Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need help with extendedunlimited/gameharbor issue on startup


  • This topic is locked This topic is locked
4 replies to this topic

#1 kkuzyk

kkuzyk

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:40 AM

Posted 15 September 2014 - 11:45 PM

Everytime I boot up the computer, the extendedunlimited/gameharbor.org website comes up on my default browser. I've seen others with the same issue. Here is my FRST scan:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by Kam (administrator) on KAM-PC on 15-09-2014 23:43:10
Running from C:\Users\Kam\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
() C:\Windows\runSW.exe
() F:\WlanWpsSvc.exe
(Microsoft Corporation) C:\Windows\System32\printfilterpipelinesvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
(D-Link Corp.) F:\wirelesscm.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Apple Inc.) F:\iTunes\iTunesHelper.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(AMD) C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Realtek) C:\Windows\SwUSB.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPNetworkCommunicatorCom.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [10060832 2010-02-08] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59240 2011-11-01] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => F:\iTunes\iTunesHelper.exe [421736 2012-01-16] (Apple Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-10-08] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-2898475139-1483009424-2480643546-1000\...\Run: [Google Update] => C:\Users\Kam\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-07-28] (Google Inc.)
HKU\S-1-5-21-2898475139-1483009424-2480643546-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [1305408 2011-01-20] (DT Soft Ltd)
HKU\S-1-5-21-2898475139-1483009424-2480643546-1000\...\Run: [HydraVisionDesktopManager] => C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe [393216 2010-08-25] (AMD)
HKU\S-1-5-21-2898475139-1483009424-2480643546-1000\...\Run: [CMD] => cmd.exe /c start http://extendedunlimited.org && exit <===== ATTENTION
HKU\S-1-5-21-2898475139-1483009424-2480643546-1000\...\MountPoints2: {922b2de3-b97d-11e0-b291-806e6f6e6963} - G:\LaunchU3.exe -a
HKU\S-1-5-21-2898475139-1483009424-2480643546-1000\...\MountPoints2: {dd4e3da7-ba3b-11e0-8c90-002522422278} - G:\setup.exe
HKU\S-1-5-21-2898475139-1483009424-2480643546-1000\...\MountPoints2: {e81a6c10-b9c6-11e0-8972-806e6f6e6963} - E:\AUTORUN.EXE
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Connection Manager.lnk
ShortcutTarget: Wireless Connection Manager.lnk -> F:\wirelesscm.exe (D-Link Corp.)
Startup: C:\Users\Kam\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet 2620 series.lnk
ShortcutTarget: Monitor Ink Alerts - HP Officejet 2620 series.lnk -> C:\Program Files\HP\HP Officejet 2620 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
BootExecute: autocheck autochk * bootdelete

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://ca.msn.com/?lang=en-ca&OCID=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-CA
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> F:\bin\ssv.dll No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> F:\bin\jp2ssv.dll No File
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 64.59.176.13 64.59.177.226

FireFox:
========
FF ProfilePath: C:\Users\Kam\AppData\Roaming\Mozilla\Firefox\Profiles\99fs1624.default-1410825992363
FF NetworkProxy: "type", 0
FF Plugin: @java.com/DTPlugin,version=11.0.2 -> F:\bin\dtplugin\npDeployJava1.dll No File
FF Plugin: @java.com/JavaPlugin,version=11.0.2 -> F:\bin\plugin2\npjp2.dll No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> F:\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/JavaPlugin,version=10.10.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> F:\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Kam\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Kam\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.ca/
CHR DefaultSearchKeyword: Default -> 28D36B33E180A6574F323BA5A208E7D5EC9DE9DBE0EE01529CF6A69555222267
CHR DefaultSearchURL: Default -> https://mail.google.com/mail/?extsrc=mailto&url=%s
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Kam\AppData\Local\Google\Chrome\Application\37.0.2062.120\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Kam\AppData\Local\Google\Chrome\Application\37.0.2062.120\pdf.dll ()
CHR Plugin: (Shockwave Flash) - C:\Users\Kam\AppData\Local\Google\Chrome\Application\37.0.2062.120\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll No File
CHR Plugin: (Java™ Platform SE 6 U31) - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (iTunes Application Detector) - F:\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Profile: C:\Users\Kam\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Kam\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-06-12]
CHR Extension: (YouTube) - C:\Users\Kam\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-01-02]
CHR Extension: (Google Search) - C:\Users\Kam\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-01-02]
CHR Extension: (Google Wallet) - C:\Users\Kam\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-26]
CHR Extension: (Gmail) - C:\Users\Kam\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-01-02]
CHR HKCU\...\Chrome\Extension: [fdepacjoijebcfaaenjicnejghibmebp] - C:\Users\Kam\AppData\Local\CRE\fdepacjoijebcfaaenjicnejghibmebp.crx [2013-03-13]
CHR HKLM-x32\...\Chrome\Extension: [fdepacjoijebcfaaenjicnejghibmebp] - C:\Users\Kam\AppData\Local\CRE\fdepacjoijebcfaaenjicnejghibmebp.crx [2013-03-13]
CHR StartMenuInternet: Google Chrome - C:\Users\Kam\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-10-08] (Advanced Micro Devices, Inc.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2369720 2014-08-01] (Microsoft Corporation)
R2 RunSwUSB; C:\Windows\runSW.exe [48856 2013-10-18] ()
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 WlanWpsSvc; F:\WlanWpsSvc.exe [167936 2008-06-26] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2011-07-30] (DT Soft Ltd)
R3 FLxHCIh; C:\Windows\System32\DRIVERS\FLxHCIh.sys [77040 2012-11-08] (Fresco Logic)
R3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [2978520 2014-01-10] (Realtek Semiconductor Corporation                           )
U4 bdselfpr; No ImagePath
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-15 23:34 - 2014-09-15 23:34 - 00048518 ____C () C:\Users\Kam\Downloads\FRST1.txt
2014-09-15 23:05 - 2014-09-15 23:43 - 00014672 ____C () C:\Users\Kam\Downloads\FRST.txt
2014-09-15 23:05 - 2014-09-15 23:05 - 00036677 ____C () C:\Users\Kam\Downloads\Addition.txt
2014-09-15 23:04 - 2014-09-15 23:43 - 00000000 ___DC () C:\FRST
2014-09-15 23:04 - 2014-09-15 23:04 - 02105856 ____C (Farbar) C:\Users\Kam\Downloads\FRST64.exe
2014-09-15 20:56 - 2014-09-15 20:56 - 00000000 ___DC () C:\Program Files (x86)\Mozilla Firefox
2014-09-15 20:27 - 2014-09-15 20:27 - 31766208 ____C (Microsoft Corporation) C:\Users\Kam\Downloads\Windows-KB890830-x64-V5.16.exe
2014-09-15 19:57 - 2014-09-15 19:57 - 00000000 ___DC () C:\Program Files\Enigma Software Group
2014-09-15 19:57 - 2014-09-15 19:57 - 00000000 ____C () C:\autoexec.bat
2014-09-15 19:56 - 2014-09-15 20:26 - 00000000 ___DC () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-09-15 19:56 - 2014-09-15 19:56 - 00728960 ____C (Enigma Software Group USA, LLC.) C:\Users\Kam\Downloads\SpyHunter-Installer.exe
2014-09-15 18:52 - 2014-09-15 18:52 - 00000000 _SHDC () C:\Users\Kam\AppData\Local\EmieUserList
2014-09-15 18:52 - 2014-09-15 18:52 - 00000000 _SHDC () C:\Users\Kam\AppData\Local\EmieSiteList
2014-09-15 18:10 - 2014-09-15 18:10 - 00015822 ____C () C:\Windows\system32\bootdelete.lst
2014-09-15 18:10 - 2014-09-15 18:10 - 00012872 ____C (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-09-15 18:06 - 2014-09-15 18:11 - 00000000 ___DC () C:\ProgramData\HitmanPro
2014-09-15 18:05 - 2014-09-15 18:05 - 11194928 ____C (SurfRight B.V.) C:\Users\Kam\Downloads\HitmanPro_x64.exe
2014-09-11 03:06 - 2014-09-11 03:06 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-11 03:06 - 2014-09-11 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-11 03:06 - 2014-09-11 03:06 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 03:06 - 2014-09-11 03:06 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-11 03:06 - 2014-09-11 03:06 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-11 03:06 - 2014-09-11 03:06 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-11 03:06 - 2014-09-11 03:06 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-11 03:06 - 2014-09-11 03:06 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-11 03:06 - 2014-09-11 03:06 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-11 03:06 - 2014-09-11 03:06 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-11 03:00 - 2014-09-11 03:00 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-11 03:00 - 2014-09-11 03:00 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-10 20:44 - 2014-09-11 03:08 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-10 20:44 - 2014-09-11 03:08 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-10 20:44 - 2014-09-11 03:05 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-10 20:44 - 2014-09-11 03:05 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-10 20:44 - 2014-09-11 03:01 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-10 20:44 - 2014-09-11 03:01 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-10 20:44 - 2014-09-11 03:01 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-10 20:44 - 2014-09-11 03:01 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-10 20:44 - 2014-09-11 03:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-06 20:30 - 2014-09-09 15:00 - 00001008 ____C () C:\Users\Public\Desktop\The Sims 4.lnk
2014-09-06 20:30 - 2014-09-06 20:30 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sims 4
2014-09-06 20:30 - 2011-02-18 15:07 - 00447752 _____ (On2.com) C:\Windows\SysWOW64\vp6vfw.dll
2014-09-06 16:49 - 2014-09-06 16:49 - 00000000 ___DC () C:\Users\Kam\Documents\Electronic Arts
2014-09-03 20:53 - 2014-09-15 23:37 - 00022702 ____C () C:\Windows\runSW.log
2014-09-03 20:53 - 2014-09-03 20:54 - 00000000 ___DC () C:\Users\Public\D-Link
2014-09-03 20:53 - 2014-09-03 20:53 - 00000291 ____C () C:\Users\Public\Desktop\Wireless Connection Manager.lnk
2014-09-03 20:53 - 2014-09-03 20:53 - 00000000 ___DC () C:\Windows\pcidevice
2014-09-03 20:53 - 2014-09-03 20:53 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\D-Link
2014-09-03 20:53 - 2014-01-10 10:22 - 02978520 _____ (Realtek Semiconductor Corporation ) C:\Windows\system32\Drivers\RTWlanU.sys
2014-09-03 20:53 - 2013-11-13 11:24 - 00446464 ____C (Realtek) C:\Windows\SwUSB.exe
2014-09-03 20:53 - 2013-10-18 16:42 - 00048856 ____C () C:\Windows\runSW.exe
2014-09-03 20:48 - 2014-09-03 20:48 - 00003606 _____ () C:\Windows\System32\Tasks\HPCustParticipation HP Officejet 2620 series
2014-09-03 20:48 - 2014-09-03 20:48 - 00002239 ____C () C:\Users\Public\Desktop\HP Officejet 2620 series.lnk
2014-09-03 20:48 - 2014-09-03 20:48 - 00001176 ____C () C:\Users\Public\Desktop\Shop for Supplies - HP Officejet 2620 series.lnk
2014-08-28 19:26 - 2014-08-29 03:00 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-28 19:26 - 2014-08-29 03:00 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-28 19:26 - 2014-08-29 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-24 15:34 - 2014-08-24 23:16 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-24 15:34 - 2014-08-24 23:16 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-24 15:34 - 2014-08-24 23:16 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-24 15:34 - 2014-08-24 23:16 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-24 15:34 - 2014-08-24 23:16 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-24 15:34 - 2014-08-24 23:16 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-24 15:34 - 2014-08-24 15:34 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-24 15:34 - 2014-08-24 15:34 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-24 15:34 - 2014-08-24 15:34 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-24 15:34 - 2014-08-24 15:34 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-24 15:34 - 2014-08-24 15:34 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-24 15:34 - 2014-08-24 15:34 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-24 15:34 - 2014-08-24 15:34 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-24 15:34 - 2014-08-24 15:34 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-20 09:17 - 2014-08-20 09:17 - 00015698 ____C () C:\Users\Kam\Downloads\Playoff Schedule  2014(2).xlsx
2014-08-18 11:24 - 2014-08-18 11:24 - 00015672 ____C () C:\Users\Kam\Downloads\Playoff Schedule  2014(1).xlsx
2014-08-18 11:20 - 2014-08-18 11:21 - 00015672 ____C () C:\Users\Kam\Downloads\Playoff Schedule  2014.xlsx

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-15 23:43 - 2014-09-15 23:05 - 00014672 ____C () C:\Users\Kam\Downloads\FRST.txt
2014-09-15 23:43 - 2014-09-15 23:04 - 00000000 ___DC () C:\FRST
2014-09-15 23:41 - 2009-07-14 00:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-15 23:37 - 2014-09-03 20:53 - 00022702 ____C () C:\Windows\runSW.log
2014-09-15 23:37 - 2011-07-28 17:45 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-15 23:37 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-15 23:37 - 2009-07-13 23:51 - 00258642 ____C () C:\Windows\setupact.log
2014-09-15 23:36 - 2012-04-29 23:34 - 00000000 ___DC () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-15 23:36 - 2011-07-29 05:10 - 01423089 ____C () C:\Windows\WindowsUpdate.log
2014-09-15 23:36 - 2010-11-20 22:47 - 01012656 ____C () C:\Windows\PFRO.log
2014-09-15 23:34 - 2014-09-15 23:34 - 00048518 ____C () C:\Users\Kam\Downloads\FRST1.txt
2014-09-15 23:22 - 2009-07-13 23:45 - 00021888 ___HC () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-15 23:22 - 2009-07-13 23:45 - 00021888 ___HC () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-15 23:15 - 2011-07-28 17:45 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-15 23:07 - 2011-07-28 17:41 - 00000900 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2898475139-1483009424-2480643546-1000UA.job
2014-09-15 23:05 - 2014-09-15 23:05 - 00036677 ____C () C:\Users\Kam\Downloads\Addition.txt
2014-09-15 23:04 - 2014-09-15 23:04 - 02105856 ____C (Farbar) C:\Users\Kam\Downloads\FRST64.exe
2014-09-15 20:56 - 2014-09-15 20:56 - 00000000 ___DC () C:\Program Files (x86)\Mozilla Firefox
2014-09-15 20:27 - 2014-09-15 20:27 - 31766208 ____C (Microsoft Corporation) C:\Users\Kam\Downloads\Windows-KB890830-x64-V5.16.exe
2014-09-15 20:26 - 2014-09-15 19:56 - 00000000 ___DC () C:\Windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-09-15 20:07 - 2014-06-25 12:10 - 00001780 ____C () C:\Users\Public\Desktop\Pinnacle Studio for Dazzle.lnk
2014-09-15 20:07 - 2013-03-18 22:49 - 00002022 ____C () C:\Users\Public\Desktop\Adobe Reader X.lnk
2014-09-15 20:07 - 2011-07-28 17:44 - 00001142 ____C () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-09-15 20:04 - 2012-02-06 22:28 - 00001000 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
2014-09-15 20:04 - 2011-07-28 17:44 - 00001154 ____C () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-09-15 19:57 - 2014-09-15 19:57 - 00000000 ___DC () C:\Program Files\Enigma Software Group
2014-09-15 19:57 - 2014-09-15 19:57 - 00000000 ____C () C:\autoexec.bat
2014-09-15 19:56 - 2014-09-15 19:56 - 00728960 ____C (Enigma Software Group USA, LLC.) C:\Users\Kam\Downloads\SpyHunter-Installer.exe
2014-09-15 18:52 - 2014-09-15 18:52 - 00000000 _SHDC () C:\Users\Kam\AppData\Local\EmieUserList
2014-09-15 18:52 - 2014-09-15 18:52 - 00000000 _SHDC () C:\Users\Kam\AppData\Local\EmieSiteList
2014-09-15 18:11 - 2014-09-15 18:06 - 00000000 ___DC () C:\ProgramData\HitmanPro
2014-09-15 18:10 - 2014-09-15 18:10 - 00015822 ____C () C:\Windows\system32\bootdelete.lst
2014-09-15 18:10 - 2014-09-15 18:10 - 00012872 ____C (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-09-15 18:05 - 2014-09-15 18:05 - 11194928 ____C (SurfRight B.V.) C:\Users\Kam\Downloads\HitmanPro_x64.exe
2014-09-11 11:07 - 2011-07-28 17:41 - 00000848 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2898475139-1483009424-2480643546-1000Core.job
2014-09-11 03:49 - 2014-05-15 03:42 - 00000000 ___DC () C:\Windows\rescache
2014-09-11 03:08 - 2014-09-10 20:44 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-11 03:08 - 2014-09-10 20:44 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-11 03:06 - 2014-09-11 03:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-11 03:06 - 2014-09-11 03:06 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-11 03:06 - 2014-09-11 03:06 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-11 03:06 - 2014-09-11 03:06 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-11 03:06 - 2014-09-11 03:06 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-11 03:06 - 2014-09-11 03:06 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-11 03:06 - 2014-09-11 03:06 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-11 03:06 - 2014-09-11 03:06 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-11 03:06 - 2014-09-11 03:06 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-11 03:06 - 2014-09-11 03:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-11 03:05 - 2014-09-10 20:44 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-11 03:05 - 2014-09-10 20:44 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-11 03:05 - 2013-11-30 15:22 - 00766376 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-11 03:04 - 2013-08-14 03:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-11 03:01 - 2014-09-10 20:44 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-11 03:01 - 2014-09-10 20:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-11 03:01 - 2014-09-10 20:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-11 03:01 - 2014-09-10 20:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-11 03:01 - 2014-09-10 20:44 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-11 03:00 - 2014-09-11 03:00 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-11 03:00 - 2014-09-11 03:00 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-10 06:11 - 2011-07-28 17:41 - 00002360 ____C () C:\Users\Kam\Desktop\Google Chrome.lnk
2014-09-09 15:00 - 2014-09-06 20:30 - 00001008 ____C () C:\Users\Public\Desktop\The Sims 4.lnk
2014-09-08 13:37 - 2013-02-11 19:56 - 00000000 ___DC () C:\ProgramData\Origin
2014-09-06 20:30 - 2014-09-06 20:30 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Sims 4
2014-09-06 20:30 - 2009-07-14 00:32 - 00000000 __RDC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-09-06 16:49 - 2014-09-06 16:49 - 00000000 ___DC () C:\Users\Kam\Documents\Electronic Arts
2014-09-06 16:48 - 2013-11-29 01:58 - 00000000 ___DC () C:\ProgramData\Package Cache
2014-09-06 16:43 - 2014-03-23 15:10 - 00000942 ____C () C:\Users\Public\Desktop\SimCity™.lnk
2014-09-05 19:43 - 2014-07-10 11:59 - 00000000 ___DC () C:\Users\Kam\AppData\Local\HP
2014-09-05 15:34 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-04 21:58 - 2014-06-25 13:41 - 00000000 ___DC () C:\Users\Kam\temp
2014-09-04 21:58 - 2014-06-25 12:11 - 00000932 ____C () C:\Users\Kam\AppData\Roaming\__AvidCloudManager.log
2014-09-04 19:04 - 2014-06-25 12:11 - 00001207 ____C () C:\Users\Kam\AppData\Roaming\KAM-PC.MTBF.txt
2014-09-04 19:04 - 2014-06-25 12:04 - 00000349 ____C () C:\Users\Public\Documents\PCLECHAL.INI
2014-09-04 19:04 - 2014-06-25 12:04 - 00000000 ___DC () C:\Users\Kam\AppData\Local\Pinnacle
2014-09-03 20:54 - 2014-09-03 20:53 - 00000000 ___DC () C:\Users\Public\D-Link
2014-09-03 20:53 - 2014-09-03 20:53 - 00000291 ____C () C:\Users\Public\Desktop\Wireless Connection Manager.lnk
2014-09-03 20:53 - 2014-09-03 20:53 - 00000000 ___DC () C:\Windows\pcidevice
2014-09-03 20:53 - 2014-09-03 20:53 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\D-Link
2014-09-03 20:53 - 2011-07-28 18:15 - 00000000 __HDC () C:\Program Files (x86)\InstallShield Installation Information
2014-09-03 20:48 - 2014-09-03 20:48 - 00003606 _____ () C:\Windows\System32\Tasks\HPCustParticipation HP Officejet 2620 series
2014-09-03 20:48 - 2014-09-03 20:48 - 00002239 ____C () C:\Users\Public\Desktop\HP Officejet 2620 series.lnk
2014-09-03 20:48 - 2014-09-03 20:48 - 00001176 ____C () C:\Users\Public\Desktop\Shop for Supplies - HP Officejet 2620 series.lnk
2014-09-03 20:48 - 2014-07-10 12:02 - 00000000 ___DC () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-09-03 20:48 - 2014-07-10 12:01 - 00000000 ___DC () C:\ProgramData\HP
2014-09-03 20:48 - 2014-07-10 12:01 - 00000000 ___DC () C:\Program Files (x86)\HP
2014-09-03 20:48 - 2014-07-10 12:00 - 00000000 ___DC () C:\Program Files\HP
2014-08-29 13:01 - 2011-07-28 17:17 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-08-29 08:52 - 2011-11-05 10:29 - 00000000 ___DC () C:\Users\Kam\AppData\Local\PokerStars
2014-08-29 03:16 - 2009-07-13 23:45 - 00526296 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-08-29 03:04 - 2014-07-06 22:14 - 00000000 ___DC () C:\Program Files\Microsoft Office 15
2014-08-29 03:00 - 2014-08-28 19:26 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-29 03:00 - 2014-08-28 19:26 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-29 03:00 - 2014-08-28 19:26 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-24 23:16 - 2014-08-24 15:34 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-08-24 23:16 - 2014-08-24 15:34 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-08-24 23:16 - 2014-08-24 15:34 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-08-24 23:16 - 2014-08-24 15:34 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-08-24 23:16 - 2014-08-24 15:34 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-08-24 23:16 - 2014-08-24 15:34 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-08-24 15:34 - 2014-08-24 15:34 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-08-24 15:34 - 2014-08-24 15:34 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-08-24 15:34 - 2014-08-24 15:34 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-08-24 15:34 - 2014-08-24 15:34 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-08-24 15:34 - 2014-08-24 15:34 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-08-24 15:34 - 2014-08-24 15:34 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-08-24 15:34 - 2014-08-24 15:34 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-08-24 15:34 - 2014-08-24 15:34 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-20 09:17 - 2014-08-20 09:17 - 00015698 ____C () C:\Users\Kam\Downloads\Playoff Schedule  2014(2).xlsx
2014-08-18 21:34 - 2014-06-25 12:11 - 00000902 ____C () C:\Users\Kam\AppData\Roaming\__AvidCloudManagerPrevious.log
2014-08-18 11:24 - 2014-08-18 11:24 - 00015672 ____C () C:\Users\Kam\Downloads\Playoff Schedule  2014(1).xlsx
2014-08-18 11:21 - 2014-08-18 11:20 - 00015672 ____C () C:\Users\Kam\Downloads\Playoff Schedule  2014.xlsx

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-06 00:50

==================== End Of Log ============================



BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:40 PM

Posted 16 September 2014 - 07:38 AM

Hi,

does this fix resolve it?


Please download this attached Attached File  fixlist.txt   151bytes   2 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


#3 kkuzyk

kkuzyk
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:09:40 AM

Posted 16 September 2014 - 12:00 PM

Seems to have fixed it, thanks!

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-09-2014
Ran by Kam at 2014-09-16 11:57:22 Run:2
Running from C:\Users\Kam\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-2898475139-1483009424-2480643546-1000\...\Run: [CMD] => cmd.exe /c start http://extendedunlimited.org && exit <===== ATTENTION
EmptyTemp:
*****************

HKU\S-1-5-21-2898475139-1483009424-2480643546-1000\Software\Microsoft\Windows\CurrentVersion\Run\\CMD => value deleted successfully.
EmptyTemp: => Removed 144.8 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====



#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:40 PM

Posted 16 September 2014 - 12:18 PM

Ok, you're welcome.

My help is free for everybody.
If you want to support me fighting against malware or buy me a beer for the assistance you received, then you can consider a donation: btn_donate_SM.gif.
Thank you!

#5 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:40 PM

Posted 19 September 2014 - 03:42 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users