Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Win32/DownloadAdmin.G + JS/Trackware.ReadNotify.A; Avast Rescue Disk Won't Run


  • This topic is locked This topic is locked
12 replies to this topic

#1 Tom1324

Tom1324

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 14 September 2014 - 08:47 PM

Hello, I am new to the forum.  I need some help debugging a Lenovo Ideapad Z585 laptop, running Windows 8.1, 64-bit.  Installed browsers are Internet Explorer (disabled as the default, and with highest security settings, and used only to access www.microsoft.com itself), and Firefox, v. 32.0.1 (latest, with NoScript 2.6.8.41, Adblock Plus 2.6.4, Bitdefender 0.9.9.142, and Hotspot Shield Extension 3.42 [currently disbabled, I notice] security add-ons).  Windows Firewall is installed and active.

This computer sudenly began to run extremely slowly about 10 days ago, and got progressively worse.  Not merely Internet or programs were slowed, but also boot-up, the appearance of the User login screen, and even the response on screen to entry of user password (which could take several minutes to show up after it was typed).  That was the first time this computer (about 15 months old) had ever had any problem.  I could not initially determine whether the slowdown was malware-related or due to failing hardware, damaged or corrupted drivers, Windows system files, etc.

Avast Free Antivius 2014, Malwarebytes Anti-Malware Free, v. 2.02.1012, and SUPERAntiSpyware Free Edition, v. 6.0.1130 were all previously installed, regularly updated, seemed to be running normally, and had not reported any problems.  I ran fresh scans of Avast (quick-scan, not full hard-drive file scan), Malwarebytes, and SUPERAntispyware, and all reported no infected files found.  I did not run a full antivirus scan with Avast at that point, since the computer was running so slowly it was only approximately 1% complete after about 10 hours, so I was forced to abort the scan to consider other troubleshooting.

I ran MemTest86 (overnight) to check the 6GB of system RAM, and it tested OK. I ran a hard drive utility (S.M.A.R.T) to check the 1TB internal HD, and no problems were reported.

Next I ran checkdisk on the C: drive, from within Windows (using the simple method in Win 8 of right-clicking the C: drive in File Explorer >> Properties >>Tools>>Error Checking).  It reported than no scan was needed because Windows did not find any errors on the drive.  I opted to do a scan anyway, and it reported that no errors were found.  Based on a suggestion at the Microsoft website, however, I then tried to run checkdisk /r or /f at bootup, but that did not launch, despite scheduling it to do so.  I tried running checkdisk again from a command prompt as Administrator
after booting to Safe Mode.  This did not work either, as I got a message that "checkdisk could not run on C:, since the volume was locked and in use by another program."  (Don't know if this was because of Windows itself loading, or perhaps Bitdefender Safe Boot that runs on the computer.)  I ran checkdisk in read-only mode (with no /r or /f switches) in Safe Mode, and that reported:  "The Volume Bitmap is incorrect.  Windows has checked the file system and found problems.  Please run checkdisk /scan to find the problems and queue them for repair."  I ran this scan from Safe Mode and got the following message: "A function call was made when the object was in an incorrect state for that function.  A snapshot error occurred while scanning this drive.  Run an offline scan and fix C:\> " Microsoft support suggested that if checkdisk will not run at boot up, this can be because the autochk.exe file (located in Windows/system32 folder) is missing or corrupted, and to run the system file checker utility instead.  (The autochk.exe file was there and in the proper folder, but I was unable to confirm whether it might have been corrupted.)  At an Administrator command prompt, I ran sfc /scannow and when verification was 100% complete, I got the following message:  "Windows Resource Protection found corrupt files but was unable to fix some of them.  Details are included in the CBS.Log windir\Logs\CBS.CBS.log." (I have attached this log file for your reference, in case it is relevant, but it is too long to paste as text here, since it includes the log of Event Viewer.)  For an analysis of the CBS log showing system file checker (SFC) entries, with the [SR] tag, see attached file entitled "sfcdetails.txt".  The only unrepaired file listed - "Amd64\CNBJ2530.DPB" of prncacla.inf - has to do with a Canon printer driver, and searching online this appears to be a frequent false positive and irrelevant, since I, like many others who get this error, am having no problems with printing and do not own a Canon printer. The Lenovo laptop comes with no recovery disk for Windows 8 or for the drivers, utilities, and software that are pre-installed.  Instead, there is a hidden recovery partition on the D: drive, and a utility (called OneKey Recovery system) that can be used to back up the system partition to an image file, or to do user backups.  I tried to perform a full system backup two times (to an external 2TB USB hard drive), but each time this process froze (at 38 and 39% complete) and failed after running for several hours.  (I now assume this was due to a virus.)  So I immediately did a manual backup of all the personal files on the computer, since complete boot failure seemed imminent.  This took several days, since the files were voluminous, the computer was running very slowly, and the computer would freeze whenever I attempted to back up any large collection of files at a time.  I also created a bootable Windows 8.1 Recovery Drive on a 16GB USB stick, and eventually started to boot from it, when booting to Windows from C: became too balky. I also created a Avast AV Boot Rescue Disk (on DVD-R), which was created OK and (initially) ran OK, once the BIOS settings were changed so that the system would boot from the DVD-RW drive first.  When I first ran an Avast boot scan, no problems were found at all, other than a false positive for an authorized product key generator file for a commercial ACDSee photo management program, that I have used for many years.  However, as soon as I rebooted to Windows after running this AV boot scan, the computer slowdown seemed to be fixed.  I now wonder, however, whether this was simply because the USB Windows Recovery Drive was still inserted in a USB port, and I was not booting from C: at all, and so was not experiencing the slowdown that still existed.  (When I checked Disk Management in the Microsoft Management Console [MMC], it reported that F: Recovery [i.e., the Windows Recovery Drive on USB stick] was the active partition, not C:\ .)  In any event, within a day or so, things slowed down again as much as ever.  A number of times, the system locked up entirely, and I was forced to perform a hard reboot. For the past few days, I have been unable to get the Avast AV Boot Rescue Disk to work at all.  If I turn off the computer, place the disk in the DVD drive, and start the computer, the computer boots straight to Windows (either with the USB-stick Windows Recovery Drive inserted, or not), no matter what order I set boot devices to be recognized in the BIOS.  Including if the DVD drive is listed first (which used to work), or second after the Windows Boot Manager.  (I have confirmed the DVD drive itself has not failed, and it is able to recognized and access DVDs from within Windows).  Also, over the last several days, Avast began to become more erratic. First it would not launch a limited file scan.  Then it began to give an error message that the Avast service was not running.  But pressing "Fix" or "Start" would merely launch a popup stating that an undefined process was keeping the Avast service from starting, and closing that would take me back to the error screen without fixing anything.  The definitions date got dropped from the status screen, and Task Manager showed the Avast service was stopped. I had considered uninstalling Avast (from Control Panel, then using a recommended cleanup utility called avastclear [http://www.avast.com/en-us/uninstall-utility] run in Safe Mode]; reinstalling Avast; then doing a full virus scan (assuming it would run at normal speed, and not take 100+ hours to complete).  But I was hesitant once the Avast Boot Rescue Disk no longer worked, since I was concerned if I had a malware infection, it might keep Avast from re-installing properly, and I could end up even worse off than before.  So yesterday, I decided to do an online virus scan instead.  I chose ESET, since it seemed to be the most highly recommended one that would both detect and remove any malware found.  It ran OK, and reported 34 infected files found, and 34 infected files cleaned:  one instance of Win32/DownloadAdmin.G (infecting cbsidlm-tr1-14-Secunia_Personal_Software_Inspector-BP-10717855.exe, in my Downloads folder), and 33 instances of JSTrackware.ReadNotify.A (infecting a series of eBook Travel Guide .pdf files that I had downloaded previously).  Here is the log of the ESET Online AV Scanner Results:

 

"C:\Users\User\Desktop\EB Done\Ultimate Travel Guides Collection\Vol. 2\14 South and Central America\10 Nicaragua & El Salvador\Lonely Planet Nicaragua & El Salvador\nic-el-directory_v1_m56577569830489993.pdf    JS/Trackware.ReadNotify.A potentially unwanted application    deleted - quarantined
C:\Users\User\Desktop\EB Done\Ultimate Travel Guides Collection\Vol. 2\14 South and Central America\10 Nicaragua & El Salvador\Lonely Planet Nicaragua & El Salvador\nic-el-health_v1_m56577569830489994.pdf    JS/Trackware.ReadNotify.A potentially unwanted application    deleted - quarantined
C:\Users\User\Desktop\EB Done\Ultimate Travel Guides Collection\Vol. 2\14 South and Central America\10 Nicaragua & El Salvador\Lonely Planet Nicaragua & El Salvador\nicaragua-el-salvador-language_v1_m56577569830489995.pdf    JS/Trackware.ReadNotify.A potentially unwanted application    deleted - quarantined
C:\Users\User\Desktop\EB Done\Ultimate Travel Guides Collection\Vol. 2\14 South and Central America\11 Guatemala\Lonely Planet Guatemala\guatemala-language_v1_m56577569830495601.pdf    JS/Trackware.ReadNotify.A potentially unwanted application    deleted - quarantined
C:\Users\User\Desktop\EB Done\Ultimate Travel Guides Collection\Vol. 2\14 South and Central America\12 Honduras\Lonely Planet Honduras & the Bay Islands\central-honduras_v1_m56577569830489916.pdf    JS/Trackware.ReadNotify.A potentially unwanted application    deleted - quarantined
C:\Users\User\Desktop\EB Done\Ultimate Travel Guides Collection\Vol. 2\14 South and Central America\12 Honduras\Lonely Planet Honduras & the Bay Islands\honduras-language_v1_m56577569830489923.pdf    JS/Trackware.ReadNotify.A potentially unwanted application    deleted - quarantined
C:\Users\User\Desktop\EB Done\Ultimate Travel Guides Collection\Vol. 2\14 South and Central America\12 Honduras\Lonely Planet Honduras & the Bay Islands\honduras-the-bay-islands-health_v1_m56577569830489922.pdf    JS/Trackware.ReadNotify.A potentially unwanted application    deleted - quarantined
C:\Users\User\Desktop\EB Done\Ultimate Travel Guides Collection\Vol. 2\14 South and Central America\13 Panama\Lonely Planet Panama\panama-language_v1_m56577569830490020.pdf    JS/Trackware.ReadNotify.A potentially unwanted application    deleted - quarantined
C:\Users\User\Desktop\EB Done\Ultimate Travel Guides Collection\Vol. 2\15 Mexico\Lonely Planet Baja & Los Cabos\baja--southern-baja_v1_m56577569830496005.pdf    JS/Trackware.ReadNotify.A potentially unwanted application    deleted - quarantined
C:\Users\User\Desktop\EB Done\Ultimate Travel Guides Collection\Vol. 2\15 Mexico\Lonely Planet Baja & Los Cabos\baja-directory-transport_v1_m56577569830496000.pdf    JS/Trackware.ReadNotify.A potentially unwanted application    deleted - quarantined
C:\Users\User\Desktop\EB Done\Ultimate Travel Guides Collection\Vol. 2\15 Mexico\Lonely Planet Baja & Los Cabos\baja-health_v1_m56577569830496001.pdf    JS/Trackware.ReadNotify.A potentially unwanted application    deleted - quarantined
C:\Users\User\Desktop\EB Done\Ultimate Travel Guides Collection\Vol. 2\15 Mexico\Lonely Planet Baja & Los Cabos\baja-language_v1_m56577569830496002.pdf    JS/Trackware.ReadNotify.A potentially unwanted application    deleted - quarantined
C:\Users\User\Desktop\EB Done\Ultimate Travel Guides Collection\Vol. 2\15 Mexico\Lonely Planet Baja & Los Cabos\baja-los-cabos-planning-information.pdf    JS/Trackware.ReadNotify.A potentially unwanted application    deleted - quarantined
C:\Users\User\Desktop\EB Done\Ultimate Travel Guides Collection\Vol. 2\15 Mexico\Lonely Planet Baja & Los Cabos\baja-los-cabos_v1_m56577569830496003.pdf    JS/Trackware.ReadNotify.A potentially unwanted application    deleted - quarantined
C:\Users\User\Desktop\EB Done\Ultimate Travel Guides Collection\Vol. 2\15 Mexico\Lonely Planet Mexican Spanish\mexican-spanish-english-mexican-spanish_v1_m56577569830491275.pdf    JS/Trackware.ReadNotify.A potentially unwanted application    deleted - quarantined
C:\Users\User\Desktop\EB Done\Ultimate Travel Guides Collection\Vol. 2\15 Mexico\Lonely Planet Mexican Spanish\mexican-spanish-food_v1_m56577569830491278.pdf    JS/Trackware.ReadNotify.A potentially unwanted application    deleted - quarantined
C:\Users\User\Desktop\EB Done\Ultimate Travel Guides Collection\Vol. 2\15 Mexico\Lonely Planet Mexican Spanish\mexican-spanish-introduction-tools.pdf    JS/Trackware.ReadNotify.A potentially unwanted application    deleted - quarantined
C:\Users\User\Desktop\EB Done\Ultimate Travel Guides Collection\Vol. 2\15 Mexico\Lonely Planet Mexican Spanish\mexican-spanish-practical_v1_m56577569830491276.pdf    JS/Trackware.ReadNotify.A potentially unwanted application    deleted - quarantined
C:\Users\User\Desktop\EB Done\Ultimate Travel Guides Collection\Vol. 2\15 Mexico\Lonely Planet Mexican Spanish\mexican-spanish-safe-travel_v1_m56577569830491279.pdf    JS/Trackware.ReadNotify.A potentially unwanted application    deleted - quarantined
C:\Users\User\Desktop\EB Done\Ultimate Travel Guides Collection\Vol. 2\15 Mexico\Lonely Planet Mexican Spanish\mexican-spanish-social_v1_m56577569830491277.pdf    JS/Trackware.ReadNotify.A potentially unwanted application    deleted - quarantined
C:\Users\User\Desktop\EB Done\Ultimate Travel Guides Collection\Vol. 2\15 Mexico\Lonely Planet Mexican Spanish\mexican-spanish-tools-chapter_v1_m56577569830496009.pdf    JS/Trackware.ReadNotify.A potentially unwanted application    deleted - quarantined
C:\Users\User\Desktop\EB Done\Ultimate Travel Guides Collection\Vol. 2\15 Mexico\Lonely Planet Puerto Vallarta & Pacific Mexico\Ixtapa-Zihuatanejo_v1_m56577569830490069.pdf    JS/Trackware.ReadNotify.A potentially unwanted application    deleted - quarantined
C:\Users\User\Desktop\EB Done\Ultimate Travel Guides Collection\Vol. 2\15 Mexico\Lonely Planet Puerto Vallarta & Pacific Mexico\pv-acapulco_v1_m56577569830490072.pdf    JS/Trackware.ReadNotify.A potentially unwanted application    deleted - quarantined
C:\Users\User\Desktop\EB Done\Ultimate Travel Guides Collection\Vol. 2\15 Mexico\Lonely Planet Puerto Vallarta & Pacific Mexico\pv-directory_v1_m56577569830490075.pdf    JS/Trackware.ReadNotify.A potentially unwanted application    deleted - quarantined
C:\Users\User\Desktop\EB Done\Ultimate Travel Guides Collection\Vol. 2\15 Mexico\Lonely Planet Puerto Vallarta & Pacific Mexico\pv-health_v1_m56577569830490076.pdf    JS/Trackware.ReadNotify.A potentially unwanted application    deleted - quarantined
C:\Users\User\Desktop\EB Done\Ultimate Travel Guides Collection\Vol. 2\15 Mexico\Lonely Planet Puerto Vallarta & Pacific Mexico\pv-language_v1_m56577569830490078.pdf    JS/Trackware.ReadNotify.A potentially unwanted application    deleted - quarantined
C:\Users\User\Desktop\EB Done\Ultimate Travel Guides Collection\Vol. 2\15 Mexico\Lonely Planet Puerto Vallarta & Pacific Mexico\pv-mazatlan_v1_m56577569830490062.pdf    JS/Trackware.ReadNotify.A potentially unwanted application    deleted - quarantined
C:\Users\User\Desktop\EB Done\Ultimate Travel Guides Collection\Vol. 2\15 Mexico\Lonely Planet Puerto Vallarta & Pacific Mexico\pv-nayarit_v1_m56577569830490064.pdf    JS/Trackware.ReadNotify.A potentially unwanted application    deleted - quarantined
C:\Users\User\Desktop\EB Done\Ultimate Travel Guides Collection\Vol. 2\15 Mexico\Lonely Planet Yucatan\yucatan-background-information_v1_m56577569830490126.pdf    JS/Trackware.ReadNotify.A potentially unwanted application    deleted - quarantined
C:\Users\User\Desktop\EB Done\Ultimate Travel Guides Collection\Vol. 2\15 Mexico\Lonely Planet Yucatan\yucatan-campeche-state_v1_m56577569830490130.pdf    JS/Trackware.ReadNotify.A potentially unwanted application    deleted - quarantined
C:\Users\User\Desktop\EB Done\Ultimate Travel Guides Collection\Vol. 2\15 Mexico\Lonely Planet Yucatan\yucatan-health_v1_m56577569830490135.pdf    JS/Trackware.ReadNotify.A potentially unwanted application    deleted - quarantined
C:\Users\User\Desktop\EB Done\Ultimate Travel Guides Collection\Vol. 2\15 Mexico\Lonely Planet Yucatan\yucatan-language_v1_m56577569830490136.pdf    JS/Trackware.ReadNotify.A potentially unwanted application    deleted - quarantined
C:\Users\User\Desktop\EB Done\Ultimate Travel Guides Collection\Vol. 2\15 Mexico\Lonely Planet Yucatan\yucatan-planning-information.pdf    JS/Trackware.ReadNotify.A potentially unwanted application    deleted - quarantined
C:\Users\User\Downloads\cbsidlm-tr1_14-Secunia_Personal_Software_Inspector-BP-10717855.exe    Win32/DownloadAdmin.G potentially unwanted application    deleted - quarantined"

 

ESET reported that Win32/DownloadAdmin.G is a Trojan virus.  From http://fixingcomputervirus.blogspot.com/2013/04/win32downloadadming-virus-removal.html, I found the following additional information :

"Win32/DownloadAdmin.G belongs to the category of Trojan virus which mainly makes damage in Windows platform. As a notorious virus, Win32/DownloadAdmin.G has the ability to access target PC secretly and spread its vicious components fast in PC. You may find out the existence of Win32/DownloadAdmin.G via using your trusted antivirus programs. However, they may only help you to detect Win32/DownloadAdmin.G virus but cannot remove it actually. You may wonder why. Typically, as a product of cyber criminals who want to gain money or useful data from victims, Win32/DownloadAdmin.G is endowed with the properties to bypass the detection and auto removal of antivirus. Though you have updated virus database to the latest one, you may still fail to remove Win32/DownloadAdmin.G with no luck.

"The longer you keep Win32/DownloadAdmin.G in your PC, the more threats it will bring. Basically, it may slow down the performance of affected PC via occupying large amounts of system resource. At the same time, it may smash the security protection of Windows and install additional threats which may contain redirect virus, ransomware or other malware in your PC. Delaying removing Win32/DownloadAdmin.G, you may be faced with Blue Screen or computer freeze. Thus, it is urgent to erase Win32/DownloadAdmin.G from PC timely once it is found.

***********************************************************

" How to remove Win32/DownloadAdmin.G manually?
1. To stop all Win32/DownloadAdmin.G, press CTRL+ALT+DELETE to open the Windows Task Manager.

2. Click on the "Processes" tab, search for Win32/DownloadAdmin.G, then right-click it and select "End Process" key.

 

**  Note:  When I did this, I found no Win32/DownloadAdmin.G process listed in Task Manager.
3. Click "Start" button and selecting "Run." Type "regedit" into the box and click "OK."

4. Once the Registry Editor is open, search for the registry key "HKEY_LOCAL_MACHINE\Software\ Win32/DownloadAdmin.G." Right-click this registry key and select "Delete."

 

**   NOTE:  I inspected the Winows Registry, making no changes, just to confirm that ESET had deleted all traces of the Win32/DownloadAdmin.G infection.  However, I was unable to navigate to the "HKEY_LOCAL_MACHINE\Software\ Win32/" folder, since it does not appear at all in the Registry. (!!)  I do not know if it is hidden or in fact deleted, and how to go about restoring it safely, under the circumstances.

5. Navigate to directory %PROGRAM_FILES%\ Win32/DownloadAdmin.G \ and delete the infected files manually.

%Windows%\system32\[rnd].
%AllUsersProfile%\Application Data\[tmp]
C:\windows\system32\services.exe\””
C:\Windows\winsxs\amd64_microsoft-windows-none_2b54b20ee6fa07b1\””
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunRegedit
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System “DisableRegedit”
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\{rnd}=disable

********************************************************************

 "Automatic Removal Tool (Recommended)
SpyHunter is a powerful, real-time anti-spyware application that designed to assist the average computer user in protecting their PC from malicious threats like worms, Trojans, rootkits, rogues, dialers, spyware, etc. It is important to notice that SpyHunter removal tool works well and should run alongside existing security programs without any conflicts.

Step 1. Click the Download icon below to install SpyHunter on your PC.


Step 2. After the installation, run SpyHunter and click “Malware Scan” button to have a full or quick scan on your computer.


Step 3. Choose Select all>Remove to get rid of all the detected threats on your PC.


Caution: Possible Ways to get Win32/DownloadAdmin.G!
1) downloading files/drivers from an unreliable web sites;
2) opening email or downloading media files that contain the activation code of the virus;
3) The virus has successfully hacked some famous social online communicate website such as Facebook, Twitter, Yahoo and sites like that. The web masters are not possible to have enough time to manage all corners of their websites. If you get any suspicious pop-up from a website, you have to be careful since the pop-up may not be from the website, instead, may be from Trojans that can control your PC within a short time if you click the pop-up.

Important Note: If you haven’t sufficient expertise in dealing with program files, processes, .dll files and registry entries, it may lead to mistakes damaging your system permanently. If you are not very good at computer, you are recommended to click here to download SpyHunter to automatically fix the virus for you.
Posted by Cherise Julia at 7:24 PM"   I decided, just to be safe, to delete the entire Secunia PSI (3.0.0.906) program from the computer.  I did this with Add/Remove Programs in Control Panel.  I was prompted to shut down Secunia first;  I did this from Task Manager.  Uninstall delayed at about 5% complete for quite a while, but eventually the Uninstaller said that uninstall was completed OK.  After a reboot, the program path C:\Program Files(x86)\Secunia\PSI was deleted.  And at this point the computer seemed to boot up and run at normal speed again. I also decided to delete the entire folder entitled Ultimate Travel Guides Collection, from C:\Desktop\EBDone (that contained the 33 instances of JS/Trackware.ReadNotify.A).  However, I still have a backup of this folder (including the 33 infected files) on the 2TB external USB HD that I used for backup (now powered down and disconnected) , so I will need help to quarantine or delete safely these files, so that I do not get reinfected.  The backup drive also contains a backup copy of the Win32/DownloadAdmin.G Trojan virus (infecting cbsidlm-tr1-14-Secunia_Personal_Software_Inspector-BP-10717855.exe, which was in my Downloads folder, which was backed up).  So I will need help also to quarantine and delete that virus, so that I do not get reinfected. The next thing that I did was delete Avast AV using Add/Remove Programs in Control Panel.  Uninstall said that it completed OK, but gave a message that some files might still be in their current location, until the next reboot.  When I checked C:\Program Files, the Avast Software folder and all of the files were still there.  So I rebooted (the computer now ran very fast, like nornal) and checked again, and all of the program files were deleted.  I then rebooted to Safe Mode and tried to run the avastclear utility, to perform a final cleanup if that was required.  However, this utility requires a user to enter the path to the program files, and since the entire Avast folder had already been deleted, no further action was possible. At this point (yesterday), I turned the computer off and removed the USB stick containg the Windows Recovery Drive.  I rebooted to regular Windows (C:\), and downloaded and installed a fresh copy of Avast! Free Antivirus, v. 2014.9.0.2021.  I did a custom install, to the default path (C:\Program Files\AVAST Software\Avast), allowing all component Shields (Files, Web, Mail) and Tools (except Software Updater [because if this is selected, it comes with Open Candy, which is adware offering other programs and which scans the user's system and sends data about it to the OC server]).  Installation completed OK, and the program launched OK.  I then attempted to run a full system virus scan of all files on the hard drives (C:, D:), including a full rootkit scan.  However, after running for several hours, Avast had not yet reached the 1% complete point, so I decided to cancel the scan and consider what other troubleshooting steps for possible additional malware or damaged system files might be appropriate.  Doing a Google seach for information about the Win32/DownloadAdmin.G Trojan virus lead me to an April 10, 2013 post on this forum by hearand now, who had an infection with this same Trojan virus, and who was most ably assisted by gringo_pr in helping to resolve this malware infection in a thorough way and to restore his computer to normal operation.  I would appreciate your asistance in resolving the problems I am having, in determining if I have any other malware infections, and guidance in how to determine if I have damaged other Windows system files and how best to go about repairs. Thank you very much for any assistance you can  provide.   XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX

 

I could not run the DDS utility to post its log; I received the compatibility mode error.  So I have instead run the Farbar Reccovery Scan Tool and posted its log, per the suggestion of Gringo in another topic.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by User (administrator) on COMPUTER on 14-09-2014 05:04:42
Running from C:\Users\User\Downloads
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(AnchorFree Inc.) C:\Program Files (x86)\Hotspot Shield\bin\af_proxy_cmd.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files (x86)\Hotspot Shield\bin\openvpn.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
(Lenovo) C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Logitech Inc.) C:\Program Files (x86)\Squeezebox\SqueezeTray.exe
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Logitech Inc.) C:\Program Files (x86)\Squeezebox\server\SqueezeSvr.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
(brother) C:\Program Files (x86)\Brownie\BrStsW64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(brother) C:\Program Files (x86)\Brownie\brpjp04a.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12937872 2012-07-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-07-10] (Realtek Semiconductor)
HKLM\...\Run: [BtPreLoad] => C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe [64640 2012-10-31] ()
HKLM\...\Run: [SynLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [665400 2012-11-30] (Synaptics)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-14] (Lenovo)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2013-04-08] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2013-04-08] (Lenovo(beijing) Limited)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3008824 2012-11-30] (Synaptics Incorporated)
HKLM-x32\...\Run: [332BigDog] => C:\Program Files (x86)\USB Camera2\VM332STI.EXE [548864 2012-03-20] (Vimicro)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [MuteSync] => C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe [343040 2012-02-03] (Lenovo)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1686528 2012-03-27] (Wondershare)
HKLM-x32\...\Run: [BrStsWnd] => C:\Program Files (x86)\Brownie\BrstsW64.exe [3697776 2012-06-21] (brother)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4086432 2014-09-13] (AVAST Software)
HKU\S-1-5-21-2110622740-2582871183-1856114374-1002\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7762712 2014-08-13] (SUPERAntiSpyware)
HKU\S-1-5-21-2110622740-2582871183-1856114374-1002\...\MountPoints2: {7bef184d-3517-11e4-bed0-2cd05ac82ff7} - "G:\WD SmartWare.exe" autoplay=true
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Media Server Tray Tool.lnk
ShortcutTarget: Logitech Media Server Tray Tool.lnk -> C:\Program Files (x86)\Squeezebox\SqueezeTray.exe (Logitech Inc.)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File
ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com
SearchScopes: HKLM - DefaultScope {C129A909-F275-4E0B-8626-7D9958CBCB89} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM - {C129A909-F275-4E0B-8626-7D9958CBCB89} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM-x32 - DefaultScope {C129A909-F275-4E0B-8626-7D9958CBCB89} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM-x32 - {C129A909-F275-4E0B-8626-7D9958CBCB89} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKCU - DefaultScope {C129A909-F275-4E0B-8626-7D9958CBCB89} URL =
SearchScopes: HKCU - {C129A909-F275-4E0B-8626-7D9958CBCB89} URL =
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: No Name -> {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} ->  No File
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095}
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\hpemsfjy.default
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 8555
FF NetworkProxy: "type", 4
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @videolan.org/vlc,version=2.0.6 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @exent.com/npExentControl,version=7.1.0.1 -> C:\Program Files (x86)\FreeRide Games\npExentControl.dll (Exent Technologies Ltd.)
FF Plugin-x32: @nitropdf.com/NitroPDF -> C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Bitdefender QuickScan - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\hpemsfjy.default\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2014-07-17]
FF Extension: SkipScreen - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\hpemsfjy.default\Extensions\SkipScreen@SkipScreen.xpi [2013-07-28]
FF Extension: NoScript - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\hpemsfjy.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013-06-11]
FF Extension: RightToClick - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\hpemsfjy.default\Extensions\{cd617375-6743-4ee8-bac4-fbf10f35729e}.xpi [2013-07-03]
FF Extension: Adblock Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\hpemsfjy.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-06-11]
FF Extension: DownThemAll! - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\hpemsfjy.default\Extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi [2013-06-26]
FF Extension: Hotspot Shield Helper (Please allow this installation) - C:\Program Files (x86)\Mozilla Firefox\extensions\afurladvisor@anchorfree.com [2014-09-12]
FF Extension: Hotspot Shield Extension - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\afproxy@anchorfree.com [2014-09-12]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-09-13]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com
CHR RestoreOnStartup: Default -> "hxxp://www.google.com"
CHR DefaultSuggestURL: Default -> {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-09-09]
CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-09-09]
CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-09-09]
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-09-09]
CHR Extension: (Chrome In-App Payments service) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-09]
CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-09-09]
CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx []
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-09-13]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-13] (SUPERAntiSpyware.com)
R2 AMD External Events Utility; C:\Windows\SysWOW64\atiesrxx.exe [0 2013-08-16] () [File not signed]
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-07-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [231040 2012-10-31] (Qualcomm Atheros Commnucations)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-09-13] (AVAST Software)
R2 hshld; C:\Program Files (x86)\Hotspot Shield\bin\cmw_srv.exe [919040 2014-05-16] (AnchorFree Inc.) [File not signed]
S3 HssTrayService; C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE [78512 2014-05-16] ()
S2 HssWd; C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe [430344 2014-05-16] ()
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
R3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-21] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-05-28] (Microsoft Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-05-28] (Microsoft Corporation)
R2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-12-13] (Nitro PDF Software)
S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
R2 SamSs; C:\Windows\SysWOW64\lsass.exe [0 2013-08-16] () [File not signed]
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-21] (Microsoft Corporation)
R2 Spooler; C:\Windows\SysWOW64\spoolsv.exe [0 2013-08-16] () [File not signed]
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-21] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-05-28] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-05-28] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices)
S2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-09-13] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-09-13] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-09-13] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-09-13] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-09-13] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-09-13] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-09-13] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-09-13] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
S1 HssDRV6; C:\Windows\system32\DRIVERS\hssdrv6.sys [44744 2014-05-16] (AnchorFree Inc.)
R2 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2014-03-19] (Anchorfree Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-05-28] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
R2 X5XSEx_Pr148; C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.Sys [56136 2012-08-02] (Exent Technologies Ltd.)
S3 BTATH_LWFLT; \SystemRoot\system32\DRIVERS\btath_lwflt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-14 05:04 - 2014-09-14 05:05 - 00019443 _____ () C:\Users\User\Downloads\FRST.txt
2014-09-14 05:03 - 2014-09-14 05:04 - 00000000 ____D () C:\FRST
2014-09-14 05:01 - 2014-09-14 05:01 - 02105856 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2014-09-13 21:57 - 2014-09-13 21:57 - 00688992 _____ (Swearware) C:\Users\User\Desktop\dds.com
2014-09-13 21:15 - 2014-09-14 01:46 - 00006808 _____ () C:\Users\User\Documents\Malware Forum Post.txt
2014-09-13 17:47 - 2014-09-13 17:50 - 00000306 _____ () C:\Users\User\Documents\JS_Trackware.ReadNotify.A.txt
2014-09-13 17:25 - 2014-09-13 21:16 - 00004329 _____ () C:\Users\User\Documents\Win32_DownloadAdmin.G.txt
2014-09-13 13:04 - 2014-09-13 13:04 - 00000000 ____D () C:\Users\User\AppData\Roaming\AVAST Software
2014-09-13 12:56 - 2014-09-13 12:56 - 00001953 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-09-13 12:56 - 2014-09-13 12:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-09-13 12:55 - 2014-09-13 13:04 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2014-09-13 12:55 - 2014-09-13 12:56 - 00427360 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2014-09-13 12:55 - 2014-09-13 12:55 - 01041168 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2014-09-13 12:55 - 2014-09-13 12:55 - 00426848 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys.1410638162578
2014-09-13 12:55 - 2014-09-13 12:55 - 00307344 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-09-13 12:55 - 2014-09-13 12:55 - 00224896 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-09-13 12:55 - 2014-09-13 12:55 - 00093568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2014-09-13 12:55 - 2014-09-13 12:55 - 00092008 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2014-09-13 12:55 - 2014-09-13 12:55 - 00079184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-09-13 12:55 - 2014-09-13 12:55 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-09-13 12:55 - 2014-09-13 12:55 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-09-13 12:55 - 2014-09-13 12:55 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-09-13 12:54 - 2014-09-13 12:54 - 00000000 ____D () C:\Program Files\AVAST Software
2014-09-13 12:39 - 2014-09-13 12:39 - 04862664 _____ (AVAST Software) C:\Users\User\Downloads\avast_free_antivirus_setup_online.exe
2014-09-13 12:39 - 2014-09-13 12:39 - 04862664 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup_online.exe
2014-09-13 11:57 - 2014-01-19 00:38 - 00270496 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-09-13 11:23 - 2014-09-13 11:23 - 00653306 _____ () C:\WINDOWS\PFRO.log
2014-09-13 08:51 - 2014-09-13 08:51 - 00008442 _____ () C:\Users\User\Documents\ESET Online AV Scanner Results.txt
2014-09-13 06:00 - 2014-09-13 06:00 - 02347384 _____ (ESET) C:\Users\User\Downloads\esetsmartinstaller_enu.exe
2014-09-13 05:48 - 2014-09-14 02:50 - 00128448 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-13 02:31 - 2014-09-13 02:31 - 00053593 _____ () C:\Users\User\Documents\sfcdetails.txt
2014-09-13 02:21 - 2014-09-13 02:21 - 00053593 _____ () C:\WINDOWS\sfcdetails.txt
2014-09-13 02:20 - 2014-09-13 02:20 - 00053593 _____ () C:\sfcdetails.txt
2014-09-13 02:19 - 2014-09-13 02:22 - 00053593 _____ () C:\WINDOWS\system32\sfcdetails.txt
2014-09-12 14:46 - 2014-09-12 14:47 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-11 03:11 - 2014-09-11 03:11 - 00053593 _____ () C:\Users\User\Desktop\sfcdetails.txt
2014-09-10 21:49 - 2014-09-10 21:49 - 00000000 ____D () C:\WINDOWS\pss
2014-09-10 21:04 - 2014-09-10 21:22 - 00000000 ____D () C:\ProgramData\SecTaskMan
2014-09-10 21:04 - 2014-09-10 21:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
2014-09-10 21:04 - 2014-09-10 21:04 - 00000000 ____D () C:\Program Files (x86)\Security Task Manager
2014-09-10 21:02 - 2014-09-10 21:02 - 02365840 _____ () C:\Users\User\Downloads\SecurityTaskManager_Setup.exe
2014-09-10 16:55 - 2014-09-10 16:55 - 00003118 _____ () C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2014-09-10 16:55 - 2014-09-10 16:55 - 00003092 _____ () C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2014-09-10 16:55 - 2014-09-10 16:55 - 00003090 _____ () C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2014-09-10 16:55 - 2014-09-10 16:55 - 00003062 _____ () C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2014-09-10 16:55 - 2014-09-10 16:55 - 00003060 _____ () C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2014-09-10 16:55 - 2014-09-10 16:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
2014-09-10 16:55 - 2014-09-10 16:55 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center
2014-09-10 01:23 - 2014-09-10 01:23 - 18183920 _____ ( ) C:\Users\User\Downloads\OneKeyRecovery_131519_Lenovo_NB_x64_Patch_Patch_PRC130402-02.exe
2014-09-09 23:40 - 2014-09-09 23:40 - 00001979 _____ () C:\Users\User\Documents\How to create a bootable Windows 8 recovery tool.txt
2014-09-08 22:41 - 2014-09-08 22:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2014-09-08 22:41 - 2014-09-08 22:41 - 00000000 ____D () C:\Program Files (x86)\Windows Kits
2014-09-08 08:27 - 2014-09-08 22:41 - 00000000 ____D () C:\Users\User\Documents\AvastPEToolkit
2014-09-08 01:02 - 2014-09-08 01:03 - 00000000 ____D () C:\Users\User\Downloads\Memtest86, v. 5.0
2014-09-05 11:23 - 2014-09-05 11:23 - 00000000 ____D () C:\WINDOWS\System32\Tasks\GenericSettingsHandler
2014-08-31 19:12 - 2014-08-31 19:12 - 00000111 _____ () C:\Users\User\Documents\AVAX.txt
2014-08-29 18:14 - 2014-08-29 18:14 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe
2014-08-19 23:11 - 2014-08-20 10:21 - 00027182 _____ () C:\Users\User\Documents\8-19-14 Letter to HOA_With Header_Working Jane.odt
2014-08-19 23:11 - 2014-08-20 10:21 - 00026689 _____ () C:\Users\User\Documents\8-19-14 Letter to HOA_Without Header_Working Jane.odt
2014-08-19 23:07 - 2014-08-19 23:50 - 00026929 _____ () C:\Users\User\Documents\8-19-14 Letter to HOA_With Header.odt
2014-08-19 23:07 - 2014-08-19 23:25 - 00027102 _____ () C:\Users\User\Documents\8-19-14 Letter to HOA_Without Header.odt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-14 05:05 - 2014-09-14 05:04 - 00019443 _____ () C:\Users\User\Downloads\FRST.txt
2014-09-14 05:04 - 2014-09-14 05:03 - 00000000 ____D () C:\FRST
2014-09-14 05:02 - 2014-07-18 11:39 - 00122584 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2014-09-14 05:01 - 2014-09-14 05:01 - 02105856 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe
2014-09-14 05:00 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-09-14 04:12 - 2013-06-11 16:11 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-09-14 02:50 - 2014-09-13 05:48 - 00128448 _____ () C:\WINDOWS\WindowsUpdate.log
2014-09-14 01:46 - 2014-09-13 21:15 - 00006808 _____ () C:\Users\User\Documents\Malware Forum Post.txt
2014-09-13 21:57 - 2014-09-13 21:57 - 00688992 _____ (Swearware) C:\Users\User\Desktop\dds.com
2014-09-13 21:23 - 2013-09-14 00:25 - 00000327 _____ () C:\WINDOWS\Brownie.ini
2014-09-13 21:22 - 2013-08-18 02:11 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-09-13 21:21 - 2014-05-28 05:29 - 00000000 ___RD () C:\Users\User\OneDrive
2014-09-13 21:21 - 2014-05-22 15:10 - 00000508 _____ () C:\WINDOWS\Tasks\Malwarebytes Anti-Exploit.job
2014-09-13 21:16 - 2014-09-13 17:25 - 00004329 _____ () C:\Users\User\Documents\Win32_DownloadAdmin.G.txt
2014-09-13 17:50 - 2014-09-13 17:47 - 00000306 _____ () C:\Users\User\Documents\JS_Trackware.ReadNotify.A.txt
2014-09-13 13:04 - 2014-09-13 13:04 - 00000000 ____D () C:\Users\User\AppData\Roaming\AVAST Software
2014-09-13 13:04 - 2014-09-13 12:55 - 00004182 _____ () C:\WINDOWS\System32\Tasks\avast! Emergency Update
2014-09-13 13:01 - 2013-06-10 13:30 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2110622740-2582871183-1856114374-1002
2014-09-13 12:56 - 2014-09-13 12:56 - 00001953 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-09-13 12:56 - 2014-09-13 12:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-09-13 12:56 - 2014-09-13 12:55 - 00427360 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
2014-09-13 12:55 - 2014-09-13 12:55 - 01041168 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2014-09-13 12:55 - 2014-09-13 12:55 - 00426848 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys.1410638162578
2014-09-13 12:55 - 2014-09-13 12:55 - 00307344 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-09-13 12:55 - 2014-09-13 12:55 - 00224896 _____ () C:\WINDOWS\system32\Drivers\aswVmm.sys
2014-09-13 12:55 - 2014-09-13 12:55 - 00093568 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2014-09-13 12:55 - 2014-09-13 12:55 - 00092008 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2014-09-13 12:55 - 2014-09-13 12:55 - 00079184 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2014-09-13 12:55 - 2014-09-13 12:55 - 00065776 _____ () C:\WINDOWS\system32\Drivers\aswRvrt.sys
2014-09-13 12:55 - 2014-09-13 12:55 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-09-13 12:55 - 2014-09-13 12:55 - 00029208 _____ () C:\WINDOWS\system32\Drivers\aswHwid.sys
2014-09-13 12:54 - 2014-09-13 12:54 - 00000000 ____D () C:\Program Files\AVAST Software
2014-09-13 12:54 - 2013-08-17 18:50 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-09-13 12:39 - 2014-09-13 12:39 - 04862664 _____ (AVAST Software) C:\Users\User\Downloads\avast_free_antivirus_setup_online.exe
2014-09-13 12:39 - 2014-09-13 12:39 - 04862664 _____ (AVAST Software) C:\Users\Public\Desktop\avast_free_antivirus_setup_online.exe
2014-09-13 11:58 - 2013-06-12 09:59 - 00000000 ____D () C:\Users\User\AppData\Roaming\foobar2000
2014-09-13 11:44 - 2014-03-18 03:03 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-09-13 11:40 - 2013-08-22 07:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-09-13 11:23 - 2014-09-13 11:23 - 00653306 _____ () C:\WINDOWS\PFRO.log
2014-09-13 11:12 - 2014-03-27 03:40 - 00000000 ____D () C:\Users\User\Desktop\EB Done
2014-09-13 08:51 - 2014-09-13 08:51 - 00008442 _____ () C:\Users\User\Documents\ESET Online AV Scanner Results.txt
2014-09-13 06:00 - 2014-09-13 06:00 - 02347384 _____ (ESET) C:\Users\User\Downloads\esetsmartinstaller_enu.exe
2014-09-13 05:29 - 2013-12-08 12:34 - 00000000 ____D () C:\Users\User\Documents\Calibre Library
2014-09-13 03:27 - 2013-06-11 14:03 - 00000962 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-09-13 02:55 - 2013-06-11 10:53 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-13 02:54 - 2013-08-22 06:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-09-13 02:31 - 2014-09-13 02:31 - 00053593 _____ () C:\Users\User\Documents\sfcdetails.txt
2014-09-13 02:22 - 2014-09-13 02:19 - 00053593 _____ () C:\WINDOWS\system32\sfcdetails.txt
2014-09-13 02:21 - 2014-09-13 02:21 - 00053593 _____ () C:\WINDOWS\sfcdetails.txt
2014-09-13 02:20 - 2014-09-13 02:20 - 00053593 _____ () C:\sfcdetails.txt
2014-09-13 00:47 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-09-12 14:47 - 2014-09-12 14:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-11 22:43 - 2014-08-02 16:01 - 00000000 ____D () C:\Users\User\Desktop\EB in Progress
2014-09-11 03:11 - 2014-09-11 03:11 - 00053593 _____ () C:\Users\User\Desktop\sfcdetails.txt
2014-09-10 21:55 - 2013-08-22 07:44 - 00360344 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-09-10 21:49 - 2014-09-10 21:49 - 00000000 ____D () C:\WINDOWS\pss
2014-09-10 21:22 - 2014-09-10 21:04 - 00000000 ____D () C:\ProgramData\SecTaskMan
2014-09-10 21:04 - 2014-09-10 21:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
2014-09-10 21:04 - 2014-09-10 21:04 - 00000000 ____D () C:\Program Files (x86)\Security Task Manager
2014-09-10 21:02 - 2014-09-10 21:02 - 02365840 _____ () C:\Users\User\Downloads\SecurityTaskManager_Setup.exe
2014-09-10 19:03 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\Registration
2014-09-10 16:55 - 2014-09-10 16:55 - 00003118 _____ () C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2014-09-10 16:55 - 2014-09-10 16:55 - 00003092 _____ () C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2014-09-10 16:55 - 2014-09-10 16:55 - 00003090 _____ () C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2014-09-10 16:55 - 2014-09-10 16:55 - 00003062 _____ () C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2014-09-10 16:55 - 2014-09-10 16:55 - 00003060 _____ () C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2014-09-10 16:55 - 2014-09-10 16:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
2014-09-10 16:55 - 2014-09-10 16:55 - 00000000 ____D () C:\Program Files\Microsoft Mouse and Keyboard Center
2014-09-10 01:34 - 2013-04-08 10:29 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-09-10 01:32 - 2013-04-08 10:44 - 00000000 ____D () C:\ProgramData\Temp
2014-09-10 01:23 - 2014-09-10 01:23 - 18183920 _____ ( ) C:\Users\User\Downloads\OneKeyRecovery_131519_Lenovo_NB_x64_Patch_Patch_PRC130402-02.exe
2014-09-10 00:54 - 2013-08-16 08:49 - 00000000 ____D () C:\Users\User\AppData\Roaming\QuickScan
2014-09-09 23:40 - 2014-09-09 23:40 - 00001979 _____ () C:\Users\User\Documents\How to create a bootable Windows 8 recovery tool.txt
2014-09-09 11:12 - 2013-06-11 16:11 - 00003718 _____ () C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2014-09-09 01:09 - 2012-07-26 00:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-09-08 22:48 - 2013-06-10 13:23 - 00001133 _____ () C:\Users\User\Desktop\Cyberlink Power2Go.lnk
2014-09-08 22:41 - 2014-09-08 22:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2014-09-08 22:41 - 2014-09-08 22:41 - 00000000 ____D () C:\Program Files (x86)\Windows Kits
2014-09-08 22:41 - 2014-09-08 08:27 - 00000000 ____D () C:\Users\User\Documents\AvastPEToolkit
2014-09-08 01:03 - 2014-09-08 01:02 - 00000000 ____D () C:\Users\User\Downloads\Memtest86, v. 5.0
2014-09-07 21:50 - 2013-06-12 12:06 - 00000000 ____D () C:\Users\User\Documents\My eBooks
2014-09-05 11:23 - 2014-09-05 11:23 - 00000000 ____D () C:\WINDOWS\System32\Tasks\GenericSettingsHandler
2014-09-01 12:32 - 2014-07-30 00:50 - 00065536 ___SH () C:\Users\User\Desktop\Thumbs.db
2014-08-31 19:12 - 2014-08-31 19:12 - 00000111 _____ () C:\Users\User\Documents\AVAX.txt
2014-08-29 18:14 - 2014-08-29 18:14 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe
2014-08-20 10:21 - 2014-08-19 23:11 - 00027182 _____ () C:\Users\User\Documents\8-19-14 Letter to HOA_With Header_Working Jane.odt
2014-08-20 10:21 - 2014-08-19 23:11 - 00026689 _____ () C:\Users\User\Documents\8-19-14 Letter to HOA_Without Header_Working Jane.odt
2014-08-19 23:50 - 2014-08-19 23:07 - 00026929 _____ () C:\Users\User\Documents\8-19-14 Letter to HOA_With Header.odt
2014-08-19 23:25 - 2014-08-19 23:07 - 00027102 _____ () C:\Users\User\Documents\8-19-14 Letter to HOA_Without Header.odt

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-13 13:02

==================== End Of Log ============================

 

 

 

     

Attached Files



BC AdBot (Login to Remove)

 


#2 Tom1324

Tom1324
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 14 September 2014 - 09:02 PM

I should add that while running an Avast AV scan in the background yesterday, the computer nearly locked up entirely (which would have forced yet another hard reboot).  After waiting about 20-30 minutes for the system to respond, I was eventualy able to shut down all open programs and screens.  When I got to the Task Manager, it showed normal usage of system CPU and Memory, but 99-100% for Hard Drive usage.  I don't know if that was causing the extreme system slowdown, and whether that was caused by Avast running or for some other reason.



#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,698 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:28 AM

Posted 19 September 2014 - 08:50 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/548343 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 Tom1324

Tom1324
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 24 September 2014 - 01:01 AM

2.1.  Problems are described in my original post.

 

2.2.  DDS utility does not run on my computer (compatibility mode problem).  I posted a log of the Farbar Reccovery Scan Tool instead, per the suggestion of Gringo in another topic.

 

2.3.  I have a backup of my Windows system files, and a backup image of the entire C: partition.  I do not have an original Windows CD/DVD available, since it did not come with one nor a utility to create one, only a 16GB min. flash Recovery Drive.



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,014 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:28 AM

Posted 29 September 2014 - 07:56 PM

Greetings Tom1324 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. I would like to tell you from the start you need to be far more succinct and to the point in your posts. Basically what I want to do is start from the beginning by having you run a fresh Farbar Recovery Scan Tool and then in a very brief way describe your issues as of today.

While I review our situation please run the below for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Tom1324

Tom1324
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 30 September 2014 - 03:18 PM

Hello Gary, this is Tom.

 

I wish to ensure my system is malware-free.  Including my backup location (external USB drive), so that my computer is not re-infected.

 

My computer (Lenovo laptop) was infected with Win32/DownloadAdmin.G (Trojan virus) approximately a month ago.  Main symptom was sytem running extremely slowly, or freezing entirely.

 

A secondary problem was potential failure of the internal hard drive. Checkdisk would not run, or reported damaged files that could not be repaired.  HD Tune Pro reported damaged blocks, and SMART scan showed pending sectors (unrepaired).

 

Since my original post to this forum (2 1/2 weeks ago) ago, I have:

 

1. Replaced the laptop hard drive.

 

2. Reinstalled Windows 8, from the Lenovo recovery backup.

 

3. Run Windows Update to install all of the 106 important updates that were available.  I have not upgraded from Windows 8 to 8.1, however.

 

This computer is used on a daily basis, for both work and personal tasks.  So I did not have the luxury of waiting indefinitely, to fix the malware problem.  It was a question of replacing the laptop entirely, or replacing the hard drive and rebuilding the system.  I chose the latter.

 

********************************************************************************************************

 

Results of Farbar Recovery Scan:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-09-2014
Ran by User (administrator) on LENOVO on 30-09-2014 11:07:19
Running from C:\Users\User\Desktop
Loaded Profile: User (Available profiles: User)
Platform: Windows 8 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\LiveComm.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Synaptics) C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe
(Lenovo) C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(ACD Systems) C:\Program Files\ACD Systems\ACDSee Pro\6.0\ACDSeePro6InTouch2.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Logitech Inc.) C:\Program Files (x86)\Squeezebox\SqueezeTray.exe
(Vimicro) C:\Program Files (x86)\USB Camera2\VM332STI.EXE
(Dolby Laboratories Inc.) C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe
(Logitech Inc.) C:\Program Files (x86)\Squeezebox\server\SqueezeSvr.exe
(CyberLink) C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Lenovo) C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
(Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Macrovision Corporation) C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [BtPreLoad] => C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe [64640 2012-10-31] ()
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12937872 2012-07-27] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1214608 2012-07-10] (Realtek Semiconductor)
HKLM\...\Run: [SynLenovoGestureMgr] => C:\Program Files\Synaptics\SynTP\SynLenovoGestureMgr.exe [665400 2012-11-30] (Synaptics)
HKLM\...\Run: [OnekeyStudio] => C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-14] (Lenovo)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17080376 2013-04-08] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [191544 2013-04-08] (Lenovo(beijing) Limited)
HKLM\...\Run: [ACPW06EN] => C:\Program Files\ACD Systems\ACDSee Pro\6.0\ACDSeePro6InTouch2.exe [1234120 2012-12-17] (ACD Systems)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-10-29] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [332BigDog] => C:\Program Files (x86)\USB Camera2\VM332STI.EXE [548864 2012-03-20] (Vimicro)
HKLM-x32\...\Run: [Dolby Home Theater v4] => C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe [508656 2012-07-25] (Dolby Laboratories Inc.)
HKLM-x32\...\Run: [YouCam Mirage] => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [136488 2012-07-27] (CyberLink)
HKLM-x32\...\Run: [YouCam Tray] => C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [167024 2012-07-27] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] => C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] => C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [MuteSync] => C:\Program Files (x86)\Lenovo\Lenovo MuteSync\MuteSync.exe [343040 2012-02-03] (Lenovo)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-09-19] (AVAST Software)
HKLM-x32\...\Run: [QuickFinder Scheduler] => C:\Program Files (x86)\WordPerfect Office X3\Programs\QFSCHD130.EXE [77892 2005-12-01] (Corel Corporation)
HKLM-x32\...\Run: [ISUSScheduler] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-08-11] (Macrovision Corporation)
HKU\S-1-5-21-2110622740-2582871183-1856114374-1002\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7763736 2014-09-09] (SUPERAntiSpyware)
HKU\S-1-5-21-2110622740-2582871183-1856114374-1002\...\Run: [ISUSPM Startup] => C:\Program Files (x86)\Common Files\InstallShield\UpdateService\ISUSPM.exe [249856 2005-08-11] (Macrovision Corporation)
HKU\S-1-5-21-2110622740-2582871183-1856114374-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-2110622740-2582871183-1856114374-1002\...\Policies\Explorer: [NoDriveTypeAutoRun] 0x00000000
HKU\S-1-5-21-2110622740-2582871183-1856114374-1002\...\MountPoints2: {a0f5cd4e-3fb8-11e4-be71-2cd05ac82ff7} - "F:\WD SmartWare.exe" autoplay=true
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Media Server Tray Tool.lnk
ShortcutTarget: Logitech Media Server Tray Tool.lnk -> C:\Program Files (x86)\Squeezebox\SqueezeTray.exe (Logitech Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
ShortcutTarget: Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Symantec Fax Starter Edition Port.lnk
ShortcutTarget: Symantec Fax Starter Edition Port.lnk -> C:\Program Files (x86)\Microsoft Office\Office\1033\OLFSNT40.EXE (Microsoft Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: SugarSyncBackedUp -> {0C4A258A-3F3B-4FFF-80A7-9B3BEC139472} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncPending -> {62CCD8E3-9C21-41E1-B55E-1E26DFC68511} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncRoot -> {A759AFF6-5851-457D-A540-F4ECED148351} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)
ShellIconOverlayIdentifiers: SugarSyncShared -> {1574C9EF-7D58-488F-B358-8B78C1538F51} => C:\Program Files (x86)\SugarSync\SugarSyncShellExt_x64.dll (SugarSync, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.lenovo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.lenovo.com
SearchScopes: HKLM - DefaultScope {C129A909-F275-4E0B-8626-7D9958CBCB89} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM - {C129A909-F275-4E0B-8626-7D9958CBCB89} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM-x32 - DefaultScope {C129A909-F275-4E0B-8626-7D9958CBCB89} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKLM-x32 - {C129A909-F275-4E0B-8626-7D9958CBCB89} URL = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MALNJS
SearchScopes: HKCU - DefaultScope {C129A909-F275-4E0B-8626-7D9958CBCB89} URL =
SearchScopes: HKCU - {C129A909-F275-4E0B-8626-7D9958CBCB89} URL =
BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Qualcomm Atheros Commnucations)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095}
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jid69q6o.default
FF Plugin: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: @exent.com/npExentControl,version=7.1.0.1 -> C:\Program Files (x86)\FreeRide Games\npExentControl.dll (Exent Technologies Ltd.)
FF Plugin-x32: @tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin-x32: PDF Architect 2 -> C:\Program Files (x86)\PDF Architect 2\np-previewer.dll (pdfforge GmbH)
FF Plugin HKCU: @docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf -> C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF Extension: Adblock Plus Pop-up Addon - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jid69q6o.default\Extensions\adblockpopups@jessehakanen.net.xpi [2014-09-20]
FF Extension: URL Fixer - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jid69q6o.default\Extensions\{0fa2149e-bb2c-4ac2-a8d3-479599819475}.xpi [2014-09-20]
FF Extension: NoScript - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jid69q6o.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2014-09-20]
FF Extension: YouTube High Definition - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jid69q6o.default\Extensions\{7b1bf0b6-a1b9-42b0-b75d-252036438bdc}.xpi [2014-09-20]
FF Extension: Yahoo Mail Hide Ad Panel - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jid69q6o.default\Extensions\{c37bac34-849a-4d28-be41-549b2c76c64e}.xpi [2014-09-20]
FF Extension: Adblock Plus - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jid69q6o.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-09-20]
FF Extension: BetterPrivacy - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\jid69q6o.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2014-09-20]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-09-19]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-09-19]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-10-29] (Advanced Micro Devices, Inc.) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [231040 2012-10-31] (Qualcomm Atheros Commnucations)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-09-19] (AVAST Software)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [43520 2012-07-25] (Microsoft Corporation)
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [634368 2012-07-25] (Microsoft Corporation)
S3 PDF Architect 2; C:\Program Files (x86)\PDF Architect 2\ws.exe [1771560 2014-06-26] (pdfforge GmbH)
S3 pdfforge CrashHandler; C:\Program Files (x86)\PDF Architect 2\crash-handler-ws.exe [861736 2014-06-26] (pdfforge GmbH)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18432 2012-07-25] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16056 2014-03-29] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2012-10-31] (Atheros) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-23] (AppEx Networks Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-09-19] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-09-19] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-09-19] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-09-19] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-09-19] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-09-19] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-09-19] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-09-19] ()
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [98472 2012-07-17] (Advanced Micro Devices)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-10-31] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
R2 X5XSEx_Pr148; C:\Program Files (x86)\FreeRide Games\X5XSEx_Pr148.Sys [56136 2012-08-02] (Exent Technologies Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-30 11:07 - 2014-09-30 11:07 - 00018552 _____ () C:\Users\User\Desktop\FRST.txt
2014-09-30 11:06 - 2014-09-30 11:07 - 00000000 ____D () C:\FRST
2014-09-30 10:55 - 2014-09-30 10:55 - 02108928 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2014-09-30 02:56 - 2014-09-30 03:20 - 00000000 ____D () C:\Users\User\AppData\Roaming\AccurateRip
2014-09-30 02:56 - 2014-09-30 02:56 - 00001085 _____ () C:\Users\Public\Desktop\Exact Audio Copy.lnk
2014-09-30 02:56 - 2014-09-30 02:56 - 00000000 ____D () C:\Users\User\AppData\Roaming\EAC
2014-09-30 02:56 - 2014-09-30 02:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Exact Audio Copy
2014-09-30 02:56 - 2014-09-30 02:56 - 00000000 ____D () C:\Program Files (x86)\Exact Audio Copy
2014-09-30 02:54 - 2014-09-30 02:54 - 04422611 _____ () C:\Users\User\Downloads\eac-1.0beta3.exe
2014-09-30 00:45 - 2014-09-30 00:30 - 00002487 _____ () C:\Users\User\Desktop\Microsoft PowerPoint.lnk
2014-09-30 00:44 - 2014-09-30 00:30 - 00002483 _____ () C:\Users\User\Desktop\Microsoft Excel.lnk
2014-09-30 00:43 - 2014-09-30 00:30 - 00002489 _____ () C:\Users\User\Desktop\Microsoft Word.lnk
2014-09-30 00:31 - 2014-09-30 00:31 - 00000376 _____ () C:\windows\ODBC.INI
2014-09-30 00:31 - 2014-09-30 00:31 - 00000063 _____ () C:\windows\mdm.ini
2014-09-30 00:31 - 2014-09-30 00:31 - 00000035 _____ () C:\windows\vbaddin.ini
2014-09-30 00:31 - 2014-09-30 00:31 - 00000000 _____ () C:\windows\NSREX.INI
2014-09-30 00:30 - 2014-09-30 00:30 - 00002673 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Outlook.lnk
2014-09-30 00:30 - 2014-09-30 00:30 - 00002657 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Excel.lnk
2014-09-30 00:30 - 2014-09-30 00:30 - 00002655 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Word.lnk
2014-09-30 00:30 - 2014-09-30 00:30 - 00002625 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft PowerPoint.lnk
2014-09-30 00:30 - 2014-09-30 00:30 - 00002623 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Access.lnk
2014-09-30 00:30 - 2014-09-30 00:30 - 00002611 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft FrontPage.lnk
2014-09-30 00:30 - 2014-09-30 00:30 - 00002609 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Open Office Document.lnk
2014-09-30 00:30 - 2014-09-30 00:30 - 00002599 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\New Office Document.lnk
2014-09-30 00:30 - 2014-09-30 00:30 - 00000000 ____D () C:\windows\SysWOW64\Viewers
2014-09-30 00:30 - 2014-09-30 00:30 - 00000000 ____D () C:\windows\SysWOW64\spool
2014-09-30 00:30 - 2014-09-30 00:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Tools
2014-09-30 00:30 - 2014-09-30 00:30 - 00000000 ____D () C:\Program Files (x86)\Microsoft Visual Studio
2014-09-30 00:29 - 2014-09-30 01:13 - 00000000 ____D () C:\Program Files (x86)\Microsoft FrontPage
2014-09-30 00:28 - 2014-09-30 00:28 - 00000000 ____D () C:\windows\Msagent
2014-09-30 00:28 - 2014-09-30 00:28 - 00000000 ____D () C:\Program Files (x86)\Snapshot Viewer
2014-09-30 00:27 - 2014-09-30 00:30 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-09-30 00:27 - 2014-09-30 00:27 - 00000000 ____D () C:\windows\Twain32
2014-09-30 00:27 - 2014-09-30 00:27 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft Web Folders
2014-09-29 02:02 - 2014-09-30 02:12 - 00135127 _____ () C:\windows\WindowsUpdate.log
2014-09-29 01:39 - 2014-09-29 01:39 - 00000000 ____D () C:\Users\User\Documents\QPPriv
2014-09-29 01:39 - 2014-09-29 01:39 - 00000000 ____D () C:\Users\User\Documents\HTML
2014-09-29 01:38 - 2014-09-29 01:39 - 00000000 ____D () C:\Users\User\Documents\Corel User Files
2014-09-29 01:38 - 2014-09-29 01:39 - 00000000 ____D () C:\Users\User\AppData\Roaming\Corel
2014-09-29 01:24 - 2014-09-29 01:24 - 00003339 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Program Updates.lnk
2014-09-29 01:24 - 2014-09-29 01:24 - 00002613 _____ () C:\Users\Public\Desktop\Quattro Pro X3.lnk
2014-09-29 01:24 - 2014-09-29 01:24 - 00002607 _____ () C:\Users\Public\Desktop\WordPerfect X3.lnk
2014-09-29 01:24 - 2014-09-29 01:24 - 00001229 _____ () C:\Users\Public\Desktop\Presentations X3.lnk
2014-09-29 01:24 - 2014-09-29 01:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WordPerfect Office X3
2014-09-29 01:24 - 2014-09-29 01:24 - 00000000 ____D () C:\ProgramData\InstallShield
2014-09-29 01:23 - 2014-09-29 01:24 - 00000000 ____D () C:\ProgramData\Borland
2014-09-29 01:23 - 2014-09-29 01:24 - 00000000 ____D () C:\Program Files (x86)\WordPerfect Office X3
2014-09-29 01:23 - 2014-09-29 01:23 - 00000000 ____D () C:\ProgramData\Corel
2014-09-29 00:05 - 2014-09-29 00:05 - 00002835 _____ () C:\Users\Public\Desktop\ACDSee Pro 6 (64-bit).lnk
2014-09-29 00:05 - 2014-09-29 00:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ACD Systems
2014-09-29 00:05 - 2014-09-29 00:05 - 00000000 ____D () C:\ProgramData\ACD Systems
2014-09-29 00:05 - 2014-09-29 00:05 - 00000000 ____D () C:\Program Files\Common Files\ACD Systems
2014-09-29 00:05 - 2014-09-29 00:05 - 00000000 ____D () C:\Program Files\ACD Systems
2014-09-28 23:24 - 2014-09-28 23:24 - 00000000 ____D () C:\Users\User\AppData\Roaming\WebApp
2014-09-28 23:24 - 2014-09-28 23:24 - 00000000 ____D () C:\Users\User\AppData\Local\Cyberlink
2014-09-28 23:24 - 2014-09-28 23:24 - 00000000 ____D () C:\Users\Public\CyberLink
2014-09-28 23:23 - 2014-09-28 23:24 - 00000000 ____D () C:\Users\User\AppData\Roaming\CyberLink
2014-09-28 23:23 - 2014-09-28 23:23 - 00000000 ____D () C:\Users\User\Documents\Lenovo
2014-09-28 23:23 - 2014-09-28 23:23 - 00000000 ____D () C:\Users\User\Documents\CyberLink
2014-09-28 23:23 - 2014-09-28 23:23 - 00000000 ____D () C:\Users\User\AppData\Roaming\Lenovo
2014-09-28 23:23 - 2014-09-28 23:23 - 00000000 ____D () C:\ProgramData\Lenovo
2014-09-28 22:59 - 2014-09-28 23:33 - 00000000 ____D () C:\Users\User\AppData\Roaming\ImgBurn
2014-09-28 18:56 - 2014-09-28 18:56 - 00001892 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
2014-09-28 18:56 - 2014-09-28 18:56 - 00001880 _____ () C:\Users\Public\Desktop\ImgBurn.lnk
2014-09-28 18:56 - 2014-09-28 18:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
2014-09-28 18:56 - 2014-09-28 18:56 - 00000000 ____D () C:\Program Files (x86)\ImgBurn
2014-09-24 16:31 - 2014-09-24 16:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-09-23 16:43 - 2014-09-23 16:46 - 00000000 ____D () C:\Users\User\Desktop\Desktop Colors
2014-09-23 10:25 - 2014-09-29 00:32 - 00000000 ____D () C:\Users\User\AppData\Local\ACD Systems
2014-09-23 10:25 - 2014-09-23 10:25 - 00000000 ____D () C:\Users\User\AppData\Roaming\ACD Systems
2014-09-23 10:18 - 2014-09-29 00:00 - 00000000 ____D () C:\Users\User\AppData\Local\Downloaded Installations
2014-09-22 09:38 - 2014-09-22 09:39 - 00019211 _____ () C:\Users\User\Documents\GC_2010 Roofing Permit.odt
2014-09-22 00:58 - 2014-09-22 01:16 - 00000000 ____D () C:\Users\User\Desktop\Boston Photos
2014-09-22 00:30 - 2014-09-29 23:32 - 00000000 ____D () C:\Users\User\AppData\Roaming\foobar2000
2014-09-22 00:30 - 2014-09-22 00:30 - 00001128 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\foobar2000.lnk
2014-09-22 00:30 - 2014-09-22 00:30 - 00001046 _____ () C:\Users\Public\Desktop\foobar2000.lnk
2014-09-22 00:30 - 2014-09-22 00:30 - 00000000 ____D () C:\Program Files (x86)\foobar2000
2014-09-21 22:29 - 2014-09-21 22:29 - 00001058 _____ () C:\Users\User\Desktop\DiskCheckup.lnk
2014-09-21 22:29 - 2014-09-21 22:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DiskCheckup
2014-09-21 22:29 - 2014-09-21 22:29 - 00000000 ____D () C:\Program Files (x86)\DiskCheckup
2014-09-21 18:09 - 2014-09-21 18:09 - 00000000 ____D () C:\Users\User\AppData\Local\calibre-cache
2014-09-21 18:04 - 2014-09-21 18:14 - 00000000 ____D () C:\Users\User\Documents\Calibre Library
2014-09-21 18:04 - 2014-09-21 18:09 - 00000000 ____D () C:\Users\User\AppData\Roaming\calibre
2014-09-21 18:04 - 2014-09-21 18:04 - 00000941 _____ () C:\Users\Public\Desktop\calibre 64bit - E-book management.lnk
2014-09-21 18:04 - 2014-09-21 18:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre 64bit - E-book Management
2014-09-21 18:04 - 2014-09-21 18:04 - 00000000 ____D () C:\Program Files\Calibre2
2014-09-21 17:47 - 2014-09-21 17:47 - 00036536 _____ () C:\Users\User\Documents\cc_20140921_174657.reg
2014-09-21 16:27 - 2014-09-21 16:28 - 00307720 _____ () C:\windows\system32\FNTCACHE.DAT
2014-09-21 16:00 - 2014-09-21 16:00 - 00000871 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraDefrag.lnk
2014-09-21 16:00 - 2014-09-21 16:00 - 00000859 _____ () C:\Users\Public\Desktop\UltraDefrag.lnk
2014-09-21 16:00 - 2014-09-21 16:00 - 00000000 ____D () C:\Program Files\UltraDefrag
2014-09-21 12:43 - 2014-09-21 12:43 - 00704528 _____ () C:\Users\User\Documents\AutoRunsData.ard
2014-09-21 03:32 - 2014-09-21 03:32 - 00002189 _____ () C:\Users\User\Documents\Auto System Restore points not created.txt
2014-09-21 03:26 - 2014-09-21 03:26 - 00006715 _____ () C:\Users\User\Documents\Kindle eBook Malware.txt
2014-09-21 02:45 - 2014-09-21 02:45 - 00000000 ____D () C:\Users\User\AppData\Roaming\OpenOffice
2014-09-21 02:44 - 2014-09-21 02:44 - 00001112 _____ () C:\Users\Public\Desktop\OpenOffice 4.1.1.lnk
2014-09-21 02:44 - 2014-09-21 02:44 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1
2014-09-21 02:44 - 2014-09-21 02:44 - 00000000 ____D () C:\Program Files (x86)\OpenOffice 4
2014-09-21 02:38 - 2014-09-21 02:38 - 00000000 ____D () C:\Users\User\Desktop\OpenOffice 4.1.1 (en-US) Installation Files
2014-09-21 02:01 - 2014-09-21 02:01 - 00001028 _____ () C:\Users\Public\Desktop\PDF Architect 2.lnk
2014-09-21 02:01 - 2014-09-21 02:01 - 00000000 ____D () C:\Users\User\Documents\PDF Architect 2
2014-09-21 02:01 - 2014-09-21 02:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect 2
2014-09-21 02:01 - 2014-09-21 02:01 - 00000000 ____D () C:\Program Files (x86)\PDF Architect 2
2014-09-21 02:00 - 2014-09-21 17:45 - 00000000 ____D () C:\Program Files (x86)\PDFCreator
2014-09-21 02:00 - 2014-09-21 02:00 - 00001046 _____ () C:\Users\Public\Desktop\PDFCreator.lnk
2014-09-21 02:00 - 2014-09-21 02:00 - 00000000 ____D () C:\Users\User\AppData\Roaming\pdfforge
2014-09-21 02:00 - 2014-09-21 02:00 - 00000000 ____D () C:\ProgramData\PDF Architect 2
2014-09-21 02:00 - 2014-09-21 02:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator
2014-09-21 02:00 - 2014-04-25 17:44 - 01070152 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSCOMCTL.OCX
2014-09-21 02:00 - 2014-04-25 17:44 - 00662288 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSCOMCT2.OCX
2014-09-21 02:00 - 2014-04-25 17:44 - 00137000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSMAPI32.OCX
2014-09-21 02:00 - 2014-04-25 17:44 - 00110264 _____ (pdfforge GmbH) C:\windows\system32\pdfcmon.dll
2014-09-21 02:00 - 2014-04-25 17:44 - 00023552 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSMPIDE.DLL
2014-09-21 00:58 - 2014-09-21 00:58 - 00001029 _____ () C:\Users\Public\Desktop\PDF-Viewer.lnk
2014-09-21 00:58 - 2014-09-21 00:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF-XChange PDF Viewer
2014-09-21 00:57 - 2014-09-21 00:58 - 00000000 ____D () C:\Program Files\Tracker Software
2014-09-20 19:49 - 2014-09-20 19:49 - 00000000 ____D () C:\EEK
2014-09-20 18:47 - 2014-09-20 18:48 - 00000000 ____D () C:\Users\User\AppData\Roaming\Mobipocket
2014-09-20 18:47 - 2014-09-20 18:47 - 00000000 ____D () C:\Users\User\Documents\My eBooks
2014-09-20 18:46 - 2014-09-20 18:46 - 00002627 _____ () C:\Users\Public\Desktop\Mobipocket Reader.lnk
2014-09-20 18:46 - 2014-09-20 18:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobipocket.com
2014-09-20 18:46 - 2014-09-20 18:46 - 00000000 ____D () C:\Program Files (x86)\Mobipocket.com
2014-09-20 18:25 - 2014-09-30 02:56 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps
2014-09-20 16:35 - 2014-09-20 16:35 - 00001067 _____ () C:\Users\User\Desktop\Logitech Media Server.lnk
2014-09-20 16:35 - 2014-09-20 16:35 - 00000000 ____D () C:\updates
2014-09-20 16:35 - 2014-09-20 16:35 - 00000000 ____D () C:\ProgramData\Squeezebox
2014-09-20 16:35 - 2014-09-20 16:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech Media Server
2014-09-20 16:35 - 2014-09-20 16:35 - 00000000 ____D () C:\Program Files (x86)\Squeezebox
2014-09-20 15:44 - 2014-09-20 16:13 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-20 14:58 - 2014-09-20 14:58 - 00001070 _____ () C:\Users\Public\Desktop\FileASSASSIN.lnk
2014-09-20 14:58 - 2014-09-20 14:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FileASSASSIN
2014-09-20 14:58 - 2014-09-20 14:58 - 00000000 ____D () C:\Program Files (x86)\FileASSASSIN
2014-09-20 14:52 - 2014-09-22 17:40 - 00000000 ____D () C:\Users\User\AppData\Roaming\vlc
2014-09-20 14:51 - 2014-09-20 14:51 - 00000882 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-09-20 14:51 - 2014-09-20 14:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2014-09-20 14:51 - 2014-09-20 14:51 - 00000000 ____D () C:\Program Files\VideoLAN
2014-09-20 14:39 - 2014-09-30 10:00 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-09-20 14:39 - 2014-09-20 14:39 - 00000000 ____D () C:\Users\User\AppData\Roaming\SUPERAntiSpyware.com
2014-09-20 14:39 - 2014-09-20 14:39 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-09-20 14:39 - 2014-09-20 14:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2014-09-20 14:10 - 2014-09-20 14:10 - 00000000 ____D () C:\CCE_Quarantine
2014-09-20 11:57 - 2014-09-20 11:57 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-09-20 11:57 - 2014-09-20 11:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-09-20 11:55 - 2014-09-20 11:55 - 00000000 ____D () C:\Program Files\WinRAR
2014-09-20 09:38 - 2014-09-20 09:38 - 00000807 _____ () C:\Users\Public\Desktop\Speccy.lnk
2014-09-20 09:38 - 2014-09-20 09:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2014-09-20 09:38 - 2014-09-20 09:38 - 00000000 ____D () C:\Program Files\Speccy
2014-09-20 09:33 - 2014-09-20 09:33 - 00001669 _____ () C:\Users\Public\Desktop\Recuva.lnk
2014-09-20 09:33 - 2014-09-20 09:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
2014-09-20 09:33 - 2014-09-20 09:33 - 00000000 ____D () C:\Program Files\Recuva
2014-09-20 09:26 - 2014-09-20 09:26 - 00001735 _____ () C:\Users\Public\Desktop\Defraggler.lnk
2014-09-20 09:26 - 2014-09-20 09:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
2014-09-20 09:26 - 2014-09-20 09:26 - 00000000 ____D () C:\Program Files\Defraggler
2014-09-20 02:15 - 2014-09-29 01:56 - 00000833 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-09-20 02:15 - 2014-09-29 01:56 - 00000000 ____D () C:\Program Files\CCleaner
2014-09-20 02:15 - 2014-09-20 02:15 - 00002770 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC
2014-09-20 02:15 - 2014-09-20 02:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2014-09-19 18:29 - 2014-07-11 17:02 - 00478352 _____ () C:\windows\SysWOW64\locale.nls
2014-09-19 18:29 - 2014-07-11 17:00 - 00478352 _____ () C:\windows\system32\locale.nls
2014-09-19 18:29 - 2014-07-08 15:32 - 01539584 _____ (Microsoft Corporation) C:\windows\system32\storagewmi.dll
2014-09-19 18:29 - 2014-07-08 15:30 - 01220608 _____ (Microsoft Corporation) C:\windows\SysWOW64\storagewmi.dll
2014-09-19 18:29 - 2014-07-02 18:59 - 01824784 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2014-09-19 18:29 - 2014-07-02 17:30 - 01408952 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2014-09-19 18:29 - 2014-06-28 00:01 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmapi.dll
2014-09-19 18:29 - 2014-06-25 00:07 - 01023488 _____ (Microsoft Corporation) C:\windows\system32\localspl.dll
2014-09-19 18:29 - 2014-06-17 16:27 - 02032640 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2014-09-19 18:29 - 2014-06-17 16:23 - 02238464 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-09-19 18:29 - 2014-06-11 07:47 - 02842112 _____ (Microsoft Corporation) C:\windows\system32\WMVDECOD.DLL
2014-09-19 18:29 - 2014-06-10 21:40 - 02620928 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMVDECOD.DLL
2014-09-19 18:29 - 2014-06-10 15:44 - 01403896 _____ (Microsoft Corporation) C:\windows\system32\winload.efi
2014-09-19 18:29 - 2014-05-29 16:31 - 00323072 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-09-19 18:29 - 2014-05-29 16:03 - 00419328 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-09-19 18:29 - 2014-02-04 03:57 - 01271664 _____ (Microsoft Corporation) C:\windows\system32\winload.exe
2014-09-19 18:28 - 2014-08-29 22:48 - 10115072 _____ (Microsoft Corporation) C:\windows\system32\twinui.dll
2014-09-19 18:28 - 2014-08-29 22:47 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-09-19 18:28 - 2014-08-29 22:46 - 02306560 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2014-09-19 18:28 - 2014-08-29 21:05 - 08858112 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinui.dll
2014-09-19 18:28 - 2014-08-29 21:04 - 02416128 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-09-19 18:28 - 2014-08-29 21:03 - 02037760 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2014-09-19 18:28 - 2014-08-01 15:08 - 00388729 _____ () C:\windows\system32\ApnDatabase.xml
2014-09-19 18:28 - 2014-07-24 06:50 - 00447296 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBHUB3.SYS
2014-09-19 18:28 - 2014-07-16 16:28 - 00027648 _____ (Microsoft Corporation) C:\windows\SysWOW64\sscore.dll
2014-09-19 18:28 - 2014-07-16 15:59 - 00305664 _____ (Microsoft Corporation) C:\windows\system32\srvsvc.dll
2014-09-19 18:28 - 2014-07-16 15:59 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\sscore.dll
2014-09-19 18:28 - 2014-07-11 23:45 - 01549824 _____ (Microsoft Corporation) C:\windows\system32\msdtctm.dll
2014-09-19 18:28 - 2014-07-11 21:41 - 00008704 _____ (Microsoft Corporation) C:\windows\system32\KBDRUM.DLL
2014-09-19 18:28 - 2014-07-11 21:41 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDYAK.DLL
2014-09-19 18:28 - 2014-07-11 21:41 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDTAT.DLL
2014-09-19 18:28 - 2014-07-11 21:41 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDRU1.DLL
2014-09-19 18:28 - 2014-07-11 21:41 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\KBDRU.DLL
2014-09-19 18:28 - 2014-07-11 21:41 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\KBDBASH.DLL
2014-09-19 18:28 - 2014-07-11 21:36 - 00674304 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srv2.sys
2014-09-19 18:28 - 2014-07-11 21:36 - 00211456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2014-09-19 18:28 - 2014-07-11 21:34 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2014-09-19 18:28 - 2014-07-11 21:34 - 00250368 _____ (Microsoft Corporation) C:\windows\system32\Drivers\srvnet.sys
2014-09-19 18:28 - 2014-07-11 21:16 - 00008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRUM.DLL
2014-09-19 18:28 - 2014-07-11 21:16 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDYAK.DLL
2014-09-19 18:28 - 2014-07-11 21:16 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDTAT.DLL
2014-09-19 18:28 - 2014-07-11 21:16 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU1.DLL
2014-09-19 18:28 - 2014-07-11 21:16 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU.DLL
2014-09-19 18:28 - 2014-07-11 21:15 - 00006144 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDBASH.DLL
2014-09-19 18:28 - 2014-07-08 15:33 - 00181248 _____ (Microsoft Corp.) C:\windows\system32\Defrag.exe
2014-09-19 18:28 - 2014-07-08 15:32 - 00340480 _____ (Microsoft Corporation) C:\windows\system32\defragsvc.dll
2014-09-19 18:28 - 2014-07-06 22:52 - 00263680 _____ (Microsoft Corporation) C:\windows\system32\wcmsvc.dll
2014-09-19 18:28 - 2014-07-06 22:52 - 00074752 _____ (Microsoft Corporation) C:\windows\system32\wcmcsp.dll
2014-09-19 18:28 - 2014-07-04 03:52 - 00328000 _____ (Microsoft Corporation) C:\windows\system32\Drivers\volsnap.sys
2014-09-19 18:28 - 2014-06-27 23:57 - 01341952 _____ (Microsoft Corporation) C:\windows\system32\user32.dll
2014-09-19 18:28 - 2014-06-27 23:57 - 00209920 _____ (Microsoft Corporation) C:\windows\system32\profsvc.dll
2014-09-19 18:28 - 2014-06-27 23:56 - 00117248 _____ (Microsoft Corporation) C:\windows\system32\dwmapi.dll
2014-09-19 18:28 - 2014-06-27 19:23 - 01126400 _____ (Microsoft Corporation) C:\windows\SysWOW64\user32.dll
2014-09-19 18:28 - 2014-06-25 00:09 - 00733184 _____ (Microsoft Corporation) C:\windows\system32\win32spl.dll
2014-09-19 18:28 - 2014-06-12 16:34 - 00754176 _____ (Microsoft Corporation) C:\windows\SysWOW64\actxprxy.dll
2014-09-19 18:28 - 2014-06-12 16:29 - 02146304 _____ (Microsoft Corporation) C:\windows\system32\actxprxy.dll
2014-09-19 18:19 - 2014-07-15 15:51 - 00071168 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hdaudbus.sys
2014-09-19 18:18 - 2014-03-24 16:42 - 00305152 _____ (Microsoft Corporation) C:\windows\SysWOW64\wusa.exe
2014-09-19 18:18 - 2014-03-24 15:56 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\wusa.exe
2014-09-19 18:18 - 2014-02-03 16:56 - 00332632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storport.sys
2014-09-19 18:18 - 2014-02-03 16:56 - 00278872 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msiscsi.sys
2014-09-19 18:18 - 2014-01-30 17:48 - 00485888 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSDApi.dll
2014-09-19 18:18 - 2014-01-30 17:06 - 00599040 _____ (Microsoft Corporation) C:\windows\system32\WSDApi.dll
2014-09-19 18:18 - 2014-01-26 20:39 - 01939288 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ntfs.sys
2014-09-19 18:18 - 2014-01-15 16:42 - 00118784 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dfsc.sys
2014-09-19 18:18 - 2014-01-10 23:48 - 05979648 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-09-19 18:18 - 2014-01-10 22:06 - 05092352 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-09-19 18:18 - 2014-01-02 16:35 - 00365568 _____ (Microsoft Corporation) C:\windows\SysWOW64\XpsGdiConverter.dll
2014-09-19 18:18 - 2014-01-02 16:32 - 00523264 _____ (Microsoft Corporation) C:\windows\system32\XpsGdiConverter.dll
2014-09-19 18:17 - 2014-08-20 16:40 - 00732880 _____ (Microsoft Corporation) C:\windows\system32\NotificationUI.exe
2014-09-19 18:17 - 2014-08-20 10:05 - 00694784 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll
2014-09-19 18:17 - 2014-08-20 10:05 - 00198656 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.dll
2014-09-19 18:17 - 2014-08-20 10:05 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-19 18:17 - 2014-08-20 10:02 - 00567808 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll
2014-09-19 18:17 - 2014-08-20 10:02 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-19 18:17 - 2014-06-24 00:35 - 00010450 _____ () C:\windows\system32\autoconfig.cab
2014-09-19 18:17 - 2014-06-23 23:40 - 00125952 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2014-09-19 18:17 - 2014-05-02 23:34 - 06974808 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2014-09-19 18:17 - 2014-04-29 15:32 - 00126464 _____ (Microsoft Corporation) C:\windows\system32\Robocopy.exe
2014-09-19 18:17 - 2014-04-29 15:32 - 00106496 _____ (Microsoft Corporation) C:\windows\SysWOW64\Robocopy.exe
2014-09-19 18:16 - 2014-05-28 21:04 - 00094552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys
2014-09-19 18:16 - 2014-05-07 18:34 - 00328024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Classpnp.sys
2014-09-19 18:16 - 2014-03-01 02:47 - 01258496 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2014-09-19 18:16 - 2014-03-01 02:47 - 01120768 _____ (Microsoft Corporation) C:\windows\system32\gpedit.dll
2014-09-19 18:16 - 2014-03-01 01:07 - 01075200 _____ (Microsoft Corporation) C:\windows\SysWOW64\gpedit.dll
2014-09-19 18:16 - 2014-02-28 23:59 - 00974848 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2014-09-19 18:16 - 2014-02-14 21:15 - 00078336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\IPMIDrv.sys
2014-09-19 18:16 - 2013-11-25 16:17 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidclass.sys
2014-09-19 18:07 - 2013-10-04 23:10 - 00285016 _____ (Microsoft Corporation) C:\windows\system32\Drivers\spaceport.sys
2014-09-19 18:07 - 2013-09-27 22:48 - 00778752 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2014-09-19 18:07 - 2013-09-27 20:58 - 00551424 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2014-09-19 18:07 - 2013-09-13 15:36 - 00247296 _____ (Microsoft Corporation) C:\windows\SysWOW64\ubpm.dll
2014-09-19 18:07 - 2013-09-13 15:33 - 00328192 _____ (Microsoft Corporation) C:\windows\system32\ubpm.dll
2014-09-19 18:07 - 2013-08-29 22:43 - 00061784 _____ (Microsoft Corporation) C:\windows\system32\Drivers\crashdmp.sys
2014-09-19 18:07 - 2013-08-29 22:20 - 01173504 _____ (Microsoft Corporation) C:\windows\system32\UIAutomationCore.dll
2014-09-19 18:07 - 2013-08-29 22:19 - 00626688 _____ (Microsoft Corporation) C:\windows\system32\resutils.dll
2014-09-19 18:07 - 2013-08-29 22:18 - 00374784 _____ (Microsoft Corporation) C:\windows\system32\clusapi.dll
2014-09-19 18:07 - 2013-08-29 16:48 - 00914432 _____ (Microsoft Corporation) C:\windows\SysWOW64\UIAutomationCore.dll
2014-09-19 18:07 - 2013-08-29 16:48 - 00488960 _____ (Microsoft Corporation) C:\windows\SysWOW64\resutils.dll
2014-09-19 18:07 - 2013-08-29 16:47 - 00302080 _____ (Microsoft Corporation) C:\windows\SysWOW64\clusapi.dll
2014-09-19 18:07 - 2013-08-20 23:39 - 00465240 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fvevol.sys
2014-09-19 18:07 - 2013-08-09 23:30 - 00151896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tpm.sys
2014-09-19 18:07 - 2013-07-24 16:10 - 10799104 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.UI.Xaml.dll
2014-09-19 18:07 - 2013-07-24 16:07 - 13661696 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.Xaml.dll
2014-09-19 18:06 - 2013-10-30 22:56 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\MPSSVC.dll
2014-09-19 18:06 - 2013-10-30 22:56 - 00758784 _____ (Microsoft Corporation) C:\windows\system32\FirewallAPI.dll
2014-09-19 18:06 - 2013-10-30 21:01 - 00550400 _____ (Microsoft Corporation) C:\windows\SysWOW64\FirewallAPI.dll
2014-09-19 18:06 - 2013-10-30 20:42 - 00074752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mpsdrv.sys
2014-09-19 18:06 - 2013-10-13 13:49 - 00100696 _____ (Microsoft Corporation) C:\windows\system32\Drivers\disk.sys
2014-09-19 18:06 - 2013-08-26 22:21 - 00227840 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll
2014-09-19 18:06 - 2013-08-26 22:19 - 00104448 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll
2014-09-19 18:06 - 2013-08-26 15:29 - 00199168 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll
2014-09-19 18:06 - 2013-08-26 15:28 - 00086016 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll
2014-09-19 18:06 - 2013-08-09 22:21 - 00448512 _____ (Microsoft Corporation) C:\windows\system32\SettingSync.dll
2014-09-19 18:06 - 2013-08-09 22:21 - 00128512 _____ (Microsoft Corporation) C:\windows\system32\SettingSyncInfo.dll
2014-09-19 18:06 - 2013-08-09 20:58 - 00356352 _____ (Microsoft Corporation) C:\windows\SysWOW64\SettingSync.dll
2014-09-19 18:06 - 2013-08-02 23:40 - 01374208 _____ (Microsoft Corporation) C:\windows\system32\wdc.dll
2014-09-19 18:06 - 2013-08-02 23:40 - 00566784 _____ (Microsoft Corporation) C:\windows\system32\wvc.dll
2014-09-19 18:06 - 2013-08-02 23:40 - 00462336 _____ (Microsoft Corporation) C:\windows\system32\sysmon.ocx
2014-09-19 18:06 - 2013-08-02 22:14 - 00399360 _____ (Microsoft Corporation) C:\windows\SysWOW64\sysmon.ocx
2014-09-19 18:06 - 2013-08-02 22:13 - 01245696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdc.dll
2014-09-19 18:06 - 2013-08-02 22:13 - 00437248 _____ (Microsoft Corporation) C:\windows\SysWOW64\wvc.dll
2014-09-19 18:06 - 2013-08-01 23:28 - 00222208 _____ (Microsoft Corporation) C:\windows\system32\shdocvw.dll
2014-09-19 18:06 - 2013-08-01 22:08 - 00199168 _____ (Microsoft Corporation) C:\windows\SysWOW64\shdocvw.dll
2014-09-19 18:06 - 2013-07-24 16:10 - 00158208 _____ (Microsoft Corporation) C:\windows\SysWOW64\mbsmsapi.dll
2014-09-19 18:06 - 2013-07-24 16:06 - 00225280 _____ (Microsoft Corporation) C:\windows\system32\mbsmsapi.dll
2014-09-19 18:06 - 2013-07-09 01:04 - 00120144 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msgpioclx.sys
2014-09-19 18:06 - 2013-07-08 23:18 - 00439488 _____ (Microsoft Corporation) C:\windows\system32\WerFault.exe
2014-09-19 18:06 - 2013-07-08 21:25 - 00385768 _____ (Microsoft Corporation) C:\windows\SysWOW64\WerFault.exe
2014-09-19 18:06 - 2013-07-08 20:57 - 00245760 _____ (Microsoft Corporation) C:\windows\SysWOW64\LocationApi.dll
2014-09-19 18:06 - 2013-07-08 15:46 - 00543744 _____ (Microsoft Corporation) C:\windows\system32\wwanmm.dll
2014-09-19 18:06 - 2013-07-08 15:46 - 00414208 _____ (Microsoft Corporation) C:\windows\system32\wwanconn.dll
2014-09-19 18:06 - 2013-07-08 15:46 - 00370688 _____ (Microsoft Corporation) C:\windows\system32\Wwanadvui.dll
2014-09-19 18:06 - 2013-07-08 15:45 - 00312832 _____ (Microsoft Corporation) C:\windows\system32\LocationApi.dll
2014-09-19 18:06 - 2013-07-02 17:23 - 00391168 _____ (Microsoft Corporation) C:\windows\system32\Windows.Networking.BackgroundTransfer.dll
2014-09-19 18:06 - 2013-07-02 17:22 - 02839552 _____ (Microsoft Corporation) C:\windows\system32\msftedit.dll
2014-09-19 18:06 - 2013-07-02 17:11 - 00268800 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2014-09-19 18:06 - 2013-07-02 17:10 - 02273792 _____ (Microsoft Corporation) C:\windows\SysWOW64\msftedit.dll
2014-09-19 18:06 - 2013-06-30 15:30 - 00067072 _____ (Microsoft Corporation) C:\windows\SysWOW64\openfiles.exe
2014-09-19 18:06 - 2013-06-30 15:29 - 00077312 _____ (Microsoft Corporation) C:\windows\system32\openfiles.exe
2014-09-19 18:06 - 2013-06-28 23:15 - 00195416 _____ (Microsoft Corporation) C:\windows\system32\Drivers\sdbus.sys
2014-09-19 18:06 - 2013-06-28 23:15 - 00125784 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dumpsd.sys
2014-09-19 18:06 - 2013-06-25 20:01 - 00321536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\udfs.sys
2014-09-19 18:06 - 2013-06-25 19:59 - 00341504 _____ (Microsoft Corporation) C:\windows\system32\Drivers\HdAudio.sys
2014-09-19 18:06 - 2013-06-24 15:54 - 00447488 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
2014-09-19 18:06 - 2013-06-18 22:36 - 00183808 _____ (Microsoft Corporation) C:\windows\system32\winmmbase.dll
2014-09-19 18:06 - 2013-06-18 22:36 - 00115712 _____ (Microsoft Corporation) C:\windows\system32\winmm.dll
2014-09-19 18:06 - 2013-06-18 15:38 - 00160256 _____ (Microsoft Corporation) C:\windows\SysWOW64\winmmbase.dll
2014-09-19 18:06 - 2013-06-18 15:38 - 00125440 _____ (Microsoft Corporation) C:\windows\SysWOW64\winmm.dll
2014-09-19 18:06 - 2013-06-11 16:43 - 00154112 _____ (Microsoft Corporation) C:\windows\SysWOW64\WinSCard.dll
2014-09-19 18:06 - 2013-06-11 16:26 - 00230912 _____ (Microsoft Corporation) C:\windows\system32\WinSCard.dll
2014-09-19 18:06 - 2013-06-06 01:03 - 00119040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBSTOR.SYS
2014-09-19 18:06 - 2013-04-09 16:17 - 01125888 _____ (Microsoft Corporation) C:\windows\system32\msctf.dll
2014-09-19 18:06 - 2013-04-09 15:29 - 00893952 _____ (Microsoft Corporation) C:\windows\SysWOW64\msctf.dll
2014-09-19 18:01 - 2014-09-21 17:44 - 00000000 ____D () C:\Users\User\Desktop\Malware
2014-09-19 17:56 - 2013-06-16 15:41 - 00997632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndis.sys
2014-09-19 17:56 - 2013-06-01 04:34 - 02391280 _____ (Microsoft Corporation) C:\windows\explorer.exe
2014-09-19 17:56 - 2013-06-01 03:24 - 02106176 _____ (Microsoft Corporation) C:\windows\SysWOW64\explorer.exe
2014-09-19 17:56 - 2013-06-01 02:25 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\samlib.dll
2014-09-19 17:56 - 2013-06-01 02:24 - 01453568 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfcore.dll
2014-09-19 17:56 - 2013-06-01 02:24 - 00850944 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfasfsrcsnk.dll
2014-09-19 17:56 - 2013-06-01 02:24 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscms.dll
2014-09-19 17:56 - 2013-06-01 02:23 - 01842176 _____ (Microsoft Corporation) C:\windows\SysWOW64\dwmcore.dll
2014-09-19 17:56 - 2013-06-01 02:23 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\vds.exe
2014-09-19 17:56 - 2013-06-01 02:22 - 00190976 _____ (Microsoft Corporation) C:\windows\system32\vdsutil.dll
2014-09-19 17:56 - 2013-06-01 02:22 - 00080896 _____ (Microsoft Corporation) C:\windows\system32\MbaeParserTask.exe
2014-09-19 17:56 - 2013-06-01 02:21 - 00729600 _____ (Microsoft Corporation) C:\windows\system32\samsrv.dll
2014-09-19 17:56 - 2013-06-01 02:21 - 00106496 _____ (Microsoft Corporation) C:\windows\system32\samlib.dll
2014-09-19 17:56 - 2013-06-01 02:20 - 02219520 _____ (Microsoft Corporation) C:\windows\system32\dwmcore.dll
2014-09-19 17:56 - 2013-06-01 02:20 - 01527808 _____ (Microsoft Corporation) C:\windows\system32\mfcore.dll
2014-09-19 17:56 - 2013-06-01 02:20 - 01048576 _____ (Microsoft Corporation) C:\windows\system32\mfasfsrcsnk.dll
2014-09-19 17:56 - 2013-06-01 02:20 - 00583168 _____ (Microsoft Corporation) C:\windows\system32\mscms.dll
2014-09-19 17:56 - 2013-06-01 02:19 - 00785408 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2014-09-19 17:56 - 2013-06-01 02:19 - 00207872 _____ (Microsoft Corporation) C:\windows\system32\DeviceSetupManager.dll
2014-09-19 17:56 - 2013-05-31 20:08 - 00037632 _____ (Microsoft Corporation) C:\windows\system32\Drivers\BthAvrcpTg.sys
2014-09-19 17:56 - 2013-05-24 15:09 - 01217352 _____ (Microsoft Corporation) C:\windows\system32\winresume.efi
2014-09-19 17:56 - 2013-05-24 15:09 - 01093904 _____ (Microsoft Corporation) C:\windows\system32\winresume.exe
2014-09-19 17:55 - 2012-11-26 23:39 - 01122768 _____ (Microsoft Corporation) C:\windows\system32\Taskmgr.exe
2014-09-19 17:55 - 2012-11-26 21:49 - 01027152 _____ (Microsoft Corporation) C:\windows\SysWOW64\Taskmgr.exe
2014-09-19 17:55 - 2012-11-26 21:20 - 01123840 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2014-09-19 17:55 - 2012-11-26 21:20 - 01048064 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
2014-09-19 17:55 - 2012-11-26 21:20 - 00798208 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebcamUi.dll
2014-09-19 17:55 - 2012-11-26 21:20 - 00560128 _____ (Microsoft Corporation) C:\windows\SysWOW64\UserLanguagesCpl.dll
2014-09-19 17:55 - 2012-11-26 21:20 - 00179200 _____ (Microsoft Corporation) C:\windows\SysWOW64\wpnapps.dll
2014-09-19 17:55 - 2012-11-26 21:20 - 00046592 _____ (Microsoft Corporation) C:\windows\SysWOW64\vds_ps.dll
2014-09-19 17:55 - 2012-11-26 21:19 - 00955904 _____ (Microsoft Corporation) C:\windows\system32\WebcamUi.dll
2014-09-19 17:55 - 2012-11-26 21:19 - 00631808 _____ (Microsoft Corporation) C:\windows\system32\UserLanguagesCpl.dll
2014-09-19 17:55 - 2012-11-26 21:19 - 00244736 _____ (Microsoft Corporation) C:\windows\system32\wpnapps.dll
2014-09-19 17:55 - 2012-11-19 22:24 - 01164800 _____ (Microsoft Corporation) C:\windows\SysWOW64\Display.dll
2014-09-19 17:55 - 2012-11-19 22:17 - 01184256 _____ (Microsoft Corporation) C:\windows\system32\Display.dll
2014-09-19 17:55 - 2012-11-19 22:02 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDKURD.DLL
2014-09-19 17:55 - 2012-11-19 21:59 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDKURD.DLL
2014-09-19 17:55 - 2012-11-06 00:33 - 01566432 _____ (Microsoft Corporation) C:\windows\system32\ole32.dll
2014-09-19 17:55 - 2012-11-05 21:48 - 01150160 _____ (Microsoft Corporation) C:\windows\SysWOW64\ole32.dll
2014-09-19 17:55 - 2012-11-05 21:20 - 00883712 _____ (Microsoft Corporation) C:\windows\HelpPane.exe
2014-09-19 17:55 - 2012-11-05 21:20 - 00516608 _____ (Microsoft Corporation) C:\windows\SysWOW64\winhttp.dll
2014-09-19 17:55 - 2012-11-05 21:20 - 00386560 _____ (Microsoft Corporation) C:\windows\SysWOW64\wlanmsm.dll
2014-09-19 17:55 - 2012-11-05 21:20 - 00375296 _____ (Microsoft Corporation) C:\windows\SysWOW64\wlansec.dll
2014-09-19 17:55 - 2012-11-05 21:20 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\rdpclip.exe
2014-09-19 17:55 - 2012-11-05 21:20 - 00202240 _____ (Microsoft Corporation) C:\windows\SysWOW64\wlanapi.dll
2014-09-19 17:55 - 2012-11-05 21:20 - 00093696 _____ (Microsoft Corporation) C:\windows\SysWOW64\WcnApi.dll
2014-09-19 17:55 - 2012-11-05 21:20 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\wfdprov.dll
2014-09-19 17:55 - 2012-11-05 21:19 - 08552448 _____ (Microsoft Corporation) C:\windows\SysWOW64\glcndFilter.dll
2014-09-19 17:55 - 2012-11-05 21:19 - 01386496 _____ (Microsoft Corporation) C:\windows\system32\wlansvc.dll
2014-09-19 17:55 - 2012-11-05 21:19 - 00710656 _____ (Microsoft Corporation) C:\windows\system32\winhttp.dll
2014-09-19 17:55 - 2012-11-05 21:19 - 00470016 _____ (Microsoft Corporation) C:\windows\system32\wlanmsm.dll
2014-09-19 17:55 - 2012-11-05 21:19 - 00466944 _____ (Microsoft Corporation) C:\windows\system32\wcncsvc.dll
2014-09-19 17:55 - 2012-11-05 21:19 - 00446464 _____ (Microsoft Corporation) C:\windows\system32\wlansec.dll
2014-09-19 17:55 - 2012-11-05 21:19 - 00273408 _____ (Microsoft Corporation) C:\windows\system32\wlanapi.dll
2014-09-19 17:55 - 2012-11-05 21:19 - 00126976 _____ (Microsoft Corporation) C:\windows\system32\WcnApi.dll
2014-09-19 17:55 - 2012-11-05 21:19 - 00126464 _____ (Microsoft Corporation) C:\windows\SysWOW64\MFCaptureEngine.dll
2014-09-19 17:55 - 2012-11-05 21:19 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\wfdprov.dll
2014-09-19 17:55 - 2012-11-05 21:19 - 00027136 _____ (Microsoft Corporation) C:\windows\system32\WcnEapPeerProxy.dll
2014-09-19 17:55 - 2012-11-05 21:19 - 00026624 _____ (Microsoft Corporation) C:\windows\system32\WcnEapAuthProxy.dll
2014-09-19 17:55 - 2012-11-05 21:18 - 11459584 _____ (Microsoft Corporation) C:\windows\system32\glcndFilter.dll
2014-09-19 17:55 - 2012-11-05 21:18 - 00189440 _____ (Microsoft Corporation) C:\windows\SysWOW64\bthprops.cpl
2014-09-19 17:55 - 2012-11-05 21:18 - 00172032 _____ (Microsoft Corporation) C:\windows\system32\MFCaptureEngine.dll
2014-09-19 17:55 - 2012-11-05 21:18 - 00102400 _____ (Microsoft Corporation) C:\windows\system32\fdWCN.dll
2014-09-19 17:55 - 2012-11-05 21:18 - 00084992 _____ (Microsoft Corporation) C:\windows\SysWOW64\fdWCN.dll
2014-09-19 17:55 - 2012-11-05 21:17 - 00212992 _____ (Microsoft Corporation) C:\windows\system32\bthprops.cpl
2014-09-19 17:55 - 2012-11-05 21:17 - 00110080 _____ (Microsoft Corporation) C:\windows\system32\dafWCN.dll
2014-09-19 17:55 - 2012-11-05 21:00 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\iscsilog.dll
2014-09-19 17:55 - 2012-11-05 20:58 - 00009728 _____ (Microsoft Corporation) C:\windows\system32\wlanhlp.dll
2014-09-19 17:55 - 2012-11-05 20:56 - 00009728 _____ (Microsoft Corporation) C:\windows\SysWOW64\wlanhlp.dll
2014-09-19 17:55 - 2012-11-05 20:55 - 00090624 _____ (Microsoft Corporation) C:\windows\system32\Drivers\amdk8.sys
2014-09-19 17:55 - 2012-11-05 20:55 - 00089088 _____ (Microsoft Corporation) C:\windows\system32\Drivers\intelppm.sys
2014-09-19 17:55 - 2012-11-05 20:55 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\amdppm.sys
2014-09-19 17:55 - 2012-11-05 20:55 - 00087552 _____ (Microsoft Corporation) C:\windows\system32\Drivers\processr.sys
2014-09-19 17:55 - 2012-11-05 20:55 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fxppm.sys
2014-09-19 17:55 - 2012-09-10 22:28 - 00023552 _____ (Microsoft Corporation) C:\windows\system32\vdsldr.exe
2014-09-19 17:55 - 2012-09-10 22:27 - 00120832 _____ (Microsoft Corporation) C:\windows\system32\vds_ps.dll
2014-09-19 14:12 - 2014-09-19 14:12 - 00003543 _____ () C:\Users\User\Documents\Windows Update Fix.txt
2014-09-19 11:44 - 2014-09-19 11:44 - 00000000 ____D () C:\Users\User\AppData\Roaming\Nitro PDF
2014-09-19 09:46 - 2014-09-02 12:32 - 00705480 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-09-19 09:46 - 2014-09-02 12:32 - 00104904 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-19 04:27 - 2014-08-16 02:34 - 02239488 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-09-19 04:27 - 2014-08-16 02:34 - 01407488 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-09-19 04:27 - 2014-08-16 02:34 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2014-09-19 04:27 - 2014-08-16 02:34 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-09-19 04:27 - 2014-08-16 02:33 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-09-19 04:27 - 2014-08-16 02:33 - 00097280 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-09-19 04:27 - 2014-08-16 02:32 - 15399424 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-09-19 04:27 - 2014-08-16 02:32 - 03959296 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-09-19 04:27 - 2014-08-16 02:32 - 02655232 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-09-19 04:27 - 2014-08-16 02:32 - 01508864 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-09-19 04:27 - 2014-08-16 02:32 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-09-19 04:27 - 2014-08-16 02:32 - 00451584 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-09-19 04:27 - 2014-08-16 02:32 - 00281600 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-09-19 04:27 - 2014-08-16 02:32 - 00255488 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-09-19 04:27 - 2014-08-16 00:37 - 01766400 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-09-19 04:27 - 2014-08-16 00:37 - 01180672 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-09-19 04:27 - 2014-08-16 00:36 - 13757440 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-09-19 04:27 - 2014-08-16 00:36 - 02861568 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-09-19 04:27 - 2014-08-16 00:36 - 02055168 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-09-19 04:27 - 2014-08-16 00:36 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-09-19 04:27 - 2014-08-16 00:36 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-09-19 04:27 - 2014-08-16 00:36 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-09-19 04:27 - 2014-08-16 00:36 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-09-19 04:27 - 2014-08-16 00:36 - 00226816 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-09-19 04:27 - 2014-08-16 00:36 - 00080384 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-09-19 04:27 - 2014-08-16 00:35 - 01440768 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-09-19 04:27 - 2014-03-06 17:47 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-09-19 04:27 - 2013-05-15 15:37 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
2014-09-19 04:27 - 2013-05-15 15:35 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
2014-09-19 04:27 - 2013-05-14 06:14 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-09-19 04:27 - 2013-05-14 02:23 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-09-19 04:27 - 2013-02-21 03:29 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-09-19 04:27 - 2013-02-21 03:29 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-09-19 04:27 - 2013-02-21 03:29 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-09-19 04:27 - 2013-02-21 03:29 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-09-19 04:27 - 2013-02-21 03:14 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-09-19 04:27 - 2013-02-21 03:14 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-09-19 04:27 - 2013-02-19 02:53 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll
2014-09-19 04:27 - 2012-11-07 21:20 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-09-19 04:27 - 2012-11-07 21:20 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-09-19 04:26 - 2014-08-16 02:33 - 19280384 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-09-19 04:26 - 2014-08-16 00:36 - 14369280 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-09-19 04:24 - 2014-09-19 04:25 - 00000000 ____D () C:\windows\system32\MRT
2014-09-19 04:24 - 2014-08-29 13:01 - 101694776 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-09-19 04:22 - 2014-06-10 15:44 - 00035480 _____ (Microsoft Corporation) C:\windows\system32\TsWpfWrp.exe
2014-09-19 04:22 - 2014-06-10 15:43 - 00035480 _____ (Microsoft Corporation) C:\windows\SysWOW64\TsWpfWrp.exe
2014-09-19 04:20 - 2014-01-30 17:48 - 00143872 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.dll
2014-09-19 04:17 - 2013-07-01 15:14 - 00025600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbprint.sys
2014-09-19 04:17 - 2013-06-28 20:08 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidparse.sys
2014-09-19 04:17 - 2013-05-03 21:48 - 00027648 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidusb.sys
2014-09-19 04:17 - 2012-11-19 21:54 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidi2c.sys
2014-09-19 04:15 - 2014-07-23 20:33 - 00875688 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcr120_clr0400.dll
2014-09-19 04:15 - 2014-07-23 20:33 - 00869544 _____ (Microsoft Corporation) C:\windows\system32\msvcr120_clr0400.dll
2014-09-19 04:14 - 2014-06-02 15:33 - 00265216 _____ (Microsoft Corporation) C:\windows\system32\InkEd.dll
2014-09-19 04:13 - 2013-04-23 16:13 - 01013248 _____ (Microsoft Corporation) C:\windows\SysWOW64\certutil.exe
2014-09-19 04:13 - 2013-04-23 16:12 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptnet.dll
2014-09-19 04:13 - 2013-04-23 15:56 - 01255936 _____ (Microsoft Corporation) C:\windows\system32\certutil.exe
2014-09-19 04:13 - 2013-04-23 15:55 - 00141312 _____ (Microsoft Corporation) C:\windows\system32\cryptnet.dll
2014-09-19 04:11 - 2013-05-26 16:17 - 00035328 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2014-09-19 04:11 - 2013-05-26 15:59 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2014-09-19 04:11 - 2013-05-24 20:15 - 00362496 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2014-09-19 04:11 - 2013-05-24 19:32 - 00300032 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2014-09-19 04:11 - 2013-03-02 01:23 - 00375808 _____ (Microsoft Corporation) C:\windows\SysWOW64\ReAgent.dll
2014-09-19 04:11 - 2013-03-01 19:44 - 01011200 _____ (Microsoft Corporation) C:\windows\system32\reseteng.dll
2014-09-19 04:11 - 2012-12-14 21:55 - 00443392 _____ (Microsoft Corporation) C:\windows\system32\ReAgent.dll
2014-09-19 04:11 - 2012-11-07 21:24 - 00075776 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2014-09-19 04:11 - 2012-11-07 21:24 - 00010752 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2014-09-19 04:11 - 2012-11-07 21:20 - 00096256 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2014-09-19 04:11 - 2012-11-07 21:20 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2014-09-19 04:11 - 2012-11-07 21:02 - 00003072 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2014-09-19 04:11 - 2012-11-07 21:01 - 00003072 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2014-09-19 04:11 - 2012-11-02 22:26 - 00132096 _____ (Microsoft Corporation) C:\windows\system32\sysreset.exe
2014-09-19 04:11 - 2012-11-02 22:25 - 00945152 _____ (Microsoft Corporation) C:\windows\system32\resetengmig.dll
2014-09-19 04:10 - 2014-04-12 02:27 - 00172888 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-09-19 04:10 - 2014-04-12 02:10 - 00578048 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2014-09-19 04:10 - 2014-04-12 02:09 - 01043968 _____ (Microsoft Corporation) C:\windows\system32\usercpl.dll
2014-09-19 04:10 - 2014-04-12 02:09 - 00208896 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-09-19 04:10 - 2014-04-12 02:09 - 00094720 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-09-19 04:10 - 2014-04-12 02:08 - 00827904 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-09-19 04:10 - 2014-04-12 02:08 - 00318464 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-09-19 04:10 - 2014-04-12 02:07 - 00020480 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-09-19 04:10 - 2014-04-12 00:23 - 00961536 _____ (Microsoft Corporation) C:\windows\SysWOW64\usercpl.dll
2014-09-19 04:10 - 2014-04-12 00:23 - 00273920 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-09-19 04:10 - 2014-04-12 00:23 - 00178688 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-09-19 04:10 - 2014-04-12 00:23 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-09-19 04:10 - 2014-04-12 00:22 - 00666624 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-09-19 04:10 - 2014-04-12 00:22 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-09-19 04:10 - 2014-04-11 23:58 - 00014848 _____ (Microsoft Corporation) C:\windows\system32\workerdd.dll
2014-09-19 04:10 - 2014-03-10 20:25 - 00100184 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2014-09-19 04:10 - 2014-03-10 17:41 - 00559104 _____ (Microsoft Corporation) C:\windows\SysWOW64\objsel.dll
2014-09-19 04:10 - 2014-03-10 17:41 - 00038400 _____ (Microsoft Corporation) C:\windows\SysWOW64\dimsroam.dll
2014-09-19 04:10 - 2014-03-10 17:39 - 00035840 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2014-09-19 04:10 - 2014-03-10 17:38 - 00982016 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2014-09-19 04:10 - 2014-03-10 17:38 - 00684032 _____ (Microsoft Corporation) C:\windows\system32\objsel.dll
2014-09-19 04:10 - 2014-03-10 17:38 - 00179712 _____ (Microsoft Corporation) C:\windows\system32\dpapisrv.dll
2014-09-19 04:10 - 2014-03-10 17:38 - 00164864 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2014-09-19 04:10 - 2014-03-10 17:38 - 00045056 _____ (Microsoft Corporation) C:\windows\system32\dimsroam.dll
2014-09-19 04:10 - 2014-03-10 17:38 - 00027648 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2014-09-19 04:10 - 2014-03-09 20:05 - 00668160 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2014-09-19 04:10 - 2014-03-09 18:27 - 00099840 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-09-19 04:10 - 2014-03-03 16:07 - 00570216 _____ (Microsoft Corporation) C:\windows\system32\Drivers\cng.sys
2014-09-19 04:10 - 2013-04-11 15:30 - 01421312 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2014-09-19 04:10 - 2013-04-11 15:22 - 01838080 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2014-09-19 04:10 - 2013-02-02 01:40 - 00410624 _____ (Microsoft Corporation) C:\windows\SysWOW64\wlroamextension.dll
2014-09-19 04:10 - 2013-02-02 01:40 - 00370688 _____ (Microsoft Corporation) C:\windows\SysWOW64\WWanAPI.dll
2014-09-19 04:10 - 2013-02-02 01:40 - 00197632 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Networking.Connectivity.dll
2014-09-19 04:10 - 2013-02-02 01:40 - 00155136 _____ (Microsoft Corporation) C:\windows\SysWOW64\XpsRasterService.dll
2014-09-19 04:10 - 2013-02-02 01:40 - 00080896 _____ (Microsoft Corporation) C:\windows\SysWOW64\tasklist.exe
2014-09-19 04:10 - 2013-02-02 01:40 - 00079360 _____ (Microsoft Corporation) C:\windows\SysWOW64\taskkill.exe
2014-09-19 04:10 - 2013-02-02 01:39 - 00055296 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlaapi.dll
2014-09-19 04:10 - 2013-02-02 01:39 - 00015872 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlmproxy.dll
2014-09-19 04:10 - 2013-02-02 01:39 - 00012288 _____ (Microsoft Corporation) C:\windows\SysWOW64\nlmsprep.dll
2014-09-19 04:10 - 2013-02-02 01:38 - 00567808 _____ (Microsoft Corporation) C:\windows\SysWOW64\duser.dll
2014-09-19 04:10 - 2013-02-02 01:24 - 00107520 _____ (Microsoft Corporation) C:\windows\system32\taskkill.exe
2014-09-19 04:10 - 2013-02-02 01:24 - 00102400 _____ (Microsoft Corporation) C:\windows\system32\tasklist.exe
2014-09-19 04:10 - 2013-02-02 01:23 - 00611840 _____ (Microsoft Corporation) C:\windows\system32\wpd_ci.dll
2014-09-19 04:10 - 2013-02-02 01:23 - 00543232 _____ (Microsoft Corporation) C:\windows\system32\wlroamextension.dll
2014-09-19 04:10 - 2013-02-02 01:23 - 00475136 _____ (Microsoft Corporation) C:\windows\system32\WWanAPI.dll
2014-09-19 04:10 - 2013-02-02 01:23 - 00293376 _____ (Microsoft Corporation) C:\windows\system32\Windows.Networking.Connectivity.dll
2014-09-19 04:10 - 2013-02-02 01:23 - 00228352 _____ (Microsoft Corporation) C:\windows\system32\XpsRasterService.dll
2014-09-19 04:10 - 2013-02-02 01:23 - 00087552 _____ (Microsoft Corporation) C:\windows\system32\wersvc.dll
2014-09-19 04:10 - 2013-02-02 01:21 - 00385024 _____ (Microsoft Corporation) C:\windows\system32\ncsi.dll
2014-09-19 04:10 - 2013-02-02 01:20 - 00729600 _____ (Microsoft Corporation) C:\windows\system32\duser.dll
2014-09-19 04:10 - 2013-02-02 01:20 - 00260096 _____ (Microsoft Corporation) C:\windows\system32\hotspotauth.dll
2014-09-19 04:10 - 2013-02-02 00:25 - 00297984 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ks.sys
2014-09-19 04:10 - 2013-02-01 22:41 - 01437184 _____ (Microsoft Corporation) C:\windows\SysWOW64\GdiPlus.dll
2014-09-19 04:10 - 2013-02-01 22:31 - 01690624 _____ (Microsoft Corporation) C:\windows\system32\GdiPlus.dll
2014-09-19 04:10 - 2012-11-26 20:57 - 00018432 _____ (Microsoft Corporation) C:\windows\system32\Drivers\BtaMPM.sys
2014-09-19 04:10 - 2012-11-26 20:55 - 00029952 _____ (Microsoft Corporation) C:\windows\system32\Drivers\BthhfHid.sys
2014-09-19 04:08 - 2014-08-22 23:47 - 04036096 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-09-19 04:08 - 2014-07-15 16:03 - 01300992 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-09-19 04:08 - 2014-07-11 19:36 - 01023488 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-09-19 04:08 - 2013-06-30 18:42 - 00623448 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
2014-09-19 04:08 - 2013-06-30 18:42 - 00498008 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys
2014-09-19 04:08 - 2013-06-30 18:42 - 00079192 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
2014-09-19 04:08 - 2013-06-30 18:42 - 00021848 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys
2014-09-19 04:08 - 2013-06-28 20:07 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys
2014-09-19 04:08 - 2013-06-28 20:06 - 00120832 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys
2014-09-19 04:08 - 2013-02-11 17:17 - 00020992 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usb8023.sys
2014-09-19 04:08 - 2012-11-19 21:56 - 00027136 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbohci.sys
2014-09-19 04:07 - 2013-05-14 19:25 - 00888320 _____ (Microsoft Corporation) C:\windows\system32\autochk.exe
2014-09-19 04:07 - 2013-05-14 19:25 - 00542208 _____ (Microsoft Corporation) C:\windows\system32\untfs.dll
2014-09-19 04:07 - 2013-05-14 19:24 - 00793088 _____ (Microsoft Corporation) C:\windows\SysWOW64\autochk.exe
2014-09-19 04:07 - 2013-05-14 19:24 - 00482816 _____ (Microsoft Corporation) C:\windows\SysWOW64\untfs.dll
2014-09-19 04:07 - 2013-05-04 00:58 - 00120736 _____ (Microsoft Corporation) C:\windows\system32\AuthHost.exe
2014-09-19 04:07 - 2013-05-03 23:59 - 01483776 _____ (Microsoft Corporation) C:\windows\system32\VSSVC.exe
2014-09-19 04:07 - 2013-05-03 23:59 - 00812544 _____ (Microsoft Corporation) C:\windows\system32\Magnify.exe
2014-09-19 04:07 - 2013-05-03 23:58 - 01332736 _____ (Microsoft Corporation) C:\windows\system32\sysmain.dll
2014-09-19 04:07 - 2013-05-03 23:58 - 00470528 _____ (Microsoft Corporation) C:\windows\system32\netprofmsvc.dll
2014-09-19 04:07 - 2013-05-03 23:58 - 00330240 _____ (Microsoft Corporation) C:\windows\system32\stobject.dll
2014-09-19 04:07 - 2013-05-03 23:58 - 00169984 _____ (Microsoft Corporation) C:\windows\system32\netplwiz.dll
2014-09-19 04:07 - 2013-05-03 23:58 - 00151552 _____ (Microsoft Corporation) C:\windows\system32\netprofm.dll
2014-09-19 04:07 - 2013-05-03 23:58 - 00093696 _____ (Microsoft Corporation) C:\windows\system32\psmsrv.dll
2014-09-19 04:07 - 2013-05-03 23:57 - 01131520 _____ (Microsoft Corporation) C:\windows\system32\AppXDeploymentServer.dll
2014-09-19 04:07 - 2013-05-03 23:57 - 00708096 _____ (Microsoft Corporation) C:\windows\system32\AppXDeploymentExtensions.dll
2014-09-19 04:07 - 2013-05-03 23:57 - 00560640 _____ (Microsoft Corporation) C:\windows\system32\mfmp4srcsnk.dll
2014-09-19 04:07 - 2013-05-03 23:57 - 00501760 _____ (Microsoft Corporation) C:\windows\system32\DevicePairing.dll
2014-09-19 04:07 - 2013-05-03 23:57 - 00389120 _____ (Microsoft Corporation) C:\windows\system32\BCP47Langs.dll
2014-09-19 04:07 - 2013-05-03 23:57 - 00179712 _____ (Microsoft Corporation) C:\windows\system32\bisrv.dll
2014-09-19 04:07 - 2013-05-03 23:57 - 00122368 _____ (Microsoft Corporation) C:\windows\system32\biwinrt.dll
2014-09-19 04:07 - 2013-05-03 23:57 - 00017408 _____ (Microsoft Corporation) C:\windows\system32\muifontsetup.dll
2014-09-19 04:07 - 2013-05-03 23:56 - 00419840 _____ (Microsoft Corporation) C:\windows\system32\intl.cpl
2014-09-19 04:07 - 2013-05-03 21:58 - 00758784 _____ (Microsoft Corporation) C:\windows\SysWOW64\Magnify.exe
2014-09-19 04:07 - 2013-05-03 21:57 - 00303616 _____ (Microsoft Corporation) C:\windows\SysWOW64\stobject.dll
2014-09-19 04:07 - 2013-05-03 21:57 - 00151040 _____ (Microsoft Corporation) C:\windows\SysWOW64\netplwiz.dll
2014-09-19 04:07 - 2013-05-03 21:57 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\netprofm.dll
2014-09-19 04:07 - 2013-05-03 21:57 - 00018432 _____ (Microsoft Corporation) C:\windows\SysWOW64\npmproxy.dll
2014-09-19 04:07 - 2013-05-03 21:57 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\muifontsetup.dll
2014-09-19 04:07 - 2013-05-03 21:56 - 00449536 _____ (Microsoft Corporation) C:\windows\SysWOW64\DevicePairing.dll
2014-09-19 04:07 - 2013-05-03 21:56 - 00411136 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfmp4srcsnk.dll
2014-09-19 04:07 - 2013-05-03 21:56 - 00309760 _____ (Microsoft Corporation) C:\windows\SysWOW64\BCP47Langs.dll
2014-09-19 04:07 - 2013-05-03 21:56 - 00092160 _____ (Microsoft Corporation) C:\windows\SysWOW64\biwinrt.dll
2014-09-19 04:07 - 2013-05-03 21:55 - 00389632 _____ (Microsoft Corporation) C:\windows\SysWOW64\intl.cpl
2014-09-19 04:07 - 2013-05-03 21:51 - 00014848 _____ (Microsoft) C:\windows\system32\rars.rs
2014-09-19 04:07 - 2013-05-03 21:47 - 00427520 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdbss.sys
2014-09-19 04:07 - 2013-05-03 21:10 - 00014848 _____ (Microsoft) C:\windows\SysWOW64\rars.rs
2014-09-19 04:05 - 2013-12-04 16:43 - 00583680 _____ (Microsoft Corporation) C:\windows\system32\msdrm.dll
2014-09-19 04:05 - 2013-12-04 16:37 - 00451072 _____ (Microsoft Corporation) C:\windows\SysWOW64\msdrm.dll
2014-09-19 04:05 - 2013-07-19 15:13 - 00124112 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-09-19 04:05 - 2013-07-19 15:13 - 00102608 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-09-19 04:04 - 2013-11-19 17:15 - 03842560 _____ (Microsoft Corporation) C:\windows\system32\d2d1.dll
2014-09-19 04:04 - 2013-11-19 16:57 - 03288576 _____ (Microsoft Corporation) C:\windows\SysWOW64\d2d1.dll
2014-09-19 04:04 - 2013-10-10 02:32 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\cscript.exe
2014-09-19 04:04 - 2013-10-10 02:30 - 00162304 _____ (Microsoft Corporation) C:\windows\SysWOW64\scrobj.dll
2014-09-19 04:04 - 2013-10-10 02:30 - 00156160 _____ (Microsoft Corporation) C:\windows\SysWOW64\scrrun.dll
2014-09-19 04:04 - 2013-10-10 02:24 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\wshom.ocx
2014-09-19 04:04 - 2013-10-10 02:23 - 00146944 _____ (Microsoft Corporation) C:\windows\system32\cscript.exe
2014-09-19 04:04 - 2013-10-10 02:22 - 00222720 _____ (Microsoft Corporation) C:\windows\system32\scrobj.dll
2014-09-19 04:04 - 2013-10-10 02:22 - 00194048 _____ (Microsoft Corporation) C:\windows\system32\scrrun.dll
2014-09-19 04:04 - 2013-07-12 23:18 - 00337408 _____ (Microsoft Corporation) C:\windows\system32\wintrust.dll
2014-09-19 04:04 - 2013-07-12 23:16 - 00068096 _____ (Microsoft Corporation) C:\windows\system32\cryptsvc.dll
2014-09-19 04:04 - 2013-07-12 23:15 - 00124416 _____ (Microsoft Corporation) C:\windows\system32\apprepapi.dll
2014-09-19 04:04 - 2013-07-12 23:15 - 00098304 _____ (Microsoft Corporation) C:\windows\system32\apprepsync.dll
2014-09-19 04:04 - 2013-07-12 21:24 - 00261120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wintrust.dll
2014-09-19 04:04 - 2013-07-12 21:23 - 00087040 _____ (Microsoft Corporation) C:\windows\SysWOW64\apprepapi.dll
2014-09-19 04:04 - 2013-07-12 21:23 - 00074240 _____ (Microsoft Corporation) C:\windows\SysWOW64\apprepsync.dll
2014-09-19 04:04 - 2013-07-01 18:41 - 00337752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBXHCI.SYS
2014-09-19 04:04 - 2013-07-01 18:41 - 00213336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\UCX01000.SYS
2014-09-19 04:04 - 2012-11-02 22:26 - 00034816 _____ (Microsoft Corporation) C:\windows\system32\dpnsvr.exe
2014-09-19 04:04 - 2012-11-02 22:26 - 00032256 _____ (Microsoft Corporation) C:\windows\SysWOW64\dpnsvr.exe
2014-09-19 04:04 - 2012-11-02 22:24 - 00463872 _____ (Microsoft Corporation) C:\windows\system32\dpnet.dll
2014-09-19 04:04 - 2012-11-02 22:24 - 00375808 _____ (Microsoft Corporation) C:\windows\SysWOW64\dpnet.dll
2014-09-19 04:04 - 2012-11-02 22:24 - 00067584 _____ (Microsoft Corporation) C:\windows\system32\dpnathlp.dll
2014-09-19 04:04 - 2012-11-02 22:24 - 00058880 _____ (Microsoft Corporation) C:\windows\SysWOW64\dpnathlp.dll
2014-09-19 04:04 - 2012-11-02 22:24 - 00009216 _____ (Microsoft Corporation) C:\windows\system32\dpnhupnp.dll
2014-09-19 04:04 - 2012-11-02 22:24 - 00009216 _____ (Microsoft Corporation) C:\windows\system32\dpnhpast.dll
2014-09-19 04:04 - 2012-11-02 22:24 - 00008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\dpnhupnp.dll
2014-09-19 04:04 - 2012-11-02 22:24 - 00008192 _____ (Microsoft Corporation) C:\windows\SysWOW64\dpnhpast.dll
2014-09-19 04:04 - 2012-11-02 22:04 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\dpnlobby.dll
2014-09-19 04:04 - 2012-11-02 22:04 - 00003584 _____ (Microsoft Corporation) C:\windows\system32\dpnaddr.dll
2014-09-19 04:04 - 2012-11-02 22:00 - 00003072 _____ (Microsoft Corporation) C:\windows\SysWOW64\dpnlobby.dll
2014-09-19 04:04 - 2012-11-02 22:00 - 00002560 _____ (Microsoft Corporation) C:\windows\SysWOW64\dpnaddr.dll
2014-09-19 04:04 - 2012-10-23 20:25 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\pcalua.exe
2014-09-19 04:04 - 2012-10-23 20:24 - 00405504 _____ (Microsoft Corporation) C:\windows\system32\pcasvc.dll
2014-09-19 04:04 - 2012-10-23 20:24 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\pcadm.dll
2014-09-19 04:04 - 2012-10-23 20:05 - 00011776 _____ (Microsoft Corporation) C:\windows\system32\pcaevts.dll
2014-09-19 04:03 - 2014-05-29 15:24 - 00576512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2014-09-19 04:03 - 2013-11-22 23:43 - 00420864 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2014-09-19 04:03 - 2013-11-22 22:05 - 00368640 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll
2014-09-19 04:03 - 2013-08-23 00:22 - 02062848 _____ (Microsoft Corporation) C:\windows\system32\d3d11.dll
2014-09-19 04:03 - 2013-08-22 18:44 - 01711616 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d11.dll
2014-09-19 04:03 - 2013-03-21 20:49 - 02382336 _____ (Microsoft Corporation) C:\windows\SysWOW64\esent.dll
2014-09-19 04:03 - 2013-03-21 15:47 - 02851840 _____ (Microsoft Corporation) C:\windows\system32\esent.dll
2014-09-19 04:03 - 2013-03-14 17:17 - 00861184 _____ (Microsoft Corporation) C:\windows\system32\Drivers\http.sys
2014-09-19 04:02 - 2014-06-06 07:06 - 00596480 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-09-19 04:02 - 2014-06-06 03:17 - 00497152 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-09-19 04:02 - 2014-06-05 10:56 - 00112984 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2014-09-19 04:02 - 2014-06-05 10:29 - 00393216 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2014-09-19 04:02 - 2014-06-05 06:11 - 00295424 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2014-09-19 04:02 - 2013-04-02 16:37 - 00025088 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptdlg.dll
2014-09-19 04:02 - 2013-04-02 16:12 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\cryptdlg.dll
2014-09-19 04:02 - 2013-03-05 23:29 - 00070144 _____ (Microsoft Corporation) C:\windows\system32\appinfo.dll
2014-09-19 04:02 - 2013-03-02 03:39 - 00069864 _____ (Microsoft Corporation) C:\windows\system32\Drivers\pdc.sys
2014-09-19 04:01 - 2014-06-19 16:35 - 01312768 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2014-09-19 04:01 - 2014-06-19 15:24 - 00694272 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2014-09-19 04:01 - 2014-04-03 04:22 - 02233176 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2014-09-19 04:01 - 2014-01-30 17:48 - 01339392 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-09-19 04:01 - 2014-01-30 17:06 - 01628160 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-09-19 04:01 - 2013-04-08 21:51 - 14267904 _____ (Microsoft Corporation) C:\windows\system32\wmp.dll
2014-09-19 04:01 - 2013-04-08 21:51 - 03552768 _____ (Microsoft Corporation) C:\windows\system32\tquery.dll
2014-09-19 04:01 - 2013-04-08 21:50 - 02107904 _____ (Microsoft Corporation) C:\windows\system32\mssrch.dll
2014-09-19 04:01 - 2013-04-08 14:52 - 11878912 _____ (Microsoft Corporation) C:\windows\SysWOW64\wmp.dll
2014-09-19 04:01 - 2013-04-08 14:51 - 02767360 _____ (Microsoft Corporation) C:\windows\SysWOW64\tquery.dll
2014-09-19 04:01 - 2013-03-02 02:59 - 00411880 _____ (Microsoft Corporation) C:\windows\system32\Drivers\FWPKCLNT.SYS
2014-09-19 04:00 - 2013-04-08 22:33 - 00489576 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2014-09-19 04:00 - 2013-04-08 22:33 - 00446792 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2014-09-19 04:00 - 2013-04-08 22:33 - 00253544 _____ (Microsoft Corporation) C:\windows\system32\audiodg.exe
2014-09-19 04:00 - 2013-04-08 22:20 - 00306952 _____ (Microsoft Corporation) C:\windows\system32\kd_02_10ec.dll
2014-09-19 04:00 - 2013-04-08 22:20 - 00086280 _____ (Microsoft Corporation) C:\windows\system32\kdnet.dll
2014-09-19 04:00 - 2013-04-08 22:18 - 00077960 _____ (Microsoft Corporation) C:\windows\system32\kdvm.dll
2014-09-19 04:00 - 2013-04-08 21:52 - 00816128 _____ (Microsoft Corporation) C:\windows\system32\SearchIndexer.exe
2014-09-19 04:00 - 2013-04-08 21:52 - 00804352 _____ (Microsoft Corporation) C:\windows\system32\RecoveryDrive.exe
2014-09-19 04:00 - 2013-04-08 21:52 - 00373760 _____ (Microsoft Corporation) C:\windows\system32\SearchProtocolHost.exe
2014-09-19 04:00 - 2013-04-08 21:52 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\SearchFilterHost.exe
2014-09-19 04:00 - 2013-04-08 21:51 - 00595456 _____ (Microsoft Corporation) C:\windows\system32\Windows.Networking.dll
2014-09-19 04:00 - 2013-04-08 21:51 - 00456704 _____ (Microsoft Corporation) C:\windows\system32\wpncore.dll
2014-09-19 04:00 - 2013-04-08 21:51 - 00367616 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2014-09-19 04:00 - 2013-04-08 21:51 - 00099840 _____ (Microsoft Corporation) C:\windows\system32\wscsvc.dll
2014-09-19 04:00 - 2013-04-08 21:50 - 00745984 _____ (Microsoft Corporation) C:\windows\system32\mssvp.dll
2014-09-19 04:00 - 2013-04-08 21:50 - 00435200 _____ (Microsoft Corporation) C:\windows\system32\mssph.dll
2014-09-19 04:00 - 2013-04-08 21:50 - 00414720 _____ (Microsoft Corporation) C:\windows\system32\GenuineCenter.dll
2014-09-19 04:00 - 2013-04-08 21:50 - 00096256 _____ (Microsoft Corporation) C:\windows\system32\mssprxy.dll
2014-09-19 04:00 - 2013-04-08 21:50 - 00065024 _____ (Microsoft Corporation) C:\windows\system32\msscntrs.dll
2014-09-19 04:00 - 2013-04-08 21:50 - 00013824 _____ (Microsoft Corporation) C:\windows\system32\msshooks.dll
2014-09-19 04:00 - 2013-04-08 21:49 - 01444864 _____ (Microsoft Corporation) C:\windows\system32\MSAudDecMFT.dll
2014-09-19 04:00 - 2013-04-08 21:49 - 00468992 _____ (Microsoft Corporation) C:\windows\system32\MFMediaEngine.dll
2014-09-19 04:00 - 2013-04-08 21:49 - 00281088 _____ (Microsoft Corporation) C:\windows\system32\mfreadwrite.dll
2014-09-19 04:00 - 2013-04-08 21:49 - 00231936 _____ (Microsoft Corporation) C:\windows\system32\fhengine.dll
2014-09-19 04:00 - 2013-04-08 21:49 - 00210432 _____ (Microsoft Corporation) C:\windows\system32\iuilp.dll
2014-09-19 04:00 - 2013-04-08 21:49 - 00196096 _____ (Microsoft Corporation) C:\windows\system32\dmvdsitf.dll
2014-09-19 04:00 - 2013-04-08 21:49 - 00172544 _____ (Microsoft Corporation) C:\windows\system32\dwmredir.dll
2014-09-19 04:00 - 2013-04-08 21:49 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\fmifs.dll
2014-09-19 04:00 - 2013-04-08 21:48 - 00169472 _____ (Microsoft Corporation) C:\windows\system32\AudioEndpointBuilder.dll
2014-09-19 04:00 - 2013-04-08 19:34 - 00095744 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidbth.sys
2014-09-19 04:00 - 2013-04-08 19:33 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ndproxy.sys
2014-09-19 04:00 - 2013-04-08 19:32 - 00805376 _____ (Microsoft Corporation) C:\windows\system32\Drivers\PEAuth.sys
2014-09-19 04:00 - 2013-04-08 19:31 - 00083456 _____ (Microsoft Corporation) C:\windows\system32\Drivers\wanarp.sys
2014-09-19 04:00 - 2013-04-08 16:44 - 00123880 _____ (Microsoft Corporation) C:\windows\SysWOW64\wscapi.dll
2014-09-19 04:00 - 2013-04-08 16:37 - 00426024 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2014-09-19 04:00 - 2013-04-08 16:37 - 00324368 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2014-09-19 04:00 - 2013-04-08 14:52 - 00670208 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchIndexer.exe
2014-09-19 04:00 - 2013-04-08 14:52 - 00302592 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchProtocolHost.exe
2014-09-19 04:00 - 2013-04-08 14:52 - 00171008 _____ (Microsoft Corporation) C:\windows\SysWOW64\SearchFilterHost.exe
2014-09-19 04:00 - 2013-04-08 14:51 - 01593344 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssrch.dll
2014-09-19 04:00 - 2013-04-08 14:51 - 01113600 _____ (Microsoft Corporation) C:\windows\SysWOW64\MSAudDecMFT.dll
2014-09-19 04:00 - 2013-04-08 14:51 - 00659456 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssvp.dll
2014-09-19 04:00 - 2013-04-08 14:51 - 00411136 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Networking.dll
2014-09-19 04:00 - 2013-04-08 14:51 - 00403968 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssph.dll
2014-09-19 04:00 - 2013-04-08 14:51 - 00361984 _____ (Microsoft Corporation) C:\windows\SysWOW64\MFMediaEngine.dll
2014-09-19 04:00 - 2013-04-08 14:51 - 00214528 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfreadwrite.dll
2014-09-19 04:00 - 2013-04-08 14:51 - 00186880 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssphtb.dll
2014-09-19 04:00 - 2013-04-08 14:51 - 00155648 _____ (Microsoft Corporation) C:\windows\SysWOW64\dmvdsitf.dll
2014-09-19 04:00 - 2013-04-08 14:51 - 00041984 _____ (Microsoft Corporation) C:\windows\SysWOW64\fmifs.dll
2014-09-19 04:00 - 2013-04-08 14:51 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\mssprxy.dll
2014-09-19 04:00 - 2013-04-08 14:51 - 00010752 _____ (Microsoft Corporation) C:\windows\SysWOW64\msshooks.dll
2014-09-19 04:00 - 2013-04-04 16:30 - 00503080 _____ (Microsoft Corporation) C:\windows\system32\ci.dll
2014-09-19 04:00 - 2013-03-15 15:05 - 00298456 _____ (Microsoft Corporation) C:\windows\system32\rsaenh.dll
2014-09-19 04:00 - 2013-03-15 15:05 - 00252928 _____ (Microsoft Corporation) C:\windows\SysWOW64\rsaenh.dll
2014-09-19 04:00 - 2012-12-12 21:00 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-09-19 04:00 - 2012-12-12 20:59 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-09-19 04:00 - 2012-11-06 00:33 - 00522640 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2014-09-19 04:00 - 2012-11-05 22:00 - 00463768 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2014-09-19 04:00 - 2012-11-05 21:18 - 00267264 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2014-09-19 03:59 - 2014-06-12 18:57 - 01453400 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2014-09-19 03:59 - 2014-06-12 18:55 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\cdd.dll
2014-09-19 03:59 - 2014-05-02 22:47 - 03246592 _____ (Microsoft Corporation) C:\windows\system32\rdpcorets.dll
2014-09-19 03:59 - 2014-05-02 20:34 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\rdpudd.dll
2014-09-19 03:59 - 2013-09-27 20:35 - 00288768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\portcls.sys
2014-09-19 03:59 - 2013-01-09 18:40 - 00303848 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgmms1.sys
2014-09-19 03:58 - 2013-08-15 22:41 - 00058200 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dam.sys
2014-09-19 03:58 - 2013-08-15 22:39 - 02371728 _____ (Microsoft Corporation) C:\windows\system32\WSService.dll
2014-09-19 03:58 - 2013-08-15 22:22 - 04917760 _____ (Microsoft Corporation) C:\windows\system32\sppsvc.exe
2014-09-19 03:58 - 2013-08-15 22:21 - 01164288 _____ (Microsoft Corporation) C:\windows\system32\sppobjs.dll
2014-09-19 03:58 - 2013-08-15 22:21 - 00368640 _____ (Microsoft Corporation) C:\windows\system32\sppwinob.dll
2014-09-19 03:58 - 2013-08-15 22:21 - 00204800 _____ (Microsoft Corporation) C:\windows\system32\WSClient.dll
2014-09-19 03:58 - 2013-08-15 22:21 - 00183808 _____ (Microsoft Corporation) C:\windows\system32\WSSync.dll
2014-09-19 03:58 - 2013-08-15 22:21 - 00120320 _____ (Microsoft Corporation) C:\windows\system32\sppc.dll
2014-09-19 03:58 - 2013-08-15 22:21 - 00081408 _____ (Microsoft Corporation) C:\windows\system32\setupcln.dll
2014-09-19 03:58 - 2013-08-15 15:43 - 00167424 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSClient.dll
2014-09-19 03:58 - 2013-08-15 15:43 - 00159232 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSSync.dll
2014-09-19 03:58 - 2013-08-15 15:43 - 00083968 _____ () C:\windows\SysWOW64\OEMLicense.dll
2014-09-19 03:58 - 2013-08-15 15:42 - 00091648 _____ (Microsoft Corporation) C:\windows\SysWOW64\sppc.dll
2014-09-19 03:58 - 2013-08-15 15:42 - 00076800 _____ (Microsoft Corporation) C:\windows\SysWOW64\setupcln.dll
2014-09-19 03:58 - 2013-03-02 03:57 - 00077544 _____ (Microsoft Corporation) C:\windows\system32\Drivers\storahci.sys
2014-09-19 03:58 - 2013-03-02 03:39 - 00495336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\vhdmp.sys
2014-09-19 03:58 - 2013-03-02 01:23 - 00893952 _____ (Microsoft Corporation) C:\windows\SysWOW64\winmde.dll
2014-09-19 03:58 - 2013-03-02 01:23 - 00601088 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Globalization.dll
2014-09-19 03:58 - 2013-03-02 01:23 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2014-09-19 03:58 - 2013-03-02 01:23 - 00100864 _____ (Microsoft Corporation) C:\windows\SysWOW64\SettingSyncInfo.dll
2014-09-19 03:58 - 2013-03-02 01:22 - 00357888 _____ (Microsoft Corporation) C:\windows\SysWOW64\netcfgx.dll
2014-09-19 03:58 - 2013-03-02 01:21 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\drvstore.dll
2014-09-19 03:58 - 2013-03-02 01:21 - 00145408 _____ (Microsoft Corporation) C:\windows\SysWOW64\powercfg.cpl
2014-09-19 03:58 - 2013-03-02 01:21 - 00036352 _____ (Microsoft Corporation) C:\windows\SysWOW64\DevDispItemProvider.dll
2014-09-19 03:58 - 2013-03-01 19:45 - 01149952 _____ (Microsoft Corporation) C:\windows\system32\winmde.dll
2014-09-19 03:58 - 2013-03-01 19:45 - 01101824 _____ (Microsoft Corporation) C:\windows\system32\wmpmde.dll
2014-09-19 03:58 - 2013-03-01 19:45 - 00951808 _____ (Microsoft Corporation) C:\windows\system32\Windows.Globalization.dll
2014-09-19 03:58 - 2013-03-01 19:45 - 00645120 _____ (Microsoft Corporation) C:\windows\system32\Windows.Security.Authentication.OnlineId.dll
2014-09-19 03:58 - 2013-03-01 19:45 - 00245248 _____ (Microsoft Corporation) C:\windows\system32\usbmon.dll
2014-09-19 03:58 - 2013-03-01 19:45 - 00240640 _____ (Microsoft Corporation) C:\windows\system32\fsquirt.exe
2014-09-19 03:58 - 2013-03-01 19:45 - 00180224 _____ (Microsoft Corporation) C:\windows\system32\SystemEventsBrokerServer.dll
2014-09-19 03:58 - 2013-03-01 19:45 - 00171008 _____ (Microsoft Corporation) C:\windows\system32\TimeBrokerServer.dll
2014-09-19 03:58 - 2013-03-01 19:45 - 00103936 _____ (Microsoft Corporation) C:\windows\system32\wpdbusenum.dll
2014-09-19 03:58 - 2013-03-01 19:45 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\taskhost.exe
2014-09-19 03:58 - 2013-03-01 19:45 - 00072192 _____ (Microsoft Corporation) C:\windows\system32\taskhostex.exe
2014-09-19 03:58 - 2013-03-01 19:45 - 00071168 _____ (Microsoft Corporation) C:\windows\system32\WSDPrintProxy.DLL
2014-09-19 03:58 - 2013-03-01 19:44 - 00703488 _____ (Microsoft Corporation) C:\windows\system32\drvstore.dll
2014-09-19 03:58 - 2013-03-01 19:44 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\netcfgx.dll
2014-09-19 03:58 - 2013-03-01 19:44 - 00150016 _____ (Microsoft Corporation) C:\windows\system32\discan.dll
2014-09-19 03:58 - 2013-03-01 19:44 - 00117248 _____ (Microsoft Corporation) C:\windows\system32\NdisImPlatform.dll
2014-09-19 03:58 - 2013-03-01 19:44 - 00049152 _____ (Microsoft Corporation) C:\windows\system32\DevDispItemProvider.dll
2014-09-19 03:58 - 2013-03-01 19:43 - 00156160 _____ (Microsoft Corporation) C:\windows\system32\powercfg.cpl
2014-09-19 03:58 - 2013-03-01 19:15 - 00026112 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mouhid.sys
2014-09-19 03:58 - 2013-02-28 21:56 - 00156672 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rfcomm.sys
2014-09-19 03:58 - 2013-02-28 21:56 - 00030720 _____ (Microsoft Corporation) C:\windows\system32\Drivers\monitor.sys
2014-09-19 03:58 - 2013-02-28 21:55 - 01175040 _____ (Microsoft Corporation) C:\windows\system32\Drivers\bthport.sys
2014-09-19 03:57 - 2013-10-10 04:53 - 00096600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\wfplwfs.sys
2014-09-19 03:57 - 2013-10-10 02:21 - 01160192 _____ (Microsoft Corporation) C:\windows\system32\IKEEXT.DLL
2014-09-19 03:57 - 2013-10-10 02:20 - 00723968 _____ (Microsoft Corporation) C:\windows\system32\BFE.DLL
2014-09-19 03:57 - 2013-06-10 12:16 - 00888832 _____ (Microsoft Corporation) C:\windows\system32\nshwfp.dll
2014-09-19 03:57 - 2013-06-10 12:15 - 00381952 _____ (Microsoft Corporation) C:\windows\system32\FWPUCLNT.DLL
2014-09-19 03:57 - 2013-06-10 12:10 - 00702464 _____ (Microsoft Corporation) C:\windows\SysWOW64\nshwfp.dll
2014-09-19 03:57 - 2013-06-10 12:10 - 00245248 _____ (Microsoft Corporation) C:\windows\SysWOW64\FWPUCLNT.DLL
2014-09-19 03:57 - 2013-01-09 18:53 - 00028904 _____ (Microsoft Corporation) C:\windows\system32\Drivers\msgpiowin32.sys
2014-09-19 03:57 - 2013-01-09 18:29 - 00091880 _____ (Microsoft Corporation) C:\windows\system32\Drivers\partmgr.sys
2014-09-19 03:57 - 2013-01-09 16:26 - 01752064 _____ (Microsoft Corporation) C:\windows\SysWOW64\setupapi.dll
2014-09-19 03:57 - 2013-01-09 16:26 - 01611776 _____ (Microsoft Corporation) C:\windows\SysWOW64\mmc.exe
2014-09-19 03:57 - 2013-01-09 16:26 - 00436736 _____ (Microsoft Corporation) C:\windows\SysWOW64\MP4SDECD.DLL
2014-09-19 03:57 - 2013-01-09 16:26 - 00261120 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.Media.dll
2014-09-19 03:57 - 2013-01-09 16:26 - 00083968 _____ (Microsoft Corporation) C:\windows\SysWOW64\wiaacmgr.exe
2014-09-19 03:57 - 2013-01-09 16:23 - 02094592 _____ (Microsoft Corporation) C:\windows\system32\mmc.exe
2014-09-19 03:57 - 2013-01-09 16:23 - 01964544 _____ (Microsoft Corporation) C:\windows\system32\wlidsvc.dll
2014-09-19 03:57 - 2013-01-09 16:23 - 01886208 _____ (Microsoft Corporation) C:\windows\system32\setupapi.dll
2014-09-19 03:57 - 2013-01-09 16:23 - 00406016 _____ (Microsoft Corporation) C:\windows\system32\Windows.Media.dll
2014-09-19 03:57 - 2013-01-09 16:23 - 00256000 _____ (Microsoft Corporation) C:\windows\system32\WSDMon.dll
2014-09-19 03:57 - 2013-01-09 16:23 - 00095232 _____ (Microsoft Corporation) C:\windows\system32\wiaacmgr.exe
2014-09-19 03:57 - 2013-01-09 16:22 - 00894464 _____ (Microsoft Corporation) C:\windows\system32\iphlpsvc.dll
2014-09-19 03:57 - 2013-01-09 16:22 - 00666112 _____ (Microsoft Corporation) C:\windows\system32\MP4SDECD.DLL
2014-09-19 03:57 - 2013-01-09 16:22 - 00159232 _____ (Microsoft Corporation) C:\windows\system32\inetpp.dll
2014-09-19 03:57 - 2013-01-08 20:59 - 00074752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\BTHUSB.SYS
2014-09-19 03:57 - 2013-01-08 20:58 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\Drivers\bthenum.sys
2014-09-19 03:57 - 2012-11-01 22:19 - 00171520 _____ (Microsoft Corporation) C:\windows\system32\ncbservice.dll
2014-09-19 03:57 - 2012-11-01 22:18 - 00107520 _____ (Microsoft Corporation) C:\windows\system32\httpprxm.dll
2014-09-19 03:57 - 2012-11-01 22:18 - 00062464 _____ (Microsoft Corporation) C:\windows\system32\adhsvc.dll
2014-09-19 03:57 - 2012-11-01 22:18 - 00022528 _____ (Microsoft Corporation) C:\windows\system32\adhapi.dll
2014-09-19 03:57 - 2012-11-01 22:18 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\httpprxp.dll
2014-09-19 03:57 - 2012-11-01 22:18 - 00015872 _____ (Microsoft Corporation) C:\windows\system32\keepaliveprovider.dll
2014-09-19 03:56 - 2014-07-31 16:40 - 01287680 _____ (Microsoft Corporation) C:\windows\system32\schedsvc.dll
2014-09-19 03:56 - 2014-06-17 16:27 - 01440256 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe
2014-09-19 03:56 - 2014-06-17 16:24 - 01557504 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-09-19 03:56 - 2014-06-04 18:12 - 00678600 _____ (Microsoft Corporation) C:\windows\system32\msvcp120_clr0400.dll
2014-09-19 03:56 - 2014-06-03 16:12 - 00536776 _____ (Microsoft Corporation) C:\windows\SysWOW64\msvcp120_clr0400.dll
2014-09-19 03:56 - 2014-03-28 01:23 - 19759104 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-09-19 03:56 - 2014-03-27 23:18 - 17562112 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-09-19 03:56 - 2013-12-08 17:45 - 00523776 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-09-19 03:56 - 2013-12-08 16:59 - 00600064 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-09-19 03:56 - 2013-10-18 22:45 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\imagehlp.dll
2014-09-19 03:56 - 2013-10-18 21:04 - 00059392 _____ (Microsoft Corporation) C:\windows\SysWOW64\imagehlp.dll
2014-09-19 03:56 - 2013-07-05 17:15 - 00652288 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll
2014-09-19 03:56 - 2013-07-05 15:02 - 00099328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbcir.sys
2014-09-19 03:56 - 2013-07-05 15:01 - 00210560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbvideo.sys
2014-09-19 03:56 - 2013-07-03 19:13 - 00541696 _____ (Microsoft Corporation) C:\windows\SysWOW64\comctl32.dll
2014-09-19 03:56 - 2013-06-21 22:45 - 00785624 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Wdf01000.sys
2014-09-19 03:56 - 2013-06-21 22:45 - 00054488 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdfLdr.sys
2014-09-19 03:56 - 2012-11-25 21:21 - 00071168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncryptsslp.dll
2014-09-19 03:56 - 2012-11-25 21:20 - 00086016 _____ (Microsoft Corporation) C:\windows\system32\ncryptsslp.dll
2014-09-19 03:55 - 2014-08-28 04:34 - 00059400 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2014-09-19 03:55 - 2014-08-27 23:05 - 00630272 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2014-09-19 03:55 - 2014-08-27 23:05 - 00128000 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2014-09-19 03:55 - 2014-08-27 23:05 - 00086528 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2014-09-19 03:55 - 2014-08-27 23:05 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2014-09-19 03:55 - 2014-08-27 23:02 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2014-09-19 03:55 - 2014-08-27 23:01 - 03285504 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2014-09-19 03:55 - 2014-08-27 23:01 - 01623552 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2014-09-19 03:55 - 2014-08-27 23:01 - 00775168 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2014-09-19 03:55 - 2014-08-27 23:01 - 00253440 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2014-09-19 03:55 - 2014-08-27 23:01 - 00176640 _____ (Microsoft Corporation) C:\windows\system32\storewuauth.dll
2014-09-19 03:55 - 2014-08-27 23:01 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2014-09-19 03:55 - 2014-08-27 23:01 - 00100352 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2014-09-19 03:55 - 2014-08-27 23:01 - 00017920 _____ (Microsoft Corporation) C:\windows\system32\wuaext.dll
2014-09-19 03:55 - 2014-05-29 16:31 - 00452608 _____ (Microsoft Corporation) C:\windows\SysWOW64\SHCore.dll
2014-09-19 03:55 - 2014-05-29 16:03 - 00588288 _____ (Microsoft Corporation) C:\windows\system32\SHCore.dll
2014-09-19 03:55 - 2014-05-29 16:02 - 01281536 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-09-19 03:55 - 2014-05-29 16:02 - 00439808 _____ (Microsoft Corporation) C:\windows\system32\lsm.dll
2014-09-19 03:55 - 2014-03-28 12:19 - 00035856 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdBoot.sys
2014-09-19 03:55 - 2014-03-23 15:11 - 00269592 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdFilter.sys
2014-09-19 03:54 - 2013-10-01 16:37 - 01569280 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2014-09-19 03:54 - 2013-10-01 16:26 - 01890816 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2014-09-19 03:35 - 2014-08-09 01:30 - 00148480 _____ (Microsoft Corporation) C:\windows\system32\poqexec.exe
2014-09-19 03:35 - 2014-08-09 01:29 - 00144896 _____ (Microsoft Corporation) C:\windows\system32\tssdisai.dll
2014-09-19 03:35 - 2012-11-09 21:23 - 00132608 _____ (Microsoft Corporation) C:\windows\SysWOW64\poqexec.exe
2014-09-19 03:35 - 2012-11-09 21:22 - 00126976 _____ (Microsoft Corporation) C:\windows\system32\RDWebAI.dll
2014-09-19 03:35 - 2012-11-09 21:22 - 00122880 _____ (Microsoft Corporation) C:\windows\system32\VmHostAI.dll
2014-09-19 03:35 - 2012-11-09 21:20 - 00135680 _____ (Microsoft Corporation) C:\windows\system32\appserverai.dll
2014-09-19 03:34 - 2014-03-06 17:47 - 01419264 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-09-19 03:34 - 2014-03-06 17:08 - 01845760 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-09-19 03:34 - 2013-10-31 22:38 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\msieftp.dll
2014-09-19 03:34 - 2013-10-31 20:49 - 00273408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msieftp.dll
2014-09-19 03:34 - 2012-10-31 21:41 - 01802240 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll
2014-09-19 03:34 - 2012-10-31 21:40 - 02361344 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
2014-09-19 03:34 - 2012-10-31 21:21 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml6r.dll
2014-09-19 03:34 - 2012-10-31 21:21 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-09-19 03:34 - 2012-10-31 21:20 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6r.dll
2014-09-19 03:34 - 2012-10-31 21:20 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2014-09-19 03:28 - 2014-09-30 06:01 - 00122584 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-19 03:28 - 2014-09-20 15:43 - 00092888 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-09-19 03:28 - 2014-09-19 03:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-19 03:28 - 2014-09-19 03:28 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-19 03:28 - 2014-09-19 03:28 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-19 03:28 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-09-19 03:28 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-09-19 03:21 - 2013-08-15 22:21 - 00049664 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2014-09-19 03:21 - 2013-08-15 22:21 - 00049152 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2014-09-19 03:21 - 2013-08-15 15:43 - 00020992 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2014-09-19 03:21 - 2012-11-05 21:00 - 00099328 _____ (Microsoft Corporation) C:\windows\system32\wushareduxresources.dll
2014-09-19 03:10 - 2014-09-19 03:10 - 00001977 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-09-19 03:10 - 2014-09-19 03:10 - 00000000 ____D () C:\Users\User\AppData\Roaming\AVAST Software
2014-09-19 03:10 - 2014-09-19 03:10 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-09-19 03:09 - 2014-09-19 03:10 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2014-09-19 03:09 - 2014-09-19 03:09 - 01041168 _____ (AVAST Software) C:\windows\system32\Drivers\aswSnx.sys
2014-09-19 03:09 - 2014-09-19 03:09 - 00427360 _____ (AVAST Software) C:\windows\system32\Drivers\aswsp.sys
2014-09-19 03:09 - 2014-09-19 03:09 - 00307344 _____ (AVAST Software) C:\windows\system32\aswBoot.exe
2014-09-19 03:09 - 2014-09-19 03:09 - 00224896 _____ () C:\windows\system32\Drivers\aswVmm.sys
2014-09-19 03:09 - 2014-09-19 03:09 - 00093568 _____ (AVAST Software) C:\windows\system32\Drivers\aswRdr2.sys
2014-09-19 03:09 - 2014-09-19 03:09 - 00092008 _____ (AVAST Software) C:\windows\system32\Drivers\aswStm.sys
2014-09-19 03:09 - 2014-09-19 03:09 - 00079184 _____ (AVAST Software) C:\windows\system32\Drivers\aswMonFlt.sys
2014-09-19 03:09 - 2014-09-19 03:09 - 00065776 _____ () C:\windows\system32\Drivers\aswRvrt.sys
2014-09-19 03:09 - 2014-09-19 03:09 - 00043152 _____ (AVAST Software) C:\windows\avastSS.scr
2014-09-19 03:09 - 2014-09-19 03:09 - 00029208 _____ () C:\windows\system32\Drivers\aswHwid.sys
2014-09-19 03:08 - 2014-09-19 03:08 - 00000000 ____D () C:\Program Files\AVAST Software
2014-09-19 03:02 - 2014-09-19 03:08 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-09-19 02:58 - 2014-09-26 19:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-19 02:58 - 2014-09-19 02:59 - 00000000 ____D () C:\Users\User\AppData\Roaming\Mozilla
2014-09-19 02:58 - 2014-09-19 02:59 - 00000000 ____D () C:\Users\User\AppData\Local\Mozilla
2014-09-19 02:58 - 2014-09-19 02:58 - 00001174 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-19 02:58 - 2014-09-19 02:58 - 00001162 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-09-19 02:58 - 2014-09-19 02:58 - 00000000 ____D () C:\ProgramData\Mozilla
2014-09-19 02:43 - 2014-09-19 02:43 - 00000000 ____D () C:\Users\User\AppData\Roaming\Macromedia
2014-09-19 02:03 - 2014-09-19 02:03 - 00001412 _____ () C:\Users\Public\Desktop\SeaTools for Windows.lnk
2014-09-19 02:03 - 2014-09-19 02:03 - 00000000 ____D () C:\ProgramData\Package Cache
2014-09-19 02:03 - 2014-09-19 02:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Seagate
2014-09-19 02:03 - 2014-09-19 02:03 - 00000000 ____D () C:\Program Files (x86)\Seagate
2014-09-19 01:56 - 2014-09-19 01:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-09-19 01:56 - 2014-09-19 01:56 - 00000000 ____D () C:\Program Files\7-Zip
2014-09-19 00:56 - 2014-09-19 00:56 - 00000000 ____D () C:\Users\User\AppData\Roaming\HD Tune Pro
2014-09-19 00:55 - 2014-09-19 00:55 - 00001048 _____ () C:\Users\User\Desktop\HD Tune Pro.lnk
2014-09-19 00:55 - 2014-09-19 00:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune Pro
2014-09-19 00:55 - 2014-09-19 00:55 - 00000000 ____D () C:\Program Files (x86)\HD Tune Pro
2014-09-18 22:51 - 2014-09-18 22:51 - 00000000 _____ () C:\Recovery.txt
2014-09-18 22:21 - 2014-09-18 22:21 - 00000000 ____D () C:\Users\User\AppData\Roaming\Nitro
2014-09-18 22:13 - 2014-09-30 01:58 - 00000000 ____D () C:\Users\User\Desktop\Manuals
2014-09-18 22:07 - 2014-09-30 01:50 - 00003600 _____ () C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2110622740-2582871183-1856114374-1002
2014-09-18 22:04 - 2014-09-18 22:04 - 00000000 ____D () C:\Users\User\AppData\Roaming\ATI
2014-09-18 22:04 - 2014-09-18 22:04 - 00000000 ____D () C:\Users\User\AppData\Local\ATI
2014-09-18 22:04 - 2014-09-18 22:04 - 00000000 ____D () C:\Users\User\AppData\Local\AMD
2014-09-18 22:04 - 2014-09-18 22:04 - 00000000 ____D () C:\ProgramData\ATI
2014-09-18 22:03 - 2014-09-18 22:03 - 00000000 ____D () C:\Users\User\Documents\Bluetooth Folder
2014-09-18 22:03 - 2014-09-18 22:03 - 00000000 ____D () C:\Users\User\AppData\Roaming\Atheros
2014-09-18 22:03 - 2014-09-18 22:03 - 00000000 ____D () C:\Users\User\AppData\Local\BMExplorer
2014-09-18 22:03 - 2014-09-18 22:03 - 00000000 ____D () C:\ProgramData\Atheros
2014-09-18 22:02 - 2014-09-18 22:02 - 00001445 _____ () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-09-18 22:02 - 2014-09-18 22:02 - 00000000 ____D () C:\Users\User\AppData\Roaming\Adobe
2014-09-18 22:02 - 2014-09-18 22:02 - 00000000 ____D () C:\ProgramData\Energy Management
2014-09-18 22:02 - 2014-09-18 22:02 - 00000000 ____D () C:\ProgramData\eBay
2014-09-18 22:01 - 2014-09-29 01:38 - 00000000 ____D () C:\Users\User\AppData\Local\VirtualStore
2014-09-18 22:01 - 2014-09-28 23:24 - 00001133 _____ () C:\Users\User\Desktop\Cyberlink Power2Go.lnk
2014-09-18 22:01 - 2014-09-18 22:02 - 00000000 ____D () C:\Users\User\AppData\Local\Packages
2014-09-18 22:01 - 2014-09-18 22:01 - 00000020 ___SH () C:\Users\User\ntuser.ini
2014-09-18 22:01 - 2013-04-08 10:48 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2014-09-18 22:01 - 2012-07-26 01:13 - 00000000 ___RD () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-09-18 22:01 - 2012-07-26 01:13 - 00000000 ___RD () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-18 22:01 - 2012-07-26 01:13 - 00000000 ___RD () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-09-18 22:01 - 2012-07-26 01:13 - 00000000 ____D () C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-09-18 22:01 - 2010-12-18 22:31 - 00000189 _____ () C:\Users\User\Desktop\Lenovo Telephony Start Now.url

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-30 11:00 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\system32\sru
2014-09-30 01:13 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\System
2014-09-30 00:31 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\Help
2014-09-30 00:31 - 2012-07-25 22:26 - 00000238 _____ () C:\windows\win.ini
2014-09-30 00:30 - 2012-07-26 01:12 - 00000000 __RSD () C:\windows\Media
2014-09-30 00:29 - 2012-07-26 00:52 - 00000000 ____D () C:\windows\ShellNew
2014-09-29 01:45 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\system32\FxsTmp
2014-09-29 00:11 - 2012-07-26 00:28 - 00848230 _____ () C:\windows\system32\PerfStringBackup.INI
2014-09-29 00:07 - 2012-07-26 00:22 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-09-28 23:24 - 2013-04-08 10:52 - 00000000 ____D () C:\ProgramData\CyberLink
2014-09-28 08:17 - 2012-07-25 22:26 - 00262144 ___SH () C:\windows\system32\config\BBI
2014-09-21 04:21 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\AUInstallAgent
2014-09-20 14:30 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\rescache
2014-09-20 02:17 - 2012-10-09 17:08 - 00000000 ____D () C:\windows\Panther
2014-09-19 18:35 - 2012-07-26 01:12 - 00000000 ___RD () C:\windows\ToastData
2014-09-19 18:30 - 2012-07-26 00:59 - 00000000 ____D () C:\windows\CbsTemp
2014-09-19 18:20 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\WinStore
2014-09-19 18:10 - 2012-07-25 22:38 - 00000000 ____D () C:\windows\system32\oobe
2014-09-19 17:58 - 2012-07-26 01:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
2014-09-19 17:58 - 2012-07-26 01:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-19 16:09 - 2012-07-26 01:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-09-19 16:09 - 2012-07-26 01:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-09-19 16:09 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-09-19 16:09 - 2012-07-26 01:12 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2014-09-19 16:09 - 2012-07-26 01:12 - 00000000 ____D () C:\Program Files\Windows Defender
2014-09-19 16:09 - 2012-07-26 01:12 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2014-09-19 16:09 - 2012-07-26 01:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2014-09-19 16:09 - 2012-07-25 22:38 - 00000000 ____D () C:\windows\SysWOW64\Dism
2014-09-19 16:09 - 2012-07-25 22:38 - 00000000 ____D () C:\windows\system32\Dism
2014-09-19 15:50 - 2012-07-26 01:12 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-09-19 15:26 - 2012-07-26 00:52 - 00000000 ____D () C:\Program Files\Windows Journal
2014-09-19 15:17 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\system32\SecureBootUpdates
2014-09-19 14:01 - 2012-07-26 01:12 - 00000000 ____D () C:\windows\Registration
2014-09-19 10:03 - 2012-07-25 22:37 - 00000000 ____D () C:\windows\servicing
2014-09-19 04:24 - 2012-07-25 22:26 - 00262144 ___SH () C:\windows\system32\config\ELAM
2014-09-19 04:02 - 2013-04-08 10:53 - 00000000 ____D () C:\Program Files (x86)\Amazon
2014-09-19 02:49 - 2013-04-08 10:54 - 00000000 ____D () C:\ProgramData\McAfee
2014-09-19 02:31 - 2012-07-26 01:12 - 00000000 ___HD () C:\windows\ELAMBKUP
2014-09-18 23:02 - 2013-04-08 10:59 - 00000000 ____D () C:\ProgramData\OneKey Recovery
2014-09-18 22:51 - 2012-07-26 01:13 - 00262144 _____ () C:\windows\system32\config\BCD-Template
2014-09-18 22:01 - 2012-07-26 01:12 - 00000000 ___RD () C:\windows\ImmersiveControlPanel

Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\COMAP.EXE


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-28 06:37
 

 

 

****************************************************************************************************************

 

Additional scan result:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-09-2014
Ran by User at 2014-09-30 11:08:18
Running from C:\Users\User\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
ACDSee Pro 6 (HKLM\...\{CAF674E0-808C-4CF4-8868-A755EBABA228}) (Version: 6.2.212 - ACD Systems International Inc.)
Amazon Browser App (HKLM-x32\...\{0A7D6F3C-F2AB-48ED-BE23-99791BFF87D6}) (Version: 1.0.0.0 - Amazon)
AMD Accelerated Video Transcoding (Version: 12.5.100.21029 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{9268D25B-C6DE-1579-01AB-E61CC0C6C8A8}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD Fuel (Version: 2012.1029.928.15002 - Advanced Micro Devices, Inc.) Hidden
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.3.26.0 - AppEx Networks)
AMD VISION Engine Control Center (x32 Version: 2012.1029.928.15002 - Advanced Micro Devices, Inc.) Hidden
avast! Free Antivirus (HKLM-x32\...\Avast) (Version: 9.0.2021 - AVAST Software)
calibre 64bit (HKLM\...\{EA927D74-9D01-4436-89AE-ACF7C893C845}) (Version: 2.3.0 - Kovid Goyal)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.1029.928.15002 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.1029.928.15002 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.1029.0927.15002 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.1029.0927.15002 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.1029.0927.15002 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.1029.0927.15002 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.1029.0927.15002 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.1029.0927.15002 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.1029.0927.15002 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.1029.0927.15002 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.1029.0927.15002 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.1029.0927.15002 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.1029.0927.15002 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.1029.0927.15002 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.1029.0927.15002 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.1029.0927.15002 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.1029.0927.15002 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.1029.0927.15002 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.1029.0927.15002 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.1029.0927.15002 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.1029.0927.15002 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.1029.0927.15002 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.1029.0927.15002 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.1029.0927.15002 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.1029.928.15002 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.18 - Piriform)
Defraggler (HKLM\...\Defraggler) (Version: 2.18 - Piriform)
DiskCheckup v3.2 (HKLM-x32\...\DiskCheckup_is1) (Version: 3.2.1000 - PassMark Software)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.16 - Dolby Laboratories Inc)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.4 - Lenovo)
Energy Management (x32 Version: 8.0.2.4 - Lenovo) Hidden
Exact Audio Copy 1.0beta3 (HKLM-x32\...\Exact Audio Copy) (Version: 1.0beta3 - Andre Wiethoff)
FileASSASSIN (HKLM-x32\...\FileASSASSIN) (Version: 1.06 - Malwarebytes)
foobar2000 v1.3.3 (HKLM-x32\...\foobar2000) (Version: 1.3.3 - Peter Pawlowski)
FreeRide Games (HKLM-x32\...\{6C26A305-4549-4A8A-9F03-25719C03B0FB}) (Version: 07.05.80.00 - Exent Technologies)
HD Tune Pro 5.50 (HKLM-x32\...\HD Tune Pro_is1) (Version:  - EFD Software)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33057) (Version: 3.6.1.33057.10 - Intel)
Lenovo EasyCamera (HKLM-x32\...\{ADE16A9D-FBDC-4ECC-B6BD-9C31E51D0333}) (Version: 1.12.824.1 - Vimicro)
Lenovo MuteSync (HKLM-x32\...\{16D5D9E9-C8DE-4014-A09C-B9B5ABA0F7FA}) (Version: 1.0.10 - Lenovo)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.1219 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.1219 - CyberLink Corp.) Hidden
Lenovo Photos (HKLM-x32\...\Lenovo Photos) (Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4310.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.4310.52 - CyberLink Corp.) Hidden
Lenovo YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 4.1.3127 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3127 - CyberLink Corp.) Hidden
Logitech Media Server 7.7.3 (HKLM-x32\...\Logitech Media Server_is1) (Version: 7.7.3 - Logitech)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Office 2000 Premium (HKLM-x32\...\{00000409-78E1-11D2-B60F-006097C998E7}) (Version: 9.00.2720 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.51106 (x32 Version: 11.0.51106 - Microsoft Corporation) Hidden
Mobipocket Reader 6.2 (HKLM-x32\...\{342126E1-173C-4585-BFBE-3EBDD20E3E9E}) (Version: 6.2.608 - Mobipocket.com)
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.2 - Mozilla)
Onekey Theater (HKLM-x32\...\{91CC5BAE-A098-40D3-A43B-C0DC7CE263FE}) (Version: 3.0.1.0 - Lenovo)
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
PDF Architect 2 (HKLM-x32\...\PDF Architect 2) (Version: 2.0.24.16092 - pdfforge GmbH)
PDF Architect 2 View Module (HKLM-x32\...\{C960FF38-431D-429D-AD1F-FBD12A45B7C5}) (Version: 2.0.17.17583 - pdfforge GmbH)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.309.0 - Tracker Software Products Ltd)
Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.9109 - CyberLink Corp.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.214 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.2.612.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6695 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.51 - Piriform)
SeaTools for Windows (HKLM-x32\...\SeaTools for Windows) (Version:  - Seagate Technology)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Speccy (HKLM\...\Speccy) (Version: 1.26 - Piriform)
SugarSync Manager (HKLM-x32\...\SugarSync) (Version: 1.9.61.90905 - SugarSync, Inc.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1146 - SUPERAntiSpyware.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.3.4.0 - Synaptics Incorporated)
Ultra Defragmenter (HKLM-x32\...\UltraDefrag) (Version: 6.0.2 - UltraDefrag Development Team)
Update Manager (x32 Version: 4.60 - Corel Corporation) Hidden
UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.9 - Lenovo)
UserGuide (x32 Version: 1.0.0.9 - Lenovo) Hidden
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Driver Package - Lenovo (ACPIVPC) System  (06/15/2012 8.1.0.1) (HKLM\...\71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid  (06/19/2012 10.13.29.733) (HKLM\...\8A223E56FB1ED4F697B54E5BF96F1EB63B512684) (Version: 06/19/2012 10.13.29.733 - Lenovo)
WinRAR 5.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.11.0 - win.rar GmbH)
WordPerfect Office X3 (HKLM-x32\...\{83FBD495-DDF6-4C8D-92D6-10261DD6F6A3}) (Version: 13.0 - Corel Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

22-09-2014 01:03:42 Installed calibre 64bit
23-09-2014 17:23:09 Installed ACDSee Photo Manager 2009.
29-09-2014 06:48:05 Removed ACDSee Photo Manager 2009.
30-09-2014 07:17:10 Installed Microsoft Office 2000 Premium

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2012-07-25 22:26 - 2012-07-25 22:26 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {00B68654-BFBD-4F09-87DD-F606119A7BA4} - System32\Tasks\MirageAgent => C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {2CB6FC44-DBE4-4B21-AD3A-0BF5B8842D66} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-11-30] (Synaptics Incorporated)
Task: {820B1874-4334-40D1-B60A-B0607EB50839} - System32\Tasks\Microsoft\Windows\Setup\8.1 auto install => C:\windows\system32\NotificationUI.exe [2014-08-20] (Microsoft Corporation)
Task: {962A0F36-BFDB-4577-A16A-16FBE7F89CB0} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-09-26] (Piriform Ltd)
Task: {991B2F73-8795-499C-B1F0-9DA42227B236} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2014-09-19] (AVAST Software)
Task: {A5327673-9B63-4777-B155-BD9CAC13033E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2014-08-29] (Microsoft Corporation)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask

==================== Loaded Modules (whitelisted) =============

2012-10-29 09:41 - 2012-10-29 09:41 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2012-11-28 09:20 - 2012-11-01 12:43 - 00175008 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4396.1016_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2012-10-31 20:57 - 2012-10-31 20:57 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
2012-10-31 20:55 - 2012-10-31 20:55 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2012-10-31 20:57 - 2012-10-31 20:57 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2012-10-29 09:40 - 2012-10-29 09:40 - 00103424 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2012-10-29 09:26 - 2012-10-29 09:26 - 00369664 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2014-09-19 03:09 - 2014-09-19 03:09 - 00301152 _____ () C:\Program Files\AVAST Software\Avast\aswProperty.dll
2014-09-28 12:19 - 2014-09-28 12:19 - 02867200 _____ () C:\Program Files\AVAST Software\Avast\defs\14092801\algo.dll
2014-09-30 04:18 - 2014-09-30 04:18 - 02867712 _____ () C:\Program Files\AVAST Software\Avast\defs\14093000\algo.dll
2014-09-29 00:07 - 2014-09-29 00:07 - 00028774 ____R () C:\Users\User\AppData\Local\Temp\pdk-User-3996\d1e7c33431cd8713f2ce3582829a8b14\Socket.dll
2014-09-29 00:07 - 2014-09-29 00:07 - 00024679 ____R () C:\Users\User\AppData\Local\Temp\pdk-User-3996\c5cce8d16a1bd48692b421dcf46d3396\Util.dll
2014-09-29 00:07 - 2014-09-29 00:07 - 00032878 ____R () C:\Users\User\AppData\Local\Temp\pdk-User-3996\7ef0d901bf4203fbcf7a0fff0e82aa5f\Encode.dll
2014-09-29 00:07 - 2014-09-29 00:07 - 00024701 ____R () C:\Users\User\AppData\Local\Temp\pdk-User-3996\d10c2c06ba2044cccc247c4315f5c7d3\Process.dll
2014-09-29 00:07 - 2014-09-29 00:07 - 00028779 ____R () C:\Users\User\AppData\Local\Temp\pdk-User-3996\60ff464e01c2cd5526dbdad5a125081d\Dumper.dll
2014-09-29 00:07 - 2014-09-29 00:07 - 00020601 ____R () C:\Users\User\AppData\Local\Temp\pdk-User-3996\4461f48e31bde5c56b31b973b773de09\List.dll
2014-09-29 00:07 - 2014-09-29 00:07 - 00118918 ____R () C:\Users\User\AppData\Local\Temp\pdk-User-3996\eaeabd54205de2f10c00aea80bbf0d83\Registry.dll
2014-09-29 00:07 - 2014-09-29 00:07 - 00082048 ____R () C:\Users\User\AppData\Local\Temp\pdk-User-3996\3a7ccbf8181ee5a145227a6dfce3594c\WinError.dll
2014-09-29 00:07 - 2014-09-29 00:07 - 00020576 ____R () C:\Users\User\AppData\Local\Temp\pdk-User-3996\31638f63e39b38d3e250a9a57cb9d1c5\Cwd.dll
2014-09-29 00:07 - 2014-09-29 00:07 - 00036964 ____R () C:\Users\User\AppData\Local\Temp\pdk-User-3996\f233f63b6654362865c7577442edb9e3\Win32.dll
2014-09-29 00:07 - 2014-09-29 00:07 - 00020590 ____R () C:\Users\User\AppData\Local\Temp\pdk-User-3996\5ffd05b2cbd58528e56519784ca9c869\Hostname.dll
2014-09-29 00:07 - 2014-09-29 00:07 - 00082033 ____R () C:\Users\User\AppData\Local\Temp\pdk-User-3996\df1ba73f49c38cbbc7a11c779c3506d2\OLE.dll
2014-09-29 00:07 - 2014-09-29 00:07 - 00024676 ____R () C:\Users\User\AppData\Local\Temp\pdk-User-3996\32785c19dc6898fbbbf06f3b776edd08\Fcntl.dll
2014-09-29 00:07 - 2014-09-29 00:07 - 00061540 ____R () C:\Users\User\AppData\Local\Temp\pdk-User-3996\e56c61f7248672819579325af3387035\POSIX.dll
2014-09-29 00:07 - 2014-09-29 00:07 - 00094334 ____R () C:\Users\User\AppData\Local\Temp\pdk-User-3996\eb138ef0e4282611dbf485a302784646\LibYAML.dll
2014-09-29 00:07 - 2014-09-29 00:07 - 00053340 ____R () C:\Users\User\AppData\Local\Temp\pdk-User-3996\de446fdd1ae335c7d2b9e62bb8cdf765\B.dll
2014-09-29 00:07 - 2014-09-29 00:07 - 00184414 ____R () C:\Users\User\AppData\Local\Temp\pdk-User-3996\bd5179a413bc0c4b82eedc22c6cab101\re.dll
2014-09-29 00:07 - 2014-09-29 00:07 - 00024701 ____R () C:\Users\User\AppData\Local\Temp\pdk-User-3996\93e7e3d6030f426844228042348210cf\Service.dll
2014-09-29 00:07 - 2014-09-29 00:07 - 00020576 ____R () C:\Users\User\AppData\Local\Temp\pdk-User-3136\31638f63e39b38d3e250a9a57cb9d1c5\Cwd.dll
2014-09-29 00:07 - 2014-09-29 00:07 - 00036964 ____R () C:\Users\User\AppData\Local\Temp\pdk-User-3136\f233f63b6654362865c7577442edb9e3\Win32.dll
2014-09-29 00:07 - 2014-09-29 00:07 - 00024676 ____R () C:\Users\User\AppData\Local\Temp\pdk-User-3136\32785c19dc6898fbbbf06f3b776edd08\Fcntl.dll
2014-09-29 00:07 - 2014-09-29 00:07 - 00061540 ____R () C:\Users\User\AppData\Local\Temp\pdk-User-3136\e56c61f7248672819579325af3387035\POSIX.dll
2014-09-29 00:07 - 2014-09-29 00:07 - 00020590 ____R () C:\Users\User\AppData\Local\Temp\pdk-User-3136\5ffd05b2cbd58528e56519784ca9c869\Hostname.dll
2014-09-29 00:07 - 2014-09-29 00:07 - 00082033 ____R () C:\Users\User\AppData\Local\Temp\pdk-User-3136\df1ba73f49c38cbbc7a11c779c3506d2\OLE.dll
2014-09-29 00:07 - 2014-09-29 00:07 - 00118918 ____R () C:\Users\User\AppData\Local\Temp\pdk-User-3136\eaeabd54205de2f10c00aea80bbf0d83\Registry.dll
2014-09-29 00:07 - 2014-09-29 00:07 - 00082048 ____R () C:\Users\User\AppData\Local\Temp\pdk-User-3136\3a7ccbf8181ee5a145227a6dfce3594c\WinError.dll
2014-09-29 00:07 - 2014-09-29 00:07 - 00028779 ____R () C:\Users\User\AppData\Local\Temp\pdk-User-3136\60ff464e01c2cd5526dbdad5a125081d\Dumper.dll
2014-09-29 00:07 - 2014-09-29 00:07 - 00020601 ____R () C:\Users\User\AppData\Local\Temp\pdk-User-3136\4461f48e31bde5c56b31b973b773de09\List.dll
2014-09-29 00:07 - 2014-09-29 00:07 - 00024681 ____R () C:\Users\User\AppData\Local\Temp\pdk-User-3136\c199d3c1960e7aeeecb599487952bed2\HiRes.dll
2014-09-29 00:07 - 2014-09-29 00:07 - 00090213 ____R () C:\Users\User\AppData\Local\Temp\pdk-User-3136\961b0d62fa52b1dd29c795a822fbf1cf\DBI.dll
2014-09-29 00:07 - 2014-09-29 00:07 - 00024679 ____R () C:\Users\User\AppData\Local\Temp\pdk-User-3136\c5cce8d16a1bd48692b421dcf46d3396\Util.dll
2014-09-29 00:07 - 2014-09-29 00:07 - 00077824 ____R () C:\Users\User\AppData\Local\Temp\pdk-User-3136\7f177c338672436e01c4f0bdbcf94491\EV.dll
2014-09-29 00:07 - 2014-09-29 00:07 - 00138752 ____R () C:\Users\User\AppData\Local\Temp\pdk-User-3136\44727051c604ef6b79894b64d4c63832\Expat.dll
2014-09-29 00:07 - 2014-09-29 00:07 - 00041080 ____R () C:\Users\User\AppData\Local\Temp\pdk-User-3136\2b1fc61b36a6711ea149b18bf3b41500\Parser.dll
2014-09-29 00:07 - 2014-09-29 00:07 - 00030720 ____R () C:\Users\User\AppData\Local\Temp\pdk-User-3136\dacfd0ab9b5fd029ed8d29e4482b0775\XS.dll
2014-09-29 00:07 - 2014-09-29 00:07 - 00020590 ____R () C:\Users\User\AppData\Local\Temp\pdk-User-3136\fa9e3c814aa32db2ad5f17bdfbc22746\attributes.dll
2014-09-29 00:07 - 2014-09-29 00:07 - 00024694 ____R () C:\Users\User\AppData\Local\Temp\pdk-User-3136\c344fd5536724b2af2e6453833b60203\SHA1.dll
2014-09-29 00:07 - 2014-09-29 00:07 - 00094334 ____R () C:\Users\User\AppData\Local\Temp\pdk-User-3136\eb138ef0e4282611dbf485a302784646\LibYAML.dll
2014-09-29 00:07 - 2014-09-29 00:07 - 00053340 ____R () C:\Users\User\AppData\Local\Temp\pdk-User-3136\de446fdd1ae335c7d2b9e62bb8cdf765\B.dll
2014-09-29 00:07 - 2014-09-29 00:07 - 00184414 ____R () C:\Users\User\AppData\Local\Temp\pdk-User-3136\bd5179a413bc0c4b82eedc22c6cab101\re.dll
2014-09-29 00:07 - 2014-09-29 00:07 - 00020592 ____R () C:\Users\User\AppData\Local\Temp\pdk-User-3136\b979ace6da01e63d651cce9ee2474fdc\Name.dll
2014-09-29 00:07 - 2014-09-29 00:07 - 00028774 ____R () C:\Users\User\AppData\Local\Temp\pdk-User-3136\d1e7c33431cd8713f2ce3582829a8b14\Socket.dll
2014-09-29 00:07 - 2014-09-29 00:07 - 00182272 ____R () C:\Users\User\AppData\Local\Temp\pdk-User-3136\d0bf009923f29116535c26d228271d6d\Scan.dll
2014-09-29 00:07 - 2014-09-29 00:07 - 00024672 ____R () C:\Users\User\AppData\Local\Temp\pdk-User-3136\17d0b152e63e6bfe81b4b19588538896\mro.dll
2014-09-29 00:07 - 2014-09-29 00:07 - 00020596 ____R () C:\Users\User\AppData\Local\Temp\pdk-User-3136\3b7106dd14676048b10bbb09a990f74c\XS.dll
2014-09-29 00:07 - 2014-09-29 00:07 - 00032878 ____R () C:\Users\User\AppData\Local\Temp\pdk-User-3136\7ef0d901bf4203fbcf7a0fff0e82aa5f\Encode.dll
2014-09-29 00:07 - 2014-09-29 00:07 - 00024695 ____R () C:\Users\User\AppData\Local\Temp\pdk-User-3136\cf5fe81e2f5dcbfecfd0495e1648c991\Unicode.dll
2014-09-29 00:07 - 2014-09-29 00:07 - 00024670 ____R () C:\Users\User\AppData\Local\Temp\pdk-User-3136\3a8764e0d7c5d453e01d9ad08cf7fb58\IO.dll
2014-09-29 00:07 - 2014-09-29 00:07 - 00361472 ____R () C:\Users\User\AppData\Local\Temp\pdk-User-3136\aff7ee779ea184f884ed432c30a58f5d\Scale.dll
2014-09-29 00:07 - 2014-09-29 00:07 - 00024701 ____R () C:\Users\User\AppData\Local\Temp\pdk-User-3136\d10c2c06ba2044cccc247c4315f5c7d3\Process.dll
2014-09-29 00:07 - 2014-09-29 00:07 - 00061546 ____R () C:\Users\User\AppData\Local\Temp\pdk-User-3136\4f2c03383aab0133b8dc0a3fa2dd92fa\Storable.dll
2014-09-29 00:07 - 2014-09-29 00:07 - 00110705 ____R () C:\Users\User\AppData\Local\Temp\pdk-User-3136\7f2598c08178217a0e2c754f3d568f28\Byte.dll
2014-09-29 00:07 - 2014-09-29 00:07 - 00024679 ____R () C:\Users\User\AppData\Local\Temp\pdk-User-3136\c19d5e3dc664d9f4ce700001e2621cee\MD5.dll
2014-09-29 00:07 - 2014-09-29 00:07 - 00020596 ____R () C:\Users\User\AppData\Local\Temp\pdk-User-3136\d1c77e404b5c4b954fa537ed63c8fb7b\File.dll
2014-09-29 00:07 - 2014-09-29 00:07 - 00030208 ____R () C:\Users\User\AppData\Local\Temp\pdk-User-3136\0665c25e931c1ac0151b062449e91028\XSAccessor.dll
2014-09-29 00:07 - 2014-09-29 00:07 - 00608256 ____R () C:\Users\User\AppData\Local\Temp\pdk-User-3136\e2e81dd6b3e5a36f0bdae076393cc11d\SQLite.dll
2014-09-29 00:07 - 2014-09-29 00:07 - 00001024 ____R () C:\Users\User\AppData\Local\Temp\pdk-User-3136\e2e81dd6b3e5a36f0bdae076393cc11d\icudt46.dll
2014-09-29 00:07 - 2014-09-29 00:07 - 00020587 ____R () C:\Users\User\AppData\Local\Temp\pdk-User-3136\c668a322917d32a5ea22894518aa9897\Base64.dll
2014-09-29 00:07 - 2014-09-29 00:07 - 04547584 ____R () C:\Users\User\AppData\Local\Temp\pdk-User-3136\38a10ee333cf1a9afec3f0acdf1bbebc\Scan.dll
2014-09-29 00:08 - 2014-09-29 00:08 - 00017920 ____R () C:\Users\User\AppData\Local\Temp\pdk-User-3136\8fedeb86a4a984edfc1fb255d4ea965c\XS.dll
2014-09-29 00:08 - 2014-09-29 00:08 - 00061547 ____R () C:\Users\User\AppData\Local\Temp\pdk-User-3136\bc147d83c7c868eeee67082dcf55430c\File.dll
2014-09-29 00:08 - 2014-09-29 00:08 - 00032881 ____R () C:\Users\User\AppData\Local\Temp\pdk-User-3136\b6bd87c968599725b8ab2e5c25d3046a\API.dll
2014-09-29 00:08 - 2014-09-29 00:08 - 00098415 ____R () C:\Users\User\AppData\Local\Temp\pdk-User-3136\19febd96672ffdb7ea244cef36aaa062\Zlib.dll
2014-09-19 03:09 - 2014-09-19 03:09 - 19329904 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2014-09-24 16:31 - 2014-09-24 16:31 - 03715184 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows:nlsPreferences

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-2110622740-2582871183-1856114374-500 - Administrator - Disabled)
Guest (S-1-5-21-2110622740-2582871183-1856114374-501 - Limited - Disabled)
User (S-1-5-21-2110622740-2582871183-1856114374-1002 - Administrator - Enabled) => C:\Users\User

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/30/2014 02:56:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: cdrdao.exe, version: 0.0.0.0, time stamp: 0x429e389d
Faulting module name: cygwin1.dll, version: 1005.24.0.0, time stamp: 0x45c06855
Exception code: 0xc0000005
Fault offset: 0x000b48b6
Faulting process id: 0x17ec
Faulting application start time: 0xcdrdao.exe0
Faulting application path: cdrdao.exe1
Faulting module path: cdrdao.exe2
Report Id: cdrdao.exe3
Faulting package full name: cdrdao.exe4
Faulting package-relative application ID: cdrdao.exe5

Error: (09/30/2014 01:29:08 AM) (Source: MsiInstaller) (EventID: 10021) (User: Lenovo)
Description: Product: Microsoft Office 2000 Disc 2 -- The device is not ready.
(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (09/30/2014 01:12:47 AM) (Source: MsiInstaller) (EventID: 10021) (User: Lenovo)
Description: Product: Microsoft Office 2000 Disc 2 -- The device is not ready.
(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (09/29/2014 00:05:01 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: Lenovo)
Description: Application or service 'Windows Explorer' could not be shut down.

Error: (09/29/2014 00:04:31 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: Lenovo)
Description: Application or service 'Extension Core' could not be shut down.

Error: (09/29/2014 00:04:31 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: Lenovo)
Description: Application or service 'BtTray' could not be shut down.

Error: (09/26/2014 07:52:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 32.0.3.5379 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1434

Start Time: 01cfd9272d971cc0

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: 33e2eb59-45f1-11e4-be8d-2cd05ac82ff7

Faulting package full name:

Faulting package-relative application ID:

Error: (09/23/2014 10:26:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ACDSee11.exe, version: 11.0.108.0, time stamp: 0x4939da4f
Faulting module name: apphelp.dll, version: 6.2.9200.16420, time stamp: 0x505aa904
Exception code: 0xc0000005
Fault offset: 0x000208c6
Faulting process id: 0xd68
Faulting application start time: 0xACDSee11.exe0
Faulting application path: ACDSee11.exe1
Faulting module path: ACDSee11.exe2
Report Id: ACDSee11.exe3
Faulting package full name: ACDSee11.exe4
Faulting package-relative application ID: ACDSee11.exe5

Error: (09/23/2014 10:23:14 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddWin32ServiceFiles: Unable to back up image of service McAfee Application Installer Cleanup (0027591411102883) since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.
.

Error: (09/22/2014 02:44:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: squeezeboxcp.exe, version: 54532.0.0.0, time stamp: 0x4e209e9f
Faulting module name: Wx.dll_unloaded, version: 0.0.0.0, time stamp: 0x4decbf1a
Exception code: 0xc0000005
Fault offset: 0x675eb110
Faulting process id: 0x1750
Faulting application start time: 0xsqueezeboxcp.exe0
Faulting application path: squeezeboxcp.exe1
Faulting module path: squeezeboxcp.exe2
Report Id: squeezeboxcp.exe3
Faulting package full name: squeezeboxcp.exe4
Faulting package-relative application ID: squeezeboxcp.exe5


System errors:
=============
Error: (09/29/2014 00:06:57 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (09/29/2014 00:06:34 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (09/29/2014 00:06:34 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (09/28/2014 11:51:32 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (09/28/2014 08:18:23 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (09/26/2014 07:55:15 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (09/25/2014 00:06:56 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (09/23/2014 10:58:16 AM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (09/21/2014 04:27:34 PM) (Source: Microsoft-Windows-Kernel-General) (EventID: 6) (User: NT AUTHORITY)
Description: 0xc000014d0

Error: (09/19/2014 06:37:01 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The McAfee Application Installer Cleanup (0027591411102883) service terminated unexpectedly.  It has done this 1 time(s).


Microsoft Office Sessions:
=========================
Error: (09/30/2014 02:56:51 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: cdrdao.exe0.0.0.0429e389dcygwin1.dll1005.24.0.045c06855c0000005000b48b617ec01cfdc94db61d084C:\Program Files (x86)\Exact Audio Copy\cdrdao\cdrdao.exeC:\Program Files (x86)\Exact Audio Copy\cdrdao\cygwin1.dll196b2df3-4888-11e4-be91-2cd05ac82ff7

Error: (09/30/2014 01:29:08 AM) (Source: MsiInstaller) (EventID: 10021) (User: Lenovo)
Description: Product: Microsoft Office 2000 Disc 2 -- The device is not ready.
(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (09/30/2014 01:12:47 AM) (Source: MsiInstaller) (EventID: 10021) (User: Lenovo)
Description: Product: Microsoft Office 2000 Disc 2 -- The device is not ready.
(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (09/29/2014 00:05:01 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: Lenovo)
Description: 1C:\Windows\explorer.exeWindows Explorer0411734200

Error: (09/29/2014 00:04:31 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: Lenovo)
Description: 1C:\Program Files (x86)\Bluetooth Suite\BtvStack.exeExtension Core0211747320

Error: (09/29/2014 00:04:31 AM) (Source: Microsoft-Windows-RestartManager) (EventID: 10006) (User: Lenovo)
Description: 1C:\Program Files (x86)\Bluetooth Suite\BtTray.exeBtTray0211747200

Error: (09/26/2014 07:52:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: firefox.exe32.0.3.5379143401cfd9272d971cc04294967295C:\Program Files (x86)\Mozilla Firefox\firefox.exe33e2eb59-45f1-11e4-be8d-2cd05ac82ff7

Error: (09/23/2014 10:26:41 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: ACDSee11.exe11.0.108.04939da4fapphelp.dll6.2.9200.16420505aa904c0000005000208c6d6801cfd75384a72fecC:\Program Files (x86)\ACD Systems\ACDSee\11.0\ACDSee11.exeC:\windows\system32\apphelp.dllc7c351d2-4346-11e4-be8b-2cd05ac82ff7

Error: (09/23/2014 10:23:14 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddWin32ServiceFiles: Unable to back up image of service McAfee Application Installer Cleanup (0027591411102883) since QueryServiceConfig API failed

System Error:
The system cannot find the file specified.

Error: (09/22/2014 02:44:52 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: squeezeboxcp.exe54532.0.0.04e209e9fWx.dll_unloaded0.0.0.04decbf1ac0000005675eb110175001cfd6ac736b9e8bC:\Program Files (x86)\Squeezebox\server\squeezeboxcp.exeWx.dllae66c420-42a1-11e4-be8b-2cd05ac82ff7


==================== Memory info ===========================

Processor: AMD A10-4600M APU with Radeon™ HD Graphics
Percentage of memory in use: 44%
Total physical RAM: 5554.6 MB
Available physical RAM: 3057.6 MB
Total Pagefile: 6450.6 MB
Available Pagefile: 4021.42 MB
Total Virtual: 8192 MB
Available Virtual: 8191.77 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:884 GB) (Free:433.4 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25.18 GB) (Free:12.52 GB) NTFS
Drive f: (WD SmartWare) (CDROM) (Total:0.56 GB) (Free:0 GB) UDF
Drive g: (My Book) (Fixed) (Total:1862.36 GB) (Free:1156.96 GB) NTFS
Drive h: (UNTITLED 1) (Fixed) (Total:746.11 GB) (Free:746.11 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 48000131)

Partition: GPT Partition Type.

========================================================
Disk: 1 (Size: 2794.5 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 1862.4 GB) (Disk ID: 01521A31)
Partition 1: (Not Active) - (Size=1862.4 GB) - (Type=07 NTFS)

==================== End Of Log ============================

 

 

I am uncertain how to send you the Windows System Summary file that you requested.  This file, Summary.nfo (unzipped) is 1.99 MB. Zipping it with the Microsoft utiltity (that your instructions suggest I use) produces a System.zip folder which is 94.3 KB.  Zipping it with 7Zip produces a System.zip folder which is 88.6 KB.  Neither version will attach to this message, since the maximum file size for attachments at this forum is 81.82KB.  Suggestions?

 

 

Thank you for your assistance.   Tom



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,014 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:28 AM

Posted 30 September 2014 - 07:31 PM

Hi Tom,

Don't worry about the System Summary report for now.

Your computer looks fine, just some minor items to clean up. I will also provide instructions for scanning your external device.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
SearchScopes: HKCU - DefaultScope {C129A909-F275-4E0B-8626-7D9958CBCB89} URL =
SearchScopes: HKCU - {C129A909-F275-4E0B-8626-7D9958CBCB89} URL =
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File
Emptytemp:
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Rerun Malwarebytes Including External Devices

--------------------

Temporarily disable your antivirus program.
  • Attach your external device
  • Launch Malwarebytes
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Full Scan" option is selected.
  • Click on the Scan button.
  • Place an additional check mark next to any attached external devices
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

===================================================

ESET Online Scanner Including External Device

--------------------

I'd like us to scan your machine with ESET OnlineScan Including External Device This process may may take several hours, that is normal
  • Attach your external device
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click Run ESET Online Scanner.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check YES, I accept the Terms of Use.
  • Click the Start button.
  • Click Enable detection of potentially unwanted applications
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Remove found threats
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
    • In the Current scan targets line click Change...
    • Place an additional check mark next to any attached external drives
    • Click OK, then Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not get a log.
  • Click the Back button.
  • Click the Finish button.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • Malwarebytes log
  • ESET log
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 Tom1324

Tom1324
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 02 October 2014 - 03:20 AM

Hello Gary,

 

I am nearly finished with the three scans you requested,  Each takes quite a while, since there are three hard drives (one internal, two external), with 6TB total capacity.  The last ESET online scan should complete overnight, so I'll post the results tomorrow for you to look at.

 

In the meantime, I thought I should ask a few questions regarding the procedure that you have requested I follow:

 

Q1: Is it necessary, or preferable, to temporarily disable Avast! AV (or any other anti-virus program), before running a MalwareBytes scan?  (I have not done this in the past, nor knew this was recommended, and wonder whether Malwarebytes was not able to detect infected files for that reason.)  If so, I suppose I should refrain from going on the Internet, or from installing any new program, until a lengthy MalwareBytes full-system scan, which takes several hours and which I run frequently (since I have no real-time protection), can be completed, and I turn on anti-virus protection again?

 

Q2: Is this recommendation based on the assumption that a user has a paid version of MalwareBytes, that provides real-time protetion, and therefore both it and Avast! (which also provides real-time protection) should not be run at the same time? (I have only the free version of MalwareBytes, which is simply an on-demand scanner, and provides no real-time protection.)

 

   - see, for example,

 

https://support.norton.com/sp/en/us/norton-internet-security/20.3.1.22/solutions/kb20080520095244EN_EndUserProfile_en_us?actstat=activated&filter=&inid=us_hho_topnav_support&ispid=&layout=Retail&ncoap=1&partner=&q=kb20080520095244EN_EndUserProfile_en_us&sitename=&substatus=current

 

   - I have used MalwareBytes for many years, and have never had any problem installing, launching, or running a scan with this program, while an anti-virus program (Avast!, Kaspersky, Norton, etc.) was also running in the background.  It has occasionally, but only very rarely, found any problem with any computer that I was using, and usually that was only a potentially unwanted program (PUP), or a tracking cookie, as opposed to an active virus, Trojan, rootkit, etc.  It has also never had any difficulty removing a malware file, placing a file in quarantime, etc.

 

Q3: Your instructions refer to things (a Scanner Tab, a Log Tab, Remove Selected box, Log results in a Notepad pop-up, etc.) that do not correspond to the GUI for the version of MalwareBytes I am running.  (Malwarebytes Anti-Malware [Free] Version: 2.00.2.1012.)  I assume they are what apears in the paid version of the program.  In order to carry out your instructions, I had to perform a "Custom Scan," which gave me the opportunity to specify the drives to scan (including the two external ones).  I assume that this results in an equivalent scan to a "Full System Scan", as your instructions specified?  A "Threat Scan"  (despite being described as "our most capable, comprehensive scan type.  It loooks in all the places malware is know to hide" ) only scans the C: drive, and does not give the opportunity to specify other drives.  (Monitoring the files scanned in the Custom Scan seemed to show that all files on each of the drives was scanned - including 668,727 total objects, requiring 4:45 hours.)

 

Q4: Would a solution for the issue of potential incompatability between Avast! and MalwareBytes running at the same time simply be to create an exclusion in both products for the other?  (So that neither would block the other from running?)

 

Q5: When I launched the ESET Online Scanner, it recommended that Avast! AV be disabled temporarily, which I did.  Your instructions then provided alternate procedures, depending on whether Internet Explorer, or an alternative browser, was used.  Although I normally use Firefox nearly exclusively - and used it for my previous ESET scan, that disclosed, then cleaned up, the infection with Win32/DownloadAdmin.G Trojan virus and 33 files with JS/Trackware.ReadNotify.A - I decided to try Internet Explorer this time instead.  So far it has found 52 new infected files, at 85% complete. Most of these appear to be files infected with JS/Trackware.ReadNotify.A, and a few are with a Google toolbar.  Is there any reason to prefer IE or Firefox for the ESET scan?  Is there any reason to suppose that a scan with one browser would be any different than the other, or that it makes sense to do two scans with ESET back to back, using each browser?

 

Regards,  Tom

 

 

 



#9 Tom1324

Tom1324
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 02 October 2014 - 05:52 AM

Hi Gary,

 

Here are the results of the three scans you requested:

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-09-2014
Ran by User at 2014-10-01 12:02:18 Run:1
Running from C:\Users\User\Desktop
Loaded Profile: User (Available profiles: User)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
SearchScopes: HKCU - DefaultScope {C129A909-F275-4E0B-8626-7D9958CBCB89} URL =
SearchScopes: HKCU - {C129A909-F275-4E0B-8626-7D9958CBCB89} URL =
Handler: ipp\0x00000001 - {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} -  No File
Emptytemp:
*****************

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C129A909-F275-4E0B-8626-7D9958CBCB89}" => Key deleted successfully.
"HKCR\CLSID\{C129A909-F275-4E0B-8626-7D9958CBCB89}" => Key not found.
"HKCR\PROTOCOLS\Handler\ipp\0x00000001" => Key deleted successfully.
"HKCR\CLSID\{E1D2BF42-A96B-11D1-9C6B-0000F875AC61}" => Key not found.
EmptyTemp: => Removed 89.8 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====

 

********************************************************************************************

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 10/1/2014
Scan Time: 1:04:03 PM
Logfile: MalwareBytes Log 10_1_14 #2.txt
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.10.01.09
Rootkit Database: v2014.09.19.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8
CPU: x64
File System: NTFS
User: User

Scan Type: Custom Scan
Result: Completed
Objects Scanned: 668727
Time Elapsed: 4 hr, 45 min, 39 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 1
PUP.Optional.OpenCandy, C:\Users\User\Downloads\Programs\ImgBurn\SetupImgBurn_2.5.8.0.exe, Quarantined, [355029c61269c4727c1187aeec19fa06],

Physical Sectors: 0
(No malicious items detected)


(end)

 

**********************************************************************************

 

ESET Scan Results 10_2_14.txt :

 

C:\CCE_Quarantine\{1154F07B-2E97-49DD-8CBB-4BF892CA02D4}    JS/Trackware.ReadNotify.A potentially unwanted application    deleted - quarantined
C:\CCE_Quarantine\{196655E8-987D-439E-9757-B478F716BDFB}    JS/Trackware.ReadNotify.A potentially unwanted application    deleted - quarantined
C:\CCE_Quarantine\{29B5DA7E-9A5B-4155-BDBC-D95904D93284}    JS/Trackware.ReadNotify.A potentially unwanted application    deleted - quarantined
C:\CCE_Quarantine\{2D60A3C0-3E47-4F88-BA93-34A4E175BCD7}    JS/Trackware.ReadNotify.A potentially unwanted application    deleted - quarantined
C:\CCE_Quarantine\{38E70CCD-57C1-40AB-AFCE-DB76B67C21F0}    JS/Trackware.ReadNotify.A potentially unwanted application    deleted - quarantined
C:\CCE_Quarantine\{6C3D0171-E684-459F-8F50-A9A0C3324C4A}    JS/Trackware.ReadNotify.A potentially unwanted application    deleted - quarantined
C:\CCE_Quarantine\{75FC4D1A-0F66-498D-8EFF-56BC3F6A7D1F}    JS/Trackware.ReadNotify.A potentially unwanted application    deleted - quarantined
C:\CCE_Quarantine\{7F20DD01-8E71-455A-A652-364CB43E8550}    JS/Trackware.ReadNotify.A potentially unwanted application    deleted - quarantined
C:\CCE_Quarantine\{A404ADF7-7ECC-4543-84B8-7FFDB7D63545}    JS/Trackware.ReadNotify.A potentially unwanted application    deleted - quarantined
C:\CCE_Quarantine\{AA9459A7-FCCD-4816-A1D9-7523132DF6A8}    JS/Trackware.ReadNotify.A potentially unwanted application    deleted - quarantined
C:\CCE_Quarantine\{B0F33D6B-81A1-4C38-AA06-933FF5017ADA}    JS/Trackware.ReadNotify.A potentially unwanted application    deleted - quarantined
C:\CCE_Quarantine\{C49743FE-70F1-4F7A-A9E6-5BF77CAECC5C}    JS/Trackware.ReadNotify.A potentially unwanted application    deleted - quarantined
C:\CCE_Quarantine\{F33EF87D-63A9-4752-BF13-EB0169F10C6E}    JS/Trackware.ReadNotify.A potentially unwanted application    deleted - quarantined
C:\CCE_Quarantine\{F995AA8E-C3AD-4AED-8AD9-FA38BF869FA9}    JS/Trackware.ReadNotify.A potentially unwanted application    deleted - quarantined
C:\Users\User\Downloads\Programs\CCleaner\ccsetup417.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
C:\Users\User\Downloads\Programs\Defraggler\dfsetup218.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
C:\Users\User\Downloads\Programs\Recuva\rcsetup151.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
C:\Users\User\Downloads\Programs\Speccy\spsetup126.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
G:\Backup\cbsidlm-cbsi213-Ariolic_Disk_Scanner-BP-10812955.exe    a variant of Win32/CNETInstaller.B potentially unwanted application    deleted - quarantined
G:\Backup\Downloads\cbsidlm-tr1_14-Secunia_Personal_Software_Inspector-BP-10717855.exe    Win32/DownloadAdmin.G potentially unwanted application    deleted - quarantined
G:\Backup\Downloads\ccsetup403.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
G:\Backup\Downloads\ccsetup407.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
G:\Backup\Downloads\ccsetup409.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
G:\Backup\Downloads\ccsetup410.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
G:\Backup\Downloads\ccsetup412.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
G:\Backup\Downloads\ccsetup414.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
G:\Backup\Downloads\ccsetup415.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
G:\Backup\Downloads\dfsetup216.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
G:\Backup\Downloads\dfsetup218.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
G:\Backup\Downloads\spsetup126.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
G:\Backup\EB Done\Ultimate Travel Guides Collection\Vol. 2\14 South and Central America\10 Nicaragua & El Salvador\Lonely Planet Nicaragua & El Salvador\nic-el-directory_v1_m56577569830489993.pdf    JS/Trackware.ReadNotify.A potentially unwanted application    deleted - quarantined
G:\Backup\EB Done\Ultimate Travel Guides Collection\Vol. 2\14 South and Central America\10 Nicaragua & El Salvador\Lonely Planet Nicaragua & El Salvador\nic-el-health_v1_m56577569830489994.pdf    JS/Trackware.ReadNotify.A potentially unwanted application    deleted - quarantined
G:\Backup\EB Done\Ultimate Travel Guides Collection\Vol. 2\14 South and Central America\10 Nicaragua & El Salvador\Lonely Planet Nicaragua & El Salvador\nicaragua-el-salvador-language_v1_m56577569830489995.pdf    JS/Trackware.ReadNotify.A potentially unwanted application    deleted - quarantined
G:\Backup\EB Done\Ultimate Travel Guides Collection\Vol. 2\14 South and Central America\11 Guatemala\Lonely Planet Guatemala\guatemala-language_v1_m56577569830495601.pdf    JS/Trackware.ReadNotify.A potentially unwanted application    deleted - quarantined
G:\Backup\EB Done\Ultimate Travel Guides Collection\Vol. 2\14 South and Central America\12 Honduras\Lonely Planet Honduras & the Bay Islands\central-honduras_v1_m56577569830489916.pdf    JS/Trackware.ReadNotify.A potentially unwanted application    deleted - quarantined
G:\Backup\EB Done\Ultimate Travel Guides Collection\Vol. 2\14 South and Central America\12 Honduras\Lonely Planet Honduras & the Bay Islands\honduras-language_v1_m56577569830489923.pdf    JS/Trackware.ReadNotify.A potentially unwanted application    deleted - quarantined
G:\Backup\EB Done\Ultimate Travel Guides Collection\Vol. 2\14 South and Central America\12 Honduras\Lonely Planet Honduras & the Bay Islands\honduras-the-bay-islands-health_v1_m56577569830489922.pdf    JS/Trackware.ReadNotify.A potentially unwanted application    deleted - quarantined
G:\Backup\EB Done\Ultimate Travel Guides Collection\Vol. 2\14 South and Central America\13 Panama\Lonely Planet Panama\panama-language_v1_m56577569830490020.pdf    JS/Trackware.ReadNotify.A potentially unwanted application    deleted - quarantined
G:\Backup\EB Done\Ultimate Travel Guides Collection\Vol. 2\15 Mexico\Lonely Planet Baja & Los Cabos\baja--southern-baja_v1_m56577569830496005.pdf    JS/Trackware.ReadNotify.A potentially unwanted application    deleted - quarantined
G:\Backup\EB Done\Ultimate Travel Guides Collection\Vol. 2\15 Mexico\Lonely Planet Baja & Los Cabos\baja-health_v1_m56577569830496001.pdf    JS/Trackware.ReadNotify.A potentially unwanted application    deleted - quarantined
G:\Backup\EB Done\Ultimate Travel Guides Collection\Vol. 2\15 Mexico\Lonely Planet Baja & Los Cabos\baja-language_v1_m56577569830496002.pdf    JS/Trackware.ReadNotify.A potentially unwanted application    deleted - quarantined
G:\Backup\EB Done\Ultimate Travel Guides Collection\Vol. 2\15 Mexico\Lonely Planet Baja & Los Cabos\baja-los-cabos-planning-information.pdf    JS/Trackware.ReadNotify.A potentially unwanted application    deleted - quarantined
G:\Backup\EB Done\Ultimate Travel Guides Collection\Vol. 2\15 Mexico\Lonely Planet Baja & Los Cabos\baja-los-cabos_v1_m56577569830496003.pdf    JS/Trackware.ReadNotify.A potentially unwanted application    deleted - quarantined
G:\Backup\EB Done\Ultimate Travel Guides Collection\Vol. 2\15 Mexico\Lonely Planet Puerto Vallarta & Pacific Mexico\pv-acapulco_v1_m56577569830490072.pdf    JS/Trackware.ReadNotify.A potentially unwanted application    deleted - quarantined
G:\Backup\EB Done\Ultimate Travel Guides Collection\Vol. 2\15 Mexico\Lonely Planet Puerto Vallarta & Pacific Mexico\pv-mazatlan_v1_m56577569830490062.pdf    JS/Trackware.ReadNotify.A potentially unwanted application    deleted - quarantined
G:\Backup\EB Done\Ultimate Travel Guides Collection\Vol. 2\15 Mexico\Lonely Planet Puerto Vallarta & Pacific Mexico\pv-nayarit_v1_m56577569830490064.pdf    JS/Trackware.ReadNotify.A potentially unwanted application    deleted - quarantined
G:\Backup\EB Done\Ultimate Travel Guides Collection\Vol. 2\15 Mexico\Lonely Planet Yucatan\yucatan-campeche-state_v1_m56577569830490130.pdf    JS/Trackware.ReadNotify.A potentially unwanted application    deleted - quarantined
G:\Backup\EB Done\Ultimate Travel Guides Collection\Vol. 2\15 Mexico\Lonely Planet Yucatan\yucatan-health_v1_m56577569830490135.pdf    JS/Trackware.ReadNotify.A potentially unwanted application    deleted - quarantined
G:\Backup\EB Done\Ultimate Travel Guides Collection\Vol. 2\15 Mexico\Lonely Planet Yucatan\yucatan-planning-information.pdf    JS/Trackware.ReadNotify.A potentially unwanted application    deleted - quarantined
G:\Backup\Programs\CCleaner\ccsetup402.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
G:\Backup\Programs\CCleaner\ccsetup403.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
G:\Backup\Programs\Defraggler\dfsetup214.exe    Win32/Bundled.Toolbar.Google.E potentially unsafe application    deleted - quarantined
G:\Backup\Programs\Recuva\rcsetup147.exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
G:\Backup\Programs\Speccy\spsetup121.exe    Win32/Bundled.Toolbar.Google.E potentially unsafe application    deleted - quarantined
 

***********************************************************************************

 

Some comments regarding the scan results:

 

Malwarebytes Anti-Malware -

 

I was aware OpenCandy was bundled with ImgBurn, when I dowloaded and installed it from http://www.imgburn.com/index.php?act=download (the developer's official website).  Before installing IngBurn (which does not give an option to opt out of installing OpenCandy, unfortunately), I reviewed the EULA for OpenCandy, information about OpenCandy on various security forums, as well as its description at http://www.opencandy.com/faqs/.  I did not install anything besides ImgBurn during the installation, and OpenCandy supposedly does not install anything itself, but is only designed to offer other software.  I downloaded and ran the utilty provided by OpenCandy to delete any trace of it afterwards.  So I assume this item flagged by MalwareBytes is not a problem.  In any event, the ImgBurn installer file (that had OpenCandy bundled with it) has been deleted by MalwareBytes from the computer, following a reboot.  And I do not need this file any further, now that IngBurn has been installed and is running properly.

 

 

ESET Online Scan -

 

The first 14 items, in the folder C:\CCE_Quarantine, are all items previously found and disinfected when I ran an earlier scan using Comodo Cleaning Essentials, v. cce_2.5.242177.201_x64.  According to the Comodo moderator (ERICJH) at http://forums.comodo.com/antivirus-help-cis-b134.0/-t82351.0.html, that is just a result of the way MalwareBytes runs, these items are in a valid quarantine folder set up by Comodo, which does not need to be scanned by it, but can just be set up as an exclusion in MBAM.  In any event, after running MBAM and then rebooting, all of the files were deleted from the Comodo CCE_Quarantine folder.

 

Various utility programs which I downloaded and installed from the official website of Piriform [ https://www.piriform.com/products ], including CCleaner, Defraggler, Recuva, and Speccy, are bundled with Win32/Bundled.Toolbar.Google.D, which is an optional additional install.  In each case, when I installed the Piriform utilities, I declined to install the Google toolbar.  According to Herd Protect [ http://www.herdprotect.com/ccsetup403.exe-a4854c3c5a7277d3c02f88330d2023aad3667533.aspx ], this is probably just a false positive by the ESET scanning engine:

 

"ccsetup403.exe CCleaner Piriform Ltd
This is a setup and installation application. The file has been seen being downloaded from www.filehippo.com and multiple other hosts.
sli.png
File name:
ccsetup403.exe
Publisher:
Piriform Ltd  (signed and verified)
Product:
CCleaner
Description:
CCleaner Installer
Version:
2.0.0.0
MD5:
0b18480a1813a3a817cd8c6f3b2a49c0
SHA-1:
a4854c3c5a7277d3c02f88330d2023aad3667533
SHA-256:
f11ea49f44c18f2650a9d2f4a6433216822559a564d3490f006d777f11078cf9
Analysis
Scanner detections:
1 / 68
Status:
Clean  (1 probable false positive detection)
Explanation:
This is mosty likely a false positive detection, the file is probably clean.
Analysis date:
2/26/2014 2:30:01 PM UTC  (seven months ago)
Scan engine
Detection
Engine version
ESET NOD32
Win32/Bundled.Toolbar.Google
7.9190
sli.png
File Details
File size:
4.2 MB (4,396,440 bytes)
Copyright:
Copyright © 2005-2013 Piriform Ltd
File type:
Executable application (Win32 EXE)
Language:
Language Neutral
Common path:
C:\users\user\downloads\ccsetup403.exe
Digital Signature
Signed by:
Authority:
VeriSign, Inc.
Valid from:
7/5/2011 5:00:00 PM
Valid to:
8/22/2013 4:59:59 PM
Subject:
CN=Piriform Ltd, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Piriform Ltd, L=London, S=London, C=GB
Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa ©10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US
Serial number:
741D340793306ACA84FAB3ABBB1567CE
File PE Metadata
Compilation timestamp:
2/24/2012 11:19:59 AM
OS version:
5.0
OS bitness:
Win32
Subsystem:
Windows GUI
Linker version:
10.0
CTPH (ssdeep):
98304:lO0RdQa6FjW+TyUrSOMzeROT6nx46FlGURyhe1TV:J/QpBzTypEoaxxlGEy09V
Entry address:
0x39E3
Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, 91, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B8, 80, 40, 00, 55, FF, 15, C0, 82, 40, 00, 6A, 08, A3, B8, 2E, 47, 00, E8, 37, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, D0, 2D, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 1C, 93, 40, 00, FF, 15, 84, 81, 40, 00, 68, 04, 93, 40, 00, 68, C0, AD, 46, 00, E8, 19, 27, 00, 00, FF, 15, B4, 80, 40, 00, 50, BF, A0, 30, 4C, 00, 57, E8, 07, 27, 00, 00...
 
[+]
Code size:
28 KB (28,672 bytes)"
 
In any event, MBAM deleted all of these installer files for the Piriform utilities.
 
 
I am very surprised by the following entry in the ESET scan:
 
G:\Backup\Downloads\cbsidlm-tr1_14-Secunia_Personal_Software_Inspector-BP-10717855.exe    Win32/DownloadAdmin.G potentially unwanted application    deleted - quarantined
 
Supposedly, ESET had already deleted this Trojan virus, which I suspect had spawned all of the JS/Trackware.ReadNotify.A infections in the 33 Travel Guide .pdf files, when I first ran an ESET Online Scan on September 13 (the day before I first posted to this forum).  This Trojan virus - apparently - is back, as is another whole flock of infected .pdf eBook files.  The 19 listed eBook files appear all to be included in the original group of 33 found to be infected, when I ran ESET originally on September 19.  (See list from the log of the ESET Online AV Scanner Results, in my original post.)  This, despite the fact that these files were all supposedly deleted the first time, not merely quarantined. So I cannot tell if I have been reinfected somehow, or if the files were never deleted in the first place.  According to Windows Explorer, all of these files have now been deleted from the G: drive.  But that is the same as on September 13, when I checked then after ESET had finished running and completing its malware fix. They do not show up as merely being moved to the Recycle Bin.  I'll need your help to get to the bottom of this. I do not want to have my computer re-infected, from this backup (G:) external drive.
 
Regards, Tom


#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,014 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:28 AM

Posted 02 October 2014 - 01:48 PM

Whether technically necessary or not, it is preferrable to remove any potential obstacles when running scanning programs. Malwarebytes will not conflict with antivirus programs. They serve different purposes. Malwarebytes and ESET use different parameters for scanning so it is not uncommon to see one program detect something the other program did not.

Malwarebytes has updated their GUI. Thank you for letting me know.

In theory it shouldn't matter whether you use Firefox or Internet Explorer for the ESET scan.

The scan results you posted initially showed files being deleted from your C: drive. The current ESET scan results show removal from your G: drive. These entries are potentially unwanted applications, not infections.

You can run MBAM and ESET again on these drives to see what it shows but there isn't really anything else I can offer you except for what we have already done.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Tom1324

Tom1324
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:02:28 AM

Posted 05 October 2014 - 03:43 AM

Gary, you wrote to me on 9/29/14 saying: "When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections."

 

I take it you think my computer is now malware free.  (A follow-up ESET Online Scan of the G:\ external USB drive, used for backup, showed nothing.)  What detailed information can you provide, about how I can combat future infections?

 

Regards, Tom



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,014 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:28 AM

Posted 05 October 2014 - 08:59 AM

Hi Tom,

Yes I believe your computer and now your external drives are clean. And true to my word here is some information for you to review.

Now that your computer is running well it is my great pleasure to proclaim to you the Good News!

===================================================

Keeping Your Computer Safe

----------

Lawrence Abrams, the founder of BleepingComputer.com, has developed an excellent tutorial which will provide you with the information you need to know to keep your computer secure and clean. Please take the time to read: Simple and easy ways to keep your computer safe and secure on the Internet.

In addition, here are some more links you might find of interest:I will leave this topic open for just a day or so in case you have any further issues then it will be closed shortly thereafter.

Thank you for placing your trust in BleepingComputer. It was a pleasure serving you. OhMy_done.gif
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,014 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:02:28 AM

Posted 06 October 2014 - 05:07 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users