Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Adware/popups in chrome


  • This topic is locked This topic is locked
10 replies to this topic

#1 strikewun

strikewun

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:04 PM

Posted 18 September 2014 - 10:01 AM

I am about at my wits end trying to rid a friends computer of pop-up/malware.

 

I've pulled all my tricks out of the book, multiple AVG scans, MalwareBytes, ADWCleaner, Rougekiller, TDSSKiller all in user mode and safe mode. Uninstalling and re-installing browsers. Nothing seems to get rid of whatever he has. He is running Windows 8.1 and I would greatly appreciate some assistance. 

 

Thank You 

 

FRST Scan Log:

 



Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-09-2014 (ATTENTION: ====> FRST version is 8 days old and could be outdated)
Ran by willk_000 (administrator) on WILLPC on 18-09-2014 08:43:49
Running from D:\
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnSrv.exe
() C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
() C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Joyent, Inc) C:\Program Files (x86)\Common Files\Diagnostics\node\node.exe
( ) C:\Windows\System32\lxeccoms.exe
() C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe
(Joyent, Inc) C:\Program Files (x86)\Common Files\Diagnostics\node\node.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnWMI.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Dropbox, Inc.) C:\Users\willk_000\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Joyent, Inc) C:\Program Files (x86)\Common Files\Diagnostics\node\node.exe
(Joyent, Inc) C:\Program Files (x86)\Common Files\Diagnostics\node\node.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13449288 2013-03-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1278024 2013-03-08] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [478984 2012-12-15] (Adobe Systems Incorporated)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-05-01] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-19] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
HKU\S-1-5-21-1475242226-3908716180-2918384607-1002\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [457728 2013-11-14] (Microsoft Corporation)
HKU\S-1-5-21-1475242226-3908716180-2918384607-1002\...\Run: [Google Update] => "C:\Users\willk_000\AppData\Local\Google\Update\GoogleUpdate.exe" /c
HKU\S-1-5-21-1475242226-3908716180-2918384607-1002\...\MountPoints2: {a2ccb83b-7000-11e3-be7a-bcee7b0f140c} - "E:\VZW_Software_upgrade_assistant.exe" 
Startup: C:\Users\willk_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\willk_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\willk_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: !AsusWSShellExt_B -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: !AsusWSShellExt_O -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: !AsusWSShellExt_U -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
BootExecute: autocheck autochk *  
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: 127.0.0.1:5050
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\willk_000\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\willk_000\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-06-26]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR DefaultSearchKeyword: Default -> D0C50E15C39AE02A4F6294640E4F2873F0C74B341D29974C4FBF49F62A0B1062
CHR DefaultSearchProvider: Default -> 7EFA46C7EEA360010C570089F74C7720998A0AA37A9F759DD53031BBBDAFB8BC
CHR DefaultSearchURL: Default -> 65FFD4D8E56CE3375D6F6EB09CB9CD2DB8755AD9F5C6371E0124DBB9C837C386
CHR Profile: C:\Users\willk_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\willk_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-17]
CHR Extension: (Google Docs) - C:\Users\willk_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-17]
CHR Extension: (Google Drive) - C:\Users\willk_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-17]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\willk_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-17]
CHR Extension: (YouTube) - C:\Users\willk_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-17]
CHR Extension: (Google Search) - C:\Users\willk_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-17]
CHR Extension: (Google Sheets) - C:\Users\willk_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-17]
CHR Extension: (Google Wallet) - C:\Users\willk_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-17]
CHR Extension: (Gmail) - C:\Users\willk_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-17]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [277120 2013-04-29] (ASUS)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] () [File not signed]
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 Diagnostics; C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe [57344 2014-09-05] () [File not signed]
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [167736 2013-01-24] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-21] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
R2 lxec_device; C:\WINDOWS\system32\lxeccoms.exe [1052328 2010-04-14] ( )
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
R2 Proxy; C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe [57344 2014-09-05] () [File not signed]
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-21] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-21] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-04-29] (ASUS Corporation)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [270104 2014-06-30] (AVG Technologies CZ, s.r.o.)
R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [17088 2013-12-23] (Glarysoft Ltd)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [146856 2013-06-04] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [21928 2013-06-04] (Windows ® Win 7 DDK provider)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )
U3 TrueSight; C:\Windows\SysWOW64\drivers\TrueSight.sys [33512 2014-09-17] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-18 08:24 - 2014-09-18 08:24 - 00001261 _____ () C:\Users\willk_000\Desktop\AdwCleaner[S2] 07-18-14.txt
2014-09-18 08:17 - 2014-09-18 08:23 - 00000062 _____ () C:\Users\willk_000\AppData\Roaming\sp_data.sys
2014-09-18 08:17 - 2014-09-18 08:22 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-17 15:53 - 2014-09-17 15:53 - 00010665 _____ () C:\Users\willk_000\Desktop\hijackthis.log
2014-09-17 14:06 - 2014-09-17 14:10 - 00015744 _____ () C:\Users\willk_000\Desktop\avgrep.txt
2014-09-17 13:59 - 2014-09-17 13:59 - 05579386 _____ (Swearware) C:\Users\willk_000\Downloads\ComboFix (1).exe
2014-09-17 13:52 - 2014-08-15 22:40 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-17 13:52 - 2014-08-15 22:04 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-17 13:52 - 2014-08-15 22:00 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-17 13:52 - 2014-08-15 22:00 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-17 13:52 - 2014-08-15 21:56 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-17 13:52 - 2014-08-15 21:54 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-17 13:52 - 2014-08-15 21:45 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-17 13:52 - 2014-08-15 21:43 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-17 13:52 - 2014-08-15 21:32 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-17 13:52 - 2014-08-15 21:25 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-17 13:52 - 2014-08-15 21:22 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-17 13:52 - 2014-08-15 21:20 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-17 13:52 - 2014-08-15 21:19 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-17 13:52 - 2014-08-15 21:18 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-17 13:52 - 2014-08-15 21:18 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-17 13:52 - 2014-08-15 21:11 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-17 13:52 - 2014-08-15 21:06 - 00359424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-17 13:52 - 2014-08-15 21:05 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-17 13:52 - 2014-08-15 21:05 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-17 13:52 - 2014-08-15 21:03 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-17 13:52 - 2014-08-15 21:03 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-17 13:52 - 2014-08-15 20:58 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-17 13:52 - 2014-08-15 20:56 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-17 13:52 - 2014-08-15 20:53 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-17 13:52 - 2014-08-15 20:53 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-17 13:52 - 2014-08-15 20:53 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-17 13:52 - 2014-08-15 20:51 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-17 13:52 - 2014-08-15 20:45 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-17 13:52 - 2014-08-15 20:44 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-17 13:52 - 2014-08-15 20:44 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-17 13:52 - 2014-08-15 20:34 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-17 13:52 - 2014-08-15 20:20 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-17 13:52 - 2014-08-15 20:18 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-17 13:52 - 2014-08-15 20:14 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-17 13:52 - 2014-08-15 20:12 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-17 13:52 - 2014-05-30 05:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-17 13:52 - 2014-05-30 04:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-17 13:52 - 2014-02-06 07:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-17 13:52 - 2014-02-06 07:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-17 13:52 - 2014-02-06 07:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-17 13:52 - 2014-02-06 07:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-17 13:52 - 2014-02-06 06:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-17 13:52 - 2014-02-06 06:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-17 13:52 - 2014-02-06 06:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-17 13:52 - 2014-02-06 06:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-17 13:52 - 2014-02-06 06:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-17 13:52 - 2014-02-06 06:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-17 13:52 - 2014-02-06 05:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-17 13:52 - 2014-02-06 05:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-17 13:52 - 2014-02-06 05:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-17 13:52 - 2014-02-06 05:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-17 12:00 - 2014-09-17 12:00 - 05579386 _____ (Swearware) C:\Users\willk_000\Downloads\ComboFix.exe
2014-09-17 11:56 - 2014-09-17 11:56 - 00003027 _____ () C:\Users\willk_000\Desktop\HiJackThis.lnk
2014-09-17 11:56 - 2014-09-17 11:56 - 00000000 ____D () C:\Users\willk_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-09-17 11:56 - 2014-09-17 11:56 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-09-17 11:45 - 2014-09-18 08:24 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-17 11:45 - 2014-09-17 11:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-17 10:38 - 2014-09-17 14:22 - 00033512 _____ () C:\Windows\SysWOW64\Drivers\TrueSight.sys
2014-09-17 10:38 - 2014-09-17 10:38 - 04859480 _____ () C:\Users\willk_000\Downloads\RogueKiller.exe
2014-09-17 10:38 - 2014-09-17 10:38 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-09-17 10:23 - 2014-09-17 10:24 - 11194928 _____ (SurfRight B.V.) C:\Users\willk_000\Downloads\HitmanPro_x64.exe
2014-09-17 10:21 - 2014-09-17 10:21 - 00000000 ____D () C:\Program Files\HitmanPro
2014-09-17 10:20 - 2014-09-17 10:31 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-09-17 10:16 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-17 10:13 - 2014-09-17 10:13 - 01373475 _____ () C:\Users\willk_000\Downloads\adwcleaner_3.310.exe
2014-09-17 09:49 - 2014-09-17 09:49 - 00000000 __SHD () C:\Users\willk_000\AppData\Local\EmieUserList
2014-09-17 09:49 - 2014-09-17 09:49 - 00000000 __SHD () C:\Users\willk_000\AppData\Local\EmieSiteList
2014-09-17 09:36 - 2014-09-18 08:43 - 00000000 ____D () C:\FRST
2014-09-17 09:28 - 2014-09-17 09:49 - 00000000 ____D () C:\Users\willk_000\Desktop\RK_Quarantine
2014-09-17 09:24 - 2014-09-17 09:24 - 00002908 _____ () C:\Users\willk_000\Desktop\AdwCleaner[S0].txt
2014-09-17 09:18 - 2014-09-18 08:22 - 00000000 ____D () C:\AdwCleaner
2014-09-17 09:10 - 2014-09-18 08:22 - 00012032 _____ () C:\Windows\PFRO.log
2014-09-17 08:41 - 2014-08-01 20:18 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2014-09-17 08:41 - 2014-07-23 23:20 - 00875688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2014-09-17 08:41 - 2014-07-23 23:20 - 00869544 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2014-09-17 08:26 - 2014-08-23 03:48 - 02374784 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2014-09-17 08:26 - 2014-08-23 03:13 - 02084520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2014-09-17 08:26 - 2014-08-23 02:10 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-09-17 08:26 - 2014-08-23 01:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-09-17 08:26 - 2014-08-23 00:44 - 02860032 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-09-17 08:26 - 2014-08-23 00:34 - 13423104 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-09-17 08:26 - 2014-08-23 00:33 - 00796672 _____ (Microsoft Corporation) C:\Windows\system32\uDWM.dll
2014-09-17 08:26 - 2014-08-23 00:31 - 01038336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-09-17 08:26 - 2014-08-23 00:20 - 11818496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-09-17 08:26 - 2014-07-29 21:56 - 00299520 _____ (Microsoft Corporation) C:\Windows\system32\WSDMon.dll
2014-09-17 08:26 - 2014-07-29 01:22 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\tcpmon.dll
2014-09-17 08:26 - 2014-07-24 11:20 - 21266336 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-09-17 08:26 - 2014-07-24 11:16 - 02574208 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2014-09-17 08:26 - 2014-07-24 11:07 - 07424320 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-09-17 08:26 - 2014-07-24 11:07 - 02009920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-09-17 08:26 - 2014-07-24 11:03 - 02141920 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2014-09-17 08:26 - 2014-07-24 11:03 - 00882136 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-09-17 08:26 - 2014-07-24 11:03 - 00818624 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2014-09-17 08:26 - 2014-07-24 10:57 - 02515264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-09-17 08:26 - 2014-07-24 09:48 - 02410976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2014-09-17 08:26 - 2014-07-24 09:46 - 18760328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-09-17 08:26 - 2014-07-24 09:36 - 02145472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2014-09-17 08:26 - 2014-07-24 09:36 - 00707536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-09-17 08:26 - 2014-07-24 09:36 - 00674512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2014-09-17 08:26 - 2014-07-24 07:44 - 00674816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-09-17 08:26 - 2014-07-24 07:43 - 00412160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2014-09-17 08:26 - 2014-07-24 06:20 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2014-09-17 08:26 - 2014-07-24 05:44 - 16874496 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2014-09-17 08:26 - 2014-07-24 05:16 - 12730880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2014-09-17 08:26 - 2014-07-24 04:53 - 01261056 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2014-09-17 08:26 - 2014-07-24 04:32 - 01532416 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2014-09-17 08:26 - 2014-07-24 04:27 - 00907776 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2014-09-17 08:26 - 2014-07-24 04:21 - 01231872 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2014-09-17 08:26 - 2014-07-24 04:10 - 01029632 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-09-17 08:26 - 2014-07-24 04:10 - 00889344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2014-09-17 08:26 - 2014-07-24 04:02 - 03465216 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-09-17 08:26 - 2014-07-24 04:01 - 05833216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Search.dll
2014-09-17 08:26 - 2014-07-24 03:50 - 01182208 _____ (Microsoft Corporation) C:\Windows\system32\printui.dll
2014-09-17 08:26 - 2014-07-24 03:46 - 08652800 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Search.dll
2014-09-17 08:26 - 2014-07-24 03:43 - 02696704 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2014-09-17 08:26 - 2014-07-24 03:39 - 02642944 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-09-17 08:26 - 2014-07-24 03:38 - 06649344 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-09-17 08:26 - 2014-07-24 03:38 - 05777408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-09-17 08:26 - 2014-07-24 03:30 - 02318336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-09-17 08:26 - 2014-07-24 03:28 - 01600000 _____ (Microsoft Corporation) C:\Windows\system32\workfolderssvc.dll
2014-09-17 08:26 - 2014-06-14 02:03 - 02389504 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-17 08:26 - 2014-06-14 01:46 - 02071552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-17 08:25 - 2014-07-24 11:28 - 00468288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2014-09-17 08:25 - 2014-07-24 11:28 - 00419648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-09-17 08:25 - 2014-07-24 11:28 - 00412992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2014-09-17 08:25 - 2014-07-24 11:28 - 00280384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2014-09-17 08:25 - 2014-07-24 11:28 - 00143680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-09-17 08:25 - 2014-07-24 11:25 - 00054752 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-09-17 08:25 - 2014-07-24 11:23 - 01519488 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2014-09-17 08:25 - 2014-07-24 11:23 - 00125472 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2014-09-17 08:25 - 2014-07-24 11:20 - 00645592 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-09-17 08:25 - 2014-07-24 11:20 - 00263400 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlows.exe
2014-09-17 08:25 - 2014-07-24 11:16 - 00211216 _____ (Microsoft Corporation) C:\Windows\system32\SndVol.exe
2014-09-17 08:25 - 2014-07-24 11:05 - 01660048 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-09-17 08:25 - 2014-07-24 11:05 - 01519560 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-09-17 08:25 - 2014-07-24 11:05 - 01488008 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-09-17 08:25 - 2014-07-24 11:05 - 01356840 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-09-17 08:25 - 2014-07-24 11:03 - 00360480 _____ (Microsoft Corporation) C:\Windows\system32\mfreadwrite.dll
2014-09-17 08:25 - 2014-07-24 11:03 - 00233888 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-09-17 08:25 - 2014-07-24 11:03 - 00205512 _____ (Microsoft Corporation) C:\Windows\system32\mftranscode.dll
2014-09-17 08:25 - 2014-07-24 10:57 - 00475968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-09-17 08:25 - 2014-07-24 09:50 - 00098048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2014-09-17 08:25 - 2014-07-24 09:48 - 00180208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SndVol.exe
2014-09-17 08:25 - 2014-07-24 09:46 - 00477200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-09-17 08:25 - 2014-07-24 09:36 - 00355800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2014-09-17 08:25 - 2014-07-24 09:36 - 00180720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mftranscode.dll
2014-09-17 08:25 - 2014-07-24 07:51 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\KBDRUM.DLL
2014-09-17 08:25 - 2014-07-24 07:51 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-09-17 08:25 - 2014-07-24 07:51 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTT102.DLL
2014-09-17 08:25 - 2014-07-24 07:51 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-09-17 08:25 - 2014-07-24 07:51 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-09-17 08:25 - 2014-07-24 07:51 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-09-17 08:25 - 2014-07-24 07:51 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-09-17 08:25 - 2014-07-24 07:47 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-09-17 08:25 - 2014-07-24 07:46 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys
2014-09-17 08:25 - 2014-07-24 07:45 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2014-09-17 08:25 - 2014-07-24 07:42 - 00446976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys
2014-09-17 08:25 - 2014-07-24 07:42 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NdisImPlatform.sys
2014-09-17 08:25 - 2014-07-24 07:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bridge.sys
2014-09-17 08:25 - 2014-07-24 07:33 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-09-17 08:25 - 2014-07-24 07:33 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-09-17 08:25 - 2014-07-24 07:22 - 00308736 _____ (Microsoft Corporation) C:\Windows\system32\compstui.dll
2014-09-17 08:25 - 2014-07-24 07:06 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\iasnap.dll
2014-09-17 08:25 - 2014-07-24 07:05 - 00287232 _____ (Microsoft Corporation) C:\Windows\system32\usbmon.dll
2014-09-17 08:25 - 2014-07-24 07:05 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-09-17 08:25 - 2014-07-24 06:52 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-09-17 08:25 - 2014-07-24 06:52 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTT102.DLL
2014-09-17 08:25 - 2014-07-24 06:52 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-09-17 08:25 - 2014-07-24 06:51 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRUM.DLL
2014-09-17 08:25 - 2014-07-24 06:51 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-09-17 08:25 - 2014-07-24 06:51 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-09-17 08:25 - 2014-07-24 06:51 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-09-17 08:25 - 2014-07-24 06:49 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\WorkFoldersGPExt.dll
2014-09-17 08:25 - 2014-07-24 06:33 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-09-17 08:25 - 2014-07-24 06:32 - 00207360 _____ (Microsoft Corporation) C:\Windows\system32\powercfg.cpl
2014-09-17 08:25 - 2014-07-24 06:18 - 01089024 _____ (Microsoft Corporation) C:\Windows\system32\gpedit.dll
2014-09-17 08:25 - 2014-07-24 06:12 - 00878592 _____ (Microsoft Corporation) C:\Windows\system32\ActionCenter.dll
2014-09-17 08:25 - 2014-07-24 06:10 - 01844224 _____ (Microsoft Corporation) C:\Windows\system32\Display.dll
2014-09-17 08:25 - 2014-07-24 06:10 - 00834560 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-09-17 08:25 - 2014-07-24 06:10 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2014-09-17 08:25 - 2014-07-24 06:10 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iasnap.dll
2014-09-17 08:25 - 2014-07-24 06:09 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-09-17 08:25 - 2014-07-24 06:06 - 00438272 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2014-09-17 08:25 - 2014-07-24 06:05 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\WorkFoldersShell.dll
2014-09-17 08:25 - 2014-07-24 05:53 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\prnntfy.dll
2014-09-17 08:25 - 2014-07-24 05:52 - 00621056 _____ (Microsoft Corporation) C:\Windows\system32\comdlg32.dll
2014-09-17 08:25 - 2014-07-24 05:42 - 00206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\powercfg.cpl
2014-09-17 08:25 - 2014-07-24 05:40 - 00557056 _____ (Microsoft Corporation) C:\Windows\system32\PrintDialogs.dll
2014-09-17 08:25 - 2014-07-24 05:39 - 00770048 _____ (Microsoft Corporation) C:\Windows\system32\WorkfoldersControl.dll
2014-09-17 08:25 - 2014-07-24 05:33 - 01741824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll
2014-09-17 08:25 - 2014-07-24 05:32 - 01048064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpedit.dll
2014-09-17 08:25 - 2014-07-24 05:27 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-09-17 08:25 - 2014-07-24 05:27 - 00779264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-09-17 08:25 - 2014-07-24 05:25 - 00832512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ActionCenter.dll
2014-09-17 08:25 - 2014-07-24 05:24 - 01817088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Display.dll
2014-09-17 08:25 - 2014-07-24 05:23 - 00328704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2014-09-17 08:25 - 2014-07-24 05:21 - 00134144 _____ (Microsoft Corporation) C:\Windows\system32\browser.dll
2014-09-17 08:25 - 2014-07-24 05:18 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\wlansvcpal.dll
2014-09-17 08:25 - 2014-07-24 05:14 - 00443904 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll
2014-09-17 08:25 - 2014-07-24 05:13 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prnntfy.dll
2014-09-17 08:25 - 2014-07-24 05:12 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\WiFiDisplay.dll
2014-09-17 08:25 - 2014-07-24 05:11 - 00356864 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2014-09-17 08:25 - 2014-07-24 05:11 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\wshbth.dll
2014-09-17 08:25 - 2014-07-24 05:10 - 00540672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.dll
2014-09-17 08:25 - 2014-07-24 05:09 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\httpprxm.dll
2014-09-17 08:25 - 2014-07-24 05:04 - 00492032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintDialogs.dll
2014-09-17 08:25 - 2014-07-24 05:04 - 00183808 _____ (Microsoft Corp.) C:\Windows\system32\Defrag.exe
2014-09-17 08:25 - 2014-07-24 05:03 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2014-09-17 08:25 - 2014-07-24 05:02 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2014-09-17 08:25 - 2014-07-24 04:58 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\BluetoothApis.dll
2014-09-17 08:25 - 2014-07-24 04:53 - 00449536 _____ (Microsoft Corporation) C:\Windows\system32\defragsvc.dll
2014-09-17 08:25 - 2014-07-24 04:49 - 01361408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2014-09-17 08:25 - 2014-07-24 04:49 - 01287680 _____ (Microsoft Corporation) C:\Windows\system32\mispace.dll
2014-09-17 08:25 - 2014-07-24 04:49 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\wlanapi.dll
2014-09-17 08:25 - 2014-07-24 04:49 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\adhsvc.dll
2014-09-17 08:25 - 2014-07-24 04:48 - 00659968 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Bluetooth.dll
2014-09-17 08:25 - 2014-07-24 04:47 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\wcmcsp.dll
2014-09-17 08:25 - 2014-07-24 04:43 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshbth.dll
2014-09-17 08:25 - 2014-07-24 04:39 - 02397184 _____ (Microsoft Corporation) C:\Windows\system32\storagewmi.dll
2014-09-17 08:25 - 2014-07-24 04:38 - 00371200 _____ (Microsoft Corporation) C:\Windows\system32\wlanmsm.dll
2014-09-17 08:25 - 2014-07-24 04:36 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BluetoothApis.dll
2014-09-17 08:25 - 2014-07-24 04:30 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanapi.dll
2014-09-17 08:25 - 2014-07-24 04:29 - 00439296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Bluetooth.dll
2014-09-17 08:25 - 2014-07-24 04:28 - 00595456 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.dll
2014-09-17 08:25 - 2014-07-24 04:24 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-17 08:25 - 2014-07-24 04:23 - 01404416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\storagewmi.dll
2014-09-17 08:25 - 2014-07-24 04:22 - 00487936 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2014-09-17 08:25 - 2014-07-24 04:21 - 00302080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanmsm.dll
2014-09-17 08:25 - 2014-07-24 04:20 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\puiapi.dll
2014-09-17 08:25 - 2014-07-24 04:19 - 00388608 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-09-17 08:25 - 2014-07-24 04:18 - 01144320 _____ (Microsoft Corporation) C:\Windows\system32\wwanmm.dll
2014-09-17 08:25 - 2014-07-24 04:18 - 00795136 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2014-09-17 08:25 - 2014-07-24 04:18 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-09-17 08:25 - 2014-07-24 04:16 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\VAN.dll
2014-09-17 08:25 - 2014-07-24 04:16 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\wpdbusenum.dll
2014-09-17 08:25 - 2014-07-24 04:15 - 00828416 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-09-17 08:25 - 2014-07-24 04:15 - 00721408 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.dll
2014-09-17 08:25 - 2014-07-24 04:15 - 00432128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.dll
2014-09-17 08:25 - 2014-07-24 04:13 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\SndVolSSO.dll
2014-09-17 08:25 - 2014-07-24 04:12 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-17 08:25 - 2014-07-24 04:10 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-09-17 08:25 - 2014-07-24 04:10 - 00371712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2014-09-17 08:25 - 2014-07-24 04:08 - 00321536 _____ (Microsoft Corporation) C:\Windows\system32\stobject.dll
2014-09-17 08:25 - 2014-07-24 04:08 - 00162816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiapi.dll
2014-09-17 08:25 - 2014-07-24 04:07 - 01705472 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-09-17 08:25 - 2014-07-24 04:06 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-09-17 08:25 - 2014-07-24 04:05 - 00448000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VAN.dll
2014-09-17 08:25 - 2014-07-24 04:04 - 00667136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-09-17 08:25 - 2014-07-24 04:01 - 01992192 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2014-09-17 08:25 - 2014-07-24 04:01 - 01126912 _____ (Microsoft Corporation) C:\Windows\system32\SearchFolder.dll
2014-09-17 08:25 - 2014-07-24 04:00 - 02100736 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlowUI.dll
2014-09-17 08:25 - 2014-07-24 03:58 - 00432640 _____ (Microsoft Corporation) C:\Windows\system32\wwanconn.dll
2014-09-17 08:25 - 2014-07-24 03:58 - 00288768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\stobject.dll
2014-09-17 08:25 - 2014-07-24 03:54 - 01290752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2014-09-17 08:25 - 2014-07-24 03:50 - 00923136 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-09-17 08:25 - 2014-07-24 03:49 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\DafPrintProvider.dll
2014-09-17 08:25 - 2014-07-24 03:47 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2014-09-17 08:25 - 2014-07-24 03:44 - 01057792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\printui.dll
2014-09-17 08:25 - 2014-07-24 03:43 - 00756224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-09-17 08:25 - 2014-07-24 03:43 - 00200192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DafPrintProvider.dll
2014-09-17 08:25 - 2014-07-24 03:41 - 00459264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2014-09-17 08:25 - 2014-07-24 03:33 - 03360768 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-09-17 08:25 - 2014-07-24 00:11 - 00513544 _____ () C:\Windows\SysWOW64\locale.nls
2014-09-17 08:25 - 2014-07-24 00:11 - 00513544 _____ () C:\Windows\system32\locale.nls
2014-09-17 08:25 - 2014-07-12 01:55 - 00268288 _____ (Microsoft Corporation) C:\Windows\system32\wisp.dll
2014-09-17 08:25 - 2014-07-12 01:23 - 00436224 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2014-09-17 08:25 - 2014-07-12 00:58 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wisp.dll
2014-09-17 08:25 - 2014-07-12 00:33 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2014-09-17 08:25 - 2014-07-12 00:13 - 01417216 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-17 08:25 - 2014-07-09 19:19 - 00387391 _____ () C:\Windows\system32\ApnDatabase.xml
2014-09-17 08:25 - 2014-07-04 08:59 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys
2014-09-17 08:25 - 2014-07-04 06:29 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\AppxSip.dll
2014-09-17 08:25 - 2014-07-04 06:20 - 01656832 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2014-09-17 08:25 - 2014-07-04 06:06 - 00095232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxSip.dll
2014-09-17 08:25 - 2014-07-04 06:00 - 01351168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2014-09-17 08:25 - 2014-07-04 05:30 - 00544768 _____ (Microsoft Corporation) C:\Windows\system32\AppxPackaging.dll
2014-09-17 08:25 - 2014-07-04 05:27 - 00474112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxPackaging.dll
2014-09-17 08:25 - 2014-06-27 02:22 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2014-09-17 08:25 - 2014-06-25 20:32 - 01029632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mispace.dll
2014-09-17 08:25 - 2014-06-25 20:29 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\dab.dll
2014-09-17 08:25 - 2014-06-19 19:37 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-09-17 08:25 - 2014-06-18 22:13 - 00310080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2014-09-17 08:25 - 2014-06-07 08:46 - 00216368 _____ (Microsoft Corporation) C:\Windows\system32\rsaenh.dll
2014-09-17 08:25 - 2014-06-07 06:20 - 00189016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll
2014-09-17 08:25 - 2014-06-05 10:00 - 01118040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2014-09-17 08:25 - 2014-06-05 06:18 - 01018368 _____ (Microsoft Corporation) C:\Windows\system32\aclui.dll
2014-09-17 08:25 - 2014-06-05 05:42 - 00889856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aclui.dll
2014-09-17 08:25 - 2014-05-31 01:00 - 01463808 _____ (Microsoft Corporation) C:\Windows\system32\wsecedit.dll
2014-09-17 08:25 - 2014-05-31 00:18 - 01319936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsecedit.dll
2014-09-17 08:25 - 2014-05-29 02:23 - 00427008 _____ (Microsoft Corporation) C:\Windows\system32\clusapi.dll
2014-09-17 08:25 - 2014-05-29 01:25 - 00313856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clusapi.dll
2014-09-17 08:25 - 2014-05-29 01:20 - 00427520 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-09-17 08:25 - 2014-05-29 00:36 - 00344576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-09-17 08:25 - 2014-05-26 03:26 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\AppxSysprep.dll
2014-09-17 08:25 - 2014-05-10 06:12 - 00387896 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2014-09-17 08:25 - 2014-05-10 04:46 - 00335680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2014-09-17 08:25 - 2014-05-06 00:41 - 00486744 _____ (Microsoft Corporation) C:\Windows\system32\netcfgx.dll
2014-09-17 08:25 - 2014-05-05 20:55 - 00391000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcfgx.dll
2014-09-17 08:25 - 2014-03-24 22:27 - 00160600 _____ (Microsoft Corporation) C:\Windows\system32\winmmbase.dll
2014-09-17 08:25 - 2014-03-24 22:27 - 00123920 _____ (Microsoft Corporation) C:\Windows\system32\winmm.dll
2014-09-17 08:25 - 2014-03-24 21:20 - 00128568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmm.dll
2014-09-17 08:25 - 2014-03-24 21:20 - 00127544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmmbase.dll
2014-09-17 08:14 - 2014-08-14 20:36 - 00146752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msgpioclx.sys
2014-09-17 08:11 - 2014-09-17 13:40 - 00001783 _____ () C:\Windows\setupact.log
2014-09-17 08:11 - 2014-09-17 08:11 - 00025287 _____ () C:\Users\willk_000\Desktop\bookmarks_9_17_14.html
2014-09-17 08:11 - 2014-09-17 08:11 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-16 21:46 - 2014-09-18 08:22 - 01240371 _____ () C:\Windows\WindowsUpdate.log
2014-09-08 18:38 - 2014-09-17 15:05 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-08 18:38 - 2014-09-08 18:38 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-08 18:38 - 2014-09-08 18:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-08 18:37 - 2014-09-08 18:38 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-08 18:37 - 2014-09-08 18:37 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-08 18:37 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-08 18:37 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-08 18:37 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-08 18:36 - 2014-09-08 18:37 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\willk_000\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-08 17:38 - 2014-09-08 17:38 - 00003108 _____ () C:\Windows\System32\Tasks\{B5E60085-85E1-432C-856C-4B714B66DED2}
2014-09-08 17:11 - 2014-09-08 18:30 - 00000000 ____D () C:\Users\willk_000\AppData\Roaming\uTorrent
2014-09-08 16:50 - 2014-09-11 20:38 - 00001024 _____ () C:\.rnd
2014-09-08 16:48 - 2014-09-16 21:43 - 00000000 ____D () C:\Users\willk_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Common dictionary
2014-08-29 23:50 - 2014-08-22 20:42 - 04148224 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-18 08:43 - 2014-09-17 09:36 - 00000000 ____D () C:\FRST
2014-09-18 08:28 - 2013-12-28 14:15 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1475242226-3908716180-2918384607-1002
2014-09-18 08:27 - 2013-11-14 03:28 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-18 08:24 - 2014-09-18 08:24 - 00001261 _____ () C:\Users\willk_000\Desktop\AdwCleaner[S2] 07-18-14.txt
2014-09-18 08:24 - 2014-09-17 11:45 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-18 08:24 - 2014-09-16 21:46 - 01240371 _____ () C:\Windows\WindowsUpdate.log
2014-09-18 08:24 - 2013-12-29 02:58 - 00000350 _____ () C:\Windows\Tasks\GlaryInitialize 4.job
2014-09-18 08:23 - 2014-09-18 08:17 - 00000062 _____ () C:\Users\willk_000\AppData\Roaming\sp_data.sys
2014-09-18 08:23 - 2013-12-29 13:45 - 00000000 __RDO () C:\Users\willk_000\SkyDrive
2014-09-18 08:23 - 2013-12-28 14:37 - 00000000 ___RD () C:\Users\willk_000\Dropbox
2014-09-18 08:23 - 2013-12-28 14:34 - 00000000 ____D () C:\Users\willk_000\AppData\Roaming\Dropbox
2014-09-18 08:23 - 2013-12-27 20:18 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-18 08:22 - 2014-09-18 08:17 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-18 08:22 - 2014-09-17 09:18 - 00000000 ____D () C:\AdwCleaner
2014-09-18 08:22 - 2014-09-17 09:10 - 00012032 _____ () C:\Windows\PFRO.log
2014-09-18 08:22 - 2013-08-22 09:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-09-18 08:19 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-09-18 08:16 - 2013-12-28 20:27 - 00000000 ____D () C:\Users\willk_000
2014-09-18 08:07 - 2014-06-06 08:39 - 00000000 ____D () C:\ProgramData\MFAData
2014-09-18 08:07 - 2013-12-30 09:31 - 00000000 ____D () C:\Users\willk_000\AppData\Local\Adobe
2014-09-18 08:06 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\sru
2014-09-17 15:53 - 2014-09-17 15:53 - 00010665 _____ () C:\Users\willk_000\Desktop\hijackthis.log
2014-09-17 15:52 - 2013-12-27 20:18 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-17 15:52 - 2012-07-26 03:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-09-17 15:51 - 2014-03-29 14:36 - 00000938 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1475242226-3908716180-2918384607-1002UA.job
2014-09-17 15:05 - 2014-09-08 18:38 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-17 14:22 - 2014-09-17 10:38 - 00033512 _____ () C:\Windows\SysWOW64\Drivers\TrueSight.sys
2014-09-17 14:10 - 2014-09-17 14:06 - 00015744 _____ () C:\Users\willk_000\Desktop\avgrep.txt
2014-09-17 13:59 - 2014-09-17 13:59 - 05579386 _____ (Swearware) C:\Users\willk_000\Downloads\ComboFix (1).exe
2014-09-17 13:53 - 2013-12-29 03:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-09-17 13:53 - 2013-12-29 03:28 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-17 13:52 - 2013-12-28 16:23 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-17 13:50 - 2013-12-28 16:23 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-17 13:40 - 2014-09-17 08:11 - 00001783 _____ () C:\Windows\setupact.log
2014-09-17 12:00 - 2014-09-17 12:00 - 05579386 _____ (Swearware) C:\Users\willk_000\Downloads\ComboFix.exe
2014-09-17 12:00 - 2013-11-15 01:48 - 00003474 _____ () C:\Windows\System32\Tasks\ASUS Live Update1
2014-09-17 12:00 - 2013-11-15 01:48 - 00003464 _____ () C:\Windows\System32\Tasks\ASUS Live Update2
2014-09-17 11:56 - 2014-09-17 11:56 - 00003027 _____ () C:\Users\willk_000\Desktop\HiJackThis.lnk
2014-09-17 11:56 - 2014-09-17 11:56 - 00000000 ____D () C:\Users\willk_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-09-17 11:56 - 2014-09-17 11:56 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-09-17 11:56 - 2013-12-28 14:08 - 00000000 ____D () C:\Users\willk_000\AppData\Local\VirtualStore
2014-09-17 11:45 - 2014-09-17 11:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-17 11:45 - 2013-12-28 14:11 - 00000000 ____D () C:\Users\willk_000\AppData\Local\Google
2014-09-17 11:45 - 2013-12-27 20:18 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-17 11:41 - 2013-12-27 20:17 - 00000000 ____D () C:\Users\wdkrokey\AppData\Local\Google
2014-09-17 11:21 - 2014-07-09 16:32 - 00000000 ____D () C:\Windows\USB Vibration
2014-09-17 11:21 - 2013-11-15 01:32 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-09-17 10:38 - 2014-09-17 10:38 - 04859480 _____ () C:\Users\willk_000\Downloads\RogueKiller.exe
2014-09-17 10:38 - 2014-09-17 10:38 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-09-17 10:31 - 2014-09-17 10:20 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-09-17 10:24 - 2014-09-17 10:23 - 11194928 _____ (SurfRight B.V.) C:\Users\willk_000\Downloads\HitmanPro_x64.exe
2014-09-17 10:21 - 2014-09-17 10:21 - 00000000 ____D () C:\Program Files\HitmanPro
2014-09-17 10:13 - 2014-09-17 10:13 - 01373475 _____ () C:\Users\willk_000\Downloads\adwcleaner_3.310.exe
2014-09-17 09:50 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-17 09:49 - 2014-09-17 09:49 - 00000000 __SHD () C:\Users\willk_000\AppData\Local\EmieUserList
2014-09-17 09:49 - 2014-09-17 09:49 - 00000000 __SHD () C:\Users\willk_000\AppData\Local\EmieSiteList
2014-09-17 09:49 - 2014-09-17 09:28 - 00000000 ____D () C:\Users\willk_000\Desktop\RK_Quarantine
2014-09-17 09:24 - 2014-09-17 09:24 - 00002908 _____ () C:\Users\willk_000\Desktop\AdwCleaner[S0].txt
2014-09-17 09:23 - 2013-08-22 10:44 - 05102576 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-17 09:21 - 2013-12-28 20:27 - 00000000 ____D () C:\Users\wdkrokey
2014-09-17 09:10 - 2013-11-14 03:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-09-17 09:10 - 2013-08-22 11:36 - 00000000 ___RD () C:\Windows\ToastData
2014-09-17 09:10 - 2013-08-22 11:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2014-09-17 09:10 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-09-17 09:10 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-09-17 09:10 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\WinStore
2014-09-17 09:10 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\SysWOW64\setup
2014-09-17 09:10 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\SysWOW64\InputMethod
2014-09-17 09:10 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\setup
2014-09-17 09:10 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\system32\oobe
2014-09-17 09:10 - 2012-08-01 21:36 - 00000000 ____D () C:\Windows\ASUS
2014-09-17 08:51 - 2014-03-29 14:36 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1475242226-3908716180-2918384607-1002Core.job
2014-09-17 08:11 - 2014-09-17 08:11 - 00025287 _____ () C:\Users\willk_000\Desktop\bookmarks_9_17_14.html
2014-09-17 08:11 - 2014-09-17 08:11 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-16 21:43 - 2014-09-08 16:48 - 00000000 ____D () C:\Users\willk_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Common dictionary
2014-09-16 21:42 - 2013-12-29 02:58 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 4
2014-09-16 21:32 - 2013-12-29 20:34 - 00001120 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-09-16 21:10 - 2013-08-22 09:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-09-11 20:43 - 2014-07-31 16:48 - 00000983 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-09-11 20:43 - 2014-06-06 08:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-09-11 20:38 - 2014-09-08 16:50 - 00001024 _____ () C:\.rnd
2014-09-08 19:13 - 2013-12-29 02:54 - 00000000 ____D () C:\Users\wdkrokey\AppData\Local\CRE
2014-09-08 18:38 - 2014-09-08 18:38 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-08 18:38 - 2014-09-08 18:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-08 18:38 - 2014-09-08 18:37 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-08 18:37 - 2014-09-08 18:37 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-08 18:37 - 2014-09-08 18:36 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\willk_000\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-08 18:30 - 2014-09-08 17:11 - 00000000 ____D () C:\Users\willk_000\AppData\Roaming\uTorrent
2014-09-08 17:38 - 2014-09-08 17:38 - 00003108 _____ () C:\Windows\System32\Tasks\{B5E60085-85E1-432C-856C-4B714B66DED2}
2014-09-02 16:06 - 2014-06-06 09:10 - 00706016 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-02 16:06 - 2014-06-06 09:10 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-30 00:26 - 2014-07-16 08:58 - 00000000 ____D () C:\Users\willk_000\Desktop\Other
2014-08-30 00:01 - 2014-07-14 18:00 - 00000000 ____D () C:\Users\willk_000\AppData\Local\Black_Tree_Gaming
2014-08-29 23:52 - 2013-12-28 14:08 - 00000000 ____D () C:\Users\willk_000\AppData\Local\Packages
2014-08-25 11:00 - 2014-02-04 18:02 - 00000000 ____D () C:\Users\TEMP
2014-08-23 03:48 - 2014-09-17 08:26 - 02374784 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2014-08-23 03:13 - 2014-09-17 08:26 - 02084520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2014-08-23 02:10 - 2014-09-17 08:26 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-08-23 01:32 - 2014-09-17 08:26 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-08-23 00:44 - 2014-09-17 08:26 - 02860032 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-08-23 00:34 - 2014-09-17 08:26 - 13423104 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-08-23 00:33 - 2014-09-17 08:26 - 00796672 _____ (Microsoft Corporation) C:\Windows\system32\uDWM.dll
2014-08-23 00:31 - 2014-09-17 08:26 - 01038336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-08-23 00:20 - 2014-09-17 08:26 - 11818496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-08-22 20:42 - 2014-08-29 23:50 - 04148224 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-19 03:53 - 2014-07-06 00:08 - 00002060 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2014-08-19 03:53 - 2014-07-06 00:08 - 00002058 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2014-08-19 03:53 - 2014-07-06 00:08 - 00002048 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2014-08-19 03:53 - 2014-07-06 00:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
 
Some content of TEMP:
====================
C:\Users\willk_000\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp9rdnlf.dll
C:\Users\willk_000\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-05 23:45
 
==================== End Of Log ============================

 

 

HiJackThis Log:

 



Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:42:49 AM, on 9/18/2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17278)
Boot mode: Normal
 
Running processes:
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
C:\Users\willk_000\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
C:\Program Files (x86)\AVG\AVG2014\avgui.exe
C:\Windows\SysWOW64\ctfmon.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe
 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 127.0.0.1:5050
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
O4 - HKLM\..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe /S
O4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2014\avgui.exe" /TRAYONLY
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\willk_000\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect" (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\RunOnce: [SpUninstallDeleteDir] rmdir /s /q "\SearchProtect" (User 'Default user')
O4 - Startup: Dropbox.lnk = C:\Users\willk_000\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Logitech . Product Registration.lnk = C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MICROS~1\Office15\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files (x86)\Microsoft Office\Office15\MSOSB.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - ASUSTek Computer Inc. - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ASUS InstantOn Service (ASUS InstantOn) - ASUS - C:\Program Files\ASUS\P4G\InsOnSrv.exe
O23 - Service: Asus WebStorage Windows Service - Unknown owner - C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: AVGIDSAgent - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Diagnostics - Unknown owner - C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel® Capability Licensing Service TCP IP Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: lxec_device - Unknown owner - C:\WINDOWS\system32\lxeccoms.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Proxy - Unknown owner - C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 9 (TeamViewer9) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
 
--
End of file - 10709 bytes

 

 

 

 



BC AdBot (Login to Remove)

 


#2 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:04 PM

Posted 18 September 2014 - 10:17 AM

Hi there,

please do the following:


Step 1

Please download this attached Attached File  fixlist.txt   460bytes   4 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


Step 2

Start FRST with administator privileges.
  • Make sure the option Addition.txt (under Optional Scan) is checked.
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.


#3 strikewun

strikewun
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:04 PM

Posted 18 September 2014 - 10:46 AM

Thank you for the fast response :)

 

Here is the FixLog 

 



Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-09-2014
Ran by willk_000 at 2014-09-18 11:32:24 Run:5
Running from D:\
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CloseProcesss:
R2 Diagnostics; C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe [57344 2014-09-05] () [File not signed]
R2 Proxy; C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe [57344 2014-09-05] () [File not signed]
C:\Program Files (x86)\Common Files\Diagnostics\node\node.exe
C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: 127.0.0.1:5050
*****************
 
CloseProcesss: => Error: No automatic fix found for this entry.
Diagnostics => Unable to stop service
Diagnostics => Service deleted successfully.
Proxy => Unable to stop service
Proxy => Service deleted successfully.
C:\Program Files (x86)\Common Files\Diagnostics\node\node.exe => Moved successfully.
C:\Program Files (x86)\Common Files\Diagnostics\node\service.exe => Moved successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====

 

 

 

The new FRST Scan


 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-09-2014 (ATTENTION: ====> FRST version is 8 days old and could be outdated)
Ran by willk_000 (administrator) on WILLPC on 18-09-2014 11:36:25
Running from D:\
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnSrv.exe
() C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
( ) C:\Windows\System32\lxeccoms.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17200_none_fa7026dd9b04586e\TiWorker.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files\ASUS\P4G\InsOnWMI.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\livecomm.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\tv_x64.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x64\QuickGesture64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\QuickGesture\x86\QuickGesture.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Dropbox, Inc.) C:\Users\willk_000\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\APRP\aprp.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13449288 2013-03-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1278024 2013-03-08] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [478984 2012-12-15] (Adobe Systems Incorporated)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [932288 2010-11-16] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2013-05-01] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-19] (ASUS Cloud Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-13] (CyberLink Corp.)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
HKU\.DEFAULT\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
HKU\S-1-5-21-1475242226-3908716180-2918384607-1002\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [457728 2013-11-14] (Microsoft Corporation)
HKU\S-1-5-21-1475242226-3908716180-2918384607-1002\...\Run: [Google Update] => "C:\Users\willk_000\AppData\Local\Google\Update\GoogleUpdate.exe" /c
HKU\S-1-5-21-1475242226-3908716180-2918384607-1002\...\MountPoints2: {a2ccb83b-7000-11e3-be7a-bcee7b0f140c} - "E:\VZW_Software_upgrade_assistant.exe" 
Startup: C:\Users\willk_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\willk_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\willk_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
ShellIconOverlayIdentifiers:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: !AsusWSShellExt_B -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: !AsusWSShellExt_O -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: !AsusWSShellExt_U -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers-x32:  SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32:  SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
BootExecute: autocheck autochk *  
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\willk_000\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\willk_000\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-06-26]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR DefaultSearchKeyword: Default -> D0C50E15C39AE02A4F6294640E4F2873F0C74B341D29974C4FBF49F62A0B1062
CHR DefaultSearchProvider: Default -> 7EFA46C7EEA360010C570089F74C7720998A0AA37A9F759DD53031BBBDAFB8BC
CHR DefaultSearchURL: Default -> 65FFD4D8E56CE3375D6F6EB09CB9CD2DB8755AD9F5C6371E0124DBB9C837C386
CHR Profile: C:\Users\willk_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\willk_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-17]
CHR Extension: (Google Docs) - C:\Users\willk_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-17]
CHR Extension: (Google Drive) - C:\Users\willk_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-17]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\willk_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-17]
CHR Extension: (YouTube) - C:\Users\willk_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-17]
CHR Extension: (Google Search) - C:\Users\willk_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-17]
CHR Extension: (Google Sheets) - C:\Users\willk_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-17]
CHR Extension: (Google Wallet) - C:\Users\willk_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-17]
CHR Extension: (Gmail) - C:\Users\willk_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-17]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ASUS InstantOn; C:\Program Files\ASUS\P4G\InsOnSrv.exe [277120 2013-04-29] (ASUS)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-19] () [File not signed]
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [167736 2013-01-24] (Intel Corporation)
S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-21] (Microsoft Corporation)
S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-03-14] (Microsoft Corporation)
R2 lxec_device; C:\WINDOWS\system32\lxeccoms.exe [1052328 2010-04-14] ( )
S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-03-06] (Microsoft Corporation)
S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-21] (Microsoft Corporation)
S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-21] (Microsoft Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-03-23] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-03-23] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [65784 2013-04-29] (ASUS Corporation)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [270104 2014-06-30] (AVG Technologies CZ, s.r.o.)
R0 BootDefragDriver; C:\Windows\System32\drivers\BootDefragDriver.sys [17088 2013-12-23] (Glarysoft Ltd)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [146856 2013-06-04] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [21928 2013-06-04] (Windows ® Win 7 DDK provider)
R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )
U3 TrueSight; C:\Windows\SysWOW64\drivers\TrueSight.sys [33512 2014-09-18] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-03-23] (Microsoft Corporation)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-18 10:43 - 2014-09-18 10:43 - 00010711 _____ () C:\Users\willk_000\Desktop\hijackthis 07-18-14.txt
2014-09-18 10:42 - 2014-09-18 10:42 - 00010711 _____ () C:\Users\willk_000\Desktop\hijackthis 07-18-14
2014-09-18 10:33 - 2014-09-18 10:33 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-18 10:32 - 2014-09-18 10:33 - 02347384 _____ (ESET) C:\Users\willk_000\Downloads\esetsmartinstaller_enu.exe
2014-09-18 09:09 - 2014-09-18 09:09 - 00003378 _____ () C:\Users\willk_000\Desktop\Rkill.txt
2014-09-18 09:09 - 2014-09-18 09:09 - 00000000 ____D () C:\Users\willk_000\Desktop\rkill
2014-09-18 08:24 - 2014-09-18 08:24 - 00001261 _____ () C:\Users\willk_000\Desktop\AdwCleaner[S2] 07-18-14.txt
2014-09-18 08:17 - 2014-09-18 11:33 - 00000062 _____ () C:\Users\willk_000\AppData\Roaming\sp_data.sys
2014-09-18 08:17 - 2014-09-18 11:33 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-17 15:53 - 2014-09-17 15:53 - 00010665 _____ () C:\Users\willk_000\Desktop\hijackthis.log
2014-09-17 14:06 - 2014-09-17 14:10 - 00015744 _____ () C:\Users\willk_000\Desktop\avgrep.txt
2014-09-17 13:59 - 2014-09-17 13:59 - 05579386 _____ (Swearware) C:\Users\willk_000\Downloads\ComboFix (1).exe
2014-09-17 13:52 - 2014-08-15 22:40 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-17 13:52 - 2014-08-15 22:04 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-17 13:52 - 2014-08-15 22:00 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-17 13:52 - 2014-08-15 22:00 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-17 13:52 - 2014-08-15 21:56 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-17 13:52 - 2014-08-15 21:54 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-17 13:52 - 2014-08-15 21:45 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-17 13:52 - 2014-08-15 21:43 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-17 13:52 - 2014-08-15 21:32 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-17 13:52 - 2014-08-15 21:25 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-17 13:52 - 2014-08-15 21:22 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-17 13:52 - 2014-08-15 21:20 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-17 13:52 - 2014-08-15 21:19 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-17 13:52 - 2014-08-15 21:18 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-17 13:52 - 2014-08-15 21:18 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-17 13:52 - 2014-08-15 21:11 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-17 13:52 - 2014-08-15 21:06 - 00359424 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-17 13:52 - 2014-08-15 21:05 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-17 13:52 - 2014-08-15 21:05 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-17 13:52 - 2014-08-15 21:03 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-17 13:52 - 2014-08-15 21:03 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-17 13:52 - 2014-08-15 20:58 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-17 13:52 - 2014-08-15 20:56 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-17 13:52 - 2014-08-15 20:53 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-17 13:52 - 2014-08-15 20:53 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-17 13:52 - 2014-08-15 20:53 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-17 13:52 - 2014-08-15 20:51 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-17 13:52 - 2014-08-15 20:45 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-17 13:52 - 2014-08-15 20:44 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-17 13:52 - 2014-08-15 20:44 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-17 13:52 - 2014-08-15 20:34 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-17 13:52 - 2014-08-15 20:20 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-17 13:52 - 2014-08-15 20:18 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-17 13:52 - 2014-08-15 20:14 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-17 13:52 - 2014-08-15 20:12 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-17 13:52 - 2014-05-30 05:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-17 13:52 - 2014-05-30 04:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-17 13:52 - 2014-02-06 07:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-17 13:52 - 2014-02-06 07:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-17 13:52 - 2014-02-06 07:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-17 13:52 - 2014-02-06 07:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-17 13:52 - 2014-02-06 06:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-17 13:52 - 2014-02-06 06:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-17 13:52 - 2014-02-06 06:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-17 13:52 - 2014-02-06 06:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-17 13:52 - 2014-02-06 06:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-17 13:52 - 2014-02-06 06:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-17 13:52 - 2014-02-06 05:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-17 13:52 - 2014-02-06 05:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-17 13:52 - 2014-02-06 05:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-17 13:52 - 2014-02-06 05:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-17 12:00 - 2014-09-17 12:00 - 05579386 _____ (Swearware) C:\Users\willk_000\Downloads\ComboFix.exe
2014-09-17 11:56 - 2014-09-17 11:56 - 00003027 _____ () C:\Users\willk_000\Desktop\HiJackThis.lnk
2014-09-17 11:56 - 2014-09-17 11:56 - 00000000 ____D () C:\Users\willk_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-09-17 11:56 - 2014-09-17 11:56 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-09-17 11:45 - 2014-09-18 11:35 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-17 11:45 - 2014-09-17 11:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-17 10:38 - 2014-09-18 09:11 - 00033512 _____ () C:\Windows\SysWOW64\Drivers\TrueSight.sys
2014-09-17 10:38 - 2014-09-17 10:38 - 04859480 _____ () C:\Users\willk_000\Downloads\RogueKiller.exe
2014-09-17 10:38 - 2014-09-17 10:38 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-09-17 10:23 - 2014-09-17 10:24 - 11194928 _____ (SurfRight B.V.) C:\Users\willk_000\Downloads\HitmanPro_x64.exe
2014-09-17 10:21 - 2014-09-17 10:21 - 00000000 ____D () C:\Program Files\HitmanPro
2014-09-17 10:20 - 2014-09-17 10:31 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-09-17 10:16 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-09-17 10:13 - 2014-09-17 10:13 - 01373475 _____ () C:\Users\willk_000\Downloads\adwcleaner_3.310.exe
2014-09-17 09:49 - 2014-09-17 09:49 - 00000000 __SHD () C:\Users\willk_000\AppData\Local\EmieUserList
2014-09-17 09:49 - 2014-09-17 09:49 - 00000000 __SHD () C:\Users\willk_000\AppData\Local\EmieSiteList
2014-09-17 09:36 - 2014-09-18 11:36 - 00000000 ____D () C:\FRST
2014-09-17 09:28 - 2014-09-17 09:49 - 00000000 ____D () C:\Users\willk_000\Desktop\RK_Quarantine
2014-09-17 09:24 - 2014-09-17 09:24 - 00002908 _____ () C:\Users\willk_000\Desktop\AdwCleaner[S0].txt
2014-09-17 09:18 - 2014-09-18 09:11 - 00000000 ____D () C:\AdwCleaner
2014-09-17 09:10 - 2014-09-18 08:59 - 00012342 _____ () C:\Windows\PFRO.log
2014-09-17 08:41 - 2014-08-01 20:18 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2014-09-17 08:41 - 2014-07-23 23:20 - 00875688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2014-09-17 08:41 - 2014-07-23 23:20 - 00869544 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2014-09-17 08:26 - 2014-08-23 03:48 - 02374784 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2014-09-17 08:26 - 2014-08-23 03:13 - 02084520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2014-09-17 08:26 - 2014-08-23 02:10 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-09-17 08:26 - 2014-08-23 01:32 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-09-17 08:26 - 2014-08-23 00:44 - 02860032 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-09-17 08:26 - 2014-08-23 00:34 - 13423104 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-09-17 08:26 - 2014-08-23 00:33 - 00796672 _____ (Microsoft Corporation) C:\Windows\system32\uDWM.dll
2014-09-17 08:26 - 2014-08-23 00:31 - 01038336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-09-17 08:26 - 2014-08-23 00:20 - 11818496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-09-17 08:26 - 2014-07-29 21:56 - 00299520 _____ (Microsoft Corporation) C:\Windows\system32\WSDMon.dll
2014-09-17 08:26 - 2014-07-29 01:22 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\tcpmon.dll
2014-09-17 08:26 - 2014-07-24 11:20 - 21266336 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-09-17 08:26 - 2014-07-24 11:16 - 02574208 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2014-09-17 08:26 - 2014-07-24 11:07 - 07424320 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-09-17 08:26 - 2014-07-24 11:07 - 02009920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-09-17 08:26 - 2014-07-24 11:03 - 02141920 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2014-09-17 08:26 - 2014-07-24 11:03 - 00882136 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-09-17 08:26 - 2014-07-24 11:03 - 00818624 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2014-09-17 08:26 - 2014-07-24 10:57 - 02515264 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-09-17 08:26 - 2014-07-24 09:48 - 02410976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2014-09-17 08:26 - 2014-07-24 09:46 - 18760328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-09-17 08:26 - 2014-07-24 09:36 - 02145472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2014-09-17 08:26 - 2014-07-24 09:36 - 00707536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-09-17 08:26 - 2014-07-24 09:36 - 00674512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2014-09-17 08:26 - 2014-07-24 07:44 - 00674816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2014-09-17 08:26 - 2014-07-24 07:43 - 00412160 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2014-09-17 08:26 - 2014-07-24 06:20 - 02050560 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2014-09-17 08:26 - 2014-07-24 05:44 - 16874496 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2014-09-17 08:26 - 2014-07-24 05:16 - 12730880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2014-09-17 08:26 - 2014-07-24 04:53 - 01261056 _____ (Microsoft Corporation) C:\Windows\system32\gpsvc.dll
2014-09-17 08:26 - 2014-07-24 04:32 - 01532416 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2014-09-17 08:26 - 2014-07-24 04:27 - 00907776 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2014-09-17 08:26 - 2014-07-24 04:21 - 01231872 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2014-09-17 08:26 - 2014-07-24 04:10 - 01029632 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-09-17 08:26 - 2014-07-24 04:10 - 00889344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2014-09-17 08:26 - 2014-07-24 04:02 - 03465216 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-09-17 08:26 - 2014-07-24 04:01 - 05833216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Search.dll
2014-09-17 08:26 - 2014-07-24 03:50 - 01182208 _____ (Microsoft Corporation) C:\Windows\system32\printui.dll
2014-09-17 08:26 - 2014-07-24 03:46 - 08652800 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Search.dll
2014-09-17 08:26 - 2014-07-24 03:43 - 02696704 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2014-09-17 08:26 - 2014-07-24 03:39 - 02642944 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-09-17 08:26 - 2014-07-24 03:38 - 06649344 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-09-17 08:26 - 2014-07-24 03:38 - 05777408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-09-17 08:26 - 2014-07-24 03:30 - 02318336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-09-17 08:26 - 2014-07-24 03:28 - 01600000 _____ (Microsoft Corporation) C:\Windows\system32\workfolderssvc.dll
2014-09-17 08:26 - 2014-06-14 02:03 - 02389504 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-17 08:26 - 2014-06-14 01:46 - 02071552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-17 08:25 - 2014-07-24 11:28 - 00468288 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2014-09-17 08:25 - 2014-07-24 11:28 - 00419648 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-09-17 08:25 - 2014-07-24 11:28 - 00412992 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2014-09-17 08:25 - 2014-07-24 11:28 - 00280384 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\pci.sys
2014-09-17 08:25 - 2014-07-24 11:28 - 00143680 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-09-17 08:25 - 2014-07-24 11:25 - 00054752 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-09-17 08:25 - 2014-07-24 11:23 - 01519488 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2014-09-17 08:25 - 2014-07-24 11:23 - 00125472 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2014-09-17 08:25 - 2014-07-24 11:20 - 00645592 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2014-09-17 08:25 - 2014-07-24 11:20 - 00263400 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlows.exe
2014-09-17 08:25 - 2014-07-24 11:16 - 00211216 _____ (Microsoft Corporation) C:\Windows\system32\SndVol.exe
2014-09-17 08:25 - 2014-07-24 11:05 - 01660048 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-09-17 08:25 - 2014-07-24 11:05 - 01519560 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-09-17 08:25 - 2014-07-24 11:05 - 01488008 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-09-17 08:25 - 2014-07-24 11:05 - 01356840 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-09-17 08:25 - 2014-07-24 11:03 - 00360480 _____ (Microsoft Corporation) C:\Windows\system32\mfreadwrite.dll
2014-09-17 08:25 - 2014-07-24 11:03 - 00233888 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-09-17 08:25 - 2014-07-24 11:03 - 00205512 _____ (Microsoft Corporation) C:\Windows\system32\mftranscode.dll
2014-09-17 08:25 - 2014-07-24 10:57 - 00475968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-09-17 08:25 - 2014-07-24 09:50 - 00098048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2014-09-17 08:25 - 2014-07-24 09:48 - 00180208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SndVol.exe
2014-09-17 08:25 - 2014-07-24 09:46 - 00477200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2014-09-17 08:25 - 2014-07-24 09:36 - 00355800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfreadwrite.dll
2014-09-17 08:25 - 2014-07-24 09:36 - 00180720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mftranscode.dll
2014-09-17 08:25 - 2014-07-24 07:51 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\KBDRUM.DLL
2014-09-17 08:25 - 2014-07-24 07:51 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-09-17 08:25 - 2014-07-24 07:51 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTT102.DLL
2014-09-17 08:25 - 2014-07-24 07:51 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-09-17 08:25 - 2014-07-24 07:51 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-09-17 08:25 - 2014-07-24 07:51 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-09-17 08:25 - 2014-07-24 07:51 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-09-17 08:25 - 2014-07-24 07:47 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-09-17 08:25 - 2014-07-24 07:46 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys
2014-09-17 08:25 - 2014-07-24 07:45 - 00076800 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2014-09-17 08:25 - 2014-07-24 07:42 - 00446976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\nwifi.sys
2014-09-17 08:25 - 2014-07-24 07:42 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\NdisImPlatform.sys
2014-09-17 08:25 - 2014-07-24 07:41 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bridge.sys
2014-09-17 08:25 - 2014-07-24 07:33 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-09-17 08:25 - 2014-07-24 07:33 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-09-17 08:25 - 2014-07-24 07:22 - 00308736 _____ (Microsoft Corporation) C:\Windows\system32\compstui.dll
2014-09-17 08:25 - 2014-07-24 07:06 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\iasnap.dll
2014-09-17 08:25 - 2014-07-24 07:05 - 00287232 _____ (Microsoft Corporation) C:\Windows\system32\usbmon.dll
2014-09-17 08:25 - 2014-07-24 07:05 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-09-17 08:25 - 2014-07-24 06:52 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-09-17 08:25 - 2014-07-24 06:52 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTT102.DLL
2014-09-17 08:25 - 2014-07-24 06:52 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-09-17 08:25 - 2014-07-24 06:51 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRUM.DLL
2014-09-17 08:25 - 2014-07-24 06:51 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-09-17 08:25 - 2014-07-24 06:51 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-09-17 08:25 - 2014-07-24 06:51 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-09-17 08:25 - 2014-07-24 06:49 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\WorkFoldersGPExt.dll
2014-09-17 08:25 - 2014-07-24 06:33 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-09-17 08:25 - 2014-07-24 06:32 - 00207360 _____ (Microsoft Corporation) C:\Windows\system32\powercfg.cpl
2014-09-17 08:25 - 2014-07-24 06:18 - 01089024 _____ (Microsoft Corporation) C:\Windows\system32\gpedit.dll
2014-09-17 08:25 - 2014-07-24 06:12 - 00878592 _____ (Microsoft Corporation) C:\Windows\system32\ActionCenter.dll
2014-09-17 08:25 - 2014-07-24 06:10 - 01844224 _____ (Microsoft Corporation) C:\Windows\system32\Display.dll
2014-09-17 08:25 - 2014-07-24 06:10 - 00834560 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-09-17 08:25 - 2014-07-24 06:10 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2014-09-17 08:25 - 2014-07-24 06:10 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iasnap.dll
2014-09-17 08:25 - 2014-07-24 06:09 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2014-09-17 08:25 - 2014-07-24 06:06 - 00438272 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2014-09-17 08:25 - 2014-07-24 06:05 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\WorkFoldersShell.dll
2014-09-17 08:25 - 2014-07-24 05:53 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\prnntfy.dll
2014-09-17 08:25 - 2014-07-24 05:52 - 00621056 _____ (Microsoft Corporation) C:\Windows\system32\comdlg32.dll
2014-09-17 08:25 - 2014-07-24 05:42 - 00206336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\powercfg.cpl
2014-09-17 08:25 - 2014-07-24 05:40 - 00557056 _____ (Microsoft Corporation) C:\Windows\system32\PrintDialogs.dll
2014-09-17 08:25 - 2014-07-24 05:39 - 00770048 _____ (Microsoft Corporation) C:\Windows\system32\WorkfoldersControl.dll
2014-09-17 08:25 - 2014-07-24 05:33 - 01741824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll
2014-09-17 08:25 - 2014-07-24 05:32 - 01048064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gpedit.dll
2014-09-17 08:25 - 2014-07-24 05:27 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2014-09-17 08:25 - 2014-07-24 05:27 - 00779264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-09-17 08:25 - 2014-07-24 05:25 - 00832512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ActionCenter.dll
2014-09-17 08:25 - 2014-07-24 05:24 - 01817088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Display.dll
2014-09-17 08:25 - 2014-07-24 05:23 - 00328704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2014-09-17 08:25 - 2014-07-24 05:21 - 00134144 _____ (Microsoft Corporation) C:\Windows\system32\browser.dll
2014-09-17 08:25 - 2014-07-24 05:18 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\wlansvcpal.dll
2014-09-17 08:25 - 2014-07-24 05:14 - 00443904 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll
2014-09-17 08:25 - 2014-07-24 05:13 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prnntfy.dll
2014-09-17 08:25 - 2014-07-24 05:12 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\WiFiDisplay.dll
2014-09-17 08:25 - 2014-07-24 05:11 - 00356864 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2014-09-17 08:25 - 2014-07-24 05:11 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\wshbth.dll
2014-09-17 08:25 - 2014-07-24 05:10 - 00540672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.dll
2014-09-17 08:25 - 2014-07-24 05:09 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\httpprxm.dll
2014-09-17 08:25 - 2014-07-24 05:04 - 00492032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintDialogs.dll
2014-09-17 08:25 - 2014-07-24 05:04 - 00183808 _____ (Microsoft Corp.) C:\Windows\system32\Defrag.exe
2014-09-17 08:25 - 2014-07-24 05:03 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\srvsvc.dll
2014-09-17 08:25 - 2014-07-24 05:02 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2014-09-17 08:25 - 2014-07-24 04:58 - 00105472 _____ (Microsoft Corporation) C:\Windows\system32\BluetoothApis.dll
2014-09-17 08:25 - 2014-07-24 04:53 - 00449536 _____ (Microsoft Corporation) C:\Windows\system32\defragsvc.dll
2014-09-17 08:25 - 2014-07-24 04:49 - 01361408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2014-09-17 08:25 - 2014-07-24 04:49 - 01287680 _____ (Microsoft Corporation) C:\Windows\system32\mispace.dll
2014-09-17 08:25 - 2014-07-24 04:49 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\wlanapi.dll
2014-09-17 08:25 - 2014-07-24 04:49 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\adhsvc.dll
2014-09-17 08:25 - 2014-07-24 04:48 - 00659968 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Bluetooth.dll
2014-09-17 08:25 - 2014-07-24 04:47 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\wcmcsp.dll
2014-09-17 08:25 - 2014-07-24 04:43 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshbth.dll
2014-09-17 08:25 - 2014-07-24 04:39 - 02397184 _____ (Microsoft Corporation) C:\Windows\system32\storagewmi.dll
2014-09-17 08:25 - 2014-07-24 04:38 - 00371200 _____ (Microsoft Corporation) C:\Windows\system32\wlanmsm.dll
2014-09-17 08:25 - 2014-07-24 04:36 - 00079872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BluetoothApis.dll
2014-09-17 08:25 - 2014-07-24 04:30 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanapi.dll
2014-09-17 08:25 - 2014-07-24 04:29 - 00439296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Bluetooth.dll
2014-09-17 08:25 - 2014-07-24 04:28 - 00595456 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Networking.dll
2014-09-17 08:25 - 2014-07-24 04:24 - 00249344 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-17 08:25 - 2014-07-24 04:23 - 01404416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\storagewmi.dll
2014-09-17 08:25 - 2014-07-24 04:22 - 00487936 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2014-09-17 08:25 - 2014-07-24 04:21 - 00302080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wlanmsm.dll
2014-09-17 08:25 - 2014-07-24 04:20 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\puiapi.dll
2014-09-17 08:25 - 2014-07-24 04:19 - 00388608 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-09-17 08:25 - 2014-07-24 04:18 - 01144320 _____ (Microsoft Corporation) C:\Windows\system32\wwanmm.dll
2014-09-17 08:25 - 2014-07-24 04:18 - 00795136 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2014-09-17 08:25 - 2014-07-24 04:18 - 00093696 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-09-17 08:25 - 2014-07-24 04:16 - 00505344 _____ (Microsoft Corporation) C:\Windows\system32\VAN.dll
2014-09-17 08:25 - 2014-07-24 04:16 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\wpdbusenum.dll
2014-09-17 08:25 - 2014-07-24 04:15 - 00828416 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-09-17 08:25 - 2014-07-24 04:15 - 00721408 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.dll
2014-09-17 08:25 - 2014-07-24 04:15 - 00432128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Networking.dll
2014-09-17 08:25 - 2014-07-24 04:13 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\SndVolSSO.dll
2014-09-17 08:25 - 2014-07-24 04:12 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-09-17 08:25 - 2014-07-24 04:10 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-09-17 08:25 - 2014-07-24 04:10 - 00371712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2014-09-17 08:25 - 2014-07-24 04:08 - 00321536 _____ (Microsoft Corporation) C:\Windows\system32\stobject.dll
2014-09-17 08:25 - 2014-07-24 04:08 - 00162816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiapi.dll
2014-09-17 08:25 - 2014-07-24 04:07 - 01705472 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-09-17 08:25 - 2014-07-24 04:06 - 00080896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-09-17 08:25 - 2014-07-24 04:05 - 00448000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VAN.dll
2014-09-17 08:25 - 2014-07-24 04:04 - 00667136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-09-17 08:25 - 2014-07-24 04:01 - 01992192 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2014-09-17 08:25 - 2014-07-24 04:01 - 01126912 _____ (Microsoft Corporation) C:\Windows\system32\SearchFolder.dll
2014-09-17 08:25 - 2014-07-24 04:00 - 02100736 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlowUI.dll
2014-09-17 08:25 - 2014-07-24 03:58 - 00432640 _____ (Microsoft Corporation) C:\Windows\system32\wwanconn.dll
2014-09-17 08:25 - 2014-07-24 03:58 - 00288768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\stobject.dll
2014-09-17 08:25 - 2014-07-24 03:54 - 01290752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2014-09-17 08:25 - 2014-07-24 03:50 - 00923136 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2014-09-17 08:25 - 2014-07-24 03:49 - 00263680 _____ (Microsoft Corporation) C:\Windows\system32\DafPrintProvider.dll
2014-09-17 08:25 - 2014-07-24 03:47 - 00576512 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2014-09-17 08:25 - 2014-07-24 03:44 - 01057792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\printui.dll
2014-09-17 08:25 - 2014-07-24 03:43 - 00756224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2014-09-17 08:25 - 2014-07-24 03:43 - 00200192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DafPrintProvider.dll
2014-09-17 08:25 - 2014-07-24 03:41 - 00459264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2014-09-17 08:25 - 2014-07-24 03:33 - 03360768 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-09-17 08:25 - 2014-07-24 00:11 - 00513544 _____ () C:\Windows\SysWOW64\locale.nls
2014-09-17 08:25 - 2014-07-24 00:11 - 00513544 _____ () C:\Windows\system32\locale.nls
2014-09-17 08:25 - 2014-07-12 01:55 - 00268288 _____ (Microsoft Corporation) C:\Windows\system32\wisp.dll
2014-09-17 08:25 - 2014-07-12 01:23 - 00436224 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2014-09-17 08:25 - 2014-07-12 00:58 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wisp.dll
2014-09-17 08:25 - 2014-07-12 00:33 - 00318976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2014-09-17 08:25 - 2014-07-12 00:13 - 01417216 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-17 08:25 - 2014-07-09 19:19 - 00387391 _____ () C:\Windows\system32\ApnDatabase.xml
2014-09-17 08:25 - 2014-07-04 08:59 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ks.sys
2014-09-17 08:25 - 2014-07-04 06:29 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\AppxSip.dll
2014-09-17 08:25 - 2014-07-04 06:20 - 01656832 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2014-09-17 08:25 - 2014-07-04 06:06 - 00095232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxSip.dll
2014-09-17 08:25 - 2014-07-04 06:00 - 01351168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2014-09-17 08:25 - 2014-07-04 05:30 - 00544768 _____ (Microsoft Corporation) C:\Windows\system32\AppxPackaging.dll
2014-09-17 08:25 - 2014-07-04 05:27 - 00474112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxPackaging.dll
2014-09-17 08:25 - 2014-06-27 02:22 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2014-09-17 08:25 - 2014-06-25 20:32 - 01029632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mispace.dll
2014-09-17 08:25 - 2014-06-25 20:29 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\dab.dll
2014-09-17 08:25 - 2014-06-19 19:37 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2014-09-17 08:25 - 2014-06-18 22:13 - 00310080 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2014-09-17 08:25 - 2014-06-07 08:46 - 00216368 _____ (Microsoft Corporation) C:\Windows\system32\rsaenh.dll
2014-09-17 08:25 - 2014-06-07 06:20 - 00189016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll
2014-09-17 08:25 - 2014-06-05 10:00 - 01118040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2014-09-17 08:25 - 2014-06-05 06:18 - 01018368 _____ (Microsoft Corporation) C:\Windows\system32\aclui.dll
2014-09-17 08:25 - 2014-06-05 05:42 - 00889856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aclui.dll
2014-09-17 08:25 - 2014-05-31 01:00 - 01463808 _____ (Microsoft Corporation) C:\Windows\system32\wsecedit.dll
2014-09-17 08:25 - 2014-05-31 00:18 - 01319936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsecedit.dll
2014-09-17 08:25 - 2014-05-29 02:23 - 00427008 _____ (Microsoft Corporation) C:\Windows\system32\clusapi.dll
2014-09-17 08:25 - 2014-05-29 01:25 - 00313856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clusapi.dll
2014-09-17 08:25 - 2014-05-29 01:20 - 00427520 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-09-17 08:25 - 2014-05-29 00:36 - 00344576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-09-17 08:25 - 2014-05-26 03:26 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\AppxSysprep.dll
2014-09-17 08:25 - 2014-05-10 06:12 - 00387896 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2014-09-17 08:25 - 2014-05-10 04:46 - 00335680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2014-09-17 08:25 - 2014-05-06 00:41 - 00486744 _____ (Microsoft Corporation) C:\Windows\system32\netcfgx.dll
2014-09-17 08:25 - 2014-05-05 20:55 - 00391000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcfgx.dll
2014-09-17 08:25 - 2014-03-24 22:27 - 00160600 _____ (Microsoft Corporation) C:\Windows\system32\winmmbase.dll
2014-09-17 08:25 - 2014-03-24 22:27 - 00123920 _____ (Microsoft Corporation) C:\Windows\system32\winmm.dll
2014-09-17 08:25 - 2014-03-24 21:20 - 00128568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmm.dll
2014-09-17 08:25 - 2014-03-24 21:20 - 00127544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmmbase.dll
2014-09-17 08:14 - 2014-08-14 20:36 - 00146752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msgpioclx.sys
2014-09-17 08:11 - 2014-09-17 13:40 - 00001783 _____ () C:\Windows\setupact.log
2014-09-17 08:11 - 2014-09-17 08:11 - 00025287 _____ () C:\Users\willk_000\Desktop\bookmarks_9_17_14.html
2014-09-17 08:11 - 2014-09-17 08:11 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-16 21:46 - 2014-09-18 11:35 - 01335881 _____ () C:\Windows\WindowsUpdate.log
2014-09-08 18:38 - 2014-09-17 15:05 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-08 18:38 - 2014-09-08 18:38 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-08 18:38 - 2014-09-08 18:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-08 18:37 - 2014-09-08 18:38 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-08 18:37 - 2014-09-08 18:37 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-08 18:37 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-08 18:37 - 2014-05-12 07:26 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-08 18:37 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-08 18:36 - 2014-09-08 18:37 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\willk_000\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-08 17:38 - 2014-09-08 17:38 - 00003108 _____ () C:\Windows\System32\Tasks\{B5E60085-85E1-432C-856C-4B714B66DED2}
2014-09-08 17:11 - 2014-09-08 18:30 - 00000000 ____D () C:\Users\willk_000\AppData\Roaming\uTorrent
2014-09-08 16:50 - 2014-09-11 20:38 - 00001024 _____ () C:\.rnd
2014-09-08 16:48 - 2014-09-16 21:43 - 00000000 ____D () C:\Users\willk_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Common dictionary
2014-08-29 23:50 - 2014-08-22 20:42 - 04148224 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-09-18 11:36 - 2014-09-17 09:36 - 00000000 ____D () C:\FRST
2014-09-18 11:35 - 2014-09-17 11:45 - 00002205 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-09-18 11:35 - 2014-09-16 21:46 - 01335881 _____ () C:\Windows\WindowsUpdate.log
2014-09-18 11:34 - 2013-12-29 02:58 - 00000350 _____ () C:\Windows\Tasks\GlaryInitialize 4.job
2014-09-18 11:34 - 2013-12-28 14:37 - 00000000 ___RD () C:\Users\willk_000\Dropbox
2014-09-18 11:34 - 2013-12-28 14:34 - 00000000 ____D () C:\Users\willk_000\AppData\Roaming\Dropbox
2014-09-18 11:33 - 2014-09-18 08:17 - 00000062 _____ () C:\Users\willk_000\AppData\Roaming\sp_data.sys
2014-09-18 11:33 - 2014-09-18 08:17 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-18 11:33 - 2013-12-29 13:45 - 00000000 __RDO () C:\Users\willk_000\SkyDrive
2014-09-18 11:33 - 2013-12-27 20:18 - 00000920 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-09-18 11:32 - 2013-08-22 09:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-09-18 11:00 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\sru
2014-09-18 10:52 - 2013-12-27 20:18 - 00000924 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-09-18 10:51 - 2014-03-29 14:36 - 00000938 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1475242226-3908716180-2918384607-1002UA.job
2014-09-18 10:43 - 2014-09-18 10:43 - 00010711 _____ () C:\Users\willk_000\Desktop\hijackthis 07-18-14.txt
2014-09-18 10:42 - 2014-09-18 10:42 - 00010711 _____ () C:\Users\willk_000\Desktop\hijackthis 07-18-14
2014-09-18 10:33 - 2014-09-18 10:33 - 00000000 ____D () C:\Program Files (x86)\ESET
2014-09-18 10:33 - 2014-09-18 10:32 - 02347384 _____ (ESET) C:\Users\willk_000\Downloads\esetsmartinstaller_enu.exe
2014-09-18 09:18 - 2013-12-28 14:15 - 00003600 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1475242226-3908716180-2918384607-1002
2014-09-18 09:11 - 2014-09-17 10:38 - 00033512 _____ () C:\Windows\SysWOW64\Drivers\TrueSight.sys
2014-09-18 09:11 - 2014-09-17 09:18 - 00000000 ____D () C:\AdwCleaner
2014-09-18 09:10 - 2013-11-14 03:28 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-18 09:09 - 2014-09-18 09:09 - 00003378 _____ () C:\Users\willk_000\Desktop\Rkill.txt
2014-09-18 09:09 - 2014-09-18 09:09 - 00000000 ____D () C:\Users\willk_000\Desktop\rkill
2014-09-18 09:04 - 2014-06-06 08:39 - 00000000 ____D () C:\ProgramData\MFAData
2014-09-18 08:59 - 2014-09-17 09:10 - 00012342 _____ () C:\Windows\PFRO.log
2014-09-18 08:51 - 2014-03-29 14:36 - 00000886 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1475242226-3908716180-2918384607-1002Core.job
2014-09-18 08:24 - 2014-09-18 08:24 - 00001261 _____ () C:\Users\willk_000\Desktop\AdwCleaner[S2] 07-18-14.txt
2014-09-18 08:19 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-09-18 08:16 - 2013-12-28 20:27 - 00000000 ____D () C:\Users\willk_000
2014-09-18 08:07 - 2013-12-30 09:31 - 00000000 ____D () C:\Users\willk_000\AppData\Local\Adobe
2014-09-17 15:53 - 2014-09-17 15:53 - 00010665 _____ () C:\Users\willk_000\Desktop\hijackthis.log
2014-09-17 15:52 - 2012-07-26 03:59 - 00000000 ____D () C:\Windows\CbsTemp
2014-09-17 15:05 - 2014-09-08 18:38 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-17 14:10 - 2014-09-17 14:06 - 00015744 _____ () C:\Users\willk_000\Desktop\avgrep.txt
2014-09-17 13:59 - 2014-09-17 13:59 - 05579386 _____ (Swearware) C:\Users\willk_000\Downloads\ComboFix (1).exe
2014-09-17 13:53 - 2013-12-29 03:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-09-17 13:53 - 2013-12-29 03:28 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-09-17 13:52 - 2013-12-28 16:23 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-17 13:50 - 2013-12-28 16:23 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-17 13:40 - 2014-09-17 08:11 - 00001783 _____ () C:\Windows\setupact.log
2014-09-17 12:00 - 2014-09-17 12:00 - 05579386 _____ (Swearware) C:\Users\willk_000\Downloads\ComboFix.exe
2014-09-17 12:00 - 2013-11-15 01:48 - 00003474 _____ () C:\Windows\System32\Tasks\ASUS Live Update1
2014-09-17 12:00 - 2013-11-15 01:48 - 00003464 _____ () C:\Windows\System32\Tasks\ASUS Live Update2
2014-09-17 11:56 - 2014-09-17 11:56 - 00003027 _____ () C:\Users\willk_000\Desktop\HiJackThis.lnk
2014-09-17 11:56 - 2014-09-17 11:56 - 00000000 ____D () C:\Users\willk_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-09-17 11:56 - 2014-09-17 11:56 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-09-17 11:56 - 2013-12-28 14:08 - 00000000 ____D () C:\Users\willk_000\AppData\Local\VirtualStore
2014-09-17 11:45 - 2014-09-17 11:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-09-17 11:45 - 2013-12-28 14:11 - 00000000 ____D () C:\Users\willk_000\AppData\Local\Google
2014-09-17 11:45 - 2013-12-27 20:18 - 00000000 ____D () C:\Program Files (x86)\Google
2014-09-17 11:41 - 2013-12-27 20:17 - 00000000 ____D () C:\Users\wdkrokey\AppData\Local\Google
2014-09-17 11:21 - 2014-07-09 16:32 - 00000000 ____D () C:\Windows\USB Vibration
2014-09-17 11:21 - 2013-11-15 01:32 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-09-17 10:38 - 2014-09-17 10:38 - 04859480 _____ () C:\Users\willk_000\Downloads\RogueKiller.exe
2014-09-17 10:38 - 2014-09-17 10:38 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-09-17 10:31 - 2014-09-17 10:20 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-09-17 10:24 - 2014-09-17 10:23 - 11194928 _____ (SurfRight B.V.) C:\Users\willk_000\Downloads\HitmanPro_x64.exe
2014-09-17 10:21 - 2014-09-17 10:21 - 00000000 ____D () C:\Program Files\HitmanPro
2014-09-17 10:13 - 2014-09-17 10:13 - 01373475 _____ () C:\Users\willk_000\Downloads\adwcleaner_3.310.exe
2014-09-17 09:50 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-17 09:49 - 2014-09-17 09:49 - 00000000 __SHD () C:\Users\willk_000\AppData\Local\EmieUserList
2014-09-17 09:49 - 2014-09-17 09:49 - 00000000 __SHD () C:\Users\willk_000\AppData\Local\EmieSiteList
2014-09-17 09:49 - 2014-09-17 09:28 - 00000000 ____D () C:\Users\willk_000\Desktop\RK_Quarantine
2014-09-17 09:24 - 2014-09-17 09:24 - 00002908 _____ () C:\Users\willk_000\Desktop\AdwCleaner[S0].txt
2014-09-17 09:23 - 2013-08-22 10:44 - 05102576 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-17 09:21 - 2013-12-28 20:27 - 00000000 ____D () C:\Users\wdkrokey
2014-09-17 09:10 - 2013-11-14 03:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-09-17 09:10 - 2013-08-22 11:36 - 00000000 ___RD () C:\Windows\ToastData
2014-09-17 09:10 - 2013-08-22 11:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2014-09-17 09:10 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-09-17 09:10 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-09-17 09:10 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\WinStore
2014-09-17 09:10 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\SysWOW64\setup
2014-09-17 09:10 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\SysWOW64\InputMethod
2014-09-17 09:10 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\setup
2014-09-17 09:10 - 2013-08-22 09:36 - 00000000 ____D () C:\Windows\system32\oobe
2014-09-17 09:10 - 2012-08-01 21:36 - 00000000 ____D () C:\Windows\ASUS
2014-09-17 08:11 - 2014-09-17 08:11 - 00025287 _____ () C:\Users\willk_000\Desktop\bookmarks_9_17_14.html
2014-09-17 08:11 - 2014-09-17 08:11 - 00000000 _____ () C:\Windows\setuperr.log
2014-09-16 21:43 - 2014-09-08 16:48 - 00000000 ____D () C:\Users\willk_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Common dictionary
2014-09-16 21:42 - 2013-12-29 02:58 - 00000000 ____D () C:\Program Files (x86)\Glary Utilities 4
2014-09-16 21:32 - 2013-12-29 20:34 - 00001120 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 9.lnk
2014-09-16 21:10 - 2013-08-22 09:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2014-09-11 20:43 - 2014-07-31 16:48 - 00000983 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-09-11 20:43 - 2014-06-06 08:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-09-11 20:38 - 2014-09-08 16:50 - 00001024 _____ () C:\.rnd
2014-09-08 19:13 - 2013-12-29 02:54 - 00000000 ____D () C:\Users\wdkrokey\AppData\Local\CRE
2014-09-08 18:38 - 2014-09-08 18:38 - 00001120 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-08 18:38 - 2014-09-08 18:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-08 18:38 - 2014-09-08 18:37 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-08 18:37 - 2014-09-08 18:37 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-08 18:37 - 2014-09-08 18:36 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\willk_000\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-08 18:30 - 2014-09-08 17:11 - 00000000 ____D () C:\Users\willk_000\AppData\Roaming\uTorrent
2014-09-08 17:38 - 2014-09-08 17:38 - 00003108 _____ () C:\Windows\System32\Tasks\{B5E60085-85E1-432C-856C-4B714B66DED2}
2014-09-02 16:06 - 2014-06-06 09:10 - 00706016 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-02 16:06 - 2014-06-06 09:10 - 00105440 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-08-30 00:26 - 2014-07-16 08:58 - 00000000 ____D () C:\Users\willk_000\Desktop\Other
2014-08-30 00:01 - 2014-07-14 18:00 - 00000000 ____D () C:\Users\willk_000\AppData\Local\Black_Tree_Gaming
2014-08-29 23:52 - 2013-12-28 14:08 - 00000000 ____D () C:\Users\willk_000\AppData\Local\Packages
2014-08-25 11:00 - 2014-02-04 18:02 - 00000000 ____D () C:\Users\TEMP
2014-08-23 03:48 - 2014-09-17 08:26 - 02374784 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2014-08-23 03:13 - 2014-09-17 08:26 - 02084520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2014-08-23 02:10 - 2014-09-17 08:26 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\UXInit.dll
2014-08-23 01:32 - 2014-09-17 08:26 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UXInit.dll
2014-08-23 00:44 - 2014-09-17 08:26 - 02860032 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-08-23 00:34 - 2014-09-17 08:26 - 13423104 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-08-23 00:33 - 2014-09-17 08:26 - 00796672 _____ (Microsoft Corporation) C:\Windows\system32\uDWM.dll
2014-08-23 00:31 - 2014-09-17 08:26 - 01038336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-08-23 00:20 - 2014-09-17 08:26 - 11818496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-08-22 20:42 - 2014-08-29 23:50 - 04148224 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-19 03:53 - 2014-07-06 00:08 - 00002060 _____ () C:\Users\Public\Desktop\Google Slides.lnk
2014-08-19 03:53 - 2014-07-06 00:08 - 00002058 _____ () C:\Users\Public\Desktop\Google Sheets.lnk
2014-08-19 03:53 - 2014-07-06 00:08 - 00002048 _____ () C:\Users\Public\Desktop\Google Docs.lnk
2014-08-19 03:53 - 2014-07-06 00:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
 
Some content of TEMP:
====================
C:\Users\willk_000\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0prhsa.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-18 08:52
 
==================== End Of Log ============================

 

 

 

 

And Additional

 


 Additional scan result of Farbar Recovery Scan Tool (x64) Version: 10-09-2014

Ran by willk_000 at 2014-09-18 11:36:49
Running from D:\
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.2.2 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 3.0.2 - ASUS)
ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.1 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 2.1.4 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 2.01.0005 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 3.1.0 - ASUS)
ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.18.159 - ASUS Cloud Corporation)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4924.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.4924.52 - CyberLink Corp.) Hidden
AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.309 - ASUSTEK)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0028 - ASUS)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4765 - AVG Technologies)
AVG 2014 (Version: 14.0.4015 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4765 - AVG Technologies) Hidden
ChromecastApp (HKCU\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.316.0 - Google Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Definition Update for Microsoft Office 2013 (KB2760587) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{9719DFA1-7CB0-422E-98AE-C77FD3426BE8}) (Version:  - Microsoft)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.28 - Dropbox, Inc.)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Glary Utilities 4.3 (HKLM-x32\...\Glary Utilities 4) (Version: 4.3.0.80 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.120 - Google Inc.)
Google Drive (HKLM-x32\...\{C6640705-7479-4EE5-BC86-879F05F65E74}) (Version: 1.17.7290.4094 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.0.0.1310 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Intel® Trusted Connect Service Client (Version: 1.27.757.1 - Intel Corporation) Hidden
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
Microsoft Access MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Access Setup Metadata MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft DCF MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Excel MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Groove MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Lync MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office 32-bit Components 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Español (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 x86 Additional Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2013 x86 Minimum Runtime - 12.0.21005 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
Microsoft Word MUI (English) 2013 (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
Microsoft Xbox 360 Accessories 1.2 (HKLM\...\{D9C50188-12D5-4D3E-8F00-682346C2AA5F}) (Version: 1.20.146.0 - Microsoft)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MyBitCast 2.0 (HKLM-x32\...\MyBitCast) (Version: 2.0 - ASUS)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Pidgin (HKCU\...\Pidgin) (Version: 2.10.7 - )
Pidgin (HKLM-x32\...\Pidgin) (Version: 2.10.7 - )
PowerISO (HKLM-x32\...\PowerISO) (Version: 5.8 - Power Software Ltd)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.10.1226.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6870 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.30136 - Realtek Semiconductor Corp.)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version:  - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version:  - Microsoft) Hidden
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
System Requirements Lab for Intel (HKLM-x32\...\{1EBDF6D2-CEA0-484C-A23E-2DDAD7FD0DD0}) (Version: 4.5.22.0 - Husdawg, LLC)
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.32494 - TeamViewer)
Update for Microsoft Excel 2013 (KB2889861) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{6A34D28A-A780-405D-BF1A-F054542A37C8}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2889861) 64-Bit Edition (HKLM\...\{90150000-0016-0409-1000-0000000FF1CE}_Office15.PROPLUS_{6A34D28A-A780-405D-BF1A-F054542A37C8}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2889861) 64-Bit Edition (HKLM\...\{90150000-0018-0409-1000-0000000FF1CE}_Office15.PROPLUS_{6A34D28A-A780-405D-BF1A-F054542A37C8}) (Version:  - Microsoft)
Update for Microsoft Excel 2013 (KB2889861) 64-Bit Edition (HKLM\...\{90150000-001B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{6A34D28A-A780-405D-BF1A-F054542A37C8}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2881083) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{8260F0BF-F234-41FC-AB11-218A9925F77B}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2889860) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{75FECCEB-66B8-4376-8A25-6137D30D3C93}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2889860) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{75FECCEB-66B8-4376-8A25-6137D30D3C93}) (Version:  - Microsoft)
Update for Microsoft Lync 2013 (KB2889860) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{75FECCEB-66B8-4376-8A25-6137D30D3C93}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760249) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{7A4AB8E1-C091-4BD3-B308-844BA6EE752A}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760344) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{EF77B4A6-DFEC-4010-A87D-9B6BF87FABEC}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2760544) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{62857CDD-2985-4939-91BA-19ED0B0031A5}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2768012) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{0814662C-FD28-4DE0-ACE5-EE50D1D6C8FB}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E79EFFDB-192A-4D9E-A2DB-C0F774E6EC32}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2817302) 64-Bit Edition (HKLM\...\{90150000-0016-0409-1000-0000000FF1CE}_Office15.PROPLUS_{E79EFFDB-192A-4D9E-A2DB-C0F774E6EC32}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2837644) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D692E9FF-84BF-4F44-A0EA-D58ECE0D538E}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2863843) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{290D80DE-03AB-47EC-9402-108AF4CE4F66}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}_Office15.PROPLUS_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880462) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{24584DD4-C680-4FEB-A464-D760C7A5B041}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2880478) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{8116ED50-F1E7-49E1-9D8D-421497D34B0F}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881001) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{DF1B7B95-4A86-4605-A628-556394B5580A}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881009) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{3033838D-15E0-4199-8CBD-A7F2057AE653}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{90150000-0016-0409-1000-0000000FF1CE}_Office15.PROPLUS_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881035) 64-Bit Edition (HKLM\...\{90150000-0090-0409-1000-0000000FF1CE}_Office15.PROPLUS_{885C981B-F1E3-430A-A099-31CA9D28C251}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881039) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{C675FC43-E413-49A7-B3DC-44967B4FE22D}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2881081) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{3BE27413-9FFE-4AB1-9013-344E111E718F}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{E919ACF4-A1D7-4CAA-A103-5EB115563721}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883049) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{39D9DAC1-16A7-430A-B2F3-4D3D000454D0}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 64-Bit Edition (HKLM\...\{90150000-001F-0409-1000-0000000FF1CE}_Office15.PROPLUS_{F9C35D99-CA8E-4D17-B785-66AC654D5664}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 64-Bit Edition (HKLM\...\{90150000-001F-040C-1000-0000000FF1CE}_Office15.PROPLUS_{18C53DCB-FA98-4A7B-BC2E-6DA30D4E4901}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2883060) 64-Bit Edition (HKLM\...\{90150000-001F-0C0A-1000-0000000FF1CE}_Office15.PROPLUS_{6E2862B8-C10A-4FD0-9B82-8D9761301AAA}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2889848) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{A9D59DD4-0591-447A-AEEB-DC1FEE5502BF}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2889848) 64-Bit Edition (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}_Office15.PROPLUS_{A9D59DD4-0591-447A-AEEB-DC1FEE5502BF}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2889848) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{A9D59DD4-0591-447A-AEEB-DC1FEE5502BF}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2889862) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{CC0535B0-340B-4740-A63D-DBBE389DC83A}) (Version:  - Microsoft)
Update for Microsoft Office 2013 (KB2889862) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{CC0535B0-340B-4740-A63D-DBBE389DC83A}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2883066) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{5E9FA8D8-45A9-4223-A5A8-285CB6188592}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2883066) 64-Bit Edition (HKLM\...\{90150000-00BA-0409-1000-0000000FF1CE}_Office15.PROPLUS_{5E9FA8D8-45A9-4223-A5A8-285CB6188592}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2883066) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{5E9FA8D8-45A9-4223-A5A8-285CB6188592}) (Version:  - Microsoft)
Update for Microsoft OneDrive for Business (KB2883066) 64-Bit Edition (HKLM\...\{90150000-00C1-0409-1000-0000000FF1CE}_Office15.PROPLUS_{5E9FA8D8-45A9-4223-A5A8-285CB6188592}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{BFD66A5D-F608-441E-9282-41E13F5E7412}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 64-Bit Edition (HKLM\...\{90150000-00A1-0409-1000-0000000FF1CE}_Office15.PROPLUS_{BFD66A5D-F608-441E-9282-41E13F5E7412}) (Version:  - Microsoft)
Update for Microsoft OneNote 2013 (KB2881082) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{BFD66A5D-F608-441E-9282-41E13F5E7412}) (Version:  - Microsoft)
Update for Microsoft Outlook 2013 (KB2880470) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{34A169EC-990A-4DAE-AC65-9F981158B7DB}) (Version:  - Microsoft)
Update for Microsoft Outlook 2013 (KB2880470) 64-Bit Edition (HKLM\...\{90150000-001A-0409-1000-0000000FF1CE}_Office15.PROPLUS_{34A169EC-990A-4DAE-AC65-9F981158B7DB}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2889847) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{7F1008C2-8C87-497F-B6D8-56B53DA0FAB3}) (Version:  - Microsoft)
Update for Microsoft PowerPoint 2013 (KB2889847) 64-Bit Edition (HKLM\...\{90150000-0018-0409-1000-0000000FF1CE}_Office15.PROPLUS_{7F1008C2-8C87-497F-B6D8-56B53DA0FAB3}) (Version:  - Microsoft)
Update for Microsoft Publisher 2013 (KB2880999) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{C07147B9-CC0B-4CC1-A107-A705889A54F2}) (Version:  - Microsoft)
Update for Microsoft Publisher 2013 (KB2880999) 64-Bit Edition (HKLM\...\{90150000-0019-0409-1000-0000000FF1CE}_Office15.PROPLUS_{C07147B9-CC0B-4CC1-A107-A705889A54F2}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{8E5CD68A-CDF8-4930-88DF-B7778B1871A9}) (Version:  - Microsoft)
Update for Microsoft Visio Viewer 2013 (KB2817301) 64-Bit Edition (HKLM\...\{90150000-006E-0409-1000-0000000FF1CE}_Office15.PROPLUS_{8E5CD68A-CDF8-4930-88DF-B7778B1871A9}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2878319) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{BC51FE30-3A56-4802-8D9E-E9BC05B56B49}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2889852) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{01839F84-E94C-4E47-BEBE-95DF9CAE5FF3}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2889852) 64-Bit Edition (HKLM\...\{90150000-001A-0409-1000-0000000FF1CE}_Office15.PROPLUS_{01839F84-E94C-4E47-BEBE-95DF9CAE5FF3}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2889852) 64-Bit Edition (HKLM\...\{90150000-001B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{01839F84-E94C-4E47-BEBE-95DF9CAE5FF3}) (Version:  - Microsoft)
Update for Microsoft Word 2013 (KB2889852) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{01839F84-E94C-4E47-BEBE-95DF9CAE5FF3}) (Version:  - Microsoft)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
Windows Driver Package - ASUS (ATP) Mouse  (01/10/2013 1.0.0.170) (HKLM\...\4A9DE1E9EBC800B7F01739D4DE7363EF6751BDF5) (Version: 01/10/2013 1.0.0.170 - ASUS)
Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live 程式集 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Windows Live 软件包 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.42.0 - ASUS)
WinRAR 5.01 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
影像中心 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
照片库 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-1475242226-3908716180-2918384607-1002_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\willk_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1475242226-3908716180-2918384607-1002_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\willk_000\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1475242226-3908716180-2918384607-1002_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\willk_000\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1475242226-3908716180-2918384607-1002_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\willk_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1475242226-3908716180-2918384607-1002_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\willk_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1475242226-3908716180-2918384607-1002_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\willk_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1475242226-3908716180-2918384607-1002_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\willk_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1475242226-3908716180-2918384607-1002_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\willk_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1475242226-3908716180-2918384607-1002_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\willk_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1475242226-3908716180-2918384607-1002_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\willk_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1475242226-3908716180-2918384607-1002_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\willk_000\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-1475242226-3908716180-2918384607-1002_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\willk_000\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
 
==================== Restore Points  =========================
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2014-09-18 09:14 - 00000768 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {05D53BBE-E068-4F71-B5D0-5BE699DE7B66} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
Task: {090E3AD5-FA9C-4F19-A504-7F983E1595CD} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1475242226-3908716180-2918384607-1002UA => C:\Users\willk_000\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {11E40DBE-8791-4FA3-9165-450A3C0BF058} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-09-17] (Microsoft Corporation)
Task: {1406B0AF-3731-49F8-9375-7933245ADA2A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-27] (Google Inc.)
Task: {1F53878E-BE34-4C57-BC28-C0F4ED4CC1B5} - System32\Tasks\ASUS InstantOn Config => C:\Program Files\ASUS\P4G\InsOnCfg.exe
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {256D4682-3D06-4F31-99C6-34BAECEB782E} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2013-01-04] ()
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {31B25C71-5B67-470C-B6F8-08233DFCEA47} - \TidyNetwork Update No Task File <==== ATTENTION
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {46BFACBE-B80D-4124-87AD-7B6DAA531E53} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2013-03-26] (ASUSTek Computer Inc.)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {4F2DD9FB-E48F-4F47-B76E-0DFD5426AEBA} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-03-20] (ASUSTeK Computer Inc.)
Task: {51A2EDD8-DFA7-4714-BA3A-9A7010209812} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
Task: {581DDF49-18C9-4F1F-9B7D-70DC7EDD5921} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {66D33AB2-ACE6-443E-96AC-86E643B81892} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {679807D8-64E4-4384-921E-151F1BEA1C86} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2013-04-29] (ASUS)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {7645B26F-9C55-4421-8705-AA31A1FE4182} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-02-22] (Microsoft Corporation)
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {7986B23C-C36A-45D2-897D-BB5F38450FB3} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
Task: {7FC97721-3C4F-44C7-B117-345DFC6F2528} - System32\Tasks\AdobeAAMUpdater-1.0-MicrosoftAccount-willkrokey@yahoo.com => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-12-15] (Adobe Systems Incorporated)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {92887E73-9B83-4324-8FF7-2A78AD588A04} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2013-03-20] (ASUSTeK Computer Inc.)
Task: {9D189A67-D130-4D52-B327-97177C217ACA} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {A6AF5B42-259C-4B6E-9E7F-E00E9E65D460} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2012-11-28] (ASUS)
Task: {A96C34DB-CB7B-436C-B4BD-35B0EC469081} - System32\Tasks\ASUS Splendid ColorU => C:\Program Files (x86)\ASUS\Splendid\ColorUService.exe [2013-02-26] (ASUSTeK Computer Inc.)
Task: {B7853BEA-D882-4A61-88E8-2F0B80B4ACC7} - System32\Tasks\GlaryInitialize 4 => C:\Program Files (x86)\Glary Utilities 4\Initialize.exe [2013-12-23] (Glarysoft Ltd)
Task: {B8831AC5-A765-4294-906F-B8465C5560EE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1475242226-3908716180-2918384607-1002Core => C:\Users\willk_000\AppData\Local\Google\Update\GoogleUpdate.exe
Task: {BD143C72-512B-4831-9751-A3CC7F9094DB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-12-27] (Google Inc.)
Task: {C85E7DF6-0198-47AA-AF27-D72C90E1CD37} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DAB77908-050D-46B4-ABBB-5B632182DE18} - System32\Tasks\ASUS Touchpad Launcher (x64) => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2013-04-29] (AsusTek)
Task: {DD3B8357-96EE-4572-8E47-E4B23D008297} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: C:\Windows\Tasks\GlaryInitialize 4.job => C:\Program Files (x86)\Glary Utilities 4\Initialize.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1475242226-3908716180-2918384607-1002Core.job => C:\Users\willk_000\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1475242226-3908716180-2918384607-1002UA.job => C:\Users\willk_000\AppData\Local\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-12-30 09:16 - 2012-08-31 16:03 - 00288768 _____ () C:\Windows\System32\HP1100LM.DLL
2013-12-30 09:16 - 2012-08-31 16:02 - 00074240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\HP1100PP.DLL
2014-02-01 18:30 - 2009-11-04 14:18 - 00189440 _____ () C:\Windows\system32\spool\PRTPROCS\x64\lxecdrpp.dll
2013-12-30 09:16 - 2012-08-31 16:02 - 01038336 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\HP1100GC.dll
2013-12-30 09:16 - 2012-08-31 16:03 - 03034112 _____ () C:\Windows\system32\spool\DRIVERS\x64\3\hp1100su.dll
2012-12-19 02:10 - 2012-12-19 02:10 - 00072192 _____ () C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
2013-04-29 20:03 - 2013-04-29 20:03 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2014-07-27 11:41 - 2014-07-27 11:41 - 08892576 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-09-11 20:40 - 2014-09-11 20:40 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20605_x64__8wekyb3d8bbwe\ErrorReporting.dll
2014-09-18 11:34 - 2014-09-18 11:34 - 00043008 _____ () c:\Users\willk_000\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0prhsa.dll
2013-08-23 15:01 - 2013-08-23 15:01 - 25100288 _____ () C:\Users\willk_000\AppData\Roaming\Dropbox\bin\libcef.dll
2013-11-15 01:38 - 2013-01-23 03:57 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\TEMP\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\wdkrokey\SkyDrive:ms-properties
AlternateDataStreams: C:\Users\willk_000\SkyDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\71297129.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\71297129.sys => ""="Driver"
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "XboxStat"
HKCU\...\StartupApproved\StartupFolder: => "Logitech . Product Registration.lnk"
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (09/18/2014 10:33:42 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
 
Error: (09/18/2014 10:33:40 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
 
Error: (09/18/2014 10:33:35 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
 
Error: (09/18/2014 10:33:34 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.
 
Error: (09/18/2014 08:22:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AsusVibeLauncher.exe, version: 1.0.0.10, time stamp: 0x504082d7
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0xe94b2e98
Faulting process id: 0xd1c
Faulting application start time: 0xAsusVibeLauncher.exe0
Faulting application path: AsusVibeLauncher.exe1
Faulting module path: AsusVibeLauncher.exe2
Report Id: AsusVibeLauncher.exe3
Faulting package full name: AsusVibeLauncher.exe4
Faulting package-relative application ID: AsusVibeLauncher.exe5
 
Error: (09/18/2014 08:14:16 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154
 
Error: (09/17/2014 01:50:40 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17200_none_fa7026dd9b04586e\TiWorker.exe -Embedding; Description = Windows Modules Installer; Error = 0x80070422).
 
Error: (09/17/2014 01:50:38 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17200_none_fa7026dd9b04586e\TiWorker.exe -Embedding; Description = Windows Modules Installer; Error = 0x80070422).
 
Error: (09/17/2014 01:50:29 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80070422).
 
Error: (09/17/2014 01:50:25 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: WILLPC)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
 
System errors:
=============
Error: (09/18/2014 09:11:53 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\SysWow64\drivers\TrueSight.sys
 
Error: (09/17/2014 03:49:56 PM) (Source: DCOM) (EventID: 10005) (User: WILLPC)
Description: 1084WSearchUnavailable{9E175B68-F52A-11D8-B9A5-505054503030}
 
Error: (09/17/2014 03:49:55 PM) (Source: DCOM) (EventID: 10005) (User: WILLPC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}
 
Error: (09/17/2014 03:46:57 PM) (Source: DCOM) (EventID: 10005) (User: WILLPC)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (09/17/2014 03:46:57 PM) (Source: DCOM) (EventID: 10005) (User: WILLPC)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (09/17/2014 03:46:57 PM) (Source: DCOM) (EventID: 10005) (User: WILLPC)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (09/17/2014 03:46:57 PM) (Source: DCOM) (EventID: 10005) (User: WILLPC)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (09/17/2014 03:46:50 PM) (Source: DCOM) (EventID: 10005) (User: WILLPC)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (09/17/2014 03:46:50 PM) (Source: DCOM) (EventID: 10005) (User: WILLPC)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
Error: (09/17/2014 03:46:50 PM) (Source: DCOM) (EventID: 10005) (User: WILLPC)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}
 
 
Microsoft Office Sessions:
=========================
Error: (09/18/2014 10:33:42 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\willk_000\Downloads\esetsmartinstaller_enu.exe
 
Error: (09/18/2014 10:33:40 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\willk_000\Downloads\esetsmartinstaller_enu.exe
 
Error: (09/18/2014 10:33:35 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\willk_000\Downloads\esetsmartinstaller_enu.exe
 
Error: (09/18/2014 10:33:34 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\willk_000\Downloads\esetsmartinstaller_enu.exe
 
Error: (09/18/2014 08:22:20 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: AsusVibeLauncher.exe1.0.0.10504082d7unknown0.0.0.000000000c0000005e94b2e98d1c01cfd33b3084478fC:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exeunknown6f5d417c-3f2e-11e4-bece-bcee7b0f140c
 
Error: (09/18/2014 08:14:16 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154
 
Error: (09/17/2014 01:50:40 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17200_none_fa7026dd9b04586e\TiWorker.exe -EmbeddingWindows Modules Installer0x80070422
 
Error: (09/17/2014 01:50:38 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17200_none_fa7026dd9b04586e\TiWorker.exe -EmbeddingWindows Modules Installer0x80070422
 
Error: (09/17/2014 01:50:29 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x80070422
 
Error: (09/17/2014 01:50:25 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: WILLPC)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927141
 
 
CodeIntegrity Errors:
===================================
  Date: 2014-09-17 13:57:07.691
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-01-23 04:43:02.709
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-01-23 04:42:27.746
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-01-02 13:37:35.059
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-01-02 13:37:35.043
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-01-02 13:37:34.949
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-01-02 13:37:34.887
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-01-02 13:37:34.871
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-01-02 13:37:34.856
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2014-01-02 13:37:34.746
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-4700HQ CPU @ 2.40GHz
Percentage of memory in use: 19%
Total physical RAM: 8077.07 MB
Available physical RAM: 6489.53 MB
Total Pagefile: 9357.07 MB
Available Pagefile: 7822.34 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:86.83 GB) (Free:29.99 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: () (Removable) (Total:58.14 GB) (Free:7.69 GB) FAT32
Drive e: (DATA) (Fixed) (Total:124.94 GB) (Free:106.82 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 03F69786)
 
Partition: GPT Partition Type.
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 58.2 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=58.2 GB) - (Type=0C)
 
==================== End Of Log ============================

 

 


#4 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:04 PM

Posted 18 September 2014 - 10:51 AM

What problems do remain now?

#5 strikewun

strikewun
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:04 PM

Posted 18 September 2014 - 10:58 AM

What problems do remain now?

 

Yes. 

 

I am still getting popups from sites like trknck, oclktrk, soft28, softwareupdaterlp etc, etc



#6 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:04 PM

Posted 18 September 2014 - 11:08 AM

What browsers are affected?

#7 strikewun

strikewun
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:04 PM

Posted 18 September 2014 - 11:20 AM

What browsers are affected?

 

 

Chrome atm. When he gave me the laptop, Explorer wasn't working because the proxy setting was set to 127.0.0.1:5050 and I reset it back to default to make it work again. I've uninstalled and reinstalled chrome multiple times and the same problem still persists.  



#8 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:04 PM

Posted 18 September 2014 - 06:07 PM

Still the same after this?


Please download this attached Attached File  fixlist.txt   958bytes   5 downloads and save it in the same directory as FRST.
  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.


#9 strikewun

strikewun
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:02:04 PM

Posted 19 September 2014 - 11:23 AM

Still the same after this?


Please download this attached attachicon.giffixlist.txt and save it in the same directory as FRST.

  • Start FRST with Administrator privileges.
  • Press the Fix button.
  • When finished, a log file (Fixlog.txt) pops up and is saved to the same location the tool was run from.
    Please copy and paste its contents in your next reply.

 

 

 

I'm sorry, i forgot to give you an update. 

 

2 steps from here seems to have gotten rid of the problem. I ran Hitman Pro along with you all help. Thank you very much! 



#10 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:04 PM

Posted 19 September 2014 - 04:08 PM

Ok, thanks for letting me know.

#11 aharonov

aharonov

  • Malware Response Team
  • 2,441 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:04 PM

Posted 19 September 2014 - 04:08 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users