Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Ads popping up everywhere on websites


  • This topic is locked This topic is locked
18 replies to this topic

#1 creechling

creechling

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Alaska
  • Local time:12:14 AM

Posted 03 October 2014 - 01:16 PM

Hello,

 

I appear to be having a malware issue that refuses to be removed and the problem site these ads seem to stem from is called coupondropdown. After following a handfull of pre-existing how-to's I've still come up with a whole lot of nothing in terms of results.

 

I started by looking through my chrome extensions and it isn't there to be removed. I've tried looking for it in add/remove programs and am unable to find it, or any suspicious programs that would need removing. I used Malwarebytes and adwcleaner, both of which found a few things and removed them. I've run my anti-virus software, ESET Nod 32, and it has come up with nothing. The ads are still persisting and I'm at the end of my computer knowledge and am in need of some assistance. I can if needed do a system restore to 10/01/2014, but it's showing that the coupon files would be reinstalled as it was before I ran adwcleaner. 

 

I have attached the logs from the DDS run per the preparation guide instructions as well as the log from my malwarebytes run. 

 

Highlighted below are how the ads present themselves in my web browser: 

 

tumblr_ncvrsw6Hq21tfpwz1o1_500.jpg

 

Any and all help is greatly appreciated.

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,417 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:14 AM

Posted 04 October 2014 - 01:36 PM

:welcome:

Hello creechling,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Logs can take a while to research, so please be patient.
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


1. Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


2. Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right-click FRST / FSRT64 then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.



***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 creechling

creechling
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Alaska
  • Local time:12:14 AM

Posted 05 October 2014 - 12:24 PM

Security Log:

 

 Results of screen317's Security Check version 0.99.88  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
ESET NOD32 Antivirus 7.0   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 MVPS Hosts File  
 Spybot - Search & Destroy 
  Adobe Flash Player 11.8.800.94 Flash Player out of Date!  
 Mozilla Firefox 27.0.1 Firefox out of Date!  
 Google Chrome 37.0.2062.120  
 Google Chrome 37.0.2062.124  
````````Process Check: objlist.exe by Laurent````````  
 ESET NOD32 Antivirus egui.exe  
 ESET NOD32 Antivirus ekrn.exe  
 Spybot Teatimer.exe is disabled! 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 0% 
````````````````````End of Log`````````````````````` 


#4 creechling

creechling
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Alaska
  • Local time:12:14 AM

Posted 05 October 2014 - 12:26 PM

FRST Log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-10-2014
Ran by Creechling (administrator) on MALUS on 05-10-2014 09:14:19
Running from C:\Users\Creechling\Desktop
Loaded Profile: Creechling (Available profiles: Creechling)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Cucusoft, Inc.) C:\Program Files\Cucusoft\AutoUpdate\AutoUpdateSrvc.exe
() C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(PasswordBox, Inc.) C:\Program Files (x86)\PasswordBox\pbbtnService.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Paltiosoft Inc.) C:\Program Files (x86)\SoftDenchi\UCManSvc.exe
(Tablet Driver) C:\Windows\System32\drivers\WTSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
() C:\Program Files (x86)\Free Desktop Timer\DesktopTimer.exe
(Sony Computer Entertainment Inc.) C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe
(Sony Computer Entertainment Inc.) C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\ink\InputPersonalization.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunes.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceHelper.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\ATH.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2011-12-13] (Hewlett-Packard )
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-04-24] (IDT, Inc.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5618456 2013-09-12] (ESET)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630912 2012-01-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-08-12] (PDF Complete Inc)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [WTClient] => C:\Windows\SysWOW64\WTClient.exe [32768 2009-10-30] (Tablet Driver)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [38984 2013-05-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840768 2013-05-09] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2012-01-26] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [642664 2013-12-24] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863848 2013-12-24] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-09-26] (Hewlett-Packard)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2923819935-773575165-2828370058-1001\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-02-23] ()
HKU\S-1-5-21-2923819935-773575165-2828370058-1001\...\Run: [Driver Updater] => C:\Program Files (x86)\Carambis\Driver Updater\dupdater.exe [2995896 2012-12-24] (MEDIA FOG LTD.)
HKU\S-1-5-21-2923819935-773575165-2828370058-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-2923819935-773575165-2828370058-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKU\S-1-5-21-2923819935-773575165-2828370058-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [357696 2010-04-01] (DT Soft Ltd)
HKU\S-1-5-21-2923819935-773575165-2828370058-1001\...\Run: [FreeDesktopTimer] => C:\Program Files (x86)\Free Desktop Timer\DesktopTimer.exe [623616 2013-01-26] ()
HKU\S-1-5-21-2923819935-773575165-2828370058-1001\...\MountPoints2: {0120a0cf-61e4-11e3-8d83-78e3b5af89d8} - F:\LaunchU3.exe -a
HKU\S-1-5-21-2923819935-773575165-2828370058-1001\...\MountPoints2: {2d7d30e6-b2fd-11e3-a380-78e3b5af89d8} - F:\DMMdSetup.exe
HKU\S-1-5-21-2923819935-773575165-2828370058-1001\...\MountPoints2: {a1aa6114-39f7-11e4-a424-78e3b5af89d8} - K:\LaunchU3.exe -a
HKU\S-1-5-21-2923819935-773575165-2828370058-1001\...\MountPoints2: {d393f763-7e85-11e2-a258-806e6f6e6963} - E:\setup.exe
HKU\S-1-5-21-2923819935-773575165-2828370058-1001\...\MountPoints2: {ff32e1ea-b63e-11e2-b4ea-78e3b5af89d8} - J:\CMADownloader.exe
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
AppInit_DLLs: C:\PROGRA~3\WINWEB~1\WINWEB~2.DLL => C:\PROGRA~3\WINWEB~1\WINWEB~2.DLL File Not Found
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Content Manager Assistant for PlayStation®.lnk
ShortcutTarget: Content Manager Assistant for PlayStation®.lnk -> C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe (Sony Computer Entertainment Inc.)
Startup: C:\Users\Creechling\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Creechling\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Creechling\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)
ShellIconOverlayIdentifiers: [1BingDesktopOverlays] -> {B82655E9-B81D-4A97-8154-0D84A4C048E4} => C:\ProgramData\Microsoft\BingDesktop\BingCore\BingDesktopOverlays.dll No File
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPDSK/1
SearchScopes: HKCU - {83358041-A6D3-4EC3-9A71-8B929CC219CD} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}
BHO: SfKpCouponApp -> {01EDDBE4-74B6-C84A-A6E4-D70697FDA7AE} -> C:\Program Files (x86)\SfKpCouponApp\0jUv3f2A04.x64.dll No File
BHO: HDvid Codec V6.0 -> {11111111-1111-1111-1111-110411591171} -> C:\Program Files (x86)\HDvid Codec V6.0\HDvid Codec V6.0-bho64.dll No File
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> c:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: PasswordBox Helper -> {5DB69B97-934B-451D-94DB-32EF802A01CD} -> C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> c:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Extension: HDvid Codec V6.0 - C:\Users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\Extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com [2014-02-21]
FF Extension: Firefox Old Version Update Hotfix - C:\Users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\Extensions\firefox-hotfix@mozilla.org.xpi [2014-09-01]
FF Extension: XKit - C:\Users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\Extensions\xkit@studioxenix.com.xpi [2014-02-21]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-11-26]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-11-26]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2014-02-21]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-04-20]
FF HKLM-x32\...\Firefox\Extensions: [firefox@passwordbox.com] - C:\Program Files (x86)\PasswordBox\Firefox
FF Extension: PasswordBox - C:\Program Files (x86)\PasswordBox\Firefox [2013-11-20]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
 
Chrome: 
=======
CHR Profile: C:\Users\Creechling\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Creechling\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-02-23]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Creechling\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (XKit) - C:\Users\Creechling\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpfgeeomkfdefkckijiabdbogjkdaecd [2014-05-02]
CHR Extension: (AVG Secure Search) - C:\Users\Creechling\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof [2014-10-03]
CHR Extension: (Google Wallet) - C:\Users\Creechling\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-06]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2011-08-16] (Hewlett-Packard) [File not signed]
R2 CS_AutoUpdate; C:\Program Files\Cucusoft\AutoUpdate\AutoUpdateSrvc.exe [44696 2012-07-17] (Cucusoft, Inc.)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [1868432 2012-12-24] ()
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1337752 2013-09-12] (ESET)
S2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2014-05-14] (PasswordBox, Inc.) [File not signed]
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-08-12] (PDF Complete Inc)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 UCManSvc; C:\Program Files (x86)\SoftDenchi\UCManSvc.exe [241808 2010-03-12] (Paltiosoft Inc.) [File not signed]
R2 WinTabService; C:\Windows\System32\Drivers\WTSRV.EXE [73728 2010-06-01] (Tablet Driver) [File not signed]
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [598808 2013-06-05] (Wacom Technology, Corp.)
S2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-15] (AVG Technologies)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [239296 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [157432 2013-09-17] (ESET)
S3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [128856 2013-06-04] (Razer USA Ltd)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2014-03-23] () [File not signed]
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
U3 axrdrvl2; C:\Windows\System32\Drivers\axrdrvl2.sys [0 ] (Microsoft Corporation)
S3 Tablet2k; "%SystemRoot%\System32\Drivers\Tablet2k.sys" [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-05 09:14 - 2014-10-05 09:14 - 00026108 _____ () C:\Users\Creechling\Desktop\FRST.txt
2014-10-05 09:13 - 2014-10-05 09:14 - 00000000 ____D () C:\FRST
2014-10-05 09:13 - 2014-10-05 09:13 - 00001012 _____ () C:\Users\Creechling\Desktop\checkup.txt
2014-10-05 09:04 - 2014-10-05 09:04 - 02109440 _____ (Farbar) C:\Users\Creechling\Desktop\FRST64.exe
2014-10-05 09:01 - 2014-10-05 09:01 - 00854436 _____ () C:\Users\Creechling\Desktop\SecurityCheck.exe
2014-10-04 07:07 - 2014-10-04 07:07 - 00000000 ____D () C:\Users\Creechling\Downloads\rope_pack___collab_with__mjranum_stock_by_senshistock-d6kqqw9
2014-10-04 07:06 - 2014-10-04 07:06 - 31639207 _____ () C:\Users\Creechling\Downloads\rope_pack___collab_with__mjranum_stock_by_senshistock-d6kqqw9.zip
2014-10-04 06:57 - 2014-10-04 06:57 - 03473326 _____ () C:\Users\Creechling\Desktop\Ruka Dreads skin_palette.psd
2014-10-03 10:21 - 2014-10-03 10:22 - 26862160 _____ () C:\Users\Creechling\Downloads\Alex by Katie Hofgard Sample.psd
2014-10-03 06:21 - 2014-10-03 06:22 - 01375089 _____ () C:\Users\Creechling\Downloads\AdwCleaner.exe
2014-10-03 06:21 - 2014-10-03 06:21 - 05582981 _____ (Swearware) C:\Users\Creechling\Downloads\ComboFix.exe
2014-10-03 06:21 - 2014-10-03 06:21 - 00688992 ____R (Swearware) C:\Users\Creechling\Downloads\dds (1).com
2014-10-03 06:21 - 2014-10-03 06:21 - 00688992 _____ (Swearware) C:\Users\Creechling\Downloads\dds.com
2014-10-03 03:55 - 2014-10-03 03:55 - 00016867 _____ () C:\Users\Creechling\Downloads\hijackthis.log
2014-10-03 03:54 - 2014-10-03 03:54 - 00388608 _____ (Trend Micro Inc.) C:\Users\Creechling\Downloads\HijackThis.exe
2014-10-03 03:18 - 2014-09-30 12:43 - 00002254 _____ () C:\Users\Creechling\Desktop\Google Chrome.lnk
2014-10-03 02:55 - 2014-10-03 10:43 - 00000000 ____D () C:\AdwCleaner
2014-10-03 02:55 - 2014-10-03 02:55 - 01375089 _____ () C:\Users\Creechling\Downloads\adwcleaner_3.311.exe
2014-10-01 20:52 - 2014-10-03 06:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-10-01 20:52 - 2014-10-03 06:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-10-01 20:52 - 2014-10-01 20:52 - 00001011 _____ () C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
2014-10-01 20:52 - 2014-10-01 20:52 - 00000000 ____D () C:\Users\Creechling\AppData\Roaming\Malwarebytes
2014-10-01 20:52 - 2014-10-01 20:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-01 20:52 - 2009-04-06 15:32 - 00038496 _____ (Malwarebytes Corporation) C:\Windows\SysWOW64\Drivers\mbamswissarmy.sys
2014-10-01 20:52 - 2009-04-06 15:32 - 00015504 _____ (Malwarebytes Corporation) C:\Windows\SysWOW64\Drivers\mbam.sys
2014-10-01 20:05 - 2014-10-04 05:11 - 03258624 _____ () C:\Users\Creechling\Desktop\halloween Zen.psd
2014-10-01 18:25 - 2014-10-01 18:25 - 06163830 _____ (Guillaume Stordeur ) C:\Users\Creechling\Downloads\LazyNezumiPro_Setup (6).exe
2014-09-30 12:43 - 2014-10-04 12:43 - 00003304 _____ () C:\Windows\System32\Tasks\Chrome Launcher
2014-09-30 12:43 - 2014-09-30 12:43 - 00000000 ____D () C:\Program Files (x86)\Techsnab
2014-09-26 12:44 - 2014-09-26 12:44 - 02913221 _____ () C:\Users\Creechling\Desktop\Untitled-123.psd
2014-09-26 04:14 - 2014-09-26 04:15 - 00147023 _____ () C:\Users\Creechling\Downloads\adwcleaner_3.310.exe
2014-09-26 04:06 - 2014-09-26 04:06 - 00000000 ____D () C:\Windows\ERUNT
2014-09-26 04:05 - 2014-09-26 04:06 - 01699118 _____ (Thisisu) C:\Users\Creechling\Downloads\JRT.exe
2014-09-26 03:21 - 2014-08-19 10:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-26 03:21 - 2014-08-19 09:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-26 03:21 - 2014-08-18 15:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-26 03:21 - 2014-08-18 14:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-26 03:21 - 2014-08-18 14:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-26 03:21 - 2014-08-18 14:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-26 03:21 - 2014-08-18 14:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-26 03:21 - 2014-08-18 14:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-26 03:21 - 2014-08-18 14:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-26 03:21 - 2014-08-18 14:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-26 03:21 - 2014-08-18 14:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-26 03:21 - 2014-08-18 14:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-26 03:21 - 2014-08-18 14:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-26 03:21 - 2014-08-18 14:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-26 03:21 - 2014-08-18 14:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-26 03:21 - 2014-08-18 14:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-26 03:21 - 2014-08-18 14:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-26 03:21 - 2014-08-18 14:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-26 03:21 - 2014-08-18 14:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-26 03:21 - 2014-08-18 13:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-26 03:21 - 2014-08-18 13:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-26 03:21 - 2014-08-18 13:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-26 03:21 - 2014-08-18 13:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-26 03:21 - 2014-08-18 13:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-26 03:21 - 2014-08-18 13:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-26 03:21 - 2014-08-18 13:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-26 03:21 - 2014-08-18 13:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-26 03:21 - 2014-08-18 13:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-26 03:21 - 2014-08-18 13:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-26 03:21 - 2014-08-18 13:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-26 03:21 - 2014-08-18 13:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-26 03:21 - 2014-08-18 13:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-26 03:21 - 2014-08-18 13:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-26 03:21 - 2014-08-18 13:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-26 03:21 - 2014-08-18 13:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-26 03:21 - 2014-08-18 13:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-26 03:21 - 2014-08-18 13:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-26 03:21 - 2014-08-18 13:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-26 03:21 - 2014-08-18 13:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-26 03:21 - 2014-08-18 13:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-26 03:21 - 2014-08-18 13:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-26 03:21 - 2014-08-18 13:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-26 03:21 - 2014-08-18 13:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-26 03:21 - 2014-08-18 13:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-26 03:21 - 2014-08-18 13:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-26 03:21 - 2014-08-18 13:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-26 03:21 - 2014-08-18 13:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-26 03:21 - 2014-08-18 13:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-26 03:21 - 2014-08-18 13:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-26 03:21 - 2014-08-18 13:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-26 03:21 - 2014-08-18 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-26 03:21 - 2014-08-18 12:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-26 03:21 - 2014-08-18 12:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-26 03:21 - 2014-08-18 12:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-26 03:21 - 2014-08-18 12:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-26 03:21 - 2014-08-18 12:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-25 11:45 - 2014-09-25 11:46 - 00985600 _____ () C:\Users\Creechling\Downloads\MicrosoftFixit50123.msi
2014-09-25 11:42 - 2014-09-25 11:42 - 00000000 ____D () C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2014-09-25 11:36 - 2014-06-26 18:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-25 11:36 - 2014-06-26 17:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-25 10:57 - 2014-07-06 18:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-25 10:57 - 2014-07-06 18:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-25 10:57 - 2014-07-06 17:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-25 10:57 - 2014-07-06 17:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-25 10:57 - 2014-07-06 17:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-25 10:56 - 2014-09-09 14:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-25 10:56 - 2014-09-09 13:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-25 10:56 - 2014-09-04 18:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-25 10:56 - 2014-09-04 18:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-25 10:56 - 2014-08-01 03:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-25 10:56 - 2014-08-01 03:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-25 10:56 - 2014-06-23 19:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-25 10:56 - 2014-06-23 18:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-25 10:25 - 2014-09-25 10:25 - 00000743 _____ () C:\Windows\SysWOW64\debug.log
2014-09-25 09:57 - 2014-09-25 09:57 - 00001111 _____ () C:\Users\Public\Desktop\XSplit Broadcaster.lnk
2014-09-25 09:57 - 2014-09-25 09:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit
2014-09-25 09:57 - 2014-09-25 09:57 - 00000000 ____D () C:\Program Files (x86)\SplitMediaLabs
2014-09-25 09:30 - 2014-09-25 09:30 - 00000000 ____D () C:\Users\Creechling\AppData\Local\SplitMediaLabs
2014-09-25 09:30 - 2014-09-25 09:30 - 00000000 ____D () C:\ProgramData\SplitMediaLabs
2014-09-25 09:29 - 2014-09-25 09:29 - 00000000 ____D () C:\Users\Creechling\AppData\Roaming\SplitMediaLabs
2014-09-25 09:03 - 2014-09-25 09:29 - 37431960 _____ (SplitMediaLabs) C:\Users\Creechling\Downloads\xsplit_installer_v1.2.1311.1201.exe
2014-09-25 08:58 - 2014-10-04 07:05 - 00000000 ____D () C:\Users\Creechling\Desktop\50 Pose Challenge
2014-09-23 17:37 - 2014-09-23 17:37 - 00582604 _____ () C:\Users\Creechling\Downloads\686142.zip
2014-09-23 17:37 - 2014-09-23 17:37 - 00000000 ____D () C:\Users\Creechling\Downloads\686142
2014-09-21 12:49 - 2014-09-21 12:49 - 00620009 _____ () C:\Users\Creechling\Downloads\rasen_painting_brushes_by_rasen-d7zybf2.abr
2014-09-19 12:41 - 2014-10-01 12:41 - 00070144 _____ () C:\Windows\SysWOW64\tasks.dll
2014-09-18 12:42 - 2014-09-18 12:42 - 00876040 _____ () C:\Users\Creechling\Downloads\Godzilla (2014) DVDRip XviD-MAX (1).exe
2014-09-18 12:41 - 2014-09-18 12:41 - 00003354 _____ () C:\Windows\System32\Tasks\Eakona Update
2014-09-18 12:41 - 2014-09-18 12:41 - 00003260 _____ () C:\Windows\System32\Tasks\GPUP
2014-09-18 12:41 - 2014-09-18 12:41 - 00000000 ____D () C:\ProgramData\Eakona
2014-09-18 12:40 - 2014-09-18 12:40 - 00876040 _____ () C:\Users\Creechling\Downloads\Godzilla (2014) DVDRip XviD-MAX.exe
2014-09-16 23:26 - 2014-09-16 23:26 - 00024290 _____ () C:\Users\Creechling\Downloads\[BakaBT.149973v1] Chi's New Address.torrent
2014-09-16 23:26 - 2014-09-16 23:26 - 00021556 _____ () C:\Users\Creechling\Downloads\[BakaBT.141683v1] Chi's Sweet Home.torrent
2014-09-11 12:45 - 2014-09-11 12:45 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-11 12:45 - 2014-09-11 12:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-11 12:45 - 2014-09-11 12:45 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-11 12:45 - 2014-09-11 12:45 - 00000000 ____D () C:\Program Files\iTunes
2014-09-11 12:45 - 2014-09-11 12:45 - 00000000 ____D () C:\Program Files\iPod
2014-09-11 12:45 - 2014-09-11 12:45 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-11 12:39 - 2014-09-11 12:40 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-09-11 12:39 - 2014-09-11 12:39 - 00001847 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-09-11 12:39 - 2014-09-11 12:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-09-08 12:40 - 2014-09-08 12:40 - 00007609 _____ () C:\Users\Creechling\AppData\Local\Resmon.ResmonCfg
2014-09-05 11:02 - 2014-09-05 11:02 - 00000000 ____D () C:\Users\Creechling\AppData\Local\Logitech® Webcam Software
2014-09-05 11:00 - 2014-10-03 02:50 - 00000000 ____D () C:\Users\Creechling\AppData\Local\LogiShrd
2014-09-05 11:00 - 2014-09-05 11:00 - 00000000 ____D () C:\Users\Creechling\Documents\SightSpeed Recordings
2014-09-05 10:59 - 2014-09-05 10:59 - 00004560 _____ () C:\Windows\LDPINST.LOG
2014-09-05 10:59 - 2014-09-05 10:59 - 00000000 ____D () C:\ProgramData\Logitech
2014-09-05 10:58 - 2014-10-03 02:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2014-09-05 10:58 - 2014-10-03 02:50 - 00000000 ____D () C:\Program Files (x86)\Logitech
2014-09-05 10:58 - 2014-09-05 10:58 - 00001626 _____ () C:\Users\Public\Desktop\Logitech Webcam Software  .lnk
2014-09-05 10:58 - 2014-09-05 10:58 - 00000000 ____D () C:\ProgramData\LogiShrd
2014-09-05 10:53 - 2014-09-05 11:00 - 00017363 _____ () C:\Windows\system32\lvcoinst.log
2014-09-05 10:53 - 2014-09-05 11:00 - 00000000 ____D () C:\Program Files\Common Files\logishrd
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-05 08:50 - 2014-09-02 09:45 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-05 04:59 - 2013-02-23 07:40 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{E4A45156-4B54-4681-ABD3-11B8F3D496DA}
2014-10-05 02:15 - 2013-02-23 06:32 - 01138469 _____ () C:\Windows\WindowsUpdate.log
2014-10-05 02:00 - 2013-03-08 19:41 - 00000000 ____D () C:\Users\Creechling\AppData\Local\Adobe
2014-10-04 23:33 - 2014-04-18 07:40 - 00000000 ___RD () C:\Users\Creechling\Dropbox
2014-10-04 14:10 - 2013-05-10 21:32 - 00000132 _____ () C:\Users\Creechling\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-10-04 12:43 - 2014-09-02 09:46 - 00002254 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-04 12:33 - 2009-07-13 20:51 - 00100723 _____ () C:\Windows\setupact.log
2014-10-04 11:45 - 2009-07-13 20:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-04 11:45 - 2009-07-13 20:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-04 09:50 - 2014-09-02 09:45 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-04 06:41 - 2014-07-11 09:15 - 12532384 _____ () C:\Users\Creechling\Desktop\ruka dreads.psd
2014-10-04 06:21 - 2014-09-03 10:05 - 135813784 _____ () C:\Users\Creechling\Desktop\katieDan_KingQueen.psd
2014-10-04 05:14 - 2013-07-23 12:53 - 00000000 ____D () C:\Users\Creechling\Desktop\PS
2014-10-04 05:13 - 2013-06-13 11:58 - 00000000 ____D () C:\Users\Creechling\Desktop\New folder
2014-10-03 11:35 - 2013-02-23 07:51 - 00000000 ____D () C:\Users\Creechling\AppData\Local\PMB Files
2014-10-03 11:05 - 2014-04-18 05:58 - 00000000 ____D () C:\Users\Creechling\AppData\Roaming\Dropbox
2014-10-03 10:51 - 2009-07-13 21:13 - 00783170 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-03 10:45 - 2012-07-13 12:51 - 00000000 ____D () C:\ProgramData\PDFC
2014-10-03 10:44 - 2013-09-17 14:52 - 00000000 ____D () C:\Users\Creechling\AppData\Local\AVG SafeGuard toolbar
2014-10-03 10:44 - 2010-11-20 19:47 - 00780742 _____ () C:\Windows\PFRO.log
2014-10-03 10:44 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-03 10:43 - 2013-02-23 06:32 - 00000000 ____D () C:\Users\Creechling
2014-10-03 09:08 - 2013-12-01 11:02 - 00003216 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForCreechling
2014-10-03 09:08 - 2013-12-01 11:02 - 00000352 _____ () C:\Windows\Tasks\HPCeeScheduleForCreechling.job
2014-10-03 06:13 - 2014-09-02 09:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-10-03 06:13 - 2014-01-17 03:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lazy Nezumi Pro
2014-10-03 06:13 - 2014-01-17 03:29 - 00000000 ____D () C:\Program Files (x86)\Lazy Nezumi Pro
2014-10-03 06:13 - 2013-04-17 09:26 - 00000000 ____D () C:\Users\Creechling\AppData\Roaming\Azureus
2014-10-03 06:13 - 2013-02-23 07:36 - 00000000 ____D () C:\Users\Creechling\AppData\Local\VirtualStore
2014-10-03 06:13 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\registration
2014-10-03 02:41 - 2013-04-17 14:11 - 00000000 ____D () C:\Users\Creechling\AppData\Local\CrashDumps
2014-09-30 18:29 - 2014-03-01 15:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
2014-09-28 21:07 - 2014-04-13 13:44 - 00000000 ____D () C:\Users\Creechling\AppData\Roaming\vlc
2014-09-28 19:37 - 2014-08-09 09:51 - 08258847 _____ () C:\Users\Creechling\Desktop\Evan-Recovered.psd
2014-09-28 09:31 - 2013-04-08 16:15 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-09-28 09:31 - 2013-02-24 10:03 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-09-28 08:37 - 2013-05-04 15:38 - 00000000 ____D () C:\Users\Creechling\AppData\Roaming\SoftGrid Client
2014-09-27 10:54 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-26 13:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2014-09-26 03:46 - 2009-07-13 19:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-26 03:43 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-09-26 03:41 - 2013-04-25 09:00 - 00000000 ____D () C:\ProgramData\Razer
2014-09-25 11:42 - 2011-02-11 09:15 - 00767036 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-25 11:41 - 2014-01-17 02:36 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-25 11:37 - 2014-01-17 02:36 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-25 11:36 - 2014-05-07 03:02 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-22 09:14 - 2013-08-05 10:51 - 00000000 ____D () C:\Users\Creechling\AppData\Local\Procaster
2014-09-19 03:52 - 2013-07-23 12:54 - 00000000 ____D () C:\Users\Creechling\Desktop\Images
2014-09-19 02:57 - 2013-10-13 10:14 - 00001456 _____ () C:\Users\Creechling\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-09-17 19:03 - 2014-04-18 07:40 - 00001033 _____ () C:\Users\Creechling\Desktop\Dropbox.lnk
2014-09-17 19:03 - 2014-04-18 05:59 - 00000000 ____D () C:\Users\Creechling\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-15 09:06 - 2010-11-20 19:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-08 12:11 - 2014-01-17 03:29 - 00000000 ____D () C:\Users\Creechling\AppData\Local\Lazy Nezumi Pro
ZeroAccess:
C:\Users\Creechling\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install
 
Some content of TEMP:
====================
C:\Users\Creechling\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpslhlpv.dll
C:\Users\Creechling\AppData\Local\Temp\dufgmr4c.exe
C:\Users\Creechling\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-09-26 00:56
 
==================== End Of Log ============================
 
 
Addition Log:
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 05-10-2014
Ran by Creechling at 2014-10-05 09:15:10
Running from C:\Users\Creechling\Desktop
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: ESET NOD32 Antivirus 7.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: ESET NOD32 Antivirus 7.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
802.11n Wireless LAN Card (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 3.02.03.0 - Ralink)
ABBYY FineReader 9.0 Sprint (HKLM-x32\...\ABBYY FineReader 9.0 Sprint) (Version: 9.01.513.58212 - ABBYY)
ABBYY FineReader 9.0 Sprint (x32 Version: 9.01.513.58212 - ABBYY) Hidden
Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.7 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 6 Master Collection (HKLM-x32\...\{E8AD3069-9EB7-4BA8-8BFE-83F4E69355C0}) (Version: 6 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (x64) (HKLM\...\{421976B6-DEC6-4CA5-941F-F0663B3A2B74}) (Version: 11.1.102.55 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.8.800.94 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Help Manager (x32 Version: 4.0.244 - Adobe Systems Incorporated) Hidden
Adobe Widget Browser (HKLM-x32\...\com.adobe.WidgetBrowser) (Version: 2.0 Build 348 - Adobe Systems Incorporated.)
Adobe Widget Browser (x32 Version: 2.0.348 - Adobe Systems Incorporated.) Hidden
AMD Accelerated Video Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.873.1 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{58E93CCD-C0B4-C0FB-8FA0-AC56CC4344C7}) (Version: 3.0.864.0 - Advanced Micro Devices, Inc.)
AMD Media Foundation Decoders (Version: 1.0.70120.2218 - Advanced Micro Devices, Inc.) Hidden
AMD Steady Video Plug-In  (Version: 2.03.0000 - AMD) Hidden
AMD VISION Engine Control Center (x32 Version: 2012.0120.2218.39907 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Autodesk DirectConnect 2009 (HKLM-x32\...\{35BA2BAF-FFD4-4B12-B42B-AA8CC902CD23}) (Version: 3.0.2758.0 - Autodesk)
Autodesk FBX Plug-in 2013.1 - Maya 2013 64-bit (HKLM\...\Autodesk FBX Plug-in 2013.1 - Maya 2013 64-bit) (Version:  - Autodesk)
Autodesk Maya 2013 64-bit (HKLM\...\Autodesk Maya 2013 64-bit) (Version: 15.0.0.0 - Autodesk)
Autodesk Maya 2013 64-bit (Version: 15.0.0.0 - Autodesk) Hidden
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blio (HKLM-x32\...\{741006D1-7B2B-4E33-B2B0-831F282EEF64}) (Version: 2.2.8188 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bubble Wrap (HKLM-x32\...\{5BFFDDEB-AFD7-499F-BB13-7A6EAD927CDA}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
CameraHelperMsi (x32 Version: 13.31.1038.0 - Logitech) Hidden
Carambis Driver Updater (HKLM-x32\...\Driver Updater) (Version: 2.0.0.6002 - MEDIA FOG LTD)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2012.0120.2218.39907 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0120.2218.39907 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0120.2218.39907 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0120.2217.39907 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0120.2217.39907 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0120.2217.39907 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0120.2217.39907 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0120.2217.39907 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0120.2217.39907 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0120.2217.39907 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0120.2217.39907 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0120.2217.39907 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0120.2217.39907 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0120.2217.39907 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0120.2217.39907 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0120.2217.39907 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0120.2217.39907 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0120.2217.39907 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0120.2217.39907 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0120.2217.39907 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0120.2217.39907 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0120.2217.39907 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0120.2217.39907 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0120.2217.39907 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0120.2217.39907 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0120.2218.39907 - Advanced Micro Devices, Inc.) Hidden
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Comodo Dragon (HKLM-x32\...\Comodo Dragon) (Version: 23.4.1.0 - COMODO)
Content Manager Assistant for PlayStation® (HKLM-x32\...\{4AC85673-668B-4CC4-8800-D28E29B77A90}) (Version: 2.10.6402.20 - Sony Computer Entertainment Inc.)
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Cucusoft Auto Update 1.0.5 (HKLM\...\CucusoftAutoUpdate_is1) (Version:  - )
Cucusoft YouTube Mate 8.23.0 (HKLM\...\CucusoftYouTubeMate_is1) (Version:  - Cucusoft, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DirectX for Managed Code Update (Summer 2004) (x32 Version: 9.02.2904 - Microsoft) Hidden
Dolby Axon - 1.5.0.1 (HKLM-x32\...\{17936630-5344-4F18-9970-616129E2A114}_is1) (Version: 1.5.0.1 - Dolby Laboratories)
Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
DRAMAtical Murder (HKLM-x32\...\{2C534823-45AB-43BE-9F83-C7E1A824D9B7}) (Version: 1.00.000 - NitroplusCHiRAL)
Dropbox (HKCU\...\Dropbox) (Version: 2.10.30 - Dropbox, Inc.)
DVD Decrypter (Remove Only) (HKLM-x32\...\DVD Decrypter) (Version:  - )
Eakona Updater (HKLM-x32\...\Eakona) (Version: 1.5 - Eakona Corp)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.4.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{44F72193-F59C-4303-BAE8-E3E4BC1C122C}) (Version: 3.01.0003 - Seiko Epson Corporation)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.46.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON TWAIN 5 (HKLM-x32\...\{254BEB3E-1085-4D66-9CDC-0152C0DC2E93}) (Version: 5.71.0000 - SEIKO EPSON Corp.)
EPSON WF-2520 Series Printer Uninstall (HKLM\...\EPSON WF-2520 Series) (Version:  - SEIKO EPSON Corporation)
EpsonNet Print (HKLM-x32\...\{3E31400D-274E-4647-916C-2CACC3741799}) (Version: 2.5.00 - SEIKO EPSON CORPORATION)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
ESET NOD32 Antivirus (HKLM\...\{89B0ECE0-A41F-4A45-98D9-D54C74338117}) (Version: 7.0.302.26 - ESET, spol s r. o.)
Facebook (HKLM-x32\...\{8AE50893-3A87-4439-9A57-942ED43F7189}) (Version: 1.1.0004 - Hewlett-Packard)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Farmscapes (x32 Version: 2.2.0.98 - WildTangent) Hidden
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
FBReader for Windows (HKLM-x32\...\FBReader for Windows) (Version:  - )
Final Drive Fury (x32 Version: 2.2.0.95 - WildTangent) Hidden
Free Desktop Timer 1.2 (HKLM-x32\...\Free Desktop Timer_is1) (Version:  - Drive Software Company)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
HDvid Codec V6.0 (HKLM-x32\...\HDvid Codec V6.0) (Version: 1.34.1.21 - installdaddy) <==== ATTENTION
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
Hoyle Card Games (x32 Version: 2.2.0.95 - WildTangent) Hidden
HP Application Assistant (HKLM\...\{B34A07DD-C6F7-414A-AE63-01019482EAF0}) (Version: 1.0.393.3870 - Hewlett-Packard)
HP Auto (Version: 1.0.12935.3667 - Hewlett-Packard Company) Hidden
HP Calendar (HKLM-x32\...\{2B38E0FA-D8A5-4EBF-A018-E3C1C8E7A2E2}) (Version: 5.1.4245.23508 - Hewlett-Packard)
HP Client Services (Version: 1.1.12938.3539 - Hewlett-Packard) Hidden
HP Clock (HKLM-x32\...\{0EEC4E49-D4C2-4E23-87F2-B5641F1A09E4}) (Version: 5.1.4244.16367 - Hewlett-Packard)
HP Customer Experience Enhancements (x32 Version: 6.0.1.8 - Hewlett-Packard) Hidden
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.2.5 - WildTangent)
HP LinkUp (HKLM-x32\...\{7E750542-55BC-4300-8B7B-AC2A762FB435}) (Version: 2.01.029 - Hewlett-Packard)
HP Magic Canvas (HKLM-x32\...\{DDFDC9D6-4220-41F8-BF9A-8E7512C4EF52}) (Version: 5.1.15.0 - Hewlett-Packard)
HP Magic Canvas Tutorials (HKLM-x32\...\{858FCB65-7C6D-4BA4-AD80-A3CB3744CE09}_is1) (Version: 5.0.0.3 - Hewlett-Packard)
HP Notes (HKLM-x32\...\{86BAB08A-5E66-4C53-82E3-C1E91673C7CA}) (Version: 5.1.4274.30382 - Hewlett-Packard)
HP Odometer (HKLM-x32\...\{B8AC1A89-FFD1-4F97-8051-E505A160F562}) (Version: 2.10.0000 - Hewlett-Packard)
HP RSS (HKLM-x32\...\{A35E58D6-2A0F-4051-983B-79342081338E}) (Version: 5.1.4301.21494 - Hewlett-Packard)
HP Setup (HKLM-x32\...\{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1}) (Version: 9.0.15130.3904 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.2.15145.3905 - Hewlett-Packard Company)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 11.00.0001 - Hewlett-Packard)
HP TouchSmart Background - Beats (HKLM-x32\...\{6A6F8D36-04BA-41E9-9004-1789BD545874}) (Version: 1.0.1.0 - Hewlett-Packard)
HP TouchSmart RecipeBox (HKLM-x32\...\{20714B53-FC73-4F9C-9687-49EB237D6FD7}) (Version: 3.0.3830.27730 - Hewlett-Packard)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HP Vision Hardware Diagnostics (HKLM\...\{D79A02E9-6713-4335-9668-AAC7474C0C0E}) (Version: 2.12.1.0 - Hewlett-Packard)
HP Weather (HKLM-x32\...\{8364E531-493B-4B05-8041-09D5CE38B975}) (Version: 5.1.4295.16450 - Hewlett-Packard)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6374.0 - IDT)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Jewel Quest Mysteries: The Seventh Gate Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
join.me (HKCU\...\JoinMe) (Version: 1.9.1.204 - LogMeIn, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4507 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.4507 - CyberLink Corp.) Hidden
Lazy Nezumi Pro 14.9.26.2138 (HKLM-x32\...\Lazy Nezumi Pro_is1) (Version: 14.9.26.2138 - Guillaume Stordeur)
League of Legends (HKLM-x32\...\{92606477-9366-4D3B-8AE3-6BE4B29727AB}) (Version: 1.3 - Riot Games)
Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Livestream Procaster (HKLM-x32\...\{68E4C751-272B-44E1-94C7-4E1FDC40F7DA}) (Version: 20.3.25 - Procaster)
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.0 - Logitech Inc.)
Luxor HD (x32 Version: 2.2.0.98 - WildTangent) Hidden
LWS Facebook (x32 Version: 13.31.1038.0 - Logitech) Hidden
LWS Gallery (x32 Version: 13.31.1038.0 - Logitech) Hidden
LWS Help_main (x32 Version: 13.31.1044.0 - Logitech) Hidden
LWS Launcher (x32 Version: 13.31.1038.0 - Logitech) Hidden
LWS Motion Detection (x32 Version: 13.30.1395.0 - Logitech) Hidden
LWS Pictures And Video (x32 Version: 13.31.1038.0 - Logitech) Hidden
LWS Twitter (x32 Version: 13.30.1346.0 - Logitech) Hidden
LWS Video Mask Maker (x32 Version: 13.30.1379.0 - Logitech) Hidden
LWS VideoEffects (Version: 13.30.1379.0 - Logitech) Hidden
LWS Webcam Software (x32 Version: 13.31.1038.0 - Logitech) Hidden
LWS WLM Plugin (x32 Version: 1.30.1201.0 - Logitech) Hidden
LWS YouTube Plugin (x32 Version: 13.31.1038.0 - Logitech) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Malwarebytes' Anti-Malware (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version:  - Malwarebytes Corporation)
Maya 2009 (HKLM-x32\...\{2F05CEAF-A575-41E5-B3D0-FE4CEF83CA0A}) (Version: 10.0000 - Autodesk)
Maya 2009 Documentation (en_US) (HKLM-x32\...\{97C4F970-C753-443F-B61C-525C739BBC3D}) (Version: 2009.0 - Autodesk)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Metric Converter (HKLM-x32\...\{D0661463-50F7-4A1E-83CB-37CC590589AE}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Mathematics (HKLM-x32\...\{4D090F70-6F08-4B60-9357-A1DFD4458F09}) (Version: 4.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (Version: 14.0.4763.1000 - Microsoft Corporation) Hidden
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5139.5005 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
Nexon Launcher (HKLM-x32\...\Nexon Nexon Launcher) (Version: 1.1.1 - Nexon)
opensource (x32 Version: 1.0.14960.3876 - Your Company Name) Hidden
Pando Media Booster (HKLM-x32\...\{980A182F-E0A2-4A40-94C1-AE0C1235902E}) (Version: 2.6.0.8 - Pando Networks Inc.)
Paramount Download Manager (HKCU\...\1935802487.www.paramountmovies.com) (Version:  - www.paramountmovies.com)
PatternMaster Boutique x5 (HKLM-x32\...\{6A91022D-0F1B-4BD3-92B0-B25C7D3DA613}) (Version: 5.0 - Wild Ginger Software, Inc.)
PDF Complete Special Edition (HKLM-x32\...\PDF Complete) (Version: 4.0.65 - PDF Complete, Inc)
PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Poker Superstars III (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.5706 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.5706 - CyberLink Corp.) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Recovery Manager (x32 Version: 5.5.0.4424 - CyberLink Corp.) Hidden
Remote Graphics Receiver (HKLM-x32\...\{16FC3056-90C0-4757-8A68-64D8DA846ADA}) (Version: 5.4.5 - Hewlett-Packard)
RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden
SdRt4200 (HKLM-x32\...\{140347A0-4A0C-44FC-9CA1-C8A3471899B7}) (Version: 4.2.8.0 - パルティオソフト株式会社)
SketchUp 8 (HKLM-x32\...\{8EB62C87-AAA6-4850-A5BC-64155884B973}) (Version: 3.0.16846 - Trimble Navigation Limited)
Skype Click to Call (HKLM-x32\...\{B6CF2967-C81E-40C0-9815-C05774FEF120}) (Version: 6.13.13771 - Skype Technologies S.A.)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
Software Updater (HKLM-x32\...\{B307472F-7BD9-4040-9255-CE6D6A1196A3}) (Version: 4.3.1 - SEIKO EPSON CORPORATION)
Spot (HKLM-x32\...\{3D171340-B528-42E0-92E4-BDA7AEEF6F32}_is1) (Version: 1.0.0.0 - XM Asia Pacific Pte Ltd)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.2.25 - Safer-Networking Ltd.)
StarCraft II (HKLM-x32\...\StarCraft II) (Version: 2.0.8.25604 - Blizzard Entertainment)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Tablet Driver V5.02 (HKLM-x32\...\TabletDriver) (Version:  - )
The Treasures of Mystery Island: The Ghost Ship (x32 Version: 2.2.0.98 - WildTangent) Hidden
Torchlight (x32 Version: 2.2.0.98 - WildTangent) Hidden
TSHostedAppLauncher (x32 Version: 5.1.15.0 - Hewlett-Packard) Hidden
Tumblr Cleanr version 0.0.1 (HKLM-x32\...\Tumblr Cleanr_is1) (Version: 0.0.1 - engtech)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.98 - WildTangent) Hidden
VirtualDJ 8 (HKLM-x32\...\{9ADBBA93-4625-4898-BB0D-BCE7EA9F8B4A}) (Version: 8.0.0 - Atomix Productions)
Visual Studio 2010 SP1 Runtime x64 (HKLM\...\{F6305232-7952-4CCE-BDCD-9B2E66591C4A}) (Version: 1.0.0 - Microsoft Corporation)
Visual Studio 2010 SP1 Runtime x86 (HKLM-x32\...\{AEA163A5-BA2F-4E63-9529-DE8606AC82A4}) (Version: 1.0.0 - Microsoft Corporation)
VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 4.9.0.0 - Azureus Software, Inc.)
Vuze Remote Toolbar v8.8 (HKLM-x32\...\{0A667D95-3D2A-4482-B435-A9EC56DEB408}) (Version: 8.8 - Spigot, Inc.) <==== ATTENTION
Wacom Tablet (HKLM\...\Wacom Tablet Driver) (Version: 6.3.6-3 - Wacom Technology Corp.)
Warhammer Online - Age of Reckoning (HKLM-x32\...\Warhammer Online - Age of Reckoning) (Version:  - Electronic Arts)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.3 - Wacom Technology Corp.)
WildTangent Games App (HP Games) (x32 Version: 4.0.5.32 - WildTangent) Hidden
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live Messenger (x32 Version: 15.4.3538.0513 - Microsoft Corporation) Hidden
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
World of Warcraft (HKLM-x32\...\World of Warcraft) (Version: 5.2.0.16826 - Blizzard Entertainment)
XSplit Broadcaster (HKLM-x32\...\{6F937E75-B6D6-4C2C-B864-90AA91EFF8B2}) (Version: 1.3.1403.1202 - SplitmediaLabs)
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-2923819935-773575165-2828370058-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Creechling\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2923819935-773575165-2828370058-1001_Classes\CLSID\{092dfa86-5807-5a94-bf3b-5a53ba9e5308}\InprocServer32 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
CustomCLSID: HKU\S-1-5-21-2923819935-773575165-2828370058-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Creechling\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2923819935-773575165-2828370058-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Creechling\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2923819935-773575165-2828370058-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Creechling\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2923819935-773575165-2828370058-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Creechling\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2923819935-773575165-2828370058-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Creechling\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2923819935-773575165-2828370058-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Creechling\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2923819935-773575165-2828370058-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Creechling\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-2923819935-773575165-2828370058-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Creechling\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
 
==================== Restore Points  =========================
 
01-10-2014 12:43:56 Windows Update
03-10-2014 14:07:44 Restore Operation
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 18:34 - 2014-10-03 02:52 - 00452955 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 lmlicenses.wip4.adobe.com
127.0.0.1 lm.licenses.adobe.com
127.0.0.1 3dns.adobe.com
127.0.0.1 3dns-1.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-4.adobe.com
127.0.0.1 activate.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-1.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 adobe-dns-4.adobe.com
127.0.0.1 adobe-dns-5.adobe.com
127.0.0.1 adobeereg.com
127.0.0.1 crl.verisign.net
127.0.0.1 CRL.VERISIGN.NET
127.0.0.1 ood.opsource.net
127.0.0.1 ereg.adobe.com
127.0.0.1 ereg.wip.adobe.com
127.0.0.1 ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 ereg.wip4.adobe.com
127.0.0.1 hh-software.com
127.0.0.1 www.hh-software.com
 
There are 1000 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {000BA7CB-E5B8-43B4-A719-9C0886B592F4} - System32\Tasks\YTDownloaderUpd => C:\Program Files (x86)\YTDownloader\updater.exe <==== ATTENTION
Task: {123BE2BB-D414-4905-A5DE-172591F3DFE6} - System32\Tasks\Chrome Launcher => C:\Program Files (x86)\Techsnab\Chrome Launcher\chrome-links.exe [2014-09-30] (Techsnab)
Task: {24843367-C045-4455-8B1E-2D1191F1FE99} - System32\Tasks\{31E7353E-637F-4397-90AD-89C0E7C1DA6B} => C:\EPSON\epson12242_twain5_driver_571a\setup.exe [2006-05-25] (Macrovision Corporation)
Task: {252AB38F-35D2-4127-A00B-AE96DAB56877} - System32\Tasks\{72B2D4DE-4F10-43F9-BDF6-561DD054AFAE} => C:\Program Files (x86)\DolbyAxon\Axon.exe [2012-11-01] (Dolby Laboratories)
Task: {309C865C-8FC2-46EE-8434-D3B85D8E2A93} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {39932D78-16D4-4D67-9B5D-DC22F0AF9888} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-02] (Google Inc.)
Task: {3A0ED485-7073-4675-BA35-4253CD229354} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2014-09-03] (Hewlett-Packard)
Task: {4C9E7CCB-29A0-40B9-8CC4-471ADFF8AB94} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {4DBB6807-A451-4FDB-9A6F-F33FB8CF37BE} - System32\Tasks\HPCeeScheduleForCreechling => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {4F8415EF-6CA0-4960-866D-70430910F2C8} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-02] (Google Inc.)
Task: {5646FED9-C0C0-46B5-AD9D-995CCC8E1564} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {5C300CF5-2E4B-4526-858E-17DD098AF962} - System32\Tasks\Microsoft\Windows\Multimedia\SMupdate3 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update3 <==== ATTENTION
Task: {6BC3A07C-6DC6-4372-A4F5-C0CDC24E845B} - System32\Tasks\AdobeAAMUpdater-1.0-Malus-Creechling => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04] (Adobe Systems Incorporated)
Task: {70D7980D-864D-4659-B1E3-6C6D29C22AAB} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {79DCFD88-6D8A-44F3-99DF-BB66EED0EFFB} - System32\Tasks\{96E5444C-0C80-4E09-AD82-2063181BAB33} => C:\EPSON\epson12242_twain5_driver_571a\setup.exe [2006-05-25] (Macrovision Corporation)
Task: {9A03FA1E-0558-4D68-AEE6-35141B598176} - System32\Tasks\Microsoft\Windows\TabletPC\InputPersonalization => C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe [2009-07-13] (Microsoft Corporation)
Task: {9E88A7D0-CE0C-461A-A424-474EA3054DFA} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {AB1C8298-CFC8-4964-B86A-2FE1BD620238} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {AC383D41-5D19-4B4B-BB6A-DFF5DB75CD1B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {B2168785-03C7-4634-BEE3-D569C6C3AD62} - System32\Tasks\RMCreator => C:\Program Files (x86)\Hewlett-Packard\Recovery\Reminder.exe [2011-08-23] (CyberLink)
Task: {B744A268-16E1-4B7F-8E88-131316CA4EAB} - System32\Tasks\{43584575-1EA2-458C-8398-DD48237CBE67} => Chrome.exe 
Task: {B8E45FCC-DDC8-4658-8EFF-D15D3625438B} - System32\Tasks\GPUP => C:\Program Files (x86)\GetPrivate\gpup.exe
Task: {CB5F843F-4A82-43E1-BDC2-76C465BAF1F4} - System32\Tasks\Microsoft\Windows\Maintenance\SMupdate2 => Rundll32.exe C:\PROGRA~1\COMMON~1\System\SysMenu.dll ,Command701 update2 <==== ATTENTION
Task: {E160B372-9090-45D1-A8D1-C0EAA60C501B} - System32\Tasks\Eakona Update => C:\ProgramData\Eakona\update15.exe [2014-09-18] (Entro)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForCreechling.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Loaded Modules (whitelisted) =============
 
2012-12-24 03:30 - 2012-12-24 03:30 - 01868432 _____ () C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
2013-09-04 09:46 - 2013-06-05 18:09 - 01185048 _____ () C:\Program Files\Tablet\Wacom\libxml2.dll
2014-07-13 14:31 - 2013-01-26 17:52 - 00623616 _____ () C:\Program Files (x86)\Free Desktop Timer\DesktopTimer.exe
2012-01-20 21:13 - 2012-01-20 21:13 - 00369152 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2011-11-02 13:03 - 2011-11-02 13:03 - 00098304 _____ () c:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-05-14 08:45 - 2014-05-14 08:45 - 00090624 _____ () C:\Program Files (x86)\PasswordBox\libwebsocketswin32.dll
2013-12-27 06:21 - 2012-08-23 11:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2013-12-27 06:21 - 2013-05-16 11:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-12-27 06:21 - 2013-05-16 11:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2013-12-27 06:21 - 2013-05-16 11:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2013-12-27 06:21 - 2012-04-03 18:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 00237384 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxslt.dll
2014-01-03 19:03 - 2014-01-03 19:03 - 07816192 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\avcodec-54.dll
2014-01-03 19:03 - 2014-01-03 19:03 - 00188416 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\avutil-52.dll
2014-01-03 19:03 - 2014-01-03 19:03 - 01425920 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\avformat-54.dll
2014-01-03 19:03 - 2014-01-03 19:03 - 00336896 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\swscale-2.dll
2014-01-03 19:03 - 2014-01-03 19:03 - 00096256 _____ () C:\Program Files (x86)\SplitMediaLabs\XSplit\swresample-0.dll
2014-09-24 18:52 - 2014-09-22 20:06 - 01098056 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libglesv2.dll
2014-09-24 18:52 - 2014-09-22 20:06 - 00174408 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\libegl.dll
2014-09-24 18:52 - 2014-09-22 20:06 - 01660232 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll
2014-09-24 18:52 - 2014-09-22 20:07 - 14891848 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\PepperFlash\pepflashplayer.dll
2014-09-24 18:52 - 2014-09-22 20:07 - 08577864 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\pdf.dll
2014-09-24 18:52 - 2014-09-22 20:07 - 00331592 _____ () C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:373E1720
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-2923819935-773575165-2828370058-500 - Administrator - Disabled)
Creechling (S-1-5-21-2923819935-773575165-2828370058-1001 - Administrator - Enabled) => C:\Users\Creechling
Guest (S-1-5-21-2923819935-773575165-2828370058-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2923819935-773575165-2828370058-1002 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/03/2014 10:54:59 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: Information only.
(Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
 
Error: (10/03/2014 07:50:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(3c:d0:f8:9e:fe:0d@fe80::3ed0:f8ff:fe9e:fe0d._apple-mobdev2._tcp.local.) active for over two minutes. This places considerable burden on the network.
 
Error: (10/03/2014 06:16:09 AM) (Source: System Restore) (EventID: 8210) (User: )
Description: An unspecified error occurred during System Restore: (Windows Update). Additional information: 0x80070005.
 
Error: (10/03/2014 02:44:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: taskeng.exe, version: 6.1.7601.17514, time stamp: 0x4ce79d2c
Faulting module name: msvcrt.dll, version: 7.0.7601.17744, time stamp: 0x4eeb033f
Exception code: 0xc0000005
Fault offset: 0x00000000000027de
Faulting process id: 0x1ecc
Faulting application start time: 0xtaskeng.exe0
Faulting application path: taskeng.exe1
Faulting module path: taskeng.exe2
Report Id: taskeng.exe3
 
Error: (10/03/2014 02:41:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: rundll32.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc637
Faulting module name: SysMenu.dll, version: 1.0.0.5, time stamp: 0x52b449c7
Exception code: 0xc0000005
Fault offset: 0x0006ce5c
Faulting process id: 0x15f0
Faulting application start time: 0xrundll32.exe0
Faulting application path: rundll32.exe1
Faulting module path: rundll32.exe2
Report Id: rundll32.exe3
 
Error: (10/03/2014 02:39:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(3c:d0:f8:9e:fe:0d@fe80::3ed0:f8ff:fe9e:fe0d._apple-mobdev2._tcp.local.) active for over two minutes. This places considerable burden on the network.
 
Error: (10/03/2014 02:36:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: taskeng.exe, version: 6.1.7601.17514, time stamp: 0x4ce79d2c
Faulting module name: msvcrt.dll, version: 7.0.7601.17744, time stamp: 0x4eeb033f
Exception code: 0xc0000005
Fault offset: 0x00000000000027de
Faulting process id: 0x474
Faulting application start time: 0xtaskeng.exe0
Faulting application path: taskeng.exe1
Faulting module path: taskeng.exe2
Report Id: taskeng.exe3
 
Error: (10/02/2014 10:44:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: taskeng.exe, version: 6.1.7601.17514, time stamp: 0x4ce79d2c
Faulting module name: msvcrt.dll, version: 7.0.7601.17744, time stamp: 0x4eeb033f
Exception code: 0xc0000005
Fault offset: 0x00000000000027de
Faulting process id: 0xfb4
Faulting application start time: 0xtaskeng.exe0
Faulting application path: taskeng.exe1
Faulting module path: taskeng.exe2
Report Id: taskeng.exe3
 
Error: (10/02/2014 06:44:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: taskeng.exe, version: 6.1.7601.17514, time stamp: 0x4ce79d2c
Faulting module name: msvcrt.dll, version: 7.0.7601.17744, time stamp: 0x4eeb033f
Exception code: 0xc0000005
Fault offset: 0x00000000000027de
Faulting process id: 0xb78
Faulting application start time: 0xtaskeng.exe0
Faulting application path: taskeng.exe1
Faulting module path: taskeng.exe2
Report Id: taskeng.exe3
 
Error: (10/02/2014 02:44:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: taskeng.exe, version: 6.1.7601.17514, time stamp: 0x4ce79d2c
Faulting module name: msvcrt.dll, version: 7.0.7601.17744, time stamp: 0x4eeb033f
Exception code: 0xc0000005
Fault offset: 0x00000000000027de
Faulting process id: 0x4a0
Faulting application start time: 0xtaskeng.exe0
Faulting application path: taskeng.exe1
Faulting module path: taskeng.exe2
Report Id: taskeng.exe3
 
 
System errors:
=============
Error: (10/03/2014 10:44:56 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The vToolbarUpdater18.1.9 service failed to start due to the following error: 
%%2
 
Error: (10/03/2014 06:07:37 AM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: 490@01010004
 
Error: (10/03/2014 05:02:18 AM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: 490@01010004
 
Error: (10/02/2014 08:53:08 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error: 
%%1053
 
Error: (10/02/2014 08:53:08 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
 
Error: (10/02/2014 08:52:37 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Updating Service service failed to start due to the following error: 
%%1053
 
Error: (10/02/2014 08:52:37 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Updating Service service to connect.
 
Error: (10/02/2014 08:52:06 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error: 
%%1053
 
Error: (10/02/2014 08:52:06 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
 
Error: (09/26/2014 00:44:33 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}
 
 
Microsoft Office Sessions:
=========================
Error: (10/03/2014 10:54:59 AM) (Source: CVHSVC) (EventID: 100) (User: )
Description: (Patch task for {90140011-0066-0409-0000-0000000FF1CE}): DownloadLatest Failed: There are currently no active network connections. Background Intelligent Transfer Service (BITS) will try again when an adapter is connected.
 
Error: (10/03/2014 07:50:17 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(3c:d0:f8:9e:fe:0d@fe80::3ed0:f8ff:fe9e:fe0d._apple-mobdev2._tcp.local.) active for over two minutes. This places considerable burden on the network.
 
Error: (10/03/2014 06:16:09 AM) (Source: System Restore) (EventID: 8210) (User: )
Description: Windows Update0x80070005
 
Error: (10/03/2014 02:44:01 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: taskeng.exe6.1.7601.175144ce79d2cmsvcrt.dll7.0.7601.177444eeb033fc000000500000000000027de1ecc01cfdef6860976acC:\Windows\system32\taskeng.exeC:\Windows\system32\msvcrt.dll2f520793-4aea-11e4-a5d0-78e3b5af89d8
 
Error: (10/03/2014 02:41:09 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: rundll32.exe6.1.7600.163854a5bc637SysMenu.dll1.0.0.552b449c7c00000050006ce5c15f001cfdef68619a388C:\Windows\SysWOW64\rundll32.exeC:\PROGRA~1\COMMON~1\System\SysMenu.dllc8f1b682-4ae9-11e4-a5d0-78e3b5af89d8
 
Error: (10/03/2014 02:39:22 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Client application bug: DNSServiceResolve(3c:d0:f8:9e:fe:0d@fe80::3ed0:f8ff:fe9e:fe0d._apple-mobdev2._tcp.local.) active for over two minutes. This places considerable burden on the network.
 
Error: (10/03/2014 02:36:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: taskeng.exe6.1.7601.175144ce79d2cmsvcrt.dll7.0.7601.177444eeb033fc000000500000000000027de47401cfdef5d3923574C:\Windows\system32\taskeng.exeC:\Windows\system32\msvcrt.dll11d4b705-4ae9-11e4-a5d0-78e3b5af89d8
 
Error: (10/02/2014 10:44:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: taskeng.exe6.1.7601.175144ce79d2cmsvcrt.dll7.0.7601.177444eeb033fc000000500000000000027defb401cfded569b66d76C:\Windows\system32\taskeng.exeC:\Windows\system32\msvcrt.dlla840584f-4ac8-11e4-a5d0-78e3b5af89d8
 
Error: (10/02/2014 06:44:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: taskeng.exe6.1.7601.175144ce79d2cmsvcrt.dll7.0.7601.177444eeb033fc000000500000000000027deb7801cfdeb3e2a4f04fC:\Windows\system32\taskeng.exeC:\Windows\system32\msvcrt.dll212edb29-4aa7-11e4-a5d0-78e3b5af89d8
 
Error: (10/02/2014 02:44:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: taskeng.exe6.1.7601.175144ce79d2cmsvcrt.dll7.0.7601.177444eeb033fc000000500000000000027de4a001cfde925b93e85aC:\Windows\system32\taskeng.exeC:\Windows\system32\msvcrt.dll9a1b71d4-4a85-11e4-a5d0-78e3b5af89d8
 
 
==================== Memory info =========================== 
 
Processor: AMD A10-5700 APU with Radeon™ HD Graphics 
Percentage of memory in use: 32%
Total physical RAM: 11702.91 MB
Available physical RAM: 7882.79 MB
Total Pagefile: 23404.01 MB
Available Pagefile: 18740.46 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:1846.33 GB) (Free:1181.44 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (HP_RECOVERY) (Fixed) (Total:16.59 GB) (Free:2.04 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive e: (LWS_2_1) (CDROM) (Total:0.13 GB) (Free:0 GB) CDFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 6CD59041)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1846.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=16.6 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#5 Jo*

Jo*

  • Malware Response Team
  • 3,417 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:14 AM

Posted 05 October 2014 - 12:55 PM

Hello creechling,

Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Scan your system for malware
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#6 creechling

creechling
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Alaska
  • Local time:12:14 AM

Posted 05 October 2014 - 05:21 PM

Malewarebytes anti-rootkit Log:

 

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 11.0.9600.17280
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, K:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 3.393000 GHz
Memory total: 12271394816, free: 7585751040
 
Downloaded database version: v2014.10.05.08
Downloaded database version: v2014.09.19.01
=======================================
Initializing...
------------ Kernel report ------------
     10/05/2014 13:10:04
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\spof.sys
\SystemRoot\System32\Drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\SCSIPORT.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\amd_sata.sys
\SystemRoot\system32\drivers\storport.sys
\SystemRoot\system32\drivers\amd_xata.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\eamonm.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\ehdrv.sys
C:\Program Files\ESET\ESET NOD32 Antivirus\em006_64.dat
C:\Program Files\ESET\ESET NOD32 Antivirus\em018_64.dat
\??\C:\Windows\system32\drivers\avgtpx64.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\L1C62x64.sys
\SystemRoot\system32\drivers\amdxhc.sys
\SystemRoot\system32\drivers\USBD.SYS
\SystemRoot\system32\drivers\usbfilter.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\netr28x.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\System32\Drivers\axrdrvl2.SYS
\SystemRoot\system32\drivers\amdppm.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\PTSimBus.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\drivers\amdhub30.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\stwrt64.sys
\SystemRoot\system32\DRIVERS\portcls.sys
\SystemRoot\system32\DRIVERS\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_amd_sata.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\Sftvollh.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\epfwwfpr.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\system32\DRIVERS\Sftfslh.sys
\SystemRoot\system32\DRIVERS\Sftplaylh.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\Sftredirlh.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\udfs.sys
\SystemRoot\system32\DRIVERS\wdcsam64.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk5\DR6
Upper Device Object: 0xfffffa8011acf060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\000000a8\
Lower Device Object: 0xfffffa8009f152c0
Lower Device Driver Name: \Driver\USBSTOR\
IRP handler 0 of \Driver\USBSTOR points to an unknown module
Unhooking enabled.
<<<1>>>
Upper Device Name: \Device\Harddisk5\DR6
Upper Device Object: 0xfffffa8011acf060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\000000a8\
Lower Device Object: 0xfffffa8009f152c0
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xfffffa800d908060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000008c\
Lower Device Object: 0xfffffa800d90a060
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xfffffa800d907060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000008b\
Lower Device Object: 0xfffffa800d8fdb60
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa800d906060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000008a\
Lower Device Object: 0xfffffa800d8fd060
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa800d90a790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000089\
Lower Device Object: 0xfffffa800d8fb750
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa800aaf8060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000062\
Lower Device Object: 0xfffffa800a8c3060
Lower Device Driver Name: \Driver\amd_sata\
Driver name found: amd_sata
Initialization returned 0x0
Port sub-driver loaded: \??\C:\Windows\System32\drivers\storport.sys (0x0)
Load Function returned 0x0
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800aaf8060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800aaf8b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800aaf8060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800a8caac0, DeviceName: Unknown, DriverName: \Driver\amd_xata\
DevicePointer: 0xfffffa800a8c3060, DeviceName: \Device\00000062\, DriverName: \Driver\amd_sata\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a011bca830, 0xfffffa800aaf8060, 0xfffffa801020a150
Lower DeviceData: 0xfffff8a02fb00c80, 0xfffffa800a8c3060, 0xfffffa8010f72090
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
File user open failed: C:\WINDOWS\SYSTEM32\drivers\sptd.sys (0x00000020)
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 6CD59041
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 3872028672
 
    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 3872235520  Numsec = 34791424
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 2000398934016 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-3907009168-3907029168)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xfffffa800d90a790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800d905b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800d90a790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800d8fb750, DeviceName: \Device\00000089\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xfffffa800d906060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800d906b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800d906060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800d8fd060, DeviceName: \Device\0000008a\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xfffffa800d907060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800d907b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800d907060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800d8fdb60, DeviceName: \Device\0000008b\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xfffffa800d908060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800d908b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800d908060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800d90a060, DeviceName: \Device\0000008c\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 512
Drive: 5, DevicePointer: 0xfffffa8011acf060, DeviceName: \Device\Harddisk5\DR6\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa801163e040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8011acf060, DeviceName: \Device\Harddisk5\DR6\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8009f152c0, DeviceName: \Device\000000a8\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk5\DR6\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a020f5f840, 0xfffffa8011acf060, 0xfffffa801189e1e0
Lower DeviceData: 0xfffff8a030d623d0, 0xfffffa8009f152c0, 0xfffffa800a6f1290
Drive 5
Scanning MBR on drive 5...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 8F1DBF99
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 976705536
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 500074283008 bytes
Sector size: 512 bytes
 
Done!
Infected: C:\ProgramData\InstallMate\{5034FF36-C0A3-44DD-A636-88818BD7DDC0}\Custom.dll --> [Adware.Agent]
Infected: C:\ProgramData\InstallMate\{9F79A695-2C07-4C2A-AEC1-6425449A8463}\Custom.dll --> [Adware.Agent]
Infected: C:\Users\Creechling\AppData\Roaming\Adobe\crsscmgr\libcurl-4.dll --> [Trojan.Bitminer]
Infected: C:\Users\Creechling\AppData\Roaming\Adobe\crsscmgr --> [Trojan.Bitminer]
Infected: C:\Users\Creechling\AppData\Roaming\Adobe\crsscmgr\libgcc_s_dw2-1.dll --> [Trojan.Bitminer]
Infected: C:\Users\Creechling\AppData\Roaming\Adobe\crsscmgr\pthreadGC2.dll --> [Trojan.Bitminer]
Infected: C:\Users\Creechling\AppData\Local\Google\Desktop\Install\{1847a899-a0ff-10ba-6996-15f40ab50894}\❤≸⋙ --> [Trojan.0Access]
Infected: C:\Users\Creechling\AppData\Local\Google\Desktop\Install\{1847a899-a0ff-10ba-6996-15f40ab50894}\❤≸⋙\Ⱒ☠⍨ --> [Trojan.0Access]
Infected: C:\Users\Creechling\AppData\Local\Google\Desktop\Install\{1847a899-a0ff-10ba-6996-15f40ab50894}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛ --> [Trojan.0Access]
Infected: C:\Users\Creechling\AppData\Local\Google\Desktop\Install\{1847a899-a0ff-10ba-6996-15f40ab50894}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{1847a899-a0ff-10ba-6996-15f40ab50894} --> [Trojan.0Access]
Infected: C:\Users\Creechling\AppData\Local\Google\Desktop\Install\{1847a899-a0ff-10ba-6996-15f40ab50894}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{1847a899-a0ff-10ba-6996-15f40ab50894}\L --> [Trojan.0Access]
Infected: C:\Users\Creechling\AppData\Local\Google\Desktop\Install\{1847a899-a0ff-10ba-6996-15f40ab50894}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{1847a899-a0ff-10ba-6996-15f40ab50894}\U --> [Trojan.0Access]
Infected: C:\Users\Creechling\AppData\Local\Google\Desktop\Install\{1847a899-a0ff-10ba-6996-15f40ab50894} --> [Trojan.0Access]
Infected: c:\program files (x86)\google\desktop\install\{1847a899-a0ff-10ba-6996-15f40ab50894}\    --> [Trojan.0Access]
Infected: c:\program files (x86)\google\desktop\install\{1847a899-a0ff-10ba-6996-15f40ab50894}\   \... --> [Trojan.0Access]
Infected: c:\program files (x86)\google\desktop\install\{1847a899-a0ff-10ba-6996-15f40ab50894}\   \...\‮ﯹ๛ --> [Trojan.0Access]
Infected: c:\program files (x86)\google\desktop\install\{1847a899-a0ff-10ba-6996-15f40ab50894}\   \...\‮ﯹ๛\{1847a899-a0ff-10ba-6996-15f40ab50894} --> [Trojan.0Access]
Infected: c:\program files (x86)\google\desktop\install\{1847a899-a0ff-10ba-6996-15f40ab50894}\   \...\‮ﯹ๛\{1847a899-a0ff-10ba-6996-15f40ab50894}\l --> [Trojan.0Access]
Infected: c:\Program Files (x86)\Google\Desktop\Install\{1847a899-a0ff-10ba-6996-15f40ab50894}\   \...\‮ﯹ๛\{1847a899-a0ff-10ba-6996-15f40ab50894}\L\00000004.@ --> [Trojan.0Access]
Infected: c:\Program Files (x86)\Google\Desktop\Install\{1847a899-a0ff-10ba-6996-15f40ab50894}\   \...\‮ﯹ๛\{1847a899-a0ff-10ba-6996-15f40ab50894}\L\201d3dde --> [Trojan.0Access]
Infected: c:\Program Files (x86)\Google\Desktop\Install\{1847a899-a0ff-10ba-6996-15f40ab50894}\   \...\‮ﯹ๛\{1847a899-a0ff-10ba-6996-15f40ab50894}\L\76603ac3 --> [Trojan.0Access]
Infected: c:\program files (x86)\google\desktop\install\{1847a899-a0ff-10ba-6996-15f40ab50894}\   \...\‮ﯹ๛\{1847a899-a0ff-10ba-6996-15f40ab50894}\u --> [Trojan.0Access]
Infected: C:\Program Files (x86)\Google\Desktop\Install\{1847a899-a0ff-10ba-6996-15f40ab50894} --> [Trojan.0Access]
Scan finished

Adwcleaner log:

 

# AdwCleaner v3.311 - Report created 05/10/2014 at 13:48:36
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Creechling - MALUS
# Running from : C:\Users\Creechling\Downloads\adwcleaner_3.311.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
File Found : C:\Users\Creechling\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Found : C:\Users\Creechling\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Folder Found : C:\Users\Creechling\AppData\Local\AVG SafeGuard toolbar
Folder Found : C:\Users\Creechling\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Folder Found : C:\Users\Creechling\Documents\Mobogenie
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17280
 
 
-\\ Mozilla Firefox v27.0.1 (en-US)
 
[ File : C:\Users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\prefs.js ]
 
 
-\\ Google Chrome v37.0.2062.124
 
[ File : C:\Users\Creechling\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [18462 octets] - [03/10/2014 02:55:48]
AdwCleaner[R1].txt - [2828 octets] - [03/10/2014 10:13:41]
AdwCleaner[R2].txt - [1469 octets] - [05/10/2014 13:48:36]
AdwCleaner[S0].txt - [18377 octets] - [03/10/2014 03:03:25]
AdwCleaner[S1].txt - [2797 octets] - [03/10/2014 10:43:36]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R2].txt - [1650 octets] ##########


#7 Jo*

Jo*

  • Malware Response Team
  • 3,417 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:14 AM

Posted 05 October 2014 - 06:17 PM

Hello creechling,

Run Malwarebytes Anti-Rootkit again: Right-click mbar.exe and select Run As Administrator
  • Scan your system for malware
  • If malware is found, click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • then please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
If there is no malware found, please let me know as well.

 

***


Download ComboFix from the following location:
Link

* IMPORTANT- Save ComboFix.exe to your Desktop
 

***


Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
Note: If you are having difficulty properly disabling your protective programs, or are unsure as to what programs need to be disabled, please refer to the information available through this link:
How to Disable your Security Programs


***


Double click on combofix.exe & follow the prompts.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply for further review.
Enable your antivirus!
 

***


Please download Farbar Service Scanner and run it on the computer with the issue.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Make sure "Include All Files" option remains checked.
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#8 creechling

creechling
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Alaska
  • Local time:12:14 AM

Posted 07 October 2014 - 01:00 AM

I apologize for the late response, thank you for your time and help so far :)

 

Mbar log:

 

Malwarebytes Anti-Rootkit BETA 1.07.0.1012
 
© Malwarebytes Corporation 2011-2012
 
OS version: 6.1.7601 Windows 7 Service Pack 1 x64
 
Account is Administrative
 
Internet Explorer version: 11.0.9600.17280
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, K:\ DRIVE_FIXED, Q:\ DRIVE_FIXED
CPU speed: 3.393000 GHz
Memory total: 12271394816, free: 7352852480
 
Downloaded database version: v2014.10.05.08
Downloaded database version: v2014.09.19.01
=======================================
Initializing...
------------ Kernel report ------------
     10/05/2014 16:29:01
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\spof.sys
\SystemRoot\System32\Drivers\WMILIB.SYS
\SystemRoot\System32\Drivers\SCSIPORT.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\amd_sata.sys
\SystemRoot\system32\drivers\storport.sys
\SystemRoot\system32\drivers\amd_xata.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\PxHlpa64.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\eamonm.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\ehdrv.sys
C:\Program Files\ESET\ESET NOD32 Antivirus\em006_64.dat
C:\Program Files\ESET\ESET NOD32 Antivirus\em018_64.dat
\??\C:\Windows\system32\drivers\avgtpx64.sys
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\drivers\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\L1C62x64.sys
\SystemRoot\system32\drivers\amdxhc.sys
\SystemRoot\system32\drivers\USBD.SYS
\SystemRoot\system32\drivers\usbfilter.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\netr28x.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\System32\Drivers\axrdrvl2.SYS
\SystemRoot\system32\drivers\amdppm.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\PTSimBus.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\drivers\amdhub30.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\DRIVERS\stwrt64.sys
\SystemRoot\system32\DRIVERS\portcls.sys
\SystemRoot\system32\DRIVERS\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_amd_sata.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\Sftvollh.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\epfwwfpr.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\system32\DRIVERS\Sftfslh.sys
\SystemRoot\system32\DRIVERS\Sftplaylh.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\Sftredirlh.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\SystemRoot\system32\DRIVERS\udfs.sys
\SystemRoot\system32\DRIVERS\wdcsam64.sys
\SystemRoot\system32\DRIVERS\wachidrouter.sys
\SystemRoot\system32\DRIVERS\hidkmdf.sys
\SystemRoot\system32\DRIVERS\wacomrouterfilter.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk5\DR6
Upper Device Object: 0xfffffa8011acf060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\000000a8\
Lower Device Object: 0xfffffa8009f152c0
Lower Device Driver Name: \Driver\USBSTOR\
IRP handler 0 of \Driver\USBSTOR points to an unknown module
Unhooking enabled.
<<<1>>>
Upper Device Name: \Device\Harddisk5\DR6
Upper Device Object: 0xfffffa8011acf060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\000000a8\
Lower Device Object: 0xfffffa8009f152c0
Lower Device Driver Name: \Driver\USBSTOR\
Device already Exists: 0xfffffa800a6f1290
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xfffffa800d908060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000008c\
Lower Device Object: 0xfffffa800d90a060
Lower Device Driver Name: \Driver\USBSTOR\
Device already Exists: 0xfffffa8010a4be40
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xfffffa800d907060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000008b\
Lower Device Object: 0xfffffa800d8fdb60
Lower Device Driver Name: \Driver\USBSTOR\
Device already Exists: 0xfffffa80127e19b0
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa800d906060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000008a\
Lower Device Object: 0xfffffa800d8fd060
Lower Device Driver Name: \Driver\USBSTOR\
Device already Exists: 0xfffffa8013b67b30
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa800d90a790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000089\
Lower Device Object: 0xfffffa800d8fb750
Lower Device Driver Name: \Driver\USBSTOR\
Device already Exists: 0xfffffa8011067d40
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa800aaf8060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000062\
Lower Device Object: 0xfffffa800a8c3060
Lower Device Driver Name: \Driver\amd_sata\
Device already Exists: 0xfffffa8010f72090
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa800aaf8060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800aaf8b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800aaf8060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800a8caac0, DeviceName: Unknown, DriverName: \Driver\amd_xata\
DevicePointer: 0xfffffa800a8c3060, DeviceName: \Device\00000062\, DriverName: \Driver\amd_sata\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a011af96e0, 0xfffffa800aaf8060, 0xfffffa801020a150
Lower DeviceData: 0xfffff8a015960cc0, 0xfffffa800a8c3060, 0xfffffa8010f72090
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
File user open failed: C:\WINDOWS\SYSTEM32\drivers\sptd.sys (0x00000020)
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 6CD59041
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 2048  Numsec = 204800
    Partition file system is NTFS
    Partition is bootable
 
    Partition 1 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 206848  Numsec = 3872028672
 
    Partition 2 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 3872235520  Numsec = 34791424
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 2000398934016 bytes
Sector size: 512 bytes
 
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-3907009168-3907029168)...
Done!
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xfffffa800d90a790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800d905b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800d90a790, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800d8fb750, DeviceName: \Device\00000089\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xfffffa800d906060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800d906b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800d906060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800d8fd060, DeviceName: \Device\0000008a\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xfffffa800d907060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800d907b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800d907060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800d8fdb60, DeviceName: \Device\0000008b\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xfffffa800d908060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800d908b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800d908060, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800d90a060, DeviceName: \Device\0000008c\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 512
Drive: 5, DevicePointer: 0xfffffa8011acf060, DeviceName: \Device\Harddisk5\DR6\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa801163e040, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8011acf060, DeviceName: \Device\Harddisk5\DR6\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8009f152c0, DeviceName: \Device\000000a8\, DriverName: \Driver\USBSTOR\
------------ End ----------
Alternate DeviceName: \Device\Harddisk5\DR6\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a00f67a4e0, 0xfffffa8011acf060, 0xfffffa801189e1e0
Lower DeviceData: 0xfffff8a0158f21b0, 0xfffffa8009f152c0, 0xfffffa800a6f1290
Drive 5
Scanning MBR on drive 5...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 8F1DBF99
 
Partition information:
 
    Partition 0 type is Primary (0x7)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 2048  Numsec = 976705536
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
Disk Size: 500074283008 bytes
Sector size: 512 bytes
 
Done!
Infected: C:\ProgramData\InstallMate\{5034FF36-C0A3-44DD-A636-88818BD7DDC0}\Custom.dll --> [Adware.Agent]
Infected: C:\ProgramData\InstallMate\{9F79A695-2C07-4C2A-AEC1-6425449A8463}\Custom.dll --> [Adware.Agent]
Infected: C:\Users\Creechling\AppData\Roaming\Adobe\crsscmgr\libcurl-4.dll --> [Trojan.Bitminer]
Infected: C:\Users\Creechling\AppData\Roaming\Adobe\crsscmgr --> [Trojan.Bitminer]
Infected: C:\Users\Creechling\AppData\Roaming\Adobe\crsscmgr\libgcc_s_dw2-1.dll --> [Trojan.Bitminer]
Infected: C:\Users\Creechling\AppData\Roaming\Adobe\crsscmgr\pthreadGC2.dll --> [Trojan.Bitminer]
Infected: C:\Users\Creechling\AppData\Local\Google\Desktop\Install\{1847a899-a0ff-10ba-6996-15f40ab50894}\❤≸⋙ --> [Trojan.0Access]
Infected: C:\Users\Creechling\AppData\Local\Google\Desktop\Install\{1847a899-a0ff-10ba-6996-15f40ab50894}\❤≸⋙\Ⱒ☠⍨ --> [Trojan.0Access]
Infected: C:\Users\Creechling\AppData\Local\Google\Desktop\Install\{1847a899-a0ff-10ba-6996-15f40ab50894}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛ --> [Trojan.0Access]
Infected: C:\Users\Creechling\AppData\Local\Google\Desktop\Install\{1847a899-a0ff-10ba-6996-15f40ab50894}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{1847a899-a0ff-10ba-6996-15f40ab50894} --> [Trojan.0Access]
Infected: C:\Users\Creechling\AppData\Local\Google\Desktop\Install\{1847a899-a0ff-10ba-6996-15f40ab50894}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{1847a899-a0ff-10ba-6996-15f40ab50894}\L --> [Trojan.0Access]
Infected: C:\Users\Creechling\AppData\Local\Google\Desktop\Install\{1847a899-a0ff-10ba-6996-15f40ab50894}\❤≸⋙\Ⱒ☠⍨\‮ﯹ๛\{1847a899-a0ff-10ba-6996-15f40ab50894}\U --> [Trojan.0Access]
Infected: C:\Users\Creechling\AppData\Local\Google\Desktop\Install\{1847a899-a0ff-10ba-6996-15f40ab50894} --> [Trojan.0Access]
Infected: c:\program files (x86)\google\desktop\install\{1847a899-a0ff-10ba-6996-15f40ab50894}\    --> [Trojan.0Access]
Infected: c:\program files (x86)\google\desktop\install\{1847a899-a0ff-10ba-6996-15f40ab50894}\   \... --> [Trojan.0Access]
Infected: c:\program files (x86)\google\desktop\install\{1847a899-a0ff-10ba-6996-15f40ab50894}\   \...\‮ﯹ๛ --> [Trojan.0Access]
Infected: c:\program files (x86)\google\desktop\install\{1847a899-a0ff-10ba-6996-15f40ab50894}\   \...\‮ﯹ๛\{1847a899-a0ff-10ba-6996-15f40ab50894} --> [Trojan.0Access]
Infected: c:\program files (x86)\google\desktop\install\{1847a899-a0ff-10ba-6996-15f40ab50894}\   \...\‮ﯹ๛\{1847a899-a0ff-10ba-6996-15f40ab50894}\l --> [Trojan.0Access]
Infected: c:\Program Files (x86)\Google\Desktop\Install\{1847a899-a0ff-10ba-6996-15f40ab50894}\   \...\‮ﯹ๛\{1847a899-a0ff-10ba-6996-15f40ab50894}\L\00000004.@ --> [Trojan.0Access]
Infected: c:\Program Files (x86)\Google\Desktop\Install\{1847a899-a0ff-10ba-6996-15f40ab50894}\   \...\‮ﯹ๛\{1847a899-a0ff-10ba-6996-15f40ab50894}\L\201d3dde --> [Trojan.0Access]
Infected: c:\Program Files (x86)\Google\Desktop\Install\{1847a899-a0ff-10ba-6996-15f40ab50894}\   \...\‮ﯹ๛\{1847a899-a0ff-10ba-6996-15f40ab50894}\L\76603ac3 --> [Trojan.0Access]
Infected: c:\program files (x86)\google\desktop\install\{1847a899-a0ff-10ba-6996-15f40ab50894}\   \...\‮ﯹ๛\{1847a899-a0ff-10ba-6996-15f40ab50894}\u --> [Trojan.0Access]
Infected: C:\Program Files (x86)\Google\Desktop\Install\{1847a899-a0ff-10ba-6996-15f40ab50894} --> [Trojan.0Access]
Scan finished
Creating System Restore point...
Cleaning up...
Executing an action fixdamage.exe...
Success!
Queuing an action fixdamage.exe
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-5-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-5-r.mbam...
Removal finished

Combofix Log:

 

ComboFix 14-10-02.01 - Creechling 6/2014 Mon  11:00:04.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.932.81.1033.18.11703.9441 [GMT -8:00]
Running from: c:\users\Creechling\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
SP: ESET NOD32 Antivirus 7.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome.manifest
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\api.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\api\asyncDB.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\api\background.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\api\browserAction.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\api\contextMenu.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\api\dbManager.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\api\dom_bg.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\api\fileManager.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\api\firefox.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\api\firefoxNotifications.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\api\firefoxOmnibox.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\api\message.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\api\pageAction.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\api\request.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\api\tabs.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\api\webRequest.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\api\windowsMessagingHandler.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\background.html
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\baseObject.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\browser.xul
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\core\addressBarChangeObserver.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\core\console.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\core\consts.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\core\delegate.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\core\extensionDataStore.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\core\folderIOWrapper.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\core\httpObserver.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\core\IDBWrapper.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\core\installer.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\core\logFile.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\core\prefs.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\core\progressListenerObserver.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\core\registry.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\core\reloadObserver.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\core\reports.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\core\requestObject.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\core\searchSettings.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\core\uninstallObserver.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\core\updateManager.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\core\utils.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\core\xhr.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\dialog.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\ffCoreFilesIndex.txt
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\main.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\options.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\options.xul
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\platformVersion.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\chrome\content\search_dialog.xul
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\defaults\preferences\prefs.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\manifest.xml
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins.json
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\1_base.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\1000020_analytics.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\1000025_analyticsFront.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\1000030_mz.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\102_dealply_m.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\103_intext_5_m.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\104_jollywallet_m.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\123_intext_adv_m.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\13_CrossriderAppUtils.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\14_CrossriderUtils.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\155_ibario_pops_m.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\16_FFAppAPIWrapper.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\17_jQuery.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\175_coolmirage_m.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\177_crossriderDashboard.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\180_bpo_serp_m.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\182_openUrl.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\183_tabsWrapper.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\184_noproblemppc_m.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\190_pops_5_m.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\192_revizer_ws_dynamic_b2b_m.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\193_revizer_p_dynamic_b2b_m.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\195_icm_convertmedia_m.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\207_dbWrapper.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\21_debug.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\22_resources.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\220_icm_base_m.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\221_icm_downloads_m.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\223_imonomy_m.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\226_set_campaign_id_m.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\230_revizer_ws_dynamic_b2b_2_m.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\233_revizer_p_dynamic_b2b_2_m.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\242_price_gong_m.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\244_engageya_inner_m.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\246_setup.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\259_bpo_intext_m.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\260_pricedetect_sidebar_m.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\262_pops_5_j_m.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\263_intext_5_j_m.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\268_stats_ff.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\273_aedgency_back_button_m.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\28_initializer.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\281_ibario_tier3_pops_m.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\4_jquery_1_7_1.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\47_resources_background.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\64_appApiMessage.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\7_hooks.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\72_appApiValidation.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\78_CrossriderInfo.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\9_search_engine_hook.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\93_superfish_no_coupons_m.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\plugins\98_omniCommands.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\userCode\background.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\extensionData\userCode\extension.js
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\install.rdf
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\locale\en-US\translations.dtd
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\skin\button1.png
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\skin\button2.png
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\skin\button3.png
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\skin\button4.png
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\skin\button5.png
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\skin\crossrider_statusbar.png
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\skin\icon128.png
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\skin\icon16.png
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\skin\icon24.png
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\skin\icon48.png
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\skin\panelarrow-up.png
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\skin\popup.html
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\skin\skin.css
c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com\skin\update.css
c:\windows\PFRO.log
c:\windows\SysWow64\DEBUG.log
c:\windows\SysWow64\X86
.
.
(((((((((((((((((((((((((   Files Created from 2014-09-06 to 2014-10-06  )))))))))))))))))))))))))))))))
.
.
2014-10-06 20:43 . 2014-10-06 20:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-10-06 18:49 . 2014-10-06 18:49 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BDCA118A-A572-4966-8857-3574D6474B5A}\offreg.dll
2014-10-05 21:10 . 2014-10-06 18:39 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2014-10-05 21:10 . 2014-10-06 00:29 128728 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-05 21:08 . 2014-10-06 00:28 92888 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-10-05 17:13 . 2014-10-05 17:16 -------- d-----w- C:\FRST
2014-10-04 10:15 . 2014-09-09 02:05 11578928 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BDCA118A-A572-4966-8857-3574D6474B5A}\mpengine.dll
2014-10-03 10:55 . 2014-10-05 21:49 -------- d-----w- C:\AdwCleaner
2014-10-02 04:52 . 2014-10-02 04:52 -------- d-----w- c:\users\Creechling\AppData\Roaming\Malwarebytes
2014-10-02 04:52 . 2009-04-06 23:32 15504 ----a-w- c:\windows\SysWow64\drivers\mbam.sys
2014-10-02 04:52 . 2009-04-06 23:32 38496 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2014-10-02 04:52 . 2014-10-03 14:13 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2014-10-02 04:52 . 2014-10-02 04:52 -------- d-----w- c:\programdata\Malwarebytes
2014-09-30 20:43 . 2014-09-30 20:43 -------- d-----w- c:\program files (x86)\Techsnab
2014-09-26 12:06 . 2014-09-26 12:06 -------- d-----w- c:\windows\ERUNT
2014-09-25 19:42 . 2014-09-25 19:42 -------- d-----w- c:\program files (x86)\Microsoft CAPICOM 2.1.0.2
2014-09-25 19:36 . 2014-06-27 02:08 2777088 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2014-09-25 19:36 . 2014-06-27 01:45 2285056 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2014-09-25 18:57 . 2014-07-07 02:06 728064 ----a-w- c:\windows\system32\kerberos.dll
2014-09-25 18:57 . 2014-07-07 02:06 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-09-25 18:57 . 2014-07-07 01:40 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-09-25 18:57 . 2014-07-07 01:40 550912 ----a-w- c:\windows\SysWow64\kerberos.dll
2014-09-25 18:57 . 2014-07-07 01:39 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-09-25 18:56 . 2014-09-09 22:11 2048 ----a-w- c:\windows\system32\tzres.dll
2014-09-25 18:56 . 2014-09-09 21:47 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2014-09-25 18:56 . 2014-09-05 02:10 578048 ----a-w- c:\windows\system32\aepdu.dll
2014-09-25 18:56 . 2014-09-05 02:05 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-09-25 18:56 . 2014-08-01 11:53 1031168 ----a-w- c:\windows\system32\TSWorkspace.dll
2014-09-25 18:56 . 2014-08-01 11:35 793600 ----a-w- c:\windows\SysWow64\TSWorkspace.dll
2014-09-25 18:56 . 2014-06-24 03:29 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2014-09-25 18:56 . 2014-06-24 02:59 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2014-09-25 17:57 . 2014-09-25 17:57 -------- d-----w- c:\program files (x86)\SplitMediaLabs
2014-09-25 17:30 . 2014-09-25 17:30 -------- d-----w- c:\users\Creechling\AppData\Local\SplitMediaLabs
2014-09-25 17:30 . 2014-09-25 17:30 -------- d-----w- c:\programdata\SplitMediaLabs
2014-09-25 17:29 . 2014-09-25 17:29 -------- d-----w- c:\users\Creechling\AppData\Roaming\SplitMediaLabs
2014-09-19 20:41 . 2014-10-01 20:41 70144 ----a-w- c:\windows\SysWow64\tasks.dll
2014-09-18 20:41 . 2014-09-18 20:41 -------- d-----w- c:\programdata\Eakona
2014-09-11 20:45 . 2014-09-11 20:45 -------- d-----w- c:\program files\iPod
2014-09-11 20:45 . 2014-09-11 20:45 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-11 20:45 . 2014-09-11 20:45 -------- d-----w- c:\program files\iTunes
2014-09-11 20:45 . 2014-09-11 20:45 -------- d-----w- c:\program files (x86)\iTunes
2014-09-11 20:40 . 2014-09-11 20:40 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2014-09-11 20:40 . 2014-09-11 20:40 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2014-09-11 20:40 . 2014-09-11 20:40 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2014-09-11 20:40 . 2014-09-11 20:40 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2014-09-11 20:40 . 2014-09-11 20:40 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2014-09-11 20:39 . 2014-09-11 20:40 -------- d-----w- c:\program files (x86)\QuickTime
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-09-25 19:37 . 2014-01-17 10:36 101694776 ----a-w- c:\windows\system32\MRT.exe
2014-09-15 17:06 . 2010-11-21 03:27 278152 ------w- c:\windows\system32\MpSigStub.exe
2014-09-05 18:59 . 2014-09-05 18:59 53248 ----a-r- c:\users\Creechling\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2014-08-23 02:07 . 2014-09-01 20:53 404480 ----a-w- c:\windows\system32\gdi32.dll
2014-08-23 01:45 . 2014-09-01 20:53 311808 ----a-w- c:\windows\SysWow64\gdi32.dll
2014-08-23 00:59 . 2014-09-01 20:53 3163648 ----a-w- c:\windows\system32\win32k.sys
2014-08-15 18:24 . 2013-09-17 22:52 50976 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2014-07-25 10:35 . 2014-07-25 10:35 875688 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2014-07-25 07:47 . 2014-07-25 07:47 869544 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2014-07-14 02:02 . 2014-08-15 10:07 1216000 ----a-w- c:\windows\system32\rpcrt4.dll
2014-07-14 01:40 . 2014-08-15 10:07 664064 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2014-07-09 02:03 . 2014-08-15 10:19 7168 ----a-w- c:\windows\system32\KBDYAK.DLL
2014-07-09 02:03 . 2014-08-15 10:19 7168 ----a-w- c:\windows\system32\KBDTAT.DLL
2014-07-09 02:03 . 2014-08-15 10:19 7168 ----a-w- c:\windows\system32\KBDRU1.DLL
2014-07-09 02:03 . 2014-08-15 10:19 6656 ----a-w- c:\windows\system32\KBDRU.DLL
2014-07-09 02:03 . 2014-08-15 10:19 7168 ----a-w- c:\windows\system32\KBDBASH.DLL
2014-07-09 01:31 . 2014-08-15 10:19 7168 ----a-w- c:\windows\SysWow64\KBDYAK.DLL
2014-07-09 01:31 . 2014-08-15 10:19 6656 ----a-w- c:\windows\SysWow64\KBDBASH.DLL
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-07-14 . 02062C0B390B7729EDC9E69C680A6F3C . 24128 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
[7] 2009-07-14 . 02062C0B390B7729EDC9E69C680A6F3C . 24128 . . [6.1.7600.16385] .. c:\windows\system32\drivers\atapi.sys
.
[7] 2009-07-14 . 769765CE2CC62867468CEA93969B2242 . 23040 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-rasbase-asyncmac_31bf3856ad364e35_6.1.7600.16385_none_804cc08a4e8a4516\asyncmac.sys
[7] 2009-07-14 . 769765CE2CC62867468CEA93969B2242 . 23040 . . [6.1.7600.16385] .. c:\windows\system32\drivers\asyncmac.sys
.
[7] 2009-07-14 . BC02336F1CBA7DCC7D1213BB588A68A5 . 50768 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_keyboard.inf_31bf3856ad364e35_6.1.7601.17514_none_f5747347ef9876bf\kbdclass.sys
[7] 2009-07-14 . BC02336F1CBA7DCC7D1213BB588A68A5 . 50768 . . [6.1.7601.17514] .. c:\windows\system32\drivers\kbdclass.sys
.
[7] 2012-08-22 . 760E38053BF56E501D562B70AD796B88 . 950128 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17939_none_05dc9a6832ba428a\ndis.sys
[7] 2012-08-22 . 760E38053BF56E501D562B70AD796B88 . 950128 . . [6.1.7600.16385] .. c:\windows\system32\drivers\ndis.sys
.
[7] 2014-01-24 . 48B6047F82D5A8D0AEC71593F4ACD79B . 1684416 . . [6.1.7601.22580] .. c:\windows\winsxs\amd64_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.22580_none_04d102ad4ce53e53\ntfs.sys
[7] 2014-01-24 . 1A29A59A4C5BA6F8C85062A613B7E2B2 . 1684928 . . [6.1.7600.16385] .. c:\windows\system32\drivers\ntfs.sys
.
[7] 2009-07-13 . 9899284589F75FA8724FF3D16AED75C1 . 6144 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-null_31bf3856ad364e35_6.1.7600.16385_none_055adf2434ae116e\null.sys
[7] 2009-07-13 . 9899284589F75FA8724FF3D16AED75C1 . 6144 . . [6.1.7600.16385] .. c:\windows\system32\drivers\null.sys
.
[7] 2014-04-05 . 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E . 1903552 . . [6.1.7601.18438] .. c:\windows\winsxs\amd64_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.18438_none_113260637d1284ef\tcpip.sys
[7] 2014-04-05 . 04ADD18EE5CC9FBEDAEC1DD1CD0CB45E . 1903552 . . [6.1.7600.16385] .. c:\windows\system32\drivers\tcpip.sys
.
[7] 2010-11-21 . DDAD5A7AB24D8B65F8D724F5C20FD806 . 119296 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-tdi-over-tcpip_31bf3856ad364e35_6.1.7601.17514_none_4863cdbaf2b532f8\tdx.sys
[7] 2010-11-21 . DDAD5A7AB24D8B65F8D724F5C20FD806 . 119296 . . [6.1.7601.17514] .. c:\windows\system32\drivers\tdx.sys
.
[7] 2012-07-04 . 05F5A0D14A2EE1D8255C2AA0E9E8E694 . 136704 . . [6.1.7601.17887] .. c:\windows\winsxs\amd64_microsoft-windows-browserservice_31bf3856ad364e35_6.1.7601.17887_none_d6c68344b4d406bf\browser.dll
[7] 2012-07-04 . 156768ABAE1DAF29BA0B0C05C21FEF09 . 136704 . . [6.1.7601.22044] .. c:\windows\winsxs\amd64_microsoft-windows-browserservice_31bf3856ad364e35_6.1.7601.22044_none_d7783703cdd41e02\browser.dll
[7] 2010-11-21 . 8EF0D5C41EC907751B8429162B1239ED . 136192 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-browserservice_31bf3856ad364e35_6.1.7601.17514_none_d70f2c28b49dffae\browser.dll
[7] 2012-07-04 . 05F5A0D14A2EE1D8255C2AA0E9E8E694 . 136704 . . [6.1.7600.16385] .. c:\windows\system32\browser.dll
.
[7] 2014-05-30 . F23812F9F7B130854E4BC0389F7C688C . 31232 . . [6.1.7601.18489] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18489_none_0429c981739f213b\lsass.exe
[7] 2014-05-30 . 04F6C08B30C599D301CE8530A6F6A703 . 31232 . . [6.1.7601.22705] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22705_none_0505e8508c7f766f\lsass.exe
[7] 2014-04-12 . 6598EBC4D209318EBD81F76833ECBEDB . 31232 . . [6.1.7601.22653] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22653_none_04cdd63a8ca9d24f\lsass.exe
[7] 2014-04-12 . 6598EBC4D209318EBD81F76833ECBEDB . 31232 . . [6.1.7601.22653] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22712_none_04f817868c8a465b\lsass.exe
[7] 2014-04-12 . 6598EBC4D209318EBD81F76833ECBEDB . 31232 . . [6.1.7601.22653] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22736_none_04e678d68c96e399\lsass.exe
[7] 2014-04-12 . 204F3F58212B3E422C90BD9691A2DF28 . 31232 . . [6.1.7601.18443] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18443_none_044f07757384196d\lsass.exe
[7] 2014-04-12 . 204F3F58212B3E422C90BD9691A2DF28 . 31232 . . [6.1.7601.18443] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18496_none_041bf8b773a9f127\lsass.exe
[7] 2014-04-12 . 204F3F58212B3E422C90BD9691A2DF28 . 31232 . . [6.1.7601.18443] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18526_none_0467aa1173712ab7\lsass.exe
[7] 2013-09-25 . F021DAFB1F87616FCEBA159C2ED7042F . 30720 . . [6.1.7601.22465] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22465_none_04c503168cb026a0\lsass.exe
[7] 2013-09-25 . 4D71227301DD8D09097B9E4CC6527E5A . 30720 . . [6.1.7601.18270] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.18270_none_042b9307739f26ed\lsass.exe
[7] 2012-08-24 . 77119F1F9B492B260030C34F9BE327FA . 31232 . . [6.1.7601.22099] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22099_none_04a88ce28cc4eb33\lsass.exe
[7] 2012-07-13 . C118A82CD78818C29AB228366EBF81C3 . 31232 . . [6.1.7601.17725] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17725_none_0466c45b7371f20d\lsass.exe
[7] 2012-07-13 . C118A82CD78818C29AB228366EBF81C3 . 31232 . . [6.1.7601.17725] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17856_none_044756c773895c5e\lsass.exe
[7] 2012-07-13 . C118A82CD78818C29AB228366EBF81C3 . 31232 . . [6.1.7601.17725] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17940_none_044c26dd7386a58a\lsass.exe
[7] 2012-07-13 . 0A10B74FBB437FF9A23F1D5DE4446A83 . 31232 . . [6.1.7601.21861] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.21861_none_04c1204e8cb39c3f\lsass.exe
[7] 2012-06-04 . 79C908CAA6F43021EB05F4C733A927D1 . 31232 . . [6.1.7601.22010] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.22010_none_04f609a88c8c279c\lsass.exe
[7] 2009-07-14 . 0793F40B9B8A1BDD266296409DBD91EA . 31232 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_04709031736ac277\lsass.exe
[7] 2014-04-12 . 204F3F58212B3E422C90BD9691A2DF28 . 31232 . . [6.1.7601.18443] .. c:\windows\system32\lsass.exe
.
[7] 2009-07-14 . 847D3AE376C0817161A14A82C8922A9E . 360448 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-netman_31bf3856ad364e35_6.1.7600.16385_none_6bb20d3d6b80d9da\netman.dll
[7] 2009-07-14 . 847D3AE376C0817161A14A82C8922A9E . 360448 . . [6.1.7600.16385] .. c:\windows\system32\netman.dll
.
[7] 2010-11-21 . 1EA7969E3271CBC59E1730697DC74682 . 849920 . . [7.5.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-bits-client_31bf3856ad364e35_6.1.7601.17514_none_81b6ca5c101195cd\qmgr.dll
[7] 2010-11-21 . 1EA7969E3271CBC59E1730697DC74682 . 849920 . . [7.5.7600.16385] .. c:\windows\system32\qmgr.dll
.
[7] 2010-11-21 . 5C627D1B1138676C0A7AB2C2C190D123 . 512000 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-rpcss_31bf3856ad364e35_6.1.7601.17514_none_c7f0e16b547f887d\rpcss.dll
[7] 2010-11-21 . 5C627D1B1138676C0A7AB2C2C190D123 . 512000 . . [6.1.7601.17514] .. c:\windows\system32\rpcss.dll
.
[7] 2009-07-14 . 24ACB7E5BE595468E3B9AA488B9B4FCB . 328704 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
[7] 2009-07-14 . 24ACB7E5BE595468E3B9AA488B9B4FCB . 328704 . . [6.1.7600.16385] .. c:\windows\system32\services.exe
.
[7] 2012-02-11 . 85DAA09A98C9286D4EA2BA8D0E644377 . 559104 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17777_none_3433cdb2d8563d50\spoolsv.exe
[7] 2012-02-11 . B9D7A4858CF32A6A15D2763F1DE47E0E . 559616 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.21921_none_34ed7a43f150b682\spoolsv.exe
[7] 2010-11-21 . B96C17B5DC1424D56EEA3A99E97428CD . 559104 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17514_none_3471a890d8284f57\spoolsv.exe
[7] 2012-02-11 . 85DAA09A98C9286D4EA2BA8D0E644377 . 559104 . . [6.1.7600.16385] .. c:\windows\system32\spoolsv.exe
.
[7] 2014-03-04 . 6CE2AE073BD21C542FC2C707CAE944CC . 455680 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.22616_none_ce748d1d04acf24f\winlogon.exe
[7] 2014-03-04 . 88AB9B72B4BF3963A0DE0820B4B0B06C . 455168 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.18409_none_cdf8bf35eb848572\winlogon.exe
[7] 2010-11-21 . 1151B1BAA6F350B1DB6598E0FEA7C457 . 390656 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[7] 2014-03-04 . 88AB9B72B4BF3963A0DE0820B4B0B06C . 455168 . . [6.1.7601.17514] .. c:\windows\system32\winlogon.exe
.
[7] 2014-05-14 . EAD9E413A6CEB9FD8E2AD9DC0716C061 . 58336 . . [7.6.7600.320] .. c:\windows\winsxs\amd64_microsoft-windows-w..wsupdateclient-core_31bf3856ad364e35_7.6.7600.320_none_d5f64d30518fd000\wuauclt.exe
[7] 2014-05-14 . EAD9E413A6CEB9FD8E2AD9DC0716C061 . 58336 . . [7.6.7600.320] .. c:\windows\system32\wuauclt.exe
.
[7] 2013-07-04 . 9028D1621C43DF8DFBD1C76860412A11 . 633856 . . [5.82] .. c:\windows\winsxs\amd64_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7601.18201_none_97c9d703ee91c7f1\comctl32.dll
[7] 2013-07-04 . 9028D1621C43DF8DFBD1C76860412A11 . 633856 . . [5.82] .. c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_a4d3b9377117c3df\comctl32.dll
[7] 2013-07-04 . 4F3C5CE9EF990E1C62B7E7EBA0EBA1C2 . 633856 . . [5.82] .. c:\windows\winsxs\amd64_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7601.22376_none_980cc5cd07e3aa05\comctl32.dll
[7] 2013-07-04 . 4F3C5CE9EF990E1C62B7E7EBA0EBA1C2 . 633856 . . [5.82] .. c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.22376_none_a6ba9bf96e3dcd13\comctl32.dll
[7] 2010-11-21 . 14DFDEAF4E589ED3F1FF187A86B9408C . 633856 . . [5.82] .. c:\windows\winsxs\amd64_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7601.17514_none_97c2246fee970dbb\comctl32.dll
[7] 2010-11-21 . 14DFDEAF4E589ED3F1FF187A86B9408C . 633856 . . [5.82] .. c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_a4d6a923711520a9\comctl32.dll
[7] 2010-11-21 . 7FA8FDC2C2A27817FD0F624E78D3B50C . 2030080 . . [5.82] .. c:\windows\winsxs\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll
[7] 2013-07-04 . 9028D1621C43DF8DFBD1C76860412A11 . 633856 . . [5.82] .. c:\windows\system32\comctl32.dll
.
[7] 2009-07-14 . 1A47D52E303B7543E4E6026595B95422 . 1297408 . . [2001.12.8530.16385] .. c:\windows\winsxs\amd64_microsoft-windows-com-complus.res_31bf3856ad364e35_6.1.7600.16385_none_88a5cc7effe2dfca\comres.dll
[7] 2009-07-14 . 1A47D52E303B7543E4E6026595B95422 . 1297408 . . [2001.12.8530.16385] .. c:\windows\system32\comres.dll
.
[7] 2013-10-05 . 509D31797A4B8A3D6ED78A330B19A919 . 186880 . . [6.1.7601.22473] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22473_none_d46d4138cabe2596\cryptsvc.dll
[7] 2013-07-09 . 434CCE8E7150CD1324C5FAA088D1D061 . 186880 . . [6.1.7601.22380] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22380_none_d45f6e88cac8f85b\cryptsvc.dll
[7] 2013-07-09 . 6B400F211BEE880A37A1ED0368776BF4 . 184320 . . [6.1.7601.18205] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18205_none_d431528fb165f7bc\cryptsvc.dll
[7] 2013-05-13 . D8129C49798CBBFB2E4351D4B7B8EF9C . 184320 . . [6.1.7601.18151] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18151_none_d3f73fe5b19220ee\cryptsvc.dll
[7] 2013-05-11 . 8122252F0A4ACFA92FA0C1D50D18493B . 186880 . . [6.1.7601.22322] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22322_none_d4a24ea4ca968363\cryptsvc.dll
[7] 2013-05-10 . 7FDC4626B01106A8EF328C88C7C0DEE3 . 184320 . . [6.1.7601.18150] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18150_none_d3f63f9bb1930797\cryptsvc.dll
[7] 2013-05-10 . CA13C4F92BEE66DB48E58AB3223DDF6E . 186880 . . [6.1.7601.22321] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22321_none_d4a14e5aca976a0c\cryptsvc.dll
[7] 2012-06-04 . 7E7D2DACF65D750D466F36BD3D09AE20 . 186880 . . [6.1.7601.22010] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22010_none_d4ab184aca903d4f\cryptsvc.dll
[7] 2012-06-02 . 9C01375BE382E834CC26D1B7EAF2C4FE . 184320 . . [6.1.7601.17856] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17856_none_d3fc6569b18d7211\cryptsvc.dll
[7] 2010-11-21 . 15597883FBE9B056F276ADA3AD87D9AF . 177152 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_d4259ed3b16ed82a\cryptsvc.dll
[7] 2013-07-09 . 6B400F211BEE880A37A1ED0368776BF4 . 184320 . . [6.1.7600.16385] .. c:\windows\system32\cryptsvc.dll
.
[7] 2009-07-14 . 4166F82BE4D24938977DD1746BE9B8A0 . 402944 . . [2001.12.8530.16385] .. c:\windows\winsxs\amd64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_68e290c46b6ea6d0\es.dll
[7] 2009-07-14 . 4166F82BE4D24938977DD1746BE9B8A0 . 402944 . . [2001.12.8530.16385] .. c:\windows\system32\es.dll
.
[7] 2009-07-14 . AA2C08CE85653B1A0D2E4AB407FA176C . 167424 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-imm32_31bf3856ad364e35_6.1.7600.16385_none_b84b0fbd941c03a9\imm32.dll
[7] 2009-07-14 . AA2C08CE85653B1A0D2E4AB407FA176C . 167424 . . [6.1.7600.16385] .. c:\windows\system32\imm32.dll
.
[7] 2014-04-25 . 088CF6AFCD5CDD44E40C0ACDE3C1A5E0 . 801280 . . [1.0626.7601.18454] .. c:\windows\winsxs\amd64_microsoft-windows-usp_31bf3856ad364e35_6.1.7601.18454_none_0af5261f6f3c76ad\usp10.dll
[7] 2014-04-25 . BB2B03C6B6778A9B2866A049CC600D55 . 801792 . . [1.0626.7601.22666] .. c:\windows\winsxs\amd64_microsoft-windows-usp_31bf3856ad364e35_6.1.7601.22666_none_0b75f5788860623d\usp10.dll
[7] 2012-11-22 . E4ACCC7927A1478DF636534864E03666 . 801280 . . [1.0626.7601.22171] .. c:\windows\winsxs\amd64_microsoft-windows-usp_31bf3856ad364e35_6.1.7601.22171_none_0b661a9c886d0db8\usp10.dll
[7] 2012-11-22 . DBF99FD9CAF75CA66D042BD8D050FF71 . 800768 . . [1.0626.7601.18009] .. c:\windows\winsxs\amd64_microsoft-windows-usp_31bf3856ad364e35_6.1.7601.18009_none_0b302f956f0f750f\usp10.dll
[7] 2010-11-21 . 2F8B1E3EE3545D3B5A8D56FA1AE07B65 . 800256 . . [1.0626.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-usp_31bf3856ad364e35_6.1.7601.17514_none_0b207e7d6f1bea6f\usp10.dll
[7] 2014-04-25 . 088CF6AFCD5CDD44E40C0ACDE3C1A5E0 . 801280 . . [1.0626.7601.18454] .. c:\windows\system32\usp10.dll
.
[7] 2014-04-12 . 77BBBF70BCE286CD19E1E68F248363FA . 1164800 . . [6.1.7601.22653] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22653_none_f24130b9862a22c7\kernel32.dll
[7] 2014-03-04 . 52E77DC8E31C89FBB1E968699C8121C5 . 1164800 . . [6.1.7601.22616] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22616_none_f26f71478606ff08\kernel32.dll
[7] 2014-03-04 . D2A513EE880D71BDE7F0257F38B9D019 . 1163264 . . [6.1.7601.18409] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18409_none_f1f3a3606cde922b\kernel32.dll
[7] 2013-08-29 . 786D234A90FCAC72633AE6FC52653A49 . 1162240 . . [6.1.7601.22436] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22436_none_f259cda386173c9c\kernel32.dll
[7] 2013-08-02 . C525D51A79B01342344F02E38866CF60 . 1162240 . . [6.1.7601.22411] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22411_none_f26a6c09860b8607\kernel32.dll
[7] 2013-08-02 . D8973E71F1B35CD3F3DEA7C12D49D0F0 . 1161216 . . [6.1.7601.18229] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18229_none_f1ddffbc6ceecfbf\kernel32.dll
[7] 2013-07-08 . 38E54D419A2962E24D35D868E4724AE7 . 1162240 . . [6.1.7601.22379] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22379_none_f2318ceb8634fb3e\kernel32.dll
[7] 2013-01-04 . B844114B247D8EF1E5E4E93A282D2E6F . 1162240 . . [6.1.7601.22209] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22209_none_f27d3a7985fc3a80\kernel32.dll
[7] 2012-11-30 . B3BEA6420D482356E53B7C728E05C637 . 1163264 . . [6.1.7601.22177] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22177_none_f22f888b8636ce42\kernel32.dll
[7] 2012-11-30 . 65C113214F7B05820F6D8A65B1485196 . 1161216 . . [6.1.7601.18015] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18015_none_f1e4cab46cea5424\kernel32.dll
[7] 2012-10-04 . 1DC3504CA4C57900F1557E9A3F01D272 . 1161216 . . [6.1.7601.17965] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17965_none_f1aee2f66d12ac97\kernel32.dll
[7] 2012-10-04 . F3C594D0DA3ACFA6C7B781A490AB4282 . 1162240 . . [6.1.7601.22125] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22125_none_f263979386100fdf\kernel32.dll
[7] 2012-07-13 . B9B42A302325537D7B9DC52D47F33A73 . 1162752 . . [6.1.7601.17651] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17651_none_f1b5ac086d0e33d5\kernel32.dll
[7] 2012-07-13 . 27AC02D8EE4C02E7648C41CB880151DA . 1163264 . . [6.1.7601.21772] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21772_none_f22aa945863b24d8\kernel32.dll
[7] 2010-11-21 . 7A6326D96D53048FDEC542DF23D875A0 . 1161216 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17514_none_f1e3eab06ceb12ef\kernel32.dll
[7] 2014-03-04 . D2A513EE880D71BDE7F0257F38B9D019 . 1163264 . . [6.1.7601.18015] .. c:\windows\system32\kernel32.dll
.
[7] 2009-07-14 . A0A65D306A5490D2EB8E7DE66898ECFD . 29696 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-linkinfo_31bf3856ad364e35_6.1.7600.16385_none_945a23c3bf051859\linkinfo.dll
[7] 2009-07-14 . A0A65D306A5490D2EB8E7DE66898ECFD . 29696 . . [6.1.7600.16385] .. c:\windows\system32\linkinfo.dll
.
[7] 2013-06-06 . 796B47A4B82EF1C39F13435B88834C48 . 41472 . . [6.1.7601.18177] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.18177_none_07bb20dd7154003d\lpk.dll
[7] 2013-06-06 . 22FC61B8E1EBA296FF416C3678E26DD3 . 41472 . . [6.1.7601.22350] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.22350_none_08535d608a67b3eb\lpk.dll
[7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17514_none_07f91de77125e78d\lpk.dll
[7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17537_none_07e67eed71336b74\lpk.dll
[7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17563_none_07c20e01714f59eb\lpk.dll
[7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.18032_none_07e15d357138149f\lpk.dll
[7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.21636_none_086f1b6e8a51f1e7\lpk.dll
[7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.21664_none_084cab168a6c130c\lpk.dll
[7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.22195_none_082d1b568a83a814\lpk.dll
[7] 2013-06-06 . 796B47A4B82EF1C39F13435B88834C48 . 41472 . . [6.1.7601.18177] .. c:\windows\system32\lpk.dll
.
[7] 2009-07-14 . 3B367397320C26DBA890B260F80D1B1B . 424448 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-i..ectionsharingconfig_31bf3856ad364e35_6.1.7600.16385_none_0c2b375bae4a8d38\hnetcfg.dll
[7] 2009-07-14 . 3B367397320C26DBA890B260F80D1B1B . 424448 . . [6.1.7600.16385] .. c:\windows\system32\hnetcfg.dll
.
[7] 2014-08-18 . 920BD93A0B64657A20CA66C2EBB167EA . 23591424 . . [11.00.9600.17280] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17280_none_f5b67f6437213d09\mshtml.dll
[7] 2014-07-25 . ECA387DCD57F683C52171C766CF400F0 . 23645696 . . [11.00.9600.17280] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17239_none_f5b0b0ea3726a4ff\mshtml.dll
[7] 2014-06-19 . FEC19C351EF1B2C998A85D1BFD765675 . 23464448 . . [11.00.9600.17207] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17207_none_f5addd9c372925b8\mshtml.dll
[7] 2014-05-30 . 56803B20D168C1B740D12CE0BE4588F5 . 23414784 . . [11.00.9600.17126] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17126_none_f5bac4e4371f22d4\mshtml.dll
[7] 2014-05-06 . 797E2E5C309AFF76990D5B7AF457EACA . 23544320 . . [11.00.9600.17107] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17107_none_f5b8ad88372109c7\mshtml.dll
[7] 2014-04-29 . F63F2285B933CED23B5BBE7BD500E0C5 . 23133184 . . [11.00.9600.16661] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.16661_none_f589267237439699\mshtml.dll
[7] 2014-04-29 . A98DA2EC1E56CF52C682D072F77D9874 . 23547904 . . [11.00.9600.17105] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17105_none_f5b8db183720d685\mshtml.dll
[7] 2014-03-31 . C3E3EFD320D0000BE6F9CDB00CD6086F . 23134208 . . [11.00.9600.16659] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.16659_none_f5876fe837454a4a\mshtml.dll
[7] 2014-03-06 . 37D0FB9E5E8EDA40B66FC3FB3D660261 . 23549440 . . [11.00.9600.17041] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17041_none_f5c8074c3714b96c\mshtml.dll
[7] 2014-03-01 . 4E0709D9BB951AD1C22E4FF519B90839 . 23133696 . . [11.00.9600.16521] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.16521_none_f58ff536373f154c\mshtml.dll
[7] 2014-02-06 . D016F5092E4FFC41147E8555A71D2DDE . 23170048 . . [11.00.9600.16518] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.16518_none_f58e55743740af5c\mshtml.dll
[7] 2013-11-26 . D233E1A32CE6AF918C9DE1BC44AFEB2A . 23212032 . . [11.00.9600.16428] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.16428_none_f59a25aa3737acc2\mshtml.dll
[7] 2013-11-26 . 16B0A65F52531B769B891DC251ECC6C0 . 23183360 . . [11.00.9600.16476] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.16476_none_f59f54ac3732f833\mshtml.dll
[7] 2013-10-12 . 25C356A79B7002E0A20AAF592ED59DE4 . 19269632 . . [10.00.9200.16736] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.16736_none_91079aba92acea3d\mshtml.dll
[7] 2013-10-12 . BED01C981AA5D47941F6BAF30B6FE12C . 19510784 . . [10.00.9200.20848] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.20848_none_7a2ff6ecac5bb27c\mshtml.dll
[7] 2013-09-22 . 9958430CE5BFC43D693D6138C31788CC . 19494912 . . [10.00.9200.20831] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.20831_none_7a2f961aac5be5be\mshtml.dll
[7] 2013-09-22 . F026C6F104758D0EB215B017016FAE27 . 19252224 . . [10.00.9200.16721] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.16721_none_91070c5892ad50c1\mshtml.dll
[7] 2013-08-10 . CC4AE7E2ECAEE7612B3C0D3AB302375C . 19246592 . . [10.00.9200.16686] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.16686_none_91176c1892a04cff\mshtml.dll
[7] 2013-08-10 . C2793FDC1EDB82635C538630FE192CC9 . 19488768 . . [10.00.9200.20794] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.20794_none_7a40236aac4eaeba\mshtml.dll
[7] 2013-07-26 . 396889142BD839DB8A055A0BE0AD2F79 . 19239424 . . [10.00.9200.16660] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.16660_none_9115f43492a1808b\mshtml.dll
[7] 2013-07-26 . 865EB4E69DAF2DE052E8D020F4F7D313 . 19482112 . . [10.00.9200.20768] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.20768_none_7a3cc76cac51c939\mshtml.dll
[7] 2013-06-12 . 884691F819503DD2191A2641CC827A52 . 19482112 . . [10.00.9200.20742] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.20742_none_7a3b4f88ac52fcc5\mshtml.dll
[7] 2014-08-18 . 920BD93A0B64657A20CA66C2EBB167EA . 23591424 . . [11.00.9600.17280] .. c:\windows\system32\mshtml.dll
.
[7] 2011-12-16 . C391FC68282A000CDF953F8B6B55D2EF . 634880 . . [7.0.7601.17744] .. c:\windows\winsxs\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7601.17744_none_2f5acf97b59df60f\msvcrt.dll
[7] 2011-12-16 . F9A4C695C86CC32048FE2C987A0BD387 . 634880 . . [7.0.7601.21878] .. c:\windows\winsxs\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7601.21878_none_2fc7fdc6ced04f08\msvcrt.dll
[7] 2009-07-14 . 7319BB10FA1F86E49E3DCF4136F6C957 . 634880 . . [7.0.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7600.16385_none_2d4a27c7b8972454\msvcrt.dll
[7] 2011-12-16 . C391FC68282A000CDF953F8B6B55D2EF . 634880 . . [7.0.7601.17744] .. c:\windows\system32\msvcrt.dll
.
[7] 2013-09-08 . 9A9F9F1A77D6A80EE28B57664F00013E . 327168 . . [6.1.7601.18254] .. c:\windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.18254_none_164e004b440bdabf\mswsock.dll
[7] 2013-09-07 . BDDB1FD258B92DEE00F222D3304B5D9C . 327168 . . [6.1.7601.22444] .. c:\windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.22444_none_16e26ee85d215bbf\mswsock.dll
[7] 2010-11-21 . 1D5185A4C7E6695431AE4B55C3D7D333 . 326144 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_16795c7543eb48cf\mswsock.dll
[7] 2013-09-08 . 9A9F9F1A77D6A80EE28B57664F00013E . 327168 . . [6.1.7600.16385] .. c:\windows\system32\mswsock.dll
.
[7] 2010-11-21 . AA339DD8BB128EF66660DFBBB59043D3 . 695808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[7] 2010-11-21 . AA339DD8BB128EF66660DFBBB59043D3 . 695808 . . [6.1.7600.16385] .. c:\windows\system32\netlogon.dll
.
[7] 2009-07-14 . 716175021BDA290504CE434273F666BC . 167424 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-userpowermanagement_31bf3856ad364e35_6.1.7600.16385_none_ff0e900816896618\powrprof.dll
[7] 2009-07-14 . 716175021BDA290504CE434273F666BC . 167424 . . [6.1.7600.16385] .. c:\windows\system32\powrprof.dll
.
[7] 2010-11-21 . ED78427259134C63ED69804D2132B86C . 232960 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
[7] 2010-11-21 . ED78427259134C63ED69804D2132B86C . 232960 . . [6.1.7600.16385] .. c:\windows\system32\scecli.dll
.
[7] 2009-07-14 . C6DCD1D11ED6827F05C00773C3E7053C . 3072 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-sfc_31bf3856ad364e35_6.1.7600.16385_none_032ab4f375e2ac1f\sfc.dll
[7] 2009-07-14 . C6DCD1D11ED6827F05C00773C3E7053C . 3072 . . [6.1.7600.16385] .. c:\windows\system32\sfc.dll
.
[7] 2009-07-14 . C78655BC80301D76ED4FEF1C1EA40A7D . 27136 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
[7] 2009-07-14 . C78655BC80301D76ED4FEF1C1EA40A7D . 27136 . . [6.1.7600.16385] .. c:\windows\system32\svchost.exe
.
[7] 2010-11-21 . 40F0849F65D13EE87B9A9AE3C1DD6823 . 316928 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-tapiservice_31bf3856ad364e35_6.1.7601.17514_none_4162de4afb9222c0\tapisrv.dll
[7] 2010-11-21 . 40F0849F65D13EE87B9A9AE3C1DD6823 . 316928 . . [6.1.7600.16385] .. c:\windows\system32\tapisrv.dll
.
[7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[7] 2010-11-21 . BAFE84E637BF7388C96EF48D4D3FDD53 . 30720 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
[7] 2010-11-21 . BAFE84E637BF7388C96EF48D4D3FDD53 . 30720 . . [6.1.7600.16385] .. c:\windows\system32\userinit.exe
.
[7] 2014-08-18 . 39EBB9708453036A74C30C9A294023FF . 2310656 . . [11.00.9600.16428] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17280_none_e45c6045b6cad3d3\wininet.dll
[7] 2014-07-25 . 8E71A5CB5312B8392D4DA4CA37BB5868 . 2266624 . . [11.00.9600.16428] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17239_none_e45691cbb6d03bc9\wininet.dll
[7] 2014-06-18 . 2EE102DF0EDD8A1EDD3D1E9B99A91BEC . 2266112 . . [11.00.9600.16428] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17207_none_e453be7db6d2bc82\wininet.dll
[7] 2014-05-30 . 40BFD9D6EC8E174145F012246CA73CCD . 2266112 . . [11.00.9600.16428] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17126_none_e460a5c5b6c8b99e\wininet.dll
[7] 2014-03-06 . F220BA78AB542C70211D73AE4729B2CD . 2260480 . . [11.00.9600.16428] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17041_none_e46de82db6be5036\wininet.dll
[7] 2014-03-01 . DF79CE9B950C62677D232154E93A81C7 . 2334208 . . [11.00.9600.16428] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.16521_none_e435d617b6e8ac16\wininet.dll
[7] 2014-02-06 . 263B6E451526A90FF8B1CEC759F22956 . 2334208 . . [11.00.9600.16428] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.16518_none_e4343655b6ea4626\wininet.dll
[7] 2013-11-26 . E6CB36B85BE59095337427E853A5B65A . 2332160 . . [11.00.9600.16428] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.16428_none_e440068bb6e1438c\wininet.dll
[7] 2013-11-26 . 9B6678DB9C6A232C5A84D2FDFFF8B0E1 . 2334208 . . [11.00.9600.16428] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.16476_none_e445358db6dc8efd\wininet.dll
[7] 2013-10-12 . 9706C99DAEBE3FEAC811B239617E98C4 . 2241536 . . [10.00.9200.16736] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.16736_none_7fad7b9c12568107\wininet.dll
[7] 2013-10-12 . 7E7F32C588DA6A4554046804D8EEAC55 . 2249216 . . [10.00.9200.20848] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.20848_none_68d5d7ce2c054946\wininet.dll
[7] 2013-09-22 . 1377A310439639A610097ED56975AE19 . 2248704 . . [10.00.9200.20830] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.20831_none_68d576fc2c057c88\wininet.dll
[7] 2013-09-22 . D28B35DE88D27EFB27DF4B1E8319E3C0 . 2241024 . . [10.00.9200.16720] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.16721_none_7faced3a1256e78b\wininet.dll
[7] 2013-08-10 . AAFA952E774DDDB0956D3BDFAE5B5B99 . 2241024 . . [10.00.9200.16686] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.16686_none_7fbd4cfa1249e3c9\wininet.dll
[7] 2013-08-10 . 0A380C8E396975463E3F643E88AE8BDF . 2248704 . . [10.00.9200.20794] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.20794_none_68e6044c2bf84584\wininet.dll
[7] 2013-07-26 . AC155DD9BD1E6D3B740826A4D1C68AAE . 2241024 . . [10.00.9200.16660] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.16660_none_7fbbd516124b1755\wininet.dll
[7] 2013-07-26 . 5C49F5A791B944AD8247473ABD35602D . 2248704 . . [10.00.9200.20768] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.20768_none_68e2a84e2bfb6003\wininet.dll
[7] 2013-06-12 . 09BF0D9701F9D846BBC5ABED003851CB . 2248704 . . [10.00.9200.20742] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.20742_none_68e1306a2bfc938f\wininet.dll
[7] 2013-06-11 . FAF6EC2460AD5FBBD38D8E1AE28B0D77 . 2241024 . . [10.00.9200.16635] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.16635_none_7fb86250124e4b75\wininet.dll
[7] 2013-05-17 . 7E43B93C0E9C138AC1008F646B06E919 . 2248704 . . [10.00.9200.20716] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.20719_none_68dd90142bfffaf1\wininet.dll
[7] 2013-05-17 . 12716D987D475B051F35895659159705 . 2241024 . . [10.00.9200.16611] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.16614_none_7fb67884124fff26\wininet.dll
[7] 2013-04-05 . 27A9000C534AA9BADC9EE74940F50C6D . 2242048 . . [10.00.9200.16576] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.16576_none_7fc71c9c1242ae81\wininet.dll
[7] 2013-04-05 . 61962C7A2D6E32827F089E6F0A03E533 . 2247168 . . [10.00.9200.20681] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.20681_none_68f018462bf0c359\wininet.dll
[7] 2013-04-01 . 69F1D418B4C4EC23033D598E4CBC6B73 . 2240512 . . [10.00.9200.16521] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.16521_none_7fc28d121246afa9\wininet.dll
[7] 2013-02-24 . 32D39C8BA5940DA0EB6E7993F3190F92 . 2247168 . . [10.00.9200.20644] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.20644_none_68ebd2c62bf4aae0\wininet.dll
[7] 2013-02-21 . 753C0848AE7872A3F59663078A517293 . 2240512 . . [10.00.9200.16540] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.16540_none_7fc4a46e1244c8b6\wininet.dll
[7] 2013-02-02 . 4E0669B513805A7C2A303C8EDEDC8E03 . 1392128 . . [9.00.8112.20580] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20580_none_76ceeeb88dc602aa\wininet.dll
[7] 2013-02-02 . FA274190682AA41A46B285208ED46A74 . 1392128 . . [9.00.8112.16470] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16470_none_765021d974a046ef\wininet.dll
[7] 2013-01-09 . 435E9C764E1EF70058580996452BE6A2 . 1392128 . . [9.00.8112.16464] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16464_none_765ef2ed7494905a\wininet.dll
[7] 2013-01-08 . 43A6A68F1F41B13CA4D580D40DFA57EE . 1392128 . . [9.00.8112.20573] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20573_none_76dcbf828dbb32be\wininet.dll
[7] 2012-07-13 . 4EFC156290537BB9706D3A7A1A4B8733 . 1188864 . . [8.00.7601.17720] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17720_none_7aba72dc2f804587\wininet.dll
[7] 2012-07-13 . 8F2CC83B92626A3B7E1DF360720FAD30 . 1189376 . . [8.00.7601.21855] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.21855_none_7b28a15548b1b7d7\wininet.dll
[7] 2012-07-13 . 69151E566295E5A977FE71FFAFD3B3F8 . 1390080 . . [9.00.8112.16440] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16440_none_7670919d7487f31c\wininet.dll
[7] 2012-07-13 . 244D45F786E33C169A93F70BA63BABF8 . 1390080 . . [9.00.8112.20544] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20544_none_76fe2f908da1f842\wininet.dll
[7] 2012-07-13 . 1BF2BCC7E3C26FD4C8EF0C9EFB0CC25D . 1389056 . . [9.00.8112.16421] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16421_none_768731bf7476d491\wininet.dll
[7] 2010-11-21 . F6C5302E1F4813D552F41A0AC82455E5 . 1188864 . . [8.00.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17514_none_7ac940242f7494a4\wininet.dll
[7] 2014-08-18 . 39EBB9708453036A74C30C9A294023FF . 2310656 . . [11.00.9600.16428] .. c:\windows\system32\wininet.dll
.
[7] 2010-11-21 . 4BBFA57F594F7E8A8EDC8F377184C3F0 . 297984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_50ddb631e4f59005\ws2_32.dll
[7] 2010-11-21 . 4BBFA57F594F7E8A8EDC8F377184C3F0 . 297984 . . [6.1.7600.16385] .. c:\windows\system32\ws2_32.dll
.
[7] 2009-07-14 . 8396C6C26AADDFE4590CCEF0F419B6B7 . 4608 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\ws2help.dll
[7] 2009-07-14 . 8396C6C26AADDFE4590CCEF0F419B6B7 . 4608 . . [6.1.7600.16385] .. c:\windows\system32\ws2help.dll
.
[7] 2010-11-21 . 6C60B5ACA7442EFB794082CDACFC001C . 2086912 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7601.17514_none_0a43accb08f0eac5\ole32.dll
[7] 2010-11-21 . 6C60B5ACA7442EFB794082CDACFC001C . 2086912 . . [6.1.7600.16385] .. c:\windows\system32\ole32.dll
.
[7] 2009-07-14 . 86FE1B1F8FD42CD0DB641AB1CDB13093 . 18944 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
[7] 2009-07-14 . 86FE1B1F8FD42CD0DB641AB1CDB13093 . 18944 . . [6.1.7600.16385] .. c:\windows\system32\cngaudit.dll
.
[7] 2009-07-14 . 94355C28C1970635A31B3FE52EB7CEBA . 129024 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[7] 2009-07-14 . 94355C28C1970635A31B3FE52EB7CEBA . 129024 . . [6.1.7600.16385] .. c:\windows\system32\wininit.exe
.
[7] 2009-07-14 . 42B6A94DD747DF2B5F628A2752E62A98 . 9728 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_f9257e7aaa4290ce\ctfmon.exe
[7] 2009-07-14 . 42B6A94DD747DF2B5F628A2752E62A98 . 9728 . . [6.1.7600.16385] .. c:\windows\system32\ctfmon.exe
.
[7] 2010-11-21 . AAF932B4011D14052955D4B212A4DA8D . 370688 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-shsvcs_31bf3856ad364e35_6.1.7601.17514_none_2b566299338d2123\shsvcs.dll
[7] 2010-11-21 . AAF932B4011D14052955D4B212A4DA8D . 370688 . . [6.1.7600.16385] .. c:\windows\system32\shsvcs.dll
.
[7] 2009-07-14 . E4D94F24081440B5FC5AA556C7C62702 . 159232 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-remoteregistry-service_31bf3856ad364e35_6.1.7600.16385_none_e55af7609d2857a8\regsvc.dll
[7] 2009-07-14 . E4D94F24081440B5FC5AA556C7C62702 . 159232 . . [6.1.7600.16385] .. c:\windows\system32\regsvc.dll
.
[7] 2010-11-21 . 262F6592C3299C005FD6BEC90FC4463A . 1110016 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.1.7601.17514_none_8d272400ada202f9\schedsvc.dll
[7] 2010-11-21 . 262F6592C3299C005FD6BEC90FC4463A . 1110016 . . [6.1.7600.16385] .. c:\windows\system32\schedsvc.dll
.
[7] 2009-07-14 . 51B52FBD583CDE8AA9BA62B8B4298F33 . 193024 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-upnpssdp_31bf3856ad364e35_6.1.7600.16385_none_dbbe6492eae9505c\ssdpsrv.dll
[7] 2009-07-14 . 51B52FBD583CDE8AA9BA62B8B4298F33 . 193024 . . [6.1.7600.16385] .. c:\windows\system32\ssdpsrv.dll
.
[7] 2010-11-21 . 2E648163254233755035B46DD7B89123 . 680960 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_ecc547376ae3a1a3\termsrv.dll
[7] 2010-11-21 . 2E648163254233755035B46DD7B89123 . 680960 . . [6.1.7601.17514] .. c:\windows\system32\termsrv.dll
.
[7] 2014-03-04 . A9D735A8C6010DCE1148D4BC32365C14 . 5553088 . . [6.1.7601.22616] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22616_none_cae1eda6e3de88c2\ntoskrnl.exe
[7] 2014-03-04 . 6B47CF5C27865DDF6680E4D834FBE34F . 5550016 . . [6.1.7601.18409] .. c:\windows\system32\ntoskrnl.exe
.
[7] 2009-07-14 . 8560FFFC8EB3A806DCD4F82252CFC8C6 . 5120 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-d..tshow-kernelsupport_31bf3856ad364e35_6.1.7601.17514_none_4627a1cbadebced2\ksuser.dll
[7] 2009-07-14 . 8560FFFC8EB3A806DCD4F82252CFC8C6 . 5120 . . [6.1.7600.16385] .. c:\windows\system32\ksuser.dll
.
[7] 2009-07-14 . E424B3EF666B184CEE0B6871AAA8C9F6 . 8192 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi-painting_31bf3856ad364e35_6.1.7600.16385_none_d360c9c235bd1868\msimg32.dll
[7] 2009-07-14 . E424B3EF666B184CEE0B6871AAA8C9F6 . 8192 . . [6.1.7600.16385] .. c:\windows\system32\msimg32.dll
.
[7] 2013-07-04 . 700BD5A6AA5381D1D8ADC4045149DBF6 . 530432 . . [5.82] .. c:\windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7601.22376_none_3bee2a494f8638cf\comctl32.dll
[7] 2013-07-04 . 700BD5A6AA5381D1D8ADC4045149DBF6 . 530432 . . [5.82] .. c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.22376_none_ee67d2d082b9f619\comctl32.dll
[7] 2013-07-04 . 75F5E1FE8D55CF8E577E0EC5F2290D3F . 530432 . . [5.82] .. c:\windows\SysWOW64\comctl32.dll
[7] 2013-07-04 . 75F5E1FE8D55CF8E577E0EC5F2290D3F . 530432 . . [5.82] .. c:\windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7601.18201_none_3bab3b80363456bb\comctl32.dll
[7] 2013-07-04 . 75F5E1FE8D55CF8E577E0EC5F2290D3F . 530432 . . [5.82] .. c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_ec80f00e8593ece5\comctl32.dll
[7] 2010-11-21 . BDAC1AA64495D0F7E1FF810EBBF1F018 . 530432 . . [5.82] .. c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
[7] 2010-11-21 . BDAC1AA64495D0F7E1FF810EBBF1F018 . 530432 . . [5.82] .. c:\windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7601.17514_none_3ba388ec36399c85\comctl32.dll
[7] 2010-11-21 . 352B3DC62A0D259A82A052238425C872 . 1680896 . . [5.82] .. c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
.
[7] 2013-10-05 . F2D9242C3BBD1C36467FCAE1AE01733F . 142848 . . [6.1.7601.22473] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22473_none_784ea5b51260b460\cryptsvc.dll
[7] 2013-07-09 . 6DB499DEFCC827317C5371164A7CDB27 . 142848 . . [6.1.7601.22380] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22380_none_7840d305126b8725\cryptsvc.dll
[7] 2013-07-09 . 7CA1BECEA5DE2643ADDAD32670E7A4C9 . 140288 . . [6.1.7600.16385] .. c:\windows\SysWOW64\cryptsvc.dll
[7] 2013-07-09 . 7CA1BECEA5DE2643ADDAD32670E7A4C9 . 140288 . . [6.1.7601.18205] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18205_none_7812b70bf9088686\cryptsvc.dll
[7] 2013-05-13 . 3897DFF247D9ED0006190349DE264E14 . 140288 . . [6.1.7601.18151] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18151_none_77d8a461f934afb8\cryptsvc.dll
[7] 2013-05-11 . AC04D05309BB2C418D0D80B9FB014642 . 142848 . . [6.1.7601.22322] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22322_none_7883b3211239122d\cryptsvc.dll
[7] 2013-05-10 . E122AA1C9A3CC46FF9DDDE46E5EB0C58 . 142848 . . [6.1.7601.22321] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22321_none_7882b2d71239f8d6\cryptsvc.dll
[7] 2013-05-10 . 33ADF6E0853AB39EA1723BE82842C1D3 . 140288 . . [6.1.7601.18150] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18150_none_77d7a417f9359661\cryptsvc.dll
[7] 2012-06-02 . 063DD65889D21035311463337BD268E7 . 142336 . . [6.1.7601.22010] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22010_none_788c7cc71232cc19\cryptsvc.dll
[7] 2012-06-02 . 96C0E38905CFD788313BE8E11DAE3F2F . 140288 . . [6.1.7601.17856] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17856_none_77ddc9e5f93000db\cryptsvc.dll
[7] 2010-11-21 . A585BEBF7D054BD9618EDA0922D5484A . 136192 . . [6.1.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll
.
[7] 2009-07-14 . F6916EFC29D9953D5D0DF06882AE8E16 . 271360 . . [2001.12.8530.16385] .. c:\windows\SysWOW64\es.dll
[7] 2009-07-14 . F6916EFC29D9953D5D0DF06882AE8E16 . 271360 . . [2001.12.8530.16385] .. c:\windows\winsxs\wow64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_73373b169fcf68cb\es.dll
.
[7] 2010-11-21 . A6F09E5669D9A19035F6D942CAA15882 . 119808 . . [6.1.7601.17514] .. c:\windows\SysWOW64\imm32.dll
[7] 2010-11-21 . A6F09E5669D9A19035F6D942CAA15882 . 119808 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-imm32_31bf3856ad364e35_6.1.7601.17514_none_c4d0cdd7c56b493e\imm32.dll
.
[7] 2014-04-12 . C8C41EBEE097FEB29FB816854D3AD1E7 . 1114112 . . [6.1.7601.22653] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22653_none_fc95db0bba8ae4c2\kernel32.dll
[7] 2014-03-04 . 866696FBE24914047462E34812169954 . 1114112 . . [6.1.7601.22616] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22616_none_fcc41b99ba67c103\kernel32.dll
[7] 2014-03-04 . 76161B9D78A275F8F28DD67436013110 . 1114112 . . [6.1.7601.18015] .. c:\windows\SysWOW64\kernel32.dll
[7] 2014-03-04 . 76161B9D78A275F8F28DD67436013110 . 1114112 . . [6.1.7601.18015] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18409_none_fc484db2a13f5426\kernel32.dll
[7] 2013-08-29 . EE751CBD5D0C332FDF3DF7187B612416 . 1114112 . . [6.1.7601.22436] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22436_none_fcae77f5ba77fe97\kernel32.dll
[7] 2013-08-02 . 61579F821AB5FF7FA2966D64D1070BA8 . 1114112 . . [6.1.7601.22411] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22411_none_fcbf165bba6c4802\kernel32.dll
[7] 2013-08-02 . 365A5034093AD9E04F433046C4CDF6AB . 1114112 . . [6.1.7601.18229] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18229_none_fc32aa0ea14f91ba\kernel32.dll
[7] 2013-07-08 . 2997A7BC59E3EEFE8E86D1B0F3A3D748 . 1114112 . . [6.1.7601.22379] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22379_none_fc86373dba95bd39\kernel32.dll
[7] 2013-01-04 . 7E55988F5CB3BA67E2732370E8D71BBB . 1114112 . . [6.1.7601.22209] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22209_none_fcd1e4cbba5cfc7b\kernel32.dll
[7] 2012-11-30 . 9CC2571E3646B9A24296AD7ADCC71682 . 1114112 . . [6.1.7601.22177] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22177_none_fc8432ddba97903d\kernel32.dll
[7] 2012-11-30 . AC0B6F41882FC6ED186962D770EBF1D2 . 1114112 . . [6.1.7601.18015] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18015_none_fc397506a14b161f\kernel32.dll
[7] 2012-10-04 . D4F3176082566CEFA633B4945802D4C4 . 1114112 . . [6.1.7601.17965] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17965_none_fc038d48a1736e92\kernel32.dll
[7] 2012-10-04 . 5FA395364EE727E4BEE6B1406C207F98 . 1114112 . . [6.1.7601.22125] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22125_none_fcb841e5ba70d1da\kernel32.dll
[7] 2012-07-13 . 99C3F8E9CC59D95666EB8D8A8B4C2BEB . 1114112 . . [6.1.7601.17651] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17651_none_fc0a565aa16ef5d0\kernel32.dll
[7] 2012-07-13 . D3CB12854171DF61D117D7C2BF22C675 . 1114112 . . [6.1.7601.21772] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.21772_none_fc7f5397ba9be6d3\kernel32.dll
[7] 2010-11-21 . E80758CF485DB142FCA1EE03A34EAD05 . 837632 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17514_none_fc389502a14bd4ea\kernel32.dll
.
[7] 2009-07-14 . 5987EA8A82C53359BCD2C29D6588583E . 22016 . . [6.1.7600.16385] .. c:\windows\SysWOW64\linkinfo.dll
[7] 2009-07-14 . 5987EA8A82C53359BCD2C29D6588583E . 22016 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-linkinfo_31bf3856ad364e35_6.1.7600.16385_none_9eaece15f365da54\linkinfo.dll
.
[7] 2013-06-06 . 84CA3579EEB69D8E1EE67E4F721BF71C . 25600 . . [6.1.7601.22350] .. c:\windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.22350_none_12a807b2bec875e6\lpk.dll
[7] 2013-06-06 . CC23295DA8F7B5C53F93804D2F5D30EB . 25600 . . [6.1.7601.18177] .. c:\windows\SysWOW64\lpk.dll
[7] 2013-06-06 . CC23295DA8F7B5C53F93804D2F5D30EB . 25600 . . [6.1.7601.18177] .. c:\windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.18177_none_120fcb2fa5b4c238\lpk.dll
[7] 2009-07-14 . 384721EF4024890092625E20CADFAF85 . 25600 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17514_none_124dc839a586a988\lpk.dll
[7] 2009-07-14 . 384721EF4024890092625E20CADFAF85 . 25600 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17537_none_123b293fa5942d6f\lpk.dll
[7] 2009-07-14 . 384721EF4024890092625E20CADFAF85 . 25600 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17563_none_1216b853a5b01be6\lpk.dll
[7] 2009-07-14 . 384721EF4024890092625E20CADFAF85 . 25600 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.18032_none_12360787a598d69a\lpk.dll
[7] 2009-07-14 . 384721EF4024890092625E20CADFAF85 . 25600 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.21636_none_12c3c5c0beb2b3e2\lpk.dll
[7] 2009-07-14 . 384721EF4024890092625E20CADFAF85 . 25600 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.21664_none_12a15568beccd507\lpk.dll
[7] 2009-07-14 . 384721EF4024890092625E20CADFAF85 . 25600 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.22195_none_1281c5a8bee46a0f\lpk.dll
.
[7] 2014-08-18 . 7BF1CE9240CB9DD27C3E30733176EB8E . 17455104 . . [11.00.9600.17280] .. c:\windows\SysWOW64\mshtml.dll
[7] 2014-08-18 . 7BF1CE9240CB9DD27C3E30733176EB8E . 17455104 . . [11.00.9600.17280] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17280_none_000b29b66b81ff04\mshtml.dll
[7] 2014-07-25 . 8453DDF167CE2986AA4AB04BC6824925 . 17524224 . . [11.00.9600.17280] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17239_none_00055b3c6b8766fa\mshtml.dll
[7] 2014-06-19 . DFA59840BB1220AFD261FDAE83543959 . 17276416 . . [11.00.9600.17207] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17207_none_000287ee6b89e7b3\mshtml.dll
[7] 2014-05-30 . D5ECBB3BFDC73A59440D9CA79AB3A342 . 17271296 . . [11.00.9600.17126] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17126_none_000f6f366b7fe4cf\mshtml.dll
[7] 2014-05-06 . EB5347F6149D3FF25F4D609A21A3BD67 . 17382912 . . [11.00.9600.17107] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17107_none_000d57da6b81cbc2\mshtml.dll
[7] 2014-04-29 . 027AC2B05139DBF9BC1D0548EF5E64C0 . 17074688 . . [11.00.9600.16661] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.16661_none_ffddd0c46ba45894\mshtml.dll
[7] 2014-04-29 . 5869FBC754578A59C8C8635B99DB79DE . 17384448 . . [11.00.9600.17105] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17105_none_000d856a6b819880\mshtml.dll
[7] 2014-03-30 . CCF19C82F6145E4A467F7CB9AF82026C . 17073152 . . [11.00.9600.16659] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.16659_none_ffdc1a3a6ba60c45\mshtml.dll
[7] 2014-03-06 . EA85144F35EDE6EE25C484D4242FF2C8 . 17387008 . . [11.00.9600.17041] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.17041_none_001cb19e6b757b67\mshtml.dll
[7] 2014-03-01 . 70462E0A4E293FC80620AB945D8A59BB . 17074688 . . [11.00.9600.16521] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.16521_none_ffe49f886b9fd747\mshtml.dll
[7] 2014-02-06 . C863E5A2417DF0F2A31ED32C3B2CB23F . 17103872 . . [11.00.9600.16518] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.16518_none_ffe2ffc66ba17157\mshtml.dll
[7] 2013-11-26 . F9F114B2A6F876C92D317A755494F233 . 17142784 . . [11.00.9600.16428] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.16428_none_ffeecffc6b986ebd\mshtml.dll
[7] 2013-11-26 . BFAFE990C4A191E83843362B5AC64A9B . 17112576 . . [11.00.9600.16476] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_11.2.9600.16476_none_fff3fefe6b93ba2e\mshtml.dll
[7] 2013-10-12 . 02A04841906A8892AD6CC7BDBCB5F61D . 14355968 . . [10.00.9200.16736] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.16736_none_9b5c450cc70dac38\mshtml.dll
[7] 2013-10-12 . 9C2714E4CF56DD8CD27BF6DEE9E7A1BF . 14381568 . . [10.00.9200.20848] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.20848_none_8484a13ee0bc7477\mshtml.dll
[7] 2013-09-22 . 9D6D52AED095BC8C9023AA739E978EAC . 14364672 . . [10.00.9200.20831] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.20831_none_8484406ce0bca7b9\mshtml.dll
[7] 2013-09-22 . A7221924181C8EB92B64C5A2D888BEA5 . 14335488 . . [10.00.9200.16721] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.16721_none_9b5bb6aac70e12bc\mshtml.dll
[7] 2013-08-10 . A0FAB45701EFAA4EDA60B7614ED431BE . 14362624 . . [10.00.9200.20794] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.20794_none_8494cdbce0af70b5\mshtml.dll
[7] 2013-08-10 . 5D2D7E7850CE963C2F401D4DEE7BB32A . 14332928 . . [10.00.9200.16686] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.16686_none_9b6c166ac7010efa\mshtml.dll
[7] 2013-07-26 . E631B408882F8320739F6E0CAF444397 . 14329344 . . [10.00.9200.16660] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.16660_none_9b6a9e86c7024286\mshtml.dll
[7] 2013-07-26 . 523D2E830830FD6DA5B7FAAE3C251BC5 . 14356480 . . [10.00.9200.20768] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.20768_none_849171bee0b28b34\mshtml.dll
[7] 2013-06-12 . E6CC3F7EAA761794E13E0F99393EEB97 . 14358528 . . [10.00.9200.20742] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.20742_none_848ff9dae0b3bec0\mshtml.dll
[7] 2013-06-11 . AF31E7D2C385F647ADFD5F5736B3BA64 . 14329856 . . [10.00.9200.16635] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.16635_none_9b672bc0c70576a6\mshtml.dll
[7] 2013-06-08 . 2C01EA6CBF9E7C6A96535BEA1AB35580 . 14355456 . . [10.00.9200.20723] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.20723_none_848de27ee0b5a5b3\mshtml.dll
[7] 2013-06-08 . 05920BD009621D06722A1CD339DA6481 . 14327808 . . [10.00.9200.16618] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.16618_none_9b64e6d4c70790db\mshtml.dll
[7] 2013-05-17 . D77D1A53C38DF6CE26749D77BED6A527 . 14355968 . . [10.00.9200.20719] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.20719_none_848c5984e0b72622\mshtml.dll
.
[7] 2011-12-16 . 2F740C4B458331357E825E94AFB0953A . 690688 . . [7.0.7601.21878] .. c:\windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7601.21878_none_d3a962431672ddd2\msvcrt.dll
[7] 2011-12-16 . 9DC80A8AAAAAC397BDAB3C67165A824E . 690688 . . [7.0.7601.17744] .. c:\windows\SysWOW64\msvcrt.dll
[7] 2011-12-16 . 9DC80A8AAAAAC397BDAB3C67165A824E . 690688 . . [7.0.7601.17744] .. c:\windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7601.17744_none_d33c3413fd4084d9\msvcrt.dll
[7] 2009-07-14 . E46D48A7FE961401F1CBF85531CDF05D . 690688 . . [7.0.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7600.16385_none_d12b8c440039b31e\msvcrt.dll
.
[7] 2013-09-08 . E94C583CDE2348950155F2AF2876F34D . 231424 . . [6.1.7600.16385] .. c:\windows\SysWOW64\mswsock.dll
[7] 2013-09-08 . E94C583CDE2348950155F2AF2876F34D . 231424 . . [6.1.7601.18254] .. c:\windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.18254_none_ba2f64c78bae6989\mswsock.dll
[7] 2013-09-07 . 6547D445C4B69DC0083B619AC642DF04 . 231424 . . [6.1.7601.22444] .. c:\windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.22444_none_bac3d364a4c3ea89\mswsock.dll
[7] 2010-11-21 . 8999B8631C7FD9F7F9EC3CAFD953BA24 . 232448 . . [6.1.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll
.
[7] 2010-11-21 . C1809B9907ADEDAF16F50C894100883B . 563712 . . [6.1.7600.16385] .. c:\windows\SysWOW64\netlogon.dll
[7] 2010-11-21 . C1809B9907ADEDAF16F50C894100883B . 563712 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
.
[7] 2009-07-14 . 08DFDBD2FD4EA951DC46B1C7661ED35A . 145408 . . [6.1.7600.16385] .. c:\windows\SysWOW64\powrprof.dll
[7] 2009-07-14 . 08DFDBD2FD4EA951DC46B1C7661ED35A . 145408 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-userpowermanagement_31bf3856ad364e35_6.1.7600.16385_none_a2eff4845e2bf4e2\powrprof.dll
.
[7] 2010-11-21 . 8124944EC89D6A1815E4E53F5B96AAF4 . 175616 . . [6.1.7600.16385] .. c:\windows\SysWOW64\scecli.dll
[7] 2010-11-21 . 8124944EC89D6A1815E4E53F5B96AAF4 . 175616 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
.
[7] 2009-07-14 . 40CAEEE0EAF1B8569F7C8DF6420F2CB9 . 2560 . . [6.1.7600.16385] .. c:\windows\SysWOW64\sfc.dll
[7] 2009-07-14 . 40CAEEE0EAF1B8569F7C8DF6420F2CB9 . 2560 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-sfc_31bf3856ad364e35_6.1.7600.16385_none_a70c196fbd853ae9\sfc.dll
.
[7] 2009-07-14 . 54A47F6B5E09A77E61649109C6A08866 . 20992 . . [6.1.7600.16385] .. c:\windows\SysWOW64\svchost.exe
[7] 2009-07-14 . 54A47F6B5E09A77E61649109C6A08866 . 20992 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
.
[7] 2010-11-21 . 613BF4820361543956909043A265C6AC . 242176 . . [6.1.7600.16385] .. c:\windows\SysWOW64\tapisrv.dll
[7] 2010-11-21 . 613BF4820361543956909043A265C6AC . 242176 . . [6.1.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-tapiservice_31bf3856ad364e35_6.1.7601.17514_none_e54442c74334b18a\tapisrv.dll
.
[7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
.
[7] 2010-11-21 . 61AC3EFDFACFDD3F0F11DD4FD4044223 . 26624 . . [6.1.7600.16385] .. c:\windows\SysWOW64\userinit.exe
[7] 2010-11-21 . 61AC3EFDFACFDD3F0F11DD4FD4044223 . 26624 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
.
[7] 2014-08-18 . D58988722C72D265B51A54103DFC2C6F . 1812992 . . [11.00.9600.16428] .. c:\windows\SysWOW64\wininet.dll
[7] 2014-08-18 . D58988722C72D265B51A54103DFC2C6F . 1812992 . . [11.00.9600.16428] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17280_none_883dc4c1fe6d629d\wininet.dll
[7] 2014-07-25 . B945BAA81B4805AD6BDDF4D026DCFB47 . 1792512 . . [11.00.9600.16428] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17239_none_8837f647fe72ca93\wininet.dll
[7] 2014-06-18 . CCC198257901BEEA2FBF8EB1E7678356 . 1791488 . . [11.00.9600.16428] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17207_none_883522f9fe754b4c\wininet.dll
[7] 2014-05-30 . 771CDBC3D62437D6DB070820BB1EDCCF . 1790976 . . [11.00.9600.16428] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17126_none_88420a41fe6b4868\wininet.dll
[7] 2014-03-06 . E4E829EE073E046B0EB19B5FECB19B8C . 1789440 . . [11.00.9600.16428] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.17041_none_884f4ca9fe60df00\wininet.dll
[7] 2014-03-01 . AAFEAB4FC9D70253F8C7E353E879E8A2 . 1820160 . . [11.00.9600.16428] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.16521_none_88173a93fe8b3ae0\wininet.dll
[7] 2014-02-06 . 9C89246184979A070B0C6CCF61C68136 . 1820160 . . [11.00.9600.16428] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.16518_none_88159ad1fe8cd4f0\wininet.dll
[7] 2013-11-26 . B5EB5BD3066959611E1F7A80FD6CC172 . 1818112 . . [11.00.9600.16428] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.16428_none_88216b07fe83d256\wininet.dll
[7] 2013-11-26 . 927FA6456AD6D7630F6854828D2FD16B . 1820160 . . [11.00.9600.16428] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_11.2.9600.16476_none_88269a09fe7f1dc7\wininet.dll
[7] 2013-10-12 . 5FD4335DCD343D0FEA9FA6B18ED408D9 . 1767936 . . [10.00.9200.16736] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.16736_none_238ee01859f90fd1\wininet.dll
[7] 2013-10-12 . 06715E12E72EFBC2D660A779FFF32944 . 1777152 . . [10.00.9200.20848] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.20848_none_0cb73c4a73a7d810\wininet.dll
[7] 2013-09-22 . 67220EB57550F10E1219D57D89937456 . 1777152 . . [10.00.9200.20830] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.20831_none_0cb6db7873a80b52\wininet.dll
[7] 2013-09-22 . E4FEB264B47360B7296AEA4E052F88D8 . 1767936 . . [10.00.9200.16720] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.16721_none_238e51b659f97655\wininet.dll
[7] 2013-08-10 . 26BD13BB9196C2D8F8155C3C6169BC22 . 1777664 . . [10.00.9200.20794] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.20794_none_0cc768c8739ad44e\wininet.dll
[7] 2013-08-10 . 535F6263035F2530A62D5D64EF6E73D3 . 1767936 . . [10.00.9200.16686] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.16686_none_239eb17659ec7293\wininet.dll
[7] 2013-07-26 . DAA3903F06116AE9EE7AC1D1B93684A4 . 1767936 . . [10.00.9200.16660] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.16660_none_239d399259eda61f\wininet.dll
[7] 2013-07-26 . DE581A5E0E70BB63898F8776EB274428 . 1777664 . . [10.00.9200.20768] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.20768_none_0cc40cca739deecd\wininet.dll
[7] 2013-06-12 . 24AE444B165D11835EF3D38CF3CC7FA4 . 1777664 . . [10.00.9200.20742] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.20742_none_0cc294e6739f2259\wininet.dll
[7] 2013-06-11 . 9BF7C7654EFD098EE3A27B49492A382A . 1767936 . . [10.00.9200.16635] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.16635_none_2399c6cc59f0da3f\wininet.dll
[7] 2013-05-17 . 425A20F1C6855222944BFD4FA9BE61A5 . 1777664 . . [10.00.9200.20716] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.20719_none_0cbef49073a289bb\wininet.dll
[7] 2013-05-17 . 2473CA6595A2659D7039A4A89FECA269 . 1767936 . . [10.00.9200.16611] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.16614_none_2397dd0059f28df0\wininet.dll
[7] 2013-04-05 . 5ABB3F36AF17007F33FA275E96A2C95E . 1767424 . . [10.00.9200.16576] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.16576_none_23a8811859e53d4b\wininet.dll
[7] 2013-04-05 . 1D48B7F4618EE77430ACECCA1BCA88E1 . 1775616 . . [10.00.9200.20681] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.20681_none_0cd17cc273935223\wininet.dll
[7] 2013-04-01 . BA15504FA59A8DC304F1CBAEBA6252A1 . 1766912 . . [10.00.9200.16521] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.16521_none_23a3f18e59e93e73\wininet.dll
[7] 2013-02-24 . B9A72493B83C77E78FE6213F4B01DB5D . 1775616 . . [10.00.9200.20644] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.20644_none_0ccd3742739739aa\wininet.dll
[7] 2013-02-21 . CFE0CEE587F9CEA4C29DEEC6D85FC91C . 1766912 . . [10.00.9200.16540] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.16540_none_23a608ea59e75780\wininet.dll
[7] 2013-02-02 . 1284D72C04B553ED5382EA14303D66DB . 1129472 . . [9.00.8112.20580] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20580_none_1ab05334d5689174\wininet.dll
[7] 2013-02-02 . 03728C624D05C2F157BBD46F6B7F6EA0 . 1129472 . . [9.00.8112.16470] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16470_none_1a318655bc42d5b9\wininet.dll
[7] 2013-01-08 . B49B56B64F57699A1A663D2CF7D0A56F . 1129472 . . [9.00.8112.16464] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16464_none_1a405769bc371f24\wininet.dll
[7] 2013-01-08 . 16C45E6881449C6330567E51C13920FA . 1129472 . . [9.00.8112.20573] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20573_none_1abe23fed55dc188\wininet.dll
[7] 2012-07-13 . 19714FA7D7204D9BEE1EE12791DA9010 . 981504 . . [8.00.7601.17720] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17720_none_1e9bd7587722d451\wininet.dll
[7] 2012-07-13 . 1903228FE0C7D402B26A217F8D7713FD . 982016 . . [8.00.7601.21855] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.21855_none_1f0a05d1905446a1\wininet.dll
[7] 2012-07-13 . 02F98B5C0E397AD06124D84428CF8F1A . 1127424 . . [9.00.8112.16440] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16440_none_1a51f619bc2a81e6\wininet.dll
[7] 2012-07-13 . 32569DF2F9BEF05DD7D56E30590EDFD9 . 1127424 . . [9.00.8112.20544] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.20544_none_1adf940cd544870c\wininet.dll
[7] 2012-07-13 . A1236375B74EA63C75657D564890C436 . 1126912 . . [9.00.8112.16421] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_9.4.8112.16421_none_1a68963bbc19635b\wininet.dll
[7] 2010-11-21 . 44214C94911C7CFB1D52CB64D5E8368D . 980992 . . [8.00.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17514_none_1eaaa4a07717236e\wininet.dll
.
[7] 2010-11-21 . 7FF15A4F092CD4A96055BA69F903E3E9 . 206848 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ws2_32.dll
[7] 2010-11-21 . 7FF15A4F092CD4A96055BA69F903E3E9 . 206848 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_f4bf1aae2c981ecf\ws2_32.dll
.
[7] 2009-07-14 . 808AABDF9337312195CAFF76D1804786 . 4608 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ws2help.dll
[7] 2009-07-14 . 808AABDF9337312195CAFF76D1804786 . 4608 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6ace9e67456cc40b\ws2help.dll
.
[7] 2012-07-13 . 332FEAB1435662FC6C672E25BEB37BE3 . 2871808 . . [6.1.7600.16385] .. c:\windows\explorer.exe
[7] 2012-07-13 . 332FEAB1435662FC6C672E25BEB37BE3 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[7] 2012-07-13 . 3B69712041F3D63605529BD66DC00C48 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[7] 2010-11-21 . AC4C51EB24AA95B77F705AB159189E24 . 2872320 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
.
[7] 2009-07-14 . 2E2C937846A0B8789E5E91739284D17A . 427008 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[7] 2009-07-14 . 2E2C937846A0B8789E5E91739284D17A . 398336 . . [6.1.7600.16385] .. c:\windows\regedit.exe
.
[7] 2010-11-21 . 928CF7268086631F54C3D8E17238C6DD . 1414144 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ole32.dll
[7] 2010-11-21 . 928CF7268086631F54C3D8E17238C6DD . 1414144 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7601.17514_none_ae2511475093798f\ole32.dll
.
[7] 2014-04-25 . A5F833506BF6A1B5D693E1499DEE2444 . 626688 . . [1.0626.7601.18454] .. c:\windows\SysWOW64\usp10.dll
[7] 2014-04-25 . A5F833506BF6A1B5D693E1499DEE2444 . 626688 . . [1.0626.7601.18454] .. c:\windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.1.7601.18454_none_aed68a9bb6df0577\usp10.dll
[7] 2014-04-25 . 5A7B3405C2AAE5369F6CB42FE248FBB0 . 626688 . . [1.0626.7601.22666] .. c:\windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.1.7601.22666_none_af5759f4d002f107\usp10.dll
[7] 2012-11-22 . CA68408922B02E8D955A2967C7CBF8CE . 626688 . . [1.0626.7601.22171] .. c:\windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.1.7601.22171_none_af477f18d00f9c82\usp10.dll
[7] 2012-11-22 . B7230010D97787AF3D25E4C82F2B06B9 . 626688 . . [1.0626.7601.18009] .. c:\windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.1.7601.18009_none_af119411b6b203d9\usp10.dll
[7] 2010-11-21 . 804AAAFEBB3AD5F49334DD906BCB1DE5 . 626176 . . [1.0626.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.1.7601.17514_none_af01e2f9b6be7939\usp10.dll
.
[7] 2009-07-14 . 9C67F6BBDA3881CFD02095160CF91576 . 4608 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ksuser.dll
[7] 2009-07-14 . 9C67F6BBDA3881CFD02095160CF91576 . 4608 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-d..tshow-kernelsupport_31bf3856ad364e35_6.1.7601.17514_none_ea090647f58e5d9c\ksuser.dll
.
[7] 2009-07-14 . 4A3CDCEF8ED41B221F3DBEF5792FB52D . 8704 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ctfmon.exe
[7] 2009-07-14 . 4A3CDCEF8ED41B221F3DBEF5792FB52D . 8704 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_9d06e2f6f1e51f98\ctfmon.exe
.
[7] 2010-11-21 . 414DA952A35BF5D50192E28263B40577 . 328192 . . [6.1.7600.16385] .. c:\windows\SysWOW64\shsvcs.dll
[7] 2010-11-21 . 414DA952A35BF5D50192E28263B40577 . 328192 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-shsvcs_31bf3856ad364e35_6.1.7601.17514_none_35ab0ceb67ede31e\shsvcs.dll
.
[7] 2009-07-14 . 18AB2E5A40064ED5F7791AC5946A90F3 . 4608 . . [6.1.7600.16385] .. c:\windows\SysWOW64\msimg32.dll
[7] 2009-07-14 . 18AB2E5A40064ED5F7791AC5946A90F3 . 4608 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-gdi-painting_31bf3856ad364e35_6.1.7600.16385_none_77422e3e7d5fa732\msimg32.dll
.
[7] 2009-07-14 . 50BA656134F78AF64E4DD3C8B6FEFD7E . 12288 . . [6.1.7600.16385] .. c:\windows\SysWOW64\cngaudit.dll
[7] 2009-07-14 . 50BA656134F78AF64E4DD3C8B6FEFD7E . 12288 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
.
[7] 2009-07-14 . B5C5DCAD3899512020D135600129D665 . 96256 . . [6.1.7600.16385] .. c:\windows\SysWOW64\wininit.exe
[7] 2009-07-14 . B5C5DCAD3899512020D135600129D665 . 96256 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
.
[7] 2009-07-14 . A1E91B5B5273573FC132B683E550B5E6 . 19456 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ias.dll
[7] 2009-07-14 . A1E91B5B5273573FC132B683E550B5E6 . 19456 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-n..ion_service_runtime_31bf3856ad364e35_6.1.7601.17514_none_fb08448fa0c85c23\ias.dll
.
[7] 2010-11-21 03:24 . AB9EB3745B03AE67AB241A82338DEA7B . 954288 . . [4.1.6140] .. c:\windows\SysWOW64\mfc40u.dll
[7] 2010-11-21 03:24 . AB9EB3745B03AE67AB241A82338DEA7B . 954288 . . [4.1.6151] .. c:\windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.1.7601.17514_none_f51a7bf0b3d25294\mfc40u.dll
.
[7] 2014-03-04 . FB18FE03DEC1297107946C4D597797C3 . 3974080 . . [6.1.7601.22616] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22616_none_6ec352232b81178c\ntkrnlpa.exe
.
[7] 2009-07-14 . 833FBB672460EFCE8011D262175FAD33 . 266752 . . [6.1.7600.16385] .. c:\windows\SysWOW64\upnphost.dll
[7] 2009-07-14 . 833FBB672460EFCE8011D262175FAD33 . 266752 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-upnpdevicehost_31bf3856ad364e35_6.1.7600.16385_none_2831d06e8295c671\upnphost.dll
.
[7] 2009-07-14 . 0E85C11F8850D524B02181C6E02BA9AE . 453632 . . [6.1.7600.16385] .. c:\windows\SysWOW64\dsound.dll
[7] 2009-07-14 . 0E85C11F8850D524B02181C6E02BA9AE . 453632 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-audio-dsound_31bf3856ad364e35_6.1.7600.16385_none_5872147ba3367471\dsound.dll
.
[7] 2010-11-21 . 6EF5F3F18413C367195F06E503AB86A6 . 1828352 . . [6.1.7601.17514] .. c:\windows\SysWOW64\d3d9.dll
[7] 2010-11-21 . 6EF5F3F18413C367195F06E503AB86A6 . 1828352 . . [6.1.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-directx-direct3d9_31bf3856ad364e35_6.1.7601.17514_none_c454d690bf084f04\d3d9.dll
.
[7] 2009-07-14 . 198552AEFECA69D646867EC8D792DE95 . 531968 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ddraw.dll
[7] 2009-07-14 . 198552AEFECA69D646867EC8D792DE95 . 531968 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-directx-directdraw_31bf3856ad364e35_6.1.7600.16385_none_04dbf9102154d42e\ddraw.dll
.
[7] 2010-11-21 03:24 . 703FFD301AB900B047337C5D40FD6F96 . 90112 . . [6.1.7601.17514] .. c:\windows\SysWOW64\olepro32.dll
[7] 2010-11-21 03:24 . 703FFD301AB900B047337C5D40FD6F96 . 90112 . . [6.1.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-ole-automation-legacy_31bf3856ad364e35_6.1.7601.17514_none_3c1b247e5ff65f89\olepro32.dll
.
[7] 2009-07-14 . EDD2AD141DEBD425D74A52A4D7BE6AC4 . 39424 . . [6.1.7600.16385] .. c:\windows\SysWOW64\perfctrs.dll
[7] 2009-07-14 . EDD2AD141DEBD425D74A52A4D7BE6AC4 . 39424 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-p..ormancebasecounters_31bf3856ad364e35_6.1.7600.16385_none_97bcd9bcab2b9b3a\perfctrs.dll
.
[7] 2009-07-14 . 702254574E7E52052DE39408457B7149 . 21504 . . [6.1.7600.16385] .. c:\windows\SysWOW64\version.dll
[7] 2009-07-14 . 702254574E7E52052DE39408457B7149 . 21504 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-version_31bf3856ad364e35_6.1.7600.16385_none_14d4a552b2395165\version.dll
.
[7] 2014-08-19 . EEA63B8CF19E59C4A51AD2D9A59DDA25 . 812216 . . [11.00.9600.16428] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.17280_none_857e7373f71e4bbc\iexplore.exe
[7] 2014-07-31 . CDF01A5C7927786A708EAEE91F14797B . 812224 . . [11.00.9600.16428] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.17239_none_8578a4f9f723b3b2\iexplore.exe
[7] 2014-06-20 . CD900EFB4F8946A2BB1950D9F45915C2 . 812216 . . [11.00.9600.16428] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.17207_none_8575d1abf726346b\iexplore.exe
[7] 2014-06-02 . 60F88F6CA6303E8273AF7AAA9AAFECAC . 812248 . . [11.00.9600.16428] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.17126_none_8582b8f3f71c3187\iexplore.exe
[7] 2014-03-08 . 0667ED9F8E905E1F73DB60ACCEDCBCA7 . 811728 . . [11.00.9600.16428] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.17041_none_858ffb5bf711c81f\iexplore.exe
[7] 2014-03-01 . 3A3BEA53F039CE2E997A918E26E30B1D . 808152 . . [11.00.9600.16428] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.16521_none_8557e945f73c23ff\iexplore.exe
[7] 2014-02-06 . 4263F6C131E513CEA1AE82B5B81A4E1A . 808152 . . [11.00.9600.16428] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.16518_none_85564983f73dbe0f\iexplore.exe
[7] 2013-11-26 . C8A8321292A459B0A17FB39A782A5C74 . 806096 . . [11.00.9600.16428] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_11.2.9600.16428_none_856219b9f734bb75\iexplore.exe
[7] 2013-10-12 . D7D5768B8A697FCBAEE2CFE137070F02 . 770736 . . [10.00.9200.16736] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16736_none_20cf8eca52a9f8f0\iexplore.exe
[7] 2013-10-12 . 9DFE1678738DD968D7BA5559B52706D1 . 770736 . . [10.00.9200.20848] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20848_none_09f7eafc6c58c12f\iexplore.exe
[7] 2013-09-23 . DB352EBF77E8655E0C46B6923F3C9950 . 770648 . . [10.00.9200.20830] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20831_none_09f78a2a6c58f471\iexplore.exe
[7] 2013-09-22 . D6B7DDB68436F13C3CAE2B92524F1FEC . 770648 . . [10.00.9200.16720] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16721_none_20cf006852aa5f74\iexplore.exe
[7] 2013-08-10 . 48A1306191216997F717C451B8D15139 . 770648 . . [10.00.9200.20794] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20794_none_0a08177a6c4bbd6d\iexplore.exe
[7] 2013-08-10 . 37287D98A1BF5D56AA729CEB9B27C6B1 . 770648 . . [10.00.9200.16686] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16686_none_20df6028529d5bb2\iexplore.exe
[7] 2013-07-26 . E70D60B3A350BD09D86CDAD9CF55F36B . 770648 . . [10.00.9200.20768] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20768_none_0a04bb7c6c4ed7ec\iexplore.exe
[7] 2013-07-26 . 7BA1862B8A5698DC5FCFDFF3BC359DE9 . 770648 . . [10.00.9200.16660] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16660_none_20dde844529e8f3e\iexplore.exe
[7] 2013-06-12 . 2A5F565327BFD679EC5F790DC15BBF25 . 770648 . . [10.00.9200.20742] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20742_none_0a0343986c500b78\iexplore.exe
[7] 2013-06-12 . 30E7CA4620500FE012EB464F0E1DE91E . 770648 . . [10.00.9200.16635] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16635_none_20da757e52a1c35e\iexplore.exe
[7] 2013-05-17 . 07DFD28E57879554D054464EE4A5662D . 770648 . . [10.00.9200.16611] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16614_none_20d88bb252a3770f\iexplore.exe
[7] 2013-05-17 . 3902E280F6117A468D5573343A7AA1F6 . 770648 . . [10.00.9200.20716] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20719_none_09ffa3426c5372da\iexplore.exe
[7] 2013-04-05 . AAD90795E84E710543C6C7C2F7048E30 . 770608 . . [10.00.9200.16576] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16576_none_20e92fca5296266a\iexplore.exe
[7] 2013-04-05 . 2DC6BD1047553611DAEF97C751131A5D . 770624 . . [10.00.9200.20681] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20681_none_0a122b746c443b42\iexplore.exe
[7] 2013-04-01 . 2859EBC065D2E1CCC94161CE28BAC085 . 770560 . . [10.00.9200.16521] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16521_none_20e4a040529a2792\iexplore.exe
[7] 2013-02-24 . A11C5E3E288256C540B7ED8BE3A04B01 . 770624 . . [10.00.9200.20641] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.20644_none_0a0de5f46c4822c9\iexplore.exe
[7] 2013-02-21 . E4F6125ED5185F8FA37CC4F449B85526 . 770608 . . [10.00.9200.16537] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16540_none_20e6b79c5298409f\iexplore.exe
[7] 2013-02-02 . DDE5A0DFAF7C6370FB36402D7A746ED3 . 757296 . . [9.00.8112.16470] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16470_none_17723507b4f3bed8\iexplore.exe
[7] 2013-02-02 . A285E1965C115031DA02B777EE9D7689 . 757280 . . [9.00.8112.20580] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20580_none_17f101e6ce197a93\iexplore.exe
[7] 2013-01-08 . 698EB1E5F8C66344D97C00B5699E871D . 757280 . . [9.00.8112.16464] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16464_none_1781061bb4e80843\iexplore.exe
[7] 2013-01-08 . F05982E56ABD835AA8DF260EEC873E5B . 757280 . . [9.00.8112.20573] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.20573_none_17fed2b0ce0eaaa7\iexplore.exe
[7] 2012-07-13 . 904E13BA41AF2E353A32CF351CA53639 . 748336 . . [9.00.8112.16421] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_9.4.8112.16421_none_17a944edb4ca4c7a\iexplore.exe
[7] 2010-11-21 . C613E69C3B191BB02C7A191741A1D024 . 673040 . . [8.00.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1beb53526fc80c8d\iexplore.exe
.
.
.
[7] 2009-07-14 . 5A12C364AD1D4FCC0AD0E56DBBC34462 . 16896 . . [6.1.7600.16385] .. c:\windows\SysWOW64\midimap.dll
[7] 2009-07-14 . 5A12C364AD1D4FCC0AD0E56DBBC34462 . 16896 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-audio-mmecore-other_31bf3856ad364e35_6.1.7600.16385_none_8cd41e2771e37717\midimap.dll
.
[7] 2009-07-14 . ED6EE83D61EBC683C2CD8E899EA6FEBE . 11776 . . [6.1.7600.16385] .. c:\windows\SysWOW64\rasadhlp.dll
[7] 2009-07-14 . ED6EE83D61EBC683C2CD8E899EA6FEBE . 11776 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-rasautodial_31bf3856ad364e35_6.1.7600.16385_none_76239aafb364e805\rasadhlp.dll
.
[7] 2009-07-14 . EE5C8E27C37B79CB54A2FCEEED2DC262 . 9216 . . [6.1.7600.16385] .. c:\windows\SysWOW64\WSHTCPIP.DLL
[7] 2009-07-14 . EE5C8E27C37B79CB54A2FCEEED2DC262 . 9216 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-winsock-helper-tcpip_31bf3856ad364e35_6.1.7600.16385_none_cb895be592db1acb\WSHTCPIP.DLL
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Creechling\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Creechling\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 131480 ----a-w- c:\users\Creechling\AppData\Roaming\Dropbox\bin\DropboxExt.24.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2013-02-23 3093624]
"Driver Updater"="c:\program files (x86)\Carambis\Driver Updater\dupdater.exe" [2012-12-24 2995896]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"FreeDesktopTimer"="c:\program files (x86)\Free Desktop Timer\DesktopTimer.exe" [2013-01-27 623616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-01-21 630912]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2011-08-12 658424]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-07-31 43816]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-10-28 49208]
"WTClient"="WTClient.exe" [2009-10-30 32768]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-10 1073312]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2013-05-10 38984]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe" [2013-05-10 840768]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2012-01-27 1058400]
"FUFAXRCV"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" [2013-12-24 642664]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2013-12-24 863848]
"LWS"="c:\program files (x86)\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-01-18 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-09-01 152392]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpUninstallDeleteDir"="rmdir" [X]
.
c:\users\Creechling\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Creechling\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-9-12 36414624]
Logitech . Product Registration.lnk - c:\program files (x86)\Logitech\Ereg\eReg.exe /remind /language=ENU /_WFM="." [2009-11-16 517384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Content Manager Assistant for PlayStation®.lnk - c:\program files (x86)\Sony\Content Manager Assistant\CMA.exe [2013-3-13 3458968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ   autocheck autochk *\0\0sdnclean64.exe
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 EpsonScanSvc;Epson Scanner Service;c:\windows\system32\EscSvc64.exe;c:\windows\SYSNATIVE\EscSvc64.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 vToolbarUpdater18.1.9;vToolbarUpdater18.1.9;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [x]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech HD Webcam C310(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
R3 PTSimHid;PenTablet Simulated HID MiniDriver;c:\windows\system32\DRIVERS\PTSimHid.sys;c:\windows\SYSNATIVE\DRIVERS\PTSimHid.sys [x]
R3 RzDxgk;RzDxgk;c:\windows\system32\drivers\RzDxgk.sys;c:\windows\SYSNATIVE\drivers\RzDxgk.sys [x]
R3 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
R3 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
R3 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe;c:\program files\Windows Live\Mesh\wlcrasvc.exe [x]
S0 amd_sata;amd_sata;c:\windows\system32\drivers\amd_sata.sys;c:\windows\SYSNATIVE\drivers\amd_sata.sys [x]
S0 amd_xata;amd_xata;c:\windows\system32\drivers\amd_xata.sys;c:\windows\SYSNATIVE\drivers\amd_xata.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 CalendarSynchService;CalendarSynchService;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe;c:\program files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [x]
S2 CS_AutoUpdate;CS_AutoUpdate;c:\program files\Cucusoft\AutoUpdate\AutoUpdateSrvc.exe;c:\program files\Cucusoft\AutoUpdate\AutoUpdateSrvc.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x]
S2 DragonUpdater;COMODO Dragon Update Service;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe;c:\program files (x86)\Comodo\Dragon\dragon_updater.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfpr.sys [x]
S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [x]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [x]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [x]
S2 PasswordBox;PasswordBox;c:\program files (x86)\PasswordBox\pbbtnService.exe;c:\program files (x86)\PasswordBox\pbbtnService.exe [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe;c:\program files (x86)\PDF Complete\pdfsvc.exe [x]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [x]
S2 UCManSvc;UCManSvc;c:\program files (x86)\SoftDenchi\UCManSvc.exe;c:\program files (x86)\SoftDenchi\UCManSvc.exe [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S2 WTabletServicePro;Wacom Professional Service;c:\program files\Tablet\Wacom\WTabletServicePro.exe;c:\program files\Tablet\Wacom\WTabletServicePro.exe [x]
S3 amdhub30;AMD USB 3.0 Hub Driver;c:\windows\system32\drivers\amdhub30.sys;c:\windows\SYSNATIVE\drivers\amdhub30.sys [x]
S3 amdxhc;AMD USB 3.0 Host Controller Driver;c:\windows\system32\drivers\amdxhc.sys;c:\windows\SYSNATIVE\drivers\amdxhc.sys [x]
S3 hidkmdf;KMDF Driver;c:\windows\system32\DRIVERS\hidkmdf.sys;c:\windows\SYSNATIVE\DRIVERS\hidkmdf.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys;c:\windows\SYSNATIVE\DRIVERS\L1C62x64.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 PTSimBus;PenTablet Bus Enumerator;c:\windows\system32\DRIVERS\PTSimBus.sys;c:\windows\SYSNATIVE\DRIVERS\PTSimBus.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys;c:\windows\SYSNATIVE\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\drivers\usbfilter.sys;c:\windows\SYSNATIVE\drivers\usbfilter.sys [x]
S3 WacHidRouter;Wacom Hid Router;c:\windows\system32\DRIVERS\wachidrouter.sys;c:\windows\SYSNATIVE\DRIVERS\wachidrouter.sys [x]
S3 wacomrouterfilter;Wacom Router Filter Driver;c:\windows\system32\DRIVERS\wacomrouterfilter.sys;c:\windows\SYSNATIVE\DRIVERS\wacomrouterfilter.sys [x]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - mbamchameleon
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-25 02:51 1096520 ----a-w- c:\program files (x86)\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-09-02 17:45]
.
2014-10-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-09-02 17:45]
.
2014-10-06 c:\windows\Tasks\HPCeeScheduleForCreechling.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15 11:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Creechling\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Creechling\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Creechling\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2014-06-24 22:04 164760 ----a-w- c:\users\Creechling\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BeatsOSDApp"="c:\program files\IDT\WDM\beats64.exe" [2011-12-13 37888]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2012-04-25 1425408]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2013-09-12 5618456]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"NCPluginUpdater"="c:\program files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" [2014-09-26 21720]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - c:\windows\System32\StikyNot.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Notify-SDWinLogon - SDWinLogon.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
HKLM_Wow6432Node-ActiveSetup-{F5E7D9AF-60F6-4A30-87E3-4EA94D322CE1} - msiexec
BHO-{01EDDBE4-74B6-C84A-A6E4-D70697FDA7AE} - c:\program files (x86)\SfKpCouponApp\0jUv3f2A04.x64.dll
BHO-{11111111-1111-1111-1111-110411591171} - c:\program files (x86)\HDvid Codec V6.0\HDvid Codec V6.0-bho64.dll
ShellIconOverlayIdentifiers-{B82655E9-B81D-4A97-8154-0D84A4C048E4} - c:\programdata\Microsoft\BingDesktop\BingCore\BingDesktopOverlays.dll
AddRemove-HDvid Codec V6.0 - c:\program files (x86)\HDvid Codec V6.0\Uninstall.exe
AddRemove-{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE} - c:\program files (x86)\InstallShield Installation Information\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}\setup.exe
AddRemove-1935802487.www.paramountmovies.com - c:\program files (x86)\Microsoft Silverlight\5.1.20125.0\Silverlight.Configuration.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="???楴??汐杵?愠???敗?汐杵? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="???楴??汐杵?愠???敗?汐杵? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2014-10-06  16:26:42
ComboFix-quarantined-files.txt  2014-10-07 00:26
.
Pre-Run: 1,269,623,857,152 bytes free
Post-Run: 1,270,333,669,376 bytes free
.
- - End Of File - - A9BF747291FE5F5F1394F1B7AAF815EC
A36C5E4F47E84449FF07ED3517B43A31

FSS Log:

 

Farbar Service Scanner Version: 21-07-2014
Ran by Creechling (administrator) on 06-10-2014 at 21:56:39
Running from "C:\Users\Creechling\Desktop"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Disabled Policy: 
========================
 
 
Action Center:
============
 
 
Windows Update:
============
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****


#9 Jo*

Jo*

  • Malware Response Team
  • 3,417 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:14 AM

Posted 07 October 2014 - 02:55 AM

Hello creechling,

Double click on AdwCleaner.exe to run the tool again.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • When the scan has finished, the actual line should say "Pending. Please uncheck elements you do not want to remove". Look through the scan results and uncheck any entries that you do not wish to remove.
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

***


Please download Junkware Removal Tool from HERE and save it to your desktop.
Shutdown your antivirus to avoid any potential conflicts.
Double click JRT.exe to run the tool.
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • JRT will begin to backup your registry and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, the log JRT.txt is saved on your desktop and will automatically open.
Enable your antivirus!
Post the contents of JRT.txt into your next reply.


***


Run the Farbar Recovery Scan Tool again.
  • Double-click to run FSRT / FSRT64. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

***


How the computer is running now?


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#10 creechling

creechling
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Alaska
  • Local time:12:14 AM

Posted 07 October 2014 - 12:17 PM

ADwcleaner Log:
 
 
# AdwCleaner v3.311 - Report created 07/10/2014 at 08:55:47
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Creechling - MALUS
# Running from : C:\Users\Creechling\Desktop\adwcleaner_3.311.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Users\Creechling\AppData\Local\AVG SafeGuard toolbar
Folder Deleted : C:\Users\Creechling\Documents\Mobogenie
Folder Deleted : C:\Users\Creechling\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
File Deleted : C:\Users\Creechling\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Creechling\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17280
 
 
-\\ Mozilla Firefox v27.0.1 (en-US)
 
[ File : C:\Users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\prefs.js ]
 
 
-\\ Google Chrome v37.0.2062.124
 
[ File : C:\Users\Creechling\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [18462 octets] - [03/10/2014 02:55:48]
AdwCleaner[R1].txt - [2828 octets] - [03/10/2014 10:13:41]
AdwCleaner[R2].txt - [1730 octets] - [05/10/2014 13:48:36]
AdwCleaner[R3].txt - [1788 octets] - [07/10/2014 08:54:10]
AdwCleaner[S0].txt - [18377 octets] - [03/10/2014 03:03:25]
AdwCleaner[S1].txt - [2797 octets] - [03/10/2014 10:43:36]
AdwCleaner[S2].txt - [1719 octets] - [07/10/2014 08:55:47]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [1779 octets] ##########

JRT Log:

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.3.1 (10.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Creechling on 10/07/2014 Tue at  8:58:00.54
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ FireFox
 
Successfully deleted the following from C:\Users\Creechling\AppData\Roaming\mozilla\firefox\profiles\nfk9wk7n.default\prefs.js
 
user_pref("browser.search.useDBForOrder", true);
user_pref("extensions.xkit7.extension_go_to_dash", "{\"script\":\"//* TITLE Go-To-Dash **//\\r\\n//* VERSION 1.0 REV F **//\\r\\n//* DESCRIPTION View a post on a blog on your 
user_pref("extensions.xkit7.extension_one_click_postage", "{\"script\":\"//* TITLE One-Click Postage **//\\r\\n//* VERSION 3.3 REV C **//\\r\\n//* DESCRIPTION Lets you easily 
user_pref("extensions.xkit7.extension_one_click_reply", "{\"script\":\"//* TITLE One-Click Reply **//\\r\\n//* VERSION 1.9 REV F **//\\r\\n//* DESCRIPTION Lets you reply to no
user_pref("extensions.xkit7.extension_tweaks", "{\"script\":\"//* TITLE Tweaks **//\\r\\n//* VERSION 2.9 REV C **//\\r\\n//* DESCRIPTION Various little tweaks for your dashboa
user_pref("extensions.xkit7.extension_xinbox", "{\"script\":\"//* TITLE XInbox **//\\r\\n//* VERSION 1.9 REV C **//\\r\\n//* DESCRIPTION Enhances your Inbox experience **//\\r
user_pref("extensions.xkit7.extension_xkit_patches", "{\"script\":\"//* TITLE XKit Patches **//\\r\\n//* VERSION 2.5 REV A **//\\r\\n//* DESCRIPTION Patches framework **//\\r\
user_pref("extensions.xkit7.extension_xkit_preferences", "{\"script\":\"//* TITLE XKit Preferences **//\\r\\n//* VERSION 3.3 REV C **//\\r\\n//* DESCRIPTION Lets you customize
user_pref("extensions.xkit7.extension_xkit_updates", "{\"script\":\"//* TITLE XKit Updates **//\\r\\n//* VERSION 1.2 REV B **//\\r\\n//* DESCRIPTION Provides automatic updatin
user_pref("extensions.xkit7.xkit_extension_storage__xkit_preferences", "{\"news\":{\"value\":\"[{\\\"id\\\":91111,\\\"title\\\":\\\"Welcome to XKit!\\\",\\\"message\\\":\\\"<h
 
 
 
~~~ Chrome
 
Successfully deleted: [Folder] C:\Users\Creechling\appdata\local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 10/07/2014 Tue at  9:01:48.04
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

FRST log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-10-2014
Ran by Creechling (administrator) on MALUS on 07-10-2014 09:10:51
Running from C:\Users\Creechling\Desktop
Loaded Profile: Creechling (Available profiles: Creechling)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Cucusoft, Inc.) C:\Program Files\Cucusoft\AutoUpdate\AutoUpdateSrvc.exe
() C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(PasswordBox, Inc.) C:\Program Files (x86)\PasswordBox\pbbtnService.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Paltiosoft Inc.) C:\Program Files (x86)\SoftDenchi\UCManSvc.exe
(Tablet Driver) C:\Windows\System32\drivers\WTSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
() C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
() C:\Program Files (x86)\Free Desktop Timer\DesktopTimer.exe
(Sony Computer Entertainment Inc.) C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
(Sony Computer Entertainment Inc.) C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Dropbox, Inc.) C:\Users\Creechling\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2011-12-13] (Hewlett-Packard )
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-04-24] (IDT, Inc.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5618456 2013-09-12] (ESET)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630912 2012-01-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-08-12] (PDF Complete Inc)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [WTClient] => C:\Windows\SysWOW64\WTClient.exe [32768 2009-10-30] (Tablet Driver)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [38984 2013-05-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840768 2013-05-09] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2012-01-26] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [642664 2013-12-24] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863848 2013-12-24] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-09-26] (Hewlett-Packard)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2923819935-773575165-2828370058-1001\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-02-23] ()
HKU\S-1-5-21-2923819935-773575165-2828370058-1001\...\Run: [Driver Updater] => C:\Program Files (x86)\Carambis\Driver Updater\dupdater.exe [2995896 2012-12-24] (MEDIA FOG LTD.)
HKU\S-1-5-21-2923819935-773575165-2828370058-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [357696 2010-04-01] (DT Soft Ltd)
HKU\S-1-5-21-2923819935-773575165-2828370058-1001\...\Run: [FreeDesktopTimer] => C:\Program Files (x86)\Free Desktop Timer\DesktopTimer.exe [623616 2013-01-26] ()
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Content Manager Assistant for PlayStation®.lnk
ShortcutTarget: Content Manager Assistant for PlayStation®.lnk -> C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe (Sony Computer Entertainment Inc.)
Startup: C:\Users\Creechling\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Creechling\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Creechling\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)
ShellIconOverlayIdentifiers: [1BingDesktopOverlays] -> {B82655E9-B81D-4A97-8154-0D84A4C048E4} => C:\ProgramData\Microsoft\BingDesktop\BingCore\BingDesktopOverlays.dll No File
BootExecute: autocheck autochk * sdnclean64.exe
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {83358041-A6D3-4EC3-9A71-8B929CC219CD} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}
BHO: SfKpCouponApp -> {01EDDBE4-74B6-C84A-A6E4-D70697FDA7AE} -> C:\Program Files (x86)\SfKpCouponApp\0jUv3f2A04.x64.dll No File
BHO: HDvid Codec V6.0 -> {11111111-1111-1111-1111-110411591171} -> C:\Program Files (x86)\HDvid Codec V6.0\HDvid Codec V6.0-bho64.dll No File
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> c:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: PasswordBox Helper -> {5DB69B97-934B-451D-94DB-32EF802A01CD} -> C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> c:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [327168] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Extension: Firefox Old Version Update Hotfix - C:\Users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\Extensions\firefox-hotfix@mozilla.org.xpi [2014-09-01]
FF Extension: XKit - C:\Users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\Extensions\xkit@studioxenix.com.xpi [2014-02-21]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-11-26]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-11-26]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2014-02-21]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-04-20]
FF HKLM-x32\...\Firefox\Extensions: [firefox@passwordbox.com] - C:\Program Files (x86)\PasswordBox\Firefox
FF Extension: PasswordBox - C:\Program Files (x86)\PasswordBox\Firefox [2013-11-20]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: No Name - C:\Users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\extensions\34f57b0c-8cdb-4914-818c-928df47c6c4f@3a243122-a6fc-40c9-a1e6-ba11e930da09.com [Not Found]
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR Profile: C:\Users\Creechling\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Creechling\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-02-23]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Creechling\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (XKit) - C:\Users\Creechling\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpfgeeomkfdefkckijiabdbogjkdaecd [2014-05-02]
CHR Extension: (Google Wallet) - C:\Users\Creechling\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-06]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2011-08-16] (Hewlett-Packard) [File not signed]
R2 CS_AutoUpdate; C:\Program Files\Cucusoft\AutoUpdate\AutoUpdateSrvc.exe [44696 2012-07-17] (Cucusoft, Inc.)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [1868432 2012-12-24] ()
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1337752 2013-09-12] (ESET)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2014-05-14] (PasswordBox, Inc.) [File not signed]
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-08-12] (PDF Complete Inc)
S3 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
S3 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
S3 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 UCManSvc; C:\Program Files (x86)\SoftDenchi\UCManSvc.exe [241808 2010-03-12] (Paltiosoft Inc.) [File not signed]
R2 WinTabService; C:\Windows\System32\Drivers\WTSRV.EXE [73728 2010-06-01] (Tablet Driver) [File not signed]
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [598808 2013-06-05] (Wacom Technology, Corp.)
S2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-15] (AVG Technologies)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [239296 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [157432 2013-09-17] (ESET)
S3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [128856 2013-06-04] (Razer USA Ltd)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2014-03-23] () [File not signed]
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
U3 aivpa60p; C:\Windows\System32\Drivers\aivpa60p.sys [0 ] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 Tablet2k; "%SystemRoot%\System32\Drivers\Tablet2k.sys" [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-07 09:01 - 2014-10-07 09:09 - 00002594 _____ () C:\Users\Creechling\Desktop\JRT.txt
2014-10-07 08:56 - 2014-10-07 08:56 - 00000996 _____ () C:\Windows\PFRO.log
2014-10-07 08:54 - 2014-10-07 08:54 - 01705141 _____ (Thisisu) C:\Users\Creechling\Desktop\JRT (1).exe
2014-10-06 21:56 - 2014-10-06 21:56 - 00415232 _____ (Farbar) C:\Users\Creechling\Desktop\FSS.exe
2014-10-06 21:56 - 2014-10-06 21:56 - 00002368 _____ () C:\Users\Creechling\Desktop\FSS.txt
2014-10-06 21:54 - 2014-10-06 21:54 - 00141618 _____ () C:\Users\Creechling\Desktop\combofix.txt
2014-10-06 16:27 - 2014-10-06 16:27 - 00141618 _____ () C:\ComboFix.txt
2014-10-06 10:56 - 2011-06-25 22:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-06 10:56 - 2010-11-07 09:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-06 10:56 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-06 10:56 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-06 10:56 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-06 10:56 - 2000-08-30 16:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-06 10:56 - 2000-08-30 16:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-06 10:56 - 2000-08-30 16:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-06 10:49 - 2014-10-06 10:49 - 00000000 ____D () C:\Users\Creechling\Documents\ProcAlyzer Dumps
2014-10-06 10:41 - 2014-10-06 16:28 - 00000000 ____D () C:\Qoobox
2014-10-06 10:40 - 2014-10-06 13:09 - 00000000 ____D () C:\Windows\erdnt
2014-10-05 14:52 - 2014-10-06 08:56 - 04534178 _____ () C:\Users\Creechling\Desktop\bunny jump.psd
2014-10-05 14:19 - 2014-10-05 14:19 - 00001730 _____ () C:\Users\Creechling\Desktop\AdwCleaner[R2].txt
2014-10-05 13:10 - 2014-10-07 08:56 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-10-05 13:10 - 2014-10-05 16:29 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-05 13:08 - 2014-10-06 08:57 - 00000000 ____D () C:\Users\Creechling\Desktop\mbar
2014-10-05 13:08 - 2014-10-05 16:28 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-05 10:16 - 2014-10-05 10:17 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Creechling\Desktop\mbar-1.07.0.1012.exe
2014-10-05 09:15 - 2014-10-05 09:16 - 00050226 _____ () C:\Users\Creechling\Desktop\Addition.txt
2014-10-05 09:14 - 2014-10-07 09:10 - 00023929 _____ () C:\Users\Creechling\Desktop\FRST.txt
2014-10-05 09:13 - 2014-10-07 09:10 - 00000000 ____D () C:\FRST
2014-10-05 09:13 - 2014-10-05 09:13 - 00001012 _____ () C:\Users\Creechling\Desktop\checkup.txt
2014-10-05 09:04 - 2014-10-05 09:04 - 02109440 _____ (Farbar) C:\Users\Creechling\Desktop\FRST64.exe
2014-10-05 09:01 - 2014-10-05 09:01 - 00854436 _____ () C:\Users\Creechling\Desktop\SecurityCheck.exe
2014-10-04 07:07 - 2014-10-04 07:07 - 00000000 ____D () C:\Users\Creechling\Downloads\rope_pack___collab_with__mjranum_stock_by_senshistock-d6kqqw9
2014-10-04 07:06 - 2014-10-04 07:06 - 31639207 _____ () C:\Users\Creechling\Downloads\rope_pack___collab_with__mjranum_stock_by_senshistock-d6kqqw9.zip
2014-10-04 06:57 - 2014-10-04 06:57 - 03473326 _____ () C:\Users\Creechling\Desktop\Ruka Dreads skin_palette.psd
2014-10-03 10:21 - 2014-10-03 10:22 - 26862160 _____ () C:\Users\Creechling\Downloads\Alex by Katie Hofgard Sample.psd
2014-10-03 06:21 - 2014-10-03 06:22 - 01375089 _____ () C:\Users\Creechling\Downloads\AdwCleaner.exe
2014-10-03 06:21 - 2014-10-03 06:21 - 05582981 ____R (Swearware) C:\Users\Creechling\Desktop\ComboFix.exe
2014-10-03 06:21 - 2014-10-03 06:21 - 00688992 ____R (Swearware) C:\Users\Creechling\Downloads\dds (1).com
2014-10-03 06:21 - 2014-10-03 06:21 - 00688992 _____ (Swearware) C:\Users\Creechling\Downloads\dds.com
2014-10-03 03:55 - 2014-10-03 03:55 - 00016867 _____ () C:\Users\Creechling\Downloads\hijackthis.log
2014-10-03 03:54 - 2014-10-03 03:54 - 00388608 _____ (Trend Micro Inc.) C:\Users\Creechling\Downloads\HijackThis.exe
2014-10-03 03:18 - 2014-09-30 12:43 - 00002254 _____ () C:\Users\Creechling\Desktop\Google Chrome.lnk
2014-10-03 02:55 - 2014-10-07 08:55 - 00000000 ____D () C:\AdwCleaner
2014-10-03 02:55 - 2014-10-03 02:55 - 01375089 _____ () C:\Users\Creechling\Desktop\adwcleaner_3.311.exe
2014-10-01 20:52 - 2014-10-03 06:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-10-01 20:52 - 2014-10-03 06:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-10-01 20:52 - 2014-10-01 20:52 - 00001011 _____ () C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
2014-10-01 20:52 - 2014-10-01 20:52 - 00000000 ____D () C:\Users\Creechling\AppData\Roaming\Malwarebytes
2014-10-01 20:52 - 2014-10-01 20:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-01 20:52 - 2009-04-06 15:32 - 00038496 _____ (Malwarebytes Corporation) C:\Windows\SysWOW64\Drivers\mbamswissarmy.sys
2014-10-01 20:52 - 2009-04-06 15:32 - 00015504 _____ (Malwarebytes Corporation) C:\Windows\SysWOW64\Drivers\mbam.sys
2014-10-01 20:05 - 2014-10-04 05:11 - 03258624 _____ () C:\Users\Creechling\Desktop\halloween Zen.psd
2014-10-01 18:25 - 2014-10-01 18:25 - 06163830 _____ (Guillaume Stordeur ) C:\Users\Creechling\Downloads\LazyNezumiPro_Setup (6).exe
2014-09-30 12:43 - 2014-10-06 12:43 - 00003304 _____ () C:\Windows\System32\Tasks\Chrome Launcher
2014-09-30 12:43 - 2014-09-30 12:43 - 00000000 ____D () C:\Program Files (x86)\Techsnab
2014-09-26 12:44 - 2014-09-26 12:44 - 02913221 _____ () C:\Users\Creechling\Desktop\Untitled-123.psd
2014-09-26 04:14 - 2014-09-26 04:15 - 00147023 _____ () C:\Users\Creechling\Downloads\adwcleaner_3.310.exe
2014-09-26 04:06 - 2014-09-26 04:06 - 00000000 ____D () C:\Windows\ERUNT
2014-09-26 04:05 - 2014-09-26 04:06 - 01699118 _____ (Thisisu) C:\Users\Creechling\Downloads\JRT.exe
2014-09-26 03:21 - 2014-08-19 10:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-26 03:21 - 2014-08-19 09:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-26 03:21 - 2014-08-18 15:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-26 03:21 - 2014-08-18 14:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-26 03:21 - 2014-08-18 14:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-26 03:21 - 2014-08-18 14:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-26 03:21 - 2014-08-18 14:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-26 03:21 - 2014-08-18 14:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-26 03:21 - 2014-08-18 14:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-26 03:21 - 2014-08-18 14:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-26 03:21 - 2014-08-18 14:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-26 03:21 - 2014-08-18 14:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-26 03:21 - 2014-08-18 14:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-26 03:21 - 2014-08-18 14:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-26 03:21 - 2014-08-18 14:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-26 03:21 - 2014-08-18 14:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-26 03:21 - 2014-08-18 14:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-26 03:21 - 2014-08-18 14:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-26 03:21 - 2014-08-18 14:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-26 03:21 - 2014-08-18 13:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-26 03:21 - 2014-08-18 13:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-26 03:21 - 2014-08-18 13:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-26 03:21 - 2014-08-18 13:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-26 03:21 - 2014-08-18 13:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-26 03:21 - 2014-08-18 13:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-26 03:21 - 2014-08-18 13:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-26 03:21 - 2014-08-18 13:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-26 03:21 - 2014-08-18 13:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-26 03:21 - 2014-08-18 13:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-26 03:21 - 2014-08-18 13:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-26 03:21 - 2014-08-18 13:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-26 03:21 - 2014-08-18 13:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-26 03:21 - 2014-08-18 13:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-26 03:21 - 2014-08-18 13:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-26 03:21 - 2014-08-18 13:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-26 03:21 - 2014-08-18 13:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-26 03:21 - 2014-08-18 13:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-26 03:21 - 2014-08-18 13:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-26 03:21 - 2014-08-18 13:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-26 03:21 - 2014-08-18 13:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-26 03:21 - 2014-08-18 13:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-26 03:21 - 2014-08-18 13:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-26 03:21 - 2014-08-18 13:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-26 03:21 - 2014-08-18 13:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-26 03:21 - 2014-08-18 13:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-26 03:21 - 2014-08-18 13:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-26 03:21 - 2014-08-18 13:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-26 03:21 - 2014-08-18 13:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-26 03:21 - 2014-08-18 13:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-26 03:21 - 2014-08-18 13:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-26 03:21 - 2014-08-18 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-26 03:21 - 2014-08-18 12:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-26 03:21 - 2014-08-18 12:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-26 03:21 - 2014-08-18 12:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-26 03:21 - 2014-08-18 12:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-26 03:21 - 2014-08-18 12:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-25 11:45 - 2014-09-25 11:46 - 00985600 _____ () C:\Users\Creechling\Downloads\MicrosoftFixit50123.msi
2014-09-25 11:42 - 2014-09-25 11:42 - 00000000 ____D () C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2014-09-25 11:36 - 2014-06-26 18:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-25 11:36 - 2014-06-26 17:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-25 10:57 - 2014-07-06 18:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-25 10:57 - 2014-07-06 18:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-25 10:57 - 2014-07-06 17:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-25 10:57 - 2014-07-06 17:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-25 10:57 - 2014-07-06 17:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-25 10:56 - 2014-09-09 14:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-25 10:56 - 2014-09-09 13:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-25 10:56 - 2014-09-04 18:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-25 10:56 - 2014-09-04 18:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-25 10:56 - 2014-08-01 03:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-25 10:56 - 2014-08-01 03:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-25 10:56 - 2014-06-23 19:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-25 10:56 - 2014-06-23 18:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-25 09:57 - 2014-09-25 09:57 - 00001111 _____ () C:\Users\Public\Desktop\XSplit Broadcaster.lnk
2014-09-25 09:57 - 2014-09-25 09:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit
2014-09-25 09:57 - 2014-09-25 09:57 - 00000000 ____D () C:\Program Files (x86)\SplitMediaLabs
2014-09-25 09:30 - 2014-09-25 09:30 - 00000000 ____D () C:\Users\Creechling\AppData\Local\SplitMediaLabs
2014-09-25 09:30 - 2014-09-25 09:30 - 00000000 ____D () C:\ProgramData\SplitMediaLabs
2014-09-25 09:29 - 2014-09-25 09:29 - 00000000 ____D () C:\Users\Creechling\AppData\Roaming\SplitMediaLabs
2014-09-25 09:03 - 2014-09-25 09:29 - 37431960 _____ (SplitMediaLabs) C:\Users\Creechling\Downloads\xsplit_installer_v1.2.1311.1201.exe
2014-09-25 08:58 - 2014-10-04 07:05 - 00000000 ____D () C:\Users\Creechling\Desktop\50 Pose Challenge
2014-09-23 17:37 - 2014-09-23 17:37 - 00582604 _____ () C:\Users\Creechling\Downloads\686142.zip
2014-09-23 17:37 - 2014-09-23 17:37 - 00000000 ____D () C:\Users\Creechling\Downloads\686142
2014-09-21 12:49 - 2014-09-21 12:49 - 00620009 _____ () C:\Users\Creechling\Downloads\rasen_painting_brushes_by_rasen-d7zybf2.abr
2014-09-19 12:41 - 2014-10-01 12:41 - 00070144 _____ () C:\Windows\SysWOW64\tasks.dll
2014-09-18 12:42 - 2014-09-18 12:42 - 00876040 _____ () C:\Users\Creechling\Downloads\Godzilla (2014) DVDRip XviD-MAX (1).exe
2014-09-18 12:41 - 2014-09-18 12:41 - 00003354 _____ () C:\Windows\System32\Tasks\Eakona Update
2014-09-18 12:41 - 2014-09-18 12:41 - 00003260 _____ () C:\Windows\System32\Tasks\GPUP
2014-09-18 12:41 - 2014-09-18 12:41 - 00000000 ____D () C:\ProgramData\Eakona
2014-09-18 12:40 - 2014-09-18 12:40 - 00876040 _____ () C:\Users\Creechling\Downloads\Godzilla (2014) DVDRip XviD-MAX.exe
2014-09-16 23:26 - 2014-09-16 23:26 - 00024290 _____ () C:\Users\Creechling\Downloads\[BakaBT.149973v1] Chi's New Address.torrent
2014-09-16 23:26 - 2014-09-16 23:26 - 00021556 _____ () C:\Users\Creechling\Downloads\[BakaBT.141683v1] Chi's Sweet Home.torrent
2014-09-11 12:45 - 2014-09-11 12:45 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-11 12:45 - 2014-09-11 12:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-11 12:45 - 2014-09-11 12:45 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-11 12:45 - 2014-09-11 12:45 - 00000000 ____D () C:\Program Files\iTunes
2014-09-11 12:45 - 2014-09-11 12:45 - 00000000 ____D () C:\Program Files\iPod
2014-09-11 12:45 - 2014-09-11 12:45 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-11 12:39 - 2014-09-11 12:40 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-09-11 12:39 - 2014-09-11 12:39 - 00001847 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-09-11 12:39 - 2014-09-11 12:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-09-08 12:40 - 2014-09-08 12:40 - 00007609 _____ () C:\Users\Creechling\AppData\Local\Resmon.ResmonCfg
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-07 09:11 - 2013-02-23 07:51 - 00000000 ____D () C:\Users\Creechling\AppData\Local\PMB Files
2014-10-07 09:04 - 2009-07-13 20:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-07 09:04 - 2009-07-13 20:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-07 09:02 - 2009-07-13 21:13 - 00783360 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-07 08:57 - 2014-09-02 09:45 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-07 08:57 - 2013-09-06 11:50 - 00000000 ____D () C:\Users\Creechling\.android
2014-10-07 08:57 - 2013-03-08 19:41 - 00000000 ____D () C:\Users\Creechling\AppData\Local\Adobe
2014-10-07 08:57 - 2012-07-13 12:51 - 00000000 ____D () C:\ProgramData\PDFC
2014-10-07 08:56 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-07 08:56 - 2009-07-13 20:51 - 00100835 _____ () C:\Windows\setupact.log
2014-10-07 08:55 - 2013-02-23 06:32 - 01251144 _____ () C:\Windows\WindowsUpdate.log
2014-10-07 08:50 - 2014-09-02 09:45 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-06 21:55 - 2013-02-23 07:40 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{E4A45156-4B54-4681-ABD3-11B8F3D496DA}
2014-10-06 19:39 - 2013-04-17 14:11 - 00000000 ____D () C:\Users\Creechling\AppData\Local\CrashDumps
2014-10-06 16:28 - 2009-07-13 19:20 - 00000000 __RHD () C:\Users\Default
2014-10-06 12:45 - 2009-07-13 18:34 - 00000215 _____ () C:\Windows\system.ini
2014-10-06 12:43 - 2014-09-02 09:46 - 00002254 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-06 10:54 - 2013-12-27 06:21 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-10-06 08:58 - 2014-02-10 09:23 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-10-06 08:58 - 2013-12-01 11:02 - 00000352 _____ () C:\Windows\Tasks\HPCeeScheduleForCreechling.job
2014-10-06 08:58 - 2009-07-13 21:32 - 00000000 ____D () C:\Windows\addins
2014-10-06 08:57 - 2014-04-18 07:40 - 00000000 ___RD () C:\Users\Creechling\Dropbox
2014-10-06 08:56 - 2013-02-23 07:41 - 00000000 ____D () C:\Users\Creechling\AppData\Roaming\Adobe
2014-10-05 11:08 - 2014-04-18 05:58 - 00000000 ____D () C:\Users\Creechling\AppData\Roaming\Dropbox
2014-10-05 09:55 - 2013-12-01 11:02 - 00003216 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForCreechling
2014-10-05 09:55 - 2013-04-08 16:15 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-10-05 09:55 - 2013-02-24 10:03 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-10-04 14:10 - 2013-05-10 21:32 - 00000132 _____ () C:\Users\Creechling\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-10-04 06:41 - 2014-07-11 09:15 - 12532384 _____ () C:\Users\Creechling\Desktop\ruka dreads.psd
2014-10-04 06:21 - 2014-09-03 10:05 - 135813784 _____ () C:\Users\Creechling\Desktop\katieDan_KingQueen.psd
2014-10-04 05:14 - 2013-07-23 12:53 - 00000000 ____D () C:\Users\Creechling\Desktop\PS
2014-10-04 05:13 - 2013-06-13 11:58 - 00000000 ____D () C:\Users\Creechling\Desktop\New folder
2014-10-03 10:43 - 2013-02-23 06:32 - 00000000 ____D () C:\Users\Creechling
2014-10-03 06:13 - 2014-09-02 09:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-10-03 06:13 - 2014-03-23 18:18 - 00000000 ____D () C:\ProgramData\paltiosoft
2014-10-03 06:13 - 2014-01-17 03:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lazy Nezumi Pro
2014-10-03 06:13 - 2014-01-17 03:29 - 00000000 ____D () C:\Program Files (x86)\Lazy Nezumi Pro
2014-10-03 06:13 - 2013-04-17 09:26 - 00000000 ____D () C:\Users\Creechling\AppData\Roaming\Azureus
2014-10-03 06:13 - 2013-02-23 07:51 - 00000000 ____D () C:\ProgramData\PMB Files
2014-10-03 06:13 - 2013-02-23 07:36 - 00000000 ____D () C:\Users\Creechling\AppData\Local\VirtualStore
2014-10-03 06:13 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\registration
2014-10-03 02:50 - 2014-09-05 11:00 - 00000000 ____D () C:\Users\Creechling\AppData\Local\LogiShrd
2014-10-03 02:50 - 2014-09-05 10:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2014-10-03 02:50 - 2014-09-05 10:58 - 00000000 ____D () C:\Program Files (x86)\Logitech
2014-09-30 18:29 - 2014-03-01 15:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
2014-09-28 21:07 - 2014-04-13 13:44 - 00000000 ____D () C:\Users\Creechling\AppData\Roaming\vlc
2014-09-28 19:37 - 2014-08-09 09:51 - 08258847 _____ () C:\Users\Creechling\Desktop\Evan-Recovered.psd
2014-09-28 08:37 - 2013-05-04 15:38 - 00000000 ____D () C:\Users\Creechling\AppData\Roaming\SoftGrid Client
2014-09-27 10:54 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-26 13:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2014-09-26 03:46 - 2009-07-13 19:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-26 03:43 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-09-26 03:41 - 2013-04-25 09:00 - 00000000 ____D () C:\ProgramData\Razer
2014-09-25 11:42 - 2011-02-11 09:15 - 00767036 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-25 11:41 - 2014-01-17 02:36 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-25 11:37 - 2014-01-17 02:36 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-25 11:36 - 2014-05-07 03:02 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-22 09:14 - 2013-08-05 10:51 - 00000000 ____D () C:\Users\Creechling\AppData\Local\Procaster
2014-09-19 03:52 - 2013-07-23 12:54 - 00000000 ____D () C:\Users\Creechling\Desktop\Images
2014-09-19 02:57 - 2013-10-13 10:14 - 00001456 _____ () C:\Users\Creechling\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-09-17 19:03 - 2014-04-18 07:40 - 00001033 _____ () C:\Users\Creechling\Desktop\Dropbox.lnk
2014-09-17 19:03 - 2014-04-18 05:59 - 00000000 ____D () C:\Users\Creechling\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-15 09:06 - 2010-11-20 19:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-08 12:11 - 2014-01-17 03:29 - 00000000 ____D () C:\Users\Creechling\AppData\Local\Lazy Nezumi Pro
ZeroAccess:
C:\Users\Creechling\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install
 
Some content of TEMP:
====================
C:\Users\Creechling\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpcjfxrz.dll
C:\Users\Creechling\AppData\Local\Temp\Quarantine.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-06 00:59
 
==================== End Of Log ============================

And ads are still popping up on web pages at the same rate as before.



#11 Jo*

Jo*

  • Malware Response Team
  • 3,417 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:14 AM

Posted 07 October 2014 - 01:08 PM

Hello creechling,

do you get the popups in every browser or only in one?
IE, Firefox or Chrome?
 

***


Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it in the same location as / FSRT / FSRT64 (usually your desktop) as fixlist.txt

 
start
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
EmptyTemp:
DisableService: vToolbarUpdater18.1.9
Hosts:
S2 vToolbarUpdater18.1.9; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [X]
end

NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST / FSRT64 again like we did before but this time press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.



***


FRST / FSRT64: run it again.
  • Right-click FRST / FSRT64 then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

***


Edited by Jo*, 07 October 2014 - 01:13 PM.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#12 creechling

creechling
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Alaska
  • Local time:12:14 AM

Posted 07 October 2014 - 05:00 PM

It appears to be isolated to pop ups in Chrome.

 

Fixlog:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-10-2014 01
Ran by Creechling at 2014-10-07 11:06:39 Run:1
Running from C:\Users\Creechling\Desktop
Loaded Profile: Creechling (Available profiles: Creechling)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
start
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
EmptyTemp:
DisableService: vToolbarUpdater18.1.9
Hosts:
S2 vToolbarUpdater18.1.9; C:\PROGRAM Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe [X]
end
*****************
 
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\RunOnce\\SpUninstallDeleteDir => value deleted successfully.
C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
vToolbarUpdater18.1.9 service was disabled
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
vToolbarUpdater18.1.9 => Service deleted successfully.
EmptyTemp: => Removed 9.3 GB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog ====

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-10-2014 01
Ran by Creechling (administrator) on MALUS on 07-10-2014 13:57:14
Running from C:\Users\Creechling\Desktop
Loaded Profile: Creechling (Available profiles: Creechling)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Logitech Inc.) C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\WTabletServicePro.exe
(AMD) C:\Windows\System32\atieclxx.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Cucusoft, Inc.) C:\Program Files\Cucusoft\AutoUpdate\AutoUpdateSrvc.exe
() C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(PasswordBox, Inc.) C:\Program Files (x86)\PasswordBox\pbbtnService.exe
(PDF Complete Inc) C:\Program Files (x86)\PDF Complete\pdfsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
(Paltiosoft Inc.) C:\Program Files (x86)\SoftDenchi\UCManSvc.exe
(Tablet Driver) C:\Windows\System32\drivers\WTSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Wacom\WacomHost.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\Beats64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
() C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
(DT Soft Ltd) C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
() C:\Program Files (x86)\Free Desktop Timer\DesktopTimer.exe
(Sony Computer Entertainment Inc.) C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe
(Dropbox, Inc.) C:\Users\Creechling\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Sony Computer Entertainment Inc.) C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXRCV.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\FAX Utility\FUFAXSTM.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\Common Files\logishrd\LQCVFX\COCIManager.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\HPTouchSmartSyncCalReminderApp.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Wacom\Wacom_TouchUser.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2011-12-13] (Hewlett-Packard )
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-04-24] (IDT, Inc.)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5618456 2013-09-12] (ESET)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [630912 2012-01-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [PDF Complete] => C:\Program Files (x86)\PDF Complete\pdfsty.exe [658424 2011-08-12] (PDF Complete Inc)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43816 2014-07-31] (Apple Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [WTClient] => C:\Windows\SysWOW64\WTClient.exe [32768 2009-10-30] (Tablet Driver)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [38984 2013-05-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840768 2013-05-09] (Adobe Systems Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2012-01-26] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [642664 2013-12-24] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863848 2013-12-24] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [205336 2011-11-11] (Logitech Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-09-26] (Hewlett-Packard)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-2923819935-773575165-2828370058-1001\...\Run: [Pando Media Booster] => C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [3093624 2013-02-23] ()
HKU\S-1-5-21-2923819935-773575165-2828370058-1001\...\Run: [Driver Updater] => C:\Program Files (x86)\Carambis\Driver Updater\dupdater.exe [2995896 2012-12-24] (MEDIA FOG LTD.)
HKU\S-1-5-21-2923819935-773575165-2828370058-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [357696 2010-04-01] (DT Soft Ltd)
HKU\S-1-5-21-2923819935-773575165-2828370058-1001\...\Run: [FreeDesktopTimer] => C:\Program Files (x86)\Free Desktop Timer\DesktopTimer.exe [623616 2013-01-26] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Content Manager Assistant for PlayStation®.lnk
ShortcutTarget: Content Manager Assistant for PlayStation®.lnk -> C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe (Sony Computer Entertainment Inc.)
Startup: C:\Users\Creechling\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Creechling\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Creechling\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Product Registration.lnk
ShortcutTarget: Logitech . Product Registration.lnk -> C:\Program Files (x86)\Logitech\Ereg\eReg.exe (Leader Technologies/Logitech)
ShellIconOverlayIdentifiers: [1BingDesktopOverlays] -> {B82655E9-B81D-4A97-8154-0D84A4C048E4} => C:\ProgramData\Microsoft\BingDesktop\BingCore\BingDesktopOverlays.dll No File
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {83358041-A6D3-4EC3-9A71-8B929CC219CD} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=994519&p={searchTerms}
BHO: SfKpCouponApp -> {01EDDBE4-74B6-C84A-A6E4-D70697FDA7AE} -> C:\Program Files (x86)\SfKpCouponApp\0jUv3f2A04.x64.dll No File
BHO: HDvid Codec V6.0 -> {11111111-1111-1111-1111-110411591171} -> C:\Program Files (x86)\HDvid Codec V6.0\HDvid Codec V6.0-bho64.dll No File
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> c:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Skype add-on for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: PasswordBox Helper -> {5DB69B97-934B-451D-94DB-32EF802A01CD} -> C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll (PasswordBox, Inc.)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> c:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - c:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Winsock: Catalog5 01 C:\Windows\SysWOW64\mswsock.dll [231424] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 01 %SystemRoot%\System32\mswsock.dll [327168] (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF ProfilePath: C:\Users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin HKCU: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Extension: XKit - C:\Users\Creechling\AppData\Roaming\Mozilla\Firefox\Profiles\nfk9wk7n.default\Extensions\xkit@studioxenix.com.xpi [2014-02-21]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-11-26]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-11-26]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF Extension: ESET Smart Security Extension - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2014-02-21]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2013-04-20]
FF HKLM-x32\...\Firefox\Extensions: [firefox@passwordbox.com] - C:\Program Files (x86)\PasswordBox\Firefox
FF Extension: PasswordBox - C:\Program Files (x86)\PasswordBox\Firefox [2013-11-20]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
 
Chrome: 
=======
CHR Profile: C:\Users\Creechling\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Creechling\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-02-23]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Creechling\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (XKit) - C:\Users\Creechling\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpfgeeomkfdefkckijiabdbogjkdaecd [2014-05-02]
CHR Extension: (Google Wallet) - C:\Users\Creechling\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-06]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-10-09]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 CalendarSynchService; C:\Program Files (x86)\Hewlett-Packard\TouchSmart\Calendar\Service\GCalService.exe [16384 2011-08-16] (Hewlett-Packard) [File not signed]
R2 CS_AutoUpdate; C:\Program Files\Cucusoft\AutoUpdate\AutoUpdateSrvc.exe [44696 2012-07-17] (Cucusoft, Inc.)
R2 DragonUpdater; C:\Program Files (x86)\Comodo\Dragon\dragon_updater.exe [1868432 2012-12-24] ()
R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [1337752 2013-09-12] (ESET)
S2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2014-05-14] (PasswordBox, Inc.) [File not signed]
R2 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1128952 2011-08-12] (PDF Complete Inc)
S3 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
S3 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
S3 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 UCManSvc; C:\Program Files (x86)\SoftDenchi\UCManSvc.exe [241808 2010-03-12] (Paltiosoft Inc.) [File not signed]
R2 WinTabService; C:\Windows\System32\Drivers\WTSRV.EXE [73728 2010-06-01] (Tablet Driver) [File not signed]
R2 WTabletServicePro; C:\Program Files\Tablet\Wacom\WTabletServicePro.exe [598808 2013-06-05] (Wacom Technology, Corp.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-15] (AVG Technologies)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [239320 2013-09-17] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [239296 2013-09-17] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [168256 2013-09-17] (ESET)
R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [157432 2013-09-17] (ESET)
S3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [128856 2013-06-04] (Razer USA Ltd)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2014-03-23] () [File not signed]
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
U3 alnt2p9c; C:\Windows\System32\Drivers\alnt2p9c.sys [0 ] (Microsoft Corporation)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 Tablet2k; "%SystemRoot%\System32\Drivers\Tablet2k.sys" [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-07 11:07 - 2014-10-07 11:07 - 00244136 _____ () C:\Users\Creechling\Downloads\Firefox Setup Stub 32.0.3.exe
2014-10-07 11:06 - 2014-10-07 11:06 - 00000000 ____D () C:\Users\Creechling\Desktop\FRST-OlderVersion
2014-10-07 09:15 - 2014-10-07 09:15 - 00001859 _____ () C:\Users\Creechling\Desktop\AdwCleaner[S2].txt
2014-10-07 09:01 - 2014-10-07 09:09 - 00002594 _____ () C:\Users\Creechling\Desktop\JRT.txt
2014-10-07 08:56 - 2014-10-07 12:11 - 00022086 _____ () C:\Windows\PFRO.log
2014-10-07 08:54 - 2014-10-07 08:54 - 01705141 _____ (Thisisu) C:\Users\Creechling\Desktop\JRT (1).exe
2014-10-06 21:56 - 2014-10-06 21:56 - 00415232 _____ (Farbar) C:\Users\Creechling\Desktop\FSS.exe
2014-10-06 21:56 - 2014-10-06 21:56 - 00002368 _____ () C:\Users\Creechling\Desktop\FSS.txt
2014-10-06 21:54 - 2014-10-06 21:54 - 00141618 _____ () C:\Users\Creechling\Desktop\combofix.txt
2014-10-06 16:27 - 2014-10-06 16:27 - 00141618 _____ () C:\ComboFix.txt
2014-10-06 10:56 - 2011-06-25 22:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-10-06 10:56 - 2010-11-07 09:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-10-06 10:56 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-10-06 10:56 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-10-06 10:56 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-10-06 10:56 - 2000-08-30 16:00 - 00098816 _____ () C:\Windows\sed.exe
2014-10-06 10:56 - 2000-08-30 16:00 - 00080412 _____ () C:\Windows\grep.exe
2014-10-06 10:56 - 2000-08-30 16:00 - 00068096 _____ () C:\Windows\zip.exe
2014-10-06 10:49 - 2014-10-06 10:49 - 00000000 ____D () C:\Users\Creechling\Documents\ProcAlyzer Dumps
2014-10-06 10:41 - 2014-10-06 16:28 - 00000000 ____D () C:\Qoobox
2014-10-06 10:40 - 2014-10-06 13:09 - 00000000 ____D () C:\Windows\erdnt
2014-10-05 14:52 - 2014-10-06 08:56 - 04534178 _____ () C:\Users\Creechling\Desktop\bunny jump.psd
2014-10-05 14:19 - 2014-10-05 14:19 - 00001730 _____ () C:\Users\Creechling\Desktop\AdwCleaner[R2].txt
2014-10-05 13:10 - 2014-10-07 08:56 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-10-05 13:10 - 2014-10-05 16:29 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-05 13:08 - 2014-10-06 08:57 - 00000000 ____D () C:\Users\Creechling\Desktop\mbar
2014-10-05 13:08 - 2014-10-05 16:28 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-05 10:16 - 2014-10-05 10:17 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Creechling\Desktop\mbar-1.07.0.1012.exe
2014-10-05 09:15 - 2014-10-05 09:16 - 00050226 _____ () C:\Users\Creechling\Desktop\Addition.txt
2014-10-05 09:14 - 2014-10-07 13:57 - 00023604 _____ () C:\Users\Creechling\Desktop\FRST.txt
2014-10-05 09:13 - 2014-10-07 13:57 - 00000000 ____D () C:\FRST
2014-10-05 09:13 - 2014-10-05 09:13 - 00001012 _____ () C:\Users\Creechling\Desktop\checkup.txt
2014-10-05 09:04 - 2014-10-07 11:06 - 02109952 _____ (Farbar) C:\Users\Creechling\Desktop\FRST64.exe
2014-10-05 09:01 - 2014-10-05 09:01 - 00854436 _____ () C:\Users\Creechling\Desktop\SecurityCheck.exe
2014-10-04 07:07 - 2014-10-04 07:07 - 00000000 ____D () C:\Users\Creechling\Downloads\rope_pack___collab_with__mjranum_stock_by_senshistock-d6kqqw9
2014-10-04 07:06 - 2014-10-04 07:06 - 31639207 _____ () C:\Users\Creechling\Downloads\rope_pack___collab_with__mjranum_stock_by_senshistock-d6kqqw9.zip
2014-10-04 06:57 - 2014-10-04 06:57 - 03473326 _____ () C:\Users\Creechling\Desktop\Ruka Dreads skin_palette.psd
2014-10-03 10:21 - 2014-10-03 10:22 - 26862160 _____ () C:\Users\Creechling\Downloads\Alex by Katie Hofgard Sample.psd
2014-10-03 06:21 - 2014-10-03 06:22 - 01375089 _____ () C:\Users\Creechling\Downloads\AdwCleaner.exe
2014-10-03 06:21 - 2014-10-03 06:21 - 05582981 ____R (Swearware) C:\Users\Creechling\Desktop\ComboFix.exe
2014-10-03 06:21 - 2014-10-03 06:21 - 00688992 ____R (Swearware) C:\Users\Creechling\Downloads\dds (1).com
2014-10-03 06:21 - 2014-10-03 06:21 - 00688992 _____ (Swearware) C:\Users\Creechling\Downloads\dds.com
2014-10-03 03:55 - 2014-10-03 03:55 - 00016867 _____ () C:\Users\Creechling\Downloads\hijackthis.log
2014-10-03 03:54 - 2014-10-03 03:54 - 00388608 _____ (Trend Micro Inc.) C:\Users\Creechling\Downloads\HijackThis.exe
2014-10-03 03:18 - 2014-09-30 12:43 - 00002254 _____ () C:\Users\Creechling\Desktop\Google Chrome.lnk
2014-10-03 02:55 - 2014-10-07 08:55 - 00000000 ____D () C:\AdwCleaner
2014-10-03 02:55 - 2014-10-03 02:55 - 01375089 _____ () C:\Users\Creechling\Desktop\adwcleaner_3.311.exe
2014-10-01 20:52 - 2014-10-03 06:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
2014-10-01 20:52 - 2014-10-03 06:13 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-10-01 20:52 - 2014-10-01 20:52 - 00001011 _____ () C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
2014-10-01 20:52 - 2014-10-01 20:52 - 00000000 ____D () C:\Users\Creechling\AppData\Roaming\Malwarebytes
2014-10-01 20:52 - 2014-10-01 20:52 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-10-01 20:52 - 2009-04-06 15:32 - 00038496 _____ (Malwarebytes Corporation) C:\Windows\SysWOW64\Drivers\mbamswissarmy.sys
2014-10-01 20:52 - 2009-04-06 15:32 - 00015504 _____ (Malwarebytes Corporation) C:\Windows\SysWOW64\Drivers\mbam.sys
2014-10-01 20:05 - 2014-10-04 05:11 - 03258624 _____ () C:\Users\Creechling\Desktop\halloween Zen.psd
2014-10-01 18:25 - 2014-10-01 18:25 - 06163830 _____ (Guillaume Stordeur ) C:\Users\Creechling\Downloads\LazyNezumiPro_Setup (6).exe
2014-09-30 12:43 - 2014-10-06 12:43 - 00003304 _____ () C:\Windows\System32\Tasks\Chrome Launcher
2014-09-30 12:43 - 2014-09-30 12:43 - 00000000 ____D () C:\Program Files (x86)\Techsnab
2014-09-26 12:44 - 2014-09-26 12:44 - 02913221 _____ () C:\Users\Creechling\Desktop\Untitled-123.psd
2014-09-26 04:14 - 2014-09-26 04:15 - 00147023 _____ () C:\Users\Creechling\Downloads\adwcleaner_3.310.exe
2014-09-26 04:06 - 2014-09-26 04:06 - 00000000 ____D () C:\Windows\ERUNT
2014-09-26 04:05 - 2014-09-26 04:06 - 01699118 _____ (Thisisu) C:\Users\Creechling\Downloads\JRT.exe
2014-09-26 03:21 - 2014-08-19 10:05 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-26 03:21 - 2014-08-19 09:39 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-26 03:21 - 2014-08-18 15:01 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-26 03:21 - 2014-08-18 14:29 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-26 03:21 - 2014-08-18 14:29 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-26 03:21 - 2014-08-18 14:26 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-26 03:21 - 2014-08-18 14:20 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-26 03:21 - 2014-08-18 14:19 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-26 03:21 - 2014-08-18 14:15 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-26 03:21 - 2014-08-18 14:15 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-26 03:21 - 2014-08-18 14:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-26 03:21 - 2014-08-18 14:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-26 03:21 - 2014-08-18 14:08 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-26 03:21 - 2014-08-18 14:08 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-26 03:21 - 2014-08-18 14:08 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-26 03:21 - 2014-08-18 14:05 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-26 03:21 - 2014-08-18 14:03 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-26 03:21 - 2014-08-18 14:03 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-26 03:21 - 2014-08-18 14:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-26 03:21 - 2014-08-18 13:57 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-26 03:21 - 2014-08-18 13:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-26 03:21 - 2014-08-18 13:51 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-26 03:21 - 2014-08-18 13:46 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-26 03:21 - 2014-08-18 13:45 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-26 03:21 - 2014-08-18 13:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-26 03:21 - 2014-08-18 13:44 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-26 03:21 - 2014-08-18 13:44 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-26 03:21 - 2014-08-18 13:42 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-26 03:21 - 2014-08-18 13:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-26 03:21 - 2014-08-18 13:39 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-26 03:21 - 2014-08-18 13:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-26 03:21 - 2014-08-18 13:39 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-26 03:21 - 2014-08-18 13:38 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-26 03:21 - 2014-08-18 13:37 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-26 03:21 - 2014-08-18 13:36 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-26 03:21 - 2014-08-18 13:35 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-26 03:21 - 2014-08-18 13:27 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-26 03:21 - 2014-08-18 13:25 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-26 03:21 - 2014-08-18 13:25 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-26 03:21 - 2014-08-18 13:23 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-26 03:21 - 2014-08-18 13:23 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-26 03:21 - 2014-08-18 13:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-26 03:21 - 2014-08-18 13:19 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-26 03:21 - 2014-08-18 13:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-26 03:21 - 2014-08-18 13:17 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-26 03:21 - 2014-08-18 13:16 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-26 03:21 - 2014-08-18 13:15 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-26 03:21 - 2014-08-18 13:15 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-26 03:21 - 2014-08-18 13:09 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-26 03:21 - 2014-08-18 13:08 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-26 03:21 - 2014-08-18 13:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-26 03:21 - 2014-08-18 12:55 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-26 03:21 - 2014-08-18 12:46 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-26 03:21 - 2014-08-18 12:38 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-26 03:21 - 2014-08-18 12:38 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-26 03:21 - 2014-08-18 12:36 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-25 11:45 - 2014-09-25 11:46 - 00985600 _____ () C:\Users\Creechling\Downloads\MicrosoftFixit50123.msi
2014-09-25 11:42 - 2014-09-25 11:42 - 00000000 ____D () C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2014-09-25 11:36 - 2014-06-26 18:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-25 11:36 - 2014-06-26 17:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-25 10:57 - 2014-07-06 18:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-25 10:57 - 2014-07-06 18:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-25 10:57 - 2014-07-06 17:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-25 10:57 - 2014-07-06 17:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-25 10:57 - 2014-07-06 17:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-25 10:56 - 2014-09-09 14:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-25 10:56 - 2014-09-09 13:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-25 10:56 - 2014-09-04 18:10 - 00578048 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-25 10:56 - 2014-09-04 18:05 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-25 10:56 - 2014-08-01 03:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-25 10:56 - 2014-08-01 03:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-25 10:56 - 2014-06-23 19:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-25 10:56 - 2014-06-23 18:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-25 09:57 - 2014-09-25 09:57 - 00001111 _____ () C:\Users\Public\Desktop\XSplit Broadcaster.lnk
2014-09-25 09:57 - 2014-09-25 09:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSplit
2014-09-25 09:57 - 2014-09-25 09:57 - 00000000 ____D () C:\Program Files (x86)\SplitMediaLabs
2014-09-25 09:30 - 2014-09-25 09:30 - 00000000 ____D () C:\Users\Creechling\AppData\Local\SplitMediaLabs
2014-09-25 09:30 - 2014-09-25 09:30 - 00000000 ____D () C:\ProgramData\SplitMediaLabs
2014-09-25 09:29 - 2014-09-25 09:29 - 00000000 ____D () C:\Users\Creechling\AppData\Roaming\SplitMediaLabs
2014-09-25 09:03 - 2014-09-25 09:29 - 37431960 _____ (SplitMediaLabs) C:\Users\Creechling\Downloads\xsplit_installer_v1.2.1311.1201.exe
2014-09-25 08:58 - 2014-10-04 07:05 - 00000000 ____D () C:\Users\Creechling\Desktop\50 Pose Challenge
2014-09-23 17:37 - 2014-09-23 17:37 - 00582604 _____ () C:\Users\Creechling\Downloads\686142.zip
2014-09-23 17:37 - 2014-09-23 17:37 - 00000000 ____D () C:\Users\Creechling\Downloads\686142
2014-09-21 12:49 - 2014-09-21 12:49 - 00620009 _____ () C:\Users\Creechling\Downloads\rasen_painting_brushes_by_rasen-d7zybf2.abr
2014-09-19 12:41 - 2014-10-01 12:41 - 00070144 _____ () C:\Windows\SysWOW64\tasks.dll
2014-09-18 12:42 - 2014-09-18 12:42 - 00876040 _____ () C:\Users\Creechling\Downloads\Godzilla (2014) DVDRip XviD-MAX (1).exe
2014-09-18 12:41 - 2014-09-18 12:41 - 00003354 _____ () C:\Windows\System32\Tasks\Eakona Update
2014-09-18 12:41 - 2014-09-18 12:41 - 00003260 _____ () C:\Windows\System32\Tasks\GPUP
2014-09-18 12:41 - 2014-09-18 12:41 - 00000000 ____D () C:\ProgramData\Eakona
2014-09-18 12:40 - 2014-09-18 12:40 - 00876040 _____ () C:\Users\Creechling\Downloads\Godzilla (2014) DVDRip XviD-MAX.exe
2014-09-16 23:26 - 2014-09-16 23:26 - 00024290 _____ () C:\Users\Creechling\Downloads\[BakaBT.149973v1] Chi's New Address.torrent
2014-09-16 23:26 - 2014-09-16 23:26 - 00021556 _____ () C:\Users\Creechling\Downloads\[BakaBT.141683v1] Chi's Sweet Home.torrent
2014-09-11 12:45 - 2014-09-11 12:45 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-09-11 12:45 - 2014-09-11 12:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-09-11 12:45 - 2014-09-11 12:45 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-09-11 12:45 - 2014-09-11 12:45 - 00000000 ____D () C:\Program Files\iTunes
2014-09-11 12:45 - 2014-09-11 12:45 - 00000000 ____D () C:\Program Files\iPod
2014-09-11 12:45 - 2014-09-11 12:45 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-09-11 12:39 - 2014-09-11 12:40 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2014-09-11 12:39 - 2014-09-11 12:39 - 00001847 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2014-09-11 12:39 - 2014-09-11 12:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2014-09-08 12:40 - 2014-09-08 12:40 - 00007609 _____ () C:\Users\Creechling\AppData\Local\Resmon.ResmonCfg
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-10-07 13:57 - 2013-02-23 07:51 - 00000000 ____D () C:\Users\Creechling\AppData\Local\PMB Files
2014-10-07 13:56 - 2014-09-02 09:45 - 00000902 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-10-07 13:56 - 2014-04-18 07:40 - 00000000 ___RD () C:\Users\Creechling\Dropbox
2014-10-07 13:56 - 2014-04-18 05:58 - 00000000 ____D () C:\Users\Creechling\AppData\Roaming\Dropbox
2014-10-07 13:56 - 2013-03-08 19:41 - 00000000 ____D () C:\Users\Creechling\AppData\Local\Adobe
2014-10-07 13:50 - 2014-09-02 09:45 - 00000906 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-10-07 12:18 - 2009-07-13 20:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-07 12:18 - 2009-07-13 20:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-07 12:16 - 2009-07-13 21:13 - 00783360 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-07 12:11 - 2014-02-10 09:23 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-10-07 12:11 - 2013-11-26 07:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-07 12:11 - 2013-04-21 14:22 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-10-07 12:11 - 2012-07-13 12:51 - 00000000 ____D () C:\ProgramData\PDFC
2014-10-07 12:11 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-07 12:11 - 2009-07-13 20:51 - 00100891 _____ () C:\Windows\setupact.log
2014-10-07 12:10 - 2013-05-04 15:38 - 00000000 ____D () C:\Users\Creechling\AppData\Roaming\SoftGrid Client
2014-10-07 12:10 - 2013-02-23 06:32 - 01415519 _____ () C:\Windows\WindowsUpdate.log
2014-10-07 11:09 - 2013-04-21 14:22 - 00001161 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-10-07 11:09 - 2013-04-21 14:22 - 00001149 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-10-07 11:06 - 2009-07-13 19:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-10-07 09:13 - 2013-02-23 07:40 - 00003934 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{E4A45156-4B54-4681-ABD3-11B8F3D496DA}
2014-10-07 08:57 - 2013-09-06 11:50 - 00000000 ____D () C:\Users\Creechling\.android
2014-10-06 19:39 - 2013-04-17 14:11 - 00000000 ____D () C:\Users\Creechling\AppData\Local\CrashDumps
2014-10-06 16:28 - 2009-07-13 19:20 - 00000000 __RHD () C:\Users\Default
2014-10-06 12:45 - 2009-07-13 18:34 - 00000215 _____ () C:\Windows\system.ini
2014-10-06 12:43 - 2014-09-02 09:46 - 00002254 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-10-06 10:54 - 2013-12-27 06:21 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-10-06 08:58 - 2013-12-01 11:02 - 00000352 _____ () C:\Windows\Tasks\HPCeeScheduleForCreechling.job
2014-10-06 08:58 - 2009-07-13 21:32 - 00000000 ____D () C:\Windows\addins
2014-10-06 08:56 - 2013-02-23 07:41 - 00000000 ____D () C:\Users\Creechling\AppData\Roaming\Adobe
2014-10-05 09:55 - 2013-12-01 11:02 - 00003216 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForCreechling
2014-10-05 09:55 - 2013-04-08 16:15 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-10-05 09:55 - 2013-02-24 10:03 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-10-04 14:10 - 2013-05-10 21:32 - 00000132 _____ () C:\Users\Creechling\AppData\Roaming\Adobe PNG Format CS6 Prefs
2014-10-04 06:41 - 2014-07-11 09:15 - 12532384 _____ () C:\Users\Creechling\Desktop\ruka dreads.psd
2014-10-04 06:21 - 2014-09-03 10:05 - 135813784 _____ () C:\Users\Creechling\Desktop\katieDan_KingQueen.psd
2014-10-04 05:14 - 2013-07-23 12:53 - 00000000 ____D () C:\Users\Creechling\Desktop\PS
2014-10-04 05:13 - 2013-06-13 11:58 - 00000000 ____D () C:\Users\Creechling\Desktop\New folder
2014-10-03 10:43 - 2013-02-23 06:32 - 00000000 ____D () C:\Users\Creechling
2014-10-03 06:13 - 2014-09-02 09:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-10-03 06:13 - 2014-03-23 18:18 - 00000000 ____D () C:\ProgramData\paltiosoft
2014-10-03 06:13 - 2014-01-17 03:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lazy Nezumi Pro
2014-10-03 06:13 - 2014-01-17 03:29 - 00000000 ____D () C:\Program Files (x86)\Lazy Nezumi Pro
2014-10-03 06:13 - 2013-04-17 09:26 - 00000000 ____D () C:\Users\Creechling\AppData\Roaming\Azureus
2014-10-03 06:13 - 2013-02-23 07:51 - 00000000 ____D () C:\ProgramData\PMB Files
2014-10-03 06:13 - 2013-02-23 07:36 - 00000000 ____D () C:\Users\Creechling\AppData\Local\VirtualStore
2014-10-03 06:13 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\registration
2014-10-03 02:50 - 2014-09-05 11:00 - 00000000 ____D () C:\Users\Creechling\AppData\Local\LogiShrd
2014-10-03 02:50 - 2014-09-05 10:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2014-10-03 02:50 - 2014-09-05 10:58 - 00000000 ____D () C:\Program Files (x86)\Logitech
2014-09-30 18:29 - 2014-03-01 15:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
2014-09-28 21:07 - 2014-04-13 13:44 - 00000000 ____D () C:\Users\Creechling\AppData\Roaming\vlc
2014-09-28 19:37 - 2014-08-09 09:51 - 08258847 _____ () C:\Users\Creechling\Desktop\Evan-Recovered.psd
2014-09-27 10:54 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-26 13:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2014-09-26 03:46 - 2009-07-13 19:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-09-26 03:43 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-09-26 03:41 - 2013-04-25 09:00 - 00000000 ____D () C:\ProgramData\Razer
2014-09-25 11:42 - 2011-02-11 09:15 - 00767036 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-25 11:41 - 2014-01-17 02:36 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-25 11:37 - 2014-01-17 02:36 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-25 11:36 - 2014-05-07 03:02 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-22 09:14 - 2013-08-05 10:51 - 00000000 ____D () C:\Users\Creechling\AppData\Local\Procaster
2014-09-19 03:52 - 2013-07-23 12:54 - 00000000 ____D () C:\Users\Creechling\Desktop\Images
2014-09-19 02:57 - 2013-10-13 10:14 - 00001456 _____ () C:\Users\Creechling\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-09-17 19:03 - 2014-04-18 07:40 - 00001033 _____ () C:\Users\Creechling\Desktop\Dropbox.lnk
2014-09-17 19:03 - 2014-04-18 05:59 - 00000000 ____D () C:\Users\Creechling\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-09-15 09:06 - 2010-11-20 19:27 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-08 12:11 - 2014-01-17 03:29 - 00000000 ____D () C:\Users\Creechling\AppData\Local\Lazy Nezumi Pro
ZeroAccess:
C:\Users\Creechling\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install
 
Some content of TEMP:
====================
C:\Users\Creechling\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplagpec.dll
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-06 00:59
 
==================== End Of Log ============================


#13 Jo*

Jo*

  • Malware Response Team
  • 3,417 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:14 AM

Posted 07 October 2014 - 05:46 PM

Hello creechling,

Reset browser settings:
https://support.google.com/chrome/answer/3296214?hl=en
Does this help?
 

***


Malwarebytes' Anti-Malware
If this program is already installed: Skip the installation and run only the scan!
Download and install: Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mb3-setup-1878.1878-3.5.1.2522.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
How to get logs: (Export log to save as txt)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.
(Copy to clipboard for pasting into forum replies or tickets)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

---


ESET Online Scanner

Connect any existing external hard drives and / or other removable media.

Note:
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.



If this program is already installed: Skip the installation and run only the scan!
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as MyEsetScan. Alternatively, look for report in C:\Program Files\ESET\ESET Online Scanner\log.txt. Include the contents of this report in your next reply.
  • Push the Back button.
  • Select Uninstall application on close check box and push esetFinish.png

---


How the computer is running now?


---


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#14 creechling

creechling
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Alaska
  • Local time:12:14 AM

Posted 09 October 2014 - 01:42 AM

It appears that the problem has been solved! I am no longer seeing any ads in any of my browsers.  

 

Mbam log:

 

Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 6.1.7601 Service Pack 1
 
10/8/2014 8:59:45 AM
mbam-log-2014-10-08 (08-59-45).txt
 
Scan type: Full Scan (C:\|D:\|Q:\|)
Objects scanned: 772545
Time elapsed: 1 hour(s), 56 minute(s), 43 second(s)
 
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0
 
Memory Processes Infected:
(No malicious items detected)
 
Memory Modules Infected:
(No malicious items detected)
 
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\egui.exe (Security.Hijack) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EKRN.exe (Security.Hijack) -> Delete on reboot.
 
Registry Values Infected:
(No malicious items detected)
 
Registry Data Items Infected:
(No malicious items detected)
 
Folders Infected:
(No malicious items detected)
 
Files Infected:
(No malicious items detected)
 
Eset Log:
 
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpghhlfbjmmjohhnonhjgpbjdlbnmapf\10.23.0.722_0\nativeMessaging\TBMessagingHost.exe a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpghhlfbjmmjohhnonhjgpbjdlbnmapf\10.26.4.512_0\nativeMessaging\TBMessagingHost.exe a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpghhlfbjmmjohhnonhjgpbjdlbnmapf\10.26.4.512_1\nativeMessaging\TBMessagingHost.exe a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpghhlfbjmmjohhnonhjgpbjdlbnmapf\10.26.7.519_0\nativeMessaging\TBMessagingHost.exe a variant of Win32/Toolbar.Conduit.AH potentially unwanted application
C:\AdwCleaner\Quarantine\C\Windows\System32\roboot64.exe.vir a variant of Win64/Systweak.A potentially unwanted application deleted - quarantined
C:\Program Files (x86)\Techsnab\Chrome Launcher\chrome-links.exe a variant of Win32/Techsnab.A potentially unwanted application deleted - quarantined
C:\Program Files (x86)\Techsnab\Chrome Launcher\chromelauncher.dll a variant of Win32/Techsnab.A potentially unwanted application deleted - quarantined
C:\Program Files (x86)\Techsnab\Chrome Launcher\chromelauncher.exe a variant of Win32/Techsnab.A potentially unwanted application deleted - quarantined
C:\Program Files (x86)\Techsnab\Chrome Launcher\chromelauncherx64.dll a variant of Win32/Techsnab.A potentially unwanted application deleted - quarantined
C:\Program Files (x86)\Techsnab\Chrome Launcher\chromelauncherx64.exe a variant of Win32/Techsnab.A potentially unwanted application deleted - quarantined
C:\Program Files (x86)\Techsnab\Chrome Launcher\tasks.dll a variant of Win32/Techsnab.A potentially unwanted application deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpghhlfbjmmjohhnonhjgpbjdlbnmapf\10.23.0.722_0\nativeMessaging\TBMessagingHost.exe a variant of Win32/Toolbar.Conduit.AH potentially unwanted application deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpghhlfbjmmjohhnonhjgpbjdlbnmapf\10.26.4.512_0\nativeMessaging\TBMessagingHost.exe a variant of Win32/Toolbar.Conduit.AH potentially unwanted application deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpghhlfbjmmjohhnonhjgpbjdlbnmapf\10.26.4.512_1\nativeMessaging\TBMessagingHost.exe a variant of Win32/Toolbar.Conduit.AH potentially unwanted application deleted - quarantined
C:\Windows\System32\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpghhlfbjmmjohhnonhjgpbjdlbnmapf\10.26.7.519_0\nativeMessaging\TBMessagingHost.exe a variant of Win32/Toolbar.Conduit.AH potentially unwanted application deleted - quarantined
 

I would like to note this will be my last post until October 14, 2014 as I'm leaving on a trip for a wedding in another part of the country and the issue in question is on my desktop. If you think there are any more tests to be run just to be sure It will be a few days time for me to run them. 



#15 Jo*

Jo*

  • Malware Response Team
  • 3,417 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:14 AM

Posted 12 October 2014 - 05:14 AM

Hello creechling,
 

***


Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad.
Save it in the same location as / FSRT / FSRT64 (usually your desktop) as fixlist.txt

 
start
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpghhlfbjmmjohhnonhjgpbjdlbnmapf\10.23.0.722_0\nativeMessaging\TBMessagingHost.exe
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpghhlfbjmmjohhnonhjgpbjdlbnmapf\10.26.4.512_0\nativeMessaging\TBMessagingHost.exe
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpghhlfbjmmjohhnonhjgpbjdlbnmapf\10.26.4.512_1\nativeMessaging\TBMessagingHost.exe
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpghhlfbjmmjohhnonhjgpbjdlbnmapf\10.26.7.519_0\nativeMessaging\TBMessagingHost.exe
end


NOTICE: This script was written specifically for this user, for use on that particular machine.
Running this on another machine may cause damage to your operating system


Run FRST / FSRT64 again like we did before but this time press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.


***


Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users