Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FRST Fix Needed CGVRMYGVOP Virus


  • This topic is locked This topic is locked
17 replies to this topic

#1 djmsu

djmsu

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:32 PM

Posted 27 October 2014 - 01:23 AM

Mod edit: Moved to appropriate forum ~~ boopme


Please help. I have a horrible virus. Attached is my FRST and Addition. I need a Fix File. Can someone help? Thanks

Attached Files


Edited by boopme, 27 October 2014 - 09:57 AM.


BC AdBot (Login to Remove)

 


#2 ken545

ken545

    Malware Response Team


  • Malware Response Team
  • 1,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:The Space Coast of Florida
  • Local time:09:32 PM

Posted 31 October 2014 - 08:04 PM

:welcome:

 

I see a few things that need to be fixed, lets run a few programs first , they may remove more than what I see

 

 

 

1QYkxTZ.jpg Please download aswMBR to your desktop.

 

  • Double click the aswMBR icon to run it.
  • Click the Scan button to start scan.
  • If you are asked to update the Avast Virus database please allow it to do so.
  • When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.

 

I just want to see the report....Please Do Not Fix Anything

 

 

 

 

============================================================================

 

 

 

thisisujrt.gif Please download Junkware Removal Tool to your desktop.


  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

 

===============================================================================

 

 

 

Download Malwarebytes' Anti-Malware  to your desktop. 
 
  • Windows XP : Double click on the icon to run it.
  • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  •  
    MBAM203_zps0a230260.jpg
     
     
  • On the Dashboard click on Update Now
  • Go to the Setting Tab
  • Under Setting go to Detection and Protection
  • Under PUP and PUM make sure both are set to show Threat Detections as Malware
  • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
  • Then on the Dashboard click on Scan
  • Make sure to select THREAT SCAN
  • Then click on Scan
  • When the scan is finished and the log pops up...select Copy to Clipboard
  • Please paste the log back into this thread for review
  • Exit Malwarebytes

  • Edited by ken545, 31 October 2014 - 08:07 PM.

    mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days


    #3 ken545

    ken545

      Malware Response Team


    • Malware Response Team
    • 1,685 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:The Space Coast of Florida
    • Local time:09:32 PM

    Posted 03 November 2014 - 01:26 PM

    Still need help or have you resolved this issue ?


    mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days


    #4 djmsu

    djmsu
    • Topic Starter

    • Members
    • 10 posts
    • OFFLINE
    •  
    • Local time:06:32 PM

    Posted 03 November 2014 - 09:21 PM

    sorry for the late reply. please find my attachments. Thanks for the help! 

    Attached Files



    #5 djmsu

    djmsu
    • Topic Starter

    • Members
    • 10 posts
    • OFFLINE
    •  
    • Local time:06:32 PM

    Posted 03 November 2014 - 11:40 PM

    here is the malware bytes logs. Still getting issues even after the programs were ran.

    Attached Files



    #6 ken545

    ken545

      Malware Response Team


    • Malware Response Team
    • 1,685 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:The Space Coast of Florida
    • Local time:09:32 PM

    Posted 04 November 2014 - 05:38 AM

    Cant read your Malwarebytes log the way you posted it, I prefer if you copy and paste the logs we ask for right into this thread in lieu of attaching them. I need just the Malwarebytes log not the protection log

     

    1. Open up Malwarebytes 
    2. Go to the History Tab
    3. Click on Application Logs
    4. Click on the last Scan Log you just ran
    5. Click on View
    6. Then on the Bottom click on Copy to Clipboard
    7. Then paste it into this thread

    mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days


    #7 djmsu

    djmsu
    • Topic Starter

    • Members
    • 10 posts
    • OFFLINE
    •  
    • Local time:06:32 PM

    Posted 04 November 2014 - 06:53 PM

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 11/3/2014
    Scan Time: 8:20:09 PM
    Logfile:
    Administrator: Yes

    Version: 2.00.3.1025
    Malware Database: v2014.11.04.01
    Rootkit Database: v2014.11.01.02
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Johnson

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 390626
    Time Elapsed: 21 min, 40 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 11
    Trojan.Ransom.ED, C:\Windows\Installer\{6A0F3C82-DA9D-4C0A-90A5-5BF6D5937D7E}\msiexec.exe, Quarantined, [962b3cfb7dff41f5713314c815ecba46],
    Trojan.Ransom.ED, C:\Windows\Installer\{83D79EEB-F62F-44B7-B49B-3B36CEC37FC2}\msiexec.exe, Quarantined, [784916214c3006309410ac302ed30ff1],
    Trojan.Ransom.ED, C:\Windows\Installer\{89DE16C7-2BAE-40E8-B9EF-9B42F4459309}\msiexec.exe, Quarantined, [f5cc2116621a47ef4e56a339e0212fd1],
    Trojan.Ransom.ED, C:\Windows\Installer\{00434245-6B6A-4ED5-987B-4B5CA0405B00}\msiexec.exe, Quarantined, [932ef83fe696181e3272f4e813eed22e],
    Trojan.Ransom.ED, C:\Windows\Installer\{0D633320-40D5-428C-A79B-803777C42F48}\msiexec.exe, Quarantined, [fac7181f8cf07cbad9cb2fada0616a96],
    Trojan.Ransom.ED, C:\Windows\Installer\{24C46491-01FE-4FD1-AB45-C22198646D07}\msiexec.exe, Quarantined, [378a3cfb502ccb6b099b14c82ad71ce4],
    Trojan.Ransom.ED, C:\Windows\Installer\{30FD2518-5125-47A5-BFBB-6886E5C5F951}\msiexec.exe, Quarantined, [21a06acd512b56e041638755a35eca36],
    Trojan.Ransom.ED, C:\Windows\Installer\{392622DC-F12A-4325-A35F-B172D3184F66}\msiexec.exe, Quarantined, [f2cf16210e6ea78f00a427b51fe237c9],
    Trojan.Ransom.ED, C:\Windows\Installer\{432233BD-AF9D-4BA5-AFC8-5BB673D57701}\msiexec.exe, Quarantined, [a31ece695b21a4921094e4f8847d7b85],
    Trojan.Ransom.ED, C:\Windows\Installer\{AF7900B8-7757-4067-BDEB-A9430BF5BE67}\msiexec.exe, Quarantined, [1ba63601ed8f0f27436136a63cc59967],
    Trojan.Ransom.ED, C:\Windows\Installer\{C890D083-0FEC-40FD-B13C-373F1F5260B0}\msiexec.exe, Quarantined, [675a58df304c5adc02a22eae6d94af51],

    Physical Sectors: 0
    (No malicious items detected)

    (end)



    #8 ken545

    ken545

      Malware Response Team


    • Malware Response Team
    • 1,685 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:The Space Coast of Florida
    • Local time:09:32 PM

    Posted 04 November 2014 - 07:20 PM

    Looks like you had or have some ransomware going on

     

    Run a new scan with FRST, be sure to checkmark additions and post both logs please


    mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days


    #9 djmsu

    djmsu
    • Topic Starter

    • Members
    • 10 posts
    • OFFLINE
    •  
    • Local time:06:32 PM

    Posted 04 November 2014 - 09:41 PM

    here are the frst and addition files.

     

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 04-11-2014
    Ran by Johnson (administrator) on JOHNSON-PC on 04-11-2014 19:20:27
    Running from C:\Users\Johnson\Desktop
    Loaded Profiles: Johnson & UpdatusUser &  (Available profiles: Johnson & Mcx1-JOHNSON-PC & UpdatusUser)
    Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal
     
    ==================== Processes (Whitelisted) =================
     
    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
     
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
    (WinZip Computing, S.L. (WinZip Computing)) C:\Program Files (x86)\WinZip System Utilities Suite\WINZIPSSDefragSrv64.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
     
     
    ==================== Registry (Whitelisted) ==================
     
    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
     
    HKLM\...\Run: [Nyrekiigf] => "C:\Users\Johnson\AppData\Roaming\Ywtaci\sioqu.exe"
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-01-03] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [157480 2014-10-15] (Apple Inc.)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
    HKLM-x32\...\Run: [Nyrekiigf] => C:\Users\Johnson\AppData\Roaming\Ywtaci\sioqu.exe
    HKLM Group Policy restriction on software: C:\Program Files (x86)\AVG <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Program Files (x86)\AVG <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Program Files (x86)\Common Files\Symantec Shared <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Program Files (x86)\McAfee <====== ATTENTION
    HKLM\...\Policies\Explorer: [NoControlPanel] 0
    HKU\S-1-5-21-673182880-2845566908-216800050-1000\...\Run: [Xmauiib] => regsvr32.exe /s "C:\Users\Johnson\AppData\Local\Microsoft\Xmauiib.dll" <===== ATTENTION
    HKU\S-1-5-21-673182880-2845566908-216800050-1000\...\Run: [FivunIzijt] => regsvr32.exe "C:\ProgramData\FivunIzijt\FivunIzijt.dat"
    HKU\S-1-5-21-673182880-2845566908-216800050-1000\...\Run: [QojzoDzaxa] => regsvr32.exe "C:\ProgramData\QojzoDzaxa\QojzoDzaxa.dat"
    HKU\S-1-5-21-673182880-2845566908-216800050-1000\...\Run: [movziuz] => rundll32 "C:\Users\Johnson\AppData\Local\movziuz.dll",movziuz <===== ATTENTION
    HKU\S-1-5-21-673182880-2845566908-216800050-1000\...\Run: [Nyrekiigf] => "C:\Users\Johnson\AppData\Roaming\Ywtaci\sioqu.exe"
    HKU\S-1-5-21-673182880-2845566908-216800050-1000\...\Run: [KovcUfiq] => regsvr32.exe "C:\ProgramData\KovcUfiq\KovcUfiq.dat"
    HKU\S-1-5-21-673182880-2845566908-216800050-1000\...\Run: [Svc2dll] => C:\Users\Johnson\AppData\Local\svcxdcl32.exe
    HKU\S-1-5-21-673182880-2845566908-216800050-1000\...\Run: [{F8818772-351F-CC75-1AE6-8B087C83B1A0}] => C:\Users\Johnson\AppData\Roaming\Siuvhy\gyza.exe
    HKU\S-1-5-21-673182880-2845566908-216800050-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
    HKU\S-1-5-21-673182880-2845566908-216800050-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Xmauiib] => regsvr32.exe /s "C:\Users\Johnson\AppData\Local\Microsoft\Xmauiib.dll" <===== ATTENTION
    HKU\S-1-5-21-673182880-2845566908-216800050-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [FivunIzijt] => regsvr32.exe "C:\ProgramData\FivunIzijt\FivunIzijt.dat"
    HKU\S-1-5-21-673182880-2845566908-216800050-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [QojzoDzaxa] => regsvr32.exe "C:\ProgramData\QojzoDzaxa\QojzoDzaxa.dat"
    HKU\S-1-5-21-673182880-2845566908-216800050-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [movziuz] => rundll32 "C:\Users\Johnson\AppData\Local\movziuz.dll",movziuz <===== ATTENTION
    HKU\S-1-5-21-673182880-2845566908-216800050-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Nyrekiigf] => "C:\Users\Johnson\AppData\Roaming\Ywtaci\sioqu.exe"
    HKU\S-1-5-21-673182880-2845566908-216800050-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [KovcUfiq] => regsvr32.exe "C:\ProgramData\KovcUfiq\KovcUfiq.dat"
    HKU\S-1-5-21-673182880-2845566908-216800050-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Svc2dll] => C:\Users\Johnson\AppData\Local\svcxdcl32.exe
    HKU\S-1-5-21-673182880-2845566908-216800050-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [{F8818772-351F-CC75-1AE6-8B087C83B1A0}] => C:\Users\Johnson\AppData\Roaming\Siuvhy\gyza.exe
    HKU\S-1-5-21-673182880-2845566908-216800050-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation) <==== ATTENTION 
     
    ==================== Internet (Whitelisted) ====================
     
    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
     
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/?gws_rd=ssl
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x1963FF2EB641CD01
    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-US
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
    SearchScopes: HKCU - {2D36DDBB-8F16-4219-A137-78FD2A985C0C} URL = https://www.google.com/search?q={searchTerms}
    BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
    BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
    BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
    BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
    BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
    Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    Toolbar: HKCU - No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
    DPF: HKLM {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
    Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76 192.168.1.1
    Tcpip\..\Interfaces\{5C8987BD-1B65-4C9A-A8F1-ECF6BA1E3A1D}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
    Tcpip\..\Interfaces\{AC203CCB-B401-4CFF-A6A5-9F92C1207351}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
    Tcpip\..\Interfaces\{D8DD7BDD-D214-4206-A31C-55D298A16A48}: [NameServer] 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
     
    FireFox:
    ========
    FF ProfilePath: C:\Users\Johnson\AppData\Roaming\Mozilla\Firefox\Profiles\vupvrxr4.default
    FF DefaultSearchEngine: AVG Secure Search
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
    FF Plugin: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\system32\Adobe\Director\np32dsw.dll No File
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Johnson\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    FF Extension: Add Google Search To New Tab Page - C:\Users\Johnson\AppData\Roaming\Mozilla\Firefox\Profiles\vupvrxr4.default\Extensions\newtabgoogle@graememcc.co.uk.xpi [2014-10-16]
    FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
    FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-10-24]
    FF Extension: No Name - {4ED1F68A-5463-4931-9384-8FFF5ED91D92} [Not Found]
     
    Chrome: 
    =======
    CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
    CHR Plugin: (Native Client) - C:\Users\Johnson\AppData\Local\Google\Chrome\Application\19.0.1084.52\ppGoogleNaClPluginChrome.dll No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Users\Johnson\AppData\Local\Google\Chrome\Application\19.0.1084.52\pdf.dll No File
    CHR Plugin: (Shockwave Flash) - C:\Users\Johnson\AppData\Local\Google\Chrome\Application\19.0.1084.52\gcswf32.dll No File
    CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
    CHR Plugin: (AVG Internet Security) - C:\Users\Johnson\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.1901_0\plugins/avgnpss.dll (AVG Technologies CZ, s.r.o.)
    CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
    CHR Plugin: (Java Deployment Toolkit 6.0.290.11) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
    CHR Plugin: (Java™ Platform SE 6 U29) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
    CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
    CHR Plugin: (Unity Player) - C:\Users\Johnson\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
    CHR Plugin: (Google Update) - C:\Users\Johnson\AppData\Local\Google\Update\1.3.21.79\npGoogleUpdate3.dll No File
    CHR Plugin: (Windows Activation Technologies) - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll No File
    CHR Plugin: (Default Plug-in) - default_plugin No File
    CHR Profile: C:\Users\Johnson\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (AVG Safe Search) - C:\Users\Johnson\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla [2012-01-01]
    CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-10-24]
    CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-10-24]
     
    ==================== Services (Whitelisted) =================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
    R2 McAfee SiteAdvisor Service; c:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe [156904 2014-09-23] (McAfee, Inc.)
    R2 WINZIPSSDiskOptimizer; C:\Program Files (x86)\WinZip System Utilities Suite\WINZIPSSDefragSrv64.exe [628040 2011-11-10] (WinZip Computing, S.L. (WinZip Computing))
     
    ==================== Drivers (Whitelisted) ====================
     
    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
     
    R0 53197599; C:\Windows\System32\DRIVERS\53197599.sys [458336 2014-10-27] (Kaspersky Lab ZAO)
    S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2014-10-26] (Emsisoft GmbH)
    R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-04] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
    R3 OEM02Dev; C:\Windows\System32\DRIVERS\OEM02Dev.sys [266624 2007-10-10] (Creative Technology Ltd.)
    R3 OEM02Vfx; C:\Windows\System32\DRIVERS\OEM02Vfx.sys [12288 2007-03-05] (EyePower Games Pte. Ltd.)
    S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [52736 2012-02-15] (Apple, Inc.) [File not signed]
    S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
    S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
    S3 VGPU; System32\drivers\rdvgkmd.sys [X]
     
    ==================== NetSvcs (Whitelisted) ===================
     
    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
     
     
    ==================== One Month Created Files and Folders ========
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2014-11-04 19:20 - 2014-11-04 19:21 - 00017190 _____ () C:\Users\Johnson\Desktop\FRST.txt
    2014-11-04 19:19 - 2014-11-04 19:19 - 02114560 _____ (Farbar) C:\Users\Johnson\Desktop\FRST64.exe
    2014-11-03 22:28 - 2014-11-03 22:28 - 00002502 _____ () C:\Users\Johnson\Desktop\mbam-log-2014-11-03 (22-04-16).xml
    2014-11-03 21:59 - 2014-11-03 21:59 - 00003207 _____ () C:\Users\Johnson\Desktop\JRT.txt
    2014-11-03 21:54 - 2014-11-03 21:54 - 00002502 _____ () C:\Users\Johnson\Desktop\mbam-log-2014-11-03 (21-29-42).xml
    2014-11-03 19:34 - 2014-11-04 19:02 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
    2014-11-03 19:34 - 2014-11-03 19:34 - 00001104 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2014-11-03 19:34 - 2014-11-03 19:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2014-11-03 19:34 - 2014-11-03 19:34 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2014-11-03 19:34 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
    2014-11-03 19:34 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
    2014-11-03 19:34 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
    2014-11-03 19:08 - 2014-11-03 20:08 - 00000000 ____D () C:\Users\Johnson\AppData\Roaming\Ixmuho
    2014-11-03 19:08 - 2014-11-03 19:10 - 00000000 ____D () C:\Users\Johnson\AppData\Roaming\Acfie
    2014-11-03 18:52 - 2014-11-03 19:42 - 00000000 ____D () C:\ProgramData\RemyAmna
    2014-11-03 18:52 - 2014-11-03 18:52 - 00000144 _____ () C:\ProgramData\1
    2014-11-03 18:49 - 2014-11-03 19:42 - 00000000 ____D () C:\Users\Johnson\AppData\Roaming\Siuvhy
    2014-11-03 18:49 - 2014-11-03 19:42 - 00000000 ____D () C:\ProgramData\KovcUfiq
    2014-11-03 18:49 - 2014-11-03 18:49 - 00000144 _____ () C:\Windows\SysWOW64\1
    2014-11-03 18:49 - 2014-11-03 18:49 - 00000000 ____D () C:\Users\Johnson\AppData\Roaming\Emynx
    2014-11-03 18:48 - 2014-11-03 18:48 - 00000000 ____D () C:\Windows\ERUNT
    2014-11-03 07:15 - 2014-11-03 07:15 - 00002739 _____ () C:\Users\Johnson\Desktop\aswMBR.txt
    2014-11-03 07:15 - 2014-11-03 07:15 - 00000512 _____ () C:\Users\Johnson\Desktop\MBR.dat
    2014-11-03 02:09 - 2014-11-03 02:09 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Johnson\Desktop\mbam-setup-2.0.3.1025.exe
    2014-11-03 01:55 - 2014-11-03 01:55 - 01706359 _____ (Thisisu) C:\Users\Johnson\Desktop\JRT.exe
    2014-11-03 01:54 - 2014-11-03 01:54 - 01706359 _____ (Thisisu) C:\Users\Johnson\Downloads\JRT.exe
    2014-11-03 01:38 - 2014-11-03 01:38 - 423902072 _____ () C:\Windows\MEMORY.DMP
    2014-11-03 01:38 - 2014-11-03 01:38 - 00295760 _____ () C:\Windows\Minidump\110314-35833-01.dmp
    2014-11-03 01:38 - 2014-11-03 01:38 - 00000000 ____D () C:\Windows\Minidump
    2014-11-02 23:23 - 2014-11-02 23:35 - 00000000 ____D () C:\Users\Johnson\AppData\Roaming\Ywtaci
    2014-11-02 23:19 - 2014-11-03 19:08 - 00000761 _____ () C:\Windows\system32\Drivers\etc\hosts.txt
    2014-11-02 23:19 - 2014-11-02 23:19 - 00000000 ____D () C:\ProgramData\QojzoDzaxa
    2014-11-02 23:19 - 2014-11-02 23:19 - 00000000 ____D () C:\ProgramData\FivunIzijt
    2014-10-27 18:18 - 2014-10-27 18:18 - 00001847 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
    2014-10-27 18:18 - 2014-10-27 18:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
    2014-10-27 18:17 - 2014-10-27 18:18 - 00000000 ____D () C:\Program Files (x86)\QuickTime
    2014-10-27 18:14 - 2014-10-27 18:14 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk
    2014-10-27 18:14 - 2014-10-27 18:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2014-10-27 18:14 - 2012-10-03 15:14 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
    2014-10-27 18:13 - 2014-10-27 18:14 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
    2014-10-27 18:13 - 2014-10-27 18:14 - 00000000 ____D () C:\Program Files\iTunes
    2014-10-27 18:13 - 2014-10-27 18:13 - 00000000 ____D () C:\Program Files\iPod
    2014-10-27 18:09 - 2014-10-27 18:09 - 00000000 ____D () C:\Program Files\Bonjour
    2014-10-27 18:09 - 2014-10-27 18:09 - 00000000 ____D () C:\Program Files (x86)\Bonjour
    2014-10-26 23:20 - 2014-10-26 23:22 - 00000000 ____D () C:\Users\Johnson\Desktop\FRST
    2014-10-26 22:18 - 2014-10-26 22:18 - 00000745 _____ () C:\Users\Johnson\Desktop\Start Emsisoft Emergency Kit.lnk
    2014-10-26 22:16 - 2014-11-04 19:20 - 00000000 ____D () C:\FRST
    2014-10-26 22:16 - 2014-10-26 22:20 - 00000000 ____D () C:\EEK
    2014-10-26 20:11 - 2014-10-26 20:11 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
    2014-10-26 20:06 - 2014-10-27 04:27 - 00458336 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\53197599.sys
    2014-10-24 23:45 - 2014-11-02 23:39 - 00000000 ____D () C:\Program Files (x86)\McAfee
    2014-10-24 23:19 - 2014-10-24 23:19 - 05296056 _____ (McAfee, Inc.) C:\Users\Johnson\Downloads\McAfeeSetup-AutoLogin.exe
    2014-10-24 22:52 - 2014-10-24 22:53 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Johnson\Downloads\mbam-setup-2.0.3.1025(1).exe
    2014-10-24 22:52 - 2014-10-24 22:52 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Johnson\Downloads\mbam-setup-2.0.3.1025.exe
    2014-10-22 22:42 - 2014-10-22 22:40 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
    2014-10-22 21:05 - 2014-10-22 21:05 - 00319912 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
    2014-10-22 21:05 - 2014-10-22 21:05 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
    2014-10-22 21:05 - 2014-10-22 21:05 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
    2014-10-22 21:05 - 2014-10-22 21:05 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
    2014-10-22 21:05 - 2014-10-22 21:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2014-10-22 20:32 - 2014-10-22 21:05 - 00000000 ____D () C:\Program Files\Java
    2014-10-22 20:32 - 2014-10-22 20:32 - 00003302 _____ () C:\Windows\System32\Tasks\{98F97F5E-DFD5-4D46-842C-138722377430}
    2014-10-22 10:53 - 2014-10-22 10:53 - 00000000 ____D () C:\Users\Johnson\AppData\Local\CutePDF Writer
    2014-10-22 10:52 - 2014-10-22 10:52 - 05254656 _____ () C:\Users\Johnson\Downloads\converter.exe
    2014-10-22 10:52 - 2014-10-22 10:52 - 00003142 _____ () C:\Windows\System32\Tasks\{55E84F4F-2771-4685-8012-BB307CC386CB}
    2014-10-22 10:52 - 2014-10-22 10:52 - 00000000 ____D () C:\Program Files (x86)\GPLGS
    2014-10-22 10:51 - 2014-10-22 10:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CutePDF
    2014-10-22 10:51 - 2014-10-22 10:51 - 00000000 ____D () C:\Program Files (x86)\Acro Software
    2014-10-22 10:51 - 2013-10-23 13:24 - 00087600 _____ () C:\Windows\system32\cpwmon64.dll
    2014-10-22 10:49 - 2014-10-22 10:50 - 02003352 _____ (Acro Software Inc. ) C:\Users\Johnson\Downloads\CuteWriter.exe
    2014-10-22 09:51 - 2014-06-26 19:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
    2014-10-22 09:51 - 2014-06-26 18:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
    2014-10-22 09:50 - 2014-10-22 09:52 - 274075712 _____ (NVIDIA Corporation) C:\Users\Johnson\Downloads\340.52-notebook-win8-win7-64bit-international-whql.exe
    2014-10-21 18:16 - 2014-10-22 22:42 - 00000000 ____D () C:\ProgramData\Oracle
    2014-10-21 15:55 - 2014-09-18 18:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2014-10-21 15:55 - 2014-06-23 20:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
    2014-10-21 15:55 - 2014-06-23 19:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
    2014-10-21 15:55 - 2013-11-26 01:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
    2014-10-21 15:55 - 2013-11-23 11:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
    2014-10-21 15:55 - 2013-11-23 10:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
    2014-10-21 15:55 - 2013-11-22 15:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
    2014-10-21 15:54 - 2014-02-03 19:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
    2014-10-21 15:54 - 2014-02-03 19:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
    2014-10-20 23:24 - 2014-10-20 23:24 - 00000000 __SHD () C:\Users\Johnson\AppData\Local\EmieUserList
    2014-10-20 23:24 - 2014-10-20 23:24 - 00000000 __SHD () C:\Users\Johnson\AppData\Local\EmieSiteList
    2014-10-20 23:24 - 2014-10-20 23:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
    2014-10-20 22:49 - 2014-10-22 09:56 - 00775124 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
    2014-10-20 22:45 - 2013-10-14 15:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
    2014-10-20 22:43 - 2014-10-20 22:43 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
    2014-10-20 22:42 - 2014-10-20 22:42 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2014-10-20 22:42 - 2014-10-20 22:42 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
    2014-10-20 22:42 - 2014-10-20 22:42 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2014-10-20 22:42 - 2014-10-20 22:42 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
    2014-10-20 22:42 - 2014-10-20 22:42 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2014-10-20 22:42 - 2014-10-20 22:42 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
    2014-10-20 22:42 - 2014-10-20 22:42 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2014-10-20 22:42 - 2014-10-20 22:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
    2014-10-20 22:42 - 2014-10-20 22:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2014-10-20 22:42 - 2014-10-20 22:42 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2014-10-20 22:42 - 2014-10-20 22:42 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
    2014-10-20 22:42 - 2014-10-20 22:42 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2014-10-20 22:42 - 2014-10-20 22:42 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
    2014-10-20 22:42 - 2014-10-20 22:42 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
    2014-10-20 22:42 - 2014-10-20 22:42 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2014-10-20 22:42 - 2014-10-20 22:42 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2014-10-20 22:42 - 2014-10-20 22:42 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
    2014-10-20 22:42 - 2014-10-20 22:42 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
    2014-10-20 22:42 - 2014-10-20 22:42 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
    2014-10-20 22:42 - 2014-10-20 22:42 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2014-10-20 22:42 - 2014-10-20 22:42 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2014-10-20 22:42 - 2014-10-20 22:42 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2014-10-20 22:42 - 2014-10-20 22:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2014-10-20 22:42 - 2014-10-20 22:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2014-10-20 22:42 - 2014-10-20 22:42 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
    2014-10-20 22:42 - 2014-10-20 22:42 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
    2014-10-20 22:42 - 2014-10-20 22:42 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
    2014-10-20 22:42 - 2014-10-20 22:42 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
    2014-10-20 22:42 - 2014-10-20 22:42 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
    2014-10-20 22:42 - 2014-10-20 22:42 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
    2014-10-20 22:42 - 2014-10-20 22:42 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
    2014-10-20 22:42 - 2014-10-20 22:42 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2014-10-20 22:42 - 2014-10-20 22:42 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2014-10-20 22:42 - 2014-10-20 22:42 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
    2014-10-20 22:42 - 2014-10-20 22:42 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2014-10-20 22:42 - 2014-10-20 22:42 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
    2014-10-20 22:42 - 2014-10-20 22:42 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2014-10-20 22:42 - 2014-10-20 22:42 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2014-10-20 22:42 - 2014-10-20 22:42 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
    2014-10-20 22:42 - 2014-10-20 22:42 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
    2014-10-20 22:42 - 2014-10-20 22:42 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
    2014-10-20 22:42 - 2014-10-20 22:42 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2014-10-20 22:42 - 2014-10-20 22:42 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
    2014-10-20 22:42 - 2014-10-20 22:42 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
    2014-10-20 22:42 - 2014-10-20 22:42 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
    2014-10-20 22:42 - 2014-10-20 22:42 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
    2014-10-20 22:42 - 2014-10-20 22:42 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
    2014-10-20 22:42 - 2014-10-20 22:42 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
    2014-10-20 22:42 - 2014-10-20 22:42 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
    2014-10-20 22:42 - 2014-10-20 22:42 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2014-10-20 22:42 - 2014-10-20 22:42 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
    2014-10-20 22:42 - 2014-10-20 22:42 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
    2014-10-20 22:42 - 2014-10-20 22:42 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
    2014-10-20 22:42 - 2014-10-20 22:42 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
    2014-10-20 22:42 - 2014-10-20 22:42 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
    2014-10-20 22:42 - 2014-10-20 22:42 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
    2014-10-20 22:42 - 2014-10-20 22:42 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
    2014-10-20 22:42 - 2014-10-20 22:42 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2014-10-20 22:42 - 2014-10-20 22:42 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
    2014-10-20 22:42 - 2014-10-20 22:42 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
    2014-10-20 22:42 - 2014-10-20 22:42 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
    2014-10-20 22:42 - 2014-10-20 22:42 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
    2014-10-20 22:42 - 2014-10-20 22:42 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
    2014-10-20 22:42 - 2014-10-20 22:42 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
    2014-10-20 22:42 - 2014-10-20 22:42 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2014-10-20 22:42 - 2014-10-20 22:42 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
    2014-10-20 22:42 - 2014-10-20 22:42 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
    2014-10-20 22:42 - 2014-10-20 22:42 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
    2014-10-20 22:42 - 2014-10-20 22:42 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
    2014-10-20 22:42 - 2014-10-20 22:42 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
    2014-10-20 22:42 - 2014-10-20 22:42 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2014-10-20 22:42 - 2014-10-20 22:42 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2014-10-20 22:42 - 2014-10-20 22:42 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
    2014-10-20 22:42 - 2014-10-20 22:42 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
    2014-10-20 22:42 - 2014-10-20 22:42 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
    2014-10-20 22:42 - 2014-10-20 22:42 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
    2014-10-20 22:42 - 2014-10-20 22:42 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2014-10-20 22:42 - 2014-10-20 22:42 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
    2014-10-20 22:42 - 2014-10-20 22:42 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
    2014-10-20 22:42 - 2014-10-20 22:42 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
    2014-10-20 22:42 - 2014-10-20 22:42 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2014-10-20 22:42 - 2014-10-20 22:42 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
    2014-10-20 22:42 - 2014-10-20 22:42 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
    2014-10-20 22:42 - 2014-10-20 22:42 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
    2014-10-20 22:42 - 2014-10-20 22:42 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
    2014-10-20 22:42 - 2014-10-20 22:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
    2014-10-20 22:42 - 2014-10-20 22:42 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
    2014-10-20 22:42 - 2014-10-20 22:42 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
    2014-10-20 22:42 - 2014-10-20 22:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
    2014-10-20 22:42 - 2014-10-20 22:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2014-10-20 22:42 - 2014-10-20 22:42 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
    2014-10-20 22:42 - 2014-10-20 22:42 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
    2014-10-20 22:42 - 2014-10-20 22:42 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2014-10-20 22:42 - 2014-10-20 22:42 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
    2014-10-20 22:42 - 2014-10-20 22:42 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
    2014-10-20 22:42 - 2014-10-20 22:42 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
    2014-10-20 22:42 - 2014-10-20 22:42 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
    2014-10-20 22:42 - 2014-10-20 22:42 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2014-10-20 22:42 - 2014-10-20 22:42 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
    2014-10-20 22:42 - 2014-10-20 22:42 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
    2014-10-20 22:42 - 2014-10-20 22:42 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
    2014-10-20 22:42 - 2014-10-20 22:42 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
    2014-10-20 22:42 - 2014-10-20 22:42 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
    2014-10-20 22:42 - 2014-10-20 22:42 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
    2014-10-20 22:42 - 2014-10-20 22:42 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
    2014-10-20 22:42 - 2014-10-20 22:42 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2014-10-20 22:41 - 2014-10-20 22:41 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
    2014-10-20 22:41 - 2014-10-20 22:41 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
    2014-10-20 22:41 - 2014-10-20 22:41 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
    2014-10-20 22:41 - 2014-10-20 22:41 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
    2014-10-20 22:41 - 2014-10-20 22:41 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
    2014-10-20 22:41 - 2014-10-20 22:41 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
    2014-10-20 22:41 - 2014-10-20 22:41 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
    2014-10-20 22:41 - 2014-10-20 22:41 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
    2014-10-20 22:41 - 2014-10-20 22:41 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
    2014-10-20 22:41 - 2014-10-20 22:41 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
    2014-10-20 22:41 - 2014-10-20 22:41 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
    2014-10-20 22:41 - 2014-10-20 22:41 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
    2014-10-20 22:41 - 2014-10-20 22:41 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
    2014-10-20 22:41 - 2014-10-20 22:41 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
    2014-10-20 22:41 - 2014-10-20 22:41 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
    2014-10-20 22:41 - 2014-10-20 22:41 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
    2014-10-20 22:41 - 2014-10-20 22:41 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
    2014-10-20 22:41 - 2014-10-20 22:41 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
    2014-10-20 22:41 - 2014-10-20 22:41 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
    2014-10-20 22:41 - 2014-10-20 22:41 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
    2014-10-20 22:41 - 2014-10-20 22:41 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
    2014-10-20 22:41 - 2014-10-20 22:41 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
    2014-10-20 22:41 - 2014-10-20 22:41 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
    2014-10-20 22:41 - 2014-10-20 22:41 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
    2014-10-20 22:41 - 2014-10-20 22:41 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
    2014-10-20 22:41 - 2014-10-20 22:41 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    2014-10-20 22:41 - 2014-10-20 22:41 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    2014-10-20 22:41 - 2014-10-20 22:41 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
    2014-10-20 22:41 - 2014-10-20 22:41 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
    2014-10-20 22:41 - 2014-10-20 22:41 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
    2014-10-20 22:41 - 2014-10-20 22:41 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
    2014-10-20 22:41 - 2014-10-20 22:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
    2014-10-20 22:41 - 2014-10-20 22:41 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
    2014-10-20 22:41 - 2014-10-20 22:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
    2014-10-20 22:41 - 2014-10-20 22:41 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
    2014-10-20 22:41 - 2014-10-20 22:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
    2014-10-20 22:41 - 2014-10-20 22:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
    2014-10-20 22:41 - 2014-10-20 22:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
    2014-10-20 22:41 - 2014-10-20 22:41 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
    2014-10-20 22:41 - 2014-10-20 22:41 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
    2014-10-20 22:41 - 2014-10-20 22:41 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
    2014-10-20 22:37 - 2014-11-04 16:40 - 00000000 ____D () C:\ProgramData\NVIDIA
    2014-10-20 22:37 - 2014-10-20 22:37 - 00000020 ___SH () C:\Users\UpdatusUser\ntuser.ini
    2014-10-20 22:37 - 2011-12-11 21:51 - 00000000 ____D () C:\Users\UpdatusUser\AppData\Roaming\Macromedia
    2014-10-20 22:37 - 2009-07-13 21:54 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    2014-10-20 22:37 - 2009-07-13 21:49 - 00000000 ___RD () C:\Users\UpdatusUser\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
    2014-10-20 22:36 - 2014-10-20 22:37 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
    2014-10-20 22:36 - 2013-10-23 01:20 - 06669600 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
    2014-10-20 22:36 - 2013-10-23 01:20 - 03489568 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
    2014-10-20 22:36 - 2013-10-23 01:20 - 02559776 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
    2014-10-20 22:36 - 2013-10-23 01:20 - 00922912 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
    2014-10-20 22:36 - 2013-10-23 01:20 - 00219424 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
    2014-10-20 22:36 - 2013-10-23 01:20 - 00063776 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
    2014-10-20 22:35 - 2014-10-20 22:37 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
    2014-10-20 22:35 - 2013-12-18 11:43 - 00061216 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
    2014-10-20 22:35 - 2013-12-18 11:43 - 00053024 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
    2014-10-20 22:34 - 2014-10-20 22:37 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
    2014-10-20 22:26 - 2014-10-20 22:28 - 00244032 _____ () C:\Users\Johnson\Downloads\Firefox Setup Stub 33.0.exe
    2014-10-20 07:33 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
    2014-10-20 07:33 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
    2014-10-20 07:33 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
    2014-10-20 07:33 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
    2014-10-20 07:33 - 2014-07-08 19:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
    2014-10-20 07:33 - 2014-07-08 18:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
    2014-10-20 07:33 - 2014-07-08 18:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
    2014-10-20 07:33 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
    2014-10-20 07:33 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
    2014-10-20 07:33 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
    2014-10-20 07:33 - 2014-07-08 15:38 - 00419992 _____ () C:\Windows\system32\locale.nls
    2014-10-20 07:33 - 2014-07-08 15:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
    2014-10-20 07:33 - 2012-02-10 23:36 - 00559104 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
    2014-10-20 07:33 - 2012-02-10 23:36 - 00067072 _____ (Microsoft Corporation) C:\Windows\splwow64.exe
    2014-10-20 05:26 - 2014-10-20 22:45 - 00014552 _____ () C:\Windows\IE11_main.log
    2014-10-17 00:36 - 2014-10-17 00:36 - 00000000 ___SD () C:\Windows\system32\CompatTel
    2014-10-17 00:35 - 2013-05-09 22:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
    2014-10-17 00:35 - 2013-05-09 22:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
    2014-10-17 00:35 - 2013-05-09 21:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
    2014-10-17 00:35 - 2013-05-09 21:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
    2014-10-17 00:10 - 2012-07-25 20:08 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
    2014-10-17 00:10 - 2012-07-25 20:08 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
    2014-10-17 00:10 - 2012-07-25 20:08 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
    2014-10-17 00:10 - 2012-07-25 20:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
    2014-10-17 00:10 - 2012-07-25 20:08 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
    2014-10-17 00:10 - 2012-07-25 19:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
    2014-10-17 00:10 - 2012-07-25 19:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
    2014-10-17 00:10 - 2012-06-02 07:57 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
    2014-10-16 22:43 - 2009-06-10 13:31 - 00051867 _____ () C:\Windows\Ultimate.xml
    2014-10-16 22:39 - 2014-10-16 22:41 - 00012618 _____ () C:\Windows\DPINST.LOG
    2014-10-16 22:39 - 2014-10-16 22:41 - 00001512 _____ () C:\Windows\Synaptics.log
    2014-10-16 22:31 - 2014-08-01 04:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
    2014-10-16 22:31 - 2014-08-01 04:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
    2014-10-16 22:31 - 2014-01-27 19:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
    2014-10-16 22:31 - 2013-12-03 19:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
    2014-10-16 22:31 - 2013-12-03 19:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
    2014-10-16 22:31 - 2013-12-03 19:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
    2014-10-16 22:31 - 2013-12-03 19:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
    2014-10-16 22:31 - 2013-12-03 19:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
    2014-10-16 22:31 - 2013-12-03 19:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
    2014-10-16 22:31 - 2013-12-03 19:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
    2014-10-16 22:31 - 2013-12-03 19:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
    2014-10-16 22:31 - 2013-12-03 19:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
    2014-10-16 22:31 - 2013-12-03 19:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
    2014-10-16 22:31 - 2013-12-03 19:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
    2014-10-16 22:31 - 2013-12-03 19:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
    2014-10-16 22:31 - 2013-12-03 19:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
    2014-10-16 22:31 - 2013-12-03 19:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
    2014-10-16 22:31 - 2013-12-03 18:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
    2014-10-16 22:31 - 2013-12-03 18:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
    2014-10-16 22:31 - 2013-12-03 18:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
    2014-10-16 22:31 - 2013-12-03 18:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
    2014-10-16 22:31 - 2013-10-29 19:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
    2014-10-16 22:31 - 2013-10-29 19:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
    2014-10-16 22:31 - 2013-10-03 19:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
    2014-10-16 22:31 - 2013-10-03 19:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
    2014-10-16 22:31 - 2013-10-03 18:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
    2014-10-16 22:31 - 2013-10-03 18:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
    2014-10-16 22:31 - 2013-08-04 19:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
    2014-10-16 22:31 - 2013-03-18 22:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
    2014-10-16 22:31 - 2012-10-09 11:17 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
    2014-10-16 22:31 - 2012-10-09 11:17 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
    2014-10-16 22:31 - 2012-10-09 10:40 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
    2014-10-16 22:31 - 2012-10-09 10:40 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
    2014-10-16 22:31 - 2012-01-04 03:44 - 00509952 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll
    2014-10-16 22:31 - 2012-01-04 01:58 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
    2014-10-16 22:31 - 2011-12-29 23:26 - 00515584 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
    2014-10-16 22:31 - 2011-12-29 22:27 - 00478720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
    2014-10-16 22:30 - 2014-10-16 22:30 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2014-10-16 22:30 - 2014-10-09 19:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2014-10-16 22:30 - 2014-10-09 19:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2014-10-16 22:30 - 2014-10-09 19:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2014-10-16 22:30 - 2014-09-24 19:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
    2014-10-16 22:30 - 2014-09-24 18:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
    2014-10-16 22:30 - 2013-09-07 19:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
    2014-10-16 22:30 - 2013-09-07 19:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
    2014-10-16 22:30 - 2013-08-28 19:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2014-10-16 22:30 - 2013-08-28 19:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
    2014-10-16 22:30 - 2013-08-28 19:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
    2014-10-16 22:30 - 2013-08-28 18:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
    2014-10-16 22:30 - 2013-08-28 18:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
    2014-10-16 22:30 - 2013-08-28 18:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
    2014-10-16 22:30 - 2013-07-04 05:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
    2014-10-16 22:30 - 2013-07-04 05:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
    2014-10-16 22:30 - 2013-07-04 04:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
    2014-10-16 22:30 - 2013-07-04 04:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
    2014-10-16 22:30 - 2013-07-04 03:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
    2014-10-16 22:30 - 2013-04-25 16:30 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
    2014-10-16 22:30 - 2013-03-31 15:52 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
    2014-10-16 22:30 - 2012-12-07 06:20 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
    2014-10-16 22:30 - 2012-12-07 06:15 - 02746368 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
    2014-10-16 22:30 - 2012-12-07 05:26 - 00308736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
    2014-10-16 22:30 - 2012-12-07 05:20 - 02576384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
    2014-10-16 22:30 - 2012-12-07 04:20 - 00045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs
    2014-10-16 22:30 - 2012-12-07 04:20 - 00044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs
    2014-10-16 22:30 - 2012-12-07 04:20 - 00043520 _____ (Microsoft) C:\Windows\system32\csrr.rs
    2014-10-16 22:30 - 2012-12-07 04:20 - 00030720 _____ (Microsoft) C:\Windows\system32\usk.rs
    2014-10-16 22:30 - 2012-12-07 04:20 - 00023552 _____ (Microsoft) C:\Windows\system32\oflc.rs
    2014-10-16 22:30 - 2012-12-07 04:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs
    2014-10-16 22:30 - 2012-12-07 04:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs
    2014-10-16 22:30 - 2012-12-07 04:19 - 00055296 _____ (Microsoft) C:\Windows\system32\cero.rs
    2014-10-16 22:30 - 2012-12-07 04:19 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs
    2014-10-16 22:30 - 2012-12-07 04:19 - 00046592 _____ (Microsoft) C:\Windows\system32\fpb.rs
    2014-10-16 22:30 - 2012-12-07 04:19 - 00040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs
    2014-10-16 22:30 - 2012-12-07 04:19 - 00021504 _____ (Microsoft) C:\Windows\system32\grb.rs
    2014-10-16 22:30 - 2012-12-07 04:19 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi.rs
    2014-10-16 22:30 - 2012-12-07 04:19 - 00015360 _____ (Microsoft) C:\Windows\system32\djctq.rs
    2014-10-16 22:30 - 2012-12-07 03:46 - 00055296 _____ (Microsoft) C:\Windows\SysWOW64\cero.rs
    2014-10-16 22:30 - 2012-12-07 03:46 - 00051712 _____ (Microsoft) C:\Windows\SysWOW64\esrb.rs
    2014-10-16 22:30 - 2012-12-07 03:46 - 00046592 _____ (Microsoft) C:\Windows\SysWOW64\fpb.rs
    2014-10-16 22:30 - 2012-12-07 03:46 - 00045568 _____ (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs
    2014-10-16 22:30 - 2012-12-07 03:46 - 00044544 _____ (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs
    2014-10-16 22:30 - 2012-12-07 03:46 - 00043520 _____ (Microsoft) C:\Windows\SysWOW64\csrr.rs
    2014-10-16 22:30 - 2012-12-07 03:46 - 00040960 _____ (Microsoft) C:\Windows\SysWOW64\cob-au.rs
    2014-10-16 22:30 - 2012-12-07 03:46 - 00030720 _____ (Microsoft) C:\Windows\SysWOW64\usk.rs
    2014-10-16 22:30 - 2012-12-07 03:46 - 00023552 _____ (Microsoft) C:\Windows\SysWOW64\oflc.rs
    2014-10-16 22:30 - 2012-12-07 03:46 - 00021504 _____ (Microsoft) C:\Windows\SysWOW64\grb.rs
    2014-10-16 22:30 - 2012-12-07 03:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs
    2014-10-16 22:30 - 2012-12-07 03:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs
    2014-10-16 22:30 - 2012-12-07 03:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi.rs
    2014-10-16 22:30 - 2012-12-07 03:46 - 00015360 _____ (Microsoft) C:\Windows\SysWOW64\djctq.rs
    2014-10-16 22:30 - 2012-10-03 10:44 - 00303104 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
    2014-10-16 22:30 - 2012-10-03 10:44 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll
    2014-10-16 22:30 - 2012-10-03 10:44 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
    2014-10-16 22:30 - 2012-10-03 10:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
    2014-10-16 22:30 - 2012-10-03 10:44 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
    2014-10-16 22:30 - 2012-10-03 10:42 - 00569344 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
    2014-10-16 22:30 - 2012-10-03 09:42 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
    2014-10-16 22:30 - 2012-10-03 09:42 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
    2014-10-16 22:30 - 2012-10-03 09:42 - 00018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
    2014-10-16 22:30 - 2012-10-03 09:07 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
    2014-10-16 22:30 - 2012-08-22 11:12 - 00950128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
    2014-10-16 22:30 - 2012-08-21 14:01 - 00245760 _____ (Microsoft Corporation) C:\Windows\system32\OxpsConverter.exe
    2014-10-16 22:30 - 2012-07-04 13:26 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys
    2014-10-16 22:30 - 2012-04-30 22:40 - 00209920 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
    2014-10-16 22:30 - 2012-01-13 00:12 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
    2014-10-16 22:29 - 2014-10-16 22:29 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
    2014-10-16 22:29 - 2014-10-16 22:29 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
    2014-10-16 22:29 - 2014-09-17 19:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
    2014-10-16 22:29 - 2014-09-17 18:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
    2014-10-16 22:29 - 2014-09-09 15:11 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
    2014-10-16 22:29 - 2014-09-09 14:47 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
    2014-10-16 22:29 - 2014-06-24 19:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2014-10-16 22:29 - 2014-06-24 18:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
    2014-10-16 22:29 - 2014-06-03 03:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
    2014-10-16 22:29 - 2014-06-03 03:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
    2014-10-16 22:29 - 2014-06-03 03:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
    2014-10-16 22:29 - 2014-06-03 02:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
    2014-10-16 22:29 - 2014-06-03 02:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
    2014-10-16 22:29 - 2014-02-03 19:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
    2014-10-16 22:29 - 2014-02-03 19:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
    2014-10-16 22:29 - 2014-02-03 19:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
    2014-10-16 22:29 - 2014-02-03 19:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
    2014-10-16 22:29 - 2014-02-03 19:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
    2014-10-16 22:29 - 2014-01-23 19:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
    2014-10-16 22:29 - 2013-05-09 22:49 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
    2014-10-16 22:29 - 2013-05-09 20:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
    2014-10-16 22:29 - 2013-02-26 22:47 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
    2014-10-16 22:29 - 2013-01-23 23:01 - 00223752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
    2014-10-16 22:29 - 2012-07-06 13:07 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
    2014-10-16 22:29 - 2012-05-05 01:36 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2014-10-16 22:29 - 2012-05-05 00:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
    2014-10-16 22:25 - 2014-10-22 20:20 - 00000000 ____D () C:\Windows\system32\appmgmt
    2014-10-16 22:24 - 2013-08-27 18:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
    2014-10-16 22:17 - 2014-10-16 22:21 - 00000000 ____D () C:\Windows\system32\MRT
    2014-10-16 22:14 - 2014-06-30 15:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
    2014-10-16 22:14 - 2014-06-30 15:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
    2014-10-16 22:14 - 2014-03-09 14:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
    2014-10-16 22:14 - 2014-03-09 14:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
    2014-10-16 22:14 - 2014-03-09 14:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
    2014-10-16 22:14 - 2014-03-09 14:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
    2014-10-16 22:13 - 2014-06-05 23:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
    2014-10-16 22:13 - 2014-06-05 23:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
    2014-10-16 21:57 - 2014-10-16 21:57 - 00000000 __SHD () C:\Windows\BitLockerDiscoveryVolumeContents
    2014-10-16 21:57 - 2014-10-16 21:57 - 00000000 ____D () C:\Windows\RemotePackages
    2014-10-16 21:57 - 2014-10-16 21:57 - 00000000 ____D () C:\Windows\CSC
    2014-10-16 20:33 - 2014-04-24 19:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
    2014-10-16 20:33 - 2014-04-24 19:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
    2014-10-16 20:33 - 2014-03-04 02:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2014-10-16 20:33 - 2014-03-04 02:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
    2014-10-16 20:33 - 2014-03-04 02:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2014-10-16 20:33 - 2014-03-04 02:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
    2014-10-16 20:33 - 2014-03-04 02:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
    2014-10-16 20:33 - 2014-03-04 02:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
    2014-10-16 20:33 - 2014-03-04 02:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
    2014-10-16 20:33 - 2014-03-04 02:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
    2014-10-16 20:33 - 2014-03-04 02:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
    2014-10-16 20:33 - 2014-03-04 02:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
    2014-10-16 20:33 - 2014-03-04 02:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
    2014-10-16 20:33 - 2014-03-04 02:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
    2014-10-16 20:33 - 2014-03-04 02:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
    2014-10-16 20:33 - 2014-03-04 02:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
    2014-10-16 20:33 - 2014-03-04 02:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
    2014-10-16 20:33 - 2014-03-04 02:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
    2014-10-16 20:33 - 2014-03-04 02:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
    2014-10-16 20:33 - 2014-03-04 02:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
    2014-10-16 20:33 - 2014-03-04 02:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
    2014-10-16 20:33 - 2013-08-01 19:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2014-10-16 20:33 - 2013-08-01 19:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2014-10-16 20:33 - 2013-08-01 18:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
    2014-10-16 20:33 - 2013-08-01 17:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2014-10-16 20:32 - 2014-09-28 17:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2014-10-16 20:32 - 2014-08-22 19:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2014-10-16 20:32 - 2014-08-22 18:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
    2014-10-16 20:32 - 2014-06-06 03:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
    2014-10-16 20:32 - 2014-06-06 02:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
    2014-10-16 20:32 - 2014-03-26 07:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
    2014-10-16 20:32 - 2014-03-26 07:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
    2014-10-16 20:32 - 2014-03-26 07:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
    2014-10-16 20:32 - 2014-03-26 07:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
    2014-10-16 20:32 - 2014-03-26 07:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
    2014-10-16 20:32 - 2014-03-26 07:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
    2014-10-16 20:32 - 2014-03-26 07:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
    2014-10-16 20:32 - 2014-03-26 07:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
    2014-10-16 20:32 - 2013-10-18 19:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
    2014-10-16 20:32 - 2013-10-18 18:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
    2014-10-16 20:32 - 2013-10-03 19:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
    2014-10-16 20:32 - 2013-10-03 18:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
    2014-10-16 20:32 - 2013-07-08 22:52 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
    2014-10-16 20:32 - 2013-07-08 21:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
    2014-10-16 20:32 - 2013-07-04 05:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
    2014-10-16 20:32 - 2013-07-04 04:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
    2014-10-16 20:31 - 2014-06-18 15:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
    2014-10-16 20:31 - 2014-06-18 15:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
    2014-10-16 20:31 - 2014-06-18 15:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
    2014-10-16 20:31 - 2014-06-18 15:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
    2014-10-16 20:31 - 2014-06-18 15:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
    2014-10-16 20:31 - 2014-06-18 15:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
    2014-10-16 20:29 - 2014-04-04 19:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
    2014-10-16 20:29 - 2014-04-04 19:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
    2014-10-16 20:29 - 2014-01-28 19:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
    2014-10-16 20:29 - 2014-01-28 19:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
    2014-10-16 20:29 - 2013-11-26 18:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
    2014-10-16 20:29 - 2013-11-26 18:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
    2014-10-16 20:29 - 2013-11-26 18:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
    2014-10-16 20:29 - 2013-11-26 18:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
    2014-10-16 20:29 - 2013-11-26 18:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
    2014-10-16 20:29 - 2013-11-26 18:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
    2014-10-16 20:29 - 2013-11-26 18:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
    2014-10-16 20:29 - 2013-11-26 04:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
    2014-10-16 20:29 - 2013-10-05 13:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
    2014-10-16 20:29 - 2013-10-05 12:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
    2014-10-16 20:29 - 2013-07-08 22:46 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
    2014-10-16 20:29 - 2013-07-08 22:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
    2014-10-16 20:29 - 2013-07-08 21:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
    2014-10-16 20:29 - 2013-07-08 21:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
    2014-10-16 20:29 - 2013-06-05 22:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
    2014-10-16 20:29 - 2013-06-05 22:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
    2014-10-16 20:29 - 2013-06-05 22:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
    2014-10-16 20:29 - 2013-06-05 22:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
    2014-10-16 20:29 - 2013-06-05 21:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
    2014-10-16 20:29 - 2013-06-05 21:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
    2014-10-16 20:29 - 2013-06-05 21:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
    2014-10-16 20:29 - 2013-06-05 20:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
    2014-10-16 20:29 - 2013-06-05 20:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
    2014-10-16 20:29 - 2013-06-05 20:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
    2014-10-16 20:28 - 2014-06-17 19:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
    2014-10-16 20:28 - 2014-06-17 18:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
    2014-10-16 20:27 - 2014-05-29 23:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
    2014-10-16 20:27 - 2013-07-25 19:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
    2014-10-16 20:27 - 2013-07-25 18:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
    2014-10-16 20:27 - 2013-07-25 02:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
    2014-10-16 20:27 - 2013-07-25 01:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
    2014-10-16 20:27 - 2013-07-12 03:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
    2014-10-16 20:27 - 2013-07-12 03:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
    2014-10-16 20:27 - 2013-07-02 21:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
    2014-10-16 20:27 - 2013-07-02 21:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
    2014-10-16 20:27 - 2013-06-25 15:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
    2014-10-16 20:27 - 2013-04-25 22:51 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
    2014-10-16 20:27 - 2013-04-25 21:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
    2014-10-16 20:27 - 2013-02-11 21:12 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
    2014-10-16 20:27 - 2012-11-28 15:56 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
    2014-10-16 20:27 - 2012-11-28 15:56 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
    2014-10-16 20:27 - 2012-11-28 15:56 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
    2014-10-16 20:27 - 2012-11-01 22:59 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
    2014-10-16 20:27 - 2012-11-01 22:11 - 00376832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
    2014-10-16 20:26 - 2014-06-15 19:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
    2014-10-16 20:26 - 2013-04-09 23:01 - 00265064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
    2014-10-16 20:26 - 2011-02-03 04:25 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
    2014-10-16 20:25 - 2014-07-16 19:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
    2014-10-16 20:25 - 2014-07-16 19:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
    2014-10-16 20:25 - 2014-07-16 19:07 - 01113088 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
    2014-10-16 20:25 - 2014-07-16 19:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
    2014-10-16 20:25 - 2014-07-16 19:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
    2014-10-16 20:25 - 2014-07-16 19:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
    2014-10-16 20:25 - 2014-07-16 19:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
    2014-10-16 20:25 - 2014-07-16 19:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2014-10-16 20:25 - 2014-07-16 19:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2014-10-16 20:25 - 2014-07-16 18:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
    2014-10-16 20:25 - 2014-07-16 18:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
    2014-10-16 20:25 - 2014-07-16 18:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
    2014-10-16 20:25 - 2014-07-16 18:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
    2014-10-16 20:25 - 2014-07-16 18:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
    2014-10-16 20:25 - 2014-07-16 18:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
    2014-10-16 20:25 - 2014-07-16 18:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
    2014-10-16 20:25 - 2014-07-16 18:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
    2014-10-16 20:25 - 2014-07-06 19:06 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2014-10-16 20:25 - 2014-07-06 19:06 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2014-10-16 20:25 - 2014-07-06 18:40 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
    2014-10-16 20:25 - 2014-07-06 18:40 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
    2014-10-16 20:25 - 2014-07-06 18:39 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
    2014-10-16 20:25 - 2014-05-30 01:08 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2014-10-16 20:25 - 2014-05-30 01:08 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2014-10-16 20:25 - 2014-05-30 01:08 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2014-10-16 20:25 - 2014-05-30 01:08 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2014-10-16 20:25 - 2014-05-30 00:52 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
    2014-10-16 20:25 - 2014-05-30 00:52 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
    2014-10-16 20:25 - 2014-05-30 00:52 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
    2014-10-16 20:25 - 2014-05-30 00:52 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
    2014-10-16 20:25 - 2014-04-11 19:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2014-10-16 20:25 - 2014-04-11 19:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2014-10-16 20:25 - 2014-04-11 19:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2014-10-16 20:25 - 2014-04-11 19:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2014-10-16 20:25 - 2014-04-11 19:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2014-10-16 20:25 - 2014-04-11 19:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2014-10-16 20:25 - 2013-07-04 05:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
    2014-10-16 20:25 - 2013-02-14 23:08 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
    2014-10-16 20:25 - 2013-02-14 23:02 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
    2014-10-16 20:25 - 2013-02-14 20:25 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
    2014-10-16 20:25 - 2012-11-22 20:13 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
    2014-10-16 20:25 - 2012-09-25 15:47 - 00078336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
    2014-10-16 20:25 - 2012-09-25 15:46 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll
    2014-10-16 20:24 - 2014-09-03 22:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
    2014-10-16 20:24 - 2014-09-03 22:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
    2014-10-16 20:24 - 2013-05-12 22:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
    2014-10-16 20:24 - 2013-05-12 20:43 - 01192448 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
    2014-10-16 20:24 - 2013-05-12 20:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
    2014-10-16 20:24 - 2013-05-12 20:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
    2014-10-16 20:23 - 2014-03-04 02:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2014-10-16 20:23 - 2014-03-04 02:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
    2014-10-16 20:23 - 2014-03-04 02:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
    2014-10-16 20:23 - 2014-03-04 02:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
    2014-10-16 20:23 - 2014-03-04 02:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
    2014-10-16 20:23 - 2014-03-04 02:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
    2014-10-16 20:23 - 2014-03-04 02:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
    2014-10-16 20:23 - 2014-03-04 02:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
    2014-10-16 20:23 - 2014-03-04 02:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
    2014-10-16 20:23 - 2014-03-04 01:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
    2014-10-16 20:23 - 2014-03-04 01:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
    2014-10-16 20:23 - 2013-10-11 19:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
    2014-10-16 20:23 - 2013-10-11 19:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
    2014-10-16 20:23 - 2013-10-11 19:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
    2014-10-16 20:23 - 2013-10-11 19:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
    2014-10-16 20:23 - 2013-10-11 18:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
    2014-10-16 20:23 - 2013-10-11 18:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
    2014-10-16 20:23 - 2013-10-11 18:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
    2014-10-16 20:23 - 2013-10-11 18:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
    2014-10-16 20:23 - 2013-08-01 19:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
    2014-10-16 20:23 - 2013-08-01 19:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
    2014-10-16 20:23 - 2013-08-01 19:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
    2014-10-16 20:23 - 2013-08-01 19:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2014-10-16 20:23 - 2013-08-01 19:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2014-10-16 20:23 - 2013-08-01 19:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2014-10-16 20:23 - 2013-08-01 19:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2014-10-16 20:23 - 2013-08-01 19:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2014-10-16 20:23 - 2013-08-01 19:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2014-10-16 20:23 - 2013-08-01 19:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2014-10-16 20:23 - 2013-08-01 19:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2014-10-16 20:23 - 2013-08-01 19:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2014-10-16 20:23 - 2013-08-01 19:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2014-10-16 20:23 - 2013-08-01 19:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2014-10-16 20:23 - 2013-08-01 19:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2014-10-16 20:23 - 2013-08-01 19:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2014-10-16 20:23 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2014-10-16 20:23 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
    2014-10-16 20:23 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
    2014-10-16 20:23 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2014-10-16 20:23 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
    2014-10-16 20:23 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2014-10-16 20:23 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2014-10-16 20:23 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2014-10-16 20:23 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2014-10-16 20:23 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2014-10-16 20:23 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2014-10-16 20:23 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2014-10-16 20:23 - 2013-08-01 19:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
    2014-10-16 20:23 - 2013-08-01 18:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
    2014-10-16 20:23 - 2013-08-01 18:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
    2014-10-16 20:23 - 2013-08-01 18:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
    2014-10-16 20:23 - 2013-08-01 18:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
    2014-10-16 20:23 - 2013-08-01 18:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
    2014-10-16 20:23 - 2013-08-01 18:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
    2014-10-16 20:23 - 2013-08-01 18:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
    2014-10-16 20:23 - 2013-08-01 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
    2014-10-16 20:23 - 2013-08-01 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
    2014-10-16 20:23 - 2013-08-01 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
    2014-10-16 20:23 - 2013-08-01 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
    2014-10-16 20:23 - 2013-08-01 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
    2014-10-16 20:23 - 2013-08-01 18:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
    2014-10-16 20:23 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
    2014-10-16 20:23 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
    2014-10-16 20:23 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
    2014-10-16 20:23 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
    2014-10-16 20:23 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
    2014-10-16 20:23 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
    2014-10-16 20:23 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
    2014-10-16 20:23 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
    2014-10-16 20:23 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
    2014-10-16 20:23 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
    2014-10-16 20:23 - 2013-08-01 18:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
    2014-10-16 20:23 - 2013-08-01 18:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
    2014-10-16 20:23 - 2013-08-01 17:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
    2014-10-16 20:23 - 2013-08-01 17:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
    2014-10-16 20:23 - 2013-08-01 17:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
    2014-10-16 20:23 - 2013-08-01 17:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
    2014-10-16 20:23 - 2013-07-20 03:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2014-10-16 20:23 - 2013-07-20 03:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
    2014-10-16 20:23 - 2012-07-04 15:16 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll
    2014-10-16 20:23 - 2012-07-04 15:13 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\browser.dll
    2014-10-16 20:23 - 2012-07-04 15:13 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\browcli.dll
    2014-10-16 20:23 - 2012-07-04 14:16 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
    2014-10-16 20:23 - 2012-07-04 14:14 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
    2014-10-16 20:22 - 2014-10-26 19:40 - 00007605 _____ () C:\Users\Johnson\AppData\Local\resmon.resmoncfg
    2014-10-16 20:22 - 2014-09-12 18:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
    2014-10-16 20:22 - 2014-09-12 18:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
    2014-10-16 20:21 - 2012-05-13 22:26 - 00956928 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
    2014-10-16 19:53 - 2014-07-13 19:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
    2014-10-16 19:53 - 2014-07-13 18:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
    2014-10-16 19:52 - 2012-06-05 23:02 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
    2014-10-16 19:52 - 2012-06-05 22:03 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
    2014-10-16 19:44 - 2013-10-11 19:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
    2014-10-16 19:44 - 2013-10-11 19:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
    2014-10-16 19:44 - 2013-10-11 19:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
    2014-10-16 19:44 - 2013-10-11 19:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
    2014-10-16 19:44 - 2013-10-11 19:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
    2014-10-16 19:24 - 2014-05-14 09:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2014-10-16 19:24 - 2014-05-14 09:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
    2014-10-16 19:24 - 2014-05-14 09:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
    2014-10-16 19:24 - 2014-05-14 09:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2014-10-16 19:24 - 2014-05-14 09:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
    2014-10-16 19:24 - 2014-05-14 09:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
    2014-10-16 19:24 - 2014-05-14 09:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
    2014-10-16 19:24 - 2014-05-14 09:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
    2014-10-16 19:24 - 2014-05-14 09:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
    2014-10-16 19:24 - 2014-05-14 09:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
    2014-10-16 19:24 - 2014-05-14 06:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
    2014-10-16 19:24 - 2014-05-14 06:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
    2014-10-16 19:24 - 2014-05-14 06:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
    2014-10-16 19:24 - 2014-05-14 06:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
    2014-10-14 18:42 - 2014-10-14 18:42 - 00000045 _____ () C:\Windows\SysWOW64\initdebug.nfo
    2014-10-14 18:42 - 2014-10-14 18:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
     
    ==================== One Month Modified Files and Folders =======
     
    (If an entry is included in the fixlist, the file\folder will be moved.)
     
    2014-11-04 19:04 - 2012-04-01 12:40 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
    2014-11-04 19:02 - 2012-05-05 01:57 - 01458920 _____ () C:\Windows\WindowsUpdate.log
    2014-11-04 19:01 - 2009-07-13 21:45 - 00027904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2014-11-04 19:01 - 2009-07-13 21:45 - 00027904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2014-11-04 16:40 - 2012-05-25 07:28 - 00005084 _____ () C:\Windows\setupact.log
    2014-11-04 16:40 - 2012-05-25 07:27 - 00806218 _____ () C:\Windows\PFRO.log
    2014-11-04 16:40 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
    2014-11-04 16:36 - 2009-07-13 22:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
    2014-11-03 21:19 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
    2014-11-03 01:29 - 2011-10-12 11:36 - 00000000 ____D () C:\ProgramData\McAfee
    2014-10-31 01:36 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\LiveKernelReports
    2014-10-28 06:34 - 2011-10-12 10:51 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
    2014-10-27 18:36 - 2009-05-27 18:24 - 00000000 ____D () C:\Delete
    2014-10-27 18:14 - 2012-01-24 22:30 - 00000000 ____D () C:\Program Files (x86)\iTunes
    2014-10-27 18:13 - 2011-12-02 12:46 - 00000000 ____D () C:\Program Files\Common Files\Apple
    2014-10-27 18:07 - 2011-12-02 12:44 - 00000000 ____D () C:\ProgramData\Apple
    2014-10-27 00:07 - 2011-10-20 13:05 - 00000000 ____D () C:\ProgramData\Skype
    2014-10-27 00:05 - 2012-01-01 13:46 - 00000000 ____D () C:\Users\Johnson\AppData\Local\Google
    2014-10-24 23:06 - 2011-12-02 12:53 - 00000000 ____D () C:\Users\Johnson\AppData\Roaming\uTorrent
    2014-10-24 23:05 - 2012-04-01 12:40 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
    2014-10-24 23:04 - 2012-04-01 12:40 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
    2014-10-24 23:04 - 2011-10-12 11:36 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
    2014-10-24 22:55 - 2012-05-13 13:23 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2014-10-22 20:11 - 2011-10-14 17:15 - 00058016 _____ () C:\Users\Johnson\AppData\Local\GDIPFONTCACHEV1.DAT
    2014-10-22 11:43 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
    2014-10-22 10:39 - 2009-07-13 21:45 - 00267672 _____ () C:\Windows\system32\FNTCACHE.DAT
    2014-10-21 18:16 - 2011-11-06 16:00 - 00000000 ____D () C:\Program Files (x86)\Java
    2014-10-20 23:23 - 2011-10-18 17:40 - 00001415 _____ () C:\Users\Johnson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2014-10-20 23:22 - 2011-10-12 14:05 - 00000000 ____D () C:\Windows\Panther
    2014-10-20 23:21 - 2012-04-15 20:42 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2014-10-20 23:21 - 2011-10-12 11:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-10-20 23:19 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\zh-HK
    2014-10-20 23:19 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR
    2014-10-20 23:19 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\zh-HK
    2014-10-20 23:19 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\tr-TR
    2014-10-20 23:15 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\NDF
    2014-10-20 22:36 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\Help
    2014-10-20 22:36 - 2008-09-05 15:51 - 00000000 ____D () C:\Temp
    2014-10-20 22:31 - 2011-10-12 11:26 - 00000000 ____D () C:\Users\Johnson\AppData\Local\Mozilla
    2014-10-20 22:30 - 2011-10-12 11:26 - 00001161 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2014-10-20 22:30 - 2011-10-12 11:26 - 00001149 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2014-10-17 07:05 - 2009-07-13 22:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
    2014-10-17 07:04 - 2009-07-13 21:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    2014-10-17 00:36 - 2009-07-14 00:45 - 00000000 ____D () C:\Program Files\Windows Journal
    2014-10-17 00:36 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
    2014-10-17 00:36 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\Dism
    2014-10-16 22:42 - 2009-07-13 22:32 - 00000000 ____D () C:\Windows\system32\WinBioDatabase
    2014-10-16 22:03 - 2009-07-13 20:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
    2014-10-16 21:57 - 2009-07-13 22:32 - 00000000 ____D () C:\Program Files\Windows Defender
    2014-10-16 21:57 - 2009-07-13 22:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
    2014-10-16 21:57 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\security
    2014-10-16 21:53 - 2009-07-13 22:32 - 00000000 ____D () C:\Windows\system32\restore
    2014-10-16 21:37 - 2011-10-20 13:07 - 00000000 ____D () C:\Users\Johnson\AppData\Roaming\Skype
    2014-10-16 20:17 - 2012-05-12 23:10 - 00000000 ____D () C:\Users\Johnson\AppData\Roaming\WinZip
    2014-10-16 20:16 - 2011-10-12 11:29 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
    2014-10-16 20:14 - 2012-06-11 01:19 - 00000000 ____D () C:\Users\Johnson\Documents\Symantec
    2014-10-16 20:08 - 2012-06-11 01:13 - 00000000 ____D () C:\ProgramData\Norton
    2014-10-16 20:05 - 2012-06-11 01:11 - 00000000 ____D () C:\Users\Johnson\AppData\Local\ID Vault
    2014-10-16 20:04 - 2012-06-11 01:10 - 00000000 ____D () C:\Users\Johnson\AppData\Roaming\ID Vault
     
    Some content of TEMP:
    ====================
    C:\Users\Johnson\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
    C:\Users\Johnson\AppData\Local\Temp\ochelper.exe
    C:\Users\Johnson\AppData\Local\Temp\sfamcc00001.dll
    C:\Users\Johnson\AppData\Local\Temp\sfextra.dll
    C:\Users\Johnson\AppData\Local\Temp\tbuTor.dll
    C:\Users\Johnson\AppData\Local\Temp\UpdateFlashPlayer_df0ad330.exe
     
     
    ==================== Bamital & volsnap Check =================
     
    (There is no automatic fix for files that do not pass verification.)
     
    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\SysWOW64\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
     
     
    LastRegBack: 2014-10-16 21:13
     
    ==================== End Of Log ============================

    Attached Files


    Edited by ken545, 05 November 2014 - 05:52 AM.


    #10 ken545

    ken545

      Malware Response Team


    • Malware Response Team
    • 1,685 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:The Space Coast of Florida
    • Local time:09:32 PM

    Posted 05 November 2014 - 06:26 AM

    You definitely have a lot going on, this fix will remove most of it, then we will run another program that will hopefully get the rest

     

     

     
    Open notepad (Start --> All Programs --> Accessories --> Notepad).
    Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
    Save it to the same directory as FRST or FRST64 as fixlist.txt. (it has to be right next to FRST or FRST64) either in a directory you saved FRST or FRST64 or on your desktop if thats where you saved it.
    You can use your mouse to drag Fixlist right next to FRST or FRST64, either above or below it but not on top of it.
     
    Start
    CloseProcesses:
    HKLM\...\Run: [Nyrekiigf] => "C:\Users\Johnson\AppData\Roaming\Ywtaci\sioqu.exe"
    HKLM-x32\...\Run: [Nyrekiigf] => C:\Users\Johnson\AppData\Roaming\Ywtaci\sioqu.exe
    HKLM Group Policy restriction on software: C:\Program Files (x86)\AVG <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Program Files (x86)\AVG <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Program Files (x86)\Common Files\Symantec Shared <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Program Files (x86)\McAfee <====== ATTENTION
    HKU\S-1-5-21-673182880-2845566908-216800050-1000\...\Run: [Xmauiib] => regsvr32.exe /s "C:\Users\Johnson\AppData\Local\Microsoft\Xmauiib.dll" <===== ATTENTION
    HKU\S-1-5-21-673182880-2845566908-216800050-1000\...\Run: [FivunIzijt] => regsvr32.exe "C:\ProgramData\FivunIzijt\FivunIzijt.dat"
    HKU\S-1-5-21-673182880-2845566908-216800050-1000\...\Run: [QojzoDzaxa] => regsvr32.exe "C:\ProgramData\QojzoDzaxa\QojzoDzaxa.dat"
    HKU\S-1-5-21-673182880-2845566908-216800050-1000\...\Run: [movziuz] => rundll32 "C:\Users\Johnson\AppData\Local\movziuz.dll",movziuz <===== ATTENTION
    HKU\S-1-5-21-673182880-2845566908-216800050-1000\...\Run: [Nyrekiigf] => "C:\Users\Johnson\AppData\Roaming\Ywtaci\sioqu.exe"
    HKU\S-1-5-21-673182880-2845566908-216800050-1000\...\Run: [KovcUfiq] => regsvr32.exe "C:\ProgramData\KovcUfiq\KovcUfiq.dat"
    HKU\S-1-5-21-673182880-2845566908-216800050-1000\...\Run: [Svc2dll] => C:\Users\Johnson\AppData\Local\svcxdcl32.exe
    HKU\S-1-5-21-673182880-2845566908-216800050-1000\...\Run: [{F8818772-351F-CC75-1AE6-8B087C83B1A0}] => C:\Users\Johnson\AppData\Roaming\Siuvhy\gyza.exe
    HKU\S-1-5-21-673182880-2845566908-216800050-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
    HKU\S-1-5-21-673182880-2845566908-216800050-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Xmauiib] => regsvr32.exe /s "C:\Users\Johnson\AppData\Local\Microsoft\Xmauiib.dll" <===== ATTENTION
    C:\Users\Johnson\AppData\Local\Microsoft\Xmauiib.dll
    HKU\S-1-5-21-673182880-2845566908-216800050-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [FivunIzijt] => regsvr32.exe "C:\ProgramData\FivunIzijt\FivunIzijt.dat"
    HKU\S-1-5-21-673182880-2845566908-216800050-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [QojzoDzaxa] => regsvr32.exe "C:\ProgramData\QojzoDzaxa\QojzoDzaxa.dat"
    HKU\S-1-5-21-673182880-2845566908-216800050-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [movziuz] => rundll32 "C:\Users\Johnson\AppData\Local\movziuz.dll",movziuz <===== ATTENTION
    HKU\S-1-5-21-673182880-2845566908-216800050-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Nyrekiigf] => "C:\Users\Johnson\AppData\Roaming\Ywtaci\sioqu.exe"
    HKU\S-1-5-21-673182880-2845566908-216800050-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [KovcUfiq] => regsvr32.exe "C:\ProgramData\KovcUfiq\KovcUfiq.dat"
    HKU\S-1-5-21-673182880-2845566908-216800050-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Svc2dll] => C:\Users\Johnson\AppData\Local\svcxdcl32.exe
    HKU\S-1-5-21-673182880-2845566908-216800050-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [{F8818772-351F-CC75-1AE6-8B087C83B1A0}] => C:\Users\Johnson\AppData\Roaming\Siuvhy\gyza.exe
    HKU\S-1-5-21-673182880-2845566908-216800050-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation) <==== ATTENTION 
    C:\Users\Johnson\AppData\Roaming\Ywtaci
    C:\Users\Johnson\AppData\Local\Microsoft\Xmauiib.dll
    C:\ProgramData\FivunIzijt
    C:\ProgramData\QojzoDzaxa
    C:\Users\Johnson\AppData\Local\movziuz.dll
    C:\ProgramData\KovcUfiq
    C:\Users\Johnson\AppData\Local\svcxdcl32.exe
    C:\Users\Johnson\AppData\Roaming\Siuvhy
    C:\Users\Johnson\AppData\Local\Microsoft\Xmauiib.dll
    C:\ProgramData\FivunIzijt
    C:\ProgramData\QojzoDzaxa
    C:\Users\Johnson\AppData\Roaming\Ixmuho
    C:\Users\Johnson\AppData\Roaming\Acfie
    C:\ProgramData\RemyAmna
    C:\ProgramData\KovcUfiq
    C:\Users\Johnson\AppData\Roaming\Emynx
    C:\ProgramData\QojzoDzaxa
    CustomCLSID: HKU\S-1-5-21-673182880-2845566908-216800050-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
    CMD: ipconfig /flushdns
    Hosts:
    EmptyTemp:
    End
    
     
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
     
    Then open FRST or FRST64 and click on fix
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
     
     
     
     
     
     

     
    Download ComboFix from here:
     
    Place ComboFix.exe on your Desktop <--Important
    •  
    • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
    * Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
     
     
     
    You can get help on disabling your protection programs here
    • Double click on ComboFix.exe & follow the prompts.
    • You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)
    • Your desktop may go blank. This is normal. It will return when ComboFix is done. Combofix may need to reboot your computer more than once to do its job this is normal.
    • When finished, it shall produce a log for you. Post that log in your next reply
     
    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
     
    Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

     


    mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days


    #11 djmsu

    djmsu
    • Topic Starter

    • Members
    • 10 posts
    • OFFLINE
    •  
    • Local time:06:32 PM

    Posted 05 November 2014 - 03:44 PM

    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 04-11-2014
    Ran by Johnson at 2014-11-05 13:29:51 Run:2
    Running from C:\Users\Johnson\Desktop
    Loaded Profiles: Johnson & UpdatusUser (Available profiles: Johnson & Mcx1-JOHNSON-PC & UpdatusUser)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    Start
    CloseProcesses:
    HKLM\...\Run: [Nyrekiigf] => "C:\Users\Johnson\AppData\Roaming\Ywtaci\sioqu.exe"
    HKLM-x32\...\Run: [Nyrekiigf] => C:\Users\Johnson\AppData\Roaming\Ywtaci\sioqu.exe
    HKLM Group Policy restriction on software: C:\Program Files (x86)\AVG <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Program Files (x86)\AVG <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Malwarebytes <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\McAfee <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Program Files (x86)\Common Files\Symantec Shared <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Documents and Settings\All Users\Application Data\Kaspersky Lab <====== ATTENTION
    HKLM Group Policy restriction on software: C:\Program Files (x86)\McAfee <====== ATTENTION
    HKU\S-1-5-21-673182880-2845566908-216800050-1000\...\Run: [Xmauiib] => regsvr32.exe /s "C:\Users\Johnson\AppData\Local\Microsoft\Xmauiib.dll" <===== ATTENTION
    HKU\S-1-5-21-673182880-2845566908-216800050-1000\...\Run: [FivunIzijt] => regsvr32.exe "C:\ProgramData\FivunIzijt\FivunIzijt.dat"
    HKU\S-1-5-21-673182880-2845566908-216800050-1000\...\Run: [QojzoDzaxa] => regsvr32.exe "C:\ProgramData\QojzoDzaxa\QojzoDzaxa.dat"
    HKU\S-1-5-21-673182880-2845566908-216800050-1000\...\Run: [movziuz] => rundll32 "C:\Users\Johnson\AppData\Local\movziuz.dll",movziuz <===== ATTENTION
    HKU\S-1-5-21-673182880-2845566908-216800050-1000\...\Run: [Nyrekiigf] => "C:\Users\Johnson\AppData\Roaming\Ywtaci\sioqu.exe"
    HKU\S-1-5-21-673182880-2845566908-216800050-1000\...\Run: [KovcUfiq] => regsvr32.exe "C:\ProgramData\KovcUfiq\KovcUfiq.dat"
    HKU\S-1-5-21-673182880-2845566908-216800050-1000\...\Run: [Svc2dll] => C:\Users\Johnson\AppData\Local\svcxdcl32.exe
    HKU\S-1-5-21-673182880-2845566908-216800050-1000\...\Run: [{F8818772-351F-CC75-1AE6-8B087C83B1A0}] => C:\Users\Johnson\AppData\Roaming\Siuvhy\gyza.exe
    HKU\S-1-5-21-673182880-2845566908-216800050-1000\...A8F59079A8D5}\localserver32: rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 239 more characters). <==== Poweliks!
    HKU\S-1-5-21-673182880-2845566908-216800050-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Xmauiib] => regsvr32.exe /s "C:\Users\Johnson\AppData\Local\Microsoft\Xmauiib.dll" <===== ATTENTION
    C:\Users\Johnson\AppData\Local\Microsoft\Xmauiib.dll
    HKU\S-1-5-21-673182880-2845566908-216800050-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [FivunIzijt] => regsvr32.exe "C:\ProgramData\FivunIzijt\FivunIzijt.dat"
    HKU\S-1-5-21-673182880-2845566908-216800050-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [QojzoDzaxa] => regsvr32.exe "C:\ProgramData\QojzoDzaxa\QojzoDzaxa.dat"
    HKU\S-1-5-21-673182880-2845566908-216800050-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [movziuz] => rundll32 "C:\Users\Johnson\AppData\Local\movziuz.dll",movziuz <===== ATTENTION
    HKU\S-1-5-21-673182880-2845566908-216800050-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Nyrekiigf] => "C:\Users\Johnson\AppData\Roaming\Ywtaci\sioqu.exe"
    HKU\S-1-5-21-673182880-2845566908-216800050-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [KovcUfiq] => regsvr32.exe "C:\ProgramData\KovcUfiq\KovcUfiq.dat"
    HKU\S-1-5-21-673182880-2845566908-216800050-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Svc2dll] => C:\Users\Johnson\AppData\Local\svcxdcl32.exe
    HKU\S-1-5-21-673182880-2845566908-216800050-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [{F8818772-351F-CC75-1AE6-8B087C83B1A0}] => C:\Users\Johnson\AppData\Roaming\Siuvhy\gyza.exe
    HKU\S-1-5-21-673182880-2845566908-216800050-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Winlogon: [Shell] C:\Windows\eHome\McrMgr.exe [343552 2009-07-13] (Microsoft Corporation) <==== ATTENTION
    C:\Users\Johnson\AppData\Roaming\Ywtaci
    C:\Users\Johnson\AppData\Local\Microsoft\Xmauiib.dll
    C:\ProgramData\FivunIzijt
    C:\ProgramData\QojzoDzaxa
    C:\Users\Johnson\AppData\Local\movziuz.dll
    C:\ProgramData\KovcUfiq
    C:\Users\Johnson\AppData\Local\svcxdcl32.exe
    C:\Users\Johnson\AppData\Roaming\Siuvhy
    C:\Users\Johnson\AppData\Local\Microsoft\Xmauiib.dll
    C:\ProgramData\FivunIzijt
    C:\ProgramData\QojzoDzaxa
    C:\Users\Johnson\AppData\Roaming\Ixmuho
    C:\Users\Johnson\AppData\Roaming\Acfie
    C:\ProgramData\RemyAmna
    C:\ProgramData\KovcUfiq
    C:\Users\Johnson\AppData\Roaming\Emynx
    C:\ProgramData\QojzoDzaxa
    CustomCLSID: HKU\S-1-5-21-673182880-2845566908-216800050-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32 -> rundll32.exe javascript:"\..\mshtml,RunHTMLApplication ";eval("epdvnfou/xsjuf)(=tdsjqu!mbohvbhf>ktds (the data entry has 247 more characters). <==== Poweliks?
    CMD: ipconfig /flushdns
    Hosts:
    EmptyTemp:
    End
    *****************

    Processes closed successfully.
    HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Nyrekiigf => Value not found.
    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\Nyrekiigf => Value not found.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKLM => Group Policy Restriction on software restored successfully.
    HKU\S-1-5-21-673182880-2845566908-216800050-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Xmauiib => Value not found.
    HKU\S-1-5-21-673182880-2845566908-216800050-1000\Software\Microsoft\Windows\CurrentVersion\Run\\FivunIzijt => Value not found.
    HKU\S-1-5-21-673182880-2845566908-216800050-1000\Software\Microsoft\Windows\CurrentVersion\Run\\QojzoDzaxa => Value not found.
    HKU\S-1-5-21-673182880-2845566908-216800050-1000\Software\Microsoft\Windows\CurrentVersion\Run\\movziuz => Value not found.
    HKU\S-1-5-21-673182880-2845566908-216800050-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Nyrekiigf => Value not found.
    HKU\S-1-5-21-673182880-2845566908-216800050-1000\Software\Microsoft\Windows\CurrentVersion\Run\\KovcUfiq => Value not found.
    HKU\S-1-5-21-673182880-2845566908-216800050-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Svc2dll => Value not found.
    HKU\S-1-5-21-673182880-2845566908-216800050-1000\Software\Microsoft\Windows\CurrentVersion\Run\\{F8818772-351F-CC75-1AE6-8B087C83B1A0} => Value not found.
    "HKU\S-1-5-21-673182880-2845566908-216800050-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}\localserver32" => Key not found.
    "HKU\S-1-5-21-673182880-2845566908-216800050-1000\Software\Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key not found.
    HKU\S-1-5-21-673182880-2845566908-216800050-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run\\Xmauiib => Value not found.
    "C:\Users\Johnson\AppData\Local\Microsoft\Xmauiib.dll" => File/Directory not found.
    HKU\S-1-5-21-673182880-2845566908-216800050-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run\\FivunIzijt => Value not found.
    HKU\S-1-5-21-673182880-2845566908-216800050-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run\\QojzoDzaxa => Value not found.
    HKU\S-1-5-21-673182880-2845566908-216800050-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run\\movziuz => Value not found.
    HKU\S-1-5-21-673182880-2845566908-216800050-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run\\Nyrekiigf => Value not found.
    HKU\S-1-5-21-673182880-2845566908-216800050-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run\\KovcUfiq => Value not found.
    HKU\S-1-5-21-673182880-2845566908-216800050-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run\\Svc2dll => Value not found.
    HKU\S-1-5-21-673182880-2845566908-216800050-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows\CurrentVersion\Run\\{F8818772-351F-CC75-1AE6-8B087C83B1A0} => Value not found.
    HKU\S-1-5-21-673182880-2845566908-216800050-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value not found.
    "C:\Users\Johnson\AppData\Roaming\Ywtaci" => File/Directory not found.
    "C:\Users\Johnson\AppData\Local\Microsoft\Xmauiib.dll" => File/Directory not found.
    "C:\ProgramData\FivunIzijt" => File/Directory not found.
    "C:\ProgramData\QojzoDzaxa" => File/Directory not found.
    "C:\Users\Johnson\AppData\Local\movziuz.dll" => File/Directory not found.
    "C:\ProgramData\KovcUfiq" => File/Directory not found.
    "C:\Users\Johnson\AppData\Local\svcxdcl32.exe" => File/Directory not found.
    "C:\Users\Johnson\AppData\Roaming\Siuvhy" => File/Directory not found.
    "C:\Users\Johnson\AppData\Local\Microsoft\Xmauiib.dll" => File/Directory not found.
    "C:\ProgramData\FivunIzijt" => File/Directory not found.
    "C:\ProgramData\QojzoDzaxa" => File/Directory not found.
    "C:\Users\Johnson\AppData\Roaming\Ixmuho" => File/Directory not found.
    "C:\Users\Johnson\AppData\Roaming\Acfie" => File/Directory not found.
    "C:\ProgramData\RemyAmna" => File/Directory not found.
    "C:\ProgramData\KovcUfiq" => File/Directory not found.
    "C:\Users\Johnson\AppData\Roaming\Emynx" => File/Directory not found.
    "C:\ProgramData\QojzoDzaxa" => File/Directory not found.
    "HKU\S-1-5-21-673182880-2845566908-216800050-1000_Classes\CLSID\{AB8902B4-09CA-4bb6-B78D-A8F59079A8D5}" => Key not found.

    =========  ipconfig /flushdns =========

    Windows IP Configuration

    Successfully flushed the DNS Resolver Cache.

    ========= End of CMD: =========

    C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
    Hosts was reset successfully.
    EmptyTemp: => Removed 1.1 GB temporary data.

    The system needed a reboot.

    ==== End of Fixlog ====



    #12 djmsu

    djmsu
    • Topic Starter

    • Members
    • 10 posts
    • OFFLINE
    •  
    • Local time:06:32 PM

    Posted 05 November 2014 - 04:08 PM

    ComboFix 14-10-29.01 - Johnson 11/05/2014  13:48:40.1.2 - x64
    Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.3070.1665 [GMT -7:00]
    Running from: c:\users\Johnson\Desktop\ComboFix.exe
    SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    (((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    c:\windows\msdownld.tmp
    c:\windows\SwSys1.bmp
    c:\windows\SwSys2.bmp
    .
    .
    (((((((((((((((((((((((((   Files Created from 2014-10-05 to 2014-11-05  )))))))))))))))))))))))))))))))
    .
    .
    2014-11-05 20:54 . 2014-11-05 20:54 -------- d-----w- c:\users\Mcx1-JOHNSON-PC\AppData\Local\temp
    2014-11-05 20:54 . 2014-11-05 20:54 -------- d-----w- c:\users\Default\AppData\Local\temp
    2014-11-05 03:08 . 2014-11-05 20:50 75888 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FCB7E4EA-BEAE-4DE2-8310-DB356B849620}\offreg.dll
    2014-11-04 23:46 . 2014-10-14 19:59 11627712 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FCB7E4EA-BEAE-4DE2-8310-DB356B849620}\mpengine.dll
    2014-11-04 02:34 . 2014-11-05 20:40 129752 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
    2014-11-04 02:34 . 2014-11-04 02:34 -------- d-----w- c:\program files (x86)\Malwarebytes Anti-Malware
    2014-11-04 02:34 . 2014-10-01 18:11 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
    2014-11-04 02:34 . 2014-10-01 18:11 93400 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
    2014-11-04 02:34 . 2014-10-01 18:11 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
    2014-11-04 01:48 . 2014-11-04 01:48 -------- d-----w- c:\windows\ERUNT
    2014-10-28 01:18 . 2014-10-28 01:18 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
    2014-10-28 01:18 . 2014-10-28 01:18 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
    2014-10-28 01:18 . 2014-10-28 01:18 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
    2014-10-28 01:18 . 2014-10-28 01:18 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
    2014-10-28 01:18 . 2014-10-28 01:18 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
    2014-10-28 01:17 . 2014-10-28 01:18 -------- d-----w- c:\program files (x86)\QuickTime
    2014-10-28 01:14 . 2012-10-03 22:14 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
    2014-10-28 01:13 . 2014-10-28 01:13 -------- d-----w- c:\program files\iPod
    2014-10-28 01:13 . 2014-10-28 01:14 -------- d-----w- c:\programdata\E1864A66-75E3-486a-BD95-D1B7D99A84A7
    2014-10-28 01:13 . 2014-10-28 01:14 -------- d-----w- c:\program files\iTunes
    2014-10-28 01:09 . 2014-10-28 01:09 -------- d-----w- c:\program files\Bonjour
    2014-10-28 01:09 . 2014-10-28 01:09 -------- d-----w- c:\program files (x86)\Bonjour
    2014-10-27 05:16 . 2014-11-05 20:34 -------- d-----w- C:\FRST
    2014-10-27 05:16 . 2014-10-27 05:20 -------- d-----w- C:\EEK
    2014-10-27 03:11 . 2014-10-27 03:11 -------- d-----w- c:\programdata\Kaspersky Lab
    2014-10-27 03:06 . 2014-10-27 11:27 458336 ----a-w- c:\windows\system32\drivers\53197599.sys
    2014-10-25 06:45 . 2014-11-03 06:39 -------- d-----w- c:\program files (x86)\McAfee
    2014-10-25 06:45 . 2014-11-03 06:39 -------- d-----w- c:\program files (x86)\Common Files\McAfee
    2014-10-23 05:42 . 2014-10-23 05:42 -------- d-----w- c:\program files (x86)\Common Files\Java
    2014-10-21 22:55 . 2013-11-23 18:26 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
    2014-10-21 22:55 . 2013-11-23 17:47 465920 ----a-w- c:\windows\system32\WMPhoto.dll
    2014-10-21 22:55 . 2014-06-24 03:29 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
    2014-10-21 22:55 . 2014-06-24 02:59 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
    2014-10-21 22:55 . 2014-09-19 01:18 940032 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
    2014-10-21 22:55 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
    2014-10-21 22:55 . 2013-11-22 22:48 3928064 ----a-w- c:\windows\system32\d2d1.dll
    2014-10-21 22:54 . 2014-02-04 02:32 1424384 ----a-w- c:\windows\system32\WindowsCodecs.dll
    2014-10-21 22:54 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
    2014-10-21 06:24 . 2014-10-21 06:24 -------- d-sh--w- c:\users\Johnson\AppData\Local\EmieUserList
    2014-10-21 06:24 . 2014-10-21 06:24 -------- d-sh--w- c:\users\Johnson\AppData\Local\EmieSiteList
    2014-10-21 05:47 . 2014-10-21 05:47 -------- d-----w- c:\windows\Migration
    2014-10-21 05:45 . 2013-10-14 22:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
    2014-10-21 05:43 . 2014-10-21 05:43 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
    2014-10-21 05:41 . 2014-10-21 05:41 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
    2014-10-21 05:37 . 2014-11-03 08:45 -------- d-----w- c:\users\UpdatusUser
    2014-10-21 05:37 . 2014-11-05 20:39 -------- d-----w- c:\programdata\NVIDIA
    2014-10-21 05:36 . 2014-10-21 05:37 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
    2014-10-21 05:36 . 2013-10-23 08:20 6669600 ----a-w- c:\windows\system32\nvcpl.dll
    2014-10-21 05:36 . 2013-10-23 08:20 3489568 ----a-w- c:\windows\system32\nvsvc64.dll
    2014-10-21 05:36 . 2013-10-23 08:20 922912 ----a-w- c:\windows\system32\nvvsvc.exe
    2014-10-21 05:36 . 2013-10-23 08:20 63776 ----a-w- c:\windows\system32\nvshext.dll
    2014-10-21 05:36 . 2013-10-23 08:20 2559776 ----a-w- c:\windows\system32\nvsvcr.dll
    2014-10-21 05:36 . 2013-10-23 08:20 219424 ----a-w- c:\windows\system32\nvmctray.dll
    2014-10-21 05:35 . 2013-12-18 18:43 61216 ----a-w- c:\windows\system32\OpenCL.dll
    2014-10-21 05:35 . 2013-12-18 18:43 53024 ----a-w- c:\windows\SysWow64\OpenCL.dll
    2014-10-21 05:35 . 2014-10-21 05:37 -------- d-----w- c:\programdata\NVIDIA Corporation
    2014-10-21 05:34 . 2014-10-21 05:37 -------- d-----w- c:\program files\NVIDIA Corporation
    2014-10-21 05:29 . 2014-10-11 12:53 800368 ----a-w- c:\program files (x86)\Mozilla Firefox\icuuc52.dll
    2014-10-21 05:29 . 2014-10-11 12:53 1023600 ----a-w- c:\program files (x86)\Mozilla Firefox\icuin52.dll
    2014-10-21 05:29 . 2014-10-11 12:52 10397296 ----a-w- c:\program files (x86)\Mozilla Firefox\icudt52.dll
    2014-10-21 05:29 . 2014-10-11 12:52 4952176 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
    2014-10-21 05:29 . 2014-10-11 12:52 331376 ----a-w- c:\program files (x86)\Mozilla Firefox\freebl3.dll
    2014-10-21 05:29 . 2014-10-11 12:52 275568 ----a-w- c:\program files (x86)\Mozilla Firefox\firefox.exe
    2014-10-21 05:29 . 2014-10-11 12:52 115312 ----a-w- c:\program files (x86)\Mozilla Firefox\crashreporter.exe
    2014-10-21 05:29 . 2014-10-11 12:52 74864 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
    2014-10-21 05:29 . 2014-10-11 12:52 20080 ----a-w- c:\program files (x86)\Mozilla Firefox\AccessibleMarshal.dll
    2014-10-21 05:29 . 2013-08-03 05:55 3231832 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dcompiler_46.dll
    2014-10-21 05:29 . 2010-05-26 18:41 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
    2014-10-21 05:28 . 2014-10-21 05:31 -------- d-----w- c:\users\Johnson\AppData\Local\ElevatedDiagnostics
    2014-10-20 14:33 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDYAK.DLL
    2014-10-20 14:33 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDTAT.DLL
    2014-10-20 14:33 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDRU1.DLL
    2014-10-20 14:33 . 2014-07-09 02:03 6656 ----a-w- c:\windows\system32\KBDRU.DLL
    2014-10-20 14:33 . 2014-07-09 02:03 7168 ----a-w- c:\windows\system32\KBDBASH.DLL
    2014-10-20 14:33 . 2014-07-09 01:31 7168 ----a-w- c:\windows\SysWow64\KBDYAK.DLL
    2014-10-20 14:33 . 2014-07-09 01:31 6656 ----a-w- c:\windows\SysWow64\KBDBASH.DLL
    2014-10-20 14:33 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
    2014-10-20 14:33 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
    2014-10-17 07:36 . 2014-10-17 07:36 -------- d-s---w- c:\windows\system32\CompatTel
    2014-10-17 07:35 . 2013-05-10 04:30 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
    2014-10-17 07:35 . 2013-05-10 03:48 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
    2014-10-17 07:35 . 2013-05-10 05:56 12625920 ----a-w- c:\windows\system32\wmploc.DLL
    2014-10-17 07:35 . 2013-05-10 04:56 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
    2014-10-17 07:35 . 2013-05-10 05:56 14631424 ----a-w- c:\windows\system32\wmp.dll
    2014-10-17 07:20 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
    2014-10-17 07:10 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
    2014-10-17 07:10 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
    2014-10-17 07:10 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
    2014-10-17 07:10 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
    2014-10-17 07:10 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
    2014-10-17 07:10 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
    2014-10-17 07:10 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
    2014-10-17 05:30 . 2013-04-25 23:30 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
    2014-10-17 05:29 . 2014-09-18 02:00 3241472 ----a-w- c:\windows\system32\msi.dll
    2014-10-17 05:26 . 2014-10-17 05:26 -------- d-----w- c:\users\Johnson\AppData\Local\Programs
    2014-10-17 05:25 . 2014-10-23 03:20 -------- d-----w- c:\windows\system32\appmgmt
    2014-10-17 05:24 . 2013-08-28 01:12 461312 ----a-w- c:\windows\system32\scavengeui.dll
    2014-10-17 05:17 . 2014-10-17 05:21 -------- d-----w- c:\windows\system32\MRT
    2014-10-17 05:14 . 2014-03-09 21:48 171160 ----a-w- c:\windows\system32\infocardapi.dll
    2014-10-17 05:14 . 2014-03-09 21:47 99480 ----a-w- c:\windows\SysWow64\infocardapi.dll
    2014-10-17 05:14 . 2014-03-09 21:48 1389208 ----a-w- c:\windows\system32\icardagt.exe
    2014-10-17 05:14 . 2014-03-09 21:47 619672 ----a-w- c:\windows\SysWow64\icardagt.exe
    2014-10-17 05:14 . 2014-06-30 22:24 8856 ----a-w- c:\windows\system32\icardres.dll
    2014-10-17 05:14 . 2014-06-30 22:14 8856 ----a-w- c:\windows\SysWow64\icardres.dll
    2014-10-17 05:13 . 2014-06-06 06:16 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
    2014-10-17 05:13 . 2014-06-06 06:12 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
    2014-10-17 04:57 . 2014-10-17 04:57 -------- d-sh--w- c:\windows\BitLockerDiscoveryVolumeContents
    2014-10-17 04:57 . 2014-10-17 04:57 -------- d-----w- c:\windows\RemotePackages
    2014-10-17 03:32 . 2013-07-09 05:52 224256 ----a-w- c:\windows\system32\wintrust.dll
    2014-10-17 03:31 . 2014-06-18 22:23 73880 ----a-w- c:\windows\system32\mscories.dll
    2014-10-17 03:31 . 2014-06-18 22:23 1943696 ----a-w- c:\windows\system32\dfshim.dll
    2014-10-17 03:31 . 2014-06-18 22:23 156312 ----a-w- c:\windows\system32\mscorier.dll
    2014-10-17 03:31 . 2014-06-18 22:23 81560 ----a-w- c:\windows\SysWow64\mscories.dll
    2014-10-17 03:31 . 2014-06-18 22:23 156824 ----a-w- c:\windows\SysWow64\mscorier.dll
    2014-10-17 03:31 . 2014-06-18 22:23 1131664 ----a-w- c:\windows\SysWow64\dfshim.dll
    2014-10-17 03:28 . 2014-06-18 02:19 503296 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tiptsf.dll
    2014-10-17 03:28 . 2014-06-18 02:19 449024 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tabskb.dll
    2014-10-17 03:28 . 2014-06-18 02:19 1247232 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tipskins.dll
    2014-10-17 03:28 . 2014-06-18 02:19 110592 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TipBand.dll
    2014-10-17 03:28 . 2014-06-18 02:18 224768 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TabTip.exe
    2014-10-17 03:28 . 2014-06-18 02:18 692736 ----a-w- c:\windows\system32\osk.exe
    2014-10-17 03:28 . 2014-06-18 02:17 544768 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TipRes.dll
    2014-10-17 03:28 . 2014-06-18 01:52 348672 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\tiptsf.dll
    2014-10-17 03:28 . 2014-06-18 01:51 10240 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\TabTip32.exe
    2014-10-17 03:28 . 2014-06-18 01:51 646144 ----a-w- c:\windows\SysWow64\osk.exe
    .
    .
    ((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2014-10-28 13:34 . 2011-10-12 17:51 275080 ------w- c:\windows\system32\MpSigStub.exe
    2014-10-25 06:04 . 2012-04-01 19:40 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2014-10-25 06:04 . 2011-10-12 18:36 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2014-10-03 14:02 . 2011-10-12 22:48 103265616 ----a-w- c:\windows\system32\MRT.exe
    2014-10-02 20:23 . 2014-10-02 20:23 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
    2014-10-02 20:23 . 2014-10-02 20:23 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
    .
    .
    (((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-10-07 507776]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-10-15 157480]
    "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-10-02 421888]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 0 (0x0)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableLUA"= 0 (0x0)
    "EnableUIADesktopToggle"= 0 (0x0)
    "PromptOnSecureDesktop"= 0 (0x0)
    .
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
    R3 cleanhlp;cleanhlp;c:\eek\bin\cleanhlp64.sys;c:\eek\bin\cleanhlp64.sys [x]
    R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
    R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
    R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
    R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
    R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
    R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
    S0 53197599;53197599;c:\windows\system32\DRIVERS\53197599.sys;c:\windows\SYSNATIVE\DRIVERS\53197599.sys [x]
    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [x]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
    S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\McSACore.exe;c:\progra~2\mcafee\SITEAD~1\McSACore.exe [x]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
    S2 WINZIPSSDiskOptimizer;WINZIPSSDiskOptimizer;c:\program files (x86)\WinZip System Utilities Suite\WINZIPSSDefragSrv64.exe;c:\program files (x86)\WinZip System Utilities Suite\WINZIPSSDefragSrv64.exe [x]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
    S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\MBAMSwissArmy.sys;c:\windows\SYSNATIVE\drivers\MBAMSwissArmy.sys [x]
    S3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
    S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys;c:\windows\SYSNATIVE\DRIVERS\netw5v64.sys [x]
    .
    .
    --- Other Services/Drivers In Memory ---
    .
    *NewlyCreated* - MBAMSWISSARMY
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2014-11-05 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 06:04]
    .
    .
    --------- X64 Entries -----------
    .
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = https://www.google.com/?gws_rd=ssl
    mStart Page = about:blank
    mLocal Page = c:\windows\SysWOW64\blank.htm
    uInternet Settings,ProxyOverride = *.local
    Trusted Zone: bleepingcomputer.com\www
    Trusted Zone: malwarebytes.org\www
    TCP: DhcpNameServer = 75.75.75.75 75.75.76.76 192.168.1.1
    TCP: Interfaces\{5C8987BD-1B65-4C9A-A8F1-ECF6BA1E3A1D}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
    TCP: Interfaces\{AC203CCB-B401-4CFF-A6A5-9F92C1207351}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
    TCP: Interfaces\{D8DD7BDD-D214-4206-A31C-55D298A16A48}: NameServer = 8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8,8.8.8.8
    FF - ProfilePath - c:\users\Johnson\AppData\Roaming\Mozilla\Firefox\Profiles\vupvrxr4.default\
    FF - ExtSQL: 2014-10-16 23:05; newtabgoogle@graememcc.co.uk; c:\users\Johnson\AppData\Roaming\Mozilla\Firefox\Profiles\vupvrxr4.default\extensions\newtabgoogle@graememcc.co.uk.xpi
    .
    - - - - ORPHANS REMOVED - - - -
    .
    HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
    AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.15"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker6"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
    "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
       00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2014-11-05  14:00:45
    ComboFix-quarantined-files.txt  2014-11-05 21:00
    .
    Pre-Run: 193,912,475,648 bytes free
    Post-Run: 193,357,205,504 bytes free
    .
    - - End Of File - - BAB58412194B925C048661FCCE6C0A54
    5C616939100B85E558DA92B899A0FC36
     



    #13 ken545

    ken545

      Malware Response Team


    • Malware Response Team
    • 1,685 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:The Space Coast of Florida
    • Local time:09:32 PM

    Posted 05 November 2014 - 04:22 PM

    Good

     

    ESET Online Scanner
    I'd like us to scan your machine with ESET OnlineScan
     
    *Note
    It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
    Please don't go surfing while your resident protection is disabled!
    Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.
     
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
  • Click the esetOnline.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on esetSmartInstall.png to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the esetSmartInstallDesktopIcon.png icon on your desktop.
  • Check esetAcceptTerms.png
  • Click the esetStart.png button.
  • Accept any security warnings from your browser.
  • Check esetScanArchives.png
  • Make sure that the option "Remove found threats" is Unchecked
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin
  • scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop using a unique name, such as
  • ESETScan. Include the contents of this report in your next reply.
  • Push the esetBack.png button.
  • Push esetFinish.png
  • Please make sure you include the following items in your next post:
    The log that was produced after running ESET Online Scanner.

    mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days


    #14 djmsu

    djmsu
    • Topic Starter

    • Members
    • 10 posts
    • OFFLINE
    •  
    • Local time:06:32 PM

    Posted 05 November 2014 - 06:06 PM

    esetscan results

    Attached Files



    #15 ken545

    ken545

      Malware Response Team


    • Malware Response Team
    • 1,685 posts
    • OFFLINE
    •  
    • Gender:Male
    • Location:The Space Coast of Florida
    • Local time:09:32 PM

    Posted 05 November 2014 - 06:14 PM

    Good , how is everything running now ?


    mvp_host.pngConsumer Security 2007-2008-2009-2010-2011-2012-2013-2014



    donate.gif Please consider a donation to help me keep up my fight against malware.

     

    Just a reminder that threads will be closed if no response in 3 days





    0 user(s) are reading this topic

    0 members, 0 guests, 0 anonymous users