - 2013-08-01 19:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2014-04-04 11:26 - 2013-08-01 19:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2014-04-04 11:26 - 2013-08-01 19:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2014-04-04 11:26 - 2013-08-01 19:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2014-04-04 11:26 - 2013-07-25 04:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2014-04-04 11:26 - 2013-07-25 03:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2014-04-04 11:26 - 2013-07-04 07:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-04-04 11:26 - 2013-06-06 00:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2014-04-04 11:26 - 2013-06-06 00:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2014-04-04 11:26 - 2013-06-06 00:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2014-04-04 11:26 - 2013-06-06 00:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2014-04-04 11:26 - 2013-06-05 23:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2014-04-04 11:26 - 2013-06-05 23:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2014-04-04 11:26 - 2013-06-05 23:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2014-04-04 11:26 - 2013-06-05 22:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2014-04-04 11:26 - 2013-06-05 22:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2014-04-04 11:26 - 2013-06-05 22:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2014-04-04 11:26 - 2012-08-22 13:12 - 00950128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2014-04-04 11:26 - 2012-07-04 15:26 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys
2014-04-04 11:25 - 2013-07-12 05:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2014-04-04 11:25 - 2013-07-12 05:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2014-04-04 11:25 - 2013-07-12 05:40 - 00109824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2014-04-04 11:25 - 2013-07-09 00:51 - 01217024 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-04-04 11:25 - 2013-07-08 23:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-04-04 11:25 - 2013-07-04 07:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-04-04 11:25 - 2013-07-04 07:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2014-04-04 11:25 - 2013-07-04 06:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2014-04-04 11:25 - 2013-07-04 06:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2014-04-04 11:25 - 2013-07-04 05:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2014-04-04 11:25 - 2013-07-02 23:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2014-04-04 11:25 - 2013-07-02 23:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2014-04-04 11:25 - 2013-06-25 17:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2014-04-04 11:25 - 2013-02-11 23:12 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2014-04-04 11:25 - 2012-11-28 17:56 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2014-04-04 11:25 - 2012-11-28 17:56 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2014-04-04 11:25 - 2012-11-28 17:56 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2014-04-04 11:25 - 2012-11-02 00:59 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2014-04-04 11:25 - 2012-11-02 00:11 - 00376832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2014-04-04 11:25 - 2012-11-01 00:43 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-04-04 11:25 - 2012-10-31 23:47 - 01389568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-04-04 11:25 - 2012-10-03 12:44 - 00303104 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2014-04-04 11:25 - 2012-10-03 12:44 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll
2014-04-04 11:25 - 2012-10-03 12:44 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2014-04-04 11:25 - 2012-10-03 12:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2014-04-04 11:25 - 2012-10-03 12:44 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2014-04-04 11:25 - 2012-10-03 12:42 - 00569344 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2014-04-04 11:25 - 2012-10-03 11:42 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2014-04-04 11:25 - 2012-10-03 11:42 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2014-04-04 11:25 - 2012-10-03 11:42 - 00018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2014-04-04 11:25 - 2012-10-03 11:07 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2014-04-04 11:25 - 2012-08-21 16:01 - 00245760 _____ (Microsoft Corporation) C:\Windows\system32\OxpsConverter.exe
2014-04-04 11:25 - 2012-05-01 00:40 - 00209920 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2014-04-04 11:25 - 2012-04-26 00:41 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-04-04 11:25 - 2012-04-26 00:41 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\rdpwsx.dll
2014-04-04 11:25 - 2012-04-26 00:34 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\rdrmemptylst.exe
2014-04-04 11:25 - 2012-01-13 02:12 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2014-04-04 11:24 - 2013-06-14 23:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-04-04 11:24 - 2012-12-07 08:20 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2014-04-04 11:24 - 2012-12-07 08:15 - 02746368 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2014-04-04 11:24 - 2012-12-07 07:26 - 00308736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2014-04-04 11:24 - 2012-12-07 07:20 - 02576384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
2014-04-04 11:24 - 2012-12-07 06:20 - 00045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs
2014-04-04 11:24 - 2012-12-07 06:20 - 00044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs
2014-04-04 11:24 - 2012-12-07 06:20 - 00043520 _____ (Microsoft) C:\Windows\system32\csrr.rs
2014-04-04 11:24 - 2012-12-07 06:20 - 00030720 _____ (Microsoft) C:\Windows\system32\usk.rs
2014-04-04 11:24 - 2012-12-07 06:20 - 00023552 _____ (Microsoft) C:\Windows\system32\oflc.rs
2014-04-04 11:24 - 2012-12-07 06:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs
2014-04-04 11:24 - 2012-12-07 06:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs
2014-04-04 11:24 - 2012-12-07 06:19 - 00055296 _____ (Microsoft) C:\Windows\system32\cero.rs
2014-04-04 11:24 - 2012-12-07 06:19 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs
2014-04-04 11:24 - 2012-12-07 06:19 - 00046592 _____ (Microsoft) C:\Windows\system32\fpb.rs
2014-04-04 11:24 - 2012-12-07 06:19 - 00040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs
2014-04-04 11:24 - 2012-12-07 06:19 - 00021504 _____ (Microsoft) C:\Windows\system32\grb.rs
2014-04-04 11:24 - 2012-12-07 06:19 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi.rs
2014-04-04 11:24 - 2012-12-07 06:19 - 00015360 _____ (Microsoft) C:\Windows\system32\djctq.rs
2014-04-04 11:24 - 2012-12-07 05:46 - 00055296 _____ (Microsoft) C:\Windows\SysWOW64\cero.rs
2014-04-04 11:24 - 2012-12-07 05:46 - 00051712 _____ (Microsoft) C:\Windows\SysWOW64\esrb.rs
2014-04-04 11:24 - 2012-12-07 05:46 - 00046592 _____ (Microsoft) C:\Windows\SysWOW64\fpb.rs
2014-04-04 11:24 - 2012-12-07 05:46 - 00045568 _____ (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs
2014-04-04 11:24 - 2012-12-07 05:46 - 00044544 _____ (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs
2014-04-04 11:24 - 2012-12-07 05:46 - 00043520 _____ (Microsoft) C:\Windows\SysWOW64\csrr.rs
2014-04-04 11:24 - 2012-12-07 05:46 - 00040960 _____ (Microsoft) C:\Windows\SysWOW64\cob-au.rs
2014-04-04 11:24 - 2012-12-07 05:46 - 00030720 _____ (Microsoft) C:\Windows\SysWOW64\usk.rs
2014-04-04 11:24 - 2012-12-07 05:46 - 00023552 _____ (Microsoft) C:\Windows\SysWOW64\oflc.rs
2014-04-04 11:24 - 2012-12-07 05:46 - 00021504 _____ (Microsoft) C:\Windows\SysWOW64\grb.rs
2014-04-04 11:24 - 2012-12-07 05:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs
2014-04-04 11:24 - 2012-12-07 05:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs
2014-04-04 11:24 - 2012-12-07 05:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi.rs
2014-04-04 11:24 - 2012-12-07 05:46 - 00015360 _____ (Microsoft) C:\Windows\SysWOW64\djctq.rs
2014-04-04 11:24 - 2012-11-22 00:44 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-04-04 11:24 - 2012-11-21 23:45 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-04-04 11:24 - 2012-04-27 22:55 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-04-04 11:23 - 2014-02-03 21:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-04-04 11:23 - 2014-02-03 21:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-04-04 11:23 - 2013-11-26 06:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-04-04 11:23 - 2013-10-02 21:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-04-04 11:23 - 2013-10-02 21:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-04-04 11:23 - 2013-07-25 21:24 - 14172672 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-04-04 11:23 - 2013-07-25 21:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2014-04-04 11:23 - 2013-07-25 20:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-04-04 11:23 - 2013-07-25 20:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2014-04-04 11:23 - 2013-07-20 05:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-04-04 11:23 - 2013-07-20 05:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-04-04 11:23 - 2013-05-13 00:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2014-04-04 11:23 - 2013-05-12 22:43 - 01192448 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2014-04-04 11:23 - 2013-05-12 22:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2014-04-04 11:23 - 2013-05-12 22:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2014-04-04 11:23 - 2013-05-10 00:49 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2014-04-04 11:23 - 2013-05-09 22:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2014-04-04 11:23 - 2013-04-26 00:51 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-04-04 11:23 - 2013-04-25 23:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2014-04-04 11:23 - 2013-01-24 01:01 - 00223752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2014-04-04 11:23 - 2012-09-25 17:47 - 00078336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2014-04-04 11:23 - 2012-09-25 17:46 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll
2014-04-04 11:23 - 2012-08-10 19:56 - 00715776 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-04-04 11:23 - 2012-08-10 18:56 - 00542208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-04-04 11:23 - 2012-07-06 15:07 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2014-04-04 11:23 - 2012-07-04 17:16 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll
2014-04-04 11:23 - 2012-07-04 17:13 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\browser.dll
2014-04-04 11:23 - 2012-07-04 17:13 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\browcli.dll
2014-04-04 11:23 - 2012-07-04 16:16 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2014-04-04 11:23 - 2012-07-04 16:14 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2014-04-04 11:23 - 2012-05-05 03:36 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-04-04 11:23 - 2012-05-05 02:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-04-04 11:23 - 2012-04-07 07:31 - 03216384 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-04-04 11:23 - 2012-04-07 06:26 - 02342400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-04-04 11:22 - 2013-10-11 21:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-04-04 11:22 - 2013-10-11 21:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-04-04 11:22 - 2013-10-11 21:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2014-04-04 11:22 - 2013-10-11 21:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-04-04 11:22 - 2013-10-11 21:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2014-04-04 11:22 - 2013-10-11 21:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2014-04-04 11:22 - 2013-10-11 21:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2014-04-04 11:22 - 2013-10-11 21:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2014-04-04 11:22 - 2013-10-11 21:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2014-04-04 11:22 - 2013-10-11 20:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-04-04 11:22 - 2013-10-11 20:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-04-04 11:22 - 2013-10-11 20:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2014-04-04 11:22 - 2013-10-11 20:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2014-04-04 11:22 - 2013-08-27 20:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2014-04-04 11:22 - 2013-08-01 07:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-04-04 11:22 - 2013-04-10 01:01 - 00265064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2014-04-04 11:22 - 2013-04-09 18:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2014-04-04 11:22 - 2013-04-02 17:51 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-04-04 11:22 - 2012-06-06 01:02 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2014-04-04 11:22 - 2012-06-06 00:03 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2014-04-04 11:22 - 2012-05-14 00:26 - 00956928 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-04-04 11:22 - 2011-02-22 23:55 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2014-04-04 11:22 - 2011-02-03 06:25 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-04-03 21:46 - 2014-04-03 19:06 - 00000000 ____D () C:\Emergency
2014-04-03 21:39 - 2014-04-03 21:39 - 00000000 ____D () C:\Windows\SMINST
2014-04-03 20:59 - 2014-04-03 20:59 - 00001146 _____ () C:\Users\Public\Desktop\Diablo III.lnk
2014-04-03 20:56 - 2014-04-10 23:41 - 00000000 ____D () C:\Users\Rachelle\AppData\Local\Battle.net
2014-04-03 20:56 - 2014-04-10 16:18 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-04-03 20:56 - 2014-04-06 16:33 - 00000000 ____D () C:\Users\Rachelle\AppData\Roaming\Battle.net
2014-04-03 20:56 - 2014-04-03 20:56 - 00001152 _____ () C:\Users\Public\Desktop\Battle.net.lnk
2014-04-03 20:56 - 2014-04-03 20:56 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-04-03 20:51 - 2014-04-03 20:52 - 00000000 ____D () C:\ProgramData\Battle.net
2014-04-03 20:10 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2014-04-03 20:09 - 2014-04-03 20:09 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-04-03 20:09 - 2014-04-03 20:09 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-04-03 20:09 - 2014-04-03 20:09 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-04-03 20:09 - 2014-04-03 20:09 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-04-03 20:09 - 2014-04-03 20:09 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-04-03 20:09 - 2014-04-03 20:09 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-04-03 20:09 - 2014-04-03 20:09 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-04-03 20:09 - 2014-04-03 20:09 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-04-03 20:09 - 2014-04-03 20:09 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00288088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-04-03 20:09 - 2014-04-03 20:09 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-04-03 20:09 - 2014-04-03 20:09 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-04-03 20:09 - 2014-04-03 20:09 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-04-03 20:09 - 2014-04-03 20:09 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-04-03 20:09 - 2014-04-03 20:09 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-04-03 20:09 - 2014-04-03 20:09 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-04-03 20:09 - 2014-04-03 20:09 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-04-03 20:09 - 2014-04-03 20:09 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-04-03 20:09 - 2014-04-03 20:09 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-04-03 20:09 - 2014-04-03 20:09 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-04-03 20:09 - 2014-04-03 20:09 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-03 20:09 - 2014-04-03 20:09 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-04-03 20:09 - 2014-04-03 20:09 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-04-03 20:09 - 2014-04-03 20:09 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-04-03 20:09 - 2014-04-03 20:09 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-04-03 20:09 - 2014-04-03 20:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-03 20:09 - 2014-04-03 20:09 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-03 20:08 - 2014-04-03 20:08 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-04-03 20:08 - 2014-04-03 20:08 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-04-03 20:08 - 2014-04-03 20:08 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2014-04-03 20:08 - 2014-04-03 20:08 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2014-04-03 20:08 - 2014-04-03 20:08 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2014-04-03 20:08 - 2014-04-03 20:08 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2014-04-03 20:08 - 2014-04-03 20:08 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2014-04-03 20:08 - 2014-04-03 20:08 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2014-04-03 20:08 - 2014-04-03 20:08 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2014-04-03 20:08 - 2014-04-03 20:08 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-04-03 20:08 - 2014-04-03 20:08 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-04-03 20:08 - 2014-04-03 20:08 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2014-04-03 20:08 - 2014-04-03 20:08 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2014-04-03 20:08 - 2014-04-03 20:08 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2014-04-03 20:08 - 2014-04-03 20:08 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2014-04-03 20:08 - 2014-04-03 20:08 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2014-04-03 20:08 - 2014-04-03 20:08 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2014-04-03 20:08 - 2014-04-03 20:08 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2014-04-03 20:08 - 2014-04-03 20:08 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2014-04-03 20:08 - 2014-04-03 20:08 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2014-04-03 20:08 - 2014-04-03 20:08 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2014-04-03 20:08 - 2014-04-03 20:08 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2014-04-03 20:08 - 2014-04-03 20:08 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2014-04-03 20:08 - 2014-04-03 20:08 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2014-04-03 20:08 - 2014-04-03 20:08 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-04-03 20:08 - 2014-04-03 20:08 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-04-03 20:08 - 2014-04-03 20:08 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-04-03 20:08 - 2014-04-03 20:08 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-04-03 20:08 - 2014-04-03 20:08 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-04-03 20:08 - 2014-04-03 20:08 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-04-03 20:08 - 2014-04-03 20:08 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-04-03 20:08 - 2014-04-03 20:08 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-04-03 20:08 - 2014-04-03 20:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2014-04-03 20:08 - 2014-04-03 20:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-04-03 20:08 - 2014-04-03 20:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-04-03 20:08 - 2014-04-03 20:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-04-03 20:08 - 2014-04-03 20:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2014-04-03 20:08 - 2014-04-03 20:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-04-03 20:08 - 2014-04-03 20:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-04-03 20:08 - 2014-04-03 20:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-04-03 20:08 - 2014-04-03 20:08 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-04-03 20:08 - 2014-04-03 20:08 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-04-03 20:07 - 2014-04-03 20:07 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2014-04-03 20:07 - 2014-04-03 20:07 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2014-04-03 20:06 - 2014-04-03 20:10 - 00010972 _____ () C:\Windows\IE11_main.log
2014-04-03 20:06 - 2014-04-03 20:06 - 02077392 _____ (Microsoft Corporation) C:\Users\Rachelle\Downloads\IE11-Windows6.1.exe
2014-04-03 19:44 - 2014-04-03 19:58 - 00000000 ____D () C:\Windows\SystemRepair
2014-04-03 19:43 - 2014-04-03 19:43 - 00003672 _____ () C:\Windows\System32\Tasks\MainUIModule_AOL_Computer Checkup_{BDA49F87-1626-484F-AB5B-41EA29B28AD7}
2014-04-03 19:43 - 2014-04-03 19:43 - 00002274 _____ () C:\Users\Public\Desktop\AOL Computer Checkup.lnk
2014-04-03 19:43 - 2014-04-03 19:43 - 00000000 ____D () C:\Users\Rachelle\AppData\Roaming\AOL
2014-04-03 19:43 - 2014-04-03 19:43 - 00000000 ____D () C:\ProgramData\AOL Computer Checkup
2014-04-03 19:42 - 2014-04-03 19:42 - 00768288 _____ (AOL) C:\Users\Rachelle\Downloads\AOLComputerCheckupDM.exe
2014-04-03 19:26 - 2014-04-15 09:20 - 00000000 ____D () C:\Users\Rachelle\AppData\Roaming\Skype
2014-04-03 19:26 - 2014-04-11 08:48 - 00000000 ____D () C:\Users\Rachelle\Documents\work
2014-04-03 19:26 - 2014-04-03 19:26 - 00000000 ____D () C:\Users\Rachelle\Dropbox
2014-04-03 19:26 - 2014-04-03 19:26 - 00000000 ____D () C:\Users\Rachelle\Documents\My Scans
2014-04-03 19:26 - 2014-04-03 19:26 - 00000000 ____D () C:\Users\Rachelle\Documents\Fax
2014-04-03 19:26 - 2014-04-03 19:26 - 00000000 ____D () C:\Users\Rachelle\Documents\Diablo III
2014-04-03 19:26 - 2014-04-03 19:26 - 00000000 ____D () C:\Users\Rachelle\Documents\CyberLink
2014-04-03 19:26 - 2014-04-03 19:26 - 00000000 ____D () C:\Users\Rachelle\Desktop\Work
2014-04-03 19:26 - 2014-04-03 19:26 - 00000000 ____D () C:\Users\Rachelle\Desktop\School
2014-04-03 19:26 - 2014-04-03 19:26 - 00000000 ____D () C:\Users\Rachelle\Desktop\photos
2014-04-03 19:26 - 2014-04-03 19:26 - 00000000 ____D () C:\Users\Rachelle\Desktop\Financial
2014-04-03 19:26 - 2014-04-03 19:26 - 00000000 ____D () C:\Users\Rachelle\Desktop\Computer
2014-04-03 19:26 - 2014-04-03 19:26 - 00000000 ____D () C:\Users\Rachelle\AppData\Roaming\Real
2014-04-03 19:26 - 2014-04-03 19:26 - 00000000 ____D () C:\Users\Rachelle\AppData\Roaming\Oberon Media
2014-04-03 19:26 - 2014-04-03 19:26 - 00000000 ____D () C:\Users\Rachelle\AppData\Roaming\NVIDIA
2014-04-03 19:26 - 2014-04-03 19:26 - 00000000 ____D () C:\Users\Rachelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-04-03 19:26 - 2014-04-03 19:26 - 00000000 ____D () C:\Users\Rachelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse
2014-04-03 19:26 - 2014-04-03 19:26 - 00000000 ____D () C:\Users\Rachelle\AppData\Roaming\Meridian93
2014-04-03 19:26 - 2014-04-03 19:26 - 00000000 ____D () C:\Users\Rachelle\AppData\Roaming\Malwarebytes
2014-04-03 19:26 - 2014-04-03 19:26 - 00000000 ____D () C:\Users\Rachelle\AppData\Roaming\HP
2014-04-03 19:26 - 2014-04-03 19:26 - 00000000 ____D () C:\Users\Rachelle\AppData\Roaming\Dropbox
2014-04-03 19:26 - 2014-04-03 19:26 - 00000000 ____D () C:\Users\Rachelle\AppData\Roaming\CyberLink
2014-04-03 19:26 - 2014-04-03 19:26 - 00000000 ____D () C:\Users\Rachelle\AppData\Local\Skype
2014-04-03 19:25 - 2014-04-08 21:15 - 00000000 ____D () C:\Users\Rachelle\AppData\Local\Google
2014-04-03 19:25 - 2014-04-04 16:14 - 00000000 ____D () C:\Users\Rachelle\AppData\Local\NVIDIA
2014-04-03 19:25 - 2014-04-03 19:25 - 00000000 ____D () C:\Users\Rachelle\AppData\Local\Oberon Games
2014-04-03 19:25 - 2014-04-03 19:25 - 00000000 ____D () C:\Users\Rachelle\AppData\Local\LogiShrd
2014-04-03 19:25 - 2014-04-03 19:25 - 00000000 ____D () C:\Users\Rachelle\AppData\Local\Cyberlink
2014-04-03 19:25 - 2014-04-03 19:25 - 00000000 ____D () C:\Users\Rachelle\AppData\Local\Blizzard Entertainment
2014-04-03 19:25 - 2014-04-03 19:25 - 00000000 ____D () C:\Users\Rachelle\AppData\Local\Blizzard
2014-04-03 19:25 - 2014-04-03 19:25 - 00000000 ____D () C:\Users\Public\Documents\CyberLink
2014-04-03 19:25 - 2014-04-03 19:25 - 00000000 ____D () C:\Program Files\Ventrilo
2014-04-03 19:25 - 2014-04-03 19:25 - 00000000 ____D () C:\Program Files\Microsoft Sync Framework
2014-04-03 19:25 - 2014-04-03 19:25 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-04-03 19:25 - 2014-04-03 19:25 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-04-03 19:25 - 2014-04-03 19:25 - 00000000 ____D () C:\Program Files (x86)\YNAB 4
2014-04-03 19:24 - 2014-04-09 14:50 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2014-04-03 19:24 - 2014-04-08 21:15 - 00000000 ____D () C:\Program Files (x86)\Google
2014-04-03 19:24 - 2014-04-05 03:45 - 00000000 ____D () C:\Program Files (x86)\AOL Computer Checkup
2014-04-03 19:24 - 2014-04-03 19:25 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2014-04-03 19:24 - 2014-04-03 19:24 - 00000000 ____D () C:\Program Files (x86)\Rhapsody
2014-04-03 19:24 - 2014-04-03 19:24 - 00000000 ____D () C:\Program Files (x86)\Oberon Media SIDR
2014-04-03 19:24 - 2014-04-03 19:24 - 00000000 ____D () C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2014-04-03 19:24 - 2014-04-03 19:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-04-03 19:24 - 2014-04-03 19:24 - 00000000 ____D () C:\Program Files (x86)\Logitech
2014-04-03 19:24 - 2014-04-03 19:24 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-03 19:24 - 2014-04-03 19:24 - 00000000 ____D () C:\Program Files (x86)\HP
2014-04-03 19:24 - 2014-04-03 19:24 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-04-03 19:24 - 2014-04-03 19:24 - 00000000 ____D () C:\Program Files (x86)\DivX
2014-04-03 19:24 - 2014-04-03 19:24 - 00000000 ____D () C:\Program Files (x86)\Citrix
2014-04-03 19:23 - 2014-04-03 19:23 - 00000000 ____D () C:\NVIDIA
2014-04-03 19:20 - 2014-04-03 19:20 - 00000211 _____ () C:\Users\Public\Desktop\My Identity Protection.url
2014-04-03 19:20 - 2014-04-03 19:20 - 00000000 ____D () C:\TrustedID IDMonitor Identity Protection
2014-04-03 19:18 - 2014-04-03 19:24 - 00000000 ____D () C:\Program Files (x86)\Dell Digital Delivery
2014-04-03 19:14 - 2014-04-03 19:14 - 00000000 ____D () C:\Users\Rachelle\AppData\Roaming\Macromedia
2014-04-03 19:14 - 2014-04-03 19:14 - 00000000 ____D () C:\Users\Rachelle\AppData\Roaming\Adobe
2014-04-03 19:12 - 2014-04-03 19:12 - 00000000 ____D () C:\Users\Rachelle\AppData\Roaming\Intel Corporation
2014-04-03 19:11 - 2014-04-06 15:46 - 00000000 ____D () C:\Users\Rachelle\Documents\Bluetooth Folder
2014-04-03 19:11 - 2014-04-05 09:53 - 00000000 ___RD () C:\Users\Rachelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-03 19:11 - 2014-04-05 09:53 - 00000000 ___RD () C:\Users\Rachelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-03 19:11 - 2014-04-03 20:15 - 00001419 _____ () C:\Users\Rachelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-03 19:11 - 2014-04-03 19:57 - 00000000 ____D () C:\Users\Rachelle\AppData\Local\VirtualStore
2014-04-03 19:11 - 2014-04-03 19:37 - 00004631 _____ () C:\Windows\system32\lvcoinst.log
2014-04-03 19:11 - 2014-04-03 19:11 - 00000000 ____D () C:\Users\Rachelle\AppData\Roaming\Atheros
2014-04-03 19:11 - 2014-04-03 19:11 - 00000000 ____D () C:\Users\Rachelle\AppData\Local\BMExplorer
2014-04-03 19:11 - 2014-04-03 19:11 - 00000000 ____D () C:\Program Files\Common Files\logishrd
2014-04-03 19:07 - 2014-04-09 17:41 - 00000000 ____D () C:\Users\Rachelle
2014-04-03 19:07 - 2014-04-05 10:40 - 00058016 _____ () C:\Users\Rachelle\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-03 19:07 - 2014-04-03 19:07 - 00000020 ___SH () C:\Users\Rachelle\ntuser.ini
2014-04-03 19:07 - 2014-04-03 19:07 - 00000000 ____D () C:\Users\Rachelle\AppData\Local\SoftThinks
2014-04-03 19:07 - 2012-06-02 17:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-04-03 19:07 - 2012-06-02 17:19 - 00701976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-04-03 19:07 - 2012-06-02 17:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-04-03 19:07 - 2012-06-02 17:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-04-03 19:07 - 2012-06-02 17:19 - 00038424 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-04-03 19:07 - 2012-06-02 17:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-04-03 19:07 - 2012-06-02 17:15 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-04-03 19:07 - 2012-06-02 15:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-04-03 19:07 - 2012-06-02 15:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-04-03 19:07 - 2009-07-13 23:54 - 00000000 ___RD () C:\Users\Rachelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-04-03 19:07 - 2009-07-13 23:49 - 00000000 ___RD () C:\Users\Rachelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
==================== One Month Modified Files and Folders =======
2014-04-16 13:58 - 2014-04-16 13:58 - 02158592 _____ (Farbar) C:\Users\Rachelle\Desktop\FRST64.exe
2014-04-16 13:58 - 2014-04-16 13:58 - 00020925 _____ () C:\Users\Rachelle\Desktop\FRST.txt
2014-04-16 13:58 - 2014-04-16 13:58 - 00000000 ____D () C:\FRST
2014-04-16 13:57 - 2014-04-08 21:20 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf539a45b81a1d.job
2014-04-16 13:57 - 2012-07-25 18:48 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-16 13:57 - 2012-07-25 18:46 - 01845994 _____ () C:\Windows\WindowsUpdate.log
2014-04-16 13:57 - 2009-07-13 23:51 - 00052640 _____ () C:\Windows\setupact.log
2014-04-16 09:17 - 2014-04-06 12:50 - 00000088 _____ () C:\Windows\system32\cgnqdp.rih
2014-04-16 04:02 - 2014-04-07 07:44 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-15 21:25 - 2014-04-08 21:15 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-15 19:49 - 2014-04-09 14:46 - 00001846 _____ () C:\Users\Public\Desktop\McAfee Security Center.lnk
2014-04-15 17:39 - 2014-04-09 14:45 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-04-15 09:20 - 2014-04-03 19:26 - 00000000 ____D () C:\Users\Rachelle\AppData\Roaming\Skype
2014-04-15 09:18 - 2014-04-15 09:18 - 00014395 _____ () C:\Users\Rachelle\Desktop\Attach2.txt
2014-04-15 09:18 - 2014-04-10 08:38 - 00032056 _____ () C:\Users\Rachelle\Desktop\dds.txt
2014-04-15 09:18 - 2014-04-10 08:38 - 00014395 _____ () C:\Users\Rachelle\Desktop\attach.txt
2014-04-15 09:11 - 2014-04-15 09:11 - 00000000 ___RD () C:\Users\Rachelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-04-15 09:11 - 2012-07-25 19:15 - 00000000 ____D () C:\Users\Default\AppData\Local\SoftThinks
2014-04-15 09:11 - 2012-07-25 19:15 - 00000000 ____D () C:\Users\Default User\AppData\Local\SoftThinks
2014-04-15 09:11 - 2012-07-25 19:04 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2014-04-14 15:12 - 2009-07-13 23:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-14 15:12 - 2009-07-13 23:45 - 00021296 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-14 15:10 - 2009-07-14 00:13 - 00779724 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-14 15:05 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-14 12:47 - 2014-04-09 18:12 - 00000000 ____D () C:\Users\Rachelle\AppData\Local\CrashDumps
2014-04-14 03:12 - 2014-04-07 08:47 - 00000000 ____D () C:\Users\Rachelle\AppData\Roaming\SoftGrid Client
2014-04-11 08:48 - 2014-04-03 19:26 - 00000000 ____D () C:\Users\Rachelle\Documents\work
2014-04-10 23:41 - 2014-04-03 20:56 - 00000000 ____D () C:\Users\Rachelle\AppData\Local\Battle.net
2014-04-10 17:04 - 2012-07-25 19:13 - 00000000 ____D () C:\ProgramData\McAfee
2014-04-10 16:18 - 2014-04-03 20:56 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-04-10 08:11 - 2014-04-09 16:10 - 00002954 _____ () C:\Users\Rachelle\Desktop\Rkill.txt
2014-04-09 19:45 - 2014-04-09 19:45 - 00000000 ____D () C:\TDSSKiller_Quarantine
2014-04-09 18:33 - 2014-04-09 17:18 - 00000000 ____D () C:\AdwCleaner
2014-04-09 17:41 - 2014-04-03 19:07 - 00000000 ____D () C:\Users\Rachelle
2014-04-09 17:36 - 2014-04-09 17:36 - 00001748 _____ () C:\Windows\system32\regHiveData.bin
2014-04-09 17:30 - 2014-04-09 17:30 - 00000636 _____ () C:\Users\Rachelle\Desktop\JRT.txt
2014-04-09 17:22 - 2014-04-09 17:22 - 00000000 ____D () C:\Windows\ERUNT
2014-04-09 16:30 - 2014-04-09 16:30 - 00000548 _____ () C:\Users\Rachelle\Desktop\Emsisoft Emergency Kit.lnk
2014-04-09 16:30 - 2014-04-09 16:30 - 00000000 ____D () C:\EEK
2014-04-09 16:28 - 2014-04-09 16:28 - 00027904 _____ () C:\Windows\system32\bootdelete.lst
2014-04-09 16:28 - 2014-04-09 16:28 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-04-09 16:28 - 2014-04-09 16:24 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-04-09 16:25 - 2014-04-09 16:25 - 00001899 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2014-04-09 16:25 - 2014-04-09 16:25 - 00000000 ____D () C:\Program Files\HitmanPro
2014-04-09 16:24 - 2014-04-09 16:20 - 00000000 ____D () C:\Users\Rachelle\Desktop\RK_Quarantine
2014-04-09 16:23 - 2014-04-09 16:23 - 00055689 _____ () C:\Users\Rachelle\Desktop\RKreport[0]_D_04092014_162333.txt
2014-04-09 16:23 - 2014-04-09 16:23 - 00055548 _____ () C:\Users\Rachelle\Desktop\RKreport[0]_S_04092014_162302.txt
2014-04-09 15:32 - 2014-04-09 15:31 - 04118841 _____ () C:\Users\Rachelle\Downloads\tdsskiller.zip
2014-04-09 15:32 - 2014-04-07 15:40 - 04139872 _____ (Kaspersky Lab ZAO) C:\Users\Rachelle\Desktop\TDSSKiller.exe
2014-04-09 15:19 - 2014-04-07 07:44 - 00001108 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-04-09 15:19 - 2014-04-07 07:44 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-04-09 14:50 - 2014-04-03 19:24 - 00000000 ____D () C:\Program Files (x86)\Diablo III
2014-04-09 14:45 - 2014-04-09 14:45 - 00000000 ____D () C:\Program Files\McAfee.com
2014-04-09 14:45 - 2014-04-09 14:45 - 00000000 ____D () C:\Program Files (x86)\McAfee.com
2014-04-09 14:45 - 2012-07-25 19:13 - 00000000 ____D () C:\Program Files\mcafee
2014-04-09 14:45 - 2012-07-25 19:13 - 00000000 ____D () C:\Program Files\Common Files\mcafee
2014-04-09 14:39 - 2010-11-20 22:47 - 00022248 _____ () C:\Windows\PFRO.log
2014-04-08 21:26 - 2014-04-08 21:15 - 00002185 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-08 21:20 - 2014-04-08 21:20 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cf539a45b81a1d
2014-04-08 21:20 - 2014-04-08 21:15 - 00003646 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-04-08 21:15 - 2014-04-08 21:15 - 00000000 ____D () C:\ProgramData\Google
2014-04-08 21:15 - 2014-04-08 21:15 - 00000000 ____D () C:\Program Files\Google
2014-04-08 21:15 - 2014-04-08 21:14 - 00000000 ____D () C:\Users\Rachelle\AppData\Local\Adobe
2014-04-08 21:15 - 2014-04-03 19:25 - 00000000 ____D () C:\Users\Rachelle\AppData\Local\Google
2014-04-08 21:15 - 2014-04-03 19:24 - 00000000 ____D () C:\Program Files (x86)\Google
2014-04-08 21:15 - 2012-07-25 18:48 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-08 21:15 - 2012-07-25 18:48 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-08 21:15 - 2012-07-25 18:48 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-08 03:18 - 2012-07-25 19:09 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-04-08 03:18 - 2009-07-14 00:08 - 00010342 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-08 03:02 - 2014-04-07 08:46 - 00000000 ____D () C:\Program Files (x86)\Microsoft Application Virtualization Client
2014-04-08 03:02 - 2011-02-10 11:10 - 00795928 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-04-08 03:01 - 2014-04-08 03:01 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-04-07 10:58 - 2014-04-07 10:57 - 00000306 _____ () C:\ProgramData\hpzinstall.log
2014-04-07 10:57 - 2014-04-07 10:57 - 00000000 ____D () C:\ProgramData\VirtualizedApplications
2014-04-07 10:57 - 2014-04-07 10:57 - 00000000 ____D () C:\ProgramData\HP
2014-04-07 08:52 - 2014-04-07 08:52 - 00000000 __RHD () C:\MSOCache
2014-04-07 08:47 - 2014-04-07 08:47 - 00000000 ____D () C:\Users\Rachelle\AppData\Local\SoftGrid Client
2014-04-07 08:47 - 2014-04-07 08:46 - 00000000 ____D () C:\Users\Rachelle\AppData\Roaming\TP
2014-04-07 08:46 - 2014-04-07 08:46 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2014-04-07 08:46 - 2012-07-25 19:07 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-04-07 08:46 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-04-07 07:44 - 2014-04-07 07:44 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-04-06 16:33 - 2014-04-03 20:56 - 00000000 ____D () C:\Users\Rachelle\AppData\Roaming\Battle.net
2014-04-06 15:46 - 2014-04-03 19:11 - 00000000 ____D () C:\Users\Rachelle\Documents\Bluetooth Folder
2014-04-06 12:40 - 2014-04-06 12:40 - 00000064 _____ () C:\Windows\system32\rvomn.hlk
2014-04-06 12:40 - 2014-04-06 12:40 - 00000000 _____ () C:\Windows\system32\thyp.eay
2014-04-06 12:24 - 2014-04-06 12:24 - 00305834 ____S () C:\Windows\system32\efqkqik.ckr
2014-04-06 12:24 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\sysprep
2014-04-05 10:40 - 2014-04-03 19:07 - 00058016 _____ () C:\Users\Rachelle\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-05 09:53 - 2014-04-03 19:11 - 00000000 ___RD () C:\Users\Rachelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-05 09:53 - 2014-04-03 19:11 - 00000000 ___RD () C:\Users\Rachelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-04-05 04:18 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-04-05 03:52 - 2009-07-13 23:45 - 00275712 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-05 03:51 - 2010-11-21 02:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-04-05 03:51 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files\Windows Defender
2014-04-05 03:51 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-04-05 03:51 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\System
2014-04-05 03:45 - 2014-04-03 19:24 - 00000000 ____D () C:\Program Files (x86)\AOL Computer Checkup
2014-04-04 18:44 - 2012-07-25 19:06 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-04-04 18:44 - 2012-07-25 19:06 - 00000000 ____D () C:\ProgramData\Skype
2014-04-04 16:14 - 2014-04-03 19:25 - 00000000 ____D () C:\Users\Rachelle\AppData\Local\NVIDIA
2014-04-04 16:13 - 2014-04-04 16:13 - 00001353 _____ () C:\Users\Public\Desktop\GeForce Experience.lnk
2014-04-04 16:13 - 2014-04-04 16:13 - 00000000 ____D () C:\Users\Rachelle\AppData\Local\NVIDIA Corporation
2014-04-04 16:13 - 2012-07-25 20:41 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-04-04 16:13 - 2012-07-25 20:41 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-04-04 16:13 - 2012-07-25 20:41 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-04-04 16:13 - 2012-07-25 18:44 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-04-03 21:39 - 2014-04-03 21:39 - 00000000 ____D () C:\Windows\SMINST
2014-04-03 20:59 - 2014-04-03 20:59 - 00001146 _____ () C:\Users\Public\Desktop\Diablo III.lnk
2014-04-03 20:56 - 2014-04-03 20:56 - 00001152 _____ () C:\Users\Public\Desktop\Battle.net.lnk
2014-04-03 20:56 - 2014-04-03 20:56 - 00000000 ____D () C:\ProgramData\Blizzard Entertainment
2014-04-03 20:52 - 2014-04-03 20:51 - 00000000 ____D () C:\ProgramData\Battle.net
2014-04-03 20:15 - 2014-04-03 19:11 - 00001419 _____ () C:\Users\Rachelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-04-03 20:11 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\zh-HK
2014-04-03 20:11 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR
2014-04-03 20:11 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\zh-HK
2014-04-03 20:11 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\tr-TR
2014-04-03 20:11 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-03 20:10 - 2014-04-03 20:06 - 00010972 _____ () C:\Windows\IE11_main.log
2014-04-03 20:09 - 2014-04-03 20:09 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-04-03 20:09 - 2014-04-03 20:09 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-04-03 20:09 - 2014-04-03 20:09 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-04-03 20:09 - 2014-04-03 20:09 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-04-03 20:09 - 2014-04-03 20:09 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-04-03 20:09 - 2014-04-03 20:09 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-04-03 20:09 - 2014-04-03 20:09 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-04-03 20:09 - 2014-04-03 20:09 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-04-03 20:09 - 2014-04-03 20:09 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00288088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-04-03 20:09 - 2014-04-03 20:09 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-04-03 20:09 - 2014-04-03 20:09 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-04-03 20:09 - 2014-04-03 20:09 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-04-03 20:09 - 2014-04-03 20:09 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-04-03 20:09 - 2014-04-03 20:09 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-04-03 20:09 - 2014-04-03 20:09 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-04-03 20:09 - 2014-04-03 20:09 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-04-03 20:09 - 2014-04-03 20:09 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-04-03 20:09 - 2014-04-03 20:09 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-04-03 20:09 - 2014-04-03 20:09 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-04-03 20:09 - 2014-04-03 20:09 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-03 20:09 - 2014-04-03 20:09 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-04-03 20:09 - 2014-04-03 20:09 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-04-03 20:09 - 2014-04-03 20:09 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-04-03 20:09 - 2014-04-03 20:09 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-04-03 20:09 - 2014-04-03 20:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-03 20:09 - 2014-04-03 20:09 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-03 20:09 - 2014-04-03 20:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-03 20:08 - 2014-04-03 20:08 - 02776576 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-04-03 20:08 - 2014-04-03 20:08 - 02284544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-04-03 20:08 - 2014-04-03 20:08 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2014-04-03 20:08 - 2014-04-03 20:08 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2014-04-03 20:08 - 2014-04-03 20:08 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2014-04-03 20:08 - 2014-04-03 20:08 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2014-04-03 20:08 - 2014-04-03 20:08 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2014-04-03 20:08 - 2014-04-03 20:08 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2014-04-03 20:08 - 2014-04-03 20:08 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2014-04-03 20:08 - 2014-04-03 20:08 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2014-04-03 20:08 - 2014-04-03 20:08 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2014-04-03 20:08 - 2014-04-03 20:08 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2014-04-03 20:08 - 2014-04-03 20:08 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2014-04-03 20:08 - 2014-04-03 20:08 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2014-04-03 20:08 - 2014-04-03 20:08 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2014-04-03 20:08 - 2014-04-03 20:08 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2014-04-03 20:08 - 2014-04-03 20:08 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2014-04-03 20:08 - 2014-04-03 20:08 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2014-04-03 20:08 - 2014-04-03 20:08 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2014-04-03 20:08 - 2014-04-03 20:08 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2014-04-03 20:08 - 2014-04-03 20:08 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2014-04-03 20:08 - 2014-04-03 20:08 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2014-04-03 20:08 - 2014-04-03 20:08 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2014-04-03 20:08 - 2014-04-03 20:08 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2014-04-03 20:08 - 2014-04-03 20:08 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-04-03 20:08 - 2014-04-03 20:08 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2014-04-03 20:08 - 2014-04-03 20:08 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-04-03 20:08 - 2014-04-03 20:08 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2014-04-03 20:08 - 2014-04-03 20:08 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-04-03 20:08 - 2014-04-03 20:08 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-04-03 20:08 - 2014-04-03 20:08 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2014-04-03 20:08 - 2014-04-03 20:08 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2014-04-03 20:08 - 2014-04-03 20:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2014-04-03 20:08 - 2014-04-03 20:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2014-04-03 20:08 - 2014-04-03 20:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-04-03 20:08 - 2014-04-03 20:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2014-04-03 20:08 - 2014-04-03 20:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2014-04-03 20:08 - 2014-04-03 20:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-04-03 20:08 - 2014-04-03 20:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2014-04-03 20:08 - 2014-04-03 20:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2014-04-03 20:08 - 2014-04-03 20:08 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-04-03 20:08 - 2014-04-03 20:08 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2014-04-03 20:07 - 2014-04-03 20:07 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2014-04-03 20:07 - 2014-04-03 20:07 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2014-04-03 20:06 - 2014-04-03 20:06 - 02077392 _____ (Microsoft Corporation) C:\Users\Rachelle\Downloads\IE11-Windows6.1.exe
2014-04-03 19:58 - 2014-04-03 19:44 - 00000000 ____D () C:\Windows\SystemRepair
2014-04-03 19:57 - 2014-04-03 19:11 - 00000000 ____D () C:\Users\Rachelle\AppData\Local\VirtualStore
2014-04-03 19:43 - 2014-04-03 19:43 - 00003672 _____ () C:\Windows\System32\Tasks\MainUIModule_AOL_Computer Checkup_{BDA49F87-1626-484F-AB5B-41EA29B28AD7}
2014-04-03 19:43 - 2014-04-03 19:43 - 00002274 _____ () C:\Users\Public\Desktop\AOL Computer Checkup.lnk
2014-04-03 19:43 - 2014-04-03 19:43 - 00000000 ____D () C:\Users\Rachelle\AppData\Roaming\AOL
2014-04-03 19:43 - 2014-04-03 19:43 - 00000000 ____D () C:\ProgramData\AOL Computer Checkup
2014-04-03 19:42 - 2014-04-03 19:42 - 00768288 _____ (AOL) C:\Users\Rachelle\Downloads\AOLComputerCheckupDM.exe
2014-04-03 19:37 - 2014-04-03 19:11 - 00004631 _____ () C:\Windows\system32\lvcoinst.log
2014-04-03 19:36 - 2011-02-10 09:01 - 00000000 ____D () C:\dell
2014-04-03 19:26 - 2014-04-03 19:26 - 00000000 ____D () C:\Users\Rachelle\Dropbox
2014-04-03 19:26 - 2014-04-03 19:26 - 00000000 ____D () C:\Users\Rachelle\Documents\My Scans
2014-04-03 19:26 - 2014-04-03 19:26 - 00000000 ____D () C:\Users\Rachelle\Documents\Fax
2014-04-03 19:26 - 2014-04-03 19:26 - 00000000 ____D () C:\Users\Rachelle\Documents\Diablo III
2014-04-03 19:26 - 2014-04-03 19:26 - 00000000 ____D () C:\Users\Rachelle\Documents\CyberLink
2014-04-03 19:26 - 2014-04-03 19:26 - 00000000 ____D () C:\Users\Rachelle\Desktop\Work
2014-04-03 19:26 - 2014-04-03 19:26 - 00000000 ____D () C:\Users\Rachelle\Desktop\School
2014-04-03 19:26 - 2014-04-03 19:26 - 00000000 ____D () C:\Users\Rachelle\Desktop\photos
2014-04-03 19:26 - 2014-04-03 19:26 - 00000000 ____D () C:\Users\Rachelle\Desktop\Financial
2014-04-03 19:26 - 2014-04-03 19:26 - 00000000 ____D () C:\Users\Rachelle\Desktop\Computer
2014-04-03 19:26 - 2014-04-03 19:26 - 00000000 ____D () C:\Users\Rachelle\AppData\Roaming\Real
2014-04-03 19:26 - 2014-04-03 19:26 - 00000000 ____D () C:\Users\Rachelle\AppData\Roaming\Oberon Media
2014-04-03 19:26 - 2014-04-03 19:26 - 00000000 ____D () C:\Users\Rachelle\AppData\Roaming\NVIDIA
2014-04-03 19:26 - 2014-04-03 19:26 - 00000000 ____D () C:\Users\Rachelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-04-03 19:26 - 2014-04-03 19:26 - 00000000 ____D () C:\Users\Rachelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse
2014-04-03 19:26 - 2014-04-03 19:26 - 00000000 ____D () C:\Users\Rachelle\AppData\Roaming\Meridian93
2014-04-03 19:26 - 2014-04-03 19:26 - 00000000 ____D () C:\Users\Rachelle\AppData\Roaming\Malwarebytes
2014-04-03 19:26 - 2014-04-03 19:26 - 00000000 ____D () C:\Users\Rachelle\AppData\Roaming\HP
2014-04-03 19:26 - 2014-04-03 19:26 - 00000000 ____D () C:\Users\Rachelle\AppData\Roaming\Dropbox
2014-04-03 19:26 - 2014-04-03 19:26 - 00000000 ____D () C:\Users\Rachelle\AppData\Roaming\CyberLink
2014-04-03 19:26 - 2014-04-03 19:26 - 00000000 ____D () C:\Users\Rachelle\AppData\Local\Skype
2014-04-03 19:25 - 2014-04-03 19:25 - 00000000 ____D () C:\Users\Rachelle\AppData\Local\Oberon Games
2014-04-03 19:25 - 2014-04-03 19:25 - 00000000 ____D () C:\Users\Rachelle\AppData\Local\LogiShrd
2014-04-03 19:25 - 2014-04-03 19:25 - 00000000 ____D () C:\Users\Rachelle\AppData\Local\Cyberlink
2014-04-03 19:25 - 2014-04-03 19:25 - 00000000 ____D () C:\Users\Rachelle\AppData\Local\Blizzard Entertainment
2014-04-03 19:25 - 2014-04-03 19:25 - 00000000 ____D () C:\Users\Rachelle\AppData\Local\Blizzard
2014-04-03 19:25 - 2014-04-03 19:25 - 00000000 ____D () C:\Users\Public\Documents\CyberLink
2014-04-03 19:25 - 2014-04-03 19:25 - 00000000 ____D () C:\Program Files\Ventrilo
2014-04-03 19:25 - 2014-04-03 19:25 - 00000000 ____D () C:\Program Files\Microsoft Sync Framework
2014-04-03 19:25 - 2014-04-03 19:25 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-04-03 19:25 - 2014-04-03 19:25 - 00000000 ____D () C:\Program Files\McAfee Security Scan
2014-04-03 19:25 - 2014-04-03 19:25 - 00000000 ____D () C:\Program Files (x86)\YNAB 4
2014-04-03 19:25 - 2014-04-03 19:24 - 00000000 ____D () C:\Program Files (x86)\World of Warcraft
2014-04-03 19:24 - 2014-04-03 19:24 - 00000000 ____D () C:\Program Files (x86)\Rhapsody
2014-04-03 19:24 - 2014-04-03 19:24 - 00000000 ____D () C:\Program Files (x86)\Oberon Media SIDR
2014-04-03 19:24 - 2014-04-03 19:24 - 00000000 ____D () C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2014-04-03 19:24 - 2014-04-03 19:24 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-04-03 19:24 - 2014-04-03 19:24 - 00000000 ____D () C:\Program Files (x86)\Logitech
2014-04-03 19:24 - 2014-04-03 19:24 - 00000000 ____D () C:\Program Files (x86)\Java
2014-04-03 19:24 - 2014-04-03 19:24 - 00000000 ____D () C:\Program Files (x86)\HP
2014-04-03 19:24 - 2014-04-03 19:24 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-04-03 19:24 - 2014-04-03 19:24 - 00000000 ____D () C:\Program Files (x86)\DivX
2014-04-03 19:24 - 2014-04-03 19:24 - 00000000 ____D () C:\Program Files (x86)\Citrix
2014-04-03 19:24 - 2014-04-03 19:18 - 00000000 ____D () C:\Program Files (x86)\Dell Digital Delivery
2014-04-03 19:24 - 2012-07-25 19:07 - 00000000 ____D () C:\Program Files (x86)\CyberLink
2014-04-03 19:23 - 2014-04-03 19:23 - 00000000 ____D () C:\NVIDIA
2014-04-03 19:20 - 2014-04-03 19:20 - 00000211 _____ () C:\Users\Public\Desktop\My Identity Protection.url
2014-04-03 19:20 - 2014-04-03 19:20 - 00000000 ____D () C:\TrustedID IDMonitor Identity Protection
2014-04-03 19:14 - 2014-04-03 19:14 - 00000000 ____D () C:\Users\Rachelle\AppData\Roaming\Macromedia
2014-04-03 19:14 - 2014-04-03 19:14 - 00000000 ____D () C:\Users\Rachelle\AppData\Roaming\Adobe
2014-04-03 19:13 - 2012-07-25 19:05 - 00017984 _____ () C:\Windows\RPSETUP.EXE.LOG
2014-04-03 19:12 - 2014-04-03 19:12 - 00000000 ____D () C:\Users\Rachelle\AppData\Roaming\Intel Corporation
2014-04-03 19:11 - 2014-04-03 19:11 - 00000000 ____D () C:\Users\Rachelle\AppData\Roaming\Atheros
2014-04-03 19:11 - 2014-04-03 19:11 - 00000000 ____D () C:\Users\Rachelle\AppData\Local\BMExplorer
2014-04-03 19:11 - 2014-04-03 19:11 - 00000000 ____D () C:\Program Files\Common Files\logishrd
2014-04-03 19:11 - 2012-07-25 19:23 - 00000000 ____D () C:\ProgramData\Atheros
2014-04-03 19:07 - 2014-04-03 19:07 - 00000020 ___SH () C:\Users\Rachelle\ntuser.ini
2014-04-03 19:07 - 2014-04-03 19:07 - 00000000 ____D () C:\Users\Rachelle\AppData\Local\SoftThinks
2014-04-03 19:07 - 2009-07-13 22:20 - 00000000 __RHD () C:\Users\Public\Libraries
2014-04-03 19:06 - 2014-04-03 21:46 - 00000000 ____D () C:\Emergency
2014-04-03 18:59 - 2011-02-10 09:02 - 00000000 ____D () C:\Windows\panther
2014-04-03 09:51 - 2014-04-07 07:44 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-04-07 07:44 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2014-04-07 07:44 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-03-17 19:02 - 2011-03-13 11:20 - 00070592 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\cfwids.sys
2014-03-17 18:54 - 2012-07-25 19:13 - 00185792 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
2014-03-17 18:54 - 2011-03-13 11:20 - 00345456 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfewfpk.sys
2014-03-17 18:49 - 2011-03-13 11:20 - 00783864 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfehidk.sys
2014-03-17 18:47 - 2011-03-13 11:20 - 00522360 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfefirek.sys
2014-03-17 18:45 - 2011-03-13 11:20 - 00311600 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeavfk.sys
2014-03-17 18:44 - 2011-03-13 11:20 - 00180272 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\mfeapfk.sys
Some content of TEMP:
====================
C:\Users\Rachelle\AppData\Local\Temp\Quarantine.exe

==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll
[2010-11-20 22:24] - [2010-11-20 22:24] - 0520192 ____A (Microsoft Corporation) 65B89E87D35226DFA6706A7D1F6D400D
 ATTENTION ======> If the system is having audio adware rpcss.dll is patched. Google the MD5, if the MD5 is unique the file is infected.
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-04-09 03:00
==================== End Of Log ============================

 

Farbar Recovery Scan Tool (x64) Version: 16-04-2014 02
Ran by Rachelle at 2014-04-16 14:05:15
Running from C:\Users\Rachelle\Desktop
Boot Mode: Normal

================== Search: "rpcss.dll" ===================

C:\WINDOWS\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
[2010-11-20 22:24] - [2010-11-20 22:24] - 0512000 ____A (Microsoft Corporation) 5C627D1B1138676C0A7AB2C2C190D123

C:\WINDOWS\System32\rpcss.dll
[2010-11-20 22:24] - [2010-11-20 22:24] - 0520192 ____A (Microsoft Corporation) 65B89E87D35226DFA6706A7D1F6D400D

====== End Of Search ======

 

 

Attached Files



#6 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:58 PM

Posted 16 April 2014 - 05:25 PM

Hello pantherr



I need you to download this script I have made for you --> Attached File  fixlist.txt   513bytes   2 downloads

It needs to be saved Next to the "Farbar Recovery Scan Tool" (FRST) program (If asked to overwrite existing one please allow)

Run FRST again but this time press the Fix button just once and wait.


When finished, it will make a log (fixlog.txt) next to FRST. Please copy and paste the content of this file to your reply.


NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#7 pantherr

pantherr
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 16 April 2014 - 07:50 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 16-04-2014 02
Ran by Rachelle at 2014-04-16 19:48:38 Run:1
Running from C:\Users\Rachelle\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
2014-04-06 12:50 - 2014-04-16 09:17 - 00000088 _____ () C:\Windows\system32\cgnqdp.rih
2014-04-06 12:40 - 2014-04-06 12:40 - 00000064 _____ () C:\Windows\system32\rvomn.hlk
2014-04-06 12:40 - 2014-04-06 12:40 - 00000000 _____ () C:\Windows\system32\thyp.eay
2014-04-06 12:24 - 2014-04-06 12:24 - 00305834 ____S () C:\Windows\system32\efqkqik.ckr
Replace: C:\WINDOWS\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll C:\WINDOWS\System32\rpcss.dll
*****************

C:\Windows\system32\cgnqdp.rih => Moved successfully.
C:\Windows\system32\rvomn.hlk => Moved successfully.
Could not move "C:\Windows\system32\thyp.eay" => Scheduled to move on reboot.
Could not move "C:\Windows\system32\efqkqik.ckr" => Scheduled to move on reboot.
C:\WINDOWS\System32\rpcss.dll => Moved successfully.
C:\WINDOWS\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll copied successfully to C:\WINDOWS\System32\rpcss.dll

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-04-16 19:50:14)<=

C:\Windows\system32\thyp.eay => Is moved successfully.
C:\Windows\system32\efqkqik.ckr => Is moved successfully.

==== End of Fixlog ====



#8 pantherr

pantherr
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 16 April 2014 - 08:51 PM

Haven't heard the random noises in the last hour.


Edited by pantherr, 16 April 2014 - 08:52 PM.


#9 pantherr

pantherr
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 17 April 2014 - 07:18 AM

I had a popup from my system (I think) that read: "Service Tag in DSOE does not match the current system."



#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:58 PM

Posted 17 April 2014 - 07:54 AM



Hello pantherr

These are the programs I would like you to run next, if you have any problems with one of these just skip it and move on to the next one.

-AdwCleaner-

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
-Junkware-Removal-Tool-

Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
When they are complete let me have the two reports and let me know how things are running.

Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#11 pantherr

pantherr
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 17 April 2014 - 03:48 PM

# AdwCleaner v3.023 - Report created 17/04/2014 at 15:34:02
# Updated 01/04/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Rachelle - RACHELLE-PC
# Running from : C:\Users\Rachelle\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16521

-\\ Google Chrome v34.0.1847.116

[ File : C:\Users\Rachelle\AppData\Local\Google\Chrome\User Data\Default\preferences ]

*************************

AdwCleaner[R0].txt - [2109 octets] - [09/04/2014 17:18:35]
AdwCleaner[R1].txt - [1011 octets] - [09/04/2014 18:32:59]
AdwCleaner[R2].txt - [1013 octets] - [17/04/2014 15:33:23]
AdwCleaner[S0].txt - [2208 octets] - [09/04/2014 17:19:54]
AdwCleaner[S1].txt - [1076 octets] - [09/04/2014 18:33:43]
AdwCleaner[S2].txt - [936 octets] - [17/04/2014 15:34:02]

########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [995 octets] ##########

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Rachelle on Thu 04/17/2014 at 15:39:21.94
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

~~~ Services

 

~~~ Registry Values

 

~~~ Registry Keys

 

~~~ Files

 

~~~ Folders

 

~~~ Event Viewer Logs were cleared

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 04/17/2014 at 15:46:24.98
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

It seems to be running great! Thank you so much :)



#12 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:58 PM

Posted 18 April 2014 - 06:53 AM


Hello pantherr

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#13 pantherr

pantherr
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 18 April 2014 - 07:16 PM

my computer went to sleep while Cambofix was running. now it just says "preparing log report. do not run any programs until combofix has finished." Been that way for awhile,
what can I do?
I am on my phone not the desktop.

#14 pantherr

pantherr
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:12:58 PM

Posted 18 April 2014 - 08:57 PM

ComboFix 14-04-17.01 - Rachelle 04/18/2014  19:33:34.2.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.12251.8695 [GMT -5:00]
Running from: c:\users\Rachelle\Desktop\ComboFix.exe
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {86355677-4064-3EA7-ABB3-1B136EB04637}
AV: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
FW: McAfee Firewall *Disabled* {BE0ED752-0A0B-3FFF-80EC-B2269063014C}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: McAfee Anti-Virus and Anti-Spyware *Disabled/Updated* {3D54B793-665E-3129-9103-206115370C8A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Created a new restore point
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\RPSETUP.EXE.LOG
.
.
(((((((((((((((((((((((((   Files Created from 2014-03-19 to 2014-04-19  )))))))))))))))))))))))))))))))
.
.
2014-04-19 00:57 . 2014-04-19 00:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-04-18 08:01 . 2014-04-18 08:01 -------- d-----w- c:\windows\Migration
2014-04-16 18:58 . 2014-04-17 00:50 -------- d-----w- C:\FRST
2014-04-10 00:45 . 2014-04-10 00:45 -------- d-----w- C:\TDSSKiller_Quarantine
2014-04-09 22:36 . 2014-04-09 22:36 1748 ----a-w- c:\windows\system32\regHiveData.bin
2014-04-09 22:22 . 2014-04-09 22:22 -------- d-----w- c:\windows\ERUNT
2014-04-09 22:18 . 2014-04-17 20:34 -------- d-----w- C:\AdwCleaner
2014-04-09 21:30 . 2014-04-09 21:30 -------- d-----w- C:\EEK
2014-04-09 21:28 . 2014-04-09 21:28 12872 ----a-w- c:\windows\system32\bootdelete.exe
2014-04-09 21:25 . 2014-04-09 21:25 -------- d-----w- c:\program files\HitmanPro
2014-04-09 21:24 . 2014-04-09 21:28 -------- d-----w- c:\programdata\HitmanPro
2014-04-09 19:45 . 2013-09-23 18:49 197704 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
2014-04-09 19:45 . 2014-04-09 19:45 -------- d-----w- c:\program files\McAfee.com
2014-04-09 19:45 . 2014-04-16 21:10 -------- d-----w- c:\program files (x86)\McAfee
2014-04-09 02:15 . 2014-04-09 02:15 -------- d-----w- c:\program files\Google
2014-04-08 08:01 . 2014-04-08 08:01 -------- d-----w- c:\program files\Microsoft Silverlight
2014-04-07 15:57 . 2014-04-07 15:57 -------- d-----w- c:\programdata\VirtualizedApplications
2014-04-07 15:57 . 2014-04-07 15:57 -------- d-----w- c:\programdata\HP
2014-04-07 13:52 . 2014-04-07 13:52 -------- d-----r- C:\MSOCache
2014-04-07 13:46 . 2014-04-08 08:02 -------- d-----w- c:\program files (x86)\Microsoft Application Virtualization Client
2014-04-07 12:44 . 2014-04-19 00:21 119512 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-07 12:44 . 2014-04-09 20:19 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
2014-04-07 12:44 . 2014-04-07 12:44 -------- d-----w- c:\programdata\Malwarebytes
2014-04-07 12:44 . 2014-04-03 14:51 63192 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-04-07 12:44 . 2014-04-03 14:51 88280 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-04-07 12:44 . 2014-04-03 14:50 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-04-05 19:26 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2014-04-05 19:26 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2014-04-05 08:51 . 2014-04-05 08:51 -------- d-----w- c:\windows\SysWow64\Wat
2014-04-05 08:51 . 2014-04-05 08:51 -------- d-----w- c:\windows\system32\Wat
2014-04-05 08:33 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2014-04-05 08:33 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2014-04-05 08:33 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
2014-04-05 08:33 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2014-04-05 08:33 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
2014-04-05 08:22 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2014-04-05 08:05 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2014-04-05 08:05 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2014-04-05 08:05 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2014-04-05 08:05 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2014-04-05 08:05 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2014-04-05 08:05 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2014-04-05 08:05 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2014-04-05 08:04 . 2013-12-21 09:53 548864 ----a-w- c:\windows\system32\vbscript.dll
2014-04-05 08:04 . 2013-12-21 08:56 454656 ----a-w- c:\windows\SysWow64\vbscript.dll
2014-04-04 23:44 . 2014-04-04 23:44 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-04-04 21:13 . 2010-05-26 16:41 511328 ----a-w- c:\windows\system32\d3dx10_43.dll
2014-04-04 21:13 . 2010-05-26 16:41 470880 ----a-w- c:\windows\SysWow64\d3dx10_43.dll
2014-04-04 21:13 . 2010-05-26 16:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll
2014-04-04 21:13 . 2010-05-26 16:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll
2014-04-04 21:13 . 2010-05-26 16:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll
2014-04-04 21:13 . 2010-05-26 16:41 2401112 ----a-w- c:\windows\system32\D3DX9_43.dll
2014-04-04 21:13 . 2014-01-21 02:54 1048152 ----a-w- c:\windows\SysWow64\nvspcap.dll
2014-04-04 21:13 . 2014-01-21 02:54 1179576 ----a-w- c:\windows\system32\nvspcap64.dll
2014-04-04 21:13 . 2013-12-27 18:42 39200 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2014-04-04 21:13 . 2013-12-27 18:42 35104 ----a-w- c:\windows\system32\nvaudcap64v.dll
2014-04-04 21:13 . 2013-12-27 18:42 33056 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2014-04-04 20:42 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-04-04 20:42 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2014-04-04 16:27 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe
2014-04-04 16:26 . 2013-10-04 02:16 116736 ----a-w- c:\windows\system32\drivers\drmk.sys
2014-04-04 16:25 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys
2014-04-04 16:24 . 2012-11-22 05:44 800768 ----a-w- c:\windows\system32\usp10.dll
2014-04-04 16:23 . 2013-11-26 11:40 376768 ----a-w- c:\windows\system32\drivers\netio.sys
2014-04-04 16:22 . 2013-10-12 02:32 150016 ----a-w- c:\windows\system32\wshom.ocx
2014-04-04 02:46 . 2014-04-04 00:06 -------- d-----w- C:\Emergency
2014-04-04 02:39 . 2014-04-04 02:39 -------- d-----w- c:\windows\SMINST
2014-04-04 01:56 . 2014-04-10 21:18 -------- d-----w- c:\program files (x86)\Battle.net
2014-04-04 01:56 . 2014-04-04 01:59 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2014-04-04 01:56 . 2014-04-04 01:56 -------- d-----w- c:\programdata\Blizzard Entertainment
2014-04-04 01:51 . 2014-04-04 01:52 -------- d-----w- c:\programdata\Battle.net
2014-04-04 01:10 . 2013-10-14 23:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2014-04-04 01:08 . 2014-04-04 01:08 68608 ----a-w- c:\windows\system32\taskhost.exe
2014-04-04 01:07 . 2014-04-04 01:07 1887232 ----a-w- c:\windows\system32\d3d11.dll
2014-04-04 01:07 . 2014-04-04 01:07 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
2014-04-04 00:44 . 2014-04-04 00:58 -------- d-----w- c:\windows\SystemRepair
2014-04-04 00:43 . 2014-04-04 00:43 -------- d-----w- c:\programdata\AOL Computer Checkup
2014-04-04 00:28 . 2014-04-04 00:28 8537680 ----a-w- c:\programdata\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE
2014-04-04 00:25 . 2014-04-04 00:25 -------- d-----w- c:\program files\Ventrilo
2014-04-04 00:25 . 2014-04-04 00:25 -------- d-----w- c:\program files\Microsoft Sync Framework
2014-04-04 00:25 . 2014-04-04 00:25 -------- d-----w- c:\program files\Microsoft Office
2014-04-04 00:25 . 2014-04-04 00:25 -------- d-----w- c:\program files\McAfee Security Scan
2014-04-04 00:25 . 2014-04-04 00:25 -------- d-----w- c:\program files (x86)\YNAB 4
2014-04-04 00:23 . 2014-04-04 00:23 -------- d-----w- C:\NVIDIA
2014-04-04 00:20 . 2014-04-04 00:20 -------- d-----w- C:\TrustedID IDMonitor Identity Protection
2014-04-04 00:18 . 2014-04-04 00:24 -------- d-----w- c:\program files (x86)\Dell Digital Delivery
2014-04-04 00:11 . 2014-04-04 00:24 -------- d-----w- c:\program files (x86)\Common Files\logishrd
2014-04-04 00:11 . 2014-04-04 00:11 -------- d-----w- c:\program files\Common Files\logishrd
2014-04-04 00:07 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2014-04-04 00:07 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2014-04-04 00:07 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2014-04-04 00:07 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2014-04-04 00:07 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2014-04-04 00:07 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2014-04-04 00:07 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2014-04-04 00:07 . 2012-06-02 20:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2014-04-04 00:07 . 2012-06-02 20:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2014-04-04 00:07 . 2014-04-17 00:48 -------- d-----w- c:\users\Rachelle
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-09 02:15 . 2012-07-25 23:48 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-09 02:15 . 2012-07-25 23:48 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-04-04 00:08 . 2010-06-24 16:33 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-03-18 00:02 . 2011-03-13 16:20 70592 ----a-w- c:\windows\system32\drivers\cfwids.sys
2014-03-17 23:54 . 2011-03-13 16:20 345456 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2014-03-17 23:54 . 2012-07-26 00:13 185792 ----a-w- c:\windows\system32\mfevtps.exe
2014-03-17 23:49 . 2011-03-13 16:20 783864 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2014-03-17 23:47 . 2011-03-13 16:20 522360 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2014-03-17 23:45 . 2011-03-13 16:20 311600 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2014-03-17 23:44 . 2011-03-13 16:20 180272 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2014-03-04 09:17 . 2014-04-17 08:00 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-01-21 08:50 . 2014-01-21 08:50 11336 ----a-w- c:\windows\system32\drivers\mfeclnrk.sys
2014-01-21 08:50 . 2014-01-21 08:50 96592 ----a-w- c:\windows\system32\drivers\mfencrk.sys
2014-01-21 08:50 . 2014-01-21 08:50 422712 ----a-w- c:\windows\system32\drivers\mfencbdc.sys
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-02-10 20922016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Chicony_OSD"="c:\program files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\LaunchOSDSrv.exe" [2011-01-13 53248]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088]
"USB3MON"="c:\program files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-17 291608]
"ShwiconXP9106"="c:\program files (x86)\Multimedia Card Reader(9106)\ShwiconXP9106.exe" [2010-03-10 237568]
"RemoteControl9"="c:\program files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-10-01 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\CyberLink\PowerDVD9\Language\Language.exe" [2010-09-17 50472]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2012-03-27 76872]
"Dell DataSafe Online"="c:\program files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe" [2010-08-26 1117528]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-16 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-16 932288]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2014-01-28 537992]
"MakiwaraNotify"="c:\program files (x86)\AOL Computer Checkup\sdccont.exe" [2014-01-21 84056]
"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2014-01-28 537992]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ    autocheck autochk *\0bootdelete
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [x]
R2 CLKMSVC10_9EC60124;CyberLink Product - 2012/07/25 19:08;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe;c:\program files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 cleanhlp;cleanhlp;c:\eek\Run\cleanhlp64.sys;c:\eek\Run\cleanhlp64.sys [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys;c:\windows\SYSNATIVE\DRIVERS\mfencrk.sys [x]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys;c:\windows\SYSNATIVE\drivers\mferkdet.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 iusb3hcs;Intel® USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\eek\RUN\a2ddax64.sys;c:\eek\RUN\a2ddax64.sys [x]
S2 AERTFilters;Andrea RT Filters Service;c:\program files\Realtek\Audio\HDA\AERTSr64.exe;c:\program files\Realtek\Audio\HDA\AERTSr64.exe [x]
S2 AOL Computer Checkup;AOL Computer Checkup;c:\program files (x86)\AOL Computer Checkup\SDCService.exe;c:\program files (x86)\AOL Computer Checkup\SDCService.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DellDigitalDelivery;Dell Digital Delivery Service;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe;c:\program files (x86)\Dell Digital Delivery\DeliveryService.exe [x]
S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe;c:\program files\HitmanPro\hmpsched.exe [x]
S2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
S2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe;c:\program files\McAfee\MSC\McAPExe.exe [x]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [x]
S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [x]
S2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S2 NOBU;Dell DataSafe Online;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE;c:\program files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe SERVICE [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 OSDSvc;ChiconyOSDService;c:\program files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe;c:\program files (x86)\Dell\Dell KM632 Wireless Keyboard Caps Lock Indicator\OSDSrv.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 ZAtheros Bt&Wlan Coex Agent;ZAtheros Bt&Wlan Coex Agent;c:\program files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [x]
S2 ZAtheros Wlan Agent;ZAtheros Wlan Agent;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe;c:\program files (x86)\Dell Wireless\Ath_WlanAgent.exe [x]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [x]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel® USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel® USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 LVUVC64;Logitech HD Webcam C510(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys;c:\windows\SYSNATIVE\DRIVERS\mfencbdc.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MBAMSWISSARMY
*NewlyCreated* - MBAMWEBACCESSCONTROL
*Deregistered* - CLKMDRV10_9EC60124
*Deregistered* - mfeapfk01
*Deregistered* - mfeavfk01
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-09 02:26 1077576 ----a-w- c:\program files (x86)\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-04-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-25 02:15]
.
2014-04-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-04-09 02:15]
.
2014-04-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cf539a45b81a1d.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-04-09 02:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2011-12-23 6457960]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-11-16 1156712]
"AtherosBtStack"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe" [2011-12-29 1014432]
"AthBtTray"="c:\program files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe" [2011-12-29 800416]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-01-21 2234144]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-01-21 1179576]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 97.64.183.164 97.64.209.37
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
SafeBoot-CleanHlp
SafeBoot-CleanHlp.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
AddRemove-AOL Toolbar - c:\program files (x86)\AOL Toolbar\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_182_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_182_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_182_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_182_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_182.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_182.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_182.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_182.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-04-18  20:52:07
ComboFix-quarantined-files.txt  2014-04-19 01:51
.
Pre-Run: 895,511,543,808 bytes free
Post-Run: 895,376,420,864 bytes free
.
- - End Of File - - 6C6F4C9C8BE51CCA0F7ECABEDFBED114

The computer seems to be running fine.
 



#15 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:58 PM

Posted 18 April 2014 - 11:13 PM


Hello pantherr

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Please start by opening Notepad and copy/paste the text in the box into the window:

ClearJavaCache::


 
Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
CFScriptB-4.gif
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
    • report from Combofix
    • let me know of any problems you may have had
    • How is the computer doing now after running the script?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users