Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fake Google Chrome.....


  • This topic is locked This topic is locked
14 replies to this topic

#1 smoth1

smoth1

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:36 AM

Posted 08 October 2014 - 01:30 PM

Hello,

 

In my Windows task manager, I have  multiples file labeled " Dcvdpgzxc". It is listed as Google Chrome in the description and it is location is AppData/localLow/ Adobe. Please help me get rid of it

 

 

 

EDIT: I forget to mention this is the second time, this has happen on the same computer. I had it once, I rebooted the computer, then deleted the location it was in " AppData/LocalLow/* (it was located somewhere else before).


Edited by smoth1, 08 October 2014 - 01:51 PM.


BC AdBot (Login to Remove)

 


m

#2 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,015 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:06:36 AM

Posted 08 October 2014 - 01:48 PM

Greetings and :welcome: to BleepingComputer,
My name is xXToffeeXx, but feel free to call me Toffee if it is easier for you. I will be helping you with your malware problems.
 
A few points to cover before we start:

  • Do not run any tools without being instructed to as this makes my job much harder in trying to figure out what you have done.
  • Make sure to read my instructions fully before attempting a step.
  • If you have problems or questions with any of the steps, feel free to ask me. I will be happy to answer any questions you have.
  • Please follow the topic by clicking on the "Follow this topic" button, and make sure a tick is in the "receive notifications" and is set to "Instantly". Any replies should be made in this topic by clicking the "Reply to this topic" button.
  • Important information in my posts will often be in bold, make sure to take note of these.
  • I will attempt to reply as soon as possible, and normally within 24 hours of your reply. If this is not possible or I have a delay then I will let you know.
  • I will bump a topic after 3 days of no activity, and then will give you another 2 days to reply before a topic is closed. If you need more time than this please let me know.
  • Lets get going now :thumbup2:

==========================
 
Hi smoth1,
 
Please download Farbar Recovery Scan Tool and save it to your Desktop.
 
Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.

Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.
 
--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • FRST.txt
  • Addition.txt

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#3 smoth1

smoth1
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:36 AM

Posted 08 October 2014 - 02:00 PM

FRST

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-10-2014 01
Ran by Davis (administrator) on DAVIS-PC on 08-10-2014 13:53:02
Running from C:\Users\Davis\Downloads
Loaded Profiles: Davis & UpdatusUser (Available profiles: Davis & UpdatusUser)
Platform: Windows 7 Enterprise Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
() C:\Program Files (x86)\Expat Shield\bin\hsswd.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(VideoLAN) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
() C:\Users\Davis\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(Google Inc.) C:\Users\Davis\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\avmba.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\LogiAppBroker.exe
(Hola Networks Ltd.) C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\54qm1ytm.default\extensions\jid1-4P0kohSJxU1qGg@jetpack\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Google Inc.) C:\Users\Davis\AppData\LocalLow\Temp\Ceqlpayahzd\kyexgilmdqhj\Dcvdpgzc.exe
(Google Inc.) C:\Users\Davis\AppData\LocalLow\Temp\Ceqlpayahzd\kyexgilmdqhj\Dcvdpgzc.exe
(Google Inc.) C:\Users\Davis\AppData\LocalLow\Temp\Ceqlpayahzd\kyexgilmdqhj\Dcvdpgzc.exe
(Google Inc.) C:\Users\Davis\AppData\LocalLow\Temp\Ceqlpayahzd\kyexgilmdqhj\Dcvdpgzc.exe
(Google Inc.) C:\Users\Davis\AppData\LocalLow\Temp\Ceqlpayahzd\kyexgilmdqhj\Dcvdpgzc.exe
(Google Inc.) C:\Users\Davis\AppData\LocalLow\Temp\Ceqlpayahzd\kyexgilmdqhj\Dcvdpgzc.exe
(Google Inc.) C:\Users\Davis\AppData\LocalLow\Temp\Ceqlpayahzd\kyexgilmdqhj\Dcvdpgzc.exe
(Google Inc.) C:\Users\Davis\AppData\LocalLow\Temp\Ceqlpayahzd\kyexgilmdqhj\Dcvdpgzc.exe
(Microsoft Corporation) C:\Windows\System32\wbem\WMIADAP.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Google Inc.) C:\Users\Davis\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Davis\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Davis\AppData\Local\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre6\bin\jusched.exe [170496 2009-11-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1281512 2013-01-27] (Microsoft Corporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] => C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [429392 2010-01-07] (Malwarebytes Corporation)
HKLM-x32\...\Run: [conhost] => C:\Users\Davis\AppData\Roaming\Microsoft\conhost.exe
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-1390287032-106715065-4098289439-1001\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-1390287032-106715065-4098289439-1001\...\Run: [MusicManager] => C:\Users\Davis\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7631872 2014-07-22] (Google Inc.)
HKU\S-1-5-21-1390287032-106715065-4098289439-1001\...\Run: [Google Update] => C:\Users\Davis\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-02-05] (Google Inc.)
HKU\S-1-5-21-1390287032-106715065-4098289439-1001\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [4419720 2014-04-09] (Plex, Inc.)
HKU\S-1-5-21-1390287032-106715065-4098289439-1001\...\Run: [Knwbfltez] => regsvr32.exe /s "C:\Users\Davis\AppData\Local\ApplicationHistory\Knwbfltez.dll" <===== ATTENTION
HKU\S-1-5-21-1390287032-106715065-4098289439-1001\...\CurrentVersion\Windows: [Load] C:\Users\Davis\AppData\Local <===== ATTENTION
HKU\S-1-5-21-1390287032-106715065-4098289439-1001\...\MountPoints2: N - N:\LaunchU3.exe -a
HKU\S-1-5-21-1390287032-106715065-4098289439-1001\...\MountPoints2: {4dcfc541-cd85-11de-aa93-cdf9e890c269} - M:\LaunchU3.exe -a
HKU\S-1-5-21-1390287032-106715065-4098289439-1001\...\MountPoints2: {91e6c062-4b92-11df-8482-08002700c067} - O:\LaunchU3.exe -a
HKU\S-1-5-21-1390287032-106715065-4098289439-1001\...\MountPoints2: {91e6c06d-4b92-11df-8482-08002700c067} - N:\LaunchU3.exe -a
HKU\S-1-5-21-1390287032-106715065-4098289439-1001\...\Winlogon: [Shell] explorer.exe, <==== ATTENTION
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VLC media player.lnk
ShortcutTarget: VLC media player.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: 95.52.125.17:80
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x5E251E11C5F1CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://search.yahoo.com/?type=711278&fr=sp_tr_ie
URLSearchHook: HKCU - (No Name) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - No File
URLSearchHook: HKCU - (No Name) - {687578b9-7132-4a7a-80e4-30ee31099e03} - No File
SearchScopes: HKLM-x32 - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253
SearchScopes: HKCU - {3F5FC2EA-A2BD-47C3-80E8-8360C1E4F423} URL = https://search.yahoo.com/search?fr=sp_tr_ie&ei=utf-8&ilc=12&type=711278&p={searchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253
SearchScopes: HKCU - {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C} URL = http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Expat Shield Class -> {3706EE7C-3CAD-445D-8A43-03EBC3B75908} -> C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE_64.dll (AnchorFree Inc.)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: Expat Shield Class -> {3706EE7C-3CAD-445D-8A43-03EBC3B75908} -> C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE.dll (AnchorFree Inc.)
BHO-x32: No Name -> {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} ->  No File
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKCU - No Name - {51A86BB3-6602-4C85-92A5-130EE4864F13} -  No File
Toolbar: HKCU - No Name - {687578B9-7132-4A7A-80E4-30EE31099E03} -  No File
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: HKLM-x32 {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15112/CTPID.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\54qm1ytm.default
FF NewTab: google.com
FF Homepage: https://www.google.com/
FF NetworkProxy: "http", "128.208.4.99"
FF NetworkProxy: "http_port", 3128
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Davis\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Davis\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF user.js: detected! => C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\54qm1ytm.default\user.js
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npOGAPlugin.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\54qm1ytm.default\searchplugins\beeradvocate---respect-beer.xml
FF SearchPlugin: C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\54qm1ytm.default\searchplugins\clip.xml
FF SearchPlugin: C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\54qm1ytm.default\searchplugins\demonoid-torrent-pool.xml
FF SearchPlugin: C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\54qm1ytm.default\searchplugins\dictionarycom.xml
FF SearchPlugin: C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\54qm1ytm.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\54qm1ytm.default\searchplugins\monovaorg--download-movies-tv-music-software-games-anime--ad.xml
FF SearchPlugin: C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\54qm1ytm.default\searchplugins\mozilla-add-ons.xml
FF SearchPlugin: C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\54qm1ytm.default\searchplugins\neweggcom---computer-parts-pc-components-laptop-computers-di.xml
FF SearchPlugin: C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\54qm1ytm.default\searchplugins\nutritiondata.xml
FF SearchPlugin: C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\54qm1ytm.default\searchplugins\scrapetorrent.xml
FF SearchPlugin: C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\54qm1ytm.default\searchplugins\the-internet-movie-database-imdb-.xml
FF SearchPlugin: C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\54qm1ytm.default\searchplugins\tube.xml
FF SearchPlugin: C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\54qm1ytm.default\searchplugins\tvtorrents.xml
FF SearchPlugin: C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\54qm1ytm.default\searchplugins\urban-dictionary.xml
FF SearchPlugin: C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\54qm1ytm.default\searchplugins\yahoo_ff.xml
FF SearchPlugin: C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\54qm1ytm.default\searchplugins\youtube-video-search.xml
FF Extension: Hola Better Internet - C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\54qm1ytm.default\Extensions\jid1-4P0kohSJxU1qGg@jetpack [2014-10-08]
FF Extension: NetVideoHunter - C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\54qm1ytm.default\Extensions\netvideohunter@netvideohunter.com [2014-07-29]
FF Extension: TinEye Reverse Image Search - C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\54qm1ytm.default\Extensions\tineye@ideeinc.com [2011-03-05]
FF Extension: Tab Preview - C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\54qm1ytm.default\Extensions\{1de0de3c-0b5c-4f67-90c6-689623894991} [2009-11-09]
FF Extension: Unhide Passwords - C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\54qm1ytm.default\Extensions\{2e17e2b2-b8d4-4a67-8d7b-fafa6cc9d1d0} [2012-04-29]
FF Extension: Linkification - C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\54qm1ytm.default\Extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a} [2010-02-28]
FF Extension: DownloadHelper - C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\54qm1ytm.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-06]
FF Extension: Add to Search Bar - C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\54qm1ytm.default\Extensions\add-to-searchbox@maltekraus.de.xpi [2013-11-06]
FF Extension: Exif Viewer - C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\54qm1ytm.default\Extensions\exif_viewer@mozilla.doslash.org.xpi [2011-06-17]
FF Extension: Ghostery - C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\54qm1ytm.default\Extensions\firefox@ghostery.com.xpi [2014-08-19]
FF Extension: Sort Tabs - C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\54qm1ytm.default\Extensions\sort-tabs@erikvold.com.xpi [2011-10-30]
FF Extension: Session Manager - C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\54qm1ytm.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2011-07-16]
FF Extension: Unhide Passwords - C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\54qm1ytm.default\Extensions\{2e17e2b2-b8d4-4a67-8d7b-fafa6cc9d1d0}.xpi [2011-05-07]
FF Extension: Track Package - C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\54qm1ytm.default\Extensions\{3f669128-5ad3-4053-ad9b-1afc4ea24c28}.xpi [2012-11-18]
FF Extension: NoScript - C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\54qm1ytm.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-04-01]
FF Extension: Page Title Eraser - C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\54qm1ytm.default\Extensions\{791DB184-BFBA-11DA-9C61-0638DF403F48}.xpi [2011-03-31]
FF Extension: Unlinker - C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\54qm1ytm.default\Extensions\{8ed952a0-199c-11d9-9669-0800200c9a66}.xpi [2012-11-28]
FF Extension: Download YouTube Videos as MP4 - C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\54qm1ytm.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2013-07-24]
FF Extension: Adblock Plus - C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\54qm1ytm.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-04-07]
FF Extension: Tab Mix Plus - C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\54qm1ytm.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2011-05-11]
FF Extension: Greasemonkey - C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\54qm1ytm.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-08-24]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-09-22]

Chrome:
=======
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Davis\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Davis\AppData\Local\Google\Chrome\Application\37.0.2062.124\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Davis\AppData\Local\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Davis\AppData\Local\Google\Chrome\Application\37.0.2062.124\pdf.dll ()
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Windows Genuine Advantage) - C:\Program Files (x86)\Mozilla Firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)
CHR Plugin: (Office Genuine Advantage) - C:\Program Files (x86)\Mozilla Firefox\plugins\npOGAPlugin.dll (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2013) - C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll No File
CHR Plugin: (Java™ Platform SE 6 U26) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Plugin: (Microsoft Office 2013) - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Google Update) - C:\Users\Davis\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Profile: C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (Proxy Switchy!) - C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\caehdcpeofiiigpdhbabniblemipncjj [2011-04-07]
CHR Extension: (Adblock Plus) - C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-09-08]
CHR Extension: (Google Wallet) - C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29]
CHR Extension: (ScriptSafe) - C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf [2014-09-08]
CHR HKLM-x32\...\Chrome\Extension: [acaoakiamfeidcmgooclgeleejkbaecf] - C:\Program Files (x86)\WinToFlash Suggestor\WinToFlashSuggestor.crx []
CHR HKLM-x32\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\Davis\AppData\Local\Temp\ccex.crx []
CHR StartMenuInternet: Google Chrome - C:\Users\Davis\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [15768 2010-02-02] (Microsoft Corporation)
R2 ExpatWd; C:\Program Files (x86)\Expat Shield\bin\hsswd.exe [326704 2010-10-15] () [File not signed]
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [236368 2010-01-07] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [22056 2013-01-27] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [379360 2013-01-27] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 VLC media player; C:\Program Files (x86)\VideoLAN\VLC\vlc.exe [126995 2014-02-04] (VideoLAN) [File not signed]
S3 KiesAllShare; C:\Program Files (x86)\Samsung\Kies\WiselinkPro\WiselinkPro.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [138280 2012-03-02] (Broadcom Corporation.)
S3 dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [20552 2010-10-25] (Devguru Co., Ltd)
S3 dgderdrv; C:\Windows\SysWOW64\drivers\dgderdrv.sys [18120 2010-10-25] (Devguru Co., Ltd)
S3 Logi_Headset_DFU; C:\Windows\System32\Drivers\lhusbdfuamd64.sys [44136 2014-03-07] (CSR plc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22104 2010-01-07] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [230320 2013-01-20] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [130008 2013-01-20] (Microsoft Corporation)
R0 SI3112r; C:\Windows\System32\DRIVERS\SI3112r.sys [133160 2007-12-26] (Silicon Image, Inc)
R0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [22056 2007-12-26] (Silicon Image, Inc)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-06] (Anchorfree Inc.)
S3 Jukebox3_x64; system32\DRIVERS\ctpdusbx.sys [X]
S3 pbfilter; \??\C:\Users\Davis\AppData\Local\Temp\Rar$EX00.890\pbfilter.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
S3 sxuptp; system32\DRIVERS\sxuptp.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-08 13:12 - 2014-10-08 13:17 - 00073666 _____ () C:\Users\Davis\Downloads\Addition.txt
2014-10-08 13:11 - 2014-10-08 13:53 - 00029640 _____ () C:\Users\Davis\Downloads\FRST.txt
2014-10-08 13:11 - 2014-10-08 13:53 - 00000000 ____D () C:\FRST
2014-10-08 13:10 - 2014-10-08 13:10 - 02109952 _____ (Farbar) C:\Users\Davis\Downloads\FRST64.exe
2014-10-03 10:56 - 2014-10-03 11:15 - 2095139904 _____ () C:\Users\Davis\Downloads\WEC 2014. 4 round - 6 hours of COTA. Race. Part 3. HD.mp4
2014-10-02 15:39 - 2014-10-02 15:52 - 1764131949 _____ () C:\Users\Davis\Downloads\WEC 2014. 4 round - 6 hours of COTA. Race. Part 2. HD.mp4
2014-10-02 13:52 - 2014-10-02 14:07 - 1986413369 _____ () C:\Users\Davis\Downloads\WEC 2014. 4 round - 6 hours of COTA. Race. Part 1. HD.mp4
2014-09-30 12:01 - 2014-09-30 13:49 - 132751784 _____ () C:\Users\Davis\Downloads\kori_love_and_gemmamarie_-_dual_hitachi.mp4
2014-09-25 15:18 - 2014-09-25 16:06 - 1196079952 _____ () C:\Users\Davis\Downloads\TheFappening_Part2.zip
2014-09-22 23:58 - 2014-09-22 23:58 - 00287220 _____ () C:\Users\Davis\Downloads\KeyTweak_install.exe
2014-09-22 23:58 - 2014-09-22 23:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyTweak
2014-09-22 23:56 - 2014-09-22 23:56 - 00486400 _____ () C:\Users\Davis\Downloads\sharpkeys35.msi
2014-09-22 15:32 - 2014-09-22 15:33 - 03677488 _____ (Logitech Inc.) C:\Users\Davis\Downloads\SetPoint6.65.62_smart.exe
2014-09-22 13:53 - 2014-09-22 13:53 - 07458816 _____ () C:\Users\Davis\Downloads\pdfedit-20140526_1531.msi
2014-09-08 11:35 - 2014-09-08 11:35 - 00000000 ____D () C:\Users\Davis\Downloads\Kylie Minogue Fully Nude from her book
2014-09-08 11:35 - 2014-09-08 11:35 - 00000000 ____D () C:\Users\Davis\Downloads\Kylie Minogue Fully Nude from her book
2014-09-08 11:33 - 2014-09-08 11:34 - 08136374 _____ () C:\Users\Davis\Downloads\Kylie Minogue Fully Nude from her book.zip

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-08 13:53 - 2009-07-13 23:45 - 00015168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-08 13:53 - 2009-07-13 23:45 - 00015168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-08 13:52 - 2009-07-14 00:13 - 00799798 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-08 13:47 - 2013-03-07 19:21 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-10-08 13:46 - 2014-03-16 01:00 - 00036802 _____ () C:\Windows\setupact.log
2014-10-08 13:46 - 2009-11-22 21:02 - 00327090 _____ () C:\Windows\PFRO.log
2014-10-08 13:46 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-08 13:43 - 2009-11-09 16:18 - 01300442 _____ () C:\Windows\WindowsUpdate.log
2014-10-08 13:37 - 2010-01-21 21:52 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-10-08 13:37 - 2009-11-09 16:29 - 00000000 ____D () C:\ProgramData\Adobe
2014-10-08 13:21 - 2011-02-05 22:04 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1390287032-106715065-4098289439-1001UA.job
2014-10-08 13:17 - 2014-09-04 14:27 - 00000000 ____D () C:\Program Files (x86)\Glarysoft
2014-10-08 13:16 - 2010-01-26 19:28 - 00000000 ____D () C:\Users\Davis\AppData\Roaming\uTorrent
2014-10-08 12:55 - 2012-04-20 22:44 - 00000000 ____D () C:\Users\Davis\AppData\Roaming\vlc
2014-10-08 11:19 - 2009-11-09 16:45 - 00000326 _____ () C:\Windows\Tasks\Spybot - Search & Destroy Updater -  Scheduled Task.job
2014-10-08 07:19 - 2009-11-09 16:45 - 00000350 _____ () C:\Windows\Tasks\Spybot - Search & Destroy -  Scheduled Task.job
2014-10-08 02:00 - 2009-11-09 16:51 - 00000516 _____ () C:\Windows\Tasks\Malwarebytes' Scheduled Scan for Davis.job
2014-10-08 01:00 - 2009-11-09 16:51 - 00000502 _____ () C:\Windows\Tasks\Malwarebytes' Scheduled Update for Davis.job
2014-10-07 15:21 - 2011-02-05 22:04 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1390287032-106715065-4098289439-1001Core.job
2014-10-04 11:00 - 2010-01-02 15:48 - 00000426 _____ () C:\Windows\Tasks\Intel_C_CVPO940101AK080BGN.job
2014-10-02 23:35 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-01 22:29 - 2014-09-02 13:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-01 22:29 - 2012-04-29 12:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-24 17:26 - 2011-02-05 22:10 - 00002380 _____ () C:\Users\Davis\Desktop\Google Chrome.lnk
2014-09-22 23:53 - 2013-10-05 12:14 - 00007407 _____ () C:\Windows\LkmdfCoInst.log
2014-09-22 15:43 - 2013-11-13 09:04 - 00000000 ____D () C:\Program Files\Common Files\LogiShrd
2014-09-22 15:43 - 2009-11-09 23:20 - 00074080 _____ () C:\Windows\LDPINST.LOG
2014-09-22 15:42 - 2013-11-13 09:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2014-09-22 15:42 - 2013-10-05 12:14 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2014-09-22 15:42 - 2013-10-05 12:13 - 00000000 ____D () C:\ProgramData\Logishrd
2014-09-22 01:42 - 2009-11-09 16:44 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-08 14:12 - 2014-09-05 13:25 - 00000000 ____D () C:\Users\Davis\AppData\Roaming\DesktopIconForAmazon

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-05-19 11:39

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-10-2014 01
Ran by Davis at 2014-10-08 13:16:08
Running from C:\Users\Davis\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {3F839487-C7A2-C958-E30C-E2825BA31FB5}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {84E27563-E198-C6D6-D9BC-D9F020245508}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Absolute Uninstaller 5.3.1.17 (HKLM-x32\...\Absolute Uninstaller) (Version: 5.3.1.17 - Glarysoft Ltd)
Adobe AIR (x32 Version: 14.0.0.178 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.5 - Adobe Systems, Inc.)
BBCAViewer (HKLM-x32\...\BBCAViewer) (Version: 1.07 - UNKNOWN)
BBCAViewer (x32 Version: 1.07 - UNKNOWN) Hidden
BBViewer (HKLM-x32\...\BBViewer) (Version: 3.0 - UNKNOWN)
BBViewer (x32 Version: 3.0 - UNKNOWN) Hidden
Browser Extensions (HKCU\...\{3A787631-66A2-4634-B928-A37E73B58FB6}) (Version: 2.2 - Spigot, Inc.) <==== ATTENTION
CrystalDiskInfo 3.2.0 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 3.2.0 - Crystal Dew World)
CrystalDiskMark 2.2.0n (HKLM\...\CrystalDiskMark_is1) (Version: 2.2.0n - Crystal Dew World)
Data Lifeguard Diagnostic for Windows (HKLM-x32\...\{E40CE517-0D42-4198-96B4-C8232B257EB5}) (Version: 1.13 - Western Digital Corporation)
Easy Duplicate Finder v. 2.4.1 (HKLM-x32\...\Easy Duplicate Finder_is1) (Version:  - EasyDuplicateFinder.com)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
erLT (x32 Version: 1.20.0137 - Logitech, Inc.) Hidden
Google Chrome (HKCU\...\Google Chrome) (Version: 37.0.2062.124 - Google Inc.)
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version:  - )
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.0.0 - LIGHTNING UK!)
inSSIDer (HKLM-x32\...\{65A5E87D-7A3F-4819-807D-B86990D5F369}) (Version: 2.1.6 - MetaGeek)
Intel® Solid-State Drive Toolbox (HKLM-x32\...\{401AB74C-74DA-463B-B67A-01F972DD0BBA}) (Version: 2.01.000 - Intel)
Internet TV for Windows Media Center (HKLM-x32\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 3.2.1.0 - Microsoft Corporation)
ISO Creator 1.0 (HKLM-x32\...\{78D80EAF-1ADB-46A8-AF6F-EBB18B6ADBCE}) (Version: 1.0.0 - Bunny-Wabbit)
Java 7 Update 25 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417025FF}) (Version: 7.0.250 - Oracle)
Java Auto Updater (x32 Version: 2.0.5.1 - Sun Microsystems, Inc.) Hidden
Java SE Development Kit 7 Update 25 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170250}) (Version: 1.7.0.250 - Oracle)
Java™ 6 Update 12 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416012FF}) (Version: 6.0.120 - Sun Microsystems, Inc.)
Java™ 6 Update 26 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216017FF}) (Version: 6.0.260 - Sun Microsystems, Inc.)
Java™ SE Development Kit 7 Update 2 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170020}) (Version: 1.7.0.20 - Oracle)
JavaFX 2.0.2 (64-bit) (HKLM\...\{1111706F-666A-4037-7777-202648764D10}) (Version: 2.0.2 - Oracle Corporation)
JavaFX 2.0.2 SDK (64-bit) (HKLM\...\{2222706F-666A-4037-7777-202648764D10}) (Version: 2.0.2 - Oracle Corporation)
KeyTweak - Keyboard Remapper (remove only) (HKLM-x32\...\KeyTweak) (Version:  - )
Kies (HKLM-x32\...\InstallShield_{D6CD26FD-CD7F-4C86-96A3-EEBFABE5FE47}) (Version: 1.5.3 - Samsung Electronics Co., Ltd.)
Kies (x32 Version: 1.5.3 - Samsung Electronics Co., Ltd.) Hidden
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version:  - )
MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version:  - )
Malwarebytes' Anti-Malware (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version:  - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft)
Microsoft .NET Framework 4 Client Profile - Language Pack (ITA) (HKLM\...\Microsoft .NET Framework 4 Client Profile ITA Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile ITA Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Extended - Language Pack (ITA) (HKLM\...\Microsoft .NET Framework 4 Extended ITA Language Pack) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Extended ITA Language Pack (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Multi-Targeting Pack (x32 Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft Access MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Access Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft DCF MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Excel MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Exchange Web Services Managed API 2.1 (x32 Version: 15.0.847.30 - Microsoft Corporation) Hidden
Microsoft Groove MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (x32 Version: 2.1.21005 - Microsoft Corporation) Hidden
Microsoft Identity Extensions (Version: 2.0.1459.0 - Microsoft Corporation) Hidden
Microsoft InfoPath MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Lync MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.1.177.0 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (Version: 2.1.177.0 - Microsoft Corporation) Hidden
Microsoft Office 32-bit Components 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office OSM MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office OSM UX MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4420.1017 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - English (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2013 - Español (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared 32-bit MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft OneNote MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Outlook MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft PowerPoint MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Publisher MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.2.0223.1 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.2.223.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{D411E9C9-CE62-4DBF-9D92-4CB22B750ED5}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{54C5041B-0E91-4E92-8417-AAA12493C790}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.30919.1) (HKLM-x32\...\{0D7FCBFB-F478-4D32-901C-83F0BF5A3501}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{A47FD1BF-A815-4A76-BE65-53A15BD5D25D}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{05FF8209-C4F1-4C77-BC28-791653156D20}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (HKLM-x32\...\{770657D0-A123-3C07-8E44-1C83EC895118}) (Version: 8.0.50727.4053 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (HKLM\...\{aac9fcc4-dd9e-4add-901c-b5496a07ab2e}) (Version: 8.0.51011 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (HKLM\...\{350AA351-21FA-3270-8B7A-835434E766AD}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.40820 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40825 - Microsoft Corporation) Hidden
Microsoft Web Deploy 3.5 (HKLM\...\{3674F088-9B90-473A-AAC3-20A00D8D810C}) (Version: 3.1237.1762 - Microsoft Corporation)
Microsoft Word MUI (English) 2013 (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
MozBackup 1.4.9 (HKLM-x32\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox (4.0b1) (HKLM-x32\...\Mozilla Firefox (4.0b1)) (Version: 4.0b1 (en-US) - Mozilla)
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MultiBit 0.5.8beta (HKLM-x32\...\MultiBit 0.5.8beta) (Version: 0.5.8beta - )
Music Manager (HKCU\...\MusicManager) (Version:  - Google, Inc.)
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
NoDrives Manager 1.1.3 (HKLM-x32\...\NoDrives Manager) (Version: 1.1.3 - Hagon)
NVIDIA Control Panel 307.83 (Version: 307.83 - NVIDIA Corporation) Hidden
NVIDIA Graphics Driver 307.83 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 307.83 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.109.706 - NVIDIA Corporation) Hidden
NVIDIA Update 1.10.8 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 1.10.8 - NVIDIA Corporation)
NVIDIA Update Components (Version: 1.10.8 - NVIDIA Corporation) Hidden
Open XML SDK 2.5 for Microsoft Office (x32 Version: 2.5.5631 - Microsoft Corporation) Hidden
ophcrack 3.4.0 (HKLM-x32\...\ophcrack) (Version: 3.4.0 - OS Objectif Sécurité SA)
Oracle VM VirtualBox 4.2.12 (HKLM\...\{0C1DE303-E41B-44BA-8ABA-B7F09D857001}) (Version: 4.2.12 - Oracle Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4420.1017 - Microsoft Corporation) Hidden
Pandora (HKLM-x32\...\com.pandora.desktop.FB9956FD96E03239939108614098AD95535EE674.1) (Version: 2.0.5 - Pandora Media, Inc.)
Pandora (x32 Version: 2.0.5 - Pandora Media, Inc.) Hidden
Pdfedit (HKLM-x32\...\{6C11089A-E23F-4E9B-B12C-316BF1A4376B}) (Version: 4.5.0.0 - PdfEdit team)
Plex Media Server (HKLM-x32\...\{bcb7db0e-500f-445b-8200-bdde7f3c7f08}) (Version: 0.9.910 - Plex, Inc.)
Plex Media Server (x32 Version: 0.9.910 - Plex, Inc.) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.4.8.0 - SAMSUNG Electronics Co., Ltd.)
Search Protection (HKCU\...\Search Protection) (Version: 9.7.0.6 - Spigot, Inc.) <==== ATTENTION
Secure Download Manager (HKLM-x32\...\{E040B65B-8683-4228-8C33-D44A141E40EA}) (Version: 3.1.60 - Kivuto Solutions Inc.)
SharePoint Client Components (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
SharePoint Client Components (Version: 16.0.2617.1200 - Microsoft Corporation) Hidden
SharpKeys (HKLM-x32\...\{636E94DA-99C0-448F-A931-3DAD83B4975F}) (Version: 3.5.0000 - RandyRants.com)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
SyncBack (HKLM-x32\...\SyncBack_is1) (Version:  - 2BrightSparks)
TeraCopy 2.01 (HKLM\...\TeraCopy_is1) (Version:  - Code Sector Inc.)
TreeSize Professional 5.2.2 (HKLM-x32\...\TreeSize Professional_is1) (Version:  - JAM Software)
TurboTax 2012 wlaiper (x32 Version: 012.000.1351 - Intuit Inc.) Hidden
UE MINI BOOM Update Assistant (HKLM-x32\...\{7B1DB96B-4D28-418A-AF3D-2A750B762B98}) (Version: 1.2.35 - Logitech, Inc.)
Update for  (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}) (Version: 8.0.0.35 - GRISOFT, s.r.o.)
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}) (Version: 4.1.62812.0 - Microsoft Corporation)
Windows 7 USB/DVD Download Tool (HKLM-x32\...\{CCF298AF-9CE1-4B26-B251-486E98A34789}) (Version: 1.0.30 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
WinRAR 4.11 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.11.0 - win.rar GmbH)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-1390287032-106715065-4098289439-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Davis\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-1390287032-106715065-4098289439-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Davis\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1390287032-106715065-4098289439-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Davis\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1390287032-106715065-4098289439-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Davis\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-1390287032-106715065-4098289439-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Davis\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points  =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-11-09 16:44 - 00350743 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1    www.007guard.com
127.0.0.1    007guard.com
127.0.0.1    008i.com
127.0.0.1    www.008k.com
127.0.0.1    008k.com
127.0.0.1    www.00hq.com
127.0.0.1    00hq.com
127.0.0.1    010402.com
127.0.0.1    www.032439.com
127.0.0.1    032439.com
127.0.0.1    www.0scan.com
127.0.0.1    0scan.com
127.0.0.1    www.1000gratisproben.com
127.0.0.1    1000gratisproben.com
127.0.0.1    www.1001namen.com
127.0.0.1    1001namen.com
127.0.0.1    100888290cs.com
127.0.0.1    www.100888290cs.com
127.0.0.1    100sexlinks.com
127.0.0.1    www.100sexlinks.com
127.0.0.1    10sek.com
127.0.0.1    www.10sek.com
127.0.0.1    www.1-2005-search.com
127.0.0.1    1-2005-search.com
127.0.0.1    123haustiereundmehr.com
127.0.0.1    www.123haustiereundmehr.com
127.0.0.1    123moviedownload.com
127.0.0.1    www.123moviedownload.com
127.0.0.1    123simsen.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0051366F-7339-4D16-B19F-DD7BE1CD6772} - System32\Tasks\{ACF0B451-419F-4835-ADF4-2382A83D627C} => M:\ff7.exe
Task: {021170BA-26B5-4C06-AC98-F6DB7DF383B5} - System32\Tasks\{FF5B6BD3-1E82-4F5F-ADEA-181659D8DB27} => C:\Users\Davis\Downloads\install_flash_player.exe
Task: {02F425A4-4D7B-4FAB-9B0E-346211251698} - System32\Tasks\{9ADBFEB0-A01C-4DA7-A9AF-D1F2138F7F9F} => C:\Users\Davis\Downloads\JB3MV2_PCWDRV_US_1_30_03.EXE [2010-08-19] ()
Task: {0304B178-426F-49B5-A2B5-7561B0E5CC7D} - System32\Tasks\{26269ADB-3170-40BF-8D36-96951FD95438} => C:\Program Files (x86)\uTorrent\uTorrent.exe [2012-04-13] (BitTorrent, Inc.)
Task: {05FE1B70-E757-4A0B-8967-EB1CEAD6C531} - System32\Tasks\{012B6AAA-7A64-4DD6-ADDE-ED03E39D7690} => C:\Users\Davis\Downloads\GlovePIE045Free\PIEFree.exe [2011-12-31] (Carl Kenner)
Task: {0766964F-F5A6-4317-98B5-B12D2BBA349D} - System32\Tasks\{EB1AABAF-DC51-4985-BD7F-5E63B3E00772} => C:\Users\Davis\Downloads\GlovePIE045Free\PIEFree.exe [2011-12-31] (Carl Kenner)
Task: {0E8D4BFF-98E2-4C71-9EE1-E4CCADDC87C1} - System32\Tasks\{C48A80D2-3C7F-4C88-BA72-52F711869272} => C:\Program Files (x86)\uTorrent\uTorrent.exe [2012-04-13] (BitTorrent, Inc.)
Task: {1303759F-161E-4E7B-B5C2-6CF77C6E8FDF} - System32\Tasks\{DA4EED45-CEF1-4272-AEB1-EACD61E782D1} => C:\Users\Davis\Downloads\PPJoySetup\Setup.exe [2003-08-10] ()
Task: {1D27FFD1-80D6-4C78-9526-3DF903B6EBF5} - System32\Tasks\{3B65D798-CB85-44A9-96BE-5B0B0A585F8D} => C:\Users\Davis\Downloads\JB3MV2_PCWDRV_US_2_01_00.EXE [2011-12-12] ()
Task: {2221BB6B-6EC6-4FD8-91CC-B46AF6A10950} - System32\Tasks\{9CFAF181-F731-4097-BF4C-44FCE352AC81} => C:\Users\Davis\Downloads\JukeboxDrivers(1).EXE [2011-12-12] ()
Task: {274F90E2-13D1-4403-A113-BD83AF06AA42} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1390287032-106715065-4098289439-1001UA => C:\Users\Davis\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-05] (Google Inc.)
Task: {28C20B9C-4CEC-49FD-AECF-35D07DAEAD05} - System32\Tasks\{FF904757-7FFC-4FB8-B127-BDD0695555C6} => C:\Users\Davis\Downloads\GlovePIE045Free\PIEFree.exe [2011-12-31] (Carl Kenner)
Task: {2CEFB36C-47D9-4C9B-9A16-8A1689AA04A3} - System32\Tasks\Intel_C_CVPO940101AK080BGN => C:\Program Files (x86)\Intel\Intel® Solid-State Drive Toolbox\Intel SSD Toolbox.exe [2010-10-18] (Intel Corporation)
Task: {2FB3373A-7FEC-4907-8F9E-C207A1BA80EE} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
Task: {2FD1C17E-0D0B-41F0-9238-DB767C8D3265} - System32\Tasks\Malwarebytes' Scheduled Scan for Davis => C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
Task: {30311061-782C-4E5C-96F1-EB34439743B8} - System32\Tasks\ghghssssssssssss => F:\Music\ANBERLIN - DISCOGRAPHY [CHANNEL NEO]\Anberlin - Never Take Friendship Personal\11 - Dance, Dance Christa Paffgen.mp3
Task: {30DF3E37-7340-492B-92A4-3275C2CA5530} - System32\Tasks\{28220C1A-FF90-45A4-AC10-A805AAC2AE7D} => C:\Users\Davis\Downloads\install_flash_player.exe
Task: {343332BA-D6E0-4312-B18D-A6EC7F88CA59} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {351DDE18-1398-41CF-ADD0-365E6F35EA6C} - System32\Tasks\{935D1EAB-E132-4F39-8346-831E3884DDD0} => M:\ff7.exe
Task: {3892B279-2418-4795-9A69-A018FB0AB717} - System32\Tasks\{5D1AAD80-CC62-480F-98B5-FD2A62F3D614} => C:\Program Files (x86)\MagicDisc\MagicDisc.exe [2009-02-23] (MagicISO, Inc.)
Task: {392F3858-AB37-438F-B5DF-9822AD279B81} - System32\Tasks\{CB589B1A-4800-44E4-8836-84A5105064D6} => C:\Users\Davis\Downloads\Drv_jb(1).exe [2011-12-12] ()
Task: {3FBCA773-BBD1-4C66-8DE8-1BB9018D9F7F} - System32\Tasks\{2062F47B-87D5-455A-8E7F-7E9FF9A36566} => C:\Users\Davis\Downloads\install_flash_player.exe
Task: {40C16F0A-0A24-45F3-BB34-5E9EE37235AC} - System32\Tasks\{012359CB-634C-4384-9514-479F921F8D36} => C:\Users\Davis\Downloads\JukeboxDrivers.EXE [2010-08-19] ()
Task: {42F9B299-2703-45CA-BA9E-69E9C98C17AF} - System32\Tasks\{A2D97609-A2A8-4892-93F2-071DD14772CF} => C:\Users\Davis\Downloads\ComboFix.exe
Task: {43278B53-B6B7-4DDA-91A8-7BC2F50A95A8} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-01-29] (Microsoft)
Task: {43B139A3-0186-4C9B-9646-3ACD4DABEDCD} - System32\Tasks\2BrightSparks\SyncBackPro\Davis-PC-Davis\SyncBackPro Group => C:\Program Files (x86)\2BrightSparks\SyncBackPro\SyncBackPro.exe [2009-10-27] (2BrightSparks Pte Ltd)
Task: {44449879-EBE0-40B8-9C06-27F2CFEA3F08} - System32\Tasks\{3220DBB6-FF80-4BC7-8CFC-266398CBD818} => C:\Users\Davis\Downloads\install_flash_player.exe
Task: {46037CE1-E0E4-4F98-B229-8DA18B0AF616} - System32\Tasks\{708D6A97-5E5A-429B-B222-2C189AD0A8CD} => C:\Users\Davis\Downloads\Drv_jb(1).exe [2011-12-12] ()
Task: {4E78EF4D-D030-4F4A-B895-453464D843F9} - System32\Tasks\{E7A1314F-3C80-4939-BA8E-8CB7262660AB} => C:\Users\Davis\Downloads\ComboFix.exe
Task: {4FB470E5-5A0C-42CE-8206-D12EBC9E6303} - System32\Tasks\{C28049B4-5154-4AF8-A09E-1D4BE625E3B6} => C:\Users\Davis\Downloads\PPJoySetup\Setup.exe [2003-08-10] ()
Task: {513E0A54-1FE0-491F-8E33-6F663B349D5C} - System32\Tasks\{492A5AB1-FCBE-47FC-9640-C5C554A4C6D1} => C:\Users\Davis\Downloads\GlovePIE045Free\PIEFree.exe [2011-12-31] (Carl Kenner)
Task: {5147F6AA-B0ED-410F-B2BF-21C3BE523890} - System32\Tasks\{CB9949C2-0D40-4AFF-809A-11D9EA5E4D4D} => C:\Users\Davis\Downloads\JukeboxDrivers(1).EXE [2011-12-12] ()
Task: {51FF257F-A9C0-463E-9259-FCFB0635E455} - System32\Tasks\{1A4F07EB-5C8E-427F-8E47-78421D60B6B0} => C:\Program Files (x86)\uTorrent\uTorrent.exe [2012-04-13] (BitTorrent, Inc.)
Task: {5385F303-6639-46C8-8E79-7590426E4BB2} - System32\Tasks\{03F57B8C-93B8-4431-9B61-7392E23FB113} => C:\Users\Davis\Downloads\JukeboxDrivers.EXE [2010-08-19] ()
Task: {54610AD2-E388-4A4C-8005-C8991D6F613E} - System32\Tasks\{C7A1259C-8733-4FB0-A5FB-2251D7A2544F} => C:\Users\Davis\Downloads\av2010.exe [2010-01-19] ()
Task: {5A37144E-A37F-442B-A767-A6F8A2534E0E} - System32\Tasks\{072BAF9A-3639-4DB6-AD20-A9A19EEED722} => C:\Program Files (x86)\uTorrent\uTorrent.exe [2012-04-13] (BitTorrent, Inc.)
Task: {5C75F3D0-0694-42C8-9BD7-E0A97E27DD6A} - System32\Tasks\{95A02BAD-DE09-4C32-B379-6986C89CB310} => C:\Users\Davis\Downloads\gc_w01_ENU_NB.exe
Task: {5D30A64D-312D-43AD-87A2-36DB3D340AE8} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2012-10-01] (Microsoft Corporation)
Task: {5F3883E6-E448-49E8-BAB8-2A6046C59440} - System32\Tasks\{0C73877E-828D-4FA5-BB42-7D5079C65B0A} => C:\Program Files (x86)\MagicDisc\MagicDisc.exe [2009-02-23] (MagicISO, Inc.)
Task: {6078C1EF-967F-4FE9-92BE-4FA524161B4A} - System32\Tasks\{90B095E0-4320-4143-A247-F8A83198B283} => C:\Users\Davis\Downloads\gc_w01_ENU_NB.exe
Task: {6410870D-4904-48B6-9EA3-84184E54C319} - System32\Tasks\{FCFAA45E-650D-4092-823A-F2E2146EAE0F} => C:\Users\Davis\Downloads\JukeboxDrivers(1).EXE [2011-12-12] ()
Task: {65745F35-883A-433F-BA01-D8D2C3F3F85F} - System32\Tasks\{11B0584F-F225-4387-91FE-F9F5BC6C90C7} => C:\Users\Davis\Downloads\JB3MV2_PCWDRV_US_1_30_03.EXE [2010-08-19] ()
Task: {669AB253-E298-483A-8C91-29E3549D5C22} - System32\Tasks\{9E9E76A4-32C1-401F-B57D-8246EAADBF02} => C:\Program Files (x86)\uTorrent\uTorrent.exe [2012-04-13] (BitTorrent, Inc.)
Task: {67EF98D3-AE46-43BB-8564-CA21E2B90FC6} - System32\Tasks\{896664B9-44E0-48ED-97D3-83DEF697CAA2} => C:\Users\Davis\Downloads\GlovePIE045Free\PIEFree.exe [2011-12-31] (Carl Kenner)
Task: {6DEFE395-8700-4D4B-A40C-3555F3DFE1A8} - System32\Tasks\Amazon Music Helper => C:\Users\Davis\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe [2013-10-22] ()
Task: {6EFA3550-6B17-4D01-A3F3-34D34B9D94F0} - System32\Tasks\{F5AB01E1-4139-4A31-9707-6DB0D9B5D610} => C:\Users\Davis\Downloads\gc_w01_ENU_NB.exe
Task: {6F554225-A09E-45BA-AB13-B573F4CE560E} - System32\Tasks\{0B96FF45-701D-488D-B37A-67D392A7DC06} => C:\Users\Davis\Downloads\gc_w01_ENU_NB.exe
Task: {6FC14DE7-3B22-4CA9-A17F-7EF9AE0EF226} - System32\Tasks\{A5818B46-8EE6-4EF9-9E7B-2269D13F495D} => C:\Users\Davis\Downloads\GlovePIE045Free\PIEFree.exe [2011-12-31] (Carl Kenner)
Task: {707ECE1F-B3E8-480D-8ADC-9E7AF799340B} - System32\Tasks\{702D76BD-3345-448E-83A1-6109C4243F61} => C:\Users\Davis\Downloads\Drv_jb(1).exe [2011-12-12] ()
Task: {71507900-8232-4C9B-A48E-B58FDC8C1051} - System32\Tasks\{C0744C96-955B-4386-BBDA-F701CF0BC5A3} => C:\Program Files (x86)\uTorrent\uTorrent.exe [2012-04-13] (BitTorrent, Inc.)
Task: {72924481-6705-4E8A-8472-ADABD5676C27} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => C:\Program Files\Microsoft Device Center\devicecenter.exe
Task: {73FFE1D4-9966-4AB2-8B2C-B4DA95EE621F} - System32\Tasks\{E37AF68B-6745-4C43-85FE-DE05D15E62FC} => C:\Users\Davis\Downloads\JB3MV2_PCWDRV_US_1_30_03.EXE [2010-08-19] ()
Task: {7FF3D8F7-2909-4A85-A6F0-B3C2C0F176CB} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2012-10-01] (Microsoft Corporation)
Task: {803FDCB9-2A1F-47C2-AF26-43F721E233B1} - System32\Tasks\{3ABD3AC1-B4D4-42D6-AC44-D94F2D76C681} => C:\Users\Davis\Downloads\GlovePIE045Free\PIEFree.exe [2011-12-31] (Carl Kenner)
Task: {80EC391E-B576-4EF2-8B13-0875E8106055} - System32\Tasks\{B9EBDD54-0060-4EBD-98A8-6571E29C4860} => C:\Users\Davis\Downloads\PPJoySetup\Setup.exe [2003-08-10] ()
Task: {83C3DD9D-0EDF-49CF-819D-BCDAE1FA4DCB} - System32\Tasks\{9045115D-990D-4F88-A834-79379FA2AC15} => C:\Program Files (x86)\uTorrent\uTorrent.exe [2012-04-13] (BitTorrent, Inc.)
Task: {83E23298-C709-4315-AD78-1733F9566B4E} - System32\Tasks\{E5C0A85E-FF9A-45BF-9B11-4DE77B52318D} => C:\Program Files (x86)\uTorrent\uTorrent.exe [2012-04-13] (BitTorrent, Inc.)
Task: {8476C14F-F314-439E-B674-8F1FC403D7E7} - System32\Tasks\Spybot - Search & Destroy Updater -  Scheduled Task => C:\Program Files (x86)\Spybot - Search &amp; Destroy\SDUpdate.exe
Task: {862BA7F4-3DD7-4883-A318-35B3D5C15D5B} - System32\Tasks\{C32CE6F9-C8AC-4891-A866-94017859DD90} => C:\Users\Davis\Downloads\av2010.exe [2010-01-19] ()
Task: {8736B234-E6EA-4F23-A647-CE4C8A4C6A1A} - System32\Tasks\{AB5595A0-68F3-4C74-AC23-8FC14453D4A7} => C:\Users\Davis\Downloads\gc_w01_ENU_NB.exe
Task: {88D0FFA3-EB32-4C79-841F-467E02A1EA4B} - System32\Tasks\{00D6BF97-ADEE-456B-9197-E64D50A4E3FF} => C:\Program Files (x86)\Square Soft, Inc\Final Fantasy VII\ff7.exe
Task: {8B62756C-9745-476B-9553-A692CC3B273A} - System32\Tasks\{C7A1F552-6B92-4E31-A38F-1CD08E474CBA} => C:\Users\Davis\Downloads\install_flash_player.exe
Task: {8D7FF2BE-1117-4FC2-BE42-D0AC28528AFB} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1390287032-106715065-4098289439-1001Core => C:\Users\Davis\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-05] (Google Inc.)
Task: {91EEE842-56E0-4A64-8B79-957687FCE8DD} - System32\Tasks\{FC97D7AD-EE24-42D6-9BD5-6CC78FD26E2B} => C:\Users\Davis\Downloads\JukeboxDrivers(1).EXE [2011-12-12] ()
Task: {9854C19C-2BE9-4355-ACE3-EEA5C1721F46} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-24] (Adobe Systems Incorporated)
Task: {986127ED-9342-4BD5-8A94-0F340409AEC2} - System32\Tasks\{E5F67C92-A9EC-41E6-AB1D-6A261D8BD253} => C:\Program Files (x86)\uTorrent\uTorrent.exe [2012-04-13] (BitTorrent, Inc.)
Task: {9AD30F78-7663-43A9-A667-058A3DE77A1F} - System32\Tasks\{1F683C72-BBD0-4E32-B6AC-9F071297B275} => C:\Users\Davis\Downloads\GlovePIE045Free\PIEFree.exe [2011-12-31] (Carl Kenner)
Task: {9B3FAE4D-DEC5-4740-B4E3-D666059C99D6} - System32\Tasks\{B0790D3D-554E-459C-929F-D1DD2DAF7BDC} => C:\Program Files (x86)\Square Soft, Inc\Final Fantasy VII\ff7.exe
Task: {9C4CE1D3-E857-4C79-9835-797B61DA080B} - System32\Tasks\{535BF5AF-BAD1-4C24-BD25-016D7E9C2CF1} => C:\Program Files (x86)\uTorrent\uTorrent.exe [2012-04-13] (BitTorrent, Inc.)
Task: {9E001066-C5F8-47CE-B757-4997A3A92714} - System32\Tasks\{CA418EBD-FBE8-49E1-9D20-414C2590EA03} => C:\Users\Davis\Downloads\JukeboxDrivers(1).EXE [2011-12-12] ()
Task: {9F637CEA-B7A5-4505-B745-22033AAA2B14} - System32\Tasks\{5CE3EA72-5D0A-44C3-8634-2ACF5175B93C} => C:\Users\Davis\Downloads\Drv_jb(1).exe [2011-12-12] ()
Task: {A113D725-FEE7-454B-9258-4F5394B02F80} - System32\Tasks\{CA2C893B-1721-436A-B834-532EB4CE5E8F} => C:\Program Files (x86)\Square Soft, Inc\Final Fantasy VII\ff7.exe
Task: {A148B967-1363-4F93-8F46-BAA0D2C38CCE} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-01-29] (Microsoft Corporation)
Task: {A1EF9F3A-14D3-4BA6-8205-F8F1131FA107} - System32\Tasks\{3140515B-DE0F-4698-B0AE-64E184CE1F43} => C:\Users\Davis\Downloads\JB3MV2_PCWDRV_US_2_01_00.EXE [2011-12-12] ()
Task: {A94ED45C-3E26-4792-9CA2-236E6FB6A4A8} - System32\Tasks\{85635049-0A23-487C-9099-038173E622B6} => C:\Program Files (x86)\uTorrent\uTorrent.exe [2012-04-13] (BitTorrent, Inc.)
Task: {A994186A-9BAB-492A-B964-094799CFFD98} - System32\Tasks\{4859AFE5-4092-4615-81D2-061429F4A4B2} => C:\Program Files (x86)\Infogrames Interactive\RollerCoaster Tycoon Deluxe\RCT.EXE
Task: {AA36EC8E-EB3E-458C-A9C5-6A5A65E5F074} - System32\Tasks\Malwarebytes' Scheduled Update for Davis => C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
Task: {ABB93203-2382-4FA6-B74F-C89BCCA8D3D8} - System32\Tasks\{A595617A-202E-4039-AB93-7BAA35EE243B} => C:\Users\Davis\Downloads\av2010.exe [2010-01-19] ()
Task: {AF4E8DA9-FD79-4977-8E58-24B7EFCC30CD} - System32\Tasks\{5FC3BBF9-5A96-4D6F-8605-03072EEDB6D8} => C:\Program Files (x86)\Infogrames Interactive\RollerCoaster Tycoon Deluxe\RCT.EXE
Task: {AF99E93D-2628-447F-B621-D19602C135CE} - System32\Tasks\{619C5647-FF4D-4863-A797-7A1AED9FDB81} => C:\Users\Davis\Downloads\JukeboxDrivers.EXE [2010-08-19] ()
Task: {B06B8A69-A46C-4CE4-A477-6D4770F3CECF} - System32\Tasks\{2A5D5307-C1FD-411C-91BD-4D284BD0B4F7} => C:\Program Files (x86)\uTorrent\uTorrent.exe [2012-04-13] (BitTorrent, Inc.)
Task: {B4F2656C-E53C-45F8-A0D5-55DC5FF5EC5D} - System32\Tasks\ghgh => F:\Formula1.2009.Round17.Abu.Dhabi.Race.PDTV.BBC.MPEG-2.English.mpg
Task: {B6C64676-82C7-443C-85AC-37F2A868D6DE} - System32\Tasks\{635D4329-AF3A-4E6A-9EE5-7F04ED0ED242} => C:\Users\Davis\Downloads\install_flash_player.exe
Task: {BC35A22E-6DF6-4A19-8CF1-028FC6BFFD4A} - System32\Tasks\{22FFAA99-3957-4D5E-99BA-B73AABADFB18} => C:\Users\Davis\Downloads\gc_w01_ENU_NB.exe
Task: {BEDDB2F3-1A96-4409-A409-6442610FCF18} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
Task: {BFE15942-122A-4F13-BD22-AB6554E0DA42} - System32\Tasks\{AB7D93AE-10A3-40D8-9F75-FE5516BE59AA} => C:\Users\Davis\Downloads\GlovePIE045Free\PIEFree.exe [2011-12-31] (Carl Kenner)
Task: {C1791539-DB14-4344-AB4A-FEAE0852FFBF} - System32\Tasks\{84288F99-7E87-4F69-B05D-614DECBA20B6} => C:\Users\Davis\Downloads\GlovePIE045Free\PIEFree.exe [2011-12-31] (Carl Kenner)
Task: {C4799F08-939C-490A-9382-98B7473409DB} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-01-29] (Microsoft Corporation)
Task: {C60503C6-1812-4E5D-8F93-5275D1AF0953} - System32\Tasks\{D8E01382-B36D-48A0-B8DA-6BC950915C0D} => C:\Program Files (x86)\uTorrent\uTorrent.exe [2012-04-13] (BitTorrent, Inc.)
Task: {CAA4A3D8-33DA-4FFC-8743-C1A31FECEC1C} - System32\Tasks\{30EF1FF9-5BF6-476B-A911-060A492A3224} => C:\Users\Davis\Downloads\JukeboxDrivers(1).EXE [2011-12-12] ()
Task: {D6E0A067-C9B7-461C-A155-ADD5F32F0F5A} - System32\Tasks\{3BD225DA-5E73-49F1-9860-6F6E2B247801} => C:\Program Files (x86)\uTorrent\uTorrent.exe [2012-04-13] (BitTorrent, Inc.)
Task: {DF07FC0F-6214-446E-8BDF-494C70F1989B} - System32\Tasks\{0CE1CD59-7215-4926-9B1D-9443DE28AF36} => C:\Users\Davis\Downloads\JukeboxDrivers.EXE [2010-08-19] ()
Task: {E43DD784-5048-4E12-930E-C37EF4D916AA} - System32\Tasks\{AF94F373-BE21-4DC7-8F81-1DCD9B2914D4} => C:\Program Files (x86)\uTorrent\uTorrent.exe [2012-04-13] (BitTorrent, Inc.)
Task: {E6966E53-DD81-4699-AD12-88D7810C9D3D} - System32\Tasks\Spybot - Search & Destroy -  Scheduled Task => C:\Program Files (x86)\Spybot - Search &amp; Destroy\SpybotSD.exe
Task: {EEAD5E0B-2159-4324-B552-AED0A26495F8} - System32\Tasks\{23391400-4CC5-4B5B-B2E5-B908DF21E24A} => C:\Users\Davis\Downloads\GlovePIE045Free\PIEFree.exe [2011-12-31] (Carl Kenner)
Task: {FA3D1E34-3EE6-466A-9D2B-7F3D2647A667} - System32\Tasks\{9C24E4F7-186C-46F1-BD40-A9ACCE2A3E9D} => C:\Program Files (x86)\Infogrames Interactive\RollerCoaster Tycoon Deluxe\RCT.EXE
Task: {FC2309EF-4921-458E-9572-700F55714C79} - System32\Tasks\{DD24D1E1-8EAE-453B-9E6B-96CF8415309D} => C:\Program Files (x86)\Infogrames Interactive\RollerCoaster Tycoon Deluxe\RCT.EXE
Task: {FC31CCEC-9BDD-44B4-8018-AC929C7FDD1E} - System32\Tasks\{88689978-6215-4902-ADC9-4688B34D178F} => C:\Users\Davis\Downloads\JukeboxDrivers.EXE [2010-08-19] ()
Task: {FCA47ECE-7CA4-4188-A4F3-C8A0F0A63456} - System32\Tasks\{D9B4F20A-865D-40C6-A095-84774652644C} => C:\Users\Davis\Downloads\GlovePIE045Free\PIEFree.exe [2011-12-31] (Carl Kenner)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1390287032-106715065-4098289439-1001Core.job => C:\Users\Davis\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1390287032-106715065-4098289439-1001UA.job => C:\Users\Davis\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\Intel_C_CVPO940101AK080BGN.job => C:\Program Files (x86)\Intel\Intel® Solid-State Drive Toolbox\Intel SSD Toolbox.exe
Task: C:\Windows\Tasks\Malwarebytes' Scheduled Scan for Davis.job => C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
Task: C:\Windows\Tasks\Malwarebytes' Scheduled Update for Davis.job => C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
Task: C:\Windows\Tasks\Spybot - Search & Destroy -  Scheduled Task.job => C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe
Task: C:\Windows\Tasks\Spybot - Search & Destroy Updater -  Scheduled Task.job => C:\Program Files (x86)\Spybot - Search & Destroy\SDUpdate.exe

==================== Loaded Modules (whitelisted) =============

2010-10-15 13:42 - 2010-10-15 13:42 - 00326704 _____ () C:\Program Files (x86)\Expat Shield\bin\hsswd.exe
2013-04-14 03:01 - 2013-01-31 04:25 - 00087328 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2012-10-01 21:36 - 2012-10-01 21:36 - 06522480 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-11-19 22:49 - 2013-10-22 15:47 - 03109376 _____ () C:\Users\Davis\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
2009-03-29 21:34 - 2009-03-29 21:34 - 00280143 _____ () C:\Program Files (x86)\Expat Shield\bin\libidn-11.dll
2009-03-27 15:02 - 2009-03-27 15:02 - 01554920 _____ () C:\Program Files (x86)\Expat Shield\bin\libeay32.dll
2009-03-27 15:02 - 2009-03-27 15:02 - 00332254 _____ () C:\Program Files (x86)\Expat Shield\bin\libssl32.dll
2014-02-04 20:31 - 2014-02-04 20:31 - 00113171 _____ () C:\Program Files (x86)\VideoLAN\VLC\libvlc.dll
2014-02-04 20:32 - 2014-02-04 20:32 - 02396179 _____ () C:\Program Files (x86)\VideoLAN\VLC\libvlccore.dll
2014-02-04 20:31 - 2014-02-04 20:31 - 00268307 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdshow_plugin.dll
2014-02-04 20:32 - 2014-02-04 20:32 - 00027667 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libdirectsound_plugin.dll
2014-02-04 20:32 - 2014-02-04 20:32 - 00031251 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll
2014-02-04 20:31 - 2014-02-04 20:31 - 00066579 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\video_output\libdirectdraw_plugin.dll
2014-02-04 20:31 - 2014-02-04 20:31 - 02021395 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll
2014-02-04 20:31 - 2014-02-04 20:31 - 00100371 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_bd_plugin.dll
2014-02-04 20:31 - 2014-02-04 20:31 - 00240659 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll
2014-02-04 20:31 - 2014-02-04 20:31 - 00076307 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libaccess_vdr_plugin.dll
2014-02-04 20:31 - 2014-02-04 20:31 - 00045587 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll
2014-02-04 20:31 - 2014-02-04 20:31 - 00060947 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libsmooth_plugin.dll
2014-02-04 20:31 - 2014-02-04 20:31 - 00531475 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libhttplive_plugin.dll
2014-02-04 20:31 - 2014-02-04 20:31 - 00708627 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\libdash_plugin.dll
2014-02-04 20:31 - 2014-02-04 20:31 - 00114195 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libzip_plugin.dll
2014-02-04 20:31 - 2014-02-04 20:31 - 00040467 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\access\libstream_filter_rar_plugin.dll
2014-02-04 20:31 - 2014-02-04 20:31 - 00014867 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\stream_filter\librecord_plugin.dll
2014-02-04 20:31 - 2014-02-04 20:31 - 00133139 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll
2014-02-04 20:31 - 2014-02-04 20:31 - 01512467 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll
2014-02-04 20:31 - 2014-02-04 20:31 - 00296979 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\lua\liblua_plugin.dll
2014-02-04 20:31 - 2014-02-04 20:31 - 01248787 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\misc\libxml_plugin.dll
2014-02-04 20:32 - 2014-02-04 20:32 - 00054291 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll
2014-02-04 20:32 - 2014-02-04 20:32 - 00038419 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libglobalhotkeys_plugin.dll
2014-02-04 20:32 - 2014-02-04 20:32 - 00040979 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\control\libntservice_plugin.dll
2014-07-12 13:10 - 2014-07-12 13:10 - 10683392 _____ () C:\Users\Davis\AppData\Local\Programs\Google\MusicManager\QtWebKit4.dll
2014-07-12 13:10 - 2014-07-12 13:10 - 07741952 _____ () C:\Users\Davis\AppData\Local\Programs\Google\MusicManager\QtGui4.dll
2014-07-12 13:10 - 2014-07-12 13:10 - 02248192 _____ () C:\Users\Davis\AppData\Local\Programs\Google\MusicManager\QtCore4.dll
2014-07-12 13:10 - 2014-07-12 13:10 - 01681408 _____ () C:\Users\Davis\AppData\Local\Programs\Google\MusicManager\QtNetwork4.dll
2014-07-22 17:01 - 2014-07-22 17:01 - 00117248 _____ () C:\Users\Davis\AppData\Local\Programs\Google\MusicManager\libaacdec.dll
2014-07-22 17:01 - 2014-07-22 17:01 - 00231936 _____ () C:\Users\Davis\AppData\Local\Programs\Google\MusicManager\libmpgdec.dll
2014-07-22 17:02 - 2014-07-22 17:02 - 00253440 _____ () C:\Users\Davis\AppData\Local\Programs\Google\MusicManager\libid3tag.dll
2014-07-22 17:01 - 2014-07-22 17:01 - 00344064 _____ () C:\Users\Davis\AppData\Local\Programs\Google\MusicManager\libaudioenc.dll
2014-07-12 13:10 - 2014-07-12 13:10 - 00026624 _____ () C:\Users\Davis\AppData\Local\Programs\Google\MusicManager\imageformats\qgif4.dll
2014-04-09 16:28 - 2014-04-09 16:28 - 00073352 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib.dll
2014-04-09 16:28 - 2014-04-09 16:28 - 00195720 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libidn.dll
2014-04-09 16:28 - 2014-04-09 16:28 - 00840840 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxml2.dll
2014-04-09 16:28 - 2014-04-09 16:28 - 00051848 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_sqlite3-vc80-3_0.dll
2014-04-09 16:28 - 2014-04-09 16:28 - 00089224 _____ () C:\Program Files (x86)\Plex\Plex Media Server\soci_core-vc80-3_0.dll
2014-04-09 16:28 - 2014-04-09 16:28 - 07605400 _____ () C:\Program Files (x86)\Plex\Plex Media Server\avcodec-54.dll
2014-04-09 16:28 - 2014-04-09 16:28 - 00202392 _____ () C:\Program Files (x86)\Plex\Plex Media Server\avutil-52.dll
2014-04-09 16:28 - 2014-04-09 16:28 - 01453720 _____ () C:\Program Files (x86)\Plex\Plex Media Server\avformat-54.dll
2014-04-09 16:28 - 2014-04-09 16:28 - 00352920 _____ () C:\Program Files (x86)\Plex\Plex Media Server\swscale-2.dll
2014-04-09 16:28 - 2014-04-09 16:28 - 00507528 _____ () C:\Program Files (x86)\Plex\Plex Media Server\tag.dll
2014-04-09 16:28 - 2014-04-09 16:28 - 08495240 _____ () C:\Program Files (x86)\Plex\Plex Media Server\WebKit.dll
2014-04-09 16:28 - 2014-04-09 16:28 - 00952968 _____ () C:\Program Files (x86)\Plex\Plex Media Server\CFLite.dll
2014-04-09 16:28 - 2014-04-09 16:28 - 01291400 _____ () C:\Program Files (x86)\Plex\Plex Media Server\JavaScriptCore.dll
2014-04-09 16:28 - 2014-04-09 16:28 - 01038984 _____ () C:\Program Files (x86)\Plex\Plex Media Server\cairo.dll
2014-04-09 16:28 - 2014-04-09 16:28 - 00073352 _____ () C:\Program Files (x86)\Plex\Plex Media Server\zlib1.dll
2012-10-01 21:37 - 2012-10-01 21:37 - 06522480 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-07-22 18:29 - 2014-07-22 18:29 - 11148307 _____ () C:\Program Files (x86)\VideoLAN\VLC\plugins\gui\libqt4_plugin.dll
2014-04-09 16:28 - 2014-04-09 16:28 - 00045192 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_socket.pyd
2014-04-09 16:28 - 2014-04-09 16:28 - 00028808 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ssl.pyd
2014-04-09 16:28 - 2014-04-09 16:28 - 00019080 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_hashlib.pyd
2014-04-09 16:28 - 2014-04-09 16:28 - 00035976 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\simplejson\_speedups.pyd
2014-04-09 16:28 - 2014-04-09 16:28 - 00836744 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\etree.pyd
2014-04-09 16:28 - 2014-04-09 16:28 - 00062600 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libexslt.dll
2014-04-09 16:28 - 2014-04-09 16:28 - 00166024 _____ () C:\Program Files (x86)\Plex\Plex Media Server\libxslt.dll
2014-04-09 16:28 - 2014-04-09 16:28 - 00192648 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\lxml\objectify.pyd
2014-04-09 16:28 - 2014-04-09 16:28 - 00016520 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\select.pyd
2014-04-09 16:28 - 2014-04-09 16:28 - 00056456 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\crypto.pyd
2014-04-09 16:28 - 2014-04-09 16:28 - 00018056 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\rand.pyd
2014-04-09 16:28 - 2014-04-09 16:28 - 00044680 _____ () C:\Program Files (x86)\Plex\Plex Media Server\Exts\OpenSSL\SSL.pyd
2014-04-09 16:28 - 2014-04-09 16:28 - 00083080 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\_ctypes.pyd
2014-04-09 16:28 - 2014-04-09 16:28 - 00111752 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\pyexpat.pyd
2014-04-09 16:28 - 2014-04-09 16:28 - 00692360 _____ () C:\Program Files (x86)\Plex\Plex Media Server\DLLs\unicodedata.pyd
2014-10-08 12:51 - 2014-10-08 12:51 - 00718152 _____ () C:\Users\Davis\AppData\LocalLow\Adobe\Ceqlpayahzd\kyexgilmdqhj\36.0.1985.143\libglesv2.dll
2014-10-08 12:51 - 2014-10-08 12:51 - 00126280 _____ () C:\Users\Davis\AppData\LocalLow\Adobe\Ceqlpayahzd\kyexgilmdqhj\36.0.1985.143\libegl.dll
2014-10-08 12:51 - 2014-10-08 12:51 - 08537928 _____ () C:\Users\Davis\AppData\LocalLow\Adobe\Ceqlpayahzd\kyexgilmdqhj\36.0.1985.143\pdf.dll
2014-10-08 12:51 - 2014-10-08 12:51 - 00353096 _____ () C:\Users\Davis\AppData\LocalLow\Adobe\Ceqlpayahzd\kyexgilmdqhj\36.0.1985.143\ppGoogleNaClPluginChrome.dll
2014-10-08 12:51 - 2014-10-08 12:51 - 01732936 _____ () C:\Users\Davis\AppData\LocalLow\Adobe\Ceqlpayahzd\kyexgilmdqhj\36.0.1985.143\ffmpegsumo.dll
2014-10-08 12:51 - 2014-10-08 12:51 - 14669128 _____ () C:\Users\Davis\AppData\LocalLow\Adobe\Ceqlpayahzd\kyexgilmdqhj\36.0.1985.143\PepperFlash\pepflashplayer.dll
2014-09-24 17:26 - 2014-09-22 23:06 - 01098056 _____ () C:\Users\Davis\AppData\Local\Google\Chrome\Application\37.0.2062.124\libglesv2.dll
2014-09-24 17:26 - 2014-09-22 23:06 - 00174408 _____ () C:\Users\Davis\AppData\Local\Google\Chrome\Application\37.0.2062.124\libegl.dll
2014-09-24 17:26 - 2014-09-22 23:07 - 08577864 _____ () C:\Users\Davis\AppData\Local\Google\Chrome\Application\37.0.2062.124\pdf.dll
2014-09-24 17:26 - 2014-09-22 23:07 - 00331592 _____ () C:\Users\Davis\AppData\Local\Google\Chrome\Application\37.0.2062.124\ppGoogleNaClPluginChrome.dll
2014-09-24 17:26 - 2014-09-22 23:06 - 01660232 _____ () C:\Users\Davis\AppData\Local\Google\Chrome\Application\37.0.2062.124\ffmpegsumo.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^CrashPlan Tray.lnk => C:\Windows\pss\CrashPlan Tray.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Davis^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^BBC iPlayer Desktop.lnk => C:\Windows\pss\BBC iPlayer Desktop.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Davis^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk => C:\Windows\pss\MagicDisc.lnk.Startup
MSCONFIG\startupfolder: C:^Users^Davis^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk => C:\Windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Amazon Cloud Player => C:\Users\Davis\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
MSCONFIG\startupreg: Browser Extensions => "C:\Users\Davis\AppData\Roaming\Browser Extensions\CouponsHelper.exe"
MSCONFIG\startupreg: C3BDE67CB78EA70D7D4249CDFE3B7E53EEECF445._service_run => "C:\Users\Davis\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service
MSCONFIG\startupreg: CTSyncU.exe => "C:\Program Files (x86)\Creative\Sync Manager Unicode\CTSyncU.exe"
MSCONFIG\startupreg: F.lux => "C:\Users\Davis\Local Settings\Apps\F.lux\flux.exe" /noshow
MSCONFIG\startupreg: Google Update => "C:\Users\Davis\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: GrooveMonitor => "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
MSCONFIG\startupreg: HP Component Manager => "C:\Program Files (x86)\HP\hpcoretech\hpcmpmgr.exe"
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: hpqSRMon => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
MSCONFIG\startupreg: KiesTrayAgent => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: SearchProtection => "C:\Users\Davis\AppData\Roaming\Search Protection\SearchProtection.EXE" /autostart

========================= Accounts: ==========================

Administrator (S-1-5-21-1390287032-106715065-4098289439-500 - Administrator - Disabled)
ASPNET (S-1-5-21-1390287032-106715065-4098289439-1004 - Limited - Enabled)
Davis (S-1-5-21-1390287032-106715065-4098289439-1001 - Administrator - Enabled) => C:\Users\Davis
Guest (S-1-5-21-1390287032-106715065-4098289439-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1390287032-106715065-4098289439-1002 - Limited - Enabled)
UpdatusUser (S-1-5-21-1390287032-106715065-4098289439-1019 - Limited - Enabled) => C:\Users\UpdatusUser
vlc (S-1-5-21-1390287032-106715065-4098289439-1018 - Limited - Enabled)

==================== Faulty Device Manager Devices =============

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: VirtualBox Host-Only Ethernet Adapter
Description: VirtualBox Host-Only Ethernet Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Oracle Corporation
Service: VBoxNetAdp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller
Description: Marvell Yukon 88E8053 PCI-E Gigabit Ethernet Controller
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Marvell
Service: yukonw7
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Bluetooth Peripheral Device
Description: Bluetooth Peripheral Device
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (10/08/2014 00:31:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 6.1.7601.17514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: e34

Start Time: 01cfe31d4070cc8f

Termination Time: 3786

Application Path: C:\Windows\explorer.exe

Report Id: e62d0b99-4f10-11e4-8e23-0002723f57c2

Error: (10/08/2014 00:28:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program explorer.exe version 6.1.7601.17514 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 754

Start Time: 01cfdf46d74f08cb

Termination Time: 12681

Application Path: C:\Windows\explorer.exe

Report Id: 724fb01a-4f10-11e4-8e23-0002723f57c2

Error: (10/07/2014 06:20:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 32.0.3.5379, time stamp: 0x54224e6b
Faulting module name: mozalloc.dll, version: 32.0.3.5379, time stamp: 0x54221b67
Exception code: 0x80000003
Fault offset: 0x0000141b
Faulting process id: 0x1488
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (10/03/2014 03:09:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 32.0.3.5379, time stamp: 0x54224e6b
Faulting module name: mozalloc.dll, version: 32.0.3.5379, time stamp: 0x54221b67
Exception code: 0x80000003
Fault offset: 0x0000141b
Faulting process id: 0x294
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3

Error: (10/01/2014 10:31:12 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "36.0.1985.143,language="&#x2a;",type="win32",version="36.0.1985.143"1".
Dependent Assembly 36.0.1985.143,language="&#x2a;",type="win32",version="36.0.1985.143" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/01/2014 10:31:12 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "36.0.1985.143,language="&#x2a;",type="win32",version="36.0.1985.143"1".
Dependent Assembly 36.0.1985.143,language="&#x2a;",type="win32",version="36.0.1985.143" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/01/2014 10:30:42 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "36.0.1985.143,language="&#x2a;",type="win32",version="36.0.1985.143"1".
Dependent Assembly 36.0.1985.143,language="&#x2a;",type="win32",version="36.0.1985.143" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/01/2014 10:30:42 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "36.0.1985.143,language="&#x2a;",type="win32",version="36.0.1985.143"1".
Dependent Assembly 36.0.1985.143,language="&#x2a;",type="win32",version="36.0.1985.143" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/01/2014 10:30:13 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "36.0.1985.143,language="&#x2a;",type="win32",version="36.0.1985.143"1".
Dependent Assembly 36.0.1985.143,language="&#x2a;",type="win32",version="36.0.1985.143" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (10/01/2014 10:17:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SpybotSD.exe version 1.6.2.46 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 2144

Start Time: 01cfddeef30a1067

Termination Time: 42

Application Path: C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe

Report Id: 98e0d59a-49e2-11e4-ad73-0002723f57c2


System errors:
=============
Error: (10/08/2014 01:08:58 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (10/08/2014 00:49:02 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 35) (User: NT AUTHORITY)
Description: Performance power management features on processor 1 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.

Error: (10/08/2014 00:49:02 PM) (Source: Microsoft-Windows-Kernel-Processor-Power) (EventID: 35) (User: NT AUTHORITY)
Description: Performance power management features on processor 0 in group 0 are disabled due to a firmware problem. Check with the computer manufacturer for updated firmware.

Error: (10/08/2014 00:49:01 PM) (Source: volmgr) (EventID: 46) (User: )
Description: Crash dump initialization failed!

Error: (10/08/2014 00:36:28 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.

Error: (10/08/2014 00:36:25 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.

Error: (10/08/2014 00:36:20 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.

Error: (10/08/2014 00:36:16 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.

Error: (10/08/2014 00:36:12 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.

Error: (10/08/2014 00:36:08 PM) (Source: Disk) (EventID: 7) (User: )
Description: The device, \Device\Harddisk1\DR1, has a bad block.


Microsoft Office Sessions:
=========================
Error: (10/08/2014 00:31:22 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: explorer.exe6.1.7601.17514e3401cfe31d4070cc8f3786C:\Windows\explorer.exee62d0b99-4f10-11e4-8e23-0002723f57c2

Error: (10/08/2014 00:28:19 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: explorer.exe6.1.7601.1751475401cfdf46d74f08cb12681C:\Windows\explorer.exe724fb01a-4f10-11e4-8e23-0002723f57c2

Error: (10/07/2014 06:20:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe32.0.3.537954224e6bmozalloc.dll32.0.3.537954221b67800000030000141b148801cfdf4683a41af1C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dllf5e3206a-4e13-11e4-8e23-0002723f57c2

Error: (10/03/2014 03:09:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe32.0.3.537954224e6bmozalloc.dll32.0.3.537954221b67800000030000141b29401cfde3e027fed12C:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozalloc.dll2f0a0891-4b39-11e4-8e23-0002723f57c2

Error: (10/01/2014 10:31:12 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: 36.0.1985.143,language="&#x2a;",type="win32",version="36.0.1985.143"C:\Users\Davis\AppData\LocalLow\Sun\Ceqlpayahzd\kyexgilmdqhj\Dcvdpgzc.exe

Error: (10/01/2014 10:31:12 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: 36.0.1985.143,language="&#x2a;",type="win32",version="36.0.1985.143"C:\Users\Davis\AppData\LocalLow\Sun\Ceqlpayahzd\kyexgilmdqhj\Dcvdpgzc.exe

Error: (10/01/2014 10:30:42 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: 36.0.1985.143,language="&#x2a;",type="win32",version="36.0.1985.143"C:\Users\Davis\AppData\LocalLow\Sun\Ceqlpayahzd\kyexgilmdqhj\Dcvdpgzc.exe

Error: (10/01/2014 10:30:42 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: 36.0.1985.143,language="&#x2a;",type="win32",version="36.0.1985.143"C:\Users\Davis\AppData\LocalLow\Sun\Ceqlpayahzd\kyexgilmdqhj\Dcvdpgzc.exe

Error: (10/01/2014 10:30:13 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: 36.0.1985.143,language="&#x2a;",type="win32",version="36.0.1985.143"C:\Users\Davis\AppData\LocalLow\Sun\Ceqlpayahzd\kyexgilmdqhj\Dcvdpgzc.exe

Error: (10/01/2014 10:17:13 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: SpybotSD.exe1.6.2.46214401cfddeef30a106742C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe98e0d59a-49e2-11e4-ad73-0002723f57c2


CodeIntegrity Errors:
===================================
  Date: 2014-09-22 15:42:55.946
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-09-22 15:42:55.875
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-09-22 15:42:55.795
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-09-22 15:42:55.725
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-09-22 15:42:55.653
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-09-22 15:42:55.583
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-09-22 15:42:55.511
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-09-22 15:42:55.441
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-09-22 15:42:54.255
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2014-09-22 15:42:54.183
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\drivers\LHidFilt.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU E8400 @ 3.00GHz
Percentage of memory in use: 37%
Total physical RAM: 8190.48 MB
Available physical RAM: 5108.52 MB
Total Pagefile: 8188.67 MB
Available Pagefile: 4821.99 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Intel 80GB G2 SSD) (Fixed) (Total:74.43 GB) (Free:18.16 GB) NTFS
Drive e: (3 TB (READ ONLY)) (Fixed) (Total:2794.39 GB) (Free:22.82 GB) NTFS
Drive f: (1 TB ) (Fixed) (Total:931.51 GB) (Free:4.64 GB) NTFS
Drive g: (500 GB  (old)) (Fixed) (Total:465.76 GB) (Free:4.36 GB) NTFS
Drive h: (1500 GB (old)) (Fixed) (Total:1397.14 GB) (Free:364.95 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 7A4AF4E8)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=42)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: 7FAEC189)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=74.4 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: A6476F90)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows 7 or Vista) (Size: 1397.3 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 4 (MBR Code: Windows 7 or 8) (Size: 2794.5 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================



#4 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,015 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:06:36 AM

Posted 09 October 2014 - 12:18 PM

Hi smoth1,
 
I must give you this warning:
 
Looking through your logs, one or more of your infections has been identified as a Backdoor Trojan. These threats have backdoor functionality which allows hackers to remotely control your computer, steal critical system information, and download and execute files.
 
I highly suggest you to disconnect this PC from the Internet immediately, and if possible use a clean computer and a flash drive to transfer the programs I request for you to run. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable. It would be wise to contact those same financial institutions to notify them of your situation.
 
Due to the nature of this trojan, your computer is very likely to be compromised. There is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:
 
How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?
When Should I Format, How Should I Reinstall
 
We can still clean this machine, but I can't guarantee that it will be 100% secure afterwards. If you decide to continue cleaning this machine, follow on with the rest of the steps posted below. If you do not want to clean this machine, please let me know.
 
--------------
 
Have you set these proxies yourself?:
95.52.125.17:80
FF NetworkProxy: "http", "128.208.4.99"
FF NetworkProxy: "http_port", 3128
 
--------------

 We need to remove programs using "Programs and Features"

Click the "Start" orb on the taskbar, and then click the "Control Panel" button.

  • If you use Category mode, click on Uninstall a Program.
  • If you use Icons mode, click on Program and Features.

A list of programs installed will be "populated" (this may take a bit of time).
If they exist, uninstall the following by clicking on the below entries and selecting "Remove":

Browser Extensions
Search Protection

Additional instructions can be found here if needed.
 
--------------

We need to run a fix with FRST:

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Copy and paste the script below in the notepad document:​
(Google Inc.) C:\Users\Davis\AppData\LocalLow\Temp\Ceqlpayahzd\kyexgilmdqhj\Dcvdpgzc.exe
(Google Inc.) C:\Users\Davis\AppData\LocalLow\Temp\Ceqlpayahzd\kyexgilmdqhj\Dcvdpgzc.exe
(Google Inc.) C:\Users\Davis\AppData\LocalLow\Temp\Ceqlpayahzd\kyexgilmdqhj\Dcvdpgzc.exe
(Google Inc.) C:\Users\Davis\AppData\LocalLow\Temp\Ceqlpayahzd\kyexgilmdqhj\Dcvdpgzc.exe
(Google Inc.) C:\Users\Davis\AppData\LocalLow\Temp\Ceqlpayahzd\kyexgilmdqhj\Dcvdpgzc.exe
(Google Inc.) C:\Users\Davis\AppData\LocalLow\Temp\Ceqlpayahzd\kyexgilmdqhj\Dcvdpgzc.exe
(Google Inc.) C:\Users\Davis\AppData\LocalLow\Temp\Ceqlpayahzd\kyexgilmdqhj\Dcvdpgzc.exe
(Google Inc.) C:\Users\Davis\AppData\LocalLow\Temp\Ceqlpayahzd\kyexgilmdqhj\Dcvdpgzc.exe
HKLM-x32\...\Run: [conhost] => C:\Users\Davis\AppData\Roaming\Microsoft\conhost.exe
HKU\S-1-5-21-1390287032-106715065-4098289439-1001\...\Run: [Knwbfltez] => regsvr32.exe /s "C:\Users\Davis\AppData\Local\ApplicationHistory\Knwbfltez.dll" <===== ATTENTION
HKU\S-1-5-21-1390287032-106715065-4098289439-1001\...\CurrentVersion\Windows: [Load] C:\Users\Davis\AppData\Local <===== ATTENTION
HKU\S-1-5-21-1390287032-106715065-4098289439-1001\...\Winlogon: [Shell] explorer.exe, <==== ATTENTION
C:\Users\Davis\AppData\LocalLow\Temp\Ceqlpayahzd
C:\Users\Davis\AppData\Roaming\Microsoft\conhost.exe
C:\Users\Davis\AppData\Local\ApplicationHistory
CustomCLSID: HKU\S-1-5-21-1390287032-106715065-4098289439-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Davis\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-1390287032-106715065-4098289439-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Davis\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1390287032-106715065-4098289439-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Davis\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
Task: {0051366F-7339-4D16-B19F-DD7BE1CD6772} - System32\Tasks\{ACF0B451-419F-4835-ADF4-2382A83D627C} => M:\ff7.exe
Task: {021170BA-26B5-4C06-AC98-F6DB7DF383B5} - System32\Tasks\{FF5B6BD3-1E82-4F5F-ADEA-181659D8DB27} => C:\Users\Davis\Downloads\install_flash_player.exe
C:\Users\Davis\Downloads\install_flash_player.exe
Task: {30DF3E37-7340-492B-92A4-3275C2CA5530} - System32\Tasks\{28220C1A-FF90-45A4-AC10-A805AAC2AE7D} => C:\Users\Davis\Downloads\install_flash_player.exe
Task: {351DDE18-1398-41CF-ADD0-365E6F35EA6C} - System32\Tasks\{935D1EAB-E132-4F39-8346-831E3884DDD0} => M:\ff7.exe
Task: {3FBCA773-BBD1-4C66-8DE8-1BB9018D9F7F} - System32\Tasks\{2062F47B-87D5-455A-8E7F-7E9FF9A36566} => C:\Users\Davis\Downloads\install_flash_player.exe
Task: {44449879-EBE0-40B8-9C06-27F2CFEA3F08} - System32\Tasks\{3220DBB6-FF80-4BC7-8CFC-266398CBD818} => C:\Users\Davis\Downloads\install_flash_player.exe
Task: {54610AD2-E388-4A4C-8005-C8991D6F613E} - System32\Tasks\{C7A1259C-8733-4FB0-A5FB-2251D7A2544F} => C:\Users\Davis\Downloads\av2010.exe [2010-01-19] ()
C:\Users\Davis\Downloads\av2010.exe
Task: {8B62756C-9745-476B-9553-A692CC3B273A} - System32\Tasks\{C7A1F552-6B92-4E31-A38F-1CD08E474CBA} => C:\Users\Davis\Downloads\install_flash_player.exe
Task: {ABB93203-2382-4FA6-B74F-C89BCCA8D3D8} - System32\Tasks\{A595617A-202E-4039-AB93-7BAA35EE243B} => C:\Users\Davis\Downloads\av2010.exe [2010-01-19] ()
Task: {B6C64676-82C7-443C-85AC-37F2A868D6DE} - System32\Tasks\{635D4329-AF3A-4E6A-9EE5-7F04ED0ED242} => C:\Users\Davis\Downloads\install_flash_player.exe
  • Save the file to your desktop and name it as fixlist.txt

Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run.
  • Please copy and paste the log in your next reply.

--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • Fixlog.txt

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#5 smoth1

smoth1
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:36 AM

Posted 09 October 2014 - 01:52 PM

Toffee,

 

I didn't set up those proxies.

i removed the two files.

 

here is the log:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 06-10-2014 01
Ran by Davis at 2014-10-09 13:35:06 Run:1
Running from C:\Users\Davis\Downloads
Loaded Profiles: Davis & UpdatusUser (Available profiles: Davis & UpdatusUser)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
(Google Inc.) C:\Users\Davis\AppData\LocalLow\Temp\Ceqlpayahzd\kyexgilmdqhj\Dcvdpgzc.exe
(Google Inc.) C:\Users\Davis\AppData\LocalLow\Temp\Ceqlpayahzd\kyexgilmdqhj\Dcvdpgzc.exe
(Google Inc.) C:\Users\Davis\AppData\LocalLow\Temp\Ceqlpayahzd\kyexgilmdqhj\Dcvdpgzc.exe
(Google Inc.) C:\Users\Davis\AppData\LocalLow\Temp\Ceqlpayahzd\kyexgilmdqhj\Dcvdpgzc.exe
(Google Inc.) C:\Users\Davis\AppData\LocalLow\Temp\Ceqlpayahzd\kyexgilmdqhj\Dcvdpgzc.exe
(Google Inc.) C:\Users\Davis\AppData\LocalLow\Temp\Ceqlpayahzd\kyexgilmdqhj\Dcvdpgzc.exe
(Google Inc.) C:\Users\Davis\AppData\LocalLow\Temp\Ceqlpayahzd\kyexgilmdqhj\Dcvdpgzc.exe
(Google Inc.) C:\Users\Davis\AppData\LocalLow\Temp\Ceqlpayahzd\kyexgilmdqhj\Dcvdpgzc.exe
HKLM-x32\...\Run: [conhost] => C:\Users\Davis\AppData\Roaming\Microsoft\conhost.exe
HKU\S-1-5-21-1390287032-106715065-4098289439-1001\...\Run: [Knwbfltez] => regsvr32.exe /s "C:\Users\Davis\AppData\Local\ApplicationHistory\Knwbfltez.dll" <===== ATTENTION
HKU\S-1-5-21-1390287032-106715065-4098289439-1001\...\CurrentVersion\Windows: [Load] C:\Users\Davis\AppData\Local <===== ATTENTION
HKU\S-1-5-21-1390287032-106715065-4098289439-1001\...\Winlogon: [Shell] explorer.exe, <==== ATTENTION
C:\Users\Davis\AppData\LocalLow\Temp\Ceqlpayahzd
C:\Users\Davis\AppData\Roaming\Microsoft\conhost.exe
C:\Users\Davis\AppData\Local\ApplicationHistory
CustomCLSID: HKU\S-1-5-21-1390287032-106715065-4098289439-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Davis\AppData\Roaming\Dropbox\bin\Dropbox.exe /autoplay No File
CustomCLSID: HKU\S-1-5-21-1390287032-106715065-4098289439-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Davis\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-1390287032-106715065-4098289439-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Davis\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File
Task: {0051366F-7339-4D16-B19F-DD7BE1CD6772} - System32\Tasks\{ACF0B451-419F-4835-ADF4-2382A83D627C} => M:\ff7.exe
Task: {021170BA-26B5-4C06-AC98-F6DB7DF383B5} - System32\Tasks\{FF5B6BD3-1E82-4F5F-ADEA-181659D8DB27} => C:\Users\Davis\Downloads\install_flash_player.exe
C:\Users\Davis\Downloads\install_flash_player.exe
Task: {30DF3E37-7340-492B-92A4-3275C2CA5530} - System32\Tasks\{28220C1A-FF90-45A4-AC10-A805AAC2AE7D} => C:\Users\Davis\Downloads\install_flash_player.exe
Task: {351DDE18-1398-41CF-ADD0-365E6F35EA6C} - System32\Tasks\{935D1EAB-E132-4F39-8346-831E3884DDD0} => M:\ff7.exe
Task: {3FBCA773-BBD1-4C66-8DE8-1BB9018D9F7F} - System32\Tasks\{2062F47B-87D5-455A-8E7F-7E9FF9A36566} => C:\Users\Davis\Downloads\install_flash_player.exe
Task: {44449879-EBE0-40B8-9C06-27F2CFEA3F08} - System32\Tasks\{3220DBB6-FF80-4BC7-8CFC-266398CBD818} => C:\Users\Davis\Downloads\install_flash_player.exe
Task: {54610AD2-E388-4A4C-8005-C8991D6F613E} - System32\Tasks\{C7A1259C-8733-4FB0-A5FB-2251D7A2544F} => C:\Users\Davis\Downloads\av2010.exe [2010-01-19] ()
C:\Users\Davis\Downloads\av2010.exe
Task: {8B62756C-9745-476B-9553-A692CC3B273A} - System32\Tasks\{C7A1F552-6B92-4E31-A38F-1CD08E474CBA} => C:\Users\Davis\Downloads\install_flash_player.exe
Task: {ABB93203-2382-4FA6-B74F-C89BCCA8D3D8} - System32\Tasks\{A595617A-202E-4039-AB93-7BAA35EE243B} => C:\Users\Davis\Downloads\av2010.exe [2010-01-19] ()
Task: {B6C64676-82C7-443C-85AC-37F2A868D6DE} - System32\Tasks\{635D4329-AF3A-4E6A-9EE5-7F04ED0ED242} => C:\Users\Davis\Downloads\install_flash_player.exe
*****************

[3284] C:\Users\Davis\AppData\LocalLow\Temp\Ceqlpayahzd\kyexgilmdqhj\Dcvdpgzc.exe => Process closed successfully.
[4536] C:\Users\Davis\AppData\LocalLow\Temp\Ceqlpayahzd\kyexgilmdqhj\Dcvdpgzc.exe => Process closed successfully.
[4160] C:\Users\Davis\AppData\LocalLow\Temp\Ceqlpayahzd\kyexgilmdqhj\Dcvdpgzc.exe => Process closed successfully.
[2848] C:\Users\Davis\AppData\LocalLow\Temp\Ceqlpayahzd\kyexgilmdqhj\Dcvdpgzc.exe => Process closed successfully.
[4948] C:\Users\Davis\AppData\LocalLow\Temp\Ceqlpayahzd\kyexgilmdqhj\Dcvdpgzc.exe => Process closed successfully.
[5260] C:\Users\Davis\AppData\LocalLow\Temp\Ceqlpayahzd\kyexgilmdqhj\Dcvdpgzc.exe => Process closed successfully.
C:\Users\Davis\AppData\LocalLow\Temp\Ceqlpayahzd\kyexgilmdqhj\Dcvdpgzc.exe => No running process found
C:\Users\Davis\AppData\LocalLow\Temp\Ceqlpayahzd\kyexgilmdqhj\Dcvdpgzc.exe => No running process found
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\conhost => value deleted successfully.
HKU\S-1-5-21-1390287032-106715065-4098289439-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Knwbfltez => value deleted successfully.
HKU\S-1-5-21-1390287032-106715065-4098289439-1001\Software\Microsoft\Windows NT\CurrentVersion\Windows\\Load => Value was restored successfully.
HKU\S-1-5-21-1390287032-106715065-4098289439-1001\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => value deleted successfully.

"C:\Users\Davis\AppData\LocalLow\Temp\Ceqlpayahzd" directory move:

C:\Users\Davis\AppData\LocalLow\Temp\Ceqlpayahzd\gfnoozulvcpr => Moved successfully.
C:\Users\Davis\AppData\LocalLow\Temp\Ceqlpayahzd\zkunqvtgb => Moved successfully.
C:\Users\Davis\AppData\LocalLow\Temp\Ceqlpayahzd\Rxwtkppx\hjcpurwqzh.js => Moved successfully.
C:\Users\Davis\AppData\LocalLow\Temp\Ceqlpayahzd\Rxwtkppx\manifest.json => Moved successfully.
C:\Users\Davis\AppData\LocalLow\Temp\Ceqlpayahzd\kyexgilmdqhj\Dcvdpgzc.exe => Moved successfully.
C:\Users\Davis\AppData\LocalLow\Temp\Ceqlpayahzd\kyexgilmdqhj\Dictionaries\en-US-3-0.bdic => Moved successfully.
C:\Users\Davis\AppData\LocalLow\Temp\Ceqlpayahzd\kyexgilmdqhj\36.0.1985.143\36.0.1985.143.manifest => Moved successfully.
C:\Users\Davis\AppData\LocalLow\Temp\Ceqlpayahzd\kyexgilmdqhj\36.0.1985.143\chrome.dll => Moved successfully.
C:\Users\Davis\AppData\LocalLow\Temp\Ceqlpayahzd\kyexgilmdqhj\36.0.1985.143\chrome_100_percent.pak => Moved successfully.
C:\Users\Davis\AppData\LocalLow\Temp\Ceqlpayahzd\kyexgilmdqhj\36.0.1985.143\chrome_200_percent.pak => Moved successfully.
C:\Users\Davis\AppData\LocalLow\Temp\Ceqlpayahzd\kyexgilmdqhj\36.0.1985.143\chrome_child.dll => Moved successfully.
C:\Users\Davis\AppData\LocalLow\Temp\Ceqlpayahzd\kyexgilmdqhj\36.0.1985.143\chrome_elf.dll => Moved successfully.
C:\Users\Davis\AppData\LocalLow\Temp\Ceqlpayahzd\kyexgilmdqhj\36.0.1985.143\d3dcompiler_43.dll => Moved successfully.
C:\Users\Davis\AppData\LocalLow\Temp\Ceqlpayahzd\kyexgilmdqhj\36.0.1985.143\d3dcompiler_46.dll => Moved successfully.
C:\Users\Davis\AppData\LocalLow\Temp\Ceqlpayahzd\kyexgilmdqhj\36.0.1985.143\delegate_execute.exe => Moved successfully.
C:\Users\Davis\AppData\LocalLow\Temp\Ceqlpayahzd\kyexgilmdqhj\36.0.1985.143\ffmpegsumo.dll => Moved successfully.
C:\Users\Davis\AppData\LocalLow\Temp\Ceqlpayahzd\kyexgilmdqhj\36.0.1985.143\icudtl.dat => Moved successfully.
C:\Users\Davis\AppData\LocalLow\Temp\Ceqlpayahzd\kyexgilmdqhj\36.0.1985.143\libegl.dll => Moved successfully.
C:\Users\Davis\AppData\LocalLow\Temp\Ceqlpayahzd\kyexgilmdqhj\36.0.1985.143\libexif.dll => Moved successfully.
C:\Users\Davis\AppData\LocalLow\Temp\Ceqlpayahzd\kyexgilmdqhj\36.0.1985.143\libglesv2.dll => Moved successfully.
C:\Users\Davis\AppData\LocalLow\Temp\Ceqlpayahzd\kyexgilmdqhj\36.0.1985.143\libpeerconnection.dll => Moved successfully.
C:\Users\Davis\AppData\LocalLow\Temp\Ceqlpayahzd\kyexgilmdqhj\36.0.1985.143\metro_driver.dll => Moved successfully.
C:\Users\Davis\AppData\LocalLow\Temp\Ceqlpayahzd\kyexgilmdqhj\36.0.1985.143\mksnapshot.ia32.exe.assert.manifest => Moved successfully.
C:\Users\Davis\AppData\LocalLow\Temp\Ceqlpayahzd\kyexgilmdqhj\36.0.1985.143\nacl64.exe => Moved successfully.
C:\Users\Davis\AppData\LocalLow\Temp\Ceqlpayahzd\kyexgilmdqhj\36.0.1985.143\nacl_irt_x86_32.nexe => Moved successfully.
C:\Users\Davis\AppData\LocalLow\Temp\Ceqlpayahzd\kyexgilmdqhj\36.0.1985.143\nacl_irt_x86_64.nexe => Moved successfully.
C:\Users\Davis\AppData\LocalLow\Temp\Ceqlpayahzd\kyexgilmdqhj\36.0.1985.143\pdf.dll => Moved successfully.
C:\Users\Davis\AppData\LocalLow\Temp\Ceqlpayahzd\kyexgilmdqhj\36.0.1985.143\ppgooglenaclpluginchrome.dll => Moved successfully.
C:\Users\Davis\AppData\LocalLow\Temp\Ceqlpayahzd\kyexgilmdqhj\36.0.1985.143\resources.pak => Moved successfully.
C:\Users\Davis\AppData\LocalLow\Temp\Ceqlpayahzd\kyexgilmdqhj\36.0.1985.143\secondarytile.png => Moved successfully.
C:\Users\Davis\AppData\LocalLow\Temp\Ceqlpayahzd\kyexgilmdqhj\36.0.1985.143\widevinecdmadapter.dll => Moved successfully.
C:\Users\Davis\AppData\LocalLow\Temp\Ceqlpayahzd\kyexgilmdqhj\36.0.1985.143\xinput1_3.dll => Moved successfully.
C:\Users\Davis\AppData\LocalLow\Temp\Ceqlpayahzd\kyexgilmdqhj\36.0.1985.143\VisualElements\logo.png => Moved successfully.
C:\Users\Davis\AppData\LocalLow\Temp\Ceqlpayahzd\kyexgilmdqhj\36.0.1985.143\VisualElements\smalllogo.png => Moved successfully.
C:\Users\Davis\AppData\LocalLow\Temp\Ceqlpayahzd\kyexgilmdqhj\36.0.1985.143\VisualElements\splash-620x300.png => Moved successfully.
C:\Users\Davis\AppData\LocalLow\Temp\Ceqlpayahzd\kyexgilmdqhj\36.0.1985.143\PepperFlash\manifest.json => Moved successfully.
C:\Users\Davis\AppData\LocalLow\Temp\Ceqlpayahzd\kyexgilmdqhj\36.0.1985.143\PepperFlash\pepflashplayer.dll => Moved successfully.
C:\Users\Davis\AppData\LocalLow\Temp\Ceqlpayahzd\kyexgilmdqhj\36.0.1985.143\Locales\en-GB.pak => Moved successfully.
C:\Users\Davis\AppData\LocalLow\Temp\Ceqlpayahzd\kyexgilmdqhj\36.0.1985.143\Locales\en-US.pak => Moved successfully.
C:\Users\Davis\AppData\LocalLow\Temp\Ceqlpayahzd\kyexgilmdqhj\36.0.1985.143\Extensions\external_extensions.json => Moved successfully.
C:\Users\Davis\AppData\LocalLow\Temp\Ceqlpayahzd\kyexgilmdqhj\36.0.1985.143\default_apps\docs.crx => Moved successfully.
C:\Users\Davis\AppData\LocalLow\Temp\Ceqlpayahzd\kyexgilmdqhj\36.0.1985.143\default_apps\drive.crx => Moved successfully.
C:\Users\Davis\AppData\LocalLow\Temp\Ceqlpayahzd\kyexgilmdqhj\36.0.1985.143\default_apps\external_extensions.json => Moved successfully.
C:\Users\Davis\AppData\LocalLow\Temp\Ceqlpayahzd\kyexgilmdqhj\36.0.1985.143\default_apps\gmail.crx => Moved successfully.
C:\Users\Davis\AppData\LocalLow\Temp\Ceqlpayahzd\kyexgilmdqhj\36.0.1985.143\default_apps\search.crx => Moved successfully.
C:\Users\Davis\AppData\LocalLow\Temp\Ceqlpayahzd\kyexgilmdqhj\36.0.1985.143\default_apps\youtube.crx => Moved successfully.
C:\Users\Davis\AppData\LocalLow\Temp\Ceqlpayahzd\anyqxbjud\hozfurj.js => Moved successfully.
C:\Users\Davis\AppData\LocalLow\Temp\Ceqlpayahzd\anyqxbjud\manifest.json => Moved successfully.
Could not move "C:\Users\Davis\AppData\LocalLow\Temp\Ceqlpayahzd" directory. => Scheduled to move on reboot.

"C:\Users\Davis\AppData\Roaming\Microsoft\conhost.exe" => File/Directory not found.
C:\Users\Davis\AppData\Local\ApplicationHistory => Moved successfully.
"HKU\S-1-5-21-1390287032-106715065-4098289439-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}" => Key deleted successfully.
"HKU\S-1-5-21-1390287032-106715065-4098289439-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}" => Key deleted successfully.
"HKU\S-1-5-21-1390287032-106715065-4098289439-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0051366F-7339-4D16-B19F-DD7BE1CD6772}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0051366F-7339-4D16-B19F-DD7BE1CD6772}" => Key deleted successfully.
C:\Windows\System32\Tasks\{ACF0B451-419F-4835-ADF4-2382A83D627C} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{ACF0B451-419F-4835-ADF4-2382A83D627C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{021170BA-26B5-4C06-AC98-F6DB7DF383B5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{021170BA-26B5-4C06-AC98-F6DB7DF383B5}" => Key deleted successfully.
C:\Windows\System32\Tasks\{FF5B6BD3-1E82-4F5F-ADEA-181659D8DB27} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{FF5B6BD3-1E82-4F5F-ADEA-181659D8DB27}" => Key deleted successfully.
"C:\Users\Davis\Downloads\install_flash_player.exe" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{30DF3E37-7340-492B-92A4-3275C2CA5530}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{30DF3E37-7340-492B-92A4-3275C2CA5530}" => Key deleted successfully.
C:\Windows\System32\Tasks\{28220C1A-FF90-45A4-AC10-A805AAC2AE7D} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{28220C1A-FF90-45A4-AC10-A805AAC2AE7D}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{351DDE18-1398-41CF-ADD0-365E6F35EA6C}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{351DDE18-1398-41CF-ADD0-365E6F35EA6C}" => Key deleted successfully.
C:\Windows\System32\Tasks\{935D1EAB-E132-4F39-8346-831E3884DDD0} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{935D1EAB-E132-4F39-8346-831E3884DDD0}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3FBCA773-BBD1-4C66-8DE8-1BB9018D9F7F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3FBCA773-BBD1-4C66-8DE8-1BB9018D9F7F}" => Key deleted successfully.
C:\Windows\System32\Tasks\{2062F47B-87D5-455A-8E7F-7E9FF9A36566} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{2062F47B-87D5-455A-8E7F-7E9FF9A36566}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{44449879-EBE0-40B8-9C06-27F2CFEA3F08}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{44449879-EBE0-40B8-9C06-27F2CFEA3F08}" => Key deleted successfully.
C:\Windows\System32\Tasks\{3220DBB6-FF80-4BC7-8CFC-266398CBD818} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3220DBB6-FF80-4BC7-8CFC-266398CBD818}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{54610AD2-E388-4A4C-8005-C8991D6F613E}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{54610AD2-E388-4A4C-8005-C8991D6F613E}" => Key deleted successfully.
C:\Windows\System32\Tasks\{C7A1259C-8733-4FB0-A5FB-2251D7A2544F} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C7A1259C-8733-4FB0-A5FB-2251D7A2544F}" => Key deleted successfully.
C:\Users\Davis\Downloads\av2010.exe => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8B62756C-9745-476B-9553-A692CC3B273A}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8B62756C-9745-476B-9553-A692CC3B273A}" => Key deleted successfully.
C:\Windows\System32\Tasks\{C7A1F552-6B92-4E31-A38F-1CD08E474CBA} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{C7A1F552-6B92-4E31-A38F-1CD08E474CBA}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ABB93203-2382-4FA6-B74F-C89BCCA8D3D8}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ABB93203-2382-4FA6-B74F-C89BCCA8D3D8}" => Key deleted successfully.
C:\Windows\System32\Tasks\{A595617A-202E-4039-AB93-7BAA35EE243B} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{A595617A-202E-4039-AB93-7BAA35EE243B}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B6C64676-82C7-443C-85AC-37F2A868D6DE}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B6C64676-82C7-443C-85AC-37F2A868D6DE}" => Key deleted successfully.
C:\Windows\System32\Tasks\{635D4329-AF3A-4E6A-9EE5-7F04ED0ED242} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{635D4329-AF3A-4E6A-9EE5-7F04ED0ED242}" => Key deleted successfully.

=> Result of Scheduled Files to move (Boot Mode: Normal) (Date&Time: 2014-10-09 13:47:57)<=

C:\Users\Davis\AppData\LocalLow\Temp\Ceqlpayahzd => Is moved successfully.

==== End of Fixlog ====



#6 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,015 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:06:36 AM

Posted 09 October 2014 - 02:06 PM

Hi smoth1,
 
Okay, good to know. I will remove the proxies.
 
Please download AdwCleaner by Xplode and save to your Desktop.

  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select Run As Administrator
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R#].txt) will open in Notepad for review (where the largest value of # represents the most recent report).
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • AdwCleaner scan log

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#7 smoth1

smoth1
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:36 AM

Posted 09 October 2014 - 03:24 PM

# AdwCleaner v3.311 - Report created 09/10/2014 at 15:16:44
# Updated 30/09/2014 by Xplode
# Operating System : Windows 7 Enterprise Service Pack 1 (64 bits)
# Username : Davis - DAVIS-PC
# Running from : C:\Users\Davis\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
Service Deleted : ExpatWd
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Expat Shield
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Expat Shield
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Expat Shield
Folder Deleted : C:\Users\Davis\AppData\Local\Temp\hotspot shield
Folder Deleted : C:\Users\Davis\AppData\Local\Temp\OCS
Folder Deleted : C:\Users\Davis\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Davis\AppData\Roaming\DesktopIconForAmazon
Folder Deleted : C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\54qm1ytm.default\ConduitCommon
File Deleted : C:\Windows\SysWOW64\conduitEngine.tmp
File Deleted : C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\54qm1ytm.default\invalidprefs.js
File Deleted : C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\54qm1ytm.default\user.js
File Deleted : C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_facebook.conduitapps.com_0.localstorage
File Deleted : C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\acaoakiamfeidcmgooclgeleejkbaecf
Key Deleted : HKCU\Software\MICROSOFT\INTERNET EXPLORER\DOMSTORAGE\superfish.com
Key Deleted : HKLM\SOFTWARE\Classes\AppID\SMBarBroker.EXE
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\ExpatIE.ExpatIEApp
Key Deleted : HKLM\SOFTWARE\Classes\ExpatIE.ExpatIEApp.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2776682
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3A188115-B81B-48F2-A958-F974C8F3F309}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FC36B0BD-27F0-4CDD-8AB1-50651EFC3EFD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{78CE34FD-F6D4-4866-B79C-A37268D06A04}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{80904944-C726-4C7D-A452-3FFF2A882095}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2D9B1B31-D034-4738-8F6E-40F0AFCC742C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F5A29F21-B121-48A0-A317-737AF8BB106A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FC36B0BD-27F0-4CDD-8AB1-50651EFC3EFD}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FC36B0BD-27F0-4CDD-8AB1-50651EFC3EFD}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{78CE34FD-F6D4-4866-B79C-A37268D06A04}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{80904944-C726-4C7D-A452-3FFF2A882095}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}
Key Deleted : HKCU\Software\anchorfree
Key Deleted : HKCU\Software\ExpatShield
Key Deleted : HKCU\Software\OCS
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\464AA55239C100F32AF2D438EDDC0F47
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5652BA3D5FB98AE31B337BF0AF939856
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EB95E1AFCBABE3DB9ECCC669B99494
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17280
 
 
-\\ Mozilla Firefox v32.0.3 (x86 en-US)
 
[ File : C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\54qm1ytm.default\prefs.js ]
 
Line Deleted : user_pref("extensions.mediaplayerconnectivity.activityViewPoint", false);
Line Deleted : user_pref("extensions.mediaplayerconnectivity.enableAutoplayViewPoint", false);
Line Deleted : user_pref("extensions.mediaplayerconnectivity.enableContextMenuViewPoint", true);
Line Deleted : user_pref("extensions.mediaplayerconnectivity.enableEmbedViewPoint", true);
Line Deleted : user_pref("extensions.mediaplayerconnectivity.enableFileViewPoint", true);
Line Deleted : user_pref("extensions.mediaplayerconnectivity.playerparamsviewpoint", "%f");
Line Deleted : user_pref("extensions.mediaplayerconnectivity.playerviewpoint", "");
Line Deleted : user_pref("extensions.vshareus@toolbar.install-event-fired", true);
 
-\\ Google Chrome v
 
[ File : C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://search.conduit.com/Results.aspx?q={searchTerms}&hl=en&SelfSearch=1&SearchSource=49&ctid=CT3072253
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [7093 octets] - [09/10/2014 15:02:55]
AdwCleaner[S0].txt - [6719 octets] - [09/10/2014 15:16:44]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [6779 octets] ##########


#8 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,015 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:06:36 AM

Posted 10 October 2014 - 11:03 AM

Hi smoth1,
 
How is your computer running now? Does the fake chrome still appear?
 
Please re-run FRST from the desktop (like you did before) and press the scan button. It will produce a FRST.txt log located on the desktop. Please copy and paste the log into your next reply.
 
xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#9 smoth1

smoth1
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:36 AM

Posted 10 October 2014 - 11:12 AM

Computer runs well. Thank You! The fake chrome is gone from the Task Manager.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-10-2014 01
Ran by Davis (administrator) on DAVIS-PC on 10-10-2014 11:08:29
Running from C:\Users\Davis\Downloads
Loaded Profiles: Davis & UpdatusUser (Available profiles: Davis & UpdatusUser)
Platform: Windows 7 Enterprise Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(VideoLAN) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
(Safer Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
() C:\Users\Davis\AppData\Local\Amazon Cloud Player\Amazon Music Helper.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\SetPoint.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
(Google Inc.) C:\Users\Davis\AppData\Local\Programs\Google\MusicManager\MusicManager.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
(Logitech, Inc.) C:\Program Files\Common Files\LogiShrd\KHAL3\KHALMNPR.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(BitTorrent Inc.) C:\Users\Davis\AppData\Roaming\uTorrent\uTorrent.exe
(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
(Google Inc.) C:\Users\Davis\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Davis\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Davis\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Davis\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Davis\AppData\Local\Google\Chrome\Application\chrome.exe
(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Hola Networks Ltd.) C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\54qm1ytm.default\extensions\jid1-4P0kohSJxU1qGg@jetpack\resources\hola_firefox_ext\data\plugins\hola_plugin_x64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Logitech, Inc.) C:\Program Files\Logitech\SetPointP\LogiAppBroker.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_15_0_0_152.exe
(Google Inc.) C:\Users\Davis\AppData\Local\Google\Chrome\Application\chrome.exe
(VideoLAN) C:\Program Files (x86)\VideoLAN\VLC\vlc.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Java\jre6\bin\jusched.exe [170496 2009-11-09] (Sun Microsystems, Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3100440 2014-05-19] (Logitech, Inc.)
HKLM-x32\...\Run: [Malwarebytes' Anti-Malware] => C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [429392 2010-01-07] (Malwarebytes Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-1390287032-106715065-4098289439-1001\...\Run: [SpybotSD TeaTimer] => C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-1390287032-106715065-4098289439-1001\...\Run: [MusicManager] => C:\Users\Davis\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7631872 2014-07-22] (Google Inc.)
HKU\S-1-5-21-1390287032-106715065-4098289439-1001\...\Run: [Google Update] => C:\Users\Davis\AppData\Local\Google\Update\GoogleUpdate.exe [136176 2011-02-05] (Google Inc.)
HKU\S-1-5-21-1390287032-106715065-4098289439-1001\...\Run: [Plex Media Server] => C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [4419720 2014-04-09] (Plex, Inc.)
HKU\S-1-5-21-1390287032-106715065-4098289439-1001\...\Run: [uTorrent] => C:\Users\Davis\AppData\Roaming\uTorrent\uTorrent.exe [1690704 2014-10-08] (BitTorrent Inc.)
HKU\S-1-5-21-1390287032-106715065-4098289439-1001\...\MountPoints2: N - N:\LaunchU3.exe -a
HKU\S-1-5-21-1390287032-106715065-4098289439-1001\...\MountPoints2: {4dcfc541-cd85-11de-aa93-cdf9e890c269} - M:\LaunchU3.exe -a
HKU\S-1-5-21-1390287032-106715065-4098289439-1001\...\MountPoints2: {91e6c062-4b92-11df-8482-08002700c067} - O:\LaunchU3.exe -a
HKU\S-1-5-21-1390287032-106715065-4098289439-1001\...\MountPoints2: {91e6c06d-4b92-11df-8482-08002700c067} - N:\LaunchU3.exe -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\VLC media player.lnk
ShortcutTarget: VLC media player.lnk -> C:\Program Files (x86)\VideoLAN\VLC\vlc.exe (VideoLAN)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: 95.52.125.17:80
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x5E251E11C5F1CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://search.yahoo.com/?type=711278&fr=sp_tr_ie
URLSearchHook: HKCU - (No Name) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - No File
SearchScopes: HKCU - {3F5FC2EA-A2BD-47C3-80E8-8360C1E4F423} URL = https://search.yahoo.com/search?fr=sp_tr_ie&ei=utf-8&ilc=12&type=711278&p={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO-x32: No Name -> {3706EE7C-3CAD-445D-8A43-03EBC3B75908} ->  No File
BHO-x32: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Toolbar: HKCU - No Name - {51A86BB3-6602-4C85-92A5-130EE4864F13} -  No File
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15101/CTSUEng.cab
DPF: HKLM-x32 {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15112/CTPID.cab
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\54qm1ytm.default
FF NewTab: google.com
FF Homepage: https://www.google.com/
FF NetworkProxy: "http", "128.208.4.99"
FF NetworkProxy: "http_port", 3128
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 -> C:\Users\Davis\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 -> C:\Users\Davis\AppData\Local\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npOGAPlugin.dll (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF SearchPlugin: C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\54qm1ytm.default\searchplugins\beeradvocate---respect-beer.xml
FF SearchPlugin: C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\54qm1ytm.default\searchplugins\clip.xml
FF SearchPlugin: C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\54qm1ytm.default\searchplugins\demonoid-torrent-pool.xml
FF SearchPlugin: C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\54qm1ytm.default\searchplugins\dictionarycom.xml
FF SearchPlugin: C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\54qm1ytm.default\searchplugins\google-maps.xml
FF SearchPlugin: C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\54qm1ytm.default\searchplugins\monovaorg--download-movies-tv-music-software-games-anime--ad.xml
FF SearchPlugin: C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\54qm1ytm.default\searchplugins\mozilla-add-ons.xml
FF SearchPlugin: C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\54qm1ytm.default\searchplugins\neweggcom---computer-parts-pc-components-laptop-computers-di.xml
FF SearchPlugin: C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\54qm1ytm.default\searchplugins\nutritiondata.xml
FF SearchPlugin: C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\54qm1ytm.default\searchplugins\scrapetorrent.xml
FF SearchPlugin: C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\54qm1ytm.default\searchplugins\the-internet-movie-database-imdb-.xml
FF SearchPlugin: C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\54qm1ytm.default\searchplugins\tube.xml
FF SearchPlugin: C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\54qm1ytm.default\searchplugins\tvtorrents.xml
FF SearchPlugin: C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\54qm1ytm.default\searchplugins\urban-dictionary.xml
FF SearchPlugin: C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\54qm1ytm.default\searchplugins\yahoo_ff.xml
FF SearchPlugin: C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\54qm1ytm.default\searchplugins\youtube-video-search.xml
FF Extension: Hola Better Internet - C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\54qm1ytm.default\Extensions\jid1-4P0kohSJxU1qGg@jetpack [2014-10-08]
FF Extension: NetVideoHunter - C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\54qm1ytm.default\Extensions\netvideohunter@netvideohunter.com [2014-07-29]
FF Extension: TinEye Reverse Image Search - C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\54qm1ytm.default\Extensions\tineye@ideeinc.com [2011-03-05]
FF Extension: Tab Preview - C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\54qm1ytm.default\Extensions\{1de0de3c-0b5c-4f67-90c6-689623894991} [2009-11-09]
FF Extension: Unhide Passwords - C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\54qm1ytm.default\Extensions\{2e17e2b2-b8d4-4a67-8d7b-fafa6cc9d1d0} [2012-04-29]
FF Extension: Linkification - C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\54qm1ytm.default\Extensions\{35106bca-6c78-48c7-ac28-56df30b51d2a} [2010-02-28]
FF Extension: DownloadHelper - C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\54qm1ytm.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2014-09-06]
FF Extension: Add to Search Bar - C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\54qm1ytm.default\Extensions\add-to-searchbox@maltekraus.de.xpi [2013-11-06]
FF Extension: Exif Viewer - C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\54qm1ytm.default\Extensions\exif_viewer@mozilla.doslash.org.xpi [2011-06-17]
FF Extension: Ghostery - C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\54qm1ytm.default\Extensions\firefox@ghostery.com.xpi [2014-08-19]
FF Extension: Sort Tabs - C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\54qm1ytm.default\Extensions\sort-tabs@erikvold.com.xpi [2011-10-30]
FF Extension: Session Manager - C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\54qm1ytm.default\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2011-07-16]
FF Extension: Unhide Passwords - C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\54qm1ytm.default\Extensions\{2e17e2b2-b8d4-4a67-8d7b-fafa6cc9d1d0}.xpi [2011-05-07]
FF Extension: Track Package - C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\54qm1ytm.default\Extensions\{3f669128-5ad3-4053-ad9b-1afc4ea24c28}.xpi [2012-11-18]
FF Extension: NoScript - C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\54qm1ytm.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011-04-01]
FF Extension: Page Title Eraser - C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\54qm1ytm.default\Extensions\{791DB184-BFBA-11DA-9C61-0638DF403F48}.xpi [2011-03-31]
FF Extension: Unlinker - C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\54qm1ytm.default\Extensions\{8ed952a0-199c-11d9-9669-0800200c9a66}.xpi [2012-11-28]
FF Extension: Download YouTube Videos as MP4 - C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\54qm1ytm.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2013-07-24]
FF Extension: Adblock Plus - C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\54qm1ytm.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2011-04-07]
FF Extension: Tab Mix Plus - C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\54qm1ytm.default\Extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2011-05-11]
FF Extension: Greasemonkey - C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\54qm1ytm.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012-08-24]
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-09-22]

Chrome:
=======
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Davis\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (Shockwave Flash) - C:\Users\Davis\AppData\Local\Google\Chrome\Application\38.0.2125.101\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Users\Davis\AppData\Local\Google\Chrome\Application\38.0.2125.101\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Users\Davis\AppData\Local\Google\Chrome\Application\38.0.2125.101\pdf.dll ()
CHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\np-mswmp.dll (Microsoft Corporation)
CHR Plugin: (Java Deployment Toolkit 6.0.260.3) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Windows Genuine Advantage) - C:\Program Files (x86)\Mozilla Firefox\plugins\npLegitCheckPlugin.dll (Microsoft Corporation)
CHR Plugin: (Office Genuine Advantage) - C:\Program Files (x86)\Mozilla Firefox\plugins\npOGAPlugin.dll (Microsoft Corporation)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Microsoft Office 2013) - C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll No File
CHR Plugin: (Java™ Platform SE 6 U26) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll No File
CHR Plugin: (Microsoft Office 2013) - C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
CHR Plugin: (Google Update) - C:\Users\Davis\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Profile: C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (Proxy Switchy!) - C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\caehdcpeofiiigpdhbabniblemipncjj [2011-04-07]
CHR Extension: (Adblock Plus) - C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-09-08]
CHR Extension: (Google Wallet) - C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-29]
CHR Extension: (ScriptSafe) - C:\Users\Davis\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf [2014-09-08]
CHR HKLM-x32\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\Davis\AppData\Local\Temp\ccex.crx []
CHR StartMenuInternet: Google Chrome - C:\Users\Davis\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [15768 2010-02-02] (Microsoft Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [236368 2010-01-07] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 SBSDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
R2 VLC media player; C:\Program Files (x86)\VideoLAN\VLC\vlc.exe [126995 2014-02-04] (VideoLAN) [File not signed]
S3 KiesAllShare; C:\Program Files (x86)\Samsung\Kies\WiselinkPro\WiselinkPro.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [138280 2012-03-02] (Broadcom Corporation.)
S3 dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys [20552 2010-10-25] (Devguru Co., Ltd)
S3 dgderdrv; C:\Windows\SysWOW64\drivers\dgderdrv.sys [18120 2010-10-25] (Devguru Co., Ltd)
S3 Logi_Headset_DFU; C:\Windows\System32\Drivers\lhusbdfuamd64.sys [44136 2014-03-07] (CSR plc.)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [22104 2010-01-07] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
R0 SI3112r; C:\Windows\System32\DRIVERS\SI3112r.sys [133160 2007-12-26] (Silicon Image, Inc)
R0 SiFilter; C:\Windows\System32\DRIVERS\SiWinAcc.sys [22056 2007-12-26] (Silicon Image, Inc)
S3 taphss6; C:\Windows\System32\DRIVERS\taphss6.sys [42184 2014-05-06] (Anchorfree Inc.)
S3 Jukebox3_x64; system32\DRIVERS\ctpdusbx.sys [X]
S3 pbfilter; \??\C:\Users\Davis\AppData\Local\Temp\Rar$EX00.890\pbfilter.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfdx64.sys [X]
S3 sxuptp; system32\DRIVERS\sxuptp.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-09 16:57 - 2014-08-18 16:56 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-09 16:43 - 2014-10-10 10:31 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-10-09 16:43 - 2014-10-09 16:43 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-10-09 16:43 - 2014-10-09 16:43 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-10-09 16:43 - 2014-10-09 16:43 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-10-09 16:40 - 2014-10-09 16:57 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-09 15:03 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-10-09 15:02 - 2014-10-09 15:16 - 00000000 ____D () C:\AdwCleaner
2014-10-09 15:02 - 2014-10-09 15:02 - 01375089 _____ () C:\Users\Davis\Downloads\AdwCleaner.exe
2014-10-09 14:16 - 2011-02-25 01:19 - 02871808 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2014-10-09 14:16 - 2011-02-25 00:30 - 02616320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2014-10-09 14:10 - 2012-02-11 01:36 - 00559104 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2014-10-09 14:10 - 2012-02-11 01:36 - 00067072 _____ (Microsoft Corporation) C:\Windows\splwow64.exe
2014-10-09 09:44 - 2013-05-10 00:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-09 09:44 - 2013-05-10 00:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-09 09:44 - 2013-05-09 23:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-10-09 09:44 - 2013-05-09 23:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-10-09 09:25 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2014-10-09 09:14 - 2014-10-09 09:14 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-09 09:14 - 2014-10-09 09:14 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-09 09:14 - 2014-10-09 09:14 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-09 09:14 - 2014-10-09 09:14 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-09 09:14 - 2014-10-09 09:14 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-09 09:14 - 2014-10-09 09:14 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-09 09:14 - 2014-10-09 09:14 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-09 09:14 - 2014-10-09 09:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-09 09:14 - 2014-10-09 09:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-09 09:14 - 2014-10-09 09:14 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-09 09:14 - 2014-10-09 09:14 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-09 09:14 - 2014-10-09 09:14 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-09 09:14 - 2014-10-09 09:14 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-09 09:14 - 2014-10-09 09:14 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-09 09:14 - 2014-10-09 09:14 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-09 09:14 - 2014-10-09 09:14 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-09 09:14 - 2014-10-09 09:14 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-09 09:14 - 2014-10-09 09:14 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-09 09:14 - 2014-10-09 09:14 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2014-10-09 09:14 - 2014-10-09 09:14 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-09 09:14 - 2014-10-09 09:14 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-10-09 09:14 - 2014-10-09 09:14 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-09 09:14 - 2014-10-09 09:14 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-09 09:14 - 2014-10-09 09:14 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-09 09:14 - 2014-10-09 09:14 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-09 09:14 - 2014-10-09 09:14 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2014-10-09 09:14 - 2014-10-09 09:14 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2014-10-09 09:14 - 2014-10-09 09:14 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2014-10-09 09:14 - 2014-10-09 09:14 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-10-09 09:14 - 2014-10-09 09:14 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-09 09:14 - 2014-10-09 09:14 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-09 09:14 - 2014-10-09 09:14 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-09 09:14 - 2014-10-09 09:14 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-09 09:14 - 2014-10-09 09:14 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-09 09:14 - 2014-10-09 09:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-09 09:14 - 2014-10-09 09:14 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-09 09:14 - 2014-10-09 09:14 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-10-09 09:14 - 2014-10-09 09:14 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-09 09:14 - 2014-10-09 09:14 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-09 09:14 - 2014-10-09 09:14 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-10-09 09:14 - 2014-10-09 09:14 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-09 09:14 - 2014-10-09 09:14 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-09 09:14 - 2014-10-09 09:14 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2014-10-09 09:14 - 2014-10-09 09:14 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-09 09:14 - 2014-10-09 09:14 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-10-09 09:14 - 2014-10-09 09:14 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-10-09 09:14 - 2014-10-09 09:14 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2014-10-09 09:14 - 2014-10-09 09:14 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-10-09 09:14 - 2014-10-09 09:14 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-10-09 09:14 - 2014-10-09 09:14 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-09 09:14 - 2014-10-09 09:14 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2014-10-09 09:14 - 2014-10-09 09:14 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2014-10-09 09:14 - 2014-10-09 09:14 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-10-09 09:14 - 2014-10-09 09:14 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-09 09:14 - 2014-10-09 09:14 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-10-09 09:14 - 2014-10-09 09:14 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-10-09 09:14 - 2014-10-09 09:14 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-10-09 09:14 - 2014-10-09 09:14 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-10-09 09:14 - 2014-10-09 09:14 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-09 09:14 - 2014-10-09 09:14 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-10-09 09:14 - 2014-10-09 09:14 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-10-09 09:14 - 2014-10-09 09:14 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-10-09 09:14 - 2014-10-09 09:14 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-10-09 09:14 - 2014-10-09 09:14 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-09 09:14 - 2014-10-09 09:14 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-10-09 09:14 - 2014-10-09 09:14 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-09 09:14 - 2014-10-09 09:14 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-10-09 09:14 - 2014-10-09 09:14 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-10-09 09:14 - 2014-10-09 09:14 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2014-10-09 09:14 - 2014-10-09 09:14 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-10-09 09:14 - 2014-10-09 09:14 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2014-10-09 09:14 - 2014-10-09 09:14 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-09 09:14 - 2014-10-09 09:14 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-09 09:14 - 2014-10-09 09:14 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-10-09 09:14 - 2014-10-09 09:14 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2014-10-09 09:14 - 2014-10-09 09:14 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-10-09 09:14 - 2014-10-09 09:14 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2014-10-09 09:14 - 2014-10-09 09:14 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-09 09:14 - 2014-10-09 09:14 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2014-10-09 09:14 - 2014-10-09 09:14 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-09 09:14 - 2014-10-09 09:14 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2014-10-09 09:14 - 2014-10-09 09:14 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-09 09:14 - 2014-10-09 09:14 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-10-09 09:14 - 2014-10-09 09:14 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-10-09 09:14 - 2014-10-09 09:14 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-09 09:14 - 2014-10-09 09:14 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-09 09:14 - 2014-10-09 09:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-09 09:14 - 2014-10-09 09:14 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-10-09 09:14 - 2014-10-09 09:14 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-10-09 09:14 - 2014-10-09 09:14 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-09 09:14 - 2014-10-09 09:14 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-09 09:14 - 2014-10-09 09:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2014-10-09 09:14 - 2014-10-09 09:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2014-10-09 09:14 - 2014-10-09 09:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-09 09:14 - 2014-10-09 09:14 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-10-09 09:14 - 2014-10-09 09:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-10-09 09:14 - 2014-10-09 09:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-09 09:14 - 2014-10-09 09:14 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-10-09 09:14 - 2014-10-09 09:14 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-09 09:14 - 2014-10-09 09:14 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-09 09:14 - 2014-10-09 09:14 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-10-09 09:14 - 2014-10-09 09:14 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-10-09 09:14 - 2014-10-09 09:14 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-10-09 09:14 - 2014-10-09 09:14 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-10-09 09:14 - 2014-10-09 09:14 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-10-09 09:14 - 2014-10-09 09:14 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-10-09 09:14 - 2014-10-09 09:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-09 09:08 - 2014-10-09 09:25 - 00009455 _____ () C:\Windows\IE11_main.log
2014-10-09 04:22 - 2012-07-25 22:08 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2014-10-09 04:22 - 2012-07-25 22:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2014-10-09 04:22 - 2012-07-25 21:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2014-10-09 04:22 - 2012-07-25 21:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2014-10-09 04:21 - 2012-07-25 22:08 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2014-10-09 04:21 - 2012-07-25 22:08 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2014-10-09 04:21 - 2012-07-25 22:08 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2014-10-09 04:21 - 2012-06-02 09:57 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2014-10-09 03:38 - 2014-06-26 21:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-10-09 03:38 - 2014-06-26 20:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-10-09 03:10 - 2014-06-30 17:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-10-09 03:10 - 2014-06-30 17:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-10-09 03:10 - 2014-03-09 16:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-10-09 03:10 - 2014-03-09 16:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-10-09 03:10 - 2014-03-09 16:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-10-09 03:10 - 2014-03-09 16:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2014-10-09 03:09 - 2014-06-06 01:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-10-09 03:09 - 2014-06-06 01:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-10-08 23:15 - 2014-10-08 23:15 - 00000867 _____ () C:\Users\Davis\Desktop\µTorrent.lnk
2014-10-08 23:10 - 2014-10-08 23:10 - 01690704 _____ (BitTorrent Inc.) C:\Users\Davis\Downloads\uTorrent(1).exe
2014-10-08 17:59 - 2014-01-27 21:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-10-08 17:59 - 2013-10-29 21:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2014-10-08 17:59 - 2013-10-29 21:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2014-10-08 17:59 - 2013-07-09 00:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-08 17:59 - 2013-07-08 23:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-08 17:59 - 2013-07-04 07:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2014-10-08 17:59 - 2013-07-04 06:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2014-10-08 17:59 - 2013-03-19 00:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2014-10-08 17:59 - 2012-10-09 13:17 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2014-10-08 17:59 - 2012-10-09 13:17 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2014-10-08 17:59 - 2012-10-09 12:40 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2014-10-08 17:59 - 2012-10-09 12:40 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2014-10-08 17:59 - 2012-01-04 05:44 - 00509952 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll
2014-10-08 17:59 - 2012-01-04 03:58 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2014-10-08 17:59 - 2011-06-16 00:49 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\xmllite.dll
2014-10-08 17:59 - 2011-06-15 23:33 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xmllite.dll
2014-10-08 17:58 - 2014-08-01 06:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-10-08 17:58 - 2014-08-01 06:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-10-08 17:58 - 2014-04-24 21:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-10-08 17:58 - 2014-04-24 21:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-10-08 17:58 - 2011-05-04 00:25 - 02315776 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2014-10-08 17:58 - 2011-05-04 00:22 - 02223616 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2014-10-08 17:58 - 2011-05-04 00:22 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2014-10-08 17:58 - 2011-05-04 00:22 - 00491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2014-10-08 17:58 - 2011-05-04 00:22 - 00288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2014-10-08 17:58 - 2011-05-04 00:22 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2014-10-08 17:58 - 2011-05-04 00:19 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2014-10-08 17:58 - 2011-05-04 00:19 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2014-10-08 17:58 - 2011-05-04 00:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2014-10-08 17:58 - 2011-05-03 23:34 - 01549312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2014-10-08 17:58 - 2011-05-03 23:32 - 01401344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2014-10-08 17:58 - 2011-05-03 23:32 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2014-10-08 17:58 - 2011-05-03 23:32 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2014-10-08 17:58 - 2011-05-03 23:32 - 00197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2014-10-08 17:58 - 2011-05-03 23:32 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2014-10-08 17:58 - 2011-05-03 23:28 - 00427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2014-10-08 17:58 - 2011-05-03 23:28 - 00164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2014-10-08 17:58 - 2011-05-03 23:28 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2014-10-08 17:57 - 2014-04-04 21:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-10-08 17:57 - 2014-04-04 21:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-10-08 17:57 - 2014-01-28 21:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-10-08 17:57 - 2014-01-28 21:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-10-08 17:57 - 2013-12-31 18:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls
2014-10-08 17:57 - 2013-12-31 18:04 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-10-08 17:57 - 2013-11-26 06:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-10-08 17:57 - 2013-11-23 13:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2014-10-08 17:57 - 2013-11-23 12:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2014-10-08 17:57 - 2013-10-18 21:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-10-08 17:57 - 2013-10-18 20:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2014-10-08 17:57 - 2013-10-05 15:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-08 17:57 - 2013-10-05 14:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-08 17:57 - 2013-07-09 00:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-08 17:57 - 2013-07-09 00:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2014-10-08 17:57 - 2013-07-08 23:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-08 17:57 - 2013-07-08 23:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2014-10-08 17:56 - 2014-06-23 22:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-10-08 17:56 - 2014-06-23 21:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-10-08 17:56 - 2014-03-26 09:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-10-08 17:56 - 2014-03-26 09:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-10-08 17:56 - 2014-03-26 09:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-10-08 17:56 - 2014-03-26 09:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-10-08 17:56 - 2014-03-26 09:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-10-08 17:56 - 2014-03-26 09:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-10-08 17:56 - 2014-03-26 09:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-10-08 17:56 - 2014-03-26 09:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-10-08 17:56 - 2011-12-30 01:26 - 00515584 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
2014-10-08 17:56 - 2011-12-30 00:27 - 00478720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2014-10-08 17:55 - 2014-06-17 21:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-10-08 17:55 - 2014-06-17 20:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-10-08 17:55 - 2014-05-08 04:32 - 01112064 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-10-08 17:55 - 2013-12-03 21:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-10-08 17:55 - 2013-12-03 21:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-10-08 17:55 - 2013-12-03 21:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-10-08 17:55 - 2013-12-03 21:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-10-08 17:55 - 2013-12-03 21:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-10-08 17:55 - 2013-12-03 21:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-10-08 17:55 - 2013-12-03 21:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-10-08 17:55 - 2013-12-03 21:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-10-08 17:55 - 2013-12-03 21:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-10-08 17:55 - 2013-12-03 21:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2014-10-08 17:55 - 2013-12-03 21:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2014-10-08 17:55 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2014-10-08 17:55 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2014-10-08 17:55 - 2013-12-03 21:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2014-10-08 17:55 - 2013-12-03 20:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2014-10-08 17:55 - 2013-12-03 20:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2014-10-08 17:55 - 2013-12-03 20:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2014-10-08 17:55 - 2013-12-03 20:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2014-10-08 17:55 - 2013-10-03 21:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2014-10-08 17:55 - 2013-10-03 21:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2014-10-08 17:55 - 2013-10-03 21:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2014-10-08 17:55 - 2013-10-03 20:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2014-10-08 17:55 - 2013-10-03 20:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2014-10-08 17:55 - 2013-10-03 20:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-10-08 17:55 - 2013-08-04 21:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2014-10-08 17:55 - 2013-06-06 00:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2014-10-08 17:55 - 2013-06-06 00:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2014-10-08 17:55 - 2013-06-06 00:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2014-10-08 17:55 - 2013-06-06 00:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2014-10-08 17:55 - 2013-06-05 23:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2014-10-08 17:55 - 2013-06-05 23:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2014-10-08 17:55 - 2013-06-05 23:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2014-10-08 17:55 - 2013-06-05 22:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2014-10-08 17:55 - 2013-06-05 22:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2014-10-08 17:55 - 2013-06-05 22:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2014-10-08 17:54 - 2014-06-06 05:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-10-08 17:54 - 2014-06-06 04:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-10-08 17:54 - 2013-11-26 20:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-10-08 17:54 - 2013-11-26 20:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-10-08 17:54 - 2013-11-26 20:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-10-08 17:54 - 2013-11-26 20:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-10-08 17:54 - 2013-11-26 20:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-10-08 17:54 - 2013-11-26 20:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2014-10-08 17:54 - 2013-11-26 20:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-10-08 17:54 - 2013-04-25 18:30 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2014-10-08 17:54 - 2013-03-31 17:52 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2014-10-08 17:54 - 2012-08-22 13:12 - 00950128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2014-10-08 17:54 - 2012-07-04 15:26 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys
2014-10-08 17:53 - 2014-05-30 01:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-10-08 17:53 - 2013-07-25 04:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2014-10-08 17:53 - 2013-07-25 03:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2014-10-08 17:53 - 2013-07-12 05:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2014-10-08 17:53 - 2013-06-25 17:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2014-10-08 17:53 - 2012-10-03 12:44 - 00303104 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2014-10-08 17:53 - 2012-10-03 12:44 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll
2014-10-08 17:53 - 2012-10-03 12:44 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2014-10-08 17:53 - 2012-10-03 12:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2014-10-08 17:53 - 2012-10-03 12:44 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2014-10-08 17:53 - 2012-10-03 12:42 - 00569344 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2014-10-08 17:53 - 2012-10-03 11:42 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2014-10-08 17:53 - 2012-10-03 11:42 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2014-10-08 17:53 - 2012-10-03 11:42 - 00018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2014-10-08 17:53 - 2012-10-03 11:07 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2014-10-08 17:53 - 2012-01-13 02:12 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2014-10-08 17:52 - 2014-06-03 05:02 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-08 17:52 - 2014-06-03 05:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-10-08 17:52 - 2014-06-03 05:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-10-08 17:52 - 2014-06-03 05:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-10-08 17:52 - 2014-06-03 04:29 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-08 17:52 - 2014-06-03 04:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-10-08 17:52 - 2014-06-03 04:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-10-08 17:52 - 2014-03-04 04:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-08 17:52 - 2014-03-04 04:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-10-08 17:52 - 2014-03-04 04:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-10-08 17:52 - 2014-03-04 04:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-10-08 17:52 - 2014-03-04 04:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-08 17:52 - 2014-03-04 04:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-10-08 17:52 - 2014-03-04 04:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-10-08 17:52 - 2014-03-04 04:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-10-08 17:52 - 2014-03-04 04:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-10-08 17:52 - 2014-03-04 04:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-10-08 17:52 - 2014-03-04 04:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-08 17:52 - 2014-03-04 04:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-08 17:52 - 2014-03-04 04:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-10-08 17:52 - 2014-03-04 04:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-10-08 17:52 - 2014-03-04 04:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-10-08 17:52 - 2014-03-04 04:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-10-08 17:52 - 2014-03-04 04:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-10-08 17:52 - 2014-03-04 04:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-10-08 17:52 - 2014-03-04 04:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-10-08 17:52 - 2014-03-04 04:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-10-08 17:52 - 2013-08-01 21:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2014-10-08 17:52 - 2013-08-01 21:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2014-10-08 17:52 - 2013-08-01 20:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2014-10-08 17:52 - 2013-08-01 19:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2014-10-08 17:52 - 2013-07-04 07:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2014-10-08 17:52 - 2013-07-04 07:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2014-10-08 17:52 - 2013-07-04 06:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2014-10-08 17:52 - 2013-07-04 06:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2014-10-08 17:52 - 2013-07-04 05:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2014-10-08 17:52 - 2013-07-02 23:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2014-10-08 17:52 - 2013-07-02 23:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2014-10-08 17:52 - 2012-05-01 00:40 - 00209920 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2014-10-08 17:51 - 2014-09-24 21:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-10-08 17:51 - 2014-09-24 20:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-10-08 17:51 - 2014-06-15 21:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-10-08 17:51 - 2013-11-26 03:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-10-08 17:51 - 2013-11-22 17:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-10-08 17:51 - 2013-09-07 21:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2014-10-08 17:51 - 2013-09-07 21:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2014-10-08 17:51 - 2013-06-14 23:32 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-08 17:51 - 2012-12-07 08:20 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2014-10-08 17:51 - 2012-12-07 08:15 - 02746368 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2014-10-08 17:51 - 2012-12-07 07:26 - 00308736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2014-10-08 17:51 - 2012-12-07 07:20 - 02576384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
2014-10-08 17:51 - 2012-12-07 06:20 - 00045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs
2014-10-08 17:51 - 2012-12-07 06:20 - 00044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs
2014-10-08 17:51 - 2012-12-07 06:20 - 00043520 _____ (Microsoft) C:\Windows\system32\csrr.rs
2014-10-08 17:51 - 2012-12-07 06:20 - 00030720 _____ (Microsoft) C:\Windows\system32\usk.rs
2014-10-08 17:51 - 2012-12-07 06:20 - 00023552 _____ (Microsoft) C:\Windows\system32\oflc.rs
2014-10-08 17:51 - 2012-12-07 06:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs
2014-10-08 17:51 - 2012-12-07 06:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs
2014-10-08 17:51 - 2012-12-07 06:19 - 00055296 _____ (Microsoft) C:\Windows\system32\cero.rs
2014-10-08 17:51 - 2012-12-07 06:19 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs
2014-10-08 17:51 - 2012-12-07 06:19 - 00046592 _____ (Microsoft) C:\Windows\system32\fpb.rs
2014-10-08 17:51 - 2012-12-07 06:19 - 00040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs
2014-10-08 17:51 - 2012-12-07 06:19 - 00021504 _____ (Microsoft) C:\Windows\system32\grb.rs
2014-10-08 17:51 - 2012-12-07 06:19 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi.rs
2014-10-08 17:51 - 2012-12-07 06:19 - 00015360 _____ (Microsoft) C:\Windows\system32\djctq.rs
2014-10-08 17:51 - 2012-12-07 05:46 - 00055296 _____ (Microsoft) C:\Windows\SysWOW64\cero.rs
2014-10-08 17:51 - 2012-12-07 05:46 - 00051712 _____ (Microsoft) C:\Windows\SysWOW64\esrb.rs
2014-10-08 17:51 - 2012-12-07 05:46 - 00046592 _____ (Microsoft) C:\Windows\SysWOW64\fpb.rs
2014-10-08 17:51 - 2012-12-07 05:46 - 00045568 _____ (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs
2014-10-08 17:51 - 2012-12-07 05:46 - 00044544 _____ (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs
2014-10-08 17:51 - 2012-12-07 05:46 - 00043520 _____ (Microsoft) C:\Windows\SysWOW64\csrr.rs
2014-10-08 17:51 - 2012-12-07 05:46 - 00040960 _____ (Microsoft) C:\Windows\SysWOW64\cob-au.rs
2014-10-08 17:51 - 2012-12-07 05:46 - 00030720 _____ (Microsoft) C:\Windows\SysWOW64\usk.rs
2014-10-08 17:51 - 2012-12-07 05:46 - 00023552 _____ (Microsoft) C:\Windows\SysWOW64\oflc.rs
2014-10-08 17:51 - 2012-12-07 05:46 - 00021504 _____ (Microsoft) C:\Windows\SysWOW64\grb.rs
2014-10-08 17:51 - 2012-12-07 05:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs
2014-10-08 17:51 - 2012-12-07 05:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs
2014-10-08 17:51 - 2012-12-07 05:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi.rs
2014-10-08 17:51 - 2012-12-07 05:46 - 00015360 _____ (Microsoft) C:\Windows\SysWOW64\djctq.rs
2014-10-08 17:51 - 2012-08-21 16:01 - 00245760 _____ (Microsoft Corporation) C:\Windows\system32\OxpsConverter.exe
2014-10-08 17:50 - 2013-08-28 21:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-10-08 17:50 - 2013-08-28 21:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2014-10-08 17:50 - 2013-08-28 21:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2014-10-08 17:50 - 2013-08-28 20:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-10-08 17:50 - 2013-08-28 20:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2014-10-08 17:50 - 2013-08-28 20:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2014-10-08 17:49 - 2014-02-03 21:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-10-08 17:49 - 2014-02-03 21:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-10-08 17:49 - 2014-02-03 21:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-10-08 17:49 - 2014-02-03 21:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-10-08 17:49 - 2014-02-03 21:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-10-08 17:49 - 2012-07-06 15:07 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2014-10-08 17:48 - 2014-05-30 03:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-10-08 17:48 - 2014-05-30 03:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-10-08 17:48 - 2014-05-30 03:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-10-08 17:48 - 2014-05-30 03:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-10-08 17:48 - 2014-05-30 03:08 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-08 17:48 - 2014-05-30 03:08 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-08 17:48 - 2014-05-30 02:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-10-08 17:48 - 2014-05-30 02:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-10-08 17:48 - 2014-05-30 02:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-10-08 17:48 - 2014-05-30 02:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-10-08 17:48 - 2014-05-30 02:52 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-08 17:48 - 2014-05-30 02:52 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-08 17:48 - 2013-07-25 21:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2014-10-08 17:48 - 2013-07-25 20:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2014-10-08 17:47 - 2014-09-09 17:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-10-08 17:47 - 2014-09-09 16:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-10-08 17:45 - 2014-06-24 21:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-10-08 17:45 - 2014-06-24 20:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-10-08 17:45 - 2013-07-20 05:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-10-08 17:45 - 2013-07-20 05:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-10-08 17:45 - 2013-05-10 00:49 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2014-10-08 17:45 - 2013-05-09 22:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2014-10-08 17:45 - 2011-03-11 01:41 - 00410496 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys
2014-10-08 17:45 - 2011-03-11 01:41 - 00166272 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys
2014-10-08 17:45 - 2011-03-11 01:41 - 00148352 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys
2014-10-08 17:45 - 2011-03-11 01:41 - 00107904 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdsata.sys
2014-10-08 17:45 - 2011-03-11 01:41 - 00027008 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdxata.sys
2014-10-08 17:45 - 2011-03-11 01:33 - 02565632 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2014-10-08 17:45 - 2011-03-11 01:30 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\fsutil.exe
2014-10-08 17:45 - 2011-03-11 00:33 - 01699328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2014-10-08 17:45 - 2011-03-11 00:31 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fsutil.exe
2014-10-08 17:45 - 2011-03-10 23:37 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2014-10-08 17:44 - 2014-07-06 21:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-10-08 17:44 - 2014-07-06 21:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-10-08 17:44 - 2014-07-06 20:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-10-08 17:44 - 2014-07-06 20:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-10-08 17:44 - 2014-07-06 20:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-10-08 17:44 - 2014-04-11 21:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-10-08 17:44 - 2014-04-11 21:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-10-08 17:44 - 2014-04-11 21:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-10-08 17:44 - 2014-04-11 21:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-10-08 17:44 - 2014-04-11 21:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-10-08 17:44 - 2014-04-11 21:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-10-08 17:44 - 2014-03-04 04:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-10-08 17:44 - 2014-03-04 04:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-10-08 17:44 - 2014-03-04 04:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-10-08 17:44 - 2014-03-04 04:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-10-08 17:44 - 2014-03-04 04:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-10-08 17:44 - 2014-03-04 04:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-10-08 17:44 - 2014-03-04 04:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-10-08 17:44 - 2014-03-04 04:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-10-08 17:44 - 2014-03-04 04:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-10-08 17:44 - 2014-03-04 03:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-10-08 17:44 - 2014-03-04 03:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-10-08 17:44 - 2014-01-23 21:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-10-08 17:44 - 2013-10-11 21:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-10-08 17:44 - 2013-10-11 21:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-10-08 17:44 - 2013-10-11 21:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2014-10-08 17:44 - 2013-10-11 21:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2014-10-08 17:44 - 2013-10-11 20:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-10-08 17:44 - 2013-10-11 20:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-10-08 17:44 - 2013-10-11 20:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2014-10-08 17:44 - 2013-10-11 20:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2014-10-08 17:44 - 2013-08-01 21:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2014-10-08 17:44 - 2013-08-01 21:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2014-10-08 17:44 - 2013-08-01 21:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2014-10-08 17:44 - 2013-08-01 21:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2014-10-08 17:44 - 2013-08-01 21:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2014-10-08 17:44 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2014-10-08 17:44 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2014-10-08 17:44 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2014-10-08 17:44 - 2013-08-01 21:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2014-10-08 17:44 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-10-08 17:44 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2014-10-08 17:44 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2014-10-08 17:44 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2014-10-08 17:44 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2014-10-08 17:44 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2014-10-08 17:44 - 2013-08-01 21:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2014-10-08 17:44 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2014-10-08 17:44 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2014-10-08 17:44 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2014-10-08 17:44 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2014-10-08 17:44 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2014-10-08 17:44 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2014-10-08 17:44 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2014-10-08 17:44 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2014-10-08 17:44 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2014-10-08 17:44 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2014-10-08 17:44 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2014-10-08 17:44 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2014-10-08 17:44 - 2013-08-01 21:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2014-10-08 17:44 - 2013-08-01 20:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2014-10-08 17:44 - 2013-08-01 20:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2014-10-08 17:44 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2014-10-08 17:44 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2014-10-08 17:44 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2014-10-08 17:44 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2014-10-08 17:44 - 2013-08-01 20:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2014-10-08 17:44 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2014-10-08 17:44 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2014-10-08 17:44 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2014-10-08 17:44 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2014-10-08 17:44 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2014-10-08 17:44 - 2013-08-01 20:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2014-10-08 17:44 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2014-10-08 17:44 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2014-10-08 17:44 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2014-10-08 17:44 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2014-10-08 17:44 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2014-10-08 17:44 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2014-10-08 17:44 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2014-10-08 17:44 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2014-10-08 17:44 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2014-10-08 17:44 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2014-10-08 17:44 - 2013-08-01 20:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2014-10-08 17:44 - 2013-08-01 20:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2014-10-08 17:44 - 2013-08-01 19:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2014-10-08 17:44 - 2013-08-01 19:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2014-10-08 17:44 - 2013-08-01 19:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2014-10-08 17:44 - 2013-08-01 19:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2014-10-08 17:44 - 2013-07-04 07:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-10-08 17:44 - 2013-01-24 01:01 - 00223752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2014-10-08 17:44 - 2012-05-05 03:36 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-08 17:44 - 2012-05-05 02:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-10-08 17:44 - 2011-02-18 05:51 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\prevhost.exe
2014-10-08 17:44 - 2011-02-18 00:39 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe
2014-10-08 17:43 - 2014-08-22 21:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-10-08 17:43 - 2014-08-22 20:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-10-08 17:43 - 2014-08-22 19:59 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-08 17:43 - 2014-07-13 21:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-10-08 17:43 - 2014-07-13 20:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-10-08 17:43 - 2014-02-03 21:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-10-08 17:43 - 2014-02-03 21:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-10-08 17:43 - 2013-10-11 21:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2014-10-08 17:43 - 2013-10-11 21:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-10-08 17:43 - 2013-10-11 21:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2014-10-08 17:43 - 2013-10-11 21:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2014-10-08 17:43 - 2013-10-11 21:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2014-10-08 17:43 - 2013-08-27 20:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2014-10-08 16:31 - 2014-10-08 16:31 - 02045298 _____ () C:\Users\Davis\Downloads\How to Pronounce Kaya Scodelario.mp4
2014-10-08 16:14 - 2014-05-14 11:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-10-08 16:14 - 2014-05-14 11:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-10-08 16:14 - 2014-05-14 11:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-10-08 16:14 - 2014-05-14 11:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-10-08 16:14 - 2014-05-14 11:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-10-08 16:14 - 2014-05-14 11:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-10-08 16:14 - 2014-05-14 11:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-10-08 16:14 - 2014-05-14 11:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-10-08 16:14 - 2014-05-14 11:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-10-08 16:14 - 2014-05-14 11:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-10-08 16:14 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-10-08 16:14 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-10-08 16:14 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-10-08 16:14 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-10-08 13:12 - 2014-10-08 13:17 - 00073666 _____ () C:\Users\Davis\Downloads\Addition.txt
2014-10-08 13:11 - 2014-10-10 11:08 - 00027444 _____ () C:\Users\Davis\Downloads\FRST.txt
2014-10-08 13:11 - 2014-10-10 11:08 - 00000000 ____D () C:\FRST
2014-10-08 13:10 - 2014-10-08 13:10 - 02109952 _____ (Farbar) C:\Users\Davis\Downloads\FRST64.exe
2014-09-30 12:01 - 2014-09-30 13:49 - 132751784 _____ () C:\Users\Davis\Downloads\kori_love_and_gemmamarie_-_dual_hitachi.mp4
2014-09-25 15:18 - 2014-09-25 16:06 - 1196079952 _____ () C:\Users\Davis\Downloads\TheFappening_Part2.zip
2014-09-22 23:58 - 2014-09-22 23:58 - 00287220 _____ () C:\Users\Davis\Downloads\KeyTweak_install.exe
2014-09-22 23:58 - 2014-09-22 23:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyTweak
2014-09-22 23:56 - 2014-09-22 23:56 - 00486400 _____ () C:\Users\Davis\Downloads\sharpkeys35.msi
2014-09-22 15:32 - 2014-09-22 15:33 - 03677488 _____ (Logitech Inc.) C:\Users\Davis\Downloads\SetPoint6.65.62_smart.exe
2014-09-22 13:53 - 2014-09-22 13:53 - 07458816 _____ () C:\Users\Davis\Downloads\pdfedit-20140526_1531.msi

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-10-10 11:09 - 2010-01-26 19:28 - 00000000 ____D () C:\Users\Davis\AppData\Roaming\uTorrent
2014-10-10 11:00 - 2010-01-02 15:48 - 00000426 _____ () C:\Windows\Tasks\Intel_C_CVPO940101AK080BGN.job
2014-10-10 10:21 - 2011-02-05 22:04 - 00000908 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1390287032-106715065-4098289439-1001UA.job
2014-10-10 09:02 - 2009-07-14 00:13 - 00799798 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-10-10 09:02 - 2009-07-13 23:45 - 00015168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-10-10 09:02 - 2009-07-13 23:45 - 00015168 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-10-10 09:00 - 2009-11-09 16:18 - 01746218 _____ () C:\Windows\WindowsUpdate.log
2014-10-10 08:57 - 2013-03-07 19:21 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-10-10 08:56 - 2014-03-16 01:00 - 00043018 _____ () C:\Windows\setupact.log
2014-10-10 08:56 - 2009-11-22 21:02 - 00334064 _____ () C:\Windows\PFRO.log
2014-10-10 08:56 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-10-10 02:00 - 2009-11-09 16:51 - 00000516 _____ () C:\Windows\Tasks\Malwarebytes' Scheduled Scan for Davis.job
2014-10-10 01:00 - 2009-11-09 16:51 - 00000502 _____ () C:\Windows\Tasks\Malwarebytes' Scheduled Update for Davis.job
2014-10-09 19:26 - 2011-02-05 22:10 - 00002380 _____ () C:\Users\Davis\Desktop\Google Chrome.lnk
2014-10-09 16:44 - 2009-11-15 04:12 - 00000000 ____D () C:\Users\Davis\AppData\Local\Adobe
2014-10-09 15:21 - 2011-02-05 22:04 - 00000856 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1390287032-106715065-4098289439-1001Core.job
2014-10-09 13:30 - 2009-11-09 17:15 - 00115608 _____ () C:\Users\Davis\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-09 13:29 - 2009-11-09 16:18 - 00001430 _____ () C:\Users\Davis\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-10-09 13:29 - 2009-07-13 23:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2014-10-09 13:14 - 2009-07-13 23:45 - 00449680 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-09 10:11 - 2009-07-14 02:24 - 00000000 ____D () C:\Program Files\Windows Journal
2014-10-09 10:11 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-09 10:11 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-09 10:11 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-10-09 10:09 - 2009-11-09 16:45 - 00000350 _____ () C:\Windows\Tasks\Spybot - Search & Destroy -  Scheduled Task.job
2014-10-09 09:48 - 2009-11-09 16:33 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-09 09:06 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\System
2014-10-09 09:06 - 2009-07-13 21:34 - 00000513 _____ () C:\Windows\win.ini
2014-10-09 08:57 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-10-09 07:05 - 2011-01-26 13:24 - 00002057 _____ () C:\Windows\epplauncher.mif
2014-10-09 06:41 - 2014-01-21 20:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2014-10-09 06:09 - 2009-11-15 23:20 - 00791920 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-10-09 04:28 - 2010-01-12 13:10 - 00002094 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-10-09 04:27 - 2012-05-01 03:00 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-10-09 04:27 - 2011-01-26 13:24 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-10-09 04:00 - 2009-11-09 16:45 - 00000326 _____ () C:\Windows\Tasks\Spybot - Search & Destroy Updater -  Scheduled Task.job
2014-10-08 13:37 - 2010-01-21 21:52 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-10-08 13:37 - 2009-11-09 16:29 - 00000000 ____D () C:\ProgramData\Adobe
2014-10-08 13:17 - 2014-09-04 14:27 - 00000000 ____D () C:\Program Files (x86)\Glarysoft
2014-10-08 12:55 - 2012-04-20 22:44 - 00000000 ____D () C:\Users\Davis\AppData\Roaming\vlc
2014-10-02 23:35 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-10-01 22:29 - 2014-09-02 13:02 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-10-01 22:29 - 2012-04-29 12:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-09-22 23:53 - 2013-10-05 12:14 - 00007407 _____ () C:\Windows\LkmdfCoInst.log
2014-09-22 15:43 - 2013-11-13 09:04 - 00000000 ____D () C:\Program Files\Common Files\LogiShrd
2014-09-22 15:43 - 2009-11-09 23:20 - 00074080 _____ () C:\Windows\LDPINST.LOG
2014-09-22 15:42 - 2013-11-13 09:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2014-09-22 15:42 - 2013-10-05 12:14 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2014-09-22 15:42 - 2013-10-05 12:13 - 00000000 ____D () C:\ProgramData\Logishrd
2014-09-22 01:42 - 2009-11-09 16:44 - 00278152 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\Davis\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-05-19 11:39

==================== End Of Log ============================



#10 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,015 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:06:36 AM

Posted 12 October 2014 - 12:40 PM

Hi smoth1,
 
That is good to hear.
 
We need to run a fix with FRST:

  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter.
  • Copy and paste the script below in the notepad document:​
ProxyServer: 95.52.125.17:80
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://search.yahoo.com/?type=711278&fr=sp_tr_ie
URLSearchHook: HKCU - (No Name) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - No File
SearchScopes: HKCU - {3F5FC2EA-A2BD-47C3-80E8-8360C1E4F423} URL = https://search.yahoo.com/search?fr=sp_tr_ie&ei=utf-8&ilc=12&type=711278&p={searchTerms}
BHO-x32: No Name -> {3706EE7C-3CAD-445D-8A43-03EBC3B75908} ->  No File
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
Toolbar: HKCU - No Name - {51A86BB3-6602-4C85-92A5-130EE4864F13} -  No File
FF NetworkProxy: "http", "128.208.4.99"
FF NetworkProxy: "http_port", 3128
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Davis\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (Native Client) - C:\Users\Davis\AppData\Local\Google\Chrome\Application\38.0.2125.101\ppGoogleNaClPluginChrome.dll No File
CHR HKLM-x32\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\Davis\AppData\Local\Temp\ccex.crx []
C:\Users\Davis\AppData\Local\Temp\ccex.crx
S3 KiesAllShare; C:\Program Files (x86)\Samsung\Kies\WiselinkPro\WiselinkPro.exe [X]
  • Save the file to your desktop and name it as fixlist.txt

Note: It's important that both files, FRST.exe/FRST64.exe and fixlist.txt are in the same location or the fix will not work
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

  • Run FRST.exe/FRST64.exe and press the Fix button just once and wait
  • If for some reason the tool needs a restart, please make sure you let the system restart normally, then let the tool complete its run
  • When finished, FRST will generate a log (Fixlog.txt) in the same location the tool was run.
  • Please copy and paste the log in your next reply.

--------------
 

Download Emsisoft Emergency Kit and save it to your desktop. Double click on EmsisoftEmergencyKit.exe to extract its contents and create a shortcut on the desktop. Leave all settings as they are and click  Accept & Extract. A folder named EEK will be created in the root of the drive (usually c:\). .

  • After extraction an Emsisoft Emergency Kit window will open. Under "Run Directly:" click Emergency Kit Scanner.
  • When asked to run an online update, click Yes.
  • When the update is finished, click the Back to Security Status link in the left corner. On the main screen click the Scan Now button.
  • Select the Full Scan option and click the SCAN button.
  • When the scan is finished click the Quarantine selected objects button. Note, this option is only available if malicious objects were detected during the scan.
  • Click the View Report button and in the Reports window double-click on the most recent log. Note, logs are named as follows: a2scan_<date>-<time>.txt.
  • Copy/paste the report contents in your next reply.

--------------
 
This scan can take a long time, so it is best done overnight or when you do not need the computer
 
I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

--------------
 
To recap, in your next reply I would like to see the following. Make sure to copy & paste them unless I ask otherwise:

  • Fixlog.txt
  • Emsisoft log
  • ESET log

xXToffeeXx~


Edited by xXToffeeXx, 12 October 2014 - 12:40 PM.

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#11 smoth1

smoth1
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:36 AM

Posted 12 October 2014 - 05:27 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-10-2014
Ran by Davis at 2014-10-12 14:54:56 Run:2
Running from C:\Users\Davis\Downloads
Loaded Profiles: Davis & UpdatusUser (Available profiles: Davis & UpdatusUser)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
ProxyServer: 95.52.125.17:80
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://search.yahoo.com/?type=711278&fr=sp_tr_ie
URLSearchHook: HKCU - (No Name) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - No File
SearchScopes: HKCU - {3F5FC2EA-A2BD-47C3-80E8-8360C1E4F423} URL = https://search.yahoo.com/search?fr=sp_tr_ie&ei=utf-8&ilc=12&type=711278&p={searchTerms}
BHO-x32: No Name -> {3706EE7C-3CAD-445D-8A43-03EBC3B75908} ->  No File
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
Toolbar: HKCU - No Name - {51A86BB3-6602-4C85-92A5-130EE4864F13} -  No File
FF NetworkProxy: "http", "128.208.4.99"
FF NetworkProxy: "http_port", 3128
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Davis\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.2.464\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (Native Client) - C:\Users\Davis\AppData\Local\Google\Chrome\Application\38.0.2125.101\ppGoogleNaClPluginChrome.dll No File
CHR HKLM-x32\...\Chrome\Extension: [pacgpkgadgmibnhpdidcnfafllnmeomc] - C:\Users\Davis\AppData\Local\Temp\ccex.crx []
C:\Users\Davis\AppData\Local\Temp\ccex.crx
S3 KiesAllShare; C:\Program Files (x86)\Samsung\Kies\WiselinkPro\WiselinkPro.exe [X]
 
 
2. 
 
Emsisoft Emergency Kit - Version 9.0
Last update: 10/12/2014 3:09:17 PM
User account: Davis-PC\Davis
 
Scan settings:
 
Scan type: Smart Scan
Objects: Rootkits, Memory, Traces, C:\Windows\, C:\Program Files\, C:\Program Files (x86)\
 
Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
 
Scan start: 10/12/2014 3:12:01 PM
C:\Users\Davis\AppData\Roaming\getrighttogo detected: Application.AppInstall (A)
C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\54qm1ytm.default\Searchplugins\youtube-video-search.xml detected: Application.SearchPlug (A)
C:\Program Files (x86)\Intelore\ detected: Application.Win32.PassRecover (A)
Key: HKEY_USERS\S-1-5-21-1390287032-106715065-4098289439-1019\SOFTWARE\INTELORE\RAR PASSWORD RECOVERY detected: Application.Win32.PassRecover (A)
Value: HKEY_USERS\S-1-5-21-1390287032-106715065-4098289439-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS detected: Setting.DisableRegistryTools (A)
 
Scanned 219526
Found 5
 
Scan end: 10/12/2014 3:55:16 PM
Scan time: 0:43:15
 
Value: HKEY_USERS\S-1-5-21-1390287032-106715065-4098289439-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS Quarantined Setting.DisableRegistryTools (A)
Key: HKEY_USERS\S-1-5-21-1390287032-106715065-4098289439-1019\SOFTWARE\INTELORE\RAR PASSWORD RECOVERY Quarantined Application.Win32.PassRecover (A)
C:\Program Files (x86)\Intelore\ Quarantined Application.Win32.PassRecover (A)
C:\Users\Davis\AppData\Roaming\Mozilla\Firefox\Profiles\54qm1ytm.default\Searchplugins\youtube-video-search.xml Quarantined Application.SearchPlug (A)
C:\Users\Davis\AppData\Roaming\getrighttogo Quarantined Application.AppInstall (A)
 
Quarantined 5
 
 
 
3. 
 
C:\Users\All Users\Spybot - Search & Destroy\Recovery\WinPalevo1.zip Win32/Bagle.gen.zip worm
C:\AdwCleaner\Quarantine\C\Users\Davis\AppData\Local\Temp\OCS\ocs_v71b.exe.vir a variant of Win32/DownloadSponsor.A potentially unwanted application deleted - quarantined
C:\FRST\Quarantine\C\Users\Davis\AppData\Local\ApplicationHistory\Knwbfltez.dll a variant of Win32/Kryptik.CMKY trojan cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\WinPalevo1.zip Win32/Bagle.gen.zip worm cleaned by deleting - quarantined
C:\Users\Davis\Documents\Downloads\Integrated_BrotherSoft_TB.exe a variant of Win32/Toolbar.Conduit.B potentially unwanted application deleted - quarantined
C:\Users\Davis\Downloads\cbsidlm-cbsi134-Advanced_Mouse_Auto_Clicker-ORG-75218276.exe a variant of Win32/CNETInstaller.B potentially unwanted application deleted - quarantined
C:\Users\Davis\Downloads\mplayer_Setup.exe a variant of Win32/Adware.iBryte.D application cleaned by deleting - quarantined
C:\Users\Davis\Downloads\windows-7-usb-dvd-download-tool.exe a variant of Win32/DownloadSponsor.A potentially unwanted application deleted - quarantined
C:\Users\Davis\Downloads\SuperOneClickv2.3.1-ShortFuse\Exploits\psneuter Android/Exploit.Lotoor.AK trojan cleaned by deleting - quarantined
C:\Users\Davis\Downloads\SuperOneClickv2.3.1-ShortFuse\Exploits\zergRush Android/Exploit.Lotoor.AN trojan cleaned by deleting - quarantined
 


#12 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,015 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:06:36 AM

Posted 13 October 2014 - 10:49 AM

Hi smoth1,
 
Your version of Java is out of date. Older versions of programs have vulnerabilities that malicious sites can use to exploit and infect your system.

You may want to read these before you update, as most users do not use Java and have no need for it to be on their computer:
You don't need Java
W3Techs usage statistics and market share data of Java on the web
 
If you want to use Java, then please follow these steps to remove older version Java components and update:

  • Download the latest version of Java and save it to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Control Panel, and double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7/8.
  • Check (highlight) any item with Java in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the Java installer to install the newest version.
  • If using Windows 7/8 or Vista and the installer refuses to launch due to insufficient user permissions, then Run as Administrator.
  • When the Java Setup - Welcome window opens, click the Install button.
  • If offered any unwanted software or toolbars during installation (such as the Ask Toolbar); just uncheck the box before continuing unless you want it.
  • Java is updated frequently. If you want to be automatically notified of future updates, just turn on the Java Automatic Update feature, and you will not have to remember to update when Java releases a new version.

--------------

Your machine is clean! Feel free to enjoy the use of your cleaned computer. Please take the time to follow this last post which tells you how to remove the tools we have used and how to keep your computer clean   :thumbsup:
 
---------------
 
Download 51a5ce45263de-delfix.pngDelfix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.
 
Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

  • Activate UAC
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't need to copy and paste it into your next reply.
 
--------------
 
Also, feel free to delete any leftover desktop icons and other various files which have been created throughout the process.
 
---------------
 
I have also compiled a list of links which you may be interested in:

This topic will be left open for 3 days in case you have any problems, otherwise it will closed after that time.
 
xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#13 smoth1

smoth1
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:01:36 AM

Posted 13 October 2014 - 12:08 PM

Thank You So Much!!!!!

 

I deleted Java and ran Delfix.  I am also going to look at the links you provided to improve the protection of my computer.

 

Thanks again.



#14 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,015 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:06:36 AM

Posted 13 October 2014 - 01:46 PM

Hi smoth1,

 

You are most welcome, good luck with your computer :)

 

xXToffeeXx~


~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~


#15 xXToffeeXx

xXToffeeXx

    Bleepin' Polar Bear


  • Malware Response Instructor
  • 6,015 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:The Arctic Circle
  • Local time:06:36 AM

Posted 17 October 2014 - 11:27 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

~If I am helping you and you have not had a reply from me in two days, please send me a PM~

~Currently in my last year of school, so replies might be more delayed~

 

logo-25.pngID Ransomware - Identify What Ransomware Encrypted Your Files [Support Topic] - If we have helped you out and you want to support what we do, you can do so here

 

 ~Twitter~ | ~Malware Analyst at Emsisoft~





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users