Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Spam email (from http://tinyurl.com/mnj24x4)


  • This topic is locked This topic is locked
33 replies to this topic

#1 Thomas J Marshall

Thomas J Marshall

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern Ireland
  • Local time:11:01 PM

Posted 28 August 2014 - 10:40 AM

Have got rid of (I think) sefnit but still having trouble with unwanted email.  Running Windows 8 and Thunderbird.  As per Condobloke's instructions on http://tinyurl.com/mnj24x4 I am posting the Farbar Recovery Scan Tool logs.  Thanks.

 

FIRST

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 25-08-2014
Ran by Thomas (administrator) on THOMASPC on 28-08-2014 12:33:36
Running from D:\Downloads
Platform: Windows 8.1 (X64) OS Language: English (United Kingdom)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr64.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(SUPERAntiSpyware.com) C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Dropbox, Inc.) C:\Users\Thomas\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7203032 2013-10-22] (Realtek Semiconductor)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [161984 2014-04-05] (IvoSoft)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [EaseUS EPM tray] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\EpmNews.exe [2086568 2014-03-06] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [EaseUS EPM Tray Agent] => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 10.0\bin\TrayPopupE\TrayTipAgentE.exe [254024 2014-02-13] ()
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [413696 2009-01-05] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-08-22] (AVAST Software)
Winlogon\Notify\!SASWinLogon-x32: C:\Program Files (x86)\SUPERAntiSpyware\SASWINLO.dll (SUPERAntiSpyware.com)
HKU\S-1-5-21-1904816859-1507245205-4180054148-1001\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [389120 2013-12-20] (AMD)
HKU\S-1-5-21-1904816859-1507245205-4180054148-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files (x86)\SUPERAntiSpyware\SUPERAntiSpyware.exe [2010864 2010-04-01] (SUPERAntiSpyware.com)
HKU\S-1-5-21-1904816859-1507245205-4180054148-1001\...\MountPoints2: {84576523-ce16-11e3-826b-bcee7b790967} - "F:\AutoRun.exe" {D2D77DC2-8299-11D1-8949-444553540000} 5.2066.1.A11B02 PID_0083
Startup: C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Thomas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: ShareOverlay -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
ShellIconOverlayIdentifiers-x32: ShareOverlay -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://t.uk.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x810C28D1E059CF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-GB
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} -  No File
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
ShellExecuteHooks-x32: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files (x86)\SUPERAntiSpyware\SASSEH.DLL [77824 2008-05-13] (SuperAdBlocker.com)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 0.0.0.0

FireFox:
========
FF ProfilePath: C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\ys072y1f.default
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(host%20%3D%3D%20's.hulu.com'%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpreview.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fnew.songza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*'))%20%7B%20return%20'PROXY%20us11.sq.proxmate.me%3A8000%3B%20PROXY%20us01.sq.proxmate.me%3A8000%3B%20PROXY%20us07.sq.proxmate.me%3A8000%3B%20PROXY%20us03.sq.proxmate.me%3A8000%3B%20PROXY%20us04.sq.proxmate.me%3A8000%3B%20PROXY%20us09.sq.proxmate.me%3A8000%3B%20PROXY%20us10.sq.proxmate.me%3A8000%3B%20PROXY%20us08.sq.proxmate.me%3A8000%3B%20PROXY%20us02.sq.proxmate.me%3A8000%3B%20PROXY%20us05.sq.proxmate.me%3A8000%3B%20PROXY%20us06.sq.proxmate.me%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_179.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_179.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update \1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update \1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\ys072y1f.default\searchplugins\bleeping-computer-startup-list.xml
FF Extension: IE Tab + - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\ys072y1f.default\Extensions\coralietab@mozdev.org [2014-04-16]
FF Extension: YouTube Unblocker - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\ys072y1f.default\Extensions\youtubeunblocker@unblocker.yt [2014-07-17]
FF Extension: ColorfulTabs - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\ys072y1f.default\Extensions\{0545b830-f0aa-4d7e-8820-50a4629a56fe} [2014-08-20]
FF Extension: Garmin Communicator - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\ys072y1f.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2014-04-16]
FF Extension: Download Statusbar - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\ys072y1f.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389} [2014-04-16]
FF Extension: Autofill Forms - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\ys072y1f.default\Extensions\autofillForms@blueimp.net.xpi [2014-04-16]
FF Extension: ProxMate - Proxy on steroids! - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\ys072y1f.default\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2014-05-10]
FF Extension: Personas Plus - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\ys072y1f.default\Extensions\personas@christopher.beard.xpi [2014-04-16]
FF Extension: TinyURL Generator - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\ys072y1f.default\Extensions\tinyurl.addon@fast-chat.co.uk.xpi [2014-04-16]
FF Extension: Download Status Bar - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\ys072y1f.default\Extensions\{6c28e999-e900-4635-a39d-b1ec90ba0c0f}.xpi [2014-04-16]
FF Extension: Adblock Plus - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\ys072y1f.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-04-16]
FF Extension: Download Statusbar - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\ys072y1f.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi [2014-04-16]
FF Extension: Firefox 2, the theme, reloaded - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\ys072y1f.default\Extensions\{fd2f951f-77ea-4938-9493-0c892c027a13}.xpi [2014-05-11]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-08-22]

Chrome:
=======
CHR Profile: C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-18]
CHR Extension: (Google Drive) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-18]
CHR Extension: (YouTube) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-04-18]
CHR Extension: (Google Search) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-04-18]
CHR Extension: (Google Wallet) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-18]
CHR Extension: (Gmail) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-04-18]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-08-22]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-20] (Advanced Micro Devices, Inc.) [File not signed]
R3 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2013-05-14] ()
S3 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.22\aaHMSvc.exe [954648 2013-07-29] (ASUSTeK Computer Inc.)
S2 AsusFanControlService; C:\Program Files (x86)\ASUS\AsusFanControlService\1.04.03\AsusFanControlService.exe [1690424 2013-11-21] (ASUSTeK Computer Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-08-22] (AVAST Software)
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-24] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-24] (Microsoft Corporation)
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 androidusb; C:\Windows\System32\Drivers\androidusb.sys [38424 2011-07-07] (Google Inc)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-12-16] (Advanced Micro Devices)
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2013-04-06] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2012-09-15] ()
R3 ASUSFILTER; C:\Windows\SysWow64\drivers\ASUSFILTER.sys [46152 2011-09-21] (MCCI Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-08-22] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-08-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-08-22] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-08-22] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-08-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-08-22] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-08-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-08-22] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWB6.sys [222720 2013-12-19] (Advanced Micro Devices)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [17480 2013-03-07] ()
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [13896 2013-03-07] ()
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9800 2013-03-07] ()
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [9160 2013-03-07] ()
S3 massfilter_hs; C:\Windows\System32\drivers\massfilter_hs.sys [18456 2012-01-10] (HandSet Incorporated)
S1 SASDIFSV; C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS [12872 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 SASENUM; C:\Program Files (x86)\SUPERAntiSpyware\SASENUM.SYS [12872 2010-02-17] ( SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files (x86)\SUPERAntiSpyware\SASKUTIL.SYS [66632 2010-02-17] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
U3 TrueSight; C:\Windows\SysWOW64\drivers\TrueSight.sys [33512 2014-08-24] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-24] (Microsoft Corporation)
S3 zghsmdm; C:\Windows\system32\DRIVERS\zghsmdm.sys [129432 2011-09-13] (ZTE Incorporated)
S3 cpuz136; \??\C:\Program Files (x86)\CPUID\PC Wizard 2013\pcwiz_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-28 12:33 - 2014-08-28 12:33 - 00000000 ____D () C:\FRST
2014-08-27 21:51 - 2014-08-23 01:42 - 04148224 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-27 21:02 - 2014-08-27 21:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-08-27 21:01 - 2014-08-27 21:01 - 00000000 ____D () C:\Windows\PCHEALTH
2014-08-27 20:59 - 2014-08-27 20:59 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-08-27 20:59 - 2014-08-27 20:59 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2014-08-27 20:58 - 2014-08-27 20:58 - 00000000 __RHD () C:\MSOCache
2014-08-27 16:29 - 2014-08-27 16:36 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\TP
2014-08-27 14:39 - 2014-08-27 14:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-08-25 00:00 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-08-24 23:58 - 2014-08-25 11:03 - 00000000 ____D () C:\AdwCleaner
2014-08-24 22:22 - 2014-08-24 22:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
2014-08-24 00:19 - 2014-08-25 14:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-24 00:19 - 2014-08-25 14:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-24 00:19 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-08-24 00:19 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-08-24 00:19 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-08-23 23:54 - 2014-08-23 23:54 - 00001868 _____ () C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\avast! antivirus.lnk
2014-08-23 23:40 - 2014-08-26 10:23 - 00000000 ____D () C:\Users\Thomas\AppData\Local\CrashDumps
2014-08-23 23:29 - 2014-08-24 23:40 - 00033512 _____ () C:\Windows\SysWOW64\Drivers\TrueSight.sys
2014-08-23 23:29 - 2014-08-23 23:29 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-08-23 22:05 - 2014-08-23 22:05 - 00000000 ____D () C:\Windows\ERUNT
2014-08-22 23:53 - 2014-08-22 23:53 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-08-22 23:53 - 2014-08-22 23:53 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\AVAST Software
2014-08-22 23:53 - 2014-08-22 23:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-08-22 23:52 - 2014-08-22 23:53 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-08-22 23:52 - 2014-08-22 23:52 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-08-22 23:52 - 2014-08-22 23:52 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-08-22 23:52 - 2014-08-22 23:52 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-08-22 23:52 - 2014-08-22 23:52 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-08-22 23:52 - 2014-08-22 23:52 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-08-22 23:52 - 2014-08-22 23:52 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-08-22 23:52 - 2014-08-22 23:52 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-08-22 23:52 - 2014-08-22 23:52 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-22 23:52 - 2014-08-22 23:52 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-22 23:52 - 2014-08-22 23:52 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-22 23:50 - 2014-08-22 23:52 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-08-18 21:52 - 2014-08-18 21:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-18 21:52 - 2014-08-18 21:51 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-18 21:52 - 2014-08-18 21:51 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-18 21:52 - 2014-08-18 21:51 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-18 21:52 - 2014-08-18 21:51 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-18 21:51 - 2014-08-18 21:51 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-12 21:23 - 2014-07-24 16:28 - 00468288 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2014-08-12 21:23 - 2014-07-24 16:28 - 00419648 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-08-12 21:23 - 2014-07-24 16:28 - 00412992 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2014-08-12 21:23 - 2014-07-24 16:28 - 00143680 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-08-12 21:23 - 2014-07-24 16:23 - 01519488 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2014-08-12 21:23 - 2014-07-24 16:20 - 21266336 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-12 21:23 - 2014-07-24 16:20 - 00645592 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-08-12 21:23 - 2014-07-24 16:16 - 02574208 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2014-08-12 21:23 - 2014-07-24 16:07 - 07424320 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-08-12 21:23 - 2014-07-24 16:07 - 02009920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-08-12 21:23 - 2014-07-24 16:05 - 01660048 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-08-12 21:23 - 2014-07-24 16:05 - 01519560 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-08-12 21:23 - 2014-07-24 16:05 - 01488008 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-08-12 21:23 - 2014-07-24 16:05 - 01356840 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-08-12 21:23 - 2014-07-24 16:03 - 02141920 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2014-08-12 21:23 - 2014-07-24 16:03 - 00882136 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-08-12 21:23 - 2014-07-24 16:03 - 00818624 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2014-08-12 21:23 - 2014-07-24 16:03 - 00360480 _____ (Microsoft Corporation) C:\Windows\system32\mfreadwrite.dll
2014-08-12 21:23 - 2014-07-24 16:03 - 00205512 _____ (Microsoft Corporation) C:\Windows\system32\mftranscode.dll
2014-08-12 21:23 - 2014-07-24 15:57 - 02515264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-08-12 21:23 - 2014-07-24 15:57 - 00475968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-08-12 21:23 - 2014-07-24 14:48 - 02410976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2014-08-12 21:23 - 2014-07-24 14:46 - 18760328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-12 21:23 - 2014-07-24 14:46 - 00477200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-08-12 21:23 - 2014-07-24 14:36 - 02145472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2014-08-12 21:23 - 2014-07-24 14:36 - 00707536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-08-12 21:23 - 2014-07-24 14:36 - 00674512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2014-08-12 21:23 - 2014-07-24 14:36 - 00355800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2014-08-12 21:23 - 2014-07-24 14:36 - 00180720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mftranscode.dll
2014-08-12 21:23 - 2014-07-24 12:44 - 00674816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-08-12 21:23 - 2014-07-24 12:43 - 00412160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2014-08-12 21:23 - 2014-07-24 12:42 - 00446976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys
2014-08-12 21:23 - 2014-07-24 12:05 - 00287232 _____ (Microsoft Corporation) C:\Windows\system32\usbmon.dll
2014-08-12 21:23 - 2014-07-24 12:05 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-08-12 21:23 - 2014-07-24 11:20 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2014-08-12 21:23 - 2014-07-24 11:10 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2014-08-12 21:23 - 2014-07-24 11:06 - 00438272 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2014-08-12 21:23 - 2014-07-24 10:52 - 00621056 _____ (Microsoft Corporation) C:\Windows\system32\comdlg32.dll
2014-08-12 21:23 - 2014-07-24 10:44 - 16874496 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2014-08-12 21:23 - 2014-07-24 10:39 - 00770048 _____ (Microsoft Corporation) C:\Windows\system32\WorkfoldersControl.dll
2014-08-12 21:23 - 2014-07-24 10:33 - 01741824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll
2014-08-12 21:23 - 2014-07-24 10:32 - 01048064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpedit.dll
2014-08-12 21:23 - 2014-07-24 10:16 - 12730880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2014-08-12 21:23 - 2014-07-24 10:12 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\WiFiDisplay.dll
2014-08-12 21:23 - 2014-07-24 10:10 - 00540672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.dll
2014-08-12 21:23 - 2014-07-24 10:03 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2014-08-12 21:23 - 2014-07-24 10:02 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2014-08-12 21:23 - 2014-07-24 10:00 - 13292544 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-08-12 21:23 - 2014-07-24 09:53 - 01261056 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2014-08-12 21:23 - 2014-07-24 09:53 - 00449536 _____ (Microsoft Corporation) C:\Windows\system32\defragsvc.dll
2014-08-12 21:23 - 2014-07-24 09:52 - 02860032 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-08-12 21:23 - 2014-07-24 09:49 - 01287680 _____ (Microsoft Corporation) C:\Windows\system32\mispace.dll
2014-08-12 21:23 - 2014-07-24 09:40 - 11794944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-08-12 21:23 - 2014-07-24 09:39 - 02397184 _____ (Microsoft Corporation) C:\Windows\system32\storagewmi.dll
2014-08-12 21:23 - 2014-07-24 09:38 - 00371200 _____ (Microsoft Corporation) C:\Windows\system32\wlanmsm.dll
2014-08-12 21:23 - 2014-07-24 09:32 - 01532416 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2014-08-12 21:23 - 2014-07-24 09:31 - 01038336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-08-12 21:23 - 2014-07-24 09:30 - 00299520 _____ (Microsoft Corporation) C:\Windows\system32\WSDMon.dll
2014-08-12 21:23 - 2014-07-24 09:29 - 00792064 _____ (Microsoft Corporation) C:\Windows\system32\uDWM.dll
2014-08-12 21:23 - 2014-07-24 09:29 - 00439296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Bluetooth.dll
2014-08-12 21:23 - 2014-07-24 09:27 - 00907776 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2014-08-12 21:23 - 2014-07-24 09:22 - 00487936 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2014-08-12 21:23 - 2014-07-24 09:21 - 01231872 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2014-08-12 21:23 - 2014-07-24 09:21 - 00302080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanmsm.dll
2014-08-12 21:23 - 2014-07-24 09:18 - 00795136 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2014-08-12 21:23 - 2014-07-24 09:16 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\wpdbusenum.dll
2014-08-12 21:23 - 2014-07-24 09:15 - 00828416 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-12 21:23 - 2014-07-24 09:10 - 01029632 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-08-12 21:23 - 2014-07-24 09:10 - 00889344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2014-08-12 21:23 - 2014-07-24 09:10 - 00371712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2014-08-12 21:23 - 2014-07-24 09:02 - 03465216 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-12 21:23 - 2014-07-24 09:01 - 05833216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Search.dll
2014-08-12 21:23 - 2014-07-24 09:01 - 01992192 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2014-08-12 21:23 - 2014-07-24 08:50 - 01182208 _____ (Microsoft Corporation) C:\Windows\system32\printui.dll
2014-08-12 21:23 - 2014-07-24 08:46 - 08652800 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Search.dll
2014-08-12 21:23 - 2014-07-24 08:44 - 01057792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\printui.dll
2014-08-12 21:23 - 2014-07-24 08:43 - 02696704 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2014-08-12 21:23 - 2014-07-24 08:39 - 02642944 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-12 21:23 - 2014-07-24 08:38 - 06649344 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-08-12 21:23 - 2014-07-24 08:38 - 05777408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-08-12 21:23 - 2014-07-24 08:30 - 02318336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-12 21:23 - 2014-07-24 08:28 - 01600000 _____ (Microsoft Corporation) C:\Windows\system32\workfolderssvc.dll
2014-08-12 21:23 - 2014-07-24 05:11 - 00513544 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-12 21:23 - 2014-07-24 05:11 - 00513544 _____ () C:\Windows\system32\locale.nls
2014-08-12 21:23 - 2014-07-12 06:55 - 00268288 _____ (Microsoft Corporation) C:\Windows\system32\wisp.dll
2014-08-12 21:23 - 2014-07-12 05:13 - 01417216 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-08-12 21:23 - 2014-07-04 10:30 - 00544768 _____ (Microsoft Corporation) C:\Windows\system32\AppxPackaging.dll
2014-08-12 21:23 - 2014-07-04 10:27 - 00474112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxPackaging.dll
2014-08-12 21:23 - 2014-06-27 07:22 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2014-08-12 21:23 - 2014-06-26 01:32 - 01029632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mispace.dll
2014-08-12 21:23 - 2014-06-20 02:48 - 01273184 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-12 21:23 - 2014-06-20 00:52 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-12 21:23 - 2014-06-19 03:13 - 00310080 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2014-08-12 21:23 - 2014-06-14 07:03 - 02389504 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-08-12 21:23 - 2014-06-14 06:46 - 02071552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-08-12 21:23 - 2014-06-13 02:15 - 00517528 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2014-08-12 21:23 - 2014-06-13 01:10 - 00406400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2014-08-12 21:23 - 2014-06-05 11:18 - 01018368 _____ (Microsoft Corporation) C:\Windows\system32\aclui.dll
2014-08-12 21:23 - 2014-06-05 10:42 - 00889856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aclui.dll
2014-08-12 21:23 - 2014-05-31 06:00 - 01463808 _____ (Microsoft Corporation) C:\Windows\system32\wsecedit.dll
2014-08-12 21:23 - 2014-05-29 07:23 - 00427008 _____ (Microsoft Corporation) C:\Windows\system32\clusapi.dll
2014-08-12 21:23 - 2014-05-29 06:25 - 00313856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clusapi.dll
2014-08-12 21:23 - 2014-05-06 05:41 - 00486744 _____ (Microsoft Corporation) C:\Windows\system32\netcfgx.dll
2014-08-12 21:23 - 2014-05-06 01:55 - 00391000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcfgx.dll
2014-08-12 21:23 - 2014-03-25 03:27 - 00160600 _____ (Microsoft Corporation) C:\Windows\system32\winmmbase.dll
2014-08-12 21:22 - 2014-07-24 16:28 - 00280384 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2014-08-12 21:22 - 2014-07-24 16:25 - 00054752 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-12 21:22 - 2014-07-24 16:23 - 00125472 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2014-08-12 21:22 - 2014-07-24 16:20 - 00263400 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlows.exe
2014-08-12 21:22 - 2014-07-24 16:16 - 00211216 _____ (Microsoft Corporation) C:\Windows\system32\SndVol.exe
2014-08-12 21:22 - 2014-07-24 16:03 - 00233888 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-08-12 21:22 - 2014-07-24 14:50 - 00098048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2014-08-12 21:22 - 2014-07-24 14:48 - 00180208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SndVol.exe
2014-08-12 21:22 - 2014-07-24 12:51 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\KBDRUM.DLL
2014-08-12 21:22 - 2014-07-24 12:51 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-12 21:22 - 2014-07-24 12:51 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTT102.DLL
2014-08-12 21:22 - 2014-07-24 12:51 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-12 21:22 - 2014-07-24 12:51 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-12 21:22 - 2014-07-24 12:51 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-12 21:22 - 2014-07-24 12:51 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-12 21:22 - 2014-07-24 12:47 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-08-12 21:22 - 2014-07-24 12:46 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys
2014-08-12 21:22 - 2014-07-24 12:45 - 00076800 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2014-08-12 21:22 - 2014-07-24 12:42 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NdisImPlatform.sys
2014-08-12 21:22 - 2014-07-24 12:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bridge.sys
2014-08-12 21:22 - 2014-07-24 12:33 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-12 21:22 - 2014-07-24 12:33 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-12 21:22 - 2014-07-24 12:22 - 00308736 _____ (Microsoft Corporation) C:\Windows\system32\compstui.dll
2014-08-12 21:22 - 2014-07-24 12:06 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\iasnap.dll
2014-08-12 21:22 - 2014-07-24 11:52 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-12 21:22 - 2014-07-24 11:52 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTT102.DLL
2014-08-12 21:22 - 2014-07-24 11:52 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-12 21:22 - 2014-07-24 11:51 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRUM.DLL
2014-08-12 21:22 - 2014-07-24 11:51 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-12 21:22 - 2014-07-24 11:51 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-12 21:22 - 2014-07-24 11:51 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-12 21:22 - 2014-07-24 11:49 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\WorkFoldersGPExt.dll
2014-08-12 21:22 - 2014-07-24 11:33 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-12 21:22 - 2014-07-24 11:32 - 00207360 _____ (Microsoft Corporation) C:\Windows\system32\powercfg.cpl
2014-08-12 21:22 - 2014-07-24 11:18 - 01089024 _____ (Microsoft Corporation) C:\Windows\system32\gpedit.dll
2014-08-12 21:22 - 2014-07-24 11:12 - 00878592 _____ (Microsoft Corporation) C:\Windows\system32\ActionCenter.dll
2014-08-12 21:22 - 2014-07-24 11:10 - 01844224 _____ (Microsoft Corporation) C:\Windows\system32\Display.dll
2014-08-12 21:22 - 2014-07-24 11:10 - 00834560 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-08-12 21:22 - 2014-07-24 11:10 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iasnap.dll
2014-08-12 21:22 - 2014-07-24 11:09 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-08-12 21:22 - 2014-07-24 11:05 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\WorkFoldersShell.dll
2014-08-12 21:22 - 2014-07-24 10:53 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\prnntfy.dll
2014-08-12 21:22 - 2014-07-24 10:42 - 00206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\powercfg.cpl
2014-08-12 21:22 - 2014-07-24 10:40 - 00557056 _____ (Microsoft Corporation) C:\Windows\system32\PrintDialogs.dll
2014-08-12 21:22 - 2014-07-24 10:27 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-08-12 21:22 - 2014-07-24 10:27 - 00779264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-08-12 21:22 - 2014-07-24 10:25 - 00832512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ActionCenter.dll
2014-08-12 21:22 - 2014-07-24 10:24 - 01817088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Display.dll
2014-08-12 21:22 - 2014-07-24 10:23 - 00328704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2014-08-12 21:22 - 2014-07-24 10:21 - 00134144 _____ (Microsoft Corporation) C:\Windows\system32\browser.dll
2014-08-12 21:22 - 2014-07-24 10:18 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\wlansvcpal.dll
2014-08-12 21:22 - 2014-07-24 10:14 - 00443904 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll
2014-08-12 21:22 - 2014-07-24 10:13 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prnntfy.dll
2014-08-12 21:22 - 2014-07-24 10:11 - 00356864 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2014-08-12 21:22 - 2014-07-24 10:11 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\wshbth.dll
2014-08-12 21:22 - 2014-07-24 10:09 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\httpprxm.dll
2014-08-12 21:22 - 2014-07-24 10:04 - 00492032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintDialogs.dll
2014-08-12 21:22 - 2014-07-24 10:04 - 00183808 _____ (Microsoft Corp.) C:\Windows\system32\Defrag.exe
2014-08-12 21:22 - 2014-07-24 09:58 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\BluetoothApis.dll
2014-08-12 21:22 - 2014-07-24 09:49 - 01361408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2014-08-12 21:22 - 2014-07-24 09:49 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\wlanapi.dll
2014-08-12 21:22 - 2014-07-24 09:49 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\adhsvc.dll
2014-08-12 21:22 - 2014-07-24 09:48 - 00659968 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Bluetooth.dll
2014-08-12 21:22 - 2014-07-24 09:47 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\wcmcsp.dll
2014-08-12 21:22 - 2014-07-24 09:43 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshbth.dll
2014-08-12 21:22 - 2014-07-24 09:36 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BluetoothApis.dll
2014-08-12 21:22 - 2014-07-24 09:30 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanapi.dll
2014-08-12 21:22 - 2014-07-24 09:28 - 00595456 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.dll
2014-08-12 21:22 - 2014-07-24 09:24 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-08-12 21:22 - 2014-07-24 09:23 - 01404416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\storagewmi.dll
2014-08-12 21:22 - 2014-07-24 09:20 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\puiapi.dll
2014-08-12 21:22 - 2014-07-24 09:19 - 00388608 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-08-12 21:22 - 2014-07-24 09:18 - 01144320 _____ (Microsoft Corporation) C:\Windows\system32\wwanmm.dll
2014-08-12 21:22 - 2014-07-24 09:18 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-12 21:22 - 2014-07-24 09:16 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\VAN.dll
2014-08-12 21:22 - 2014-07-24 09:15 - 00721408 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.dll
2014-08-12 21:22 - 2014-07-24 09:15 - 00432128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.dll
2014-08-12 21:22 - 2014-07-24 09:13 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\SndVolSSO.dll
2014-08-12 21:22 - 2014-07-24 09:12 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-08-12 21:22 - 2014-07-24 09:10 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-08-12 21:22 - 2014-07-24 09:08 - 00321536 _____ (Microsoft Corporation) C:\Windows\system32\stobject.dll
2014-08-12 21:22 - 2014-07-24 09:08 - 00162816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiapi.dll
2014-08-12 21:22 - 2014-07-24 09:07 - 01705472 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-12 21:22 - 2014-07-24 09:06 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-12 21:22 - 2014-07-24 09:05 - 00448000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VAN.dll
2014-08-12 21:22 - 2014-07-24 09:04 - 00667136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-12 21:22 - 2014-07-24 09:01 - 01126912 _____ (Microsoft Corporation) C:\Windows\system32\SearchFolder.dll
2014-08-12 21:22 - 2014-07-24 09:00 - 02100736 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlowUI.dll
2014-08-12 21:22 - 2014-07-24 08:58 - 00432640 _____ (Microsoft Corporation) C:\Windows\system32\wwanconn.dll
2014-08-12 21:22 - 2014-07-24 08:58 - 00288768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\stobject.dll
2014-08-12 21:22 - 2014-07-24 08:54 - 01290752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2014-08-12 21:22 - 2014-07-24 08:50 - 00923136 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-08-12 21:22 - 2014-07-24 08:49 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\DafPrintProvider.dll
2014-08-12 21:22 - 2014-07-24 08:47 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2014-08-12 21:22 - 2014-07-24 08:43 - 00756224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-08-12 21:22 - 2014-07-24 08:43 - 00200192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DafPrintProvider.dll
2014-08-12 21:22 - 2014-07-24 08:41 - 00459264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2014-08-12 21:22 - 2014-07-24 08:33 - 03360768 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-08-12 21:22 - 2014-07-12 06:23 - 00436224 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2014-08-12 21:22 - 2014-07-12 05:58 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wisp.dll
2014-08-12 21:22 - 2014-07-12 05:33 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2014-08-12 21:22 - 2014-07-10 00:19 - 00387391 _____ () C:\Windows\system32\ApnDatabase.xml
2014-08-12 21:22 - 2014-07-04 21:18 - 00149312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msgpioclx.sys
2014-08-12 21:22 - 2014-07-04 13:59 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys
2014-08-12 21:22 - 2014-07-04 11:29 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\AppxSip.dll
2014-08-12 21:22 - 2014-07-04 11:20 - 01656832 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2014-08-12 21:22 - 2014-07-04 11:06 - 00095232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxSip.dll
2014-08-12 21:22 - 2014-07-04 11:00 - 01351168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2014-08-12 21:22 - 2014-06-26 01:29 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\dab.dll
2014-08-12 21:22 - 2014-06-20 00:37 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-08-12 21:22 - 2014-06-13 02:14 - 01557848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-12 21:22 - 2014-06-07 13:46 - 00216368 _____ (Microsoft Corporation) C:\Windows\system32\rsaenh.dll
2014-08-12 21:22 - 2014-06-07 11:20 - 00189016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll
2014-08-12 21:22 - 2014-06-06 12:34 - 02133504 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2014-08-12 21:22 - 2014-06-05 15:00 - 01118040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2014-08-12 21:22 - 2014-05-31 05:18 - 01319936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsecedit.dll
2014-08-12 21:22 - 2014-05-29 06:20 - 00427520 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-08-12 21:22 - 2014-05-29 05:36 - 00344576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-08-12 21:22 - 2014-05-26 08:26 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\AppxSysprep.dll
2014-08-12 21:22 - 2014-05-10 11:12 - 00387896 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2014-08-12 21:22 - 2014-05-10 09:46 - 00335680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2014-08-12 21:22 - 2014-03-25 03:27 - 00123920 _____ (Microsoft Corporation) C:\Windows\system32\winmm.dll
2014-08-12 21:22 - 2014-03-25 02:20 - 00128568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmm.dll
2014-08-12 21:22 - 2014-03-25 02:20 - 00127544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmmbase.dll
2014-08-12 21:20 - 2014-08-06 01:48 - 02374816 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2014-08-12 21:20 - 2014-08-06 00:46 - 02088648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2014-08-12 21:20 - 2014-07-25 15:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-12 21:20 - 2014-07-25 14:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-12 21:20 - 2014-07-25 14:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-12 21:20 - 2014-07-25 14:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-12 21:20 - 2014-07-25 14:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-12 21:20 - 2014-07-25 13:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-12 21:20 - 2014-07-25 13:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-12 21:20 - 2014-07-25 13:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-12 21:20 - 2014-07-25 13:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-12 21:20 - 2014-07-25 13:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-12 21:20 - 2014-07-25 13:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-12 21:20 - 2014-07-25 13:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-12 21:20 - 2014-07-25 13:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-12 21:20 - 2014-07-25 13:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-12 21:20 - 2014-07-25 13:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-12 21:20 - 2014-07-25 13:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-12 21:20 - 2014-07-25 12:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-12 21:20 - 2014-07-25 12:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-12 21:20 - 2014-07-25 12:43 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-12 21:20 - 2014-07-25 12:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-12 21:20 - 2014-07-25 12:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-12 21:20 - 2014-07-25 12:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-12 21:20 - 2014-07-25 12:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-12 21:20 - 2014-07-25 12:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-12 21:20 - 2014-07-25 12:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-12 21:20 - 2014-07-25 12:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-12 21:20 - 2014-07-25 12:09 - 00291840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-12 21:20 - 2014-07-25 12:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-12 21:20 - 2014-07-25 12:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-12 21:20 - 2014-07-25 11:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-12 21:20 - 2014-07-25 11:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-12 21:20 - 2014-07-25 11:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-12 21:20 - 2014-07-25 11:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-12 21:20 - 2014-07-25 11:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-12 21:20 - 2014-07-25 11:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-12 21:19 - 2014-08-07 03:12 - 01336624 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-12 21:19 - 2014-08-06 23:38 - 00697856 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-12 21:19 - 2014-08-02 06:44 - 00527360 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-12 21:19 - 2014-08-02 04:56 - 01064448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-12 21:19 - 2014-08-02 04:11 - 00918528 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-08-12 21:19 - 2014-07-15 19:16 - 03048880 _____ (Microsoft Corporation) C:\Windows\system32\WpcMon.exe
2014-08-12 21:19 - 2014-07-15 09:29 - 03118080 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2014-08-12 21:19 - 2014-07-15 09:22 - 02861056 _____ (Microsoft Corporation) C:\Windows\system32\WpcWebSync.dll
2014-08-12 21:19 - 2014-07-15 09:03 - 02344448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2014-08-12 21:19 - 2014-07-12 05:17 - 00623616 _____ (Microsoft Corporation) C:\Windows\system32\MDMAgent.exe
2014-08-12 21:19 - 2014-06-09 23:13 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-12 21:19 - 2014-06-09 23:13 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-12 21:19 - 2014-06-04 10:27 - 00114520 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-12 21:19 - 2014-06-04 06:31 - 00356352 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-12 21:19 - 2014-06-04 06:22 - 02790912 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-12 21:19 - 2014-06-04 05:43 - 00281088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-12 21:19 - 2014-06-04 05:38 - 03304448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-12 21:18 - 2014-08-12 21:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kindle Collection Manager
2014-08-12 21:18 - 2014-08-12 21:18 - 00000000 ____D () C:\Program Files (x86)\Kindle Collection Manager
2014-08-11 22:20 - 2014-08-11 22:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unknown Device Identifier 8.01
2014-08-11 22:20 - 2014-08-11 22:20 - 00000000 ____D () C:\Program Files\Unknown Device Identifier
2014-08-01 21:34 - 2014-08-01 21:34 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2014-08-01 21:34 - 2014-08-01 21:34 - 01002728 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller2.dll
2014-08-01 17:24 - 2014-08-01 18:01 - 00000000 ____D () C:\ProgramData\f8e9a91a2d5cfbb4
2014-08-01 17:24 - 2014-08-01 17:24 - 00000000 ____D () C:\Users\thomasj\AppData\Local\Google
2014-08-01 17:24 - 2014-08-01 17:24 - 00000000 ____D () C:\Users\thomasj\AppData\Local\Comodo
2014-08-01 17:24 - 2014-08-01 17:24 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Comodo
2014-08-01 17:24 - 2014-08-01 17:24 - 00000000 ____D () C:\Users\lynn\AppData\Local\Google
2014-08-01 17:24 - 2014-08-01 17:24 - 00000000 ____D () C:\Users\lynn\AppData\Local\Comodo
2014-08-01 17:24 - 2014-08-01 17:24 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-08-01 17:24 - 2014-08-01 17:24 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-08-01 17:24 - 2014-08-01 17:24 - 00000000 ____D () C:\Users\Guest
2014-08-01 17:24 - 2014-08-01 17:24 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-08-01 17:24 - 2014-08-01 17:24 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-08-01 17:24 - 2014-08-01 17:24 - 00000000 ____D () C:\Users\Administrator
2014-08-01 17:19 - 2014-08-01 17:58 - 00000000 ____D () C:\Program Files (x86)\PdaNet for Android
2014-08-01 17:19 - 2011-11-25 00:25 - 00015360 _____ (June Fabrics Technology Inc.) C:\Windows\system32\Drivers\pneteth.sys
2014-07-30 18:52 - 2014-07-30 18:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-08-28 12:33 - 2014-08-28 12:33 - 00000000 ____D () C:\FRST
2014-08-28 12:31 - 2014-04-12 20:21 - 01071054 _____ () C:\Windows\WindowsUpdate.log
2014-08-28 12:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\sru
2014-08-28 11:51 - 2014-04-16 21:35 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-08-28 11:21 - 2014-04-12 20:23 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-08-28 11:16 - 2014-04-20 17:18 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Dropbox
2014-08-28 11:16 - 2014-04-16 21:35 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-08-28 11:16 - 2013-08-22 15:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-08-28 00:09 - 2013-08-22 15:44 - 00478912 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-28 00:08 - 2014-04-22 21:11 - 00000000 ____D () C:\Program Files (x86)\CDBurnerXP
2014-08-28 00:08 - 2014-04-12 18:54 - 00083092 _____ () C:\Windows\PFRO.log
2014-08-28 00:07 - 2014-04-18 19:43 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-27 22:03 - 2014-04-12 20:21 - 00000000 ____D () C:\Users\Thomas\AppData\Local\VirtualStore
2014-08-27 21:58 - 2013-08-22 16:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-08-27 21:36 - 2014-04-17 03:03 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\ClassicShell
2014-08-27 21:08 - 2014-04-12 20:27 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1904816859-1507245205-4180054148-1001
2014-08-27 21:02 - 2014-08-27 21:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2014-08-27 21:02 - 2013-08-22 21:59 - 00000000 ____D () C:\Windows\ShellNew
2014-08-27 21:01 - 2014-08-27 21:01 - 00000000 ____D () C:\Windows\PCHEALTH
2014-08-27 21:01 - 2014-04-18 19:43 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-08-27 21:00 - 2013-08-22 16:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-08-27 20:59 - 2014-08-27 20:59 - 00000000 ____D () C:\Program Files\Microsoft Office
2014-08-27 20:59 - 2014-08-27 20:59 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2014-08-27 20:58 - 2014-08-27 20:58 - 00000000 __RHD () C:\MSOCache
2014-08-27 20:39 - 2014-04-25 18:28 - 00001915 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2014-08-27 16:36 - 2014-08-27 16:29 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\TP
2014-08-27 15:07 - 2014-04-22 18:58 - 00000000 ____D () C:\Program Files (x86)\jv16 PowerTools 2014
2014-08-27 14:49 - 2014-04-17 03:00 - 00003930 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{32DC8A90-11EE-44A6-A2EB-4147C062A30C}
2014-08-27 14:41 - 2014-04-17 03:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-27 14:40 - 2014-08-27 14:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-08-26 12:51 - 2013-08-22 15:46 - 00009804 _____ () C:\Windows\setupact.log
2014-08-26 10:23 - 2014-08-23 23:40 - 00000000 ____D () C:\Users\Thomas\AppData\Local\CrashDumps
2014-08-25 22:11 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\InputMethod
2014-08-25 20:13 - 2014-04-22 22:00 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-08-25 14:13 - 2014-08-24 00:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-08-25 14:13 - 2014-08-24 00:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-08-25 11:03 - 2014-08-24 23:58 - 00000000 ____D () C:\AdwCleaner
2014-08-25 00:13 - 2013-08-22 14:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-08-25 00:12 - 2014-04-12 20:33 - 00001222 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Feature Manager.lnk
2014-08-24 23:40 - 2014-08-23 23:29 - 00033512 _____ () C:\Windows\SysWOW64\Drivers\TrueSight.sys
2014-08-24 22:22 - 2014-08-24 22:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyPhoneExplorer
2014-08-24 22:22 - 2014-04-27 18:53 - 00000000 ____D () C:\Program Files (x86)\MyPhoneExplorer
2014-08-23 23:54 - 2014-08-23 23:54 - 00001868 _____ () C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\avast! antivirus.lnk
2014-08-23 23:29 - 2014-08-23 23:29 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-08-23 22:05 - 2014-08-23 22:05 - 00000000 ____D () C:\Windows\ERUNT
2014-08-23 21:48 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-08-23 01:42 - 2014-08-27 21:51 - 04148224 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 23:53 - 2014-08-22 23:53 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-08-22 23:53 - 2014-08-22 23:53 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\AVAST Software
2014-08-22 23:53 - 2014-08-22 23:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-08-22 23:53 - 2014-08-22 23:52 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-08-22 23:52 - 2014-08-22 23:52 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-08-22 23:52 - 2014-08-22 23:52 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-08-22 23:52 - 2014-08-22 23:52 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-08-22 23:52 - 2014-08-22 23:52 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-08-22 23:52 - 2014-08-22 23:52 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-08-22 23:52 - 2014-08-22 23:52 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-08-22 23:52 - 2014-08-22 23:52 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-08-22 23:52 - 2014-08-22 23:52 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-08-22 23:52 - 2014-08-22 23:52 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-08-22 23:52 - 2014-08-22 23:52 - 00000000 ____D () C:\Program Files\AVAST Software
2014-08-22 23:52 - 2014-08-22 23:50 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-08-22 23:52 - 2014-04-16 21:35 - 00000000 ____D () C:\Program Files (x86)\Google
2014-08-18 21:52 - 2014-08-18 21:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-08-18 21:52 - 2014-04-27 19:44 - 00000000 ____D () C:\ProgramData\Oracle
2014-08-18 21:51 - 2014-08-18 21:52 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-08-18 21:51 - 2014-08-18 21:52 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-08-18 21:51 - 2014-08-18 21:52 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-08-18 21:51 - 2014-08-18 21:52 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-08-18 21:51 - 2014-08-18 21:51 - 00000000 ____D () C:\Program Files (x86)\Java
2014-08-17 01:14 - 2014-05-21 22:19 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Skype
2014-08-15 12:33 - 2014-04-20 17:19 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-08-14 19:59 - 2014-04-27 18:53 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\MyPhoneExplorer
2014-08-13 18:49 - 2014-04-22 19:47 - 05192528 _____ () C:\Windows\PE_Rom.dll
2014-08-13 18:36 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\rescache
2014-08-12 21:56 - 2013-08-22 21:59 - 00000000 ____D () C:\Program Files\Windows Journal
2014-08-12 21:56 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ToastData
2014-08-12 21:56 - 2013-08-22 16:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2014-08-12 21:56 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-08-12 21:56 - 2013-08-22 16:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-08-12 21:56 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\WinStore
2014-08-12 21:56 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\SysWOW64\setup
2014-08-12 21:56 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\SysWOW64\InputMethod
2014-08-12 21:56 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\SysWOW64\en-GB
2014-08-12 21:56 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\setup
2014-08-12 21:56 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\system32\en-GB
2014-08-12 21:56 - 2013-08-22 16:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-12 21:56 - 2013-08-22 14:36 - 00000000 ____D () C:\Windows\system32\oobe
2014-08-12 21:26 - 2014-04-16 20:35 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-12 21:24 - 2014-07-09 20:53 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-08-12 21:18 - 2014-08-12 21:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kindle Collection Manager
2014-08-12 21:18 - 2014-08-12 21:18 - 00000000 ____D () C:\Program Files (x86)\Kindle Collection Manager
2014-08-12 21:18 - 2014-06-23 20:52 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-12 21:18 - 2013-08-22 04:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-12 21:18 - 2013-08-22 04:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-12 21:17 - 2014-06-23 20:51 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-12 21:17 - 2014-04-16 22:10 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-12 21:17 - 2014-04-16 22:10 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-12 21:17 - 2014-04-16 20:28 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-12 21:17 - 2013-08-22 12:44 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-12 21:17 - 2013-08-22 12:22 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-12 21:17 - 2013-08-22 12:21 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-12 21:17 - 2013-08-22 12:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-12 21:17 - 2013-08-22 12:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-12 21:17 - 2013-08-22 11:32 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-12 21:17 - 2013-08-22 04:55 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-12 21:17 - 2013-08-22 04:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-12 21:17 - 2013-08-22 04:40 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-12 20:53 - 2014-04-16 21:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management
2014-08-12 20:53 - 2014-04-16 21:23 - 00000000 ____D () C:\Program Files\Calibre2
2014-08-11 22:20 - 2014-08-11 22:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Unknown Device Identifier 8.01
2014-08-11 22:20 - 2014-08-11 22:20 - 00000000 ____D () C:\Program Files\Unknown Device Identifier
2014-08-07 03:12 - 2014-08-12 21:19 - 01336624 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-06 23:38 - 2014-08-12 21:19 - 00697856 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-08-06 01:48 - 2014-08-12 21:20 - 02374816 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2014-08-06 00:46 - 2014-08-12 21:20 - 02088648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2014-08-02 12:24 - 2014-06-09 18:16 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-08-02 12:24 - 2014-04-12 21:20 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-08-02 12:23 - 2013-08-22 14:25 - 00000076 _____ () C:\Windows\win.ini
2014-08-02 06:44 - 2014-08-12 21:19 - 00527360 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-08-02 04:56 - 2014-08-12 21:19 - 01064448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-02 04:11 - 2014-08-12 21:19 - 00918528 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-08-02 01:17 - 2013-08-22 16:38 - 00704480 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-08-02 01:17 - 2013-08-22 16:38 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-01 21:34 - 2014-08-01 21:34 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2014-08-01 21:34 - 2014-08-01 21:34 - 01002728 _____ (Microsoft Corporation) C:\Windows\system32\WinUSBCoInstaller2.dll
2014-08-01 18:01 - 2014-08-01 17:24 - 00000000 ____D () C:\ProgramData\f8e9a91a2d5cfbb4
2014-08-01 17:58 - 2014-08-01 17:19 - 00000000 ____D () C:\Program Files (x86)\PdaNet for Android
2014-08-01 17:24 - 2014-08-01 17:24 - 00000000 ____D () C:\Users\thomasj\AppData\Local\Google
2014-08-01 17:24 - 2014-08-01 17:24 - 00000000 ____D () C:\Users\thomasj\AppData\Local\Comodo
2014-08-01 17:24 - 2014-08-01 17:24 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Comodo
2014-08-01 17:24 - 2014-08-01 17:24 - 00000000 ____D () C:\Users\lynn\AppData\Local\Google
2014-08-01 17:24 - 2014-08-01 17:24 - 00000000 ____D () C:\Users\lynn\AppData\Local\Comodo
2014-08-01 17:24 - 2014-08-01 17:24 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-08-01 17:24 - 2014-08-01 17:24 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-08-01 17:24 - 2014-08-01 17:24 - 00000000 ____D () C:\Users\Guest
2014-08-01 17:24 - 2014-08-01 17:24 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-08-01 17:24 - 2014-08-01 17:24 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-08-01 17:24 - 2014-08-01 17:24 - 00000000 ____D () C:\Users\Administrator
2014-08-01 17:24 - 2014-04-16 21:35 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Google
2014-08-01 17:24 - 2013-08-22 16:36 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-07-31 23:41 - 2014-04-16 20:35 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-07-30 18:52 - 2014-07-30 18:52 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

Some content of TEMP:
====================
C:\Users\Thomas\AppData\Local\Temp\46460-658931-microsoft-office-home-and-student-2010.exe
C:\Users\Thomas\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnjdown.dll
C:\Users\Thomas\AppData\Local\Temp\install_flashplayer14x32_mssd_aaa_aih.exe
C:\Users\Thomas\AppData\Local\Temp\install_flashplayer14x32_mssd_aaa_aih_1.exe
C:\Users\Thomas\AppData\Local\Temp\instloffer.exe
C:\Users\Thomas\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Thomas\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Thomas\AppData\Local\Temp\ose00000.exe
C:\Users\Thomas\AppData\Local\Temp\Quarantine.exe
C:\Users\Thomas\AppData\Local\Temp\SSUPDATE.EXE
C:\Users\Thomas\AppData\Local\Temp\Wise_SETUP.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-08-26 10:31

==================== End Of Log ============================

 

 

 

ADDITION

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 25-08-2014
Ran by Thomas at 2014-08-28 12:34:11
Running from D:\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.179 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
AI Suite 3 (HKLM-x32\...\{D46DA5F0-25AD-4B77-98DA-6DD6AF39FBD9}) (Version: 1.00.58 - ASUSTeK Computer Inc.)
AMD Accelerated Video Transcoding (Version: 13.30.100.31220 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.1220.1320.23864 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{28B941AC-F0F4-8121-EBB6-DD4BBF35080F}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2013.1220.1320.23864 - Advanced Micro Devices, Inc.) Hidden
Apple Software Update (HKLM-x32\...\{6956856F-B6B3-4BE0-BA0B-8F495BE32033}) (Version: 2.1.1.116 - Apple Inc.)
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
Belarc Advisor 8.4 (HKLM-x32\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
calibre 64bit (HKLM\...\{5F63ABE2-91EB-489E-9F33-EBFBB6CE0DC9}) (Version: 1.48.0 - Kovid Goyal)
CanoScan LiDE 210 Scanner Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4809) (Version:  - Canon Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.1220.1320.23864 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.1220.1320.23864 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.1220.1320.23864 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Profiles Desktop (x32 Version: 2013.1220.1320.23864 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.1220.1319.23864 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.1220.1319.23864 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.1220.1319.23864 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.1220.1319.23864 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.1220.1319.23864 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.1220.1319.23864 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.1220.1319.23864 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.1220.1319.23864 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.1220.1319.23864 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.1220.1319.23864 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.1220.1319.23864 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.1220.1319.23864 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.1220.1319.23864 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.1220.1319.23864 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.1220.1319.23864 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.1220.1319.23864 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.1220.1319.23864 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.1220.1319.23864 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.1220.1319.23864 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.1220.1319.23864 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.1220.1319.23864 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.1220.1319.23864 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.1220.1320.23864 - Advanced Micro Devices, Inc.) Hidden
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.4954 - CDBurnerXP)
Classic Shell (HKLM\...\{023F92C9-AB10-4C54-BF09-C550AEC37917}) (Version: 4.0.6 - IvoSoft)
CPUID CPU-Z 1.70 (HKLM\...\CPUID CPU-Z_is1) (Version:  - )
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{132D27B8-C656-44BD-8C16-73C54EA8A85F}) (Version:  - Microsoft)
Desktop Calendar 0.42b (HKLM-x32\...\Desktop Calendar_is1) (Version:  - Tinnes Software)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.27 - Dropbox, Inc.)
EaseUS Partition Master 10.0 (HKLM-x32\...\EaseUS Partition Master_is1) (Version:  - EaseUS)
EasyBCD 2.2 (HKLM-x32\...\EasyBCD) (Version: 2.2 - NeoSmart Technologies)
FileZilla Client 3.5.3 (HKLM-x32\...\FileZilla Client) (Version: 3.5.3 - FileZilla Project)
FreeOCR v5.0 (HKLM-x32\...\freeocr_is1) (Version:  - )
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
gpedt.msc 1.0 (HKLM-x32\...\{10B9C608-BF7C-4CCF-A658-C01D969DCA21}_is1) (Version:  - Richard)
HydraVision (x32 Version: 4.2.252.0 - Advanced Micro Devices, Inc.) Hidden
Java 7 Update 67 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217067FF}) (Version: 7.0.670 - Oracle)
Java Auto Updater (x32 Version: 2.1.67.1 - Oracle, Inc.) Hidden
jv16 PowerTools 2014 (HKLM-x32\...\jv16 PowerTools 2014) (Version:  - Macecraft Software)
Kindle Collection Manager (HKLM-x32\...\{F2AC4B4E-DE52-4578-B156-074D751B8B2E}) (Version: 0.5.3 - Adrian Colegate)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MozBackup 1.5.1 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
Mozilla Thunderbird 31.0 (x86 en-GB) (HKLM-x32\...\Mozilla Thunderbird 31.0 (x86 en-GB)) (Version: 31.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MyPhoneExplorer (HKLM-x32\...\MPE) (Version: 1.8.6 - F.J. Wechselberger)
PeaZip 5.3.0 (HKLM-x32\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version:  - Giorgio Tani)
Photo Gallery (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
QuickTime (HKLM-x32\...\{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}) (Version: 7.60.92.0 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.19.726.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7071 - Realtek Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
SUPERAntiSpyware Professional (HKLM-x32\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 4.35.0.1002 - SUPERAntiSpyware.com)
Unknown Device Identifier 8.01 (HKLM\...\Unknown Device Identifier_is1) (Version: 8.01 - Huntersoft)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Live Communications Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
ZTE Handset USB Driver (HKLM\...\{01D42BF0-ED08-463f-8A28-99EB6FEE962B}) (Version:  - ZTE Corporation)
ZTE Handset USB Driver (HKLM\...\{D2D77DC2-8299-11D1-8949-444553540000}_is1) (Version: 5.2066.1.A11B02 - ZTE Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1904816859-1507245205-4180054148-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Thomas\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1904816859-1507245205-4180054148-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1904816859-1507245205-4180054148-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1904816859-1507245205-4180054148-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1904816859-1507245205-4180054148-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1904816859-1507245205-4180054148-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1904816859-1507245205-4180054148-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1904816859-1507245205-4180054148-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1904816859-1507245205-4180054148-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)

==================== Restore Points  =========================

27-08-2014 19:58:40 Installed Microsoft Office Home and Student 2010

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {073ACD56-C591-427B-A1FF-CE5F9A9B4C10} - System32\Tasks\ASUS\USB 3.0 Boost Service => C:\Program Files (x86)\ASUS\AI Suite III\USB 3.0 Boost\U3BoostSvr.exe [2013-07-24] (ASUSTeK Computer Inc.)
Task: {08777E7B-1AED-4A08-8B43-49D72ABAB6C0} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {3DCA76D8-4148-4C26-AC11-2BD3179BD267} - System32\Tasks\ASUS\ASUS Network iControl Help Execute => C:\Program Files (x86)\ASUS\AI Suite III\Network iControl\NetSvcHelp\NetSvcHelpEntry.exe [2013-02-07] (ASUSTeK Computer Inc.)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4BCB9DBE-6059-43DD-8857-73E4F20313B7} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-07-31] (Microsoft Corporation)
Task: {4D3DF453-6488-41CB-BC13-391E91A06D67} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {4FC11A71-4B5F-4712-82F9-CFECCC6C741A} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {88F21D72-BFC4-4D1E-A8D9-21A48046CBE7} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {AD799E88-38D5-4475-9023-304251ECA497} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-08-22] (AVAST Software)
Task: {B1C8C121-5BD5-4F1E-A417-73B5FCC9AF52} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {B2223DE0-7299-49DA-B7FC-E87BDCF665C6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {CBA90D4E-66C8-40DF-A3DD-7022FA0BDBB6} - System32\Tasks\ASUS\ASUS DIPAwayMode => C:\Program Files (x86)\ASUS\AI Suite III\DIP4\DIPAwayMode\DipAwayMode.exe [2013-11-20] ()
Task: {CBF66EDB-4D44-4EDE-9EF3-22ABF953A8C2} - System32\Tasks\ASUS\Ez Update => C:\Program Files (x86)\ASUS\AI Suite III\EZ Update\EzUpdt.exe [2013-09-12] ()
Task: {CD7D99F3-64FF-42E8-923C-67823A0C270D} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {CF95932B-AE2E-4094-BA4B-D39649430506} - System32\Tasks\ASUS\ASUS AISuiteIII => C:\Program Files (x86)\ASUS\AI Suite III\AISuite3.exe [2013-10-22] (ASUSTeK Computer Inc.)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DD645FF5-8B59-4293-84E1-F7EF5B24BD6A} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-12-20 13:23 - 2013-12-20 13:23 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2013-12-16 01:07 - 2013-12-16 01:07 - 00818688 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2013-12-16 01:07 - 2013-12-16 01:07 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2010-01-02 15:42 - 2010-01-02 15:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-04-22 19:40 - 2013-05-14 14:45 - 00936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
2013-12-20 13:23 - 2013-12-20 13:23 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-08-22 23:52 - 2014-08-22 23:52 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-08-27 20:39 - 2014-08-27 20:39 - 02801152 _____ () C:\Program Files\AVAST Software\Avast\defs\14082701\algo.dll
2014-04-22 19:40 - 2014-08-28 11:16 - 00026112 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll
2014-04-22 19:40 - 2013-04-06 20:28 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll
2014-08-28 11:16 - 2014-08-28 11:16 - 00043008 _____ () c:\users\thomas\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnjdown.dll
2013-08-23 20:01 - 2013-08-23 20:01 - 25100288 _____ () C:\Users\Thomas\AppData\Roaming\Dropbox\bin\libcef.dll
2014-08-22 23:52 - 2014-08-22 23:52 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-08-27 14:39 - 2014-08-27 14:39 - 03338352 _____ () C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
2014-08-27 14:39 - 2014-08-27 14:39 - 00158832 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2014-08-27 14:39 - 2014-08-27 14:39 - 00023152 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2014-07-30 18:52 - 2014-07-30 18:52 - 03800688 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "EaseUS EPM tray"
HKLM\...\StartupApproved\Run32: => "EaseUS EPM Tray Agent"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/26/2014 10:22:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe_fdprint.dll, version: 6.3.9600.16384, time stamp: 0x5215f00d
Faulting module name: ntdll.dll, version: 6.3.9600.17114, time stamp: 0x53649e73
Exception code: 0xc0000005
Fault offset: 0x000000000006361a
Faulting process ID: 0x1268
Faulting application start time: 0xrundll32.exe_fdprint.dll0
Faulting application path: rundll32.exe_fdprint.dll1
Faulting module path: rundll32.exe_fdprint.dll2
Report ID: rundll32.exe_fdprint.dll3
Faulting package full name: rundll32.exe_fdprint.dll4
Faulting package-relative application ID: rundll32.exe_fdprint.dll5

Error: (08/26/2014 10:19:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_stisvc, version: 6.3.9600.16384, time stamp: 0x5215dfe3
Faulting module name: ntdll.dll, version: 6.3.9600.17114, time stamp: 0x53649e73
Exception code: 0xc0000008
Fault offset: 0x000000000009cbea
Faulting process ID: 0x508
Faulting application start time: 0xsvchost.exe_stisvc0
Faulting application path: svchost.exe_stisvc1
Faulting module path: svchost.exe_stisvc2
Report ID: svchost.exe_stisvc3
Faulting package full name: svchost.exe_stisvc4
Faulting package-relative application ID: svchost.exe_stisvc5

Error: (08/23/2014 11:40:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 31.0.0.5310, time stamp: 0x53c75e91
Faulting module name: mozalloc.dll, version: 31.0.0.5310, time stamp: 0x53c72e91
Exception code: 0x80000003
Fault offset: 0x0000141b
Faulting process ID: 0xe3c
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report ID: plugin-container.exe3
Faulting package full name: plugin-container.exe4
Faulting package-relative application ID: plugin-container.exe5


System errors:
=============
Error: (08/28/2014 11:27:32 AM) (Source: DCOM) (EventID: 10010) (User: ThomasPC)
Description: {1B1F472E-3221-4826-97DB-2C2324D389AE}

Error: (08/28/2014 11:26:53 AM) (Source: DCOM) (EventID: 10010) (User: ThomasPC)
Description: {BF6C1E47-86EC-4194-9CE5-13C15DCB2001}

Error: (08/28/2014 11:18:35 AM) (Source: DCOM) (EventID: 10010) (User: ThomasPC)
Description: {B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (08/28/2014 11:18:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Google Update Service (gupdate) service failed to start due to the following error:
%%2

Error: (08/28/2014 11:16:35 AM) (Source: DCOM) (EventID: 10016) (User: ThomasPC)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}ThomasPCThomasS-1-5-21-1904816859-1507245205-4180054148-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (08/28/2014 11:16:35 AM) (Source: DCOM) (EventID: 10016) (User: ThomasPC)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}ThomasPCThomasS-1-5-21-1904816859-1507245205-4180054148-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (08/28/2014 11:16:35 AM) (Source: DCOM) (EventID: 10016) (User: ThomasPC)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}ThomasPCThomasS-1-5-21-1904816859-1507245205-4180054148-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (08/28/2014 11:16:34 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The AsusFanControlService service failed to start due to the following error:
%%1053

Error: (08/28/2014 11:16:34 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the AsusFanControlService service to connect.

Error: (08/28/2014 11:15:52 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Program Files (x86)\SUPERAntiSpyware\SASDIFSV.SYS


Microsoft Office Sessions:
=========================
Error: (08/26/2014 10:22:59 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: rundll32.exe_fdprint.dll6.3.9600.163845215f00dntdll.dll6.3.9600.1711453649e73c0000005000000000006361a126801cfc10f262c426dC:\Windows\system32\rundll32.exeC:\Windows\SYSTEM32\ntdll.dll91e0c216-2d02-11e4-8366-bcee7b790967

Error: (08/26/2014 10:19:32 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: svchost.exe_stisvc6.3.9600.163845215dfe3ntdll.dll6.3.9600.1711453649e73c0000008000000000009cbea50801cfc10ed650cbe2C:\Windows\system32\svchost.exeC:\Windows\SYSTEM32\ntdll.dll164bf318-2d02-11e4-8366-bcee7b790967

Error: (08/23/2014 11:40:30 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe31.0.0.531053c75e91mozalloc.dll31.0.0.531053c72e91800000030000141be3c01cfbf212e9b3bd7C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll7bca67d3-2b16-11e4-835e-bcee7b790967


CodeIntegrity Errors:
===================================
  Date: 2014-08-17 02:41:59.571
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-08-17 02:41:59.477
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-08-17 02:36:39.842
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-08-13 18:36:05.823
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-08-13 18:36:05.736
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-08-13 18:36:05.546
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-08-13 18:36:05.458
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-08-13 18:36:05.264
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-08-13 18:36:05.170
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-08-13 18:35:16.915
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: AMD A10-7700K Radeon R7, 10 Compute Cores 4C+6G
Percentage of memory in use: 27%
Total physical RAM: 7108.03 MB
Available physical RAM: 5162.01 MB
Total Pagefile: 7556.03 MB
Available Pagefile: 5003.85 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:53.72 GB) (Free:17.33 GB) NTFS
Drive d: (Documents) (Fixed) (Total:877.44 GB) (Free:136.5 GB) NTFS
Drive e: (BigDisc) (Fixed) (Total:931.5 GB) (Free:897.09 GB) NTFS
Drive h: (Disc) (CDROM) (Total:0.92 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 598F6113)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=53.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=877.4 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: 00847108)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=OF Extended)

========================================================
Disk: 2 (Size: 149 GB) (Disk ID: 30303030)
Partition 1: (Active) - (Size=476 MB) - (Type=83)
Partition 2: (Not Active) - (Size=148.5 GB) - (Type=05)

==================== End Of Log ============================

 


Thomas J Marshall


BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,417 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:01 AM

Posted 31 August 2014 - 09:33 AM

:welcome:

Hello Thomas J Marshall,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Logs can take a while to research, so please be patient.
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Scan your system for malware
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    The actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 Thomas J Marshall

Thomas J Marshall
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern Ireland
  • Local time:11:01 PM

Posted 01 September 2014 - 02:46 PM

Results of screen317's Security Check version 0.99.87  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Windows Defender   
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 SUPERAntiSpyware Professional    
 Java 7 Update 67  
 Adobe Flash Player     14.0.0.179  
 Adobe Reader XI  
 Mozilla Firefox (31.0)
 Mozilla Thunderbird (31.0.)
````````Process Check: objlist.exe by Laurent````````  
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastui.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
 


Thomas J Marshall


#4 Thomas J Marshall

Thomas J Marshall
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern Ireland
  • Local time:11:01 PM

Posted 01 September 2014 - 02:47 PM

No malware found


Thomas J Marshall


#5 Thomas J Marshall

Thomas J Marshall
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern Ireland
  • Local time:11:01 PM

Posted 01 September 2014 - 03:01 PM

  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.

 

 

Not sure what you mean by this


Thomas J Marshall


#6 Thomas J Marshall

Thomas J Marshall
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern Ireland
  • Local time:11:01 PM

Posted 01 September 2014 - 03:02 PM

# AdwCleaner v3.308 - Report created 01/09/2014 at 20:50:47
# Updated 20/08/2014 by Xplode
# Operating System : Windows 8.1  (64 bits)
# Username : Thomas - THOMASPC
# Running from : D:\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Vittalia

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17239


-\\ Mozilla Firefox v31.0 (x86 en-US)

[ File : C:\Users\lynn\AppData\Roaming\Mozilla\Firefox\Profiles\3zbmwz39.default\prefs.js ]


[ File : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\ys072y1f.default\prefs.js ]


[ File : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\ys072y1f.defaultold\prefs.js ]


[ File : C:\Users\thomasj\AppData\Roaming\Mozilla\Firefox\Profiles\xndor8s1.default\prefs.js ]


-\\ Google Chrome v

*************************

AdwCleaner[R0].txt - [19673 octets] - [24/08/2014 23:59:15]
AdwCleaner[R1].txt - [16968 octets] - [25/08/2014 00:08:59]
AdwCleaner[R2].txt - [1439 octets] - [25/08/2014 10:58:54]
AdwCleaner[R3].txt - [1181 octets] - [01/09/2014 20:50:47]
AdwCleaner[S0].txt - [15726 octets] - [25/08/2014 00:12:27]
AdwCleaner[S1].txt - [1504 octets] - [25/08/2014 11:03:37]

########## EOF - C:\AdwCleaner\AdwCleaner[R3].txt - [1362 octets] ##########
 


Thomas J Marshall


#7 Jo*

Jo*

  • Malware Response Team
  • 3,417 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:01 AM

Posted 01 September 2014 - 03:11 PM

Hello Thomas J Marshall,


Download ComboFix from the following location:
Link

* IMPORTANT- Save ComboFix.exe to your Desktop
 

***

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link:
How to Disable your Security Programs



***

Double click on combofix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.
Enable your antivirus!
 

***

Please download the TDSS Rootkit Removing Tool (TDSSKiller.exe) and save it to your Desktop. <-Important!!!
  • Double-click on TDSSKiller.exe to run the tool for known TDSS variants. Vista/Windows 7 users right-click and select Run As Administrator.
  • If TDSSKiller does not run, try renaming it.
  • To do this, right-click on TDSSKiller.exe, select Rename and give it a random name with the .com file extension (i.e. 123abc.com). If you do not see the file extension, please refer to How to change the file extension.
  • Click the Start Scan button.
  • Do not use the computer during the scan
  • If the scan completes with nothing found, click Close to exit.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
  • Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process. Note: If Cure is not an option, Skip instead, do not choose Delete unless instructed.
  • A log file named TDSSKiller_version_date_time_log.txt (i.e. DSSKiller.2.4.0.0_27.07.2010_09.o7.26_log.txt) will be created and saved to the root directory (usually Local Disk C:).
  • Copy and paste the contents of that file in your next reply.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#8 Jo*

Jo*

  • Malware Response Team
  • 3,417 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:01 AM

Posted 01 September 2014 - 03:51 PM

And one question:

Did you set these Firefox proxy values?

FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(host%20%3D%3D%20's.hulu.com'%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpreview.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fnew.songza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*'))%20%7B%20return%20'PROXY%20us11.sq.proxmate.me%3A8000%3B%20PROXY%20us01.sq.proxmate.me%3A8000%3B%20PROXY%20us07.sq.proxmate.me%3A8000%3B%20PROXY%20us03.sq.proxmate.me%3A8000%3B%20PROXY%20us04.sq.proxmate.me%3A8000%3B%20PROXY%20us09.sq.proxmate.me%3A8000%3B%20PROXY%20us10.sq.proxmate.me%3A8000%3B%20PROXY%20us08.sq.proxmate.me%3A8000%3B%20PROXY%20us02.sq.proxmate.me%3A8000%3B%20PROXY%20us05.sq.proxmate.me%3A8000%3B%20PROXY%20us06.sq.proxmate.me%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF NetworkProxy: "type", 2

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#9 Thomas J Marshall

Thomas J Marshall
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern Ireland
  • Local time:11:01 PM

Posted 01 September 2014 - 05:06 PM

And one question:

Did you set these Firefox proxy values?

FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(host%20%3D%3D%20's.hulu.com'%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpreview.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fnew.songza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*'))%20%7B%20return%20'PROXY%20us11.sq.proxmate.me%3A8000%3B%20PROXY%20us01.sq.proxmate.me%3A8000%3B%20PROXY%20us07.sq.proxmate.me%3A8000%3B%20PROXY%20us03.sq.proxmate.me%3A8000%3B%20PROXY%20us04.sq.proxmate.me%3A8000%3B%20PROXY%20us09.sq.proxmate.me%3A8000%3B%20PROXY%20us10.sq.proxmate.me%3A8000%3B%20PROXY%20us08.sq.proxmate.me%3A8000%3B%20PROXY%20us02.sq.proxmate.me%3A8000%3B%20PROXY%20us05.sq.proxmate.me%3A8000%3B%20PROXY%20us06.sq.proxmate.me%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF NetworkProxy: "type", 2

No


Thomas J Marshall


#10 Jo*

Jo*

  • Malware Response Team
  • 3,417 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:01 AM

Posted 02 September 2014 - 11:37 AM

Hello Thomas J Marshall,

we remove these proxy settings later; now we are waiting for your Combofix and TDSS logs.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#11 Thomas J Marshall

Thomas J Marshall
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern Ireland
  • Local time:11:01 PM

Posted 02 September 2014 - 01:41 PM

Combofix won't run in windows 8


Thomas J Marshall


#12 Thomas J Marshall

Thomas J Marshall
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern Ireland
  • Local time:11:01 PM

Posted 02 September 2014 - 01:44 PM

Tdskiller reports "No threats found"


Thomas J Marshall


#13 Jo*

Jo*

  • Malware Response Team
  • 3,417 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:12:01 AM

Posted 02 September 2014 - 02:04 PM

Hello Thomas J Marshall,

another question:
Do you receive spam email or does your pc send spam email or both?
 

***


Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it in the same location as / FSRT / FSRT64 (usually your desktop) as fixlist.txt

 
start
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(host%20%3D%3D%20's.hulu.com'%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpreview.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fnew.songza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*'))%20%7B%20return%20'PROXY%20us11.sq.proxmate.me%3A8000%3B%20PROXY%20us01.sq.proxmate.me%3A8000%3B%20PROXY%20us07.sq.proxmate.me%3A8000%3B%20PROXY%20us03.sq.proxmate.me%3A8000%3B%20PROXY%20us04.sq.proxmate.me%3A8000%3B%20PROXY%20us09.sq.proxmate.me%3A8000%3B%20PROXY%20us10.sq.proxmate.me%3A8000%3B%20PROXY%20us08.sq.proxmate.me%3A8000%3B%20PROXY%20us02.sq.proxmate.me%3A8000%3B%20PROXY%20us05.sq.proxmate.me%3A8000%3B%20PROXY%20us06.sq.proxmate.me%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF NetworkProxy: "type", 2
C:\Users\Thomas\AppData\Local\Temp\46460-658931-microsoft-office-home-and-student-2010.exe
C:\Users\Thomas\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnjdown.dll
C:\Users\Thomas\AppData\Local\Temp\install_flashplayer14x32_mssd_aaa_aih.exe
C:\Users\Thomas\AppData\Local\Temp\install_flashplayer14x32_mssd_aaa_aih_1.exe
C:\Users\Thomas\AppData\Local\Temp\instloffer.exe
C:\Users\Thomas\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Thomas\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Thomas\AppData\Local\Temp\ose00000.exe
C:\Users\Thomas\AppData\Local\Temp\Quarantine.exe
C:\Users\Thomas\AppData\Local\Temp\SSUPDATE.EXE
C:\Users\Thomas\AppData\Local\Temp\Wise_SETUP.exe
EmptyTemp:
end


NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST / FSRT64 again like we did before but this time press the Fix button just once and wait.
The tool will make a log on the flash drive (Fixlog.txt) please post it to your reply.


***


FRST / FSRT64: run it again.
  • Right-click FRST / FSRT64 then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#14 Thomas J Marshall

Thomas J Marshall
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern Ireland
  • Local time:11:01 PM

Posted 02 September 2014 - 02:16 PM

My pc RECEIVES SPAM EMAIL


Thomas J Marshall


#15 Thomas J Marshall

Thomas J Marshall
  • Topic Starter

  • Members
  • 31 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Northern Ireland
  • Local time:11:01 PM

Posted 02 September 2014 - 02:24 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-08-2014 02
Ran by Thomas at 2014-09-02 20:32:19 Run:2
Running from D:\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(host%20%3D%3D%20's.hulu.com'%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpreview.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fnew.songza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*'))%20%7B%20return%20'PROXY%20us11.sq.proxmate.me%3A8000%3B%20PROXY%20us01.sq.proxmate.me%3A8000%3B%20PROXY%20us07.sq.proxmate.me%3A8000%3B%20PROXY%20us03.sq.proxmate.me%3A8000%3B%20PROXY%20us04.sq.proxmate.me%3A8000%3B%20PROXY%20us09.sq.proxmate.me%3A8000%3B%20PROXY%20us10.sq.proxmate.me%3A8000%3B%20PROXY%20us08.sq.proxmate.me%3A8000%3B%20PROXY%20us02.sq.proxmate.me%3A8000%3B%20PROXY%20us05.sq.proxmate.me%3A8000%3B%20PROXY%20us06.sq.proxmate.me%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF NetworkProxy: "type", 2
C:\Users\Thomas\AppData\Local\Temp\46460-658931-microsoft-office-home-and-student-2010.exe
C:\Users\Thomas\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnjdown.dll
C:\Users\Thomas\AppData\Local\Temp\install_flashplayer14x32_mssd_aaa_aih.exe
C:\Users\Thomas\AppData\Local\Temp\install_flashplayer14x32_mssd_aaa_aih_1.exe
C:\Users\Thomas\AppData\Local\Temp\instloffer.exe
C:\Users\Thomas\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\Thomas\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Thomas\AppData\Local\Temp\ose00000.exe
C:\Users\Thomas\AppData\Local\Temp\Quarantine.exe
C:\Users\Thomas\AppData\Local\Temp\SSUPDATE.EXE
C:\Users\Thomas\AppData\Local\Temp\Wise_SETUP.exe
EmptyTemp:
end
*****************

"C:\Windows\system32\GroupPolicy\Machine" => File/Directory not found.
"HKLM\SOFTWARE\Policies\Google" => Key not found.
Firefox Proxy settings were reset.
Firefox Proxy settings were reset.
"C:\Users\Thomas\AppData\Local\Temp\46460-658931-microsoft-office-home-and-student-2010.exe" => File/Directory not found.
"C:\Users\Thomas\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpnjdown.dll" => File/Directory not found.
"C:\Users\Thomas\AppData\Local\Temp\install_flashplayer14x32_mssd_aaa_aih.exe" => File/Directory not found.
"C:\Users\Thomas\AppData\Local\Temp\install_flashplayer14x32_mssd_aaa_aih_1.exe" => File/Directory not found.
"C:\Users\Thomas\AppData\Local\Temp\instloffer.exe" => File/Directory not found.
"C:\Users\Thomas\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe" => File/Directory not found.
"C:\Users\Thomas\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe" => File/Directory not found.
"C:\Users\Thomas\AppData\Local\Temp\ose00000.exe" => File/Directory not found.
"C:\Users\Thomas\AppData\Local\Temp\Quarantine.exe" => File/Directory not found.
"C:\Users\Thomas\AppData\Local\Temp\SSUPDATE.EXE" => File/Directory not found.
"C:\Users\Thomas\AppData\Local\Temp\Wise_SETUP.exe" => File/Directory not found.
EmptyTemp: => Removed 58.8 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====


Edited by Thomas J Marshall, 02 September 2014 - 02:35 PM.

Thomas J Marshall





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users