Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Something causing my hard drive (D:) Full


  • This topic is locked This topic is locked
25 replies to this topic

#1 hamkiez

hamkiez

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:07 PM

Posted 05 September 2014 - 11:28 PM

Dear all fellow on Bleeping Computer,

 

Can you guys help me with my computer, it always shows pop up that says low disk space on (D:) everytime I start my computer. I have run the DDS, and the result is below. Please help me to fix my computer.  Your help is really appreciated. Thanks

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17239
Run by Andrew at 11:11:02 on 2014-09-06
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4001.1832 [GMT 7:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\ASUS\FaceLogon\smartlogon.exe
C:\Windows\system32\FBAgent.exe
C:\Windows\system32\WLANExt.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\srvany.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\KMService.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files\ASUS\P4G\BatteryLife.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SysWOW64\ACEngSvr.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Andrew\pwrshdbg.exe
C:\Program Files\Elantech\ETDCtrl.exe
C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
C:\Windows\System32\igfxtray.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Users\Andrew\AppData\Roaming\cmmefr.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Elantech\ETDCtrlHelper.exe
C:\Users\Andrew\wpdsnetwo.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files\HP\HP Deskjet 4620 series\Bin\ScanToPCActivationApp.exe
C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\HP\HP Deskjet 4620 series\Bin\HPNetworkCommunicator.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k HPService
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://asus.msn.com
uProxyServer = 192.168.2.12:808
uProxyOverride = <local>
uWindows: Load = C:\Users\Andrew\pwrshdbg.exe
mWinlogon: Userinit = userinit.exe
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Google Dictionary Compression sdch: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - 
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - 
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet
uRun: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
uRun: [Esukuo] C:\Users\Andrew\AppData\Roaming\Microsoft\Esukuo.exe
uRun: [MSSMARTMON1] "C:\Users\Andrew\AppData\Roaming\cmmefr.exe"
uRun: [Bsukul] C:\Users\Andrew\AppData\Roaming\Microsoft\Bsukul.exe
uRun: [NTIxMzlBRUYwMTQ1M0U2OU] C:\Users\Andrew\mapimo.exe
uRun: [NTIwQTk0N0Y4NzhCRTgxN0] C:\Users\Andrew\pwrshdbg.exe
uRun: [Rsukub] C:\Users\Andrew\AppData\Roaming\Microsoft\Rsukub.exe
uRun: [M0M1NzY2QjBBOEVDQjUyNz] C:\Users\Andrew\wpdsnetwo.exe
uRun: [Msukuw] C:\Users\Andrew\AppData\Roaming\Microsoft\Msukuw.exe
uRun: [wi87t12] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-16879\w8it1v12.exe
uRun: [wfi72] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-12349\wfiv12.exe
uRun: [wfie172] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-12389\wfiv172.exe
uRun: [w7fie172] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-12689\w7fiv172.exe
uRun: [wi72] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-16349\wiv12.exe
uRun: [wi8712] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-163879\w8i1v12.exe
uRun: [wi87t1298] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-10879\w8it198v12.exe
uRun: [t4q] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-46689\24naq.exe
uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
uRun: [w7five172] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-16689\w7five172.exe
uRun: [Zsukuj] C:\Users\Andrew\AppData\Roaming\Microsoft\Zsukuj.exe
uRun: [HP Deskjet 4620 series (NET)] "C:\Program Files\HP\HP Deskjet 4620 series\Bin\ScanToPCActivationApp.exe" -deviceID "CN2BU211T505TN:NW" -scfn "HP Deskjet 4620 series (NET)" -AutoStart 1
mRun: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
mRun: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S
mRun: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
mRun: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
mRun: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
mRun: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
mRun: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
mRun: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
StartupFolder: C:\Users\Andrew\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE
StartupFolder: C:\Users\Andrew\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ASUSVI~1.LNK - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
uPolicies-Explorer: NoDriveAutoRun = dword:0
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
TCP: Interfaces\{530360E6-0C01-4678-A3B1-A9770AE12BE9} : NameServer = 203.142.82.224,182.253.236.236
TCP: Interfaces\{9EBD2770-9112-40D8-9907-9BFDD808D6D1}\4556E64616F5039354736403 : DHCPNameServer = 202.73.99.2 202.73.99.4 61.247.0.130 61.247.0.133
TCP: Interfaces\{9EBD2770-9112-40D8-9907-9BFDD808D6D1}\6596E63656E6472E08993702960586F6E656 : DHCPNameServer = 192.168.39.28
TCP: Interfaces\{9EBD2770-9112-40D8-9907-9BFDD808D6D1}\C41657723702B4F60796479616D6 : DHCPNameServer = 202.73.99.4 61.247.0.2 202.73.99.2
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [ETDCtrl] C:\Program Files (x86)\Elantech\ETDCtrl.exe
x64-Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
x64-Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe /SF3 
x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
x64-Run: [AthBtTray] "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
x64-Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\ma3akms2.default\
FF - prefs.js: network.proxy.ftp - 192.168.137.1
FF - prefs.js: network.proxy.ftp_port - 808
FF - prefs.js: network.proxy.http - 192.168.137.1
FF - prefs.js: network.proxy.http_port - 808
FF - prefs.js: network.proxy.socks - 192.168.137.1
FF - prefs.js: network.proxy.socks_port - 808
FF - prefs.js: network.proxy.ssl - 192.168.137.1
FF - prefs.js: network.proxy.ssl_port - 808
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll
FF - plugin: C:\Program Files (x86)\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\Andrew\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-5-26 17536]
R2 AFBAgent;AFBAgent;C:\Windows\System32\FBAgent.exe [2011-8-13 379520]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-3 15416]
R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-6-1 138400]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Bluetooth Suite\AdminService.exe [2011-6-1 97952]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 KMService;KMService;C:\Windows\System32\srvany.exe --> C:\Windows\System32\srvany.exe [?]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-8-13 2656280]
R3 asmthub3;ASMedia USB3 Hub Service;C:\Windows\System32\drivers\asmthub3.sys [2011-10-3 129512]
R3 asmtxhci;ASMEDIA XHCI Service;C:\Windows\System32\drivers\asmtxhci.sys [2011-10-3 394728]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2011-6-1 30368]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2011-7-6 142632]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-7-6 317440]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;C:\Windows\System32\drivers\L1C62x64.sys [2011-7-6 169584]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 AmUStor;AM USB Stroage Driver;C:\Windows\System32\drivers\AmUStor.sys [2011-3-18 74840]
S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2011-6-1 36000]
S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-2 183560]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2011-6-1 330400]
S3 btath_avdt;Atheros Bluetooth AVDT Service;C:\Windows\System32\drivers\btath_avdt.sys [2011-6-1 110240]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2011-6-1 167072]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2011-6-1 68256]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2011-6-1 280992]
S3 BTATH_VDP;Bluetooth VDP Driver;C:\Windows\System32\drivers\btath_vdp.sys [2011-6-1 420896]
S3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2011-6-1 491168]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-7-3 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-8-14 111616]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [2014-4-9 289256]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;C:\Windows\System32\drivers\SiSG664.sys [2009-6-11 56832]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-2-19 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2011-2-19 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-11-23 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== Created Last 30 ================
.
2014-09-06 02:23:43 11319192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{7F15CC3C-D194-4297-8392-73BDEC3453A3}\mpengine.dll
2014-09-06 02:17:54 -------- d-----w- C:\Users\Andrew\AppData\Local\{45B4A410-1371-4AF6-B627-4ED38F730433}
2014-09-05 01:20:55 -------- d-----w- C:\Users\Andrew\AppData\Local\{F03A2A45-A655-4C39-B2A9-734ED7037804}
2014-09-04 01:27:34 -------- d-----w- C:\Users\Andrew\AppData\Local\{163CE179-A732-47E6-A6EC-5C200CF27889}
2014-09-03 01:07:02 -------- d-----w- C:\Users\Andrew\AppData\Local\{0BB67B1C-02F8-4F89-9A63-D53ECB141C09}
2014-09-02 01:34:54 -------- d-----w- C:\Users\Andrew\AppData\Local\{72BFED40-2137-4B79-BB42-16397C65D29E}
2014-09-01 01:41:16 -------- d-----w- C:\Users\Andrew\AppData\Local\{F1904E21-1545-4E46-9B98-F8DCB48CA5B1}
2014-08-30 02:16:15 -------- d-----w- C:\Users\Andrew\AppData\Local\{951414AA-647F-4878-9C52-D79B02A5E56D}
2014-08-29 04:53:03 -------- d-----w- C:\Users\Andrew\AppData\Local\{E938CEAF-E950-455E-B91F-EF1215085CA9}
2014-08-28 02:06:40 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-28 02:06:40 3163648 ----a-w- C:\Windows\System32\win32k.sys
2014-08-28 02:06:40 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-28 01:58:52 -------- d-----w- C:\Users\Andrew\AppData\Local\{58DBCB23-A3C6-4176-AF6C-74D7103675DE}
2014-08-26 01:37:43 -------- d-----w- C:\Users\Andrew\AppData\Local\{E947D52F-D2AC-464F-9243-E0A50C5F454B}
2014-08-25 01:32:40 -------- d-----w- C:\Users\Andrew\AppData\Local\{2924B5F1-93BF-4D99-9113-1B7568B42046}
2014-08-23 01:25:19 -------- d-----w- C:\Users\Andrew\AppData\Local\{8923D618-E047-422D-8B2B-8B7013EB6ED2}
2014-08-22 01:24:36 2620928 ----a-w- C:\Windows\System32\wucltux.dll
2014-08-22 01:24:07 97792 ----a-w- C:\Windows\System32\wudriver.dll
2014-08-22 01:24:07 92672 ----a-w- C:\Windows\SysWow64\wudriver.dll
2014-08-22 01:23:49 36864 ----a-w- C:\Windows\System32\wuapp.exe
2014-08-22 01:23:49 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
2014-08-22 01:23:49 198600 ----a-w- C:\Windows\System32\wuwebv.dll
2014-08-22 01:23:49 179656 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2014-08-22 01:18:56 -------- d-----w- C:\Users\Andrew\AppData\Local\{5D520B15-5DBB-410E-993D-9B37F01236F8}
2014-08-21 01:28:23 -------- d-----w- C:\Users\Andrew\AppData\Local\{88455C74-D7FB-416E-B709-CA5F01780A6F}
2014-08-16 02:00:44 -------- d-----w- C:\Users\Andrew\AppData\Local\{B360D4AA-15F9-4CA6-A3FC-2DB661665897}
2014-08-15 01:25:10 -------- d-----w- C:\Users\Andrew\AppData\Local\{74E8D04D-3E2E-4E84-A0DA-71C6E18430DD}
2014-08-14 10:23:23 99480 ----a-w- C:\Windows\SysWow64\infocardapi.dll
2014-08-14 10:23:23 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
2014-08-14 10:23:23 8856 ----a-w- C:\Windows\System32\icardres.dll
2014-08-14 10:23:23 619672 ----a-w- C:\Windows\SysWow64\icardagt.exe
2014-08-14 10:23:23 171160 ----a-w- C:\Windows\System32\infocardapi.dll
2014-08-14 10:23:23 1389208 ----a-w- C:\Windows\System32\icardagt.exe
2014-08-14 10:22:50 35480 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
2014-08-14 10:22:50 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
2014-08-14 03:36:21 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
2014-08-14 03:36:20 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2014-08-14 01:52:25 -------- d-----w- C:\Users\Andrew\AppData\Local\{9F9D9210-3960-4D4B-9931-58755298A924}
2014-08-13 01:30:25 -------- d-----w- C:\Users\Andrew\AppData\Local\{53DA6533-AA4B-434A-B842-7312FF342FBF}
2014-08-12 01:46:23 -------- d-----w- C:\Users\Andrew\AppData\Local\{0545B5DB-155A-42F5-BA0A-8BEB6799A2D0}
2014-08-11 01:22:23 -------- d-----w- C:\Users\Andrew\AppData\Local\{E2CBFCAF-E49B-4979-8648-CD4578A9FCFE}
2014-08-09 01:43:05 -------- d-----w- C:\Users\Andrew\AppData\Local\{2E483799-1605-4AB4-B75F-B576797C9D9F}
2014-08-08 01:37:43 -------- d-----w- C:\Users\Andrew\AppData\Local\{1724E7AD-9D29-442F-A796-E4C17C1E6339}
.
==================== Find3M  ====================
.
2014-09-06 02:16:53 45056 ----a-w- C:\Windows\SysWow64\acovcnt.exe
2014-08-05 02:20:00 270496 ------w- C:\Windows\System32\MpSigStub.exe
2014-07-25 14:02:12 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-07-25 14:01:41 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-07-25 13:30:30 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-07-25 13:28:35 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-07-25 13:28:27 548352 ----a-w- C:\Windows\System32\vbscript.dll
2014-07-25 13:25:45 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-07-25 13:04:40 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-07-25 13:00:51 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-07-25 13:00:25 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-07-25 12:59:28 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-07-25 12:47:25 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-07-25 12:34:49 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-07-25 12:34:03 455168 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-07-25 12:33:08 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-07-25 12:30:32 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-07-25 12:28:15 5824512 ----a-w- C:\Windows\System32\jscript9.dll
2014-07-25 12:28:05 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-07-25 12:10:15 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-07-25 12:08:47 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-07-25 12:06:47 4204032 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-07-25 11:43:16 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-07-25 11:39:29 2087936 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-07-25 11:39:25 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-07-25 11:07:49 2001920 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-07-25 11:07:10 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-07-25 10:52:06 2266624 ----a-w- C:\Windows\System32\wininet.dll
2014-07-25 10:05:23 1792512 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-07-16 03:23:41 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-07-16 02:46:02 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-07-09 02:03:23 7168 ----a-w- C:\Windows\System32\KBDYAK.DLL
2014-07-09 02:03:22 7168 ----a-w- C:\Windows\System32\KBDBASH.DLL
2014-07-09 01:31:42 7168 ----a-w- C:\Windows\SysWow64\KBDYAK.DLL
2014-07-09 01:31:41 6656 ----a-w- C:\Windows\SysWow64\KBDBASH.DLL
2014-06-18 02:18:30 692736 ----a-w- C:\Windows\System32\osk.exe
2014-06-18 01:51:32 646144 ----a-w- C:\Windows\SysWow64\osk.exe
2014-06-16 02:10:19 985536 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
.
============= FINISH: 11:11:57.49 ===============
 

Attached Files



BC AdBot (Login to Remove)

 


#2 Bootsektor

Bootsektor

  • Malware Response Team
  • 216 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Northern Germany
  • Local time:10:07 AM

Posted 09 September 2014 - 02:01 PM

Hello and :welcome:
My name is Sandra and I will help you with your problem.

  • Please follow my instructions in the order they are given
  • Read the instructions carefully before you start. If  you get in trouble or do not understand what is to do then stop with the execution and describe the problem as good as you can
  • Do only run Scans which I advise to you
  • Do not do crossposting (Posting in different forums)
  • Do not de- or install software during removal, expect I advisted that to you
  • Please post all logfiles as a reply instead of attaching them unless I asked you for do so. If the files are too big then use more posts, thanks
  • Please keep in mind that we are all doing this here in our freetime, if I do not reply in within 48 hours, feel free to send me a PM

 

 

Scan with FRST
Please download Farbar Recovery Scan Tool  and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)

  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

 

 


regards,

 

Sandra


#3 hamkiez

hamkiez
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:07 PM

Posted 10 September 2014 - 02:52 AM

Hi Sandra,

 

Thanks for replying my thread. I've run the FRST as you suggested and this is the result, I really hope that you can help me solve my problem. Cheers

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-09-2014 01
Ran by Andrew (administrator) on ANDREW-PC on 10-09-2014 14:44:53
Running from C:\Users\Andrew\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\FaceLogon\smartlogon.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
() C:\Windows\SysWOW64\srvany.exe
() C:\Windows\KMService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
(Unity) C:\Users\Andrew\pwrshdbg.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Clown) C:\Users\Andrew\wpdsnetwo.exe
(Gerald) C:\Users\Andrew\mapimo.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 4620 series\Bin\ScanToPCActivationApp.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(ASUS) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 4620 series\Bin\HPNetworkCommunicator.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(ASUS) C:\Windows\AsScrPro.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Reader\bin\PDFReader.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-13] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [926880 2011-06-01] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [792736 2011-06-01] (Atheros Commnucations)
HKLM\...\Run: [Setwallpaper] => c:\programdata\SetWallpaper.cmd
HKLM-x32\...\Run: [Nuance PDF Reader-reminder] => C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe [328992 2008-11-04] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [2018032 2011-04-02] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe [731472 2011-02-23] (ecareme)
HKLM-x32\...\Run: [SonicMasterTray] => C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-18] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-08] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-20] (ASUS)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2011-10-27] (Nullsoft, Inc.)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2317312 2011-09-13] (ASUS)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3885811293-4044738158-880651485-1000\...\Run: [msnmsgr] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [4280184 2012-03-08] (Microsoft Corporation)
HKU\S-1-5-21-3885811293-4044738158-880651485-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6497592 2011-11-23] (Yahoo! Inc.)
HKU\S-1-5-21-3885811293-4044738158-880651485-1000\...\Run: [RGSC] => C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
HKU\S-1-5-21-3885811293-4044738158-880651485-1000\...\Run: [Esukuo] => C:\Users\Andrew\AppData\Roaming\Microsoft\Esukuo.exe
HKU\S-1-5-21-3885811293-4044738158-880651485-1000\...\Run: [MSSMARTMON1] => C:\Users\Andrew\AppData\Roaming\cmmefr.exe [157008 2012-12-01] ()
HKU\S-1-5-21-3885811293-4044738158-880651485-1000\...\Run: [Bsukul] => C:\Users\Andrew\AppData\Roaming\Microsoft\Bsukul.exe
HKU\S-1-5-21-3885811293-4044738158-880651485-1000\...\Run: [NTIxMzlBRUYwMTQ1M0U2OU] => C:\Users\Andrew\mapimo.exe [260608 2012-12-11] (Gerald)
HKU\S-1-5-21-3885811293-4044738158-880651485-1000\...\Run: [NTIwQTk0N0Y4NzhCRTgxN0] => C:\Users\Andrew\pwrshdbg.exe [165376 2012-11-06] (Unity)
HKU\S-1-5-21-3885811293-4044738158-880651485-1000\...\Run: [Rsukub] => C:\Users\Andrew\AppData\Roaming\Microsoft\Rsukub.exe
HKU\S-1-5-21-3885811293-4044738158-880651485-1000\...\Run: [M0M1NzY2QjBBOEVDQjUyNz] => C:\Users\Andrew\wpdsnetwo.exe [274944 2013-01-02] (Clown)
HKU\S-1-5-21-3885811293-4044738158-880651485-1000\...\Run: [Msukuw] => C:\Users\Andrew\AppData\Roaming\Microsoft\Msukuw.exe
HKU\S-1-5-21-3885811293-4044738158-880651485-1000\...\Run: [wi87t12] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-16879\w8it1v12.exe [53760 2013-01-09] ()
HKU\S-1-5-21-3885811293-4044738158-880651485-1000\...\Run: [wfi72] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-12349\wfiv12.exe [53760 2013-01-09] ()
HKU\S-1-5-21-3885811293-4044738158-880651485-1000\...\Run: [wfie172] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-12389\wfiv172.exe [53760 2013-01-09] ()
HKU\S-1-5-21-3885811293-4044738158-880651485-1000\...\Run: [w7fie172] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-12689\w7fiv172.exe [53760 2013-01-09] ()
HKU\S-1-5-21-3885811293-4044738158-880651485-1000\...\Run: [wi72] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-16349\wiv12.exe [53760 2013-01-09] ()
HKU\S-1-5-21-3885811293-4044738158-880651485-1000\...\Run: [wi8712] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-163879\w8i1v12.exe [53760 2013-01-09] ()
HKU\S-1-5-21-3885811293-4044738158-880651485-1000\...\Run: [wi87t1298] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-10879\w8it198v12.exe [53760 2013-01-09] ()
HKU\S-1-5-21-3885811293-4044738158-880651485-1000\...\Run: [t4q] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-46689\24naq.exe [71680 2013-02-16] ()
HKU\S-1-5-21-3885811293-4044738158-880651485-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)
HKU\S-1-5-21-3885811293-4044738158-880651485-1000\...\Run: [w7five172] => C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-16689\w7five172.exe [53760 2013-02-04] ()
HKU\S-1-5-21-3885811293-4044738158-880651485-1000\...\Run: [Zsukuj] => C:\Users\Andrew\AppData\Roaming\Microsoft\Zsukuj.exe
HKU\S-1-5-21-3885811293-4044738158-880651485-1000\...\Run: [HP Deskjet 4620 series (NET)] => C:\Program Files\HP\HP Deskjet 4620 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3885811293-4044738158-880651485-1000\...\CurrentVersion\Windows: [Load] C:\Users\Andrew\pwrshdbg.exe <===== ATTENTION
HKU\S-1-5-21-3885811293-4044738158-880651485-1000\...\MountPoints2: {317e85c4-20cd-11e2-b153-742f6882ba64} - F:\AutoRun.exe
HKU\S-1-5-21-3885811293-4044738158-880651485-1000\...\MountPoints2: {552314c7-929c-11e2-b076-742f6882ba64} - F:\Msetup4.exe
HKU\S-1-5-21-3885811293-4044738158-880651485-1000\...\MountPoints2: {cbd56ec2-9e89-11e1-b031-742f6882ba64} - F:\AutoRun.exe
HKU\S-1-5-21-3885811293-4044738158-880651485-1000\...\Winlogon: [Shell] C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-16689\w7five172.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-46689\24naq.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-10879\w8it198v12.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-163879\w8i1v12.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-16349\wiv12.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-12689\w7fiv172.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-12389\wfiv172.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-12349\wfiv12.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-16879\w8it1v12.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-12352\newcont5rnd4.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-12367\newcont7rnd6.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-12389\newcont9rnd8.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-12310\newcont2rnd1.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-12341\newcont4rnd3.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-12356\newcont6rnd5.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-12387\newcont8rnd7.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-12340\newcont1rnd.exe,C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-12330\newcont3rnd2.exe,explorer.exe <==== ATTENTION 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft SharePoint Workspace.lnk
ShortcutTarget: Microsoft SharePoint Workspace.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
Startup: C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: AsusWSShellExt_B -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: AsusWSShellExt_O -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: 192.168.2.12:808
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Google Dictionary Compression sdch -> {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} -> C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{530360E6-0C01-4678-A3B1-A9770AE12BE9}: [NameServer] 203.142.82.224,182.253.236.236
 
FireFox:
========
FF ProfilePath: C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\ma3akms2.default
FF NetworkProxy: "backup.ftp", "192.168.137.1"
FF NetworkProxy: "backup.ftp_port", 808
FF NetworkProxy: "backup.socks", "192.168.137.1"
FF NetworkProxy: "backup.socks_port", 808
FF NetworkProxy: "backup.ssl", "192.168.137.1"
FF NetworkProxy: "backup.ssl_port", 808
FF NetworkProxy: "ftp", "192.168.137.1"
FF NetworkProxy: "ftp_port", 808
FF NetworkProxy: "http", "192.168.137.1"
FF NetworkProxy: "http_port", 808
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "192.168.137.1"
FF NetworkProxy: "socks_port", 808
FF NetworkProxy: "ssl", "192.168.137.1"
FF NetworkProxy: "ssl_port", 808
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @t-immersion.com/DFusionHomeWebPlugIn -> C:\Program Files (x86)\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll (Total Immersion)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF Plugin HKCU: @yahoo.com/BrowserPlus,version=2.9.8 -> C:\Users\Andrew\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF user.js: detected! => C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\ma3akms2.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Extension: Yahoo! Toolbar - C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\ma3akms2.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2014-06-30]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/ig/redirectdomain?brand=ASUT&bmod=ASUT
CHR StartupUrls: Default -> "hxxp://www.google.com/ig/redirectdomain?brand=ASUT&bmod=ASUT"
CHR DefaultSearchKeyword: Default -> 7069D233D0FAB21ECAD0711E43C3A354F1DA101E62C7559184AE853C3608D736
CHR DefaultSearchURL: Default -> 5FD22109522C2230382960348213BAA8C2B7D382018C8F1C244AFB963BBA8A3D
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\pdf.dll ()
CHR Plugin: (Skype Toolbars) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.7.0.8773_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Winamp Application Detector) - C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Zeon Plus) - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
CHR Plugin: (D'Fusion @Home Web Plug-In (3.20.20164)) - C:\Program Files (x86)\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll (Total Immersion)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - C:\Users\Andrew\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
CHR Profile: C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-02-06]
CHR Extension: (Google Drive) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-06]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-28]
CHR Extension: (YouTube) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-06]
CHR Extension: (Google Search) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-06]
CHR Extension: (Skype Click to Call) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-02-06]
CHR Extension: (Google Wallet) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
CHR Extension: (Gmail) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-06]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-11-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-06-01] (Atheros) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [97952 2011-06-01] (Atheros Commnucations) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [923136 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] () [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 BTATH_VDP; C:\Windows\System32\drivers\btath_vdp.sys [420896 2011-06-01] (Atheros)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-10 14:44 - 2014-09-10 14:46 - 00029231 _____ () C:\Users\Andrew\Downloads\FRST.txt
2014-09-10 14:44 - 2014-09-10 14:44 - 00000000 ____D () C:\FRST
2014-09-10 14:42 - 2014-09-10 14:44 - 02105344 _____ (Farbar) C:\Users\Andrew\Downloads\FRST64.exe
2014-09-10 08:55 - 2014-09-10 08:55 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{3257BDC7-7E82-4C53-B351-275E3E15B189}
2014-09-09 08:17 - 2014-09-09 08:18 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{FCE2CD93-C6B7-4EC5-98C1-431BEE413F59}
2014-09-08 08:05 - 2014-09-08 08:05 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{87B84B69-4DC5-4917-9156-ADE3D38CBDD4}
2014-09-06 11:30 - 2014-09-06 11:30 - 00009023 _____ () C:\Users\Andrew\Downloads\attach (1).txt
2014-09-06 11:25 - 2014-09-06 11:25 - 00015625 _____ () C:\Users\Andrew\Downloads\attach.txt
2014-09-06 11:12 - 2014-09-06 11:12 - 00009023 _____ () C:\Users\Andrew\Desktop\attach.txt
2014-09-06 11:12 - 2014-09-06 11:11 - 00029623 _____ () C:\Users\Andrew\Desktop\dds.txt
2014-09-06 11:09 - 2014-09-06 11:10 - 00688992 ____R (Swearware) C:\Users\Andrew\Downloads\dds.com
2014-09-06 09:17 - 2014-09-06 09:18 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{45B4A410-1371-4AF6-B627-4ED38F730433}
2014-09-05 08:20 - 2014-09-05 08:21 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{F03A2A45-A655-4C39-B2A9-734ED7037804}
2014-09-04 08:27 - 2014-09-04 08:27 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{163CE179-A732-47E6-A6EC-5C200CF27889}
2014-09-03 08:07 - 2014-09-03 08:07 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{0BB67B1C-02F8-4F89-9A63-D53ECB141C09}
2014-09-02 17:11 - 2014-09-02 17:12 - 00011433 _____ () C:\Users\Andrew\Desktop\Book2.xlsx
2014-09-02 08:34 - 2014-09-02 08:34 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{72BFED40-2137-4B79-BB42-16397C65D29E}
2014-09-01 08:41 - 2014-09-01 08:43 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{F1904E21-1545-4E46-9B98-F8DCB48CA5B1}
2014-08-30 09:16 - 2014-08-30 09:16 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{951414AA-647F-4878-9C52-D79B02A5E56D}
2014-08-29 11:53 - 2014-08-29 11:53 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{E938CEAF-E950-455E-B91F-EF1215085CA9}
2014-08-28 09:06 - 2014-08-23 09:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 09:06 - 2014-08-23 08:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 09:06 - 2014-08-23 07:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-28 08:58 - 2014-08-28 09:01 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{58DBCB23-A3C6-4176-AF6C-74D7103675DE}
2014-08-26 08:37 - 2014-08-27 08:25 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{E947D52F-D2AC-464F-9243-E0A50C5F454B}
2014-08-25 08:32 - 2014-08-25 08:32 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{2924B5F1-93BF-4D99-9113-1B7568B42046}
2014-08-23 10:42 - 2014-08-23 10:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-23 09:36 - 2014-08-23 09:57 - 00000000 ____D () C:\Users\Andrew\Desktop\Penawaran
2014-08-23 08:25 - 2014-08-23 08:28 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{8923D618-E047-422D-8B2B-8B7013EB6ED2}
2014-08-22 08:24 - 2014-05-14 23:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-22 08:24 - 2014-05-14 23:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-22 08:24 - 2014-05-14 23:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-22 08:24 - 2014-05-14 23:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-22 08:24 - 2014-05-14 23:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-22 08:24 - 2014-05-14 23:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-22 08:24 - 2014-05-14 23:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-22 08:24 - 2014-05-14 23:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-22 08:24 - 2014-05-14 23:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-22 08:24 - 2014-05-14 23:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-22 08:23 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-22 08:23 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-22 08:23 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-22 08:23 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-22 08:18 - 2014-08-22 08:22 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{5D520B15-5DBB-410E-993D-9B37F01236F8}
2014-08-21 08:28 - 2014-08-21 08:28 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{88455C74-D7FB-416E-B709-CA5F01780A6F}
2014-08-16 09:00 - 2014-08-16 09:00 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{B360D4AA-15F9-4CA6-A3FC-2DB661665897}
2014-08-15 08:25 - 2014-08-15 08:25 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{74E8D04D-3E2E-4E84-A0DA-71C6E18430DD}
2014-08-14 17:23 - 2014-07-01 05:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-14 17:23 - 2014-07-01 05:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-14 17:23 - 2014-03-10 04:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-14 17:23 - 2014-03-10 04:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-14 17:23 - 2014-03-10 04:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-14 17:23 - 2014-03-10 04:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-14 17:22 - 2014-06-06 13:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-14 17:22 - 2014-06-06 13:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-14 10:40 - 2014-07-16 10:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-14 10:40 - 2014-07-16 09:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-14 10:40 - 2014-07-09 09:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-14 10:40 - 2014-07-09 09:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-14 10:40 - 2014-07-09 09:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-14 10:40 - 2014-07-09 09:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-14 10:40 - 2014-07-09 09:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-14 10:40 - 2014-07-09 08:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-14 10:40 - 2014-07-09 08:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-14 10:40 - 2014-07-09 08:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-14 10:40 - 2014-07-09 08:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-14 10:40 - 2014-07-09 08:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-14 10:40 - 2014-07-09 05:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-14 10:40 - 2014-07-09 05:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-14 10:40 - 2014-06-25 09:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-14 10:40 - 2014-06-25 08:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-14 10:40 - 2014-06-16 09:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-14 10:40 - 2014-06-03 17:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-14 10:40 - 2014-06-03 17:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-14 10:40 - 2014-06-03 17:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-14 10:40 - 2014-06-03 17:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-14 10:40 - 2014-06-03 16:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-14 10:40 - 2014-06-03 16:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-14 10:40 - 2014-06-03 16:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-14 10:39 - 2014-08-01 06:41 - 00348856 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-14 10:39 - 2014-08-01 06:16 - 00307384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-14 10:39 - 2014-07-25 21:52 - 23645696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-14 10:39 - 2014-07-25 21:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-14 10:39 - 2014-07-25 21:01 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-14 10:39 - 2014-07-25 20:51 - 17524224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-14 10:39 - 2014-07-25 20:30 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-14 10:39 - 2014-07-25 20:28 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-14 10:39 - 2014-07-25 20:28 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-14 10:39 - 2014-07-25 20:25 - 02774528 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-14 10:39 - 2014-07-25 20:25 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-14 10:39 - 2014-07-25 20:11 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-14 10:39 - 2014-07-25 20:10 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-14 10:39 - 2014-07-25 20:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-14 10:39 - 2014-07-25 20:03 - 00598016 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-14 10:39 - 2014-07-25 20:00 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-14 10:39 - 2014-07-25 20:00 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-14 10:39 - 2014-07-25 19:59 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-14 10:39 - 2014-07-25 19:47 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-14 10:39 - 2014-07-25 19:40 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-14 10:39 - 2014-07-25 19:34 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-14 10:39 - 2014-07-25 19:34 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-14 10:39 - 2014-07-25 19:33 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-14 10:39 - 2014-07-25 19:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-14 10:39 - 2014-07-25 19:28 - 05824512 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-14 10:39 - 2014-07-25 19:28 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-14 10:39 - 2014-07-25 19:21 - 02184704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-14 10:39 - 2014-07-25 19:19 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-14 10:39 - 2014-07-25 19:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-14 10:39 - 2014-07-25 19:17 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-14 10:39 - 2014-07-25 19:17 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-14 10:39 - 2014-07-25 19:12 - 00438784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-14 10:39 - 2014-07-25 19:10 - 00292864 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-14 10:39 - 2014-07-25 19:10 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-14 10:39 - 2014-07-25 19:08 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-14 10:39 - 2014-07-25 19:06 - 04204032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-14 10:39 - 2014-07-25 18:52 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-14 10:39 - 2014-07-25 18:47 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-14 10:39 - 2014-07-25 18:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-14 10:39 - 2014-07-25 18:42 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-14 10:39 - 2014-07-25 18:39 - 02087936 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-14 10:39 - 2014-07-25 18:39 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-14 10:39 - 2014-07-25 18:36 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-14 10:39 - 2014-07-25 18:34 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-14 10:39 - 2014-07-25 18:29 - 00239616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-14 10:39 - 2014-07-25 18:23 - 13547008 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-14 10:39 - 2014-07-25 18:13 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-14 10:39 - 2014-07-25 18:07 - 02001920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-14 10:39 - 2014-07-25 18:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-14 10:39 - 2014-07-25 18:03 - 11772928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-14 10:39 - 2014-07-25 17:52 - 02266624 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-14 10:39 - 2014-07-25 17:26 - 01431040 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-14 10:39 - 2014-07-25 17:17 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-14 10:39 - 2014-07-25 17:09 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-14 10:39 - 2014-07-25 17:05 - 01792512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-14 10:39 - 2014-07-25 17:00 - 01169920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-14 10:36 - 2014-07-14 09:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-14 10:36 - 2014-07-14 08:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-14 08:52 - 2014-08-14 08:52 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{9F9D9210-3960-4D4B-9931-58755298A924}
2014-08-13 14:33 - 2014-08-13 14:33 - 03644976 _____ () C:\Users\Andrew\Downloads\rincianbiaya.zip
2014-08-13 08:30 - 2014-08-13 08:30 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{53DA6533-AA4B-434A-B842-7312FF342FBF}
2014-08-12 15:52 - 2014-08-13 09:38 - 00017005 _____ () C:\Users\Andrew\Desktop\Trucking Gross Profit 2014.xlsx
2014-08-12 15:37 - 2014-08-30 09:51 - 00008906 _____ () C:\Users\Andrew\Documents\lintas.xlsx
2014-08-12 08:46 - 2014-08-12 08:46 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{0545B5DB-155A-42F5-BA0A-8BEB6799A2D0}
2014-08-11 08:22 - 2014-08-11 08:22 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{E2CBFCAF-E49B-4979-8648-CD4578A9FCFE}
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-10 14:46 - 2014-09-10 14:44 - 00029231 _____ () C:\Users\Andrew\Downloads\FRST.txt
2014-09-10 14:44 - 2014-09-10 14:44 - 00000000 ____D () C:\FRST
2014-09-10 14:44 - 2014-09-10 14:42 - 02105344 _____ (Farbar) C:\Users\Andrew\Downloads\FRST64.exe
2014-09-10 14:30 - 2011-12-06 15:49 - 00000000 ____D () C:\Users\Andrew\Documents\Outlook Files
2014-09-10 14:27 - 2011-04-02 11:36 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-10 14:24 - 2011-08-13 00:02 - 01738548 _____ () C:\Windows\WindowsUpdate.log
2014-09-10 11:05 - 2012-01-09 00:53 - 00000000 ____D () C:\Users\Andrew\AppData\Local\CrashDumps
2014-09-10 09:26 - 2011-04-02 11:36 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-10 09:02 - 2009-07-14 11:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-10 09:02 - 2009-07-14 11:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-10 09:00 - 2009-07-14 12:13 - 00798780 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-10 08:56 - 2011-11-23 23:28 - 00000000 ____D () C:\Users\Andrew\Documents\Bluetooth Folder
2014-09-10 08:55 - 2014-09-10 08:55 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{3257BDC7-7E82-4C53-B351-275E3E15B189}
2014-09-10 08:55 - 2011-12-06 21:20 - 00000000 ____D () C:\Users\Andrew\Tracing
2014-09-10 08:54 - 2011-11-23 21:54 - 00045056 _____ () C:\Windows\SysWOW64\acovcnt.exe
2014-09-10 08:54 - 2009-07-14 12:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-10 08:54 - 2009-07-14 11:51 - 00109316 _____ () C:\Windows\setupact.log
2014-09-09 08:18 - 2014-09-09 08:17 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{FCE2CD93-C6B7-4EC5-98C1-431BEE413F59}
2014-09-08 08:05 - 2014-09-08 08:05 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{87B84B69-4DC5-4917-9156-ADE3D38CBDD4}
2014-09-06 11:30 - 2014-09-06 11:30 - 00009023 _____ () C:\Users\Andrew\Downloads\attach (1).txt
2014-09-06 11:25 - 2014-09-06 11:25 - 00015625 _____ () C:\Users\Andrew\Downloads\attach.txt
2014-09-06 11:12 - 2014-09-06 11:12 - 00009023 _____ () C:\Users\Andrew\Desktop\attach.txt
2014-09-06 11:11 - 2014-09-06 11:12 - 00029623 _____ () C:\Users\Andrew\Desktop\dds.txt
2014-09-06 11:10 - 2014-09-06 11:09 - 00688992 ____R (Swearware) C:\Users\Andrew\Downloads\dds.com
2014-09-06 09:18 - 2014-09-06 09:17 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{45B4A410-1371-4AF6-B627-4ED38F730433}
2014-09-05 09:51 - 2013-06-17 08:32 - 00002010 ____H () C:\Users\Andrew\Documents\Default.rdp
2014-09-05 09:41 - 2009-07-14 12:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-09-05 08:21 - 2014-09-05 08:20 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{F03A2A45-A655-4C39-B2A9-734ED7037804}
2014-09-04 08:27 - 2014-09-04 08:27 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{163CE179-A732-47E6-A6EC-5C200CF27889}
2014-09-03 08:07 - 2014-09-03 08:07 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{0BB67B1C-02F8-4F89-9A63-D53ECB141C09}
2014-09-02 17:12 - 2014-09-02 17:11 - 00011433 _____ () C:\Users\Andrew\Desktop\Book2.xlsx
2014-09-02 08:46 - 2009-07-14 10:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-02 08:34 - 2014-09-02 08:34 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{72BFED40-2137-4B79-BB42-16397C65D29E}
2014-09-01 08:43 - 2014-09-01 08:41 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{F1904E21-1545-4E46-9B98-F8DCB48CA5B1}
2014-08-30 09:51 - 2014-08-12 15:37 - 00008906 _____ () C:\Users\Andrew\Documents\lintas.xlsx
2014-08-30 09:16 - 2014-08-30 09:16 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{951414AA-647F-4878-9C52-D79B02A5E56D}
2014-08-30 09:14 - 2009-07-14 11:45 - 00408848 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-29 11:53 - 2014-08-29 11:53 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{E938CEAF-E950-455E-B91F-EF1215085CA9}
2014-08-28 09:01 - 2014-08-28 08:58 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{58DBCB23-A3C6-4176-AF6C-74D7103675DE}
2014-08-28 08:57 - 2012-05-02 19:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-27 08:25 - 2014-08-26 08:37 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{E947D52F-D2AC-464F-9243-E0A50C5F454B}
2014-08-25 12:09 - 2009-07-14 10:20 - 00000000 ____D () C:\Windows\rescache
2014-08-25 11:34 - 2014-07-14 16:44 - 00010221 _____ () C:\Users\Andrew\Documents\Kapal.xlsx
2014-08-25 08:32 - 2014-08-25 08:32 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{2924B5F1-93BF-4D99-9113-1B7568B42046}
2014-08-23 10:42 - 2014-08-23 10:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-23 10:03 - 2011-12-06 15:35 - 00000000 ____D () C:\Users\Andrew\AppData\Local\Microsoft Help
2014-08-23 09:57 - 2014-08-23 09:36 - 00000000 ____D () C:\Users\Andrew\Desktop\Penawaran
2014-08-23 09:07 - 2014-08-28 09:06 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 08:45 - 2014-08-28 09:06 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 08:28 - 2014-08-23 08:25 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{8923D618-E047-422D-8B2B-8B7013EB6ED2}
2014-08-23 07:59 - 2014-08-28 09:06 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 08:22 - 2014-08-22 08:18 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{5D520B15-5DBB-410E-993D-9B37F01236F8}
2014-08-21 08:28 - 2014-08-21 08:28 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{88455C74-D7FB-416E-B709-CA5F01780A6F}
2014-08-16 09:00 - 2014-08-16 09:00 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{B360D4AA-15F9-4CA6-A3FC-2DB661665897}
2014-08-15 08:25 - 2014-08-15 08:25 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{74E8D04D-3E2E-4E84-A0DA-71C6E18430DD}
2014-08-15 08:20 - 2009-07-14 10:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-14 17:42 - 2011-12-06 15:34 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-08-14 17:35 - 2013-07-30 23:17 - 00000000 ____D () C:\Windows\system32\MRT
2014-08-14 17:29 - 2011-11-23 23:38 - 99218768 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-14 08:52 - 2014-08-14 08:52 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{9F9D9210-3960-4D4B-9931-58755298A924}
2014-08-13 15:47 - 2011-12-07 18:16 - 00000000 ____D () C:\Users\Andrew\AppData\Local\Windows Live
2014-08-13 14:33 - 2014-08-13 14:33 - 03644976 _____ () C:\Users\Andrew\Downloads\rincianbiaya.zip
2014-08-13 09:38 - 2014-08-12 15:52 - 00017005 _____ () C:\Users\Andrew\Desktop\Trucking Gross Profit 2014.xlsx
2014-08-13 08:30 - 2014-08-13 08:30 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{53DA6533-AA4B-434A-B842-7312FF342FBF}
2014-08-12 08:46 - 2014-08-12 08:46 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{0545B5DB-155A-42F5-BA0A-8BEB6799A2D0}
2014-08-11 08:22 - 2014-08-11 08:22 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{E2CBFCAF-E49B-4979-8648-CD4578A9FCFE}
 
Files to move or delete:
====================
C:\Users\Andrew\bitsse.exe
C:\Users\Andrew\ifsuNAPC.exe
C:\Users\Andrew\mapimo.exe
C:\Users\Andrew\pegwsh.exe
C:\Users\Andrew\pwrshdbg.exe
C:\Users\Andrew\RstrKBD.exe
C:\Users\Andrew\taskC_1.exe
C:\Users\Andrew\WldKBD.exe
C:\Users\Andrew\wpdsnetwo.exe
C:\Users\Andrew\XAPOTimeDateM.exe
 
 
Some content of TEMP:
====================
C:\Users\Andrew\AppData\Local\Temp\1004459.exe
C:\Users\Andrew\AppData\Local\Temp\1005919.exe
C:\Users\Andrew\AppData\Local\Temp\1013237.exe
C:\Users\Andrew\AppData\Local\Temp\1014199.exe
C:\Users\Andrew\AppData\Local\Temp\1018745.exe
C:\Users\Andrew\AppData\Local\Temp\1026326.exe
C:\Users\Andrew\AppData\Local\Temp\102654.exe
C:\Users\Andrew\AppData\Local\Temp\1026595.exe
C:\Users\Andrew\AppData\Local\Temp\1027130.exe
C:\Users\Andrew\AppData\Local\Temp\1027165.exe
C:\Users\Andrew\AppData\Local\Temp\103009.exe
C:\Users\Andrew\AppData\Local\Temp\1034636.exe
C:\Users\Andrew\AppData\Local\Temp\1046992.exe
C:\Users\Andrew\AppData\Local\Temp\1049522.exe
C:\Users\Andrew\AppData\Local\Temp\1051219.exe
C:\Users\Andrew\AppData\Local\Temp\1057066.exe
C:\Users\Andrew\AppData\Local\Temp\1063305.exe
C:\Users\Andrew\AppData\Local\Temp\1066973.exe
C:\Users\Andrew\AppData\Local\Temp\1069638.exe
C:\Users\Andrew\AppData\Local\Temp\1072150.exe
C:\Users\Andrew\AppData\Local\Temp\1073510.exe
C:\Users\Andrew\AppData\Local\Temp\1075891.exe
C:\Users\Andrew\AppData\Local\Temp\1081720.exe
C:\Users\Andrew\AppData\Local\Temp\108562.exe
C:\Users\Andrew\AppData\Local\Temp\112062.exe
C:\Users\Andrew\AppData\Local\Temp\113253.exe
C:\Users\Andrew\AppData\Local\Temp\124394.exe
C:\Users\Andrew\AppData\Local\Temp\144449.exe
C:\Users\Andrew\AppData\Local\Temp\153057.exe
C:\Users\Andrew\AppData\Local\Temp\157153.exe
C:\Users\Andrew\AppData\Local\Temp\159711.exe
C:\Users\Andrew\AppData\Local\Temp\173660.exe
C:\Users\Andrew\AppData\Local\Temp\174872.exe
C:\Users\Andrew\AppData\Local\Temp\178385.exe
C:\Users\Andrew\AppData\Local\Temp\178662.exe
C:\Users\Andrew\AppData\Local\Temp\182576.exe
C:\Users\Andrew\AppData\Local\Temp\203347.exe
C:\Users\Andrew\AppData\Local\Temp\210862.exe
C:\Users\Andrew\AppData\Local\Temp\218817.exe
C:\Users\Andrew\AppData\Local\Temp\222962.exe
C:\Users\Andrew\AppData\Local\Temp\223524.exe
C:\Users\Andrew\AppData\Local\Temp\225131.exe
C:\Users\Andrew\AppData\Local\Temp\227575.exe
C:\Users\Andrew\AppData\Local\Temp\227616.exe
C:\Users\Andrew\AppData\Local\Temp\237060.exe
C:\Users\Andrew\AppData\Local\Temp\237454.exe
C:\Users\Andrew\AppData\Local\Temp\244714.exe
C:\Users\Andrew\AppData\Local\Temp\246560.exe
C:\Users\Andrew\AppData\Local\Temp\248021.exe
C:\Users\Andrew\AppData\Local\Temp\249815.exe
C:\Users\Andrew\AppData\Local\Temp\250231.exe
C:\Users\Andrew\AppData\Local\Temp\253415.exe
C:\Users\Andrew\AppData\Local\Temp\254241.exe
C:\Users\Andrew\AppData\Local\Temp\272139.exe
C:\Users\Andrew\AppData\Local\Temp\277657.exe
C:\Users\Andrew\AppData\Local\Temp\290974.exe
C:\Users\Andrew\AppData\Local\Temp\301623.exe
C:\Users\Andrew\AppData\Local\Temp\303656.exe
C:\Users\Andrew\AppData\Local\Temp\305112.exe
C:\Users\Andrew\AppData\Local\Temp\312368.exe
C:\Users\Andrew\AppData\Local\Temp\317341.exe
C:\Users\Andrew\AppData\Local\Temp\332710.exe
C:\Users\Andrew\AppData\Local\Temp\339803.exe
C:\Users\Andrew\AppData\Local\Temp\346274.exe
C:\Users\Andrew\AppData\Local\Temp\347369.exe
C:\Users\Andrew\AppData\Local\Temp\353516.exe
C:\Users\Andrew\AppData\Local\Temp\354367.exe
C:\Users\Andrew\AppData\Local\Temp\354761.exe
C:\Users\Andrew\AppData\Local\Temp\356604.exe
C:\Users\Andrew\AppData\Local\Temp\356712.exe
C:\Users\Andrew\AppData\Local\Temp\357128.exe
C:\Users\Andrew\AppData\Local\Temp\366379.exe
C:\Users\Andrew\AppData\Local\Temp\369655.exe
C:\Users\Andrew\AppData\Local\Temp\375863.exe
C:\Users\Andrew\AppData\Local\Temp\387069.exe
C:\Users\Andrew\AppData\Local\Temp\393722.exe
C:\Users\Andrew\AppData\Local\Temp\395440.exe
C:\Users\Andrew\AppData\Local\Temp\397171.exe
C:\Users\Andrew\AppData\Local\Temp\398598.exe
C:\Users\Andrew\AppData\Local\Temp\405322.exe
C:\Users\Andrew\AppData\Local\Temp\408331.exe
C:\Users\Andrew\AppData\Local\Temp\412014.exe
C:\Users\Andrew\AppData\Local\Temp\412961.exe
C:\Users\Andrew\AppData\Local\Temp\414693.exe
C:\Users\Andrew\AppData\Local\Temp\416885.exe
C:\Users\Andrew\AppData\Local\Temp\421799.exe
C:\Users\Andrew\AppData\Local\Temp\425504.exe
C:\Users\Andrew\AppData\Local\Temp\428095.exe
C:\Users\Andrew\AppData\Local\Temp\434800.exe
C:\Users\Andrew\AppData\Local\Temp\443192.exe
C:\Users\Andrew\AppData\Local\Temp\448767.exe
C:\Users\Andrew\AppData\Local\Temp\454113.exe
C:\Users\Andrew\AppData\Local\Temp\454790.exe
C:\Users\Andrew\AppData\Local\Temp\465354.exe
C:\Users\Andrew\AppData\Local\Temp\465602.exe
C:\Users\Andrew\AppData\Local\Temp\466239.exe
C:\Users\Andrew\AppData\Local\Temp\470079.exe
C:\Users\Andrew\AppData\Local\Temp\470470.exe
C:\Users\Andrew\AppData\Local\Temp\472982.exe
C:\Users\Andrew\AppData\Local\Temp\474652.exe
C:\Users\Andrew\AppData\Local\Temp\480495.exe
C:\Users\Andrew\AppData\Local\Temp\485322.exe
C:\Users\Andrew\AppData\Local\Temp\485918.exe
C:\Users\Andrew\AppData\Local\Temp\502217.exe
C:\Users\Andrew\AppData\Local\Temp\513093.exe
C:\Users\Andrew\AppData\Local\Temp\521395.exe
C:\Users\Andrew\AppData\Local\Temp\526566.exe
C:\Users\Andrew\AppData\Local\Temp\527602.exe
C:\Users\Andrew\AppData\Local\Temp\533880.exe
C:\Users\Andrew\AppData\Local\Temp\542997.exe
C:\Users\Andrew\AppData\Local\Temp\554782.exe
C:\Users\Andrew\AppData\Local\Temp\563337.exe
C:\Users\Andrew\AppData\Local\Temp\564044.exe
C:\Users\Andrew\AppData\Local\Temp\565133.exe
C:\Users\Andrew\AppData\Local\Temp\565436.exe
C:\Users\Andrew\AppData\Local\Temp\576608.exe
C:\Users\Andrew\AppData\Local\Temp\577030.exe
C:\Users\Andrew\AppData\Local\Temp\587142.exe
C:\Users\Andrew\AppData\Local\Temp\587963.exe
C:\Users\Andrew\AppData\Local\Temp\591008.exe
C:\Users\Andrew\AppData\Local\Temp\596264.exe
C:\Users\Andrew\AppData\Local\Temp\598737.exe
C:\Users\Andrew\AppData\Local\Temp\602236.exe
C:\Users\Andrew\AppData\Local\Temp\619854.exe
C:\Users\Andrew\AppData\Local\Temp\622868.exe
C:\Users\Andrew\AppData\Local\Temp\624842.exe
C:\Users\Andrew\AppData\Local\Temp\625190.exe
C:\Users\Andrew\AppData\Local\Temp\627988.exe
C:\Users\Andrew\AppData\Local\Temp\631337.exe
C:\Users\Andrew\AppData\Local\Temp\634707.exe
C:\Users\Andrew\AppData\Local\Temp\638592.exe
C:\Users\Andrew\AppData\Local\Temp\661829.exe
C:\Users\Andrew\AppData\Local\Temp\669984.exe
C:\Users\Andrew\AppData\Local\Temp\672022.exe
C:\Users\Andrew\AppData\Local\Temp\682935.exe
C:\Users\Andrew\AppData\Local\Temp\684892.exe
C:\Users\Andrew\AppData\Local\Temp\689395.exe
C:\Users\Andrew\AppData\Local\Temp\692336.exe
C:\Users\Andrew\AppData\Local\Temp\693886.exe
C:\Users\Andrew\AppData\Local\Temp\695268.exe
C:\Users\Andrew\AppData\Local\Temp\699692.exe
C:\Users\Andrew\AppData\Local\Temp\708281.exe
C:\Users\Andrew\AppData\Local\Temp\711770.exe
C:\Users\Andrew\AppData\Local\Temp\726784.exe
C:\Users\Andrew\AppData\Local\Temp\726831.exe
C:\Users\Andrew\AppData\Local\Temp\731430.exe
C:\Users\Andrew\AppData\Local\Temp\731649.exe
C:\Users\Andrew\AppData\Local\Temp\736657.exe
C:\Users\Andrew\AppData\Local\Temp\736964.exe
C:\Users\Andrew\AppData\Local\Temp\737202.exe
C:\Users\Andrew\AppData\Local\Temp\742188.exe
C:\Users\Andrew\AppData\Local\Temp\743706.exe
C:\Users\Andrew\AppData\Local\Temp\762332.exe
C:\Users\Andrew\AppData\Local\Temp\762647.exe
C:\Users\Andrew\AppData\Local\Temp\763582.exe
C:\Users\Andrew\AppData\Local\Temp\768339.exe
C:\Users\Andrew\AppData\Local\Temp\769083.exe
C:\Users\Andrew\AppData\Local\Temp\788220.exe
C:\Users\Andrew\AppData\Local\Temp\794015.exe
C:\Users\Andrew\AppData\Local\Temp\800558.exe
C:\Users\Andrew\AppData\Local\Temp\801152.exe
C:\Users\Andrew\AppData\Local\Temp\801432.exe
C:\Users\Andrew\AppData\Local\Temp\801744.exe
C:\Users\Andrew\AppData\Local\Temp\809627.exe
C:\Users\Andrew\AppData\Local\Temp\828027.exe
C:\Users\Andrew\AppData\Local\Temp\834239.exe
C:\Users\Andrew\AppData\Local\Temp\846642.exe
C:\Users\Andrew\AppData\Local\Temp\848414.exe
C:\Users\Andrew\AppData\Local\Temp\848712.exe
C:\Users\Andrew\AppData\Local\Temp\848722.exe
C:\Users\Andrew\AppData\Local\Temp\866513.exe
C:\Users\Andrew\AppData\Local\Temp\866884.exe
C:\Users\Andrew\AppData\Local\Temp\867431.exe
C:\Users\Andrew\AppData\Local\Temp\868881.exe
C:\Users\Andrew\AppData\Local\Temp\874407.exe
C:\Users\Andrew\AppData\Local\Temp\875624.exe
C:\Users\Andrew\AppData\Local\Temp\881573.exe
C:\Users\Andrew\AppData\Local\Temp\882043.exe
C:\Users\Andrew\AppData\Local\Temp\892747.exe
C:\Users\Andrew\AppData\Local\Temp\894129.exe
C:\Users\Andrew\AppData\Local\Temp\898697.exe
C:\Users\Andrew\AppData\Local\Temp\903415.exe
C:\Users\Andrew\AppData\Local\Temp\903641.exe
C:\Users\Andrew\AppData\Local\Temp\905470.exe
C:\Users\Andrew\AppData\Local\Temp\906669.exe
C:\Users\Andrew\AppData\Local\Temp\963429.exe
C:\Users\Andrew\AppData\Local\Temp\964227.exe
C:\Users\Andrew\AppData\Local\Temp\965795.exe
C:\Users\Andrew\AppData\Local\Temp\976596.exe
C:\Users\Andrew\AppData\Local\Temp\983311.exe
C:\Users\Andrew\AppData\Local\Temp\984608.exe
C:\Users\Andrew\AppData\Local\Temp\988844.exe
C:\Users\Andrew\AppData\Local\Temp\992910.exe
C:\Users\Andrew\AppData\Local\Temp\996379.exe
C:\Users\Andrew\AppData\Local\Temp\996647.exe
C:\Users\Andrew\AppData\Local\Temp\997825.exe
C:\Users\Andrew\AppData\Local\Temp\997927.exe
C:\Users\Andrew\AppData\Local\Temp\contentDATs.exe
C:\Users\Andrew\AppData\Local\Temp\DataCard_Setup64.exe
C:\Users\Andrew\AppData\Local\Temp\ResetDevice.exe
C:\Users\Andrew\AppData\Local\Temp\selfupdt.exe
C:\Users\Andrew\AppData\Local\Temp\SkypeSetup.exe
C:\Users\Andrew\AppData\Local\Temp\Uni000.exe
C:\Users\Andrew\AppData\Local\Temp\{7BAD4D1C-C873-4D3A-8965-06D662D72C11}-chrome_updater.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-08 11:35
 
==================== End Of Log ============================


#4 hamkiez

hamkiez
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:07 PM

Posted 10 September 2014 - 02:54 AM

And this one is the addition:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-09-2014 01
Ran by Andrew at 2014-09-10 14:47:21
Running from C:\Users\Andrew\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
4500_G510gm_Help (x32 Version: 000.0.439.000 - Hewlett-Packard) Hidden
4500G510gm (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden
4500G510gm_Software_Min (x32 Version: 000.0.423.000 - Hewlett-Packard) Hidden
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.0.1.152 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin 64-bit (HKLM\...\Adobe Flash Player Plugin) (Version: 11.1.102.55 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 1.2.0117.08443 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 1.2.0117.08443 - Alcor Micro Corp.) Hidden
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.2.0 - Asmedia Technology)
ASUS AI Recovery (HKLM-x32\...\{D39F0676-163E-4595-A917-E28F99BBD4D2}) (Version: 1.0.19 - ASUS)
ASUS FaceLogon (HKLM-x32\...\{64452561-169F-4A36-A2FF-B5E118EC65F5}) (Version: 1.0.0013 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.0.27 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 1.1.50 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.02.0037 - ASUS)
ASUS Virtual Camera (HKLM-x32\...\{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}) (Version: 1.0.24 - asus)
ASUS WebStorage (HKLM-x32\...\ASUS WebStorage) (Version: 3.0.84.161 - eCareme Technologies, Inc.)
AsusScr_K3 Series_ENG (HKLM-x32\...\AsusScr_K3 Series_ENG) (Version: 1.0.0001 - ASUS)
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.4.617 - ASUSTEK)
Atheros Driver Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 9.0 - Atheros)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0010 - ASUS)
Bing Bar (HKLM-x32\...\{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}) (Version: 7.0.610.0 - Microsoft Corporation)
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.4.0.40 - Atheros Communications)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
Control ActiveX de Windows Live Mesh para conexiones remotas (HKLM-x32\...\{04668DF2-D32F-4555-9C7E-35523DCD6544}) (Version: 15.4.5722.2 - Microsoft Corporation)
Contrôle ActiveX Windows Live Mesh pour connexions à distance (HKLM-x32\...\{55D003F4-9599-44BF-BA9E-95D060730DD3}) (Version: 15.4.5722.2 - Microsoft Corporation)
Controlo ActiveX do Windows Live Mesh para Ligações Remotas (HKLM-x32\...\{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}) (Version: 15.4.5722.2 - Microsoft Corporation)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1908 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.1908 - CyberLink Corp.) Hidden
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
CyberLink Power2Go (x32 Version: 6.1.3602c - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{132D27B8-C656-44BD-8C16-73C54EA8A85F}) (Version:  - Microsoft)
ETDWare PS/2-X64 8.0.5.3_WHQL (HKLM\...\Elantech) (Version: 8.0.5.3 - ELAN Microelectronic Corp.)
Fast Boot (HKLM\...\{13F4A7F3-EABC-4261-AF6B-1317777F0755}) (Version: 1.0.10 - ASUS)
FreeFixer (HKLM-x32\...\FreeFixer0.70) (Version: 0.70 - Kephyr)
Galeria de Fotografias do Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galería fotográfica de Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.103 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version:  - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HP Deskjet 4620 series Basic Device Software (HKLM\...\{6D790D6C-EF5F-40AC-A9BF-2ADF638C02AD}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Deskjet 4620 series Help (HKLM-x32\...\{5773FBCB-BA2C-4F3E-9904-48247BF752FC}) (Version: 6.0.0 - Hewlett Packard)
HP Deskjet 4620 series Product Improvement Study (HKLM\...\{8703F965-1B1F-491F-ACCF-2B0626732065}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet 4500 G510g-m (HKLM\...\{E5083D57-D93F-404C-A91F-1C50D67C2BEB}) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2405 - Intel Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.150.1 - McAfee, Inc.)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Mobile Partner (HKLM-x32\...\Mobile Partner) (Version: 11.002.03.23.03 - Huawei Technologies Co.,Ltd)
Mozilla Firefox 31.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 31.0 (x86 en-US)) (Version: 31.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network64 (Version: 130.0.374.000 - Hewlett-Packard) Hidden
Nuance PDF Reader (HKLM-x32\...\{B480904D-F73F-4673-B034-8A5F492C9184}) (Version: 6.00.0041 - Nuance Communications, Inc.)
Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{7D916FA5-DAE9-4A25-B089-655C70EAF607}) (Version: 9.2 - Qualcomm Atheros)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6304 - Realtek Semiconductor Corp.)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version:  - Microsoft) Hidden
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 5.7.8773 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Sonic Focus (HKLM-x32\...\{09BCB9CE-964B-4BDA-AE46-B5A0ABEF1D3F}) (Version: 1.00.0000 - Virage Logic, Corp.)
syncables desktop SE (HKLM-x32\...\{341697D8-9923-445E-B42A-529E5A99CB7A}) (Version: 5.5.746.11492 - syncables)
Tonic v1.0 (build 990) (HKLM-x32\...\Tonic) (Version:  - )
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
Total Immersion D'Fusion @Home Web Plug-In (HKLM-x32\...\D'Fusion @Home Web Plug-In) (Version:  - Total Immersion)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version:  - Microsoft)
Update for Microsoft Excel 2010 (KB2837600) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4ACD847E-547D-493F-9A86-F73EAE1B5174}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version:  - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version:  - Microsoft)
Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUS_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version:  - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUS_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUS_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version:  - Microsoft)
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version:  - Microsoft)
Update for Microsoft Word 2010 (KB2880529) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{B9B89E01-5B6B-4F73-BC34-B2C0D8ACB4CD}) (Version:  - Microsoft)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.622  - Nullsoft, Inc)
Winamp Detector Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Family Safety (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 影像中心 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 照片库 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 程式集 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live 软件包 (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.32.3 - ASUS)
WinRAR 4.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
Wireless Console 3 (HKLM-x32\...\{C4BC5A5F-4A97-47CC-99C3-AB8E10572AFE}) (Version: 3.0.24 - ASUS)
Yahoo! BrowserPlus 2.9.8 (HKCU\...\Yahoo! BrowserPlus) (Version:  - Yahoo! Inc.)
Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version:  - Yahoo! Inc.)
Yahoo! Software Update (HKLM-x32\...\Yahoo! Software Update) (Version:  - )
Yahoo! Toolbar (HKLM-x32\...\Yahoo! Companion) (Version:  - Yahoo! Inc.)
用于远程连接的 Windows Live Mesh ActiveX 控件(简体中文) (HKLM-x32\...\{F992409C-9D10-4AE2-BAEB-B5409AD3785E}) (Version: 15.4.5722.2 - Microsoft Corporation)
適用遠端連線的 Windows Live Mesh ActiveX 控制項 (HKLM-x32\...\{622DE1BE-9EDE-49D3-B349-29D64760342A}) (Version: 15.4.5722.2 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
22-08-2014 01:22:37 Windows Update
25-08-2014 01:40:05 Windows Update
25-08-2014 01:41:56 Windows Backup
29-08-2014 04:56:28 Windows Update
01-09-2014 01:50:47 Windows Backup
03-09-2014 01:12:30 Windows Update
06-09-2014 02:22:46 Windows Update
08-09-2014 01:14:22 Windows Backup
10-09-2014 02:34:13 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 09:34 - 2009-06-11 04:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0E170835-29A9-44CF-B9A1-94573D708D3D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-02] (Google Inc.)
Task: {11EA6186-BDEB-472E-84F2-4F2193DB574F} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {1A3946FC-E324-4B43-859C-CA2CDE0230E7} - System32\Tasks\{E3A9C914-4D03-4A2A-A52D-2FFF869E711F} => D:\Games\Warcraft III\w3l.exe [2009-08-13] (http://w3l.info.tm)
Task: {332B798B-E02F-4DDF-BCC5-3118C6111BE2} - System32\Tasks\ATKOSD2 => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-18] (ASUS)
Task: {3F88747D-79E4-48BF-B79B-8AD4EB76F576} - System32\Tasks\{4D3C0700-E5B3-421C-B747-AAD5EAD77D06} => D:\Games\Warcraft III\w3l.exe [2009-08-13] (http://w3l.info.tm)
Task: {429CF530-FD15-40E9-8973-3C63F2C4AA2B} - System32\Tasks\{CA9037E5-0B6D-4BF5-B111-CC14C7C80AA7} => D:\Games\Warcraft III\w3l.exe [2009-08-13] (http://w3l.info.tm)
Task: {4C85F90E-FEB5-445C-81D1-C6AEE751E184} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-02] (Google Inc.)
Task: {81B1624D-8FDD-428A-AF17-F5CCE7847F27} - System32\Tasks\AIRecoveryRemind => C:\Program Files (x86)\ASUS\AI Recovery\AIRecoveryRemind.exe [2011-11-24] (ASUSTek Computer Inc.)
Task: {AED718A1-9D2E-4B4D-893F-F51B4FB73DCA} - System32\Tasks\ASUS SmartLogon Console Sensor => C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe [2011-10-03] (ASUS)
Task: {CD27D797-A17D-4ABD-8987-290CF05050CD} - System32\Tasks\HPCustParticipation HP Deskjet 4620 series => C:\Program Files\HP\HP Deskjet 4620 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {EA33B07E-6A0F-4039-A626-0B1691360B87} - System32\Tasks\ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2011-12-06] (ASUS)
Task: {F058A17E-808C-4E17-930C-FE6F313C6E6B} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2011-11-15] (ASUS)
Task: {FF52A5B8-7F01-411C-8313-E44A298FCFCA} - System32\Tasks\Toolbox.exe_{33CAD166-D284-457A-BAF5-97924DFF5F6D} => C:\Program Files\HP\HP Deskjet 4620 series\Bin\Toolbox.exe [2012-10-17] (Hewlett-Packard Co.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-01-06 09:46 - 2003-04-18 19:06 - 00008192 _____ () C:\Windows\SysWOW64\srvany.exe
2012-01-06 09:46 - 2010-04-10 09:03 - 00077824 _____ () C:\Windows\KMService.exe
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2011-12-12 00:27 - 2011-05-28 22:05 - 00164864 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2010-07-14 16:11 - 2010-07-14 16:11 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2011-07-06 20:29 - 2011-05-24 07:16 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2011-12-06 16:21 - 2011-12-06 16:21 - 00009216 _____ () C:\Program Files (x86)\ASUS\Splendid\GLCDdll.dll
2011-08-17 15:37 - 2011-08-17 15:37 - 00204800 _____ () C:\Program Files (x86)\asus\VirtualCamera\virtualCamera.ax
2011-12-23 11:20 - 2011-11-23 23:05 - 00921600 _____ () C:\Program Files (x86)\Yahoo!\Messenger\yui.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-02-14 15:46 - 2013-02-14 15:46 - 01044048 _____ () C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll
2011-09-13 13:33 - 2011-09-13 13:33 - 01163264 _____ () C:\Program Files (x86)\ASUS\Wireless Console 3\acAuth.dll
2009-11-03 04:20 - 2009-11-03 04:20 - 00619816 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
2009-11-03 04:23 - 2009-11-03 04:23 - 00013096 ____N () C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2014-09-05 08:30 - 2014-08-30 09:49 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\libglesv2.dll
2014-09-05 08:30 - 2014-08-30 09:49 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\libegl.dll
2014-09-05 08:30 - 2014-08-30 09:49 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\pdf.dll
2014-09-05 08:30 - 2014-08-30 09:49 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ppGoogleNaClPluginChrome.dll
2014-09-05 08:30 - 2014-08-30 09:49 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ffmpegsumo.dll
2010-01-22 03:19 - 2010-01-22 03:19 - 01015576 _____ () C:\Program Files (x86)\Nuance\PDF Reader\bin\Plug-ins\annot.zxt
2010-02-09 09:30 - 2010-02-09 09:30 - 00248088 _____ () C:\Program Files (x86)\Nuance\PDF Reader\bin\Plug-ins\banner.zxt
2010-01-22 03:19 - 2010-01-22 03:19 - 05626136 _____ () C:\Program Files (x86)\Nuance\PDF Reader\bin\Plug-ins\ZeonForm.zxt
2009-10-13 04:36 - 2009-10-13 04:36 - 00448792 _____ () C:\Program Files (x86)\Nuance\PDF Reader\bin\Plug-ins\ZDigSig.zxt
2009-10-13 04:36 - 2009-10-13 04:36 - 00534808 _____ () C:\Program Files (x86)\Nuance\PDF Reader\bin\Plug-ins\PPKLite.zxt
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupreg: ASUS Screen Saver Protector => C:\Windows\AsScrPro.exe
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: RtHDVCpl => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
 
==================== Faulty Device Manager Devices =============
 
Name: Officejet 4500 G510g-m
Description: Officejet 4500 G510g-m
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Deskjet 4620 series
Description: Deskjet 4620 series
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service: 
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: Officejet 4500 G510g-m
Description: Officejet 4500 G510g-m
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: HP
Service: StillCam
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/10/2014 11:04:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: cmmefr.exe, version: 0.0.0.0, time stamp: 0x502ee689
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc00000fd
Fault offset: 0x747ee4a4
Faulting process id: 0xf80
Faulting application start time: 0xcmmefr.exe0
Faulting application path: cmmefr.exe1
Faulting module path: cmmefr.exe2
Report Id: cmmefr.exe3
 
Error: (09/09/2014 08:33:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: cmmefr.exe, version: 0.0.0.0, time stamp: 0x502ee689
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc00000fd
Fault offset: 0x7512e4a4
Faulting process id: 0x1d8
Faulting application start time: 0xcmmefr.exe0
Faulting application path: cmmefr.exe1
Faulting module path: cmmefr.exe2
Report Id: cmmefr.exe3
 
Error: (09/08/2014 08:19:59 AM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: The backup was not successful. The error is: There is not enough space on this drive to save the backup. Free up space by deleting older backups and unnecessary data or change your backup settings. (0x81000005).
 
Error: (09/02/2014 08:44:52 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved
 
Error: (09/01/2014 09:14:13 AM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: The backup was not successful. The error is: There is not enough space on this drive to save the backup. Free up space by deleting older backups and unnecessary data or change your backup settings. (0x81000005).
 
Error: (08/09/2014 09:23:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 6.1.7601.17567, time stamp: 0x4d672ee4
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000008
Fault offset: 0x00000000000cd7e8
Faulting process id: 0x444
Faulting application start time: 0xExplorer.EXE0
Faulting application path: Explorer.EXE1
Faulting module path: Explorer.EXE2
Report Id: Explorer.EXE3
 
Error: (07/11/2014 08:19:55 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
 
Error: (07/02/2014 05:36:21 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
 
Error: (07/02/2014 09:20:21 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
 
Error: (06/30/2014 07:28:17 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
 
 
System errors:
=============
Error: (09/10/2014 08:55:50 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (09/09/2014 08:18:02 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (09/08/2014 08:05:12 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (09/06/2014 09:19:00 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (09/05/2014 05:31:17 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
 
Error: (09/05/2014 08:21:17 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (09/04/2014 08:28:00 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (09/03/2014 08:07:18 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (09/02/2014 08:36:29 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
Error: (09/01/2014 08:41:32 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalLaunch{C97FCC79-E628-407D-AE68-A06AD6D8B4D1}{344ED43D-D086-4961-86A6-1106F4ACAD9B}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)
 
 
Microsoft Office Sessions:
=========================
Error: (09/10/2014 11:04:57 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: cmmefr.exe0.0.0.0502ee689unknown0.0.0.000000000c00000fd747ee4a4f8001cfcc9a39b5f0bfC:\Users\Andrew\AppData\Roaming\cmmefr.exeunknowna02a8989-389f-11e4-9447-742f6882ba64
 
Error: (09/09/2014 08:33:25 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: cmmefr.exe0.0.0.0502ee689unknown0.0.0.000000000c00000fd7512e4a41d801cfcbcbc8161883C:\Users\Andrew\AppData\Roaming\cmmefr.exeunknown4a41e1b4-37c1-11e4-87cf-742f6882ba64
 
Error: (09/08/2014 08:19:59 AM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: There is not enough space on this drive to save the backup. Free up space by deleting older backups and unnecessary data or change your backup settings. (0x81000005)
 
Error: (09/02/2014 08:44:52 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: The server name or address could not be resolved
 
Error: (09/01/2014 09:14:13 AM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: There is not enough space on this drive to save the backup. Free up space by deleting older backups and unnecessary data or change your backup settings. (0x81000005)
 
Error: (08/09/2014 09:23:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Explorer.EXE6.1.7601.175674d672ee4ntdll.dll6.1.7601.18247521eaf24c000000800000000000cd7e844401cfb3732c1e4e88C:\Windows\Explorer.EXEC:\Windows\SYSTEM32\ntdll.dll360da334-1f6c-11e4-a8cc-742f6882ba64
 
Error: (07/11/2014 08:19:55 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
 
Error: (07/02/2014 05:36:21 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
 
Error: (07/02/2014 09:20:21 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
 
Error: (06/30/2014 07:28:17 PM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Pentium® CPU B950 @ 2.10GHz
Percentage of memory in use: 55%
Total physical RAM: 4001.15 MB
Available physical RAM: 1778.45 MB
Total Pagefile: 8000.48 MB
Available Pagefile: 5540.79 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:123.92 GB) (Free:61.58 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:149.17 GB) (Free:0.01 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 298.1 GB) (Disk ID: F3C6F6A7)
Partition 1: (Not Active) - (Size=25 GB) - (Type=1C)
Partition 2: (Active) - (Size=123.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=149.2 GB) - (Type=OF Extended)
 
==================== End Of Log ============================


#5 Bootsektor

Bootsektor

  • Malware Response Team
  • 216 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Northern Germany
  • Local time:10:07 AM

Posted 11 September 2014 - 04:49 AM

Hello,

do you have any antivirusprogram installed and do you use a port for your internetconnection?

Please perform the following steps. :)
Step 1
Please visit this webpage and read the ComboFix User's Guide:

  • Once you've read the article and are ready to use the program you can download it directly from the link below.
  • Important! - Please make sure you save combofix to your desktop and do not run it from your browser
  • Direct download link for: ComboFix.exe
  • Please make sure you disable your security applications before running ComboFix.
  • Once Combofix has completed it will produce and open a log file. Please be patient as it can take some time to load.
  • Please copy/paste the contents to your next reply.
  • If needed the file can be located here: C:\combofix.txt
  • NOTE: If you receive the message "illegal operation has been attempted on a registry key that has been marked for deletion", just reboot the computer.

Step 2
Please download Farbar Service Scanner and run it on the computer with the issue.


  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

Step 3
Please restart FRST.

  • Leave the settings unchanged and press Scan.
  • When the scan is finished, a new logfile FRST.txt will be created and saved on your desktop.
  • Please post the content of the logfile here in your thread.

regards,

 

Sandra


#6 hamkiez

hamkiez
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:07 PM

Posted 12 September 2014 - 01:31 AM

Dear Sandra,

 

Sorry that I forgot to mention my name. It's Andrew and thanks for all the reply so far.  :lol: . For internet connection, I use LAN cable, as for antivirus I do have an expired Mcafee AV. 

 

Below is the Log from ComboFix

 

ComboFix 14-09-12.01 - Andrew 09/12/2014  13:05:47.1.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4001.1995 [GMT 7:00]
Running from: c:\users\Andrew\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Andrew\AppData\Local\Microsoft\Windows\Temporary Internet Files\{08B45524-43B7-46CF-AC7E-B36231472778}.xps
c:\users\Andrew\AppData\Local\Microsoft\Windows\Temporary Internet Files\{1627E0E4-225D-4C4D-ABB4-B33F61CC82DE}.xps
c:\users\Andrew\AppData\Local\Microsoft\Windows\Temporary Internet Files\{1CCAC0BB-75D8-490D-972B-2701591220CB}.xps
c:\users\Andrew\AppData\Local\Microsoft\Windows\Temporary Internet Files\{471A47A0-06EF-48C8-95EB-9160800BA56D}.xps
c:\users\Andrew\AppData\Local\Microsoft\Windows\Temporary Internet Files\{679374CF-C559-4646-B594-B0F0F39771F8}.xps
c:\users\Andrew\AppData\Local\Microsoft\Windows\Temporary Internet Files\{6A8A35CE-8429-42E3-A2A1-9A1E757FC2E8}.xps
c:\users\Andrew\AppData\Local\Microsoft\Windows\Temporary Internet Files\{79B52E78-3988-48A6-AF0F-AF073BF1F401}.xps
c:\users\Andrew\AppData\Local\Microsoft\Windows\Temporary Internet Files\{7E537450-1F93-4785-9F6A-2CA27B9E4639}.xps
c:\users\Andrew\AppData\Local\Microsoft\Windows\Temporary Internet Files\{8BCB43C8-FD0B-43A1-9790-E9407E3CC44A}.xps
c:\users\Andrew\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A3DED6B5-795F-4863-87FE-B8C0B51A5201}.xps
c:\users\Andrew\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A83AB7FD-153F-4F52-904B-803FFF775ACC}.xps
c:\users\Andrew\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A8801324-071E-47AE-A55E-AC91005331BF}.xps
c:\users\Andrew\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B03816DB-86DD-41F9-9A8A-1966EE64FAE8}.xps
c:\users\Andrew\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B64AF366-7B03-4C5A-8AA8-116E0DE44D07}.xps
c:\users\Andrew\AppData\Local\Microsoft\Windows\Temporary Internet Files\{BAF2EC8F-99E3-452F-9D3B-5EED04CEEFF8}.xps
c:\users\Andrew\AppData\Local\Microsoft\Windows\Temporary Internet Files\{BF6B9BF3-4892-4DC4-910D-72B07DD454D1}.xps
c:\users\Andrew\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C9DB9E46-681E-481D-A567-C0E33010887B}.xps
c:\users\Andrew\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D6E859B2-FDC5-4634-9835-56113D88FA9A}.xps
c:\users\Andrew\AppData\Local\Microsoft\Windows\Temporary Internet Files\{D9D5538B-0586-48B5-B2C7-10412D8E1AB5}.xps
c:\users\Andrew\AppData\Local\Microsoft\Windows\Temporary Internet Files\{F1853B84-CE29-4C1E-8DE8-90C5D4E91008}.xps
c:\users\Andrew\AppData\Local\Microsoft\Windows\Temporary Internet Files\{FD76FF24-4DE2-4C6E-948D-F11FA7230ED7}.xps
c:\users\Andrew\AppData\Roaming\1056.exe
c:\users\Andrew\AppData\Roaming\10AC.exe
c:\users\Andrew\AppData\Roaming\1133.exe
c:\users\Andrew\AppData\Roaming\118D.exe
c:\users\Andrew\AppData\Roaming\11A2.exe
c:\users\Andrew\AppData\Roaming\11A9.exe
c:\users\Andrew\AppData\Roaming\1269.exe
c:\users\Andrew\AppData\Roaming\12A0.exe
c:\users\Andrew\AppData\Roaming\12A6.exe
c:\users\Andrew\AppData\Roaming\12EF.exe
c:\users\Andrew\AppData\Roaming\139A.exe
c:\users\Andrew\AppData\Roaming\139E.exe
c:\users\Andrew\AppData\Roaming\13DA.exe
c:\users\Andrew\AppData\Roaming\1477.exe
c:\users\Andrew\AppData\Roaming\15C.exe
c:\users\Andrew\AppData\Roaming\16BD.exe
c:\users\Andrew\AppData\Roaming\1729.exe
c:\users\Andrew\AppData\Roaming\1738.exe
c:\users\Andrew\AppData\Roaming\17CC.exe
c:\users\Andrew\AppData\Roaming\18B4.exe
c:\users\Andrew\AppData\Roaming\18C7.exe
c:\users\Andrew\AppData\Roaming\18CE.exe
c:\users\Andrew\AppData\Roaming\18D4.exe
c:\users\Andrew\AppData\Roaming\18EC.exe
c:\users\Andrew\AppData\Roaming\1979.exe
c:\users\Andrew\AppData\Roaming\1A43.exe
c:\users\Andrew\AppData\Roaming\1ADF.exe
c:\users\Andrew\AppData\Roaming\1B40.exe
c:\users\Andrew\AppData\Roaming\1B53.exe
c:\users\Andrew\AppData\Roaming\1B96.exe
c:\users\Andrew\AppData\Roaming\1BCC.exe
c:\users\Andrew\AppData\Roaming\1BFA.exe
c:\users\Andrew\AppData\Roaming\1C5B.exe
c:\users\Andrew\AppData\Roaming\1CA5.exe
c:\users\Andrew\AppData\Roaming\1D0A.exe
c:\users\Andrew\AppData\Roaming\1D11.exe
c:\users\Andrew\AppData\Roaming\1D7E.exe
c:\users\Andrew\AppData\Roaming\1DA8.exe
c:\users\Andrew\AppData\Roaming\1E2E.exe
c:\users\Andrew\AppData\Roaming\1E35.exe
c:\users\Andrew\AppData\Roaming\1F16.exe
c:\users\Andrew\AppData\Roaming\1F77.exe
c:\users\Andrew\AppData\Roaming\206.exe
c:\users\Andrew\AppData\Roaming\2080.exe
c:\users\Andrew\AppData\Roaming\2094.exe
c:\users\Andrew\AppData\Roaming\218C.exe
c:\users\Andrew\AppData\Roaming\21B7.exe
c:\users\Andrew\AppData\Roaming\21FC.exe
c:\users\Andrew\AppData\Roaming\2210.exe
c:\users\Andrew\AppData\Roaming\22D9.exe
c:\users\Andrew\AppData\Roaming\230.exe
c:\users\Andrew\AppData\Roaming\230C.exe
c:\users\Andrew\AppData\Roaming\23BD.exe
c:\users\Andrew\AppData\Roaming\24A1.exe
c:\users\Andrew\AppData\Roaming\2510.exe
c:\users\Andrew\AppData\Roaming\2564.exe
c:\users\Andrew\AppData\Roaming\25AA.exe
c:\users\Andrew\AppData\Roaming\260F.exe
c:\users\Andrew\AppData\Roaming\2629.exe
c:\users\Andrew\AppData\Roaming\26C8.exe
c:\users\Andrew\AppData\Roaming\279C.exe
c:\users\Andrew\AppData\Roaming\2888.exe
c:\users\Andrew\AppData\Roaming\28B7.exe
c:\users\Andrew\AppData\Roaming\2923.exe
c:\users\Andrew\AppData\Roaming\29CA.exe
c:\users\Andrew\AppData\Roaming\2A9E.exe
c:\users\Andrew\AppData\Roaming\2AC3.exe
c:\users\Andrew\AppData\Roaming\2AF3.exe
c:\users\Andrew\AppData\Roaming\2B09.exe
c:\users\Andrew\AppData\Roaming\2BA2.exe
c:\users\Andrew\AppData\Roaming\2BD2.exe
c:\users\Andrew\AppData\Roaming\2BE.exe
c:\users\Andrew\AppData\Roaming\2D1B.exe
c:\users\Andrew\AppData\Roaming\2D30.exe
c:\users\Andrew\AppData\Roaming\2D88.exe
c:\users\Andrew\AppData\Roaming\2DF3.exe
c:\users\Andrew\AppData\Roaming\2E61.exe
c:\users\Andrew\AppData\Roaming\2E88.exe
c:\users\Andrew\AppData\Roaming\2F49.exe
c:\users\Andrew\AppData\Roaming\2FD6.exe
c:\users\Andrew\AppData\Roaming\3208.exe
c:\users\Andrew\AppData\Roaming\3237.exe
c:\users\Andrew\AppData\Roaming\32C3.exe
c:\users\Andrew\AppData\Roaming\34B8.exe
c:\users\Andrew\AppData\Roaming\3511.exe
c:\users\Andrew\AppData\Roaming\35B1.exe
c:\users\Andrew\AppData\Roaming\35E0.exe
c:\users\Andrew\AppData\Roaming\368D.exe
c:\users\Andrew\AppData\Roaming\36DD.exe
c:\users\Andrew\AppData\Roaming\3774.exe
c:\users\Andrew\AppData\Roaming\37C3.exe
c:\users\Andrew\AppData\Roaming\37DF.exe
c:\users\Andrew\AppData\Roaming\3802.exe
c:\users\Andrew\AppData\Roaming\38B.exe
c:\users\Andrew\AppData\Roaming\3989.exe
c:\users\Andrew\AppData\Roaming\3A27.exe
c:\users\Andrew\AppData\Roaming\3A3A.exe
c:\users\Andrew\AppData\Roaming\3A53.exe
c:\users\Andrew\AppData\Roaming\3AC2.exe
c:\users\Andrew\AppData\Roaming\3AC3.exe
c:\users\Andrew\AppData\Roaming\3AD9.exe
c:\users\Andrew\AppData\Roaming\3B79.exe
c:\users\Andrew\AppData\Roaming\3CA1.exe
c:\users\Andrew\AppData\Roaming\3CFE.exe
c:\users\Andrew\AppData\Roaming\3D61.exe
c:\users\Andrew\AppData\Roaming\3D6F.exe
c:\users\Andrew\AppData\Roaming\3D8F.exe
c:\users\Andrew\AppData\Roaming\3DBF.exe
c:\users\Andrew\AppData\Roaming\3E2B.exe
c:\users\Andrew\AppData\Roaming\3E7.exe
c:\users\Andrew\AppData\Roaming\3E85.exe
c:\users\Andrew\AppData\Roaming\3F0.exe
c:\users\Andrew\AppData\Roaming\3FA2.exe
c:\users\Andrew\AppData\Roaming\403D.exe
c:\users\Andrew\AppData\Roaming\40C.exe
c:\users\Andrew\AppData\Roaming\4184.exe
c:\users\Andrew\AppData\Roaming\426B.exe
c:\users\Andrew\AppData\Roaming\42C3.exe
c:\users\Andrew\AppData\Roaming\4358.exe
c:\users\Andrew\AppData\Roaming\43D1.exe
c:\users\Andrew\AppData\Roaming\4450.exe
c:\users\Andrew\AppData\Roaming\44BD.exe
c:\users\Andrew\AppData\Roaming\44BE.exe
c:\users\Andrew\AppData\Roaming\44ED.exe
c:\users\Andrew\AppData\Roaming\4530.exe
c:\users\Andrew\AppData\Roaming\45A3.exe
c:\users\Andrew\AppData\Roaming\45BB.exe
c:\users\Andrew\AppData\Roaming\45DC.exe
c:\users\Andrew\AppData\Roaming\46B0.exe
c:\users\Andrew\AppData\Roaming\473D.exe
c:\users\Andrew\AppData\Roaming\4790.exe
c:\users\Andrew\AppData\Roaming\480F.exe
c:\users\Andrew\AppData\Roaming\4A2C.exe
c:\users\Andrew\AppData\Roaming\4A4B.exe
c:\users\Andrew\AppData\Roaming\4B42.exe
c:\users\Andrew\AppData\Roaming\4BAF.exe
c:\users\Andrew\AppData\Roaming\4C9B.exe
c:\users\Andrew\AppData\Roaming\4CB8.exe
c:\users\Andrew\AppData\Roaming\4D69.exe
c:\users\Andrew\AppData\Roaming\4EF1.exe
c:\users\Andrew\AppData\Roaming\4EF9.exe
c:\users\Andrew\AppData\Roaming\4F41.exe
c:\users\Andrew\AppData\Roaming\4F8F.exe
c:\users\Andrew\AppData\Roaming\4FA6.exe
c:\users\Andrew\AppData\Roaming\4FF8.exe
c:\users\Andrew\AppData\Roaming\5008.exe
c:\users\Andrew\AppData\Roaming\5102.exe
c:\users\Andrew\AppData\Roaming\5132.exe
c:\users\Andrew\AppData\Roaming\5152.exe
c:\users\Andrew\AppData\Roaming\5166.exe
c:\users\Andrew\AppData\Roaming\51ED.exe
c:\users\Andrew\AppData\Roaming\5244.exe
c:\users\Andrew\AppData\Roaming\5314.exe
c:\users\Andrew\AppData\Roaming\537E.exe
c:\users\Andrew\AppData\Roaming\544A.exe
c:\users\Andrew\AppData\Roaming\5468.exe
c:\users\Andrew\AppData\Roaming\547D.exe
c:\users\Andrew\AppData\Roaming\549.exe
c:\users\Andrew\AppData\Roaming\54C9.exe
c:\users\Andrew\AppData\Roaming\54CE.exe
c:\users\Andrew\AppData\Roaming\5505.exe
c:\users\Andrew\AppData\Roaming\552B.exe
c:\users\Andrew\AppData\Roaming\5533.exe
c:\users\Andrew\AppData\Roaming\5572.exe
c:\users\Andrew\AppData\Roaming\55C0.exe
c:\users\Andrew\AppData\Roaming\55CF.exe
c:\users\Andrew\AppData\Roaming\563B.exe
c:\users\Andrew\AppData\Roaming\56A7.exe
c:\users\Andrew\AppData\Roaming\5714.exe
c:\users\Andrew\AppData\Roaming\5814.exe
c:\users\Andrew\AppData\Roaming\5817.exe
c:\users\Andrew\AppData\Roaming\5835.exe
c:\users\Andrew\AppData\Roaming\585F.exe
c:\users\Andrew\AppData\Roaming\58D6.exe
c:\users\Andrew\AppData\Roaming\58E8.exe
c:\users\Andrew\AppData\Roaming\5949.exe
c:\users\Andrew\AppData\Roaming\5A3.exe
c:\users\Andrew\AppData\Roaming\5AB1.exe
c:\users\Andrew\AppData\Roaming\5AEC.exe
c:\users\Andrew\AppData\Roaming\5AF5.exe
c:\users\Andrew\AppData\Roaming\5D1C.exe
c:\users\Andrew\AppData\Roaming\5D4B.exe
c:\users\Andrew\AppData\Roaming\5DBF.exe
c:\users\Andrew\AppData\Roaming\5DC8.exe
c:\users\Andrew\AppData\Roaming\5F3A.exe
c:\users\Andrew\AppData\Roaming\602C.exe
c:\users\Andrew\AppData\Roaming\607A.exe
c:\users\Andrew\AppData\Roaming\60FA.exe
c:\users\Andrew\AppData\Roaming\612.exe
c:\users\Andrew\AppData\Roaming\6181.exe
c:\users\Andrew\AppData\Roaming\6190.exe
c:\users\Andrew\AppData\Roaming\61A0.exe
c:\users\Andrew\AppData\Roaming\6201.exe
c:\users\Andrew\AppData\Roaming\6214.exe
c:\users\Andrew\AppData\Roaming\62A3.exe
c:\users\Andrew\AppData\Roaming\62DF.exe
c:\users\Andrew\AppData\Roaming\62F.exe
c:\users\Andrew\AppData\Roaming\63D1.exe
c:\users\Andrew\AppData\Roaming\645E.exe
c:\users\Andrew\AppData\Roaming\64EE.exe
c:\users\Andrew\AppData\Roaming\6559.exe
c:\users\Andrew\AppData\Roaming\66F1.exe
c:\users\Andrew\AppData\Roaming\6770.exe
c:\users\Andrew\AppData\Roaming\6868.exe
c:\users\Andrew\AppData\Roaming\6890.exe
c:\users\Andrew\AppData\Roaming\68AA.exe
c:\users\Andrew\AppData\Roaming\69F0.exe
c:\users\Andrew\AppData\Roaming\6D10.exe
c:\users\Andrew\AppData\Roaming\6D31.exe
c:\users\Andrew\AppData\Roaming\6D52.exe
c:\users\Andrew\AppData\Roaming\6DDD.exe
c:\users\Andrew\AppData\Roaming\6E4D.exe
c:\users\Andrew\AppData\Roaming\6E8C.exe
c:\users\Andrew\AppData\Roaming\6ECB.exe
c:\users\Andrew\AppData\Roaming\6ED9.exe
c:\users\Andrew\AppData\Roaming\6F2F.exe
c:\users\Andrew\AppData\Roaming\6FE3.exe
c:\users\Andrew\AppData\Roaming\711F.exe
c:\users\Andrew\AppData\Roaming\72E.exe
c:\users\Andrew\AppData\Roaming\734C.exe
c:\users\Andrew\AppData\Roaming\7355.exe
c:\users\Andrew\AppData\Roaming\7414.exe
c:\users\Andrew\AppData\Roaming\754F.exe
c:\users\Andrew\AppData\Roaming\755D.exe
c:\users\Andrew\AppData\Roaming\7585.exe
c:\users\Andrew\AppData\Roaming\75A1.exe
c:\users\Andrew\AppData\Roaming\75AE.exe
c:\users\Andrew\AppData\Roaming\75DA.exe
c:\users\Andrew\AppData\Roaming\761A.exe
c:\users\Andrew\AppData\Roaming\766B.exe
c:\users\Andrew\AppData\Roaming\76B2.exe
c:\users\Andrew\AppData\Roaming\76CB.exe
c:\users\Andrew\AppData\Roaming\76ED.exe
c:\users\Andrew\AppData\Roaming\773F.exe
c:\users\Andrew\AppData\Roaming\79D8.exe
c:\users\Andrew\AppData\Roaming\7ADB.exe
c:\users\Andrew\AppData\Roaming\7AF.exe
c:\users\Andrew\AppData\Roaming\7B29.exe
c:\users\Andrew\AppData\Roaming\7BC6.exe
c:\users\Andrew\AppData\Roaming\7BF3.exe
c:\users\Andrew\AppData\Roaming\7C7E.exe
c:\users\Andrew\AppData\Roaming\7CD.exe
c:\users\Andrew\AppData\Roaming\7F6E.exe
c:\users\Andrew\AppData\Roaming\80AA.exe
c:\users\Andrew\AppData\Roaming\8112.exe
c:\users\Andrew\AppData\Roaming\81CE.exe
c:\users\Andrew\AppData\Roaming\81D3.exe
c:\users\Andrew\AppData\Roaming\8284.exe
c:\users\Andrew\AppData\Roaming\836.exe
c:\users\Andrew\AppData\Roaming\84B3.exe
c:\users\Andrew\AppData\Roaming\84BB.exe
c:\users\Andrew\AppData\Roaming\84F.exe
c:\users\Andrew\AppData\Roaming\8550.exe
c:\users\Andrew\AppData\Roaming\85B3.exe
c:\users\Andrew\AppData\Roaming\899A.exe
c:\users\Andrew\AppData\Roaming\8A2F.exe
c:\users\Andrew\AppData\Roaming\8A56.exe
c:\users\Andrew\AppData\Roaming\8AE2.exe
c:\users\Andrew\AppData\Roaming\8AE3.exe
c:\users\Andrew\AppData\Roaming\8BAD.exe
c:\users\Andrew\AppData\Roaming\8C0F.exe
c:\users\Andrew\AppData\Roaming\8D8F.exe
c:\users\Andrew\AppData\Roaming\8E6.exe
c:\users\Andrew\AppData\Roaming\8E79.exe
c:\users\Andrew\AppData\Roaming\8E80.exe
c:\users\Andrew\AppData\Roaming\8F49.exe
c:\users\Andrew\AppData\Roaming\8F91.exe
c:\users\Andrew\AppData\Roaming\917F.exe
c:\users\Andrew\AppData\Roaming\91DB.exe
c:\users\Andrew\AppData\Roaming\9201.exe
c:\users\Andrew\AppData\Roaming\923E.exe
c:\users\Andrew\AppData\Roaming\924C.exe
c:\users\Andrew\AppData\Roaming\9261.exe
c:\users\Andrew\AppData\Roaming\9281.exe
c:\users\Andrew\AppData\Roaming\9316.exe
c:\users\Andrew\AppData\Roaming\939A.exe
c:\users\Andrew\AppData\Roaming\93C8.exe
c:\users\Andrew\AppData\Roaming\94C9.exe
c:\users\Andrew\AppData\Roaming\9500.exe
c:\users\Andrew\AppData\Roaming\9564.exe
c:\users\Andrew\AppData\Roaming\9640.exe
c:\users\Andrew\AppData\Roaming\9716.exe
c:\users\Andrew\AppData\Roaming\9723.exe
c:\users\Andrew\AppData\Roaming\9930.exe
c:\users\Andrew\AppData\Roaming\9980.exe
c:\users\Andrew\AppData\Roaming\9A92.exe
c:\users\Andrew\AppData\Roaming\9B17.exe
c:\users\Andrew\AppData\Roaming\9BD5.exe
c:\users\Andrew\AppData\Roaming\9BE5.exe
c:\users\Andrew\AppData\Roaming\9C47.exe
c:\users\Andrew\AppData\Roaming\9CC5.exe
c:\users\Andrew\AppData\Roaming\9D89.exe
c:\users\Andrew\AppData\Roaming\9D91.exe
c:\users\Andrew\AppData\Roaming\9DF9.exe
c:\users\Andrew\AppData\Roaming\9E51.exe
c:\users\Andrew\AppData\Roaming\9ED9.exe
c:\users\Andrew\AppData\Roaming\9EEC.exe
c:\users\Andrew\AppData\Roaming\9F5F.exe
c:\users\Andrew\AppData\Roaming\A02C.exe
c:\users\Andrew\AppData\Roaming\A0AE.exe
c:\users\Andrew\AppData\Roaming\A11.exe
c:\users\Andrew\AppData\Roaming\A220.exe
c:\users\Andrew\AppData\Roaming\A26.exe
c:\users\Andrew\AppData\Roaming\A2E.exe
c:\users\Andrew\AppData\Roaming\A2F2.tmp
c:\users\Andrew\AppData\Roaming\A3C4.exe
c:\users\Andrew\AppData\Roaming\A3EE.exe
c:\users\Andrew\AppData\Roaming\A47F.exe
c:\users\Andrew\AppData\Roaming\A4BB.exe
c:\users\Andrew\AppData\Roaming\A631.exe
c:\users\Andrew\AppData\Roaming\A69C.exe
c:\users\Andrew\AppData\Roaming\A6D.exe
c:\users\Andrew\AppData\Roaming\A75A.exe
c:\users\Andrew\AppData\Roaming\A794.exe
c:\users\Andrew\AppData\Roaming\A85A.exe
c:\users\Andrew\AppData\Roaming\A8EC.exe
c:\users\Andrew\AppData\Roaming\A9D8.exe
c:\users\Andrew\AppData\Roaming\AA63.exe
c:\users\Andrew\AppData\Roaming\AB9E.exe
c:\users\Andrew\AppData\Roaming\AC35.exe
c:\users\Andrew\AppData\Roaming\AC5D.exe
c:\users\Andrew\AppData\Roaming\ADB2.exe
c:\users\Andrew\AppData\Roaming\AEBD.exe
c:\users\Andrew\AppData\Roaming\AFA0.exe
c:\users\Andrew\AppData\Roaming\B06F.exe
c:\users\Andrew\AppData\Roaming\B0AE.exe
c:\users\Andrew\AppData\Roaming\B16.exe
c:\users\Andrew\AppData\Roaming\B1E8.exe
c:\users\Andrew\AppData\Roaming\B32B.exe
c:\users\Andrew\AppData\Roaming\B370.exe
c:\users\Andrew\AppData\Roaming\B3AD.exe
c:\users\Andrew\AppData\Roaming\B480.exe
c:\users\Andrew\AppData\Roaming\B536.exe
c:\users\Andrew\AppData\Roaming\B611.exe
c:\users\Andrew\AppData\Roaming\B6ED.exe
c:\users\Andrew\AppData\Roaming\B79D.exe
c:\users\Andrew\AppData\Roaming\B80B.exe
c:\users\Andrew\AppData\Roaming\B85D.exe
c:\users\Andrew\AppData\Roaming\B932.exe
c:\users\Andrew\AppData\Roaming\B94.exe
c:\users\Andrew\AppData\Roaming\BB69.exe
c:\users\Andrew\AppData\Roaming\BB7B.exe
c:\users\Andrew\AppData\Roaming\BC16.exe
c:\users\Andrew\AppData\Roaming\BCC9.exe
c:\users\Andrew\AppData\Roaming\BCCE.exe
c:\users\Andrew\AppData\Roaming\BD33.exe
c:\users\Andrew\AppData\Roaming\BDE3.exe
c:\users\Andrew\AppData\Roaming\BE07.exe
c:\users\Andrew\AppData\Roaming\BE0E.exe
c:\users\Andrew\AppData\Roaming\BE5C.exe
c:\users\Andrew\AppData\Roaming\BE9.exe
c:\users\Andrew\AppData\Roaming\C14.exe
c:\users\Andrew\AppData\Roaming\C225.exe
c:\users\Andrew\AppData\Roaming\C233.exe
c:\users\Andrew\AppData\Roaming\C28C.exe
c:\users\Andrew\AppData\Roaming\C32C.exe
c:\users\Andrew\AppData\Roaming\C3BA.exe
c:\users\Andrew\AppData\Roaming\C3F2.exe
c:\users\Andrew\AppData\Roaming\C456.exe
c:\users\Andrew\AppData\Roaming\C4B2.exe
c:\users\Andrew\AppData\Roaming\C4B3.exe
c:\users\Andrew\AppData\Roaming\C4E5.exe
c:\users\Andrew\AppData\Roaming\C554.exe
c:\users\Andrew\AppData\Roaming\C5E4.exe
c:\users\Andrew\AppData\Roaming\C628.exe
c:\users\Andrew\AppData\Roaming\C6DF.exe
c:\users\Andrew\AppData\Roaming\C813.exe
c:\users\Andrew\AppData\Roaming\C848.exe
c:\users\Andrew\AppData\Roaming\C8B0.exe
c:\users\Andrew\AppData\Roaming\C8FF.exe
c:\users\Andrew\AppData\Roaming\C9D.exe
c:\users\Andrew\AppData\Roaming\CA4B.exe
c:\users\Andrew\AppData\Roaming\CA75.exe
c:\users\Andrew\AppData\Roaming\CAFC.exe
c:\users\Andrew\AppData\Roaming\CB.exe
c:\users\Andrew\AppData\Roaming\CC17.exe
c:\users\Andrew\AppData\Roaming\CC23.exe
c:\users\Andrew\AppData\Roaming\CD09.exe
c:\users\Andrew\AppData\Roaming\CD8F.exe
c:\users\Andrew\AppData\Roaming\CE3D.exe
c:\users\Andrew\AppData\Roaming\CF6D.exe
c:\users\Andrew\AppData\Roaming\cmmefr.exe
c:\users\Andrew\AppData\Roaming\cntzpf.exe
c:\users\Andrew\AppData\Roaming\cpuxkt.exe
c:\users\Andrew\AppData\Roaming\cqjvvo.exe
c:\users\Andrew\AppData\Roaming\cszits.exe
c:\users\Andrew\AppData\Roaming\cvnrep.exe
c:\users\Andrew\AppData\Roaming\cvwvtv.exe
c:\users\Andrew\AppData\Roaming\D175.exe
c:\users\Andrew\AppData\Roaming\D18B.exe
c:\users\Andrew\AppData\Roaming\D199.exe
c:\users\Andrew\AppData\Roaming\D1CF.exe
c:\users\Andrew\AppData\Roaming\D2B.exe
c:\users\Andrew\AppData\Roaming\D2B9.exe
c:\users\Andrew\AppData\Roaming\D2DA.exe
c:\users\Andrew\AppData\Roaming\D38D.exe
c:\users\Andrew\AppData\Roaming\D3F0.exe
c:\users\Andrew\AppData\Roaming\D423.exe
c:\users\Andrew\AppData\Roaming\D42A.exe
c:\users\Andrew\AppData\Roaming\D42D.exe
c:\users\Andrew\AppData\Roaming\D437.exe
c:\users\Andrew\AppData\Roaming\D52F.exe
c:\users\Andrew\AppData\Roaming\D53C.exe
c:\users\Andrew\AppData\Roaming\D53F.exe
c:\users\Andrew\AppData\Roaming\D5D6.exe
c:\users\Andrew\AppData\Roaming\D632.exe
c:\users\Andrew\AppData\Roaming\D6AF.exe
c:\users\Andrew\AppData\Roaming\D7C0.exe
c:\users\Andrew\AppData\Roaming\D802.exe
c:\users\Andrew\AppData\Roaming\D825.exe
c:\users\Andrew\AppData\Roaming\D89.exe
c:\users\Andrew\AppData\Roaming\D8EC.exe
c:\users\Andrew\AppData\Roaming\DA60.exe
c:\users\Andrew\AppData\Roaming\DBAE.exe
c:\users\Andrew\AppData\Roaming\DBC5.exe
c:\users\Andrew\AppData\Roaming\DBCD.exe
c:\users\Andrew\AppData\Roaming\DBE4.exe
c:\users\Andrew\AppData\Roaming\dbszjq.exe
c:\users\Andrew\AppData\Roaming\DC54.exe
c:\users\Andrew\AppData\Roaming\DC9B.exe_btnig
c:\users\Andrew\AppData\Roaming\DD63.exe
c:\users\Andrew\AppData\Roaming\DE72.exe
c:\users\Andrew\AppData\Roaming\DF17.exe
c:\users\Andrew\AppData\Roaming\dnwzur.exe
c:\users\Andrew\AppData\Roaming\dwkhor.exe
c:\users\Andrew\AppData\Roaming\dwovfo.exe
c:\users\Andrew\AppData\Roaming\dxhdzi.exe
c:\users\Andrew\AppData\Roaming\dydxhe.exe
c:\users\Andrew\AppData\Roaming\E07E.exe
c:\users\Andrew\AppData\Roaming\E0B4.exe
c:\users\Andrew\AppData\Roaming\E10F.exe
c:\users\Andrew\AppData\Roaming\E16C.exe
c:\users\Andrew\AppData\Roaming\E189.exe
c:\users\Andrew\AppData\Roaming\E194.exe
c:\users\Andrew\AppData\Roaming\E30D.exe
c:\users\Andrew\AppData\Roaming\E340.exe
c:\users\Andrew\AppData\Roaming\E3DB.exe
c:\users\Andrew\AppData\Roaming\E40E.exe
c:\users\Andrew\AppData\Roaming\E4A4.exe
c:\users\Andrew\AppData\Roaming\E5DB.exe
c:\users\Andrew\AppData\Roaming\E704.exe
c:\users\Andrew\AppData\Roaming\E818.exe
c:\users\Andrew\AppData\Roaming\E843.exe
c:\users\Andrew\AppData\Roaming\E85B.exe
c:\users\Andrew\AppData\Roaming\E863.exe
c:\users\Andrew\AppData\Roaming\E975.exe
c:\users\Andrew\AppData\Roaming\EA39.exe
c:\users\Andrew\AppData\Roaming\EAB4.exe
c:\users\Andrew\AppData\Roaming\EB02.exe
c:\users\Andrew\AppData\Roaming\EB39.exe
c:\users\Andrew\AppData\Roaming\EB77.exe
c:\users\Andrew\AppData\Roaming\EC23.exe
c:\users\Andrew\AppData\Roaming\ECF2.exe
c:\users\Andrew\AppData\Roaming\ecmmos.exe
c:\users\Andrew\AppData\Roaming\EE4F.exe
c:\users\Andrew\AppData\Roaming\EE78.exe
c:\users\Andrew\AppData\Roaming\EEC7.exe
c:\users\Andrew\AppData\Roaming\EED8.exe
c:\users\Andrew\AppData\Roaming\EEFF.exe
c:\users\Andrew\AppData\Roaming\EF7E.exe
c:\users\Andrew\AppData\Roaming\efdvnx.exe
c:\users\Andrew\AppData\Roaming\EFF9.exe
c:\users\Andrew\AppData\Roaming\egywbh.exe
c:\users\Andrew\AppData\Roaming\ehdrdr.exe
c:\users\Andrew\AppData\Roaming\ehdrdr.exe_etlky
c:\users\Andrew\AppData\Roaming\ejrsth.exe
c:\users\Andrew\AppData\Roaming\eossnt.exe
c:\users\Andrew\AppData\Roaming\euwycj.exe
c:\users\Andrew\AppData\Roaming\exttvh.exe
c:\users\Andrew\AppData\Roaming\ezcari.exe
c:\users\Andrew\AppData\Roaming\F02C.exe
c:\users\Andrew\AppData\Roaming\F05B.exe
c:\users\Andrew\AppData\Roaming\F0FF.exe
c:\users\Andrew\AppData\Roaming\F187.exe
c:\users\Andrew\AppData\Roaming\F2CC.exe
c:\users\Andrew\AppData\Roaming\F2EA.exe_yehvs
c:\users\Andrew\AppData\Roaming\F307.exe
c:\users\Andrew\AppData\Roaming\F3D1.exe
c:\users\Andrew\AppData\Roaming\F43E.exe
c:\users\Andrew\AppData\Roaming\F46C.exe
c:\users\Andrew\AppData\Roaming\F648.exe
c:\users\Andrew\AppData\Roaming\F687.exe
c:\users\Andrew\AppData\Roaming\F7F4.exe
c:\users\Andrew\AppData\Roaming\F81.exe
c:\users\Andrew\AppData\Roaming\F88C.exe
c:\users\Andrew\AppData\Roaming\F90F.exe
c:\users\Andrew\AppData\Roaming\F91F.exe
c:\users\Andrew\AppData\Roaming\F928.exe
c:\users\Andrew\AppData\Roaming\F9FC.exe
c:\users\Andrew\AppData\Roaming\FAA5.exe
c:\users\Andrew\AppData\Roaming\FABD.exe
c:\users\Andrew\AppData\Roaming\FAC6.exe
c:\users\Andrew\AppData\Roaming\FB3.exe
c:\users\Andrew\AppData\Roaming\FB78.exe
c:\users\Andrew\AppData\Roaming\FCE.exe
c:\users\Andrew\AppData\Roaming\FCFD.exe
c:\users\Andrew\AppData\Roaming\FE3B.exe
c:\users\Andrew\AppData\Roaming\FF06.exe
c:\users\Andrew\AppData\Roaming\ffcmkk.exe
c:\users\Andrew\AppData\Roaming\ffeekp.exe
c:\users\Andrew\AppData\Roaming\FFF.exe
c:\users\Andrew\AppData\Roaming\fgtygw.exe
c:\users\Andrew\AppData\Roaming\fihjbf.exe
c:\users\Andrew\AppData\Roaming\fjuplh.exe
c:\users\Andrew\AppData\Roaming\fqdnka.exe
c:\users\Andrew\AppData\Roaming\fxbyzx.exe
c:\users\Andrew\AppData\Roaming\gfylyw.exe
c:\users\Andrew\AppData\Roaming\gkhrng.exe
c:\users\Andrew\AppData\Roaming\glxuty.exe
c:\users\Andrew\AppData\Roaming\gmsyxr.exe
c:\users\Andrew\AppData\Roaming\gmxdcv.exe
c:\users\Andrew\AppData\Roaming\guguzk.exe
c:\users\Andrew\AppData\Roaming\gwvdmq.exe
c:\users\Andrew\AppData\Roaming\hedhpn.exe
c:\users\Andrew\AppData\Roaming\hfmxpj.exe
c:\users\Andrew\AppData\Roaming\hgekya.exe
c:\users\Andrew\AppData\Roaming\hjgsty.exe
c:\users\Andrew\AppData\Roaming\hjymld.exe
c:\users\Andrew\AppData\Roaming\hkhkub.exe
c:\users\Andrew\AppData\Roaming\hntxoh.exe
c:\users\Andrew\AppData\Roaming\hppkqa.exe
c:\users\Andrew\AppData\Roaming\hqulxr.exe
c:\users\Andrew\AppData\Roaming\hualmy.exe
c:\users\Andrew\AppData\Roaming\huytmt.exe
c:\users\Andrew\AppData\Roaming\hvmtub.exe
c:\users\Andrew\AppData\Roaming\hvupeg.exe
c:\users\Andrew\AppData\Roaming\hzsmjj.exe_ryrzb
c:\users\Andrew\AppData\Roaming\iblpap.exe
c:\users\Andrew\AppData\Roaming\ijgndg.exe
c:\users\Andrew\AppData\Roaming\iltzpx.exe
c:\users\Andrew\AppData\Roaming\ilyqwj.exe
c:\users\Andrew\AppData\Roaming\jakbka.exe
c:\users\Andrew\AppData\Roaming\jaqghd.exe
c:\users\Andrew\AppData\Roaming\jbiyxb.exe_cgtqm
c:\users\Andrew\AppData\Roaming\jjtcxf.exe
c:\users\Andrew\AppData\Roaming\jlewci.exe
c:\users\Andrew\AppData\Roaming\jmuzug.exe
c:\users\Andrew\AppData\Roaming\jmvafx.exe
c:\users\Andrew\AppData\Roaming\jodqle.exe
c:\users\Andrew\AppData\Roaming\jvnyfb.exe
c:\users\Andrew\AppData\Roaming\jvpccl.exe
c:\users\Andrew\AppData\Roaming\jwgxit.exe
c:\users\Andrew\AppData\Roaming\jxjbnn.exe
c:\users\Andrew\AppData\Roaming\jygiwg.exe
c:\users\Andrew\AppData\Roaming\jzbayr.exe
c:\users\Andrew\AppData\Roaming\jzkqkg.exe
c:\users\Andrew\AppData\Roaming\kjaxqa.exe
c:\users\Andrew\AppData\Roaming\kmxmfc.exe
c:\users\Andrew\AppData\Roaming\ktpdxc.exe
c:\users\Andrew\AppData\Roaming\kttdgl.exe
c:\users\Andrew\AppData\Roaming\kvevbz.exe
c:\users\Andrew\AppData\Roaming\kvqmcv.exe
c:\users\Andrew\AppData\Roaming\kwosly.exe
c:\users\Andrew\AppData\Roaming\kyxabh.exe
c:\users\Andrew\AppData\Roaming\lagcxy.exe
c:\users\Andrew\AppData\Roaming\lcqslm.exe
c:\users\Andrew\AppData\Roaming\leapcs.exe
c:\users\Andrew\AppData\Roaming\lfuolq.exe
c:\users\Andrew\AppData\Roaming\lhaagu.exe
c:\users\Andrew\AppData\Roaming\lhdwob.exe
c:\users\Andrew\AppData\Roaming\ljfveo.exe_cgnao
c:\users\Andrew\AppData\Roaming\ljnicr.exe
c:\users\Andrew\AppData\Roaming\llpfev.exe
c:\users\Andrew\AppData\Roaming\lnqjvj.exe
c:\users\Andrew\AppData\Roaming\ltjxea.exe
c:\users\Andrew\AppData\Roaming\lwbczu.exe
c:\users\Andrew\AppData\Roaming\lweqmi.exe
c:\users\Andrew\AppData\Roaming\miubwz.exe
c:\users\Andrew\AppData\Roaming\mjvncn.exe
c:\users\Andrew\AppData\Roaming\mkbvmr.exe
c:\users\Andrew\AppData\Roaming\mkfwjg.exe
c:\users\Andrew\AppData\Roaming\mmqmoy.exe
c:\users\Andrew\AppData\Roaming\mtchft.exe
c:\users\Andrew\AppData\Roaming\muwmne.exe
c:\users\Andrew\AppData\Roaming\mvbryf.exe
c:\users\Andrew\AppData\Roaming\myjtvb.exe
c:\users\Andrew\AppData\Roaming\neilvn.exe
c:\users\Andrew\AppData\Roaming\nfifxw.exe
c:\users\Andrew\AppData\Roaming\nlqwop.exe
c:\users\Andrew\AppData\Roaming\nmnlzb.exe
c:\users\Andrew\AppData\Roaming\nmsrpj.exe
c:\users\Andrew\AppData\Roaming\nojlgd.exe
c:\users\Andrew\AppData\Roaming\nolnfl.exe
c:\users\Andrew\AppData\Roaming\nsvlnh.exe
c:\users\Andrew\AppData\Roaming\nyogmb.exe
c:\users\Andrew\AppData\Roaming\ofodze.exe
c:\users\Andrew\AppData\Roaming\ogktkb.exe_fieqe
c:\users\Andrew\AppData\Roaming\ohhwdm.exe
c:\users\Andrew\AppData\Roaming\omiyws.exe
c:\users\Andrew\AppData\Roaming\ovjvhz.exe
c:\users\Andrew\AppData\Roaming\pauxvm.exe
c:\users\Andrew\AppData\Roaming\pnrsea.exe
c:\users\Andrew\AppData\Roaming\prrnno.exe
c:\users\Andrew\AppData\Roaming\ptmugm.exe
c:\users\Andrew\AppData\Roaming\pwebnh.exe
c:\users\Andrew\AppData\Roaming\qdeufk.exe
c:\users\Andrew\AppData\Roaming\qimryv.exe_kzmgm
c:\users\Andrew\AppData\Roaming\qrpbig.exe
c:\users\Andrew\AppData\Roaming\quwkeo.exe
c:\users\Andrew\AppData\Roaming\qvspuf.exe
c:\users\Andrew\AppData\Roaming\qynaqb.exe
c:\users\Andrew\AppData\Roaming\qzwcso.exe
c:\users\Andrew\AppData\Roaming\qzxhox.exe
c:\users\Andrew\AppData\Roaming\rdqpsz.exe
c:\users\Andrew\AppData\Roaming\riiltx.exe
c:\users\Andrew\AppData\Roaming\rjzcxc.exe
c:\users\Andrew\AppData\Roaming\rnlfht.exe
c:\users\Andrew\AppData\Roaming\rqqjpe.exe
c:\users\Andrew\AppData\Roaming\rvyfld.exe
c:\users\Andrew\AppData\Roaming\rwzaqv.exe
c:\users\Andrew\AppData\Roaming\rzeend.exe
c:\users\Andrew\AppData\Roaming\rzqsgd.exe
c:\users\Andrew\AppData\Roaming\sbckvx.exe
c:\users\Andrew\AppData\Roaming\sdlkqg.exe
c:\users\Andrew\AppData\Roaming\sdmxyq.exe
c:\users\Andrew\AppData\Roaming\sirrak.exe
c:\users\Andrew\AppData\Roaming\sjjmnb.exe
c:\users\Andrew\AppData\Roaming\slnywo.exe
c:\users\Andrew\AppData\Roaming\sncufu.exe
c:\users\Andrew\AppData\Roaming\sqqbrx.exe
c:\users\Andrew\AppData\Roaming\srylfu.exe
c:\users\Andrew\AppData\Roaming\ssxfcr.exe
c:\users\Andrew\AppData\Roaming\stkffb.exe
c:\users\Andrew\AppData\Roaming\taqvjm.exe
c:\users\Andrew\AppData\Roaming\tcpzou.exe
c:\users\Andrew\AppData\Roaming\tdudyo.exe
c:\users\Andrew\AppData\Roaming\tdxsop.exe
c:\users\Andrew\AppData\Roaming\temp.bin
c:\users\Andrew\AppData\Roaming\tfsxbw.exe
c:\users\Andrew\AppData\Roaming\tjtmjr.exe
c:\users\Andrew\AppData\Roaming\tlzatq.exe
c:\users\Andrew\AppData\Roaming\tnoxyt.exe
c:\users\Andrew\AppData\Roaming\tqgtpq.exe
c:\users\Andrew\AppData\Roaming\tqrqmi.exe
c:\users\Andrew\AppData\Roaming\twijxt.exe
c:\users\Andrew\AppData\Roaming\txknzy.exe
c:\users\Andrew\AppData\Roaming\tylvds.exe
c:\users\Andrew\AppData\Roaming\uajqhy.exe
c:\users\Andrew\AppData\Roaming\ulpglb.exe
c:\users\Andrew\AppData\Roaming\vaiime.exe
c:\users\Andrew\AppData\Roaming\vicbxe.exe
c:\users\Andrew\AppData\Roaming\visbqe.exe
c:\users\Andrew\AppData\Roaming\vofcmw.exe
c:\users\Andrew\AppData\Roaming\voprbw.exe
c:\users\Andrew\AppData\Roaming\vsdpnl.exe
c:\users\Andrew\AppData\Roaming\vuonue.exe
c:\users\Andrew\AppData\Roaming\vvvyeq.exe
c:\users\Andrew\AppData\Roaming\wekkfn.exe
c:\users\Andrew\AppData\Roaming\wffacw.exe
c:\users\Andrew\AppData\Roaming\wkyofy.exe
c:\users\Andrew\AppData\Roaming\wnnnoy.exe
c:\users\Andrew\AppData\Roaming\wpwtml.exe
c:\users\Andrew\AppData\Roaming\wuilqx.exe
c:\users\Andrew\AppData\Roaming\xajanr.exe
c:\users\Andrew\AppData\Roaming\xdzuyf.exe
c:\users\Andrew\AppData\Roaming\xixnhj.exe
c:\users\Andrew\AppData\Roaming\xjvufh.exe
c:\users\Andrew\AppData\Roaming\xnnwou.exe
c:\users\Andrew\AppData\Roaming\xnqpym.exe
c:\users\Andrew\AppData\Roaming\xqplhx.exe
c:\users\Andrew\AppData\Roaming\xtzyvb.exe
c:\users\Andrew\AppData\Roaming\ydoufa.exe
c:\users\Andrew\AppData\Roaming\ygdknb.exe
c:\users\Andrew\AppData\Roaming\yqpmbw.exe
c:\users\Andrew\AppData\Roaming\zgnwgd.exe
c:\users\Andrew\AppData\Roaming\zkjvgf.exe
c:\users\Andrew\AppData\Roaming\zlbvmo.exe
c:\users\Andrew\AppData\Roaming\zmcxzd.exe
c:\users\Andrew\AppData\Roaming\zotdzj.exe
c:\users\Andrew\AppData\Roaming\zscttl.exe
c:\users\Andrew\AppData\Roaming\zskuuo.exe
c:\users\Andrew\AppData\Roaming\ztjxfs.exe
c:\users\Andrew\AppData\Roaming\zvtphq.exe
c:\users\Andrew\AppData\Roaming\zxoxul.exe
c:\users\Andrew\AppData\Roaming\zyddhx.exe
.
----- File Replicators -----
.
c:\users\Andrew\AppData\Roaming\1056.exe
c:\users\Andrew\AppData\Roaming\10AC.exe
c:\users\Andrew\AppData\Roaming\1133.exe
c:\users\Andrew\AppData\Roaming\118D.exe
c:\users\Andrew\AppData\Roaming\11A2.exe
c:\users\Andrew\AppData\Roaming\11A9.exe
c:\users\Andrew\AppData\Roaming\1269.exe
c:\users\Andrew\AppData\Roaming\12A0.exe
c:\users\Andrew\AppData\Roaming\12A6.exe
c:\users\Andrew\AppData\Roaming\12EF.exe
c:\users\Andrew\AppData\Roaming\139A.exe
c:\users\Andrew\AppData\Roaming\139E.exe
c:\users\Andrew\AppData\Roaming\13DA.exe
c:\users\Andrew\AppData\Roaming\1477.exe
c:\users\Andrew\AppData\Roaming\15C.exe
c:\users\Andrew\AppData\Roaming\16BD.exe
c:\users\Andrew\AppData\Roaming\1738.exe
c:\users\Andrew\AppData\Roaming\17CC.exe
c:\users\Andrew\AppData\Roaming\18B4.exe
c:\users\Andrew\AppData\Roaming\18C7.exe
c:\users\Andrew\AppData\Roaming\18CE.exe
c:\users\Andrew\AppData\Roaming\18D4.exe
c:\users\Andrew\AppData\Roaming\1979.exe
c:\users\Andrew\AppData\Roaming\1A43.exe
c:\users\Andrew\AppData\Roaming\1ADF.exe
c:\users\Andrew\AppData\Roaming\1B40.exe
c:\users\Andrew\AppData\Roaming\1B53.exe
c:\users\Andrew\AppData\Roaming\1B96.exe
c:\users\Andrew\AppData\Roaming\1BCC.exe
c:\users\Andrew\AppData\Roaming\1BFA.exe
c:\users\Andrew\AppData\Roaming\1C5B.exe
c:\users\Andrew\AppData\Roaming\1CA5.exe
c:\users\Andrew\AppData\Roaming\1D0A.exe
c:\users\Andrew\AppData\Roaming\1D11.exe
c:\users\Andrew\AppData\Roaming\1E2E.exe
c:\users\Andrew\AppData\Roaming\1E35.exe
c:\users\Andrew\AppData\Roaming\1F16.exe
c:\users\Andrew\AppData\Roaming\1F77.exe
c:\users\Andrew\AppData\Roaming\206.exe
c:\users\Andrew\AppData\Roaming\2080.exe
c:\users\Andrew\AppData\Roaming\2094.exe
c:\users\Andrew\AppData\Roaming\218C.exe
c:\users\Andrew\AppData\Roaming\2210.exe
c:\users\Andrew\AppData\Roaming\22D9.exe
c:\users\Andrew\AppData\Roaming\230.exe
c:\users\Andrew\AppData\Roaming\230C.exe
c:\users\Andrew\AppData\Roaming\23BD.exe
c:\users\Andrew\AppData\Roaming\24A1.exe
c:\users\Andrew\AppData\Roaming\2510.exe
c:\users\Andrew\AppData\Roaming\2564.exe
c:\users\Andrew\AppData\Roaming\25AA.exe
c:\users\Andrew\AppData\Roaming\260F.exe
c:\users\Andrew\AppData\Roaming\2629.exe
c:\users\Andrew\AppData\Roaming\26C8.exe
c:\users\Andrew\AppData\Roaming\279C.exe
c:\users\Andrew\AppData\Roaming\2888.exe
c:\users\Andrew\AppData\Roaming\28B7.exe
c:\users\Andrew\AppData\Roaming\2923.exe
c:\users\Andrew\AppData\Roaming\29CA.exe
c:\users\Andrew\AppData\Roaming\2A9E.exe
c:\users\Andrew\AppData\Roaming\2AC3.exe
c:\users\Andrew\AppData\Roaming\2AF3.exe
c:\users\Andrew\AppData\Roaming\2BA2.exe
c:\users\Andrew\AppData\Roaming\2BD2.exe
c:\users\Andrew\AppData\Roaming\2BE.exe
c:\users\Andrew\AppData\Roaming\2D1B.exe
c:\users\Andrew\AppData\Roaming\2D30.exe
c:\users\Andrew\AppData\Roaming\2D88.exe
c:\users\Andrew\AppData\Roaming\2DF3.exe
c:\users\Andrew\AppData\Roaming\2E88.exe
c:\users\Andrew\AppData\Roaming\2F49.exe
c:\users\Andrew\AppData\Roaming\3208.exe
c:\users\Andrew\AppData\Roaming\3237.exe
c:\users\Andrew\AppData\Roaming\34B8.exe
c:\users\Andrew\AppData\Roaming\3511.exe
c:\users\Andrew\AppData\Roaming\35B1.exe
c:\users\Andrew\AppData\Roaming\35E0.exe
c:\users\Andrew\AppData\Roaming\368D.exe
c:\users\Andrew\AppData\Roaming\36DD.exe
c:\users\Andrew\AppData\Roaming\3774.exe
c:\users\Andrew\AppData\Roaming\37C3.exe
c:\users\Andrew\AppData\Roaming\37DF.exe
c:\users\Andrew\AppData\Roaming\3802.exe
c:\users\Andrew\AppData\Roaming\38B.exe
c:\users\Andrew\AppData\Roaming\3989.exe
c:\users\Andrew\AppData\Roaming\3A27.exe
c:\users\Andrew\AppData\Roaming\3A3A.exe
c:\users\Andrew\AppData\Roaming\3A53.exe
c:\users\Andrew\AppData\Roaming\3AC3.exe
c:\users\Andrew\AppData\Roaming\3AD9.exe
c:\users\Andrew\AppData\Roaming\3CA1.exe
c:\users\Andrew\AppData\Roaming\3CFE.exe
c:\users\Andrew\AppData\Roaming\3D61.exe
c:\users\Andrew\AppData\Roaming\3D6F.exe
c:\users\Andrew\AppData\Roaming\3D8F.exe
c:\users\Andrew\AppData\Roaming\3DBF.exe
c:\users\Andrew\AppData\Roaming\3E2B.exe
c:\users\Andrew\AppData\Roaming\3E7.exe
c:\users\Andrew\AppData\Roaming\3E85.exe
c:\users\Andrew\AppData\Roaming\3F0.exe
c:\users\Andrew\AppData\Roaming\3FA2.exe
c:\users\Andrew\AppData\Roaming\403D.exe
c:\users\Andrew\AppData\Roaming\40C.exe
c:\users\Andrew\AppData\Roaming\4184.exe
c:\users\Andrew\AppData\Roaming\426B.exe
c:\users\Andrew\AppData\Roaming\42C3.exe
c:\users\Andrew\AppData\Roaming\4358.exe
c:\users\Andrew\AppData\Roaming\43D1.exe
c:\users\Andrew\AppData\Roaming\4450.exe
c:\users\Andrew\AppData\Roaming\44BD.exe
c:\users\Andrew\AppData\Roaming\44BE.exe
c:\users\Andrew\AppData\Roaming\44ED.exe
c:\users\Andrew\AppData\Roaming\4530.exe
c:\users\Andrew\AppData\Roaming\45A3.exe
c:\users\Andrew\AppData\Roaming\45BB.exe
c:\users\Andrew\AppData\Roaming\45DC.exe
c:\users\Andrew\AppData\Roaming\46B0.exe
c:\users\Andrew\AppData\Roaming\473D.exe
c:\users\Andrew\AppData\Roaming\480F.exe
c:\users\Andrew\AppData\Roaming\4A2C.exe
c:\users\Andrew\AppData\Roaming\4A4B.exe
c:\users\Andrew\AppData\Roaming\4B42.exe
c:\users\Andrew\AppData\Roaming\4BAF.exe
c:\users\Andrew\AppData\Roaming\4C9B.exe
c:\users\Andrew\AppData\Roaming\4CB8.exe
c:\users\Andrew\AppData\Roaming\4D69.exe
c:\users\Andrew\AppData\Roaming\4EF1.exe
c:\users\Andrew\AppData\Roaming\4EF9.exe
c:\users\Andrew\AppData\Roaming\4F41.exe
c:\users\Andrew\AppData\Roaming\4F8F.exe
c:\users\Andrew\AppData\Roaming\4FA6.exe
c:\users\Andrew\AppData\Roaming\4FF8.exe
c:\users\Andrew\AppData\Roaming\5102.exe
c:\users\Andrew\AppData\Roaming\5132.exe
c:\users\Andrew\AppData\Roaming\5152.exe
c:\users\Andrew\AppData\Roaming\5166.exe
c:\users\Andrew\AppData\Roaming\51ED.exe
c:\users\Andrew\AppData\Roaming\5244.exe
c:\users\Andrew\AppData\Roaming\5314.exe
c:\users\Andrew\AppData\Roaming\537E.exe
c:\users\Andrew\AppData\Roaming\544A.exe
c:\users\Andrew\AppData\Roaming\5468.exe
c:\users\Andrew\AppData\Roaming\549.exe
c:\users\Andrew\AppData\Roaming\54C9.exe
c:\users\Andrew\AppData\Roaming\54CE.exe
c:\users\Andrew\AppData\Roaming\5505.exe
c:\users\Andrew\AppData\Roaming\552B.exe
c:\users\Andrew\AppData\Roaming\5533.exe
c:\users\Andrew\AppData\Roaming\5572.exe
c:\users\Andrew\AppData\Roaming\55C0.exe
c:\users\Andrew\AppData\Roaming\55CF.exe
c:\users\Andrew\AppData\Roaming\563B.exe
c:\users\Andrew\AppData\Roaming\56A7.exe
c:\users\Andrew\AppData\Roaming\5814.exe
c:\users\Andrew\AppData\Roaming\5835.exe
c:\users\Andrew\AppData\Roaming\585F.exe
c:\users\Andrew\AppData\Roaming\58D6.exe
c:\users\Andrew\AppData\Roaming\5949.exe
c:\users\Andrew\AppData\Roaming\5A3.exe
c:\users\Andrew\AppData\Roaming\5AB1.exe
c:\users\Andrew\AppData\Roaming\5AF5.exe
c:\users\Andrew\AppData\Roaming\5D1C.exe
c:\users\Andrew\AppData\Roaming\5D4B.exe
c:\users\Andrew\AppData\Roaming\5DBF.exe
c:\users\Andrew\AppData\Roaming\5DC8.exe
c:\users\Andrew\AppData\Roaming\5F3A.exe
c:\users\Andrew\AppData\Roaming\602C.exe
c:\users\Andrew\AppData\Roaming\607A.exe
c:\users\Andrew\AppData\Roaming\60FA.exe
c:\users\Andrew\AppData\Roaming\612.exe
c:\users\Andrew\AppData\Roaming\6181.exe
c:\users\Andrew\AppData\Roaming\6190.exe
c:\users\Andrew\AppData\Roaming\61A0.exe
c:\users\Andrew\AppData\Roaming\6201.exe
c:\users\Andrew\AppData\Roaming\6214.exe
c:\users\Andrew\AppData\Roaming\62A3.exe
c:\users\Andrew\AppData\Roaming\62DF.exe
c:\users\Andrew\AppData\Roaming\62F.exe
c:\users\Andrew\AppData\Roaming\63D1.exe
c:\users\Andrew\AppData\Roaming\645E.exe
c:\users\Andrew\AppData\Roaming\64EE.exe
c:\users\Andrew\AppData\Roaming\6559.exe
c:\users\Andrew\AppData\Roaming\66F1.exe
c:\users\Andrew\AppData\Roaming\6770.exe
c:\users\Andrew\AppData\Roaming\6868.exe
c:\users\Andrew\AppData\Roaming\6890.exe
c:\users\Andrew\AppData\Roaming\69F0.exe
c:\users\Andrew\AppData\Roaming\6D10.exe
c:\users\Andrew\AppData\Roaming\6D31.exe
c:\users\Andrew\AppData\Roaming\6D52.exe
c:\users\Andrew\AppData\Roaming\6DDD.exe
c:\users\Andrew\AppData\Roaming\6E4D.exe
c:\users\Andrew\AppData\Roaming\6E8C.exe
c:\users\Andrew\AppData\Roaming\6ECB.exe
c:\users\Andrew\AppData\Roaming\6ED9.exe
c:\users\Andrew\AppData\Roaming\6F2F.exe
c:\users\Andrew\AppData\Roaming\6FE3.exe
c:\users\Andrew\AppData\Roaming\711F.exe
c:\users\Andrew\AppData\Roaming\72E.exe
c:\users\Andrew\AppData\Roaming\734C.exe
c:\users\Andrew\AppData\Roaming\7355.exe
c:\users\Andrew\AppData\Roaming\7414.exe
c:\users\Andrew\AppData\Roaming\754F.exe
c:\users\Andrew\AppData\Roaming\755D.exe
c:\users\Andrew\AppData\Roaming\7585.exe
c:\users\Andrew\AppData\Roaming\75A1.exe
c:\users\Andrew\AppData\Roaming\75AE.exe
c:\users\Andrew\AppData\Roaming\75DA.exe
c:\users\Andrew\AppData\Roaming\761A.exe
c:\users\Andrew\AppData\Roaming\766B.exe
c:\users\Andrew\AppData\Roaming\76B2.exe
c:\users\Andrew\AppData\Roaming\76CB.exe
c:\users\Andrew\AppData\Roaming\76ED.exe
c:\users\Andrew\AppData\Roaming\773F.exe
c:\users\Andrew\AppData\Roaming\79D8.exe
c:\users\Andrew\AppData\Roaming\7ADB.exe
c:\users\Andrew\AppData\Roaming\7AF.exe
c:\users\Andrew\AppData\Roaming\7B29.exe
c:\users\Andrew\AppData\Roaming\7BC6.exe
c:\users\Andrew\AppData\Roaming\7BF3.exe
c:\users\Andrew\AppData\Roaming\7C7E.exe
c:\users\Andrew\AppData\Roaming\7CD.exe
c:\users\Andrew\AppData\Roaming\7F6E.exe
c:\users\Andrew\AppData\Roaming\80AA.exe
c:\users\Andrew\AppData\Roaming\8112.exe
c:\users\Andrew\AppData\Roaming\81CE.exe
c:\users\Andrew\AppData\Roaming\81D3.exe
c:\users\Andrew\AppData\Roaming\8284.exe
c:\users\Andrew\AppData\Roaming\836.exe
c:\users\Andrew\AppData\Roaming\84B3.exe
c:\users\Andrew\AppData\Roaming\84BB.exe
c:\users\Andrew\AppData\Roaming\84F.exe
c:\users\Andrew\AppData\Roaming\8550.exe
c:\users\Andrew\AppData\Roaming\85B3.exe
c:\users\Andrew\AppData\Roaming\899A.exe
c:\users\Andrew\AppData\Roaming\8A2F.exe
c:\users\Andrew\AppData\Roaming\8A56.exe
c:\users\Andrew\AppData\Roaming\8AE2.exe
c:\users\Andrew\AppData\Roaming\8AE3.exe
c:\users\Andrew\AppData\Roaming\8BAD.exe
c:\users\Andrew\AppData\Roaming\8C0F.exe
c:\users\Andrew\AppData\Roaming\8D8F.exe
c:\users\Andrew\AppData\Roaming\8E6.exe
c:\users\Andrew\AppData\Roaming\8E79.exe
c:\users\Andrew\AppData\Roaming\8E80.exe
c:\users\Andrew\AppData\Roaming\8F49.exe
c:\users\Andrew\AppData\Roaming\8F91.exe
c:\users\Andrew\AppData\Roaming\917F.exe
c:\users\Andrew\AppData\Roaming\91DB.exe
c:\users\Andrew\AppData\Roaming\9201.exe
c:\users\Andrew\AppData\Roaming\923E.exe
c:\users\Andrew\AppData\Roaming\924C.exe
c:\users\Andrew\AppData\Roaming\9261.exe
c:\users\Andrew\AppData\Roaming\9281.exe
c:\users\Andrew\AppData\Roaming\9316.exe
c:\users\Andrew\AppData\Roaming\939A.exe
c:\users\Andrew\AppData\Roaming\93C8.exe
c:\users\Andrew\AppData\Roaming\94C9.exe
c:\users\Andrew\AppData\Roaming\9500.exe
c:\users\Andrew\AppData\Roaming\9564.exe
c:\users\Andrew\AppData\Roaming\9640.exe
c:\users\Andrew\AppData\Roaming\9716.exe
c:\users\Andrew\AppData\Roaming\9723.exe
c:\users\Andrew\AppData\Roaming\9980.exe
c:\users\Andrew\AppData\Roaming\9A92.exe
c:\users\Andrew\AppData\Roaming\9B17.exe
c:\users\Andrew\AppData\Roaming\9BE5.exe
c:\users\Andrew\AppData\Roaming\9C47.exe
c:\users\Andrew\AppData\Roaming\9CC5.exe
c:\users\Andrew\AppData\Roaming\9D89.exe
c:\users\Andrew\AppData\Roaming\9D91.exe
c:\users\Andrew\AppData\Roaming\9DF9.exe
c:\users\Andrew\AppData\Roaming\9E51.exe
c:\users\Andrew\AppData\Roaming\9ED9.exe
c:\users\Andrew\AppData\Roaming\9EEC.exe
c:\users\Andrew\AppData\Roaming\9F5F.exe
c:\users\Andrew\AppData\Roaming\A02C.exe
c:\users\Andrew\AppData\Roaming\A0AE.exe
c:\users\Andrew\AppData\Roaming\A11.exe
c:\users\Andrew\AppData\Roaming\A220.exe
c:\users\Andrew\AppData\Roaming\A26.exe
c:\users\Andrew\AppData\Roaming\A2E.exe
c:\users\Andrew\AppData\Roaming\A3EE.exe
c:\users\Andrew\AppData\Roaming\A40E.exe
c:\users\Andrew\AppData\Roaming\A47F.exe
c:\users\Andrew\AppData\Roaming\A4BB.exe
c:\users\Andrew\AppData\Roaming\A631.exe
c:\users\Andrew\AppData\Roaming\A69C.exe
c:\users\Andrew\AppData\Roaming\A75A.exe
c:\users\Andrew\AppData\Roaming\A794.exe
c:\users\Andrew\AppData\Roaming\A85A.exe
c:\users\Andrew\AppData\Roaming\A8EC.exe
c:\users\Andrew\AppData\Roaming\A9D8.exe
c:\users\Andrew\AppData\Roaming\AA63.exe
c:\users\Andrew\AppData\Roaming\AC35.exe
c:\users\Andrew\AppData\Roaming\AC5D.exe
c:\users\Andrew\AppData\Roaming\ADB2.exe
c:\users\Andrew\AppData\Roaming\AEBD.exe
c:\users\Andrew\AppData\Roaming\AFA0.exe
c:\users\Andrew\AppData\Roaming\AFC7.exe
c:\users\Andrew\AppData\Roaming\B06F.exe
c:\users\Andrew\AppData\Roaming\B0AE.exe
c:\users\Andrew\AppData\Roaming\B16.exe
c:\users\Andrew\AppData\Roaming\B1E8.exe
c:\users\Andrew\AppData\Roaming\B32B.exe
c:\users\Andrew\AppData\Roaming\B370.exe
c:\users\Andrew\AppData\Roaming\B3AD.exe
c:\users\Andrew\AppData\Roaming\B480.exe
c:\users\Andrew\AppData\Roaming\B527.exe
c:\users\Andrew\AppData\Roaming\B536.exe
c:\users\Andrew\AppData\Roaming\B611.exe
c:\users\Andrew\AppData\Roaming\B6ED.exe
c:\users\Andrew\AppData\Roaming\B79D.exe
c:\users\Andrew\AppData\Roaming\B80B.exe
c:\users\Andrew\AppData\Roaming\B85D.exe
c:\users\Andrew\AppData\Roaming\B932.exe
c:\users\Andrew\AppData\Roaming\B94.exe
c:\users\Andrew\AppData\Roaming\BB69.exe
c:\users\Andrew\AppData\Roaming\BB7B.exe
c:\users\Andrew\AppData\Roaming\BC16.exe
c:\users\Andrew\AppData\Roaming\BCCE.exe
c:\users\Andrew\AppData\Roaming\BD33.exe
c:\users\Andrew\AppData\Roaming\BDE3.exe
c:\users\Andrew\AppData\Roaming\BE07.exe
c:\users\Andrew\AppData\Roaming\BE0E.exe
c:\users\Andrew\AppData\Roaming\BE5C.exe
c:\users\Andrew\AppData\Roaming\BE9.exe
c:\users\Andrew\AppData\Roaming\C0DB.exe
c:\users\Andrew\AppData\Roaming\C14.exe
c:\users\Andrew\AppData\Roaming\C225.exe
c:\users\Andrew\AppData\Roaming\C233.exe
c:\users\Andrew\AppData\Roaming\C28C.exe
c:\users\Andrew\AppData\Roaming\C32C.exe
c:\users\Andrew\AppData\Roaming\C3BA.exe
c:\users\Andrew\AppData\Roaming\C3F2.exe
c:\users\Andrew\AppData\Roaming\C4B2.exe
c:\users\Andrew\AppData\Roaming\C4B3.exe
c:\users\Andrew\AppData\Roaming\C4E5.exe
c:\users\Andrew\AppData\Roaming\C554.exe
c:\users\Andrew\AppData\Roaming\C5E4.exe
c:\users\Andrew\AppData\Roaming\C628.exe
c:\users\Andrew\AppData\Roaming\C6DF.exe
c:\users\Andrew\AppData\Roaming\C848.exe
c:\users\Andrew\AppData\Roaming\C8B0.exe
c:\users\Andrew\AppData\Roaming\C8FF.exe
c:\users\Andrew\AppData\Roaming\C9D.exe
c:\users\Andrew\AppData\Roaming\CA4B.exe
c:\users\Andrew\AppData\Roaming\CA75.exe
c:\users\Andrew\AppData\Roaming\CAFC.exe
c:\users\Andrew\AppData\Roaming\CB.exe
c:\users\Andrew\AppData\Roaming\CC17.exe
c:\users\Andrew\AppData\Roaming\CC23.exe
c:\users\Andrew\AppData\Roaming\CD09.exe
c:\users\Andrew\AppData\Roaming\CD8F.exe
c:\users\Andrew\AppData\Roaming\CE3D.exe
c:\users\Andrew\AppData\Roaming\CF6D.exe
c:\users\Andrew\AppData\Roaming\cqjvvo.exe
c:\users\Andrew\AppData\Roaming\cvnrep.exe
c:\users\Andrew\AppData\Roaming\D175.exe
c:\users\Andrew\AppData\Roaming\D18B.exe
c:\users\Andrew\AppData\Roaming\D199.exe
c:\users\Andrew\AppData\Roaming\D1CF.exe
c:\users\Andrew\AppData\Roaming\D2B.exe
c:\users\Andrew\AppData\Roaming\D2B9.exe
c:\users\Andrew\AppData\Roaming\D2DA.exe
c:\users\Andrew\AppData\Roaming\D38D.exe
c:\users\Andrew\AppData\Roaming\D3F0.exe
c:\users\Andrew\AppData\Roaming\D42D.exe
c:\users\Andrew\AppData\Roaming\D437.exe
c:\users\Andrew\AppData\Roaming\D4CB.exe
c:\users\Andrew\AppData\Roaming\D52F.exe
c:\users\Andrew\AppData\Roaming\D53C.exe
c:\users\Andrew\AppData\Roaming\D53F.exe
c:\users\Andrew\AppData\Roaming\D5D6.exe
c:\users\Andrew\AppData\Roaming\D66.exe
c:\users\Andrew\AppData\Roaming\D7C0.exe
c:\users\Andrew\AppData\Roaming\D802.exe
c:\users\Andrew\AppData\Roaming\D89.exe
c:\users\Andrew\AppData\Roaming\D8EC.exe
c:\users\Andrew\AppData\Roaming\DA60.exe
c:\users\Andrew\AppData\Roaming\DBAE.exe
c:\users\Andrew\AppData\Roaming\DBC5.exe
c:\users\Andrew\AppData\Roaming\DBCD.exe
c:\users\Andrew\AppData\Roaming\DBE4.exe
c:\users\Andrew\AppData\Roaming\DC54.exe
c:\users\Andrew\AppData\Roaming\DD63.exe
c:\users\Andrew\AppData\Roaming\DE72.exe
c:\users\Andrew\AppData\Roaming\DF17.exe
c:\users\Andrew\AppData\Roaming\dwkhor.exe
c:\users\Andrew\AppData\Roaming\dydxhe.exe
c:\users\Andrew\AppData\Roaming\E0B4.exe
c:\users\Andrew\AppData\Roaming\E10F.exe
c:\users\Andrew\AppData\Roaming\E16C.exe
c:\users\Andrew\AppData\Roaming\E194.exe
c:\users\Andrew\AppData\Roaming\E30D.exe
c:\users\Andrew\AppData\Roaming\E340.exe
c:\users\Andrew\AppData\Roaming\E3DB.exe
c:\users\Andrew\AppData\Roaming\E4A4.exe
c:\users\Andrew\AppData\Roaming\E5DB.exe
c:\users\Andrew\AppData\Roaming\E818.exe
c:\users\Andrew\AppData\Roaming\E843.exe
c:\users\Andrew\AppData\Roaming\E85B.exe
c:\users\Andrew\AppData\Roaming\E863.exe
c:\users\Andrew\AppData\Roaming\E975.exe
c:\users\Andrew\AppData\Roaming\EAB4.exe
c:\users\Andrew\AppData\Roaming\EB02.exe
c:\users\Andrew\AppData\Roaming\EB39.exe
c:\users\Andrew\AppData\Roaming\EB77.exe
c:\users\Andrew\AppData\Roaming\ECF2.exe
c:\users\Andrew\AppData\Roaming\EE4F.exe
c:\users\Andrew\AppData\Roaming\EE78.exe
c:\users\Andrew\AppData\Roaming\EEC7.exe
c:\users\Andrew\AppData\Roaming\EED8.exe
c:\users\Andrew\AppData\Roaming\EEFF.exe
c:\users\Andrew\AppData\Roaming\EF3D.exe
c:\users\Andrew\AppData\Roaming\EF7E.exe
c:\users\Andrew\AppData\Roaming\efdvnx.exe
c:\users\Andrew\AppData\Roaming\EFF9.exe
c:\users\Andrew\AppData\Roaming\exttvh.exe
c:\users\Andrew\AppData\Roaming\ezcari.exe
c:\users\Andrew\AppData\Roaming\F02C.exe
c:\users\Andrew\AppData\Roaming\F05B.exe
c:\users\Andrew\AppData\Roaming\F0FF.exe
c:\users\Andrew\AppData\Roaming\F187.exe
c:\users\Andrew\AppData\Roaming\F27B.exe
c:\users\Andrew\AppData\Roaming\F2CC.exe
c:\users\Andrew\AppData\Roaming\F307.exe
c:\users\Andrew\AppData\Roaming\F3D1.exe
c:\users\Andrew\AppData\Roaming\F43E.exe
c:\users\Andrew\AppData\Roaming\F46C.exe
c:\users\Andrew\AppData\Roaming\F648.exe
c:\users\Andrew\AppData\Roaming\F687.exe
c:\users\Andrew\AppData\Roaming\F7F4.exe
c:\users\Andrew\AppData\Roaming\F81.exe
c:\users\Andrew\AppData\Roaming\F88C.exe
c:\users\Andrew\AppData\Roaming\F89A.exe
c:\users\Andrew\AppData\Roaming\F90F.exe
c:\users\Andrew\AppData\Roaming\F91F.exe
c:\users\Andrew\AppData\Roaming\F9FC.exe
c:\users\Andrew\AppData\Roaming\F9FF.exe
c:\users\Andrew\AppData\Roaming\FAA5.exe
c:\users\Andrew\AppData\Roaming\FAC6.exe
c:\users\Andrew\AppData\Roaming\FB3.exe
c:\users\Andrew\AppData\Roaming\FB78.exe
c:\users\Andrew\AppData\Roaming\FCE.exe
c:\users\Andrew\AppData\Roaming\FCFD.exe
c:\users\Andrew\AppData\Roaming\ffcmkk.exe
c:\users\Andrew\AppData\Roaming\ffeekp.exe
c:\users\Andrew\AppData\Roaming\FFF.exe
c:\users\Andrew\AppData\Roaming\fvgxwr.exe
c:\users\Andrew\AppData\Roaming\gklmjq.exe
c:\users\Andrew\AppData\Roaming\gmwdeq.exe
c:\users\Andrew\AppData\Roaming\hjgsty.exe
c:\users\Andrew\AppData\Roaming\hualmy.exe
c:\users\Andrew\AppData\Roaming\jmuzug.exe
c:\users\Andrew\AppData\Roaming\jyrwsc.exe
c:\users\Andrew\AppData\Roaming\ktpdxc.exe
c:\users\Andrew\AppData\Roaming\kttdgl.exe
c:\users\Andrew\AppData\Roaming\kvevbz.exe
c:\users\Andrew\AppData\Roaming\kvqmcv.exe
c:\users\Andrew\AppData\Roaming\lfuolq.exe
c:\users\Andrew\AppData\Roaming\llpfev.exe
c:\users\Andrew\AppData\Roaming\lweqmi.exe
c:\users\Andrew\AppData\Roaming\mtchft.exe
c:\users\Andrew\AppData\Roaming\mudsbg.exe
c:\users\Andrew\AppData\Roaming\mvbryf.exe
c:\users\Andrew\AppData\Roaming\nmnlzb.exe
c:\users\Andrew\AppData\Roaming\omiyws.exe
c:\users\Andrew\AppData\Roaming\pauxvm.exe
c:\users\Andrew\AppData\Roaming\ppscnc.exe
c:\users\Andrew\AppData\Roaming\qzwcso.exe
c:\users\Andrew\AppData\Roaming\sbckvx.exe
c:\users\Andrew\AppData\Roaming\sirrak.exe
c:\users\Andrew\AppData\Roaming\sqqbrx.exe
c:\users\Andrew\AppData\Roaming\stkffb.exe
c:\users\Andrew\AppData\Roaming\taqvjm.exe
c:\users\Andrew\AppData\Roaming\tdudyo.exe
c:\users\Andrew\AppData\Roaming\tylvds.exe
c:\users\Andrew\AppData\Roaming\uajqhy.exe
c:\users\Andrew\AppData\Roaming\udnmyk.exe
c:\users\Andrew\AppData\Roaming\vggsdb.exe
c:\users\Andrew\AppData\Roaming\wchdsb.exe
c:\users\Andrew\AppData\Roaming\xajanr.exe
c:\users\Andrew\AppData\Roaming\xjvufh.exe
c:\users\Andrew\AppData\Roaming\zgnwgd.exe
c:\users\Andrew\AppData\Roaming\zskuuo.exe
.
.
(((((((((((((((((((((((((   Files Created from 2014-08-12 to 2014-09-12  )))))))))))))))))))))))))))))))
.
.
2014-09-12 06:20 . 2014-09-12 06:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-09-11 01:41 . 2014-08-18 21:35 597504 ----a-w- c:\windows\SysWow64\jscript9diag.dll
2014-09-11 01:25 . 2014-06-27 02:08 2777088 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-09-11 01:25 . 2014-06-27 01:45 2285056 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2014-09-10 07:44 . 2014-09-10 07:49 -------- d-----w- C:\FRST
2014-09-10 02:41 . 2014-08-01 11:53 1031168 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-09-10 02:41 . 2014-08-01 11:35 793600 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
2014-09-10 02:39 . 2014-06-24 03:29 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2014-09-10 02:39 . 2014-06-24 02:59 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2014-09-10 02:39 . 2014-07-07 02:06 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-09-10 02:39 . 2014-07-07 02:06 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-09-10 02:39 . 2014-07-07 01:40 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-09-10 02:39 . 2014-07-07 01:40 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-09-10 02:39 . 2014-07-07 01:39 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-09-10 02:35 . 2014-08-21 03:43 11319192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2644524E-1B1C-48AD-BA98-377CB5338A60}\mpengine.dll
2014-08-28 02:06 . 2014-08-23 02:07 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-28 02:06 . 2014-08-23 01:45 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-08-28 02:06 . 2014-08-23 00:59 3163648 ----a-w- c:\windows\system32\win32k.sys
2014-08-22 01:24 . 2014-05-14 16:23 44512 ----a-w- c:\windows\system32\wups2.dll
2014-08-22 01:24 . 2014-05-14 16:23 58336 ----a-w- c:\windows\system32\wuauclt.exe
2014-08-22 01:24 . 2014-05-14 16:21 2620928 ----a-w- c:\windows\system32\wucltux.dll
2014-08-22 01:24 . 2014-05-14 16:23 2477536 ----a-w- c:\windows\system32\wuaueng.dll
2014-08-22 01:24 . 2014-05-14 16:23 38880 ----a-w- c:\windows\system32\wups.dll
2014-08-22 01:24 . 2014-05-14 16:23 36320 ----a-w- c:\windows\SysWow64\wups.dll
2014-08-22 01:24 . 2014-05-14 16:23 700384 ----a-w- c:\windows\system32\wuapi.dll
2014-08-22 01:24 . 2014-05-14 16:23 581600 ----a-w- c:\windows\SysWow64\wuapi.dll
2014-08-22 01:24 . 2014-05-14 16:20 97792 ----a-w- c:\windows\system32\wudriver.dll
2014-08-22 01:24 . 2014-05-14 16:17 92672 ----a-w- c:\windows\SysWow64\wudriver.dll
2014-08-22 01:23 . 2014-05-14 02:23 198600 ----a-w- c:\windows\system32\wuwebv.dll
2014-08-22 01:23 . 2014-05-14 02:23 179656 ----a-w- c:\windows\SysWow64\wuwebv.dll
2014-08-22 01:23 . 2014-05-14 02:20 36864 ----a-w- c:\windows\system32\wuapp.exe
2014-08-22 01:23 . 2014-05-14 02:17 33792 ----a-w- c:\windows\SysWow64\wuapp.exe
2014-08-14 10:23 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
2014-08-14 10:23 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
2014-08-14 10:23 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
2014-08-14 10:23 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
2014-08-14 10:23 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
2014-08-14 10:23 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
2014-08-14 10:22 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2014-08-14 10:22 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-14 03:36 . 2014-07-14 02:02 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
2014-08-14 03:36 . 2014-07-14 01:40 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-12 01:57 . 2011-11-23 14:54 45056 ----a-w- c:\windows\SysWow64\acovcnt.exe
2014-09-11 01:26 . 2011-11-23 16:38 101694776 ----a-w- c:\windows\system32\MRT.exe
2014-08-30 02:15 . 2012-07-03 02:24 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-08-05 02:20 . 2011-11-24 13:14 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-07-24 19:35 . 2014-07-24 19:35 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-24 16:47 . 2014-07-24 16:47 869544 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2014-06-18 02:18 . 2014-07-10 02:14 692736 ----a-w- c:\windows\system32\osk.exe
2014-06-18 01:51 . 2014-07-10 02:14 646144 ----a-w- c:\windows\SysWow64\osk.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2011-11-23 6497592]
"NTIxMzlBRUYwMTQ1M0U2OU"="c:\users\Andrew\mapimo.exe" [2012-12-10 260608]
"NTIwQTk0N0Y4NzhCRTgxN0"="c:\users\Andrew\pwrshdbg.exe" [2012-11-06 165376]
"M0M1NzY2QjBBOEVDQjUyNz"="c:\users\Andrew\wpdsnetwo.exe" [2013-01-02 274944]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2013-04-22 720064]
"HP Deskjet 4620 series (NET)"="c:\program files\HP\HP Deskjet 4620 series\Bin\ScanToPCActivationApp.exe" [2012-10-16 2573416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-02 2018032]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe" [2011-02-23 731472]
"SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2012-11-05 89184]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-10-26 74752]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2011-09-13 2317312]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
.
c:\users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft SharePoint Workspace.lnk - c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE /TrayOnly [2013-12-19 30814400]
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE /tsr [2013-6-25 228552]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe /start [2011-4-2 548528]
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.8.150\SSScheduler.exe [2014-4-9 332016]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS;c:\windows\SYSNATIVE\drivers\AmUStor.SYS [x]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x]
R3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys;c:\windows\SYSNATIVE\DRIVERS\btath_rcp.sys [x]
R3 BTATH_VDP;Bluetooth VDP Driver;c:\windows\system32\drivers\btath_vdp.sys;c:\windows\SYSNATIVE\drivers\btath_vdp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe;c:\program files\McAfee Security Scan\3.8.150\McCHSvc.exe [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 KMService;KMService;c:\windows\system32\srvany.exe;c:\windows\SYSNATIVE\srvany.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys;c:\windows\SYSNATIVE\DRIVERS\btath_bus.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-05 01:27 1096520 ----a-w- c:\program files (x86)\Google\Chrome\Application\37.0.2062.103\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-02 04:36]
.
2014-09-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-02 04:36]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2011-03-21 361984]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-05-31 926880]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-05-31 792736]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-31 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-31 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-31 416024]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = 192.168.2.12:808
uInternet Settings,ProxyOverride = <local>
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
TCP: Interfaces\{530360E6-0C01-4678-A3B1-A9770AE12BE9}: NameServer = 203.142.82.224,182.253.236.236
FF - ProfilePath - c:\users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\ma3akms2.default\
FF - prefs.js: network.proxy.ftp - 192.168.137.1
FF - prefs.js: network.proxy.ftp_port - 808
FF - prefs.js: network.proxy.http - 192.168.137.1
FF - prefs.js: network.proxy.http_port - 808
FF - prefs.js: network.proxy.socks - 192.168.137.1
FF - prefs.js: network.proxy.socks_port - 808
FF - prefs.js: network.proxy.ssl - 192.168.137.1
FF - prefs.js: network.proxy.ssl_port - 808
FF - prefs.js: network.proxy.type - 0
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-RGSC - c:\program files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe
Wow6432Node-HKCU-Run-Esukuo - c:\users\Andrew\AppData\Roaming\Microsoft\Esukuo.exe
Wow6432Node-HKCU-Run-MSSMARTMON1 - c:\users\Andrew\AppData\Roaming\cmmefr.exe
Wow6432Node-HKCU-Run-Bsukul - c:\users\Andrew\AppData\Roaming\Microsoft\Bsukul.exe
Wow6432Node-HKCU-Run-Rsukub - c:\users\Andrew\AppData\Roaming\Microsoft\Rsukub.exe
Wow6432Node-HKCU-Run-Msukuw - c:\users\Andrew\AppData\Roaming\Microsoft\Msukuw.exe
Wow6432Node-HKCU-Run-Zsukuj - c:\users\Andrew\AppData\Roaming\Microsoft\Zsukuj.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-09-12  13:27:24
ComboFix-quarantined-files.txt  2014-09-12 06:27
.
Pre-Run: 64,958,885,888 bytes free
Post-Run: 66,890,915,840 bytes free
.
- - End Of File - - A095BBE554CF95FE7D3B8D388C9E26E7


#7 hamkiez

hamkiez
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:07 PM

Posted 12 September 2014 - 01:36 AM

And following is the Log from Farbar Service Scanner:

 

Farbar Service Scanner Version: 21-07-2014
Ran by Andrew (administrator) on 12-09-2014 at 13:33:27
Running from "C:\Users\Andrew\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****


#8 hamkiez

hamkiez
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:07 PM

Posted 12 September 2014 - 01:42 AM

Following is the result from FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-09-2014
Ran by Andrew (administrator) on ANDREW-PC on 12-09-2014 13:38:49
Running from C:\Users\Andrew\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\FaceLogon\smartlogon.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
(ASUS) C:\Windows\AsScrPro.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 4620 series\Bin\ScanToPCActivationApp.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 4620 series\Bin\HPNetworkCommunicator.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Windows\SysWOW64\srvany.exe
() C:\Windows\KMService.exe
(Farbar) C:\Users\Andrew\Downloads\FSS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-13] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [926880 2011-06-01] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [792736 2011-06-01] (Atheros Commnucations)
HKLM\...\Run: [Setwallpaper] => c:\programdata\SetWallpaper.cmd
HKLM-x32\...\Run: [Nuance PDF Reader-reminder] => C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe [328992 2008-11-04] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [2018032 2011-04-02] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe [731472 2011-02-23] (ecareme)
HKLM-x32\...\Run: [SonicMasterTray] => C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-18] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-08] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-20] (ASUS)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2011-10-27] (Nullsoft, Inc.)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2317312 2011-09-13] (ASUS)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3885811293-4044738158-880651485-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6497592 2011-11-23] (Yahoo! Inc.)
HKU\S-1-5-21-3885811293-4044738158-880651485-1000\...\Run: [NTIxMzlBRUYwMTQ1M0U2OU] => C:\Users\Andrew\mapimo.exe [260608 2012-12-11] (Gerald)
HKU\S-1-5-21-3885811293-4044738158-880651485-1000\...\Run: [NTIwQTk0N0Y4NzhCRTgxN0] => C:\Users\Andrew\pwrshdbg.exe [165376 2012-11-06] (Unity)
HKU\S-1-5-21-3885811293-4044738158-880651485-1000\...\Run: [M0M1NzY2QjBBOEVDQjUyNz] => C:\Users\Andrew\wpdsnetwo.exe [274944 2013-01-02] (Clown)
HKU\S-1-5-21-3885811293-4044738158-880651485-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)
HKU\S-1-5-21-3885811293-4044738158-880651485-1000\...\Run: [HP Deskjet 4620 series (NET)] => C:\Program Files\HP\HP Deskjet 4620 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft SharePoint Workspace.lnk
ShortcutTarget: Microsoft SharePoint Workspace.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
Startup: C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: AsusWSShellExt_B -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: AsusWSShellExt_O -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: 192.168.2.12:808
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Google Dictionary Compression sdch -> {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} -> C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{530360E6-0C01-4678-A3B1-A9770AE12BE9}: [NameServer] 203.142.82.224,182.253.236.236
 
FireFox:
========
FF ProfilePath: C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\ma3akms2.default
FF NetworkProxy: "backup.ftp", "192.168.137.1"
FF NetworkProxy: "backup.ftp_port", 808
FF NetworkProxy: "backup.socks", "192.168.137.1"
FF NetworkProxy: "backup.socks_port", 808
FF NetworkProxy: "backup.ssl", "192.168.137.1"
FF NetworkProxy: "backup.ssl_port", 808
FF NetworkProxy: "ftp", "192.168.137.1"
FF NetworkProxy: "ftp_port", 808
FF NetworkProxy: "http", "192.168.137.1"
FF NetworkProxy: "http_port", 808
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "192.168.137.1"
FF NetworkProxy: "socks_port", 808
FF NetworkProxy: "ssl", "192.168.137.1"
FF NetworkProxy: "ssl_port", 808
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @t-immersion.com/DFusionHomeWebPlugIn -> C:\Program Files (x86)\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll (Total Immersion)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF Plugin HKCU: @yahoo.com/BrowserPlus,version=2.9.8 -> C:\Users\Andrew\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF user.js: detected! => C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\ma3akms2.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Extension: Yahoo! Toolbar - C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\ma3akms2.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2014-06-30]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/ig/redirectdomain?brand=ASUT&bmod=ASUT
CHR StartupUrls: Default -> "hxxp://www.google.com/ig/redirectdomain?brand=ASUT&bmod=ASUT"
CHR DefaultSearchKeyword: Default -> 7069D233D0FAB21ECAD0711E43C3A354F1DA101E62C7559184AE853C3608D736
CHR DefaultSearchURL: Default -> 5FD22109522C2230382960348213BAA8C2B7D382018C8F1C244AFB963BBA8A3D
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\pdf.dll ()
CHR Plugin: (Skype Toolbars) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.7.0.8773_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Winamp Application Detector) - C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Zeon Plus) - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
CHR Plugin: (D'Fusion @Home Web Plug-In (3.20.20164)) - C:\Program Files (x86)\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll (Total Immersion)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - C:\Users\Andrew\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
CHR Profile: C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-02-06]
CHR Extension: (Google Drive) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-06]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-28]
CHR Extension: (YouTube) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-06]
CHR Extension: (Google Search) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-06]
CHR Extension: (Skype Click to Call) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-02-06]
CHR Extension: (Google Wallet) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
CHR Extension: (Gmail) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-06]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-11-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-06-01] (Atheros) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [97952 2011-06-01] (Atheros Commnucations) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [923136 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] () [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 BTATH_VDP; C:\Windows\System32\drivers\btath_vdp.sys [420896 2011-06-01] (Atheros)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
U3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-12 13:38 - 2014-09-12 13:38 - 00000000 ____D () C:\Users\Andrew\Downloads\FRST-OlderVersion
2014-09-12 13:33 - 2014-09-12 13:33 - 00002238 _____ () C:\Users\Andrew\Downloads\FSS.txt
2014-09-12 13:32 - 2014-09-12 13:32 - 00415232 _____ (Farbar) C:\Users\Andrew\Downloads\FSS.exe
2014-09-12 13:27 - 2014-09-12 13:27 - 00074649 _____ () C:\ComboFix.txt
2014-09-12 13:02 - 2014-09-12 13:27 - 00000000 ____D () C:\Qoobox
2014-09-12 13:02 - 2014-09-12 13:23 - 00000000 ____D () C:\Windows\erdnt
2014-09-12 13:02 - 2011-06-26 13:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-12 13:02 - 2010-11-08 00:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-12 13:02 - 2009-04-20 11:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-12 13:02 - 2000-08-31 07:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-12 13:02 - 2000-08-31 07:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-12 13:02 - 2000-08-31 07:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-12 13:02 - 2000-08-31 07:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-12 13:02 - 2000-08-31 07:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-12 12:53 - 2014-09-12 12:57 - 05577449 ____R (Swearware) C:\Users\Andrew\Downloads\ComboFix.exe
2014-09-12 08:58 - 2014-09-12 09:01 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{038162B4-C328-4929-9E43-56AE04837175}
2014-09-11 08:42 - 2014-08-20 01:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-11 08:42 - 2014-08-20 00:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-11 08:42 - 2014-08-19 05:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-11 08:42 - 2014-08-19 05:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-11 08:42 - 2014-08-19 05:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-11 08:42 - 2014-08-19 05:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-11 08:42 - 2014-08-19 05:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-11 08:42 - 2014-08-19 05:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-11 08:42 - 2014-08-19 05:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-11 08:42 - 2014-08-19 05:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-11 08:42 - 2014-08-19 05:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-11 08:42 - 2014-08-19 05:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-11 08:42 - 2014-08-19 04:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-11 08:42 - 2014-08-19 04:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-11 08:42 - 2014-08-19 04:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-11 08:42 - 2014-08-19 04:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-11 08:42 - 2014-08-19 04:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-11 08:42 - 2014-08-19 04:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-11 08:42 - 2014-08-19 04:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-11 08:42 - 2014-08-19 04:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 08:42 - 2014-08-19 04:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-11 08:42 - 2014-08-19 04:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-11 08:42 - 2014-08-19 04:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-11 08:42 - 2014-08-19 04:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-11 08:42 - 2014-08-19 04:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-11 08:42 - 2014-08-19 04:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-11 08:42 - 2014-08-19 04:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 08:42 - 2014-08-19 04:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-11 08:42 - 2014-08-19 04:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-11 08:42 - 2014-08-19 04:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-11 08:42 - 2014-08-19 04:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-11 08:42 - 2014-08-19 04:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-11 08:41 - 2014-08-19 06:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 08:41 - 2014-08-19 05:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-11 08:41 - 2014-08-19 05:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 08:41 - 2014-08-19 05:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-11 08:41 - 2014-08-19 05:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-11 08:41 - 2014-08-19 05:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-11 08:41 - 2014-08-19 05:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-11 08:41 - 2014-08-19 04:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-11 08:41 - 2014-08-19 04:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-11 08:41 - 2014-08-19 04:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-11 08:41 - 2014-08-19 04:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-11 08:41 - 2014-08-19 04:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 08:41 - 2014-08-19 04:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-11 08:41 - 2014-08-19 04:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-11 08:41 - 2014-08-19 04:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 08:41 - 2014-08-19 04:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-11 08:41 - 2014-08-19 04:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 08:41 - 2014-08-19 04:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-11 08:41 - 2014-08-19 04:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-11 08:41 - 2014-08-19 03:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 08:41 - 2014-08-19 03:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-11 08:41 - 2014-08-19 03:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-11 08:41 - 2014-08-19 03:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-11 08:41 - 2014-08-19 03:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-11 08:25 - 2014-06-27 09:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-11 08:25 - 2014-06-27 08:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-11 08:19 - 2014-09-11 08:20 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{79BB48A8-6F88-4F3F-BAA0-4C094D78D7C3}
2014-09-10 14:47 - 2014-09-10 14:49 - 00042766 _____ () C:\Users\Andrew\Downloads\Addition.txt
2014-09-10 14:44 - 2014-09-12 13:38 - 00024563 _____ () C:\Users\Andrew\Downloads\FRST.txt
2014-09-10 14:44 - 2014-09-12 13:38 - 00000000 ____D () C:\FRST
2014-09-10 14:42 - 2014-09-12 13:38 - 02105856 _____ (Farbar) C:\Users\Andrew\Downloads\FRST64.exe
2014-09-10 09:41 - 2014-08-01 18:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 09:41 - 2014-08-01 18:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-10 09:39 - 2014-07-07 09:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 09:39 - 2014-07-07 09:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 09:39 - 2014-07-07 08:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-10 09:39 - 2014-07-07 08:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-10 09:39 - 2014-07-07 08:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-10 09:39 - 2014-06-24 10:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 09:39 - 2014-06-24 09:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-10 08:55 - 2014-09-10 08:55 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{3257BDC7-7E82-4C53-B351-275E3E15B189}
2014-09-09 08:17 - 2014-09-09 08:18 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{FCE2CD93-C6B7-4EC5-98C1-431BEE413F59}
2014-09-08 08:05 - 2014-09-08 08:05 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{87B84B69-4DC5-4917-9156-ADE3D38CBDD4}
2014-09-06 11:30 - 2014-09-06 11:30 - 00009023 _____ () C:\Users\Andrew\Downloads\attach (1).txt
2014-09-06 11:25 - 2014-09-06 11:25 - 00015625 _____ () C:\Users\Andrew\Downloads\attach.txt
2014-09-06 11:12 - 2014-09-06 11:12 - 00009023 _____ () C:\Users\Andrew\Desktop\attach.txt
2014-09-06 11:12 - 2014-09-06 11:11 - 00029623 _____ () C:\Users\Andrew\Desktop\dds.txt
2014-09-06 11:09 - 2014-09-06 11:10 - 00688992 ____R (Swearware) C:\Users\Andrew\Downloads\dds.com
2014-09-06 09:17 - 2014-09-06 09:18 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{45B4A410-1371-4AF6-B627-4ED38F730433}
2014-09-05 08:20 - 2014-09-05 08:21 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{F03A2A45-A655-4C39-B2A9-734ED7037804}
2014-09-04 08:27 - 2014-09-04 08:27 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{163CE179-A732-47E6-A6EC-5C200CF27889}
2014-09-03 08:07 - 2014-09-03 08:07 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{0BB67B1C-02F8-4F89-9A63-D53ECB141C09}
2014-09-02 17:11 - 2014-09-02 17:12 - 00011433 _____ () C:\Users\Andrew\Desktop\Book2.xlsx
2014-09-02 08:34 - 2014-09-02 08:34 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{72BFED40-2137-4B79-BB42-16397C65D29E}
2014-09-01 08:41 - 2014-09-01 08:43 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{F1904E21-1545-4E46-9B98-F8DCB48CA5B1}
2014-08-30 09:16 - 2014-08-30 09:16 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{951414AA-647F-4878-9C52-D79B02A5E56D}
2014-08-29 11:53 - 2014-08-29 11:53 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{E938CEAF-E950-455E-B91F-EF1215085CA9}
2014-08-28 09:06 - 2014-08-23 09:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 09:06 - 2014-08-23 08:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 09:06 - 2014-08-23 07:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-28 08:58 - 2014-08-28 09:01 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{58DBCB23-A3C6-4176-AF6C-74D7103675DE}
2014-08-26 08:37 - 2014-08-27 08:25 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{E947D52F-D2AC-464F-9243-E0A50C5F454B}
2014-08-25 08:32 - 2014-08-25 08:32 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{2924B5F1-93BF-4D99-9113-1B7568B42046}
2014-08-23 10:42 - 2014-08-23 10:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-23 09:36 - 2014-08-23 09:57 - 00000000 ____D () C:\Users\Andrew\Desktop\Penawaran
2014-08-23 08:25 - 2014-08-23 08:28 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{8923D618-E047-422D-8B2B-8B7013EB6ED2}
2014-08-22 08:24 - 2014-05-14 23:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-22 08:24 - 2014-05-14 23:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-22 08:24 - 2014-05-14 23:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-22 08:24 - 2014-05-14 23:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-22 08:24 - 2014-05-14 23:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-22 08:24 - 2014-05-14 23:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-22 08:24 - 2014-05-14 23:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-22 08:24 - 2014-05-14 23:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-22 08:24 - 2014-05-14 23:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-22 08:24 - 2014-05-14 23:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-22 08:23 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-22 08:23 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-22 08:23 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-22 08:23 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-22 08:18 - 2014-08-22 08:22 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{5D520B15-5DBB-410E-993D-9B37F01236F8}
2014-08-21 08:28 - 2014-08-21 08:28 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{88455C74-D7FB-416E-B709-CA5F01780A6F}
2014-08-16 09:00 - 2014-08-16 09:00 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{B360D4AA-15F9-4CA6-A3FC-2DB661665897}
2014-08-15 08:25 - 2014-08-15 08:25 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{74E8D04D-3E2E-4E84-A0DA-71C6E18430DD}
2014-08-14 17:23 - 2014-07-01 05:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-14 17:23 - 2014-07-01 05:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-14 17:23 - 2014-03-10 04:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-14 17:23 - 2014-03-10 04:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-14 17:23 - 2014-03-10 04:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-14 17:23 - 2014-03-10 04:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-08-14 17:22 - 2014-06-06 13:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-14 17:22 - 2014-06-06 13:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-14 10:40 - 2014-07-16 10:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-08-14 10:40 - 2014-07-16 09:46 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-08-14 10:40 - 2014-07-09 09:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-08-14 10:40 - 2014-07-09 09:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-08-14 10:40 - 2014-07-09 09:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-08-14 10:40 - 2014-07-09 09:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-08-14 10:40 - 2014-07-09 09:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-08-14 10:40 - 2014-07-09 08:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-08-14 10:40 - 2014-07-09 08:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-08-14 10:40 - 2014-07-09 08:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-08-14 10:40 - 2014-07-09 08:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-08-14 10:40 - 2014-07-09 08:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-08-14 10:40 - 2014-07-09 05:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-08-14 10:40 - 2014-07-09 05:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-08-14 10:40 - 2014-06-25 09:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-08-14 10:40 - 2014-06-25 08:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-08-14 10:40 - 2014-06-16 09:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-08-14 10:40 - 2014-06-03 17:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-08-14 10:40 - 2014-06-03 17:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-08-14 10:40 - 2014-06-03 17:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-08-14 10:40 - 2014-06-03 17:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-08-14 10:40 - 2014-06-03 16:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-08-14 10:40 - 2014-06-03 16:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-08-14 10:40 - 2014-06-03 16:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-08-14 10:36 - 2014-07-14 09:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-08-14 10:36 - 2014-07-14 08:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-08-14 08:52 - 2014-08-14 08:52 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{9F9D9210-3960-4D4B-9931-58755298A924}
2014-08-13 14:33 - 2014-08-13 14:33 - 03644976 _____ () C:\Users\Andrew\Downloads\rincianbiaya.zip
2014-08-13 08:30 - 2014-08-13 08:30 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{53DA6533-AA4B-434A-B842-7312FF342FBF}
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-12 13:39 - 2014-09-10 14:44 - 00024563 _____ () C:\Users\Andrew\Downloads\FRST.txt
2014-09-12 13:38 - 2014-09-12 13:38 - 00000000 ____D () C:\Users\Andrew\Downloads\FRST-OlderVersion
2014-09-12 13:38 - 2014-09-10 14:44 - 00000000 ____D () C:\FRST
2014-09-12 13:38 - 2014-09-10 14:42 - 02105856 _____ (Farbar) C:\Users\Andrew\Downloads\FRST64.exe
2014-09-12 13:33 - 2014-09-12 13:33 - 00002238 _____ () C:\Users\Andrew\Downloads\FSS.txt
2014-09-12 13:32 - 2014-09-12 13:32 - 00415232 _____ (Farbar) C:\Users\Andrew\Downloads\FSS.exe
2014-09-12 13:27 - 2014-09-12 13:27 - 00074649 _____ () C:\ComboFix.txt
2014-09-12 13:27 - 2014-09-12 13:02 - 00000000 ____D () C:\Qoobox
2014-09-12 13:27 - 2009-07-14 10:20 - 00000000 __RHD () C:\Users\Default
2014-09-12 13:26 - 2011-04-02 11:36 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-12 13:23 - 2014-09-12 13:02 - 00000000 ____D () C:\Windows\erdnt
2014-09-12 13:22 - 2009-07-14 09:34 - 00000215 _____ () C:\Windows\system.ini
2014-09-12 13:04 - 2011-08-13 00:02 - 01840850 _____ () C:\Windows\WindowsUpdate.log
2014-09-12 13:01 - 2011-12-06 15:49 - 00000000 ____D () C:\Users\Andrew\Documents\Outlook Files
2014-09-12 12:57 - 2014-09-12 12:53 - 05577449 ____R (Swearware) C:\Users\Andrew\Downloads\ComboFix.exe
2014-09-12 12:47 - 2014-08-12 15:37 - 00008941 _____ () C:\Users\Andrew\Documents\lintas.xlsx
2014-09-12 11:15 - 2013-06-17 08:32 - 00002010 ____H () C:\Users\Andrew\Documents\Default.rdp
2014-09-12 11:13 - 2009-07-14 12:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-09-12 09:26 - 2011-04-02 11:36 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-12 09:11 - 2012-01-09 00:53 - 00000000 ____D () C:\Users\Andrew\AppData\Local\CrashDumps
2014-09-12 09:06 - 2009-07-14 11:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-12 09:06 - 2009-07-14 11:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-12 09:01 - 2014-09-12 08:58 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{038162B4-C328-4929-9E43-56AE04837175}
2014-09-12 09:01 - 2011-11-23 23:28 - 00000000 ____D () C:\Users\Andrew\Documents\Bluetooth Folder
2014-09-12 08:58 - 2011-12-06 21:20 - 00000000 ____D () C:\Users\Andrew\Tracing
2014-09-12 08:57 - 2011-11-23 21:54 - 00045056 _____ () C:\Windows\SysWOW64\acovcnt.exe
2014-09-12 08:57 - 2009-07-14 12:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-12 08:57 - 2009-07-14 11:51 - 00109540 _____ () C:\Windows\setupact.log
2014-09-11 12:35 - 2009-07-14 10:20 - 00000000 ____D () C:\Windows\rescache
2014-09-11 08:41 - 2011-12-06 15:34 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-11 08:39 - 2011-11-23 22:15 - 00791394 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-11 08:39 - 2009-07-14 12:13 - 00791394 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-11 08:38 - 2013-07-30 23:17 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 08:26 - 2011-11-23 23:38 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-11 08:20 - 2014-09-11 08:19 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{79BB48A8-6F88-4F3F-BAA0-4C094D78D7C3}
2014-09-10 14:49 - 2014-09-10 14:47 - 00042766 _____ () C:\Users\Andrew\Downloads\Addition.txt
2014-09-10 08:55 - 2014-09-10 08:55 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{3257BDC7-7E82-4C53-B351-275E3E15B189}
2014-09-09 08:18 - 2014-09-09 08:17 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{FCE2CD93-C6B7-4EC5-98C1-431BEE413F59}
2014-09-08 08:05 - 2014-09-08 08:05 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{87B84B69-4DC5-4917-9156-ADE3D38CBDD4}
2014-09-06 11:30 - 2014-09-06 11:30 - 00009023 _____ () C:\Users\Andrew\Downloads\attach (1).txt
2014-09-06 11:25 - 2014-09-06 11:25 - 00015625 _____ () C:\Users\Andrew\Downloads\attach.txt
2014-09-06 11:12 - 2014-09-06 11:12 - 00009023 _____ () C:\Users\Andrew\Desktop\attach.txt
2014-09-06 11:11 - 2014-09-06 11:12 - 00029623 _____ () C:\Users\Andrew\Desktop\dds.txt
2014-09-06 11:10 - 2014-09-06 11:09 - 00688992 ____R (Swearware) C:\Users\Andrew\Downloads\dds.com
2014-09-06 09:18 - 2014-09-06 09:17 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{45B4A410-1371-4AF6-B627-4ED38F730433}
2014-09-05 08:21 - 2014-09-05 08:20 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{F03A2A45-A655-4C39-B2A9-734ED7037804}
2014-09-04 08:27 - 2014-09-04 08:27 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{163CE179-A732-47E6-A6EC-5C200CF27889}
2014-09-03 08:07 - 2014-09-03 08:07 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{0BB67B1C-02F8-4F89-9A63-D53ECB141C09}
2014-09-02 17:12 - 2014-09-02 17:11 - 00011433 _____ () C:\Users\Andrew\Desktop\Book2.xlsx
2014-09-02 08:46 - 2009-07-14 10:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-02 08:34 - 2014-09-02 08:34 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{72BFED40-2137-4B79-BB42-16397C65D29E}
2014-09-01 08:43 - 2014-09-01 08:41 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{F1904E21-1545-4E46-9B98-F8DCB48CA5B1}
2014-08-30 09:16 - 2014-08-30 09:16 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{951414AA-647F-4878-9C52-D79B02A5E56D}
2014-08-30 09:14 - 2009-07-14 11:45 - 00408848 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-29 11:53 - 2014-08-29 11:53 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{E938CEAF-E950-455E-B91F-EF1215085CA9}
2014-08-28 09:01 - 2014-08-28 08:58 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{58DBCB23-A3C6-4176-AF6C-74D7103675DE}
2014-08-28 08:57 - 2012-05-02 19:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-27 08:25 - 2014-08-26 08:37 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{E947D52F-D2AC-464F-9243-E0A50C5F454B}
2014-08-25 11:34 - 2014-07-14 16:44 - 00010221 _____ () C:\Users\Andrew\Documents\Kapal.xlsx
2014-08-25 08:32 - 2014-08-25 08:32 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{2924B5F1-93BF-4D99-9113-1B7568B42046}
2014-08-23 10:42 - 2014-08-23 10:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-23 10:03 - 2011-12-06 15:35 - 00000000 ____D () C:\Users\Andrew\AppData\Local\Microsoft Help
2014-08-23 09:57 - 2014-08-23 09:36 - 00000000 ____D () C:\Users\Andrew\Desktop\Penawaran
2014-08-23 09:07 - 2014-08-28 09:06 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 08:45 - 2014-08-28 09:06 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 08:28 - 2014-08-23 08:25 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{8923D618-E047-422D-8B2B-8B7013EB6ED2}
2014-08-23 07:59 - 2014-08-28 09:06 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 08:22 - 2014-08-22 08:18 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{5D520B15-5DBB-410E-993D-9B37F01236F8}
2014-08-21 08:28 - 2014-08-21 08:28 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{88455C74-D7FB-416E-B709-CA5F01780A6F}
2014-08-20 01:05 - 2014-09-11 08:42 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-20 00:39 - 2014-09-11 08:42 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-19 06:01 - 2014-09-11 08:41 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-19 05:29 - 2014-09-11 08:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-19 05:29 - 2014-09-11 08:42 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-19 05:26 - 2014-09-11 08:41 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-19 05:20 - 2014-09-11 08:41 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-19 05:19 - 2014-09-11 08:41 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-19 05:15 - 2014-09-11 08:42 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-19 05:15 - 2014-09-11 08:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-19 05:14 - 2014-09-11 08:42 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-19 05:14 - 2014-09-11 08:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-19 05:08 - 2014-09-11 08:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-19 05:08 - 2014-09-11 08:42 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-19 05:08 - 2014-09-11 08:41 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-19 05:05 - 2014-09-11 08:42 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-19 05:03 - 2014-09-11 08:42 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-19 05:03 - 2014-09-11 08:42 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-19 05:03 - 2014-09-11 08:41 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-19 04:57 - 2014-09-11 08:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-19 04:56 - 2014-09-11 08:41 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-19 04:51 - 2014-09-11 08:42 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-19 04:46 - 2014-09-11 08:42 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-19 04:45 - 2014-09-11 08:42 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-19 04:45 - 2014-09-11 08:42 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-19 04:44 - 2014-09-11 08:42 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-19 04:44 - 2014-09-11 08:41 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-19 04:42 - 2014-09-11 08:41 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-19 04:40 - 2014-09-11 08:42 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-19 04:39 - 2014-09-11 08:42 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-19 04:39 - 2014-09-11 08:42 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-19 04:39 - 2014-09-11 08:42 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-19 04:38 - 2014-09-11 08:42 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-19 04:37 - 2014-09-11 08:42 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-19 04:36 - 2014-09-11 08:42 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-19 04:35 - 2014-09-11 08:41 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-19 04:27 - 2014-09-11 08:42 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-19 04:25 - 2014-09-11 08:42 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-19 04:25 - 2014-09-11 08:42 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-19 04:23 - 2014-09-11 08:41 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-19 04:23 - 2014-09-11 08:41 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-19 04:22 - 2014-09-11 08:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-19 04:19 - 2014-09-11 08:42 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-19 04:17 - 2014-09-11 08:42 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-19 04:17 - 2014-09-11 08:42 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-19 04:16 - 2014-09-11 08:41 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-19 04:15 - 2014-09-11 08:41 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-19 04:15 - 2014-09-11 08:41 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-19 04:09 - 2014-09-11 08:42 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-19 04:08 - 2014-09-11 08:41 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-19 04:07 - 2014-09-11 08:41 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-19 03:55 - 2014-09-11 08:41 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-19 03:46 - 2014-09-11 08:41 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-19 03:38 - 2014-09-11 08:41 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-19 03:38 - 2014-09-11 08:41 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-19 03:36 - 2014-09-11 08:41 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-08-16 09:00 - 2014-08-16 09:00 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{B360D4AA-15F9-4CA6-A3FC-2DB661665897}
2014-08-15 08:25 - 2014-08-15 08:25 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{74E8D04D-3E2E-4E84-A0DA-71C6E18430DD}
2014-08-15 08:20 - 2009-07-14 10:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-08-14 08:52 - 2014-08-14 08:52 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{9F9D9210-3960-4D4B-9931-58755298A924}
2014-08-13 15:47 - 2011-12-07 18:16 - 00000000 ____D () C:\Users\Andrew\AppData\Local\Windows Live
2014-08-13 14:33 - 2014-08-13 14:33 - 03644976 _____ () C:\Users\Andrew\Downloads\rincianbiaya.zip
2014-08-13 09:38 - 2014-08-12 15:52 - 00017005 _____ () C:\Users\Andrew\Desktop\Trucking Gross Profit 2014.xlsx
2014-08-13 08:30 - 2014-08-13 08:30 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{53DA6533-AA4B-434A-B842-7312FF342FBF}
 
Files to move or delete:
====================
C:\Users\Andrew\bitsse.exe
C:\Users\Andrew\ifsuNAPC.exe
C:\Users\Andrew\mapimo.exe
C:\Users\Andrew\pegwsh.exe
C:\Users\Andrew\pwrshdbg.exe
C:\Users\Andrew\RstrKBD.exe
C:\Users\Andrew\taskC_1.exe
C:\Users\Andrew\WldKBD.exe
C:\Users\Andrew\wpdsnetwo.exe
C:\Users\Andrew\XAPOTimeDateM.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-08 11:35
 
==================== End Of Log ============================


#9 Bootsektor

Bootsektor

  • Malware Response Team
  • 216 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Northern Germany
  • Local time:10:07 AM

Posted 13 September 2014 - 02:32 AM

 Hello Andrew,
 
 combofix has already deleted many infected data, but there are still infections left, please perform now the following instructions++We need to run a fix with FRST:

 

Step 1

  • Please download the attached fixlist.txt file and save it to the same location as FRST
    Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply

 

Step 2
Please download Treesize Free   and look with that tool what causes the decrease
of free space in drive d:\
 

  • install tree size free in the suggested direction
  • check launch tree size free as administrator
  •   click ok
  •    click in the tabs section on scan and change the directory to d:\
  •    go on view -> show Details -> show Directory Tree and details columns
  •   figure out what causes the decrease of free space, make a screenshot and post it in your thread

  

 

 

 
Step 3

 

Please restart FRST.

  • Leave the settings unchanged and press Scan.
  • When the scan is finished, a new logfile FRST.txt will be created and saved on your desktop.
  • Please post the content of the logfile here in your thread.

Attached Files


regards,

 

Sandra


#10 Bootsektor

Bootsektor

  • Malware Response Team
  • 216 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Northern Germany
  • Local time:10:07 AM

Posted 15 September 2014 - 06:39 PM

Hello,

are you still with me?

Please notice:
If you do not reply within the next 48 hours, I assume that you do not need my help anymore and this topic will be closed.


regards,

 

Sandra


#11 hamkiez

hamkiez
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:07 PM

Posted 15 September 2014 - 08:17 PM

Hi Sandra,

 

I'm terribly sorry because I couldn't get back to you these past few days. My internet connection gone wrong in my housing area. Today I ran the advice you suggested and this is the result. 

 

Fixlog result:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-09-2014
Ran by Andrew at 2014-09-16 08:10:39 Run:1
Running from C:\Users\Andrew\Downloads
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKU\S-1-5-21-3885811293-4044738158-880651485-1000\...\Run: [NTIxMzlBRUYwMTQ1M0U2OU] => C:\Users\Andrew\mapimo.exe [260608 2012-12-11] (Gerald)
HKU\S-1-5-21-3885811293-4044738158-880651485-1000\...\Run: [NTIwQTk0N0Y4NzhCRTgxN0] => C:\Users\Andrew\pwrshdbg.exe [165376 2012-11-06] (Unity)
HKU\S-1-5-21-3885811293-4044738158-880651485-1000\...\Run: [M0M1NzY2QjBBOEVDQjUyNz] => C:\Users\Andrew\wpdsnetwo.exe [274944 2013-01-02] (Clown)
C:\Users\Andrew\bitsse.exe
C:\Users\Andrew\ifsuNAPC.exe
C:\Users\Andrew\mapimo.exe
C:\Users\Andrew\pegwsh.exe
C:\Users\Andrew\pwrshdbg.exe
C:\Users\Andrew\RstrKBD.exe
C:\Users\Andrew\taskC_1.exe
C:\Users\Andrew\WldKBD.exe
C:\Users\Andrew\wpdsnetwo.exe
C:\Users\Andrew\XAPOTimeDateM.exe
*****************
 
HKU\S-1-5-21-3885811293-4044738158-880651485-1000\Software\Microsoft\Windows\CurrentVersion\Run\\NTIxMzlBRUYwMTQ1M0U2OU => value deleted successfully.
HKU\S-1-5-21-3885811293-4044738158-880651485-1000\Software\Microsoft\Windows\CurrentVersion\Run\\NTIwQTk0N0Y4NzhCRTgxN0 => value deleted successfully.
HKU\S-1-5-21-3885811293-4044738158-880651485-1000\Software\Microsoft\Windows\CurrentVersion\Run\\M0M1NzY2QjBBOEVDQjUyNz => value deleted successfully.
C:\Users\Andrew\bitsse.exe => Moved successfully.
C:\Users\Andrew\ifsuNAPC.exe => Moved successfully.
C:\Users\Andrew\mapimo.exe => Moved successfully.
C:\Users\Andrew\pegwsh.exe => Moved successfully.
C:\Users\Andrew\pwrshdbg.exe => Moved successfully.
C:\Users\Andrew\RstrKBD.exe => Moved successfully.
C:\Users\Andrew\taskC_1.exe => Moved successfully.
C:\Users\Andrew\WldKBD.exe => Moved successfully.
C:\Users\Andrew\wpdsnetwo.exe => Moved successfully.
C:\Users\Andrew\XAPOTimeDateM.exe => Moved successfully.
 
==== End of Fixlog ====


#12 hamkiez

hamkiez
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:07 PM

Posted 15 September 2014 - 08:22 PM

this is the screenshot of the Treesize:

 

  

Attached Files



#13 hamkiez

hamkiez
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:07 PM

Posted 15 September 2014 - 08:28 PM

And this is the result from FRST:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-09-2014
Ran by Andrew (administrator) on ANDREW-PC on 16-09-2014 08:24:34
Running from C:\Users\Andrew\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ASUS) C:\Program Files (x86)\ASUS\FaceLogon\smartlogon.exe
(ASUSTeK Computer Inc.) C:\Windows\System32\FBAgent.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
() C:\Windows\SysWOW64\srvany.exe
() C:\Windows\KMService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUS) C:\Program Files (x86)\ASUS\FaceLogon\sensorsrv.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTeK) C:\Windows\SysWOW64\ACEngSvr.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Unity) C:\FRST\Quarantine\C\Users\Andrew\pwrshdbg.exe.xBAD
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 4620 series\Bin\ScanToPCActivationApp.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\Messenger\Ymsgr_tray.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Virage Logic Corporation / Sonic Focus) C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
(Clown) C:\FRST\Quarantine\C\Users\Andrew\wpdsnetwo.exe.xBAD
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(ASUS) C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Gerald) C:\FRST\Quarantine\C\Users\Andrew\mapimo.exe.xBAD
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 4620 series\Bin\HPNetworkCommunicator.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(ASUS) C:\Windows\AsScrPro.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(JAM Software) C:\Program Files (x86)\JAM Software\TreeSize Free\TreeSizeFree.exe
(Microsoft Corporation) C:\Windows\System32\mspaint.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2589992 2011-04-13] (ELAN Microelectronics Corp.)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [361984 2011-03-21] (Alcor Micro Corp.)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2188904 2011-01-18] (Realtek Semiconductor)
HKLM\...\Run: [AtherosBtStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [926880 2011-06-01] (Atheros Commnucations)
HKLM\...\Run: [AthBtTray] => C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe [792736 2011-06-01] (Atheros Commnucations)
HKLM\...\Run: [Setwallpaper] => c:\programdata\SetWallpaper.cmd
HKLM-x32\...\Run: [Nuance PDF Reader-reminder] => C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe [328992 2008-11-04] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [2018032 2011-04-02] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe [731472 2011-02-23] (ecareme)
HKLM-x32\...\Run: [SonicMasterTray] => C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [984400 2010-07-10] (Virage Logic Corporation / Sonic Focus)
HKLM-x32\...\Run: [ATKOSD2] => C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [5732992 2010-08-18] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] => C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-10-08] (ASUS)
HKLM-x32\...\Run: [HControlUser] => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-20] (ASUS)
HKLM-x32\...\Run: [UpdateLBPShortCut] => C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-20] (CyberLink Corp.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [74752 2011-10-27] (Nullsoft, Inc.)
HKLM-x32\...\Run: [Wireless Console 3] => C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2317312 2011-09-13] (ASUS)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3885811293-4044738158-880651485-1000\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6497592 2011-11-23] (Yahoo! Inc.)
HKU\S-1-5-21-3885811293-4044738158-880651485-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [720064 2013-04-22] (Microsoft Corporation)
HKU\S-1-5-21-3885811293-4044738158-880651485-1000\...\Run: [HP Deskjet 4620 series (NET)] => C:\Program Files\HP\HP Deskjet 4620 series\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-3885811293-4044738158-880651485-1000\...\Run: [NTIxMzlBRUYwMTQ1M0U2OU] => C:\Users\Andrew\mapimo.exe
HKU\S-1-5-21-3885811293-4044738158-880651485-1000\...\Run: [M0M1NzY2QjBBOEVDQjUyNz] => C:\Users\Andrew\wpdsnetwo.exe
HKU\S-1-5-21-3885811293-4044738158-880651485-1000\...\Run: [NTIwQTk0N0Y4NzhCRTgxN0] => C:\Users\Andrew\pwrshdbg.exe
HKU\S-1-5-21-3885811293-4044738158-880651485-1000\...\CurrentVersion\Windows: [Load] C:\Users\Andrew\pwrshdbg.exe <===== ATTENTION
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk
ShortcutTarget: AsusVibeLauncher.lnk -> C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.8.150\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft SharePoint Workspace.lnk
ShortcutTarget: Microsoft SharePoint Workspace.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
Startup: C:\Users\Andrew\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk
ShortcutTarget: OneNote 2010 Screen Clipper and Launcher.lnk -> C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: AsusWSShellExt_B -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
ShellIconOverlayIdentifiers: AsusWSShellExt_O -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\ASUSWSShellExt64.dll (eCareme Technologies, Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyServer: 192.168.2.12:808
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = 
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
BHO-x32: MSS+ Identifier -> {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} -> C:\Program Files\McAfee Security Scan\3.8.150\McAfeeMSS_IE.dll (McAfee, Inc.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Google Dictionary Compression sdch -> {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} -> C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} -  No File
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\..\Interfaces\{530360E6-0C01-4678-A3B1-A9770AE12BE9}: [NameServer] 203.142.82.224,182.253.236.236
 
FireFox:
========
FF ProfilePath: C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\ma3akms2.default
FF NetworkProxy: "backup.ftp", "192.168.137.1"
FF NetworkProxy: "backup.ftp_port", 808
FF NetworkProxy: "backup.socks", "192.168.137.1"
FF NetworkProxy: "backup.socks_port", 808
FF NetworkProxy: "backup.ssl", "192.168.137.1"
FF NetworkProxy: "backup.ssl_port", 808
FF NetworkProxy: "ftp", "192.168.137.1"
FF NetworkProxy: "ftp_port", 808
FF NetworkProxy: "http", "192.168.137.1"
FF NetworkProxy: "http_port", 808
FF NetworkProxy: "share_proxy_settings", true
FF NetworkProxy: "socks", "192.168.137.1"
FF NetworkProxy: "socks_port", 808
FF NetworkProxy: "ssl", "192.168.137.1"
FF NetworkProxy: "ssl_port", 808
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @t-immersion.com/DFusionHomeWebPlugIn -> C:\Program Files (x86)\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll (Total Immersion)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: ZEON/PDF,version=2.0 -> C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF Plugin HKCU: @yahoo.com/BrowserPlus,version=2.9.8 -> C:\Users\Andrew\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
FF user.js: detected! => C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\ma3akms2.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll (Nullsoft, Inc.)
FF Extension: Yahoo! Toolbar - C:\Users\Andrew\AppData\Roaming\Mozilla\Firefox\Profiles\ma3akms2.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2014-06-30]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF HKCU\...\Firefox\Extensions: [{e4f94d1e-2f53-401e-8885-681602c0ddd8}] - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi
FF Extension: McAfee Security Scan Plus - C:\ProgramData\McAfee Security Scan\Extensions\{e4f94d1e-2f53-401e-8885-681602c0ddd8}.xpi [2014-04-04]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.com/ig/redirectdomain?brand=ASUT&bmod=ASUT
CHR StartupUrls: Default -> "hxxp://www.google.com/ig/redirectdomain?brand=ASUT&bmod=ASUT"
CHR DefaultSearchKeyword: Default -> 7069D233D0FAB21ECAD0711E43C3A354F1DA101E62C7559184AE853C3608D736
CHR DefaultSearchURL: Default -> 5FD22109522C2230382960348213BAA8C2B7D382018C8F1C244AFB963BBA8A3D
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.120\pdf.dll ()
CHR Plugin: (Skype Toolbars) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.7.0.8773_0\npSkypeChromePlugin.dll No File
CHR Plugin: (Winamp Application Detector) - C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll (Nullsoft, Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll No File
CHR Plugin: (Zeon Plus) - C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
CHR Plugin: (D'Fusion @Home Web Plug-In (3.20.20164)) - C:\Program Files (x86)\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll (Total Immersion)
CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - C:\Users\Andrew\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll (Yahoo! Inc.)
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
CHR Profile: C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-02-06]
CHR Extension: (Google Drive) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-06]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-28]
CHR Extension: (YouTube) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-06]
CHR Extension: (Google Search) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-06]
CHR Extension: (Skype Click to Call) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-02-06]
CHR Extension: (Google Wallet) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
CHR Extension: (Gmail) - C:\Users\Andrew\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-06]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2011-11-14]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Atheros Bt&Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [138400 2011-06-01] (Atheros) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [97952 2011-06-01] (Atheros Commnucations) [File not signed]
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [923136 2009-05-21] (Hewlett-Packard Co.) [File not signed]
R2 KMService; C:\Windows\SysWOW64\srvany.exe [8192 2003-04-18] () [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.8.150\McCHSvc.exe [289256 2014-04-09] (McAfee, Inc.)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
S3 BTATH_VDP; C:\Windows\System32\drivers\btath_vdp.sys [420896 2011-06-01] (Atheros)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-16 08:14 - 2014-09-16 08:14 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\JAM Software
2014-09-16 08:14 - 2014-09-16 08:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Free
2014-09-16 08:14 - 2014-09-16 08:14 - 00000000 ____D () C:\Program Files (x86)\JAM Software
2014-09-16 08:13 - 2014-09-16 08:14 - 05048584 _____ (JAM Software ) C:\Users\Andrew\Downloads\TreeSizeFreeSetup.exe
2014-09-15 09:33 - 2014-09-15 09:34 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{359FB034-ECFA-4D01-8308-FB152DFB451D}
2014-09-12 13:38 - 2014-09-12 13:38 - 00000000 ____D () C:\Users\Andrew\Downloads\FRST-OlderVersion
2014-09-12 13:33 - 2014-09-12 13:33 - 00002238 _____ () C:\Users\Andrew\Downloads\FSS.txt
2014-09-12 13:32 - 2014-09-12 13:32 - 00415232 _____ (Farbar) C:\Users\Andrew\Downloads\FSS.exe
2014-09-12 13:27 - 2014-09-12 13:27 - 00074649 _____ () C:\ComboFix.txt
2014-09-12 13:02 - 2014-09-12 13:27 - 00000000 ____D () C:\Qoobox
2014-09-12 13:02 - 2014-09-12 13:23 - 00000000 ____D () C:\Windows\erdnt
2014-09-12 13:02 - 2011-06-26 13:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-09-12 13:02 - 2010-11-08 00:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-09-12 13:02 - 2009-04-20 11:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-09-12 13:02 - 2000-08-31 07:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-09-12 13:02 - 2000-08-31 07:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-09-12 13:02 - 2000-08-31 07:00 - 00098816 _____ () C:\Windows\sed.exe
2014-09-12 13:02 - 2000-08-31 07:00 - 00080412 _____ () C:\Windows\grep.exe
2014-09-12 13:02 - 2000-08-31 07:00 - 00068096 _____ () C:\Windows\zip.exe
2014-09-12 12:53 - 2014-09-12 12:57 - 05577449 ____R (Swearware) C:\Users\Andrew\Downloads\ComboFix.exe
2014-09-12 08:58 - 2014-09-12 09:01 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{038162B4-C328-4929-9E43-56AE04837175}
2014-09-11 08:42 - 2014-08-20 01:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-11 08:42 - 2014-08-20 00:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-11 08:42 - 2014-08-19 05:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-11 08:42 - 2014-08-19 05:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-11 08:42 - 2014-08-19 05:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-11 08:42 - 2014-08-19 05:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-11 08:42 - 2014-08-19 05:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-11 08:42 - 2014-08-19 05:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-11 08:42 - 2014-08-19 05:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-11 08:42 - 2014-08-19 05:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-11 08:42 - 2014-08-19 05:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-11 08:42 - 2014-08-19 05:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-11 08:42 - 2014-08-19 04:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-11 08:42 - 2014-08-19 04:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-11 08:42 - 2014-08-19 04:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-11 08:42 - 2014-08-19 04:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-11 08:42 - 2014-08-19 04:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-11 08:42 - 2014-08-19 04:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-11 08:42 - 2014-08-19 04:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-11 08:42 - 2014-08-19 04:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 08:42 - 2014-08-19 04:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-11 08:42 - 2014-08-19 04:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-11 08:42 - 2014-08-19 04:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-11 08:42 - 2014-08-19 04:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-11 08:42 - 2014-08-19 04:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-11 08:42 - 2014-08-19 04:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-11 08:42 - 2014-08-19 04:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 08:42 - 2014-08-19 04:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-11 08:42 - 2014-08-19 04:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-11 08:42 - 2014-08-19 04:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-11 08:42 - 2014-08-19 04:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-11 08:42 - 2014-08-19 04:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-11 08:41 - 2014-08-19 06:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 08:41 - 2014-08-19 05:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-11 08:41 - 2014-08-19 05:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 08:41 - 2014-08-19 05:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-11 08:41 - 2014-08-19 05:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-11 08:41 - 2014-08-19 05:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-11 08:41 - 2014-08-19 05:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-11 08:41 - 2014-08-19 04:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-11 08:41 - 2014-08-19 04:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-11 08:41 - 2014-08-19 04:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-11 08:41 - 2014-08-19 04:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-11 08:41 - 2014-08-19 04:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 08:41 - 2014-08-19 04:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-11 08:41 - 2014-08-19 04:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-11 08:41 - 2014-08-19 04:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 08:41 - 2014-08-19 04:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-11 08:41 - 2014-08-19 04:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 08:41 - 2014-08-19 04:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-11 08:41 - 2014-08-19 04:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-11 08:41 - 2014-08-19 03:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 08:41 - 2014-08-19 03:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-11 08:41 - 2014-08-19 03:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-11 08:41 - 2014-08-19 03:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-11 08:41 - 2014-08-19 03:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-11 08:25 - 2014-06-27 09:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-11 08:25 - 2014-06-27 08:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-11 08:19 - 2014-09-11 08:20 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{79BB48A8-6F88-4F3F-BAA0-4C094D78D7C3}
2014-09-10 14:47 - 2014-09-10 14:49 - 00042766 _____ () C:\Users\Andrew\Downloads\Addition.txt
2014-09-10 14:44 - 2014-09-16 08:24 - 00025074 _____ () C:\Users\Andrew\Downloads\FRST.txt
2014-09-10 14:44 - 2014-09-16 08:24 - 00000000 ____D () C:\FRST
2014-09-10 14:42 - 2014-09-12 13:38 - 02105856 _____ (Farbar) C:\Users\Andrew\Downloads\FRST64.exe
2014-09-10 09:41 - 2014-08-01 18:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 09:41 - 2014-08-01 18:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-10 09:39 - 2014-07-07 09:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 09:39 - 2014-07-07 09:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 09:39 - 2014-07-07 08:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-10 09:39 - 2014-07-07 08:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-10 09:39 - 2014-07-07 08:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-10 09:39 - 2014-06-24 10:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 09:39 - 2014-06-24 09:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-10 08:55 - 2014-09-10 08:55 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{3257BDC7-7E82-4C53-B351-275E3E15B189}
2014-09-09 08:17 - 2014-09-09 08:18 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{FCE2CD93-C6B7-4EC5-98C1-431BEE413F59}
2014-09-08 08:05 - 2014-09-08 08:05 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{87B84B69-4DC5-4917-9156-ADE3D38CBDD4}
2014-09-06 11:30 - 2014-09-06 11:30 - 00009023 _____ () C:\Users\Andrew\Downloads\attach (1).txt
2014-09-06 11:25 - 2014-09-06 11:25 - 00015625 _____ () C:\Users\Andrew\Downloads\attach.txt
2014-09-06 11:12 - 2014-09-06 11:12 - 00009023 _____ () C:\Users\Andrew\Desktop\attach.txt
2014-09-06 11:12 - 2014-09-06 11:11 - 00029623 _____ () C:\Users\Andrew\Desktop\dds.txt
2014-09-06 11:09 - 2014-09-06 11:10 - 00688992 ____R (Swearware) C:\Users\Andrew\Downloads\dds.com
2014-09-06 09:17 - 2014-09-06 09:18 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{45B4A410-1371-4AF6-B627-4ED38F730433}
2014-09-05 08:20 - 2014-09-05 08:21 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{F03A2A45-A655-4C39-B2A9-734ED7037804}
2014-09-04 08:27 - 2014-09-04 08:27 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{163CE179-A732-47E6-A6EC-5C200CF27889}
2014-09-03 08:07 - 2014-09-03 08:07 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{0BB67B1C-02F8-4F89-9A63-D53ECB141C09}
2014-09-02 17:11 - 2014-09-02 17:12 - 00011433 _____ () C:\Users\Andrew\Desktop\Book2.xlsx
2014-09-02 08:34 - 2014-09-02 08:34 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{72BFED40-2137-4B79-BB42-16397C65D29E}
2014-09-01 08:41 - 2014-09-01 08:43 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{F1904E21-1545-4E46-9B98-F8DCB48CA5B1}
2014-08-30 09:16 - 2014-08-30 09:16 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{951414AA-647F-4878-9C52-D79B02A5E56D}
2014-08-29 11:53 - 2014-08-29 11:53 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{E938CEAF-E950-455E-B91F-EF1215085CA9}
2014-08-28 09:06 - 2014-08-23 09:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 09:06 - 2014-08-23 08:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-28 09:06 - 2014-08-23 07:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-28 08:58 - 2014-08-28 09:01 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{58DBCB23-A3C6-4176-AF6C-74D7103675DE}
2014-08-26 08:37 - 2014-08-27 08:25 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{E947D52F-D2AC-464F-9243-E0A50C5F454B}
2014-08-25 08:32 - 2014-08-25 08:32 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{2924B5F1-93BF-4D99-9113-1B7568B42046}
2014-08-23 10:42 - 2014-08-23 10:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-23 09:36 - 2014-08-23 09:57 - 00000000 ____D () C:\Users\Andrew\Desktop\Penawaran
2014-08-23 08:25 - 2014-08-23 08:28 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{8923D618-E047-422D-8B2B-8B7013EB6ED2}
2014-08-22 08:24 - 2014-05-14 23:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-22 08:24 - 2014-05-14 23:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-22 08:24 - 2014-05-14 23:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-22 08:24 - 2014-05-14 23:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-22 08:24 - 2014-05-14 23:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-22 08:24 - 2014-05-14 23:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-22 08:24 - 2014-05-14 23:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-22 08:24 - 2014-05-14 23:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-22 08:24 - 2014-05-14 23:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-22 08:24 - 2014-05-14 23:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-22 08:23 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-22 08:23 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-22 08:23 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-22 08:23 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-22 08:18 - 2014-08-22 08:22 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{5D520B15-5DBB-410E-993D-9B37F01236F8}
2014-08-21 08:28 - 2014-08-21 08:28 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{88455C74-D7FB-416E-B709-CA5F01780A6F}
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-16 08:26 - 2014-09-10 14:44 - 00025074 _____ () C:\Users\Andrew\Downloads\FRST.txt
2014-09-16 08:26 - 2011-04-02 11:36 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-16 08:24 - 2014-09-10 14:44 - 00000000 ____D () C:\FRST
2014-09-16 08:14 - 2014-09-16 08:14 - 00000000 ____D () C:\Users\Andrew\AppData\Roaming\JAM Software
2014-09-16 08:14 - 2014-09-16 08:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TreeSize Free
2014-09-16 08:14 - 2014-09-16 08:14 - 00000000 ____D () C:\Program Files (x86)\JAM Software
2014-09-16 08:14 - 2014-09-16 08:13 - 05048584 _____ (JAM Software ) C:\Users\Andrew\Downloads\TreeSizeFreeSetup.exe
2014-09-16 08:10 - 2011-11-23 21:54 - 00000000 ____D () C:\Users\Andrew
2014-09-16 08:09 - 2009-07-14 11:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-16 08:09 - 2009-07-14 11:45 - 00009920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-16 08:06 - 2011-08-13 00:02 - 01905196 _____ () C:\Windows\WindowsUpdate.log
2014-09-16 08:02 - 2011-11-23 23:28 - 00000000 ____D () C:\Users\Andrew\Documents\Bluetooth Folder
2014-09-16 08:01 - 2011-11-23 21:54 - 00045056 _____ () C:\Windows\SysWOW64\acovcnt.exe
2014-09-16 08:01 - 2011-04-02 11:36 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-16 08:01 - 2009-07-14 12:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-16 08:01 - 2009-07-14 11:51 - 00109708 _____ () C:\Windows\setupact.log
2014-09-15 17:23 - 2011-12-06 15:49 - 00000000 ____D () C:\Users\Andrew\Documents\Outlook Files
2014-09-15 17:22 - 2013-06-17 08:32 - 00002010 ____H () C:\Users\Andrew\Documents\Default.rdp
2014-09-15 16:54 - 2009-07-14 12:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-09-15 09:34 - 2014-09-15 09:33 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{359FB034-ECFA-4D01-8308-FB152DFB451D}
2014-09-12 16:40 - 2011-04-02 11:17 - 01466634 _____ () C:\Windows\PFRO.log
2014-09-12 15:05 - 2011-11-23 22:15 - 00816366 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-12 13:38 - 2014-09-12 13:38 - 00000000 ____D () C:\Users\Andrew\Downloads\FRST-OlderVersion
2014-09-12 13:38 - 2014-09-10 14:42 - 02105856 _____ (Farbar) C:\Users\Andrew\Downloads\FRST64.exe
2014-09-12 13:33 - 2014-09-12 13:33 - 00002238 _____ () C:\Users\Andrew\Downloads\FSS.txt
2014-09-12 13:32 - 2014-09-12 13:32 - 00415232 _____ (Farbar) C:\Users\Andrew\Downloads\FSS.exe
2014-09-12 13:27 - 2014-09-12 13:27 - 00074649 _____ () C:\ComboFix.txt
2014-09-12 13:27 - 2014-09-12 13:02 - 00000000 ____D () C:\Qoobox
2014-09-12 13:27 - 2009-07-14 10:20 - 00000000 __RHD () C:\Users\Default
2014-09-12 13:23 - 2014-09-12 13:02 - 00000000 ____D () C:\Windows\erdnt
2014-09-12 13:22 - 2009-07-14 09:34 - 00000215 _____ () C:\Windows\system.ini
2014-09-12 12:57 - 2014-09-12 12:53 - 05577449 ____R (Swearware) C:\Users\Andrew\Downloads\ComboFix.exe
2014-09-12 12:47 - 2014-08-12 15:37 - 00008941 _____ () C:\Users\Andrew\Documents\lintas.xlsx
2014-09-12 09:11 - 2012-01-09 00:53 - 00000000 ____D () C:\Users\Andrew\AppData\Local\CrashDumps
2014-09-12 09:01 - 2014-09-12 08:58 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{038162B4-C328-4929-9E43-56AE04837175}
2014-09-12 08:58 - 2011-12-06 21:20 - 00000000 ____D () C:\Users\Andrew\Tracing
2014-09-11 12:35 - 2009-07-14 10:20 - 00000000 ____D () C:\Windows\rescache
2014-09-11 08:41 - 2011-12-06 15:34 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-11 08:39 - 2009-07-14 12:13 - 00791394 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-11 08:38 - 2013-07-30 23:17 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 08:26 - 2011-11-23 23:38 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-11 08:20 - 2014-09-11 08:19 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{79BB48A8-6F88-4F3F-BAA0-4C094D78D7C3}
2014-09-10 14:49 - 2014-09-10 14:47 - 00042766 _____ () C:\Users\Andrew\Downloads\Addition.txt
2014-09-10 08:55 - 2014-09-10 08:55 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{3257BDC7-7E82-4C53-B351-275E3E15B189}
2014-09-09 08:18 - 2014-09-09 08:17 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{FCE2CD93-C6B7-4EC5-98C1-431BEE413F59}
2014-09-08 08:05 - 2014-09-08 08:05 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{87B84B69-4DC5-4917-9156-ADE3D38CBDD4}
2014-09-06 11:30 - 2014-09-06 11:30 - 00009023 _____ () C:\Users\Andrew\Downloads\attach (1).txt
2014-09-06 11:25 - 2014-09-06 11:25 - 00015625 _____ () C:\Users\Andrew\Downloads\attach.txt
2014-09-06 11:12 - 2014-09-06 11:12 - 00009023 _____ () C:\Users\Andrew\Desktop\attach.txt
2014-09-06 11:11 - 2014-09-06 11:12 - 00029623 _____ () C:\Users\Andrew\Desktop\dds.txt
2014-09-06 11:10 - 2014-09-06 11:09 - 00688992 ____R (Swearware) C:\Users\Andrew\Downloads\dds.com
2014-09-06 09:18 - 2014-09-06 09:17 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{45B4A410-1371-4AF6-B627-4ED38F730433}
2014-09-05 08:21 - 2014-09-05 08:20 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{F03A2A45-A655-4C39-B2A9-734ED7037804}
2014-09-04 08:27 - 2014-09-04 08:27 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{163CE179-A732-47E6-A6EC-5C200CF27889}
2014-09-03 08:07 - 2014-09-03 08:07 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{0BB67B1C-02F8-4F89-9A63-D53ECB141C09}
2014-09-02 17:12 - 2014-09-02 17:11 - 00011433 _____ () C:\Users\Andrew\Desktop\Book2.xlsx
2014-09-02 08:46 - 2009-07-14 10:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-02 08:34 - 2014-09-02 08:34 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{72BFED40-2137-4B79-BB42-16397C65D29E}
2014-09-01 08:43 - 2014-09-01 08:41 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{F1904E21-1545-4E46-9B98-F8DCB48CA5B1}
2014-08-30 09:16 - 2014-08-30 09:16 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{951414AA-647F-4878-9C52-D79B02A5E56D}
2014-08-30 09:14 - 2009-07-14 11:45 - 00408848 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-29 11:53 - 2014-08-29 11:53 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{E938CEAF-E950-455E-B91F-EF1215085CA9}
2014-08-28 09:01 - 2014-08-28 08:58 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{58DBCB23-A3C6-4176-AF6C-74D7103675DE}
2014-08-28 08:57 - 2012-05-02 19:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-08-27 08:25 - 2014-08-26 08:37 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{E947D52F-D2AC-464F-9243-E0A50C5F454B}
2014-08-25 11:34 - 2014-07-14 16:44 - 00010221 _____ () C:\Users\Andrew\Documents\Kapal.xlsx
2014-08-25 08:32 - 2014-08-25 08:32 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{2924B5F1-93BF-4D99-9113-1B7568B42046}
2014-08-23 10:42 - 2014-08-23 10:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-08-23 10:03 - 2011-12-06 15:35 - 00000000 ____D () C:\Users\Andrew\AppData\Local\Microsoft Help
2014-08-23 09:57 - 2014-08-23 09:36 - 00000000 ____D () C:\Users\Andrew\Desktop\Penawaran
2014-08-23 09:07 - 2014-08-28 09:06 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 08:45 - 2014-08-28 09:06 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 08:28 - 2014-08-23 08:25 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{8923D618-E047-422D-8B2B-8B7013EB6ED2}
2014-08-23 07:59 - 2014-08-28 09:06 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-22 08:22 - 2014-08-22 08:18 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{5D520B15-5DBB-410E-993D-9B37F01236F8}
2014-08-21 08:28 - 2014-08-21 08:28 - 00000000 ____D () C:\Users\Andrew\AppData\Local\{88455C74-D7FB-416E-B709-CA5F01780A6F}
2014-08-20 01:05 - 2014-09-11 08:42 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-20 00:39 - 2014-09-11 08:42 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-19 06:01 - 2014-09-11 08:41 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-19 05:29 - 2014-09-11 08:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-19 05:29 - 2014-09-11 08:42 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-19 05:26 - 2014-09-11 08:41 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-19 05:20 - 2014-09-11 08:41 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-19 05:19 - 2014-09-11 08:41 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-19 05:15 - 2014-09-11 08:42 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-19 05:15 - 2014-09-11 08:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-19 05:14 - 2014-09-11 08:42 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-19 05:14 - 2014-09-11 08:41 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-19 05:08 - 2014-09-11 08:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-19 05:08 - 2014-09-11 08:42 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-19 05:08 - 2014-09-11 08:41 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-19 05:05 - 2014-09-11 08:42 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-19 05:03 - 2014-09-11 08:42 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-19 05:03 - 2014-09-11 08:42 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-19 05:03 - 2014-09-11 08:41 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-19 04:57 - 2014-09-11 08:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-19 04:56 - 2014-09-11 08:41 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-19 04:51 - 2014-09-11 08:42 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-19 04:46 - 2014-09-11 08:42 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-19 04:45 - 2014-09-11 08:42 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-19 04:45 - 2014-09-11 08:42 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-19 04:44 - 2014-09-11 08:42 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-19 04:44 - 2014-09-11 08:41 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-19 04:42 - 2014-09-11 08:41 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-19 04:40 - 2014-09-11 08:42 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-19 04:39 - 2014-09-11 08:42 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-19 04:39 - 2014-09-11 08:42 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-19 04:39 - 2014-09-11 08:42 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-19 04:38 - 2014-09-11 08:42 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-19 04:37 - 2014-09-11 08:42 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-19 04:36 - 2014-09-11 08:42 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-19 04:35 - 2014-09-11 08:41 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-19 04:27 - 2014-09-11 08:42 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-19 04:25 - 2014-09-11 08:42 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-19 04:25 - 2014-09-11 08:42 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-19 04:23 - 2014-09-11 08:41 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-19 04:23 - 2014-09-11 08:41 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-19 04:22 - 2014-09-11 08:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-19 04:19 - 2014-09-11 08:42 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-19 04:17 - 2014-09-11 08:42 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-19 04:17 - 2014-09-11 08:42 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-19 04:16 - 2014-09-11 08:41 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-19 04:15 - 2014-09-11 08:41 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-19 04:15 - 2014-09-11 08:41 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-19 04:09 - 2014-09-11 08:42 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-19 04:08 - 2014-09-11 08:41 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-19 04:07 - 2014-09-11 08:41 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-19 03:55 - 2014-09-11 08:41 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-19 03:46 - 2014-09-11 08:41 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-19 03:38 - 2014-09-11 08:41 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-19 03:38 - 2014-09-11 08:41 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-19 03:36 - 2014-09-11 08:41 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-08 11:35
 
==================== End Of Log ============================


#14 Bootsektor

Bootsektor

  • Malware Response Team
  • 216 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Northern Germany
  • Local time:10:07 AM

Posted 17 September 2014 - 02:20 PM

Hello Andrew,

unfortunately this infection is stubborn, we need do perform a new fix with FRST. Also the screenshot of Treesize is very inconclusive, could you please adjust the output so, that I can see exactly what files were mostly created in the last time, thank you

Step 1
We need to run a fix with FRST:
 

  • Please download the attached fixlist.txt file and save it to the same location as FRST
    Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run, please post it to your reply



Step 2
Please configure Treesize Free so that I can see what files / directorys are created in the last time and were they are therefore


  • Open Treesize Freee again
  • choose D:\
  • resize the column Name so that you can see the foldernames
  • look in which folder most of the files were saved the last time and what folder decreases free space on d:\
  • look inside the folder so that you can see the foldernames
  • take a screenshot and post it here

Step 3
Please restart FRST.

  • Leave the settings unchanged and press Scan.
  • When the scan is finished, a new logfile FRST.txt will be created and saved on your desktop.
  • Please post the content of the logfile here in your thread.

 

 

 

Attached Files


regards,

 

Sandra


#15 hamkiez

hamkiez
  • Topic Starter

  • Members
  • 16 posts
  • OFFLINE
  •  
  • Local time:03:07 PM

Posted 18 September 2014 - 09:21 PM

Dear Sandra,

 

Following are the results from the FRST:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-09-2014
Ran by Andrew at 2014-09-19 09:17:07 Run:3
Running from C:\Users\Andrew\Downloads
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
(Clown) C:\FRST\Quarantine\C\Users\Andrew\wpdsnetwo.exe.xBAD
(Unity) C:\FRST\Quarantine\C\Users\Andrew\pwrshdbg.exe.xBAD
(Gerald) C:\FRST\Quarantine\C\Users\Andrew\mapimo.exe.xBAD
HKU\S-1-5-21-3885811293-4044738158-880651485-1000\...\Run: [NTIxMzlBRUYwMTQ1M0U2OU] => C:\Users\Andrew\mapimo.exe
HKU\S-1-5-21-3885811293-4044738158-880651485-1000\...\Run: [M0M1NzY2QjBBOEVDQjUyNz] => C:\Users\Andrew\wpdsnetwo.exe
HKU\S-1-5-21-3885811293-4044738158-880651485-1000\...\Run: [NTIwQTk0N0Y4NzhCRTgxN0] => C:\Users\Andrew\pwrshdbg.exe
HKU\S-1-5-21-3885811293-4044738158-880651485-1000\...\CurrentVersion\Windows: [Load] C:\Users\Andrew\pwrshdbg.exe <===== ATTENTION
C:\Users\Andrew\mapimo.exe
C:\Users\Andrew\wpdsnetwo.exe
C:\Users\Andrew\pwrshdbg.exe
reboot:
*****************
 
C:\FRST\Quarantine\C\Users\Andrew\wpdsnetwo.exe.xBAD => No running process found
C:\FRST\Quarantine\C\Users\Andrew\pwrshdbg.exe.xBAD => No running process found
C:\FRST\Quarantine\C\Users\Andrew\mapimo.exe.xBAD => No running process found
HKU\S-1-5-21-3885811293-4044738158-880651485-1000\Software\Microsoft\Windows\CurrentVersion\Run\\NTIxMzlBRUYwMTQ1M0U2OU => Value not found.
HKU\S-1-5-21-3885811293-4044738158-880651485-1000\Software\Microsoft\Windows\CurrentVersion\Run\\M0M1NzY2QjBBOEVDQjUyNz => Value not found.
HKU\S-1-5-21-3885811293-4044738158-880651485-1000\Software\Microsoft\Windows\CurrentVersion\Run\\NTIwQTk0N0Y4NzhCRTgxN0 => Value not found.
HKU\S-1-5-21-3885811293-4044738158-880651485-1000\Software\Microsoft\Windows NT\CurrentVersion\Windows\\Load => Value was restored successfully.
"C:\Users\Andrew\mapimo.exe" => File/Directory not found.
"C:\Users\Andrew\wpdsnetwo.exe" => File/Directory not found.
"C:\Users\Andrew\pwrshdbg.exe" => File/Directory not found.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users