Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help with removal stubborn PUM.DNS virus


  • This topic is locked This topic is locked
18 replies to this topic

#1 Twch7

Twch7

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 31 October 2014 - 08:44 PM

Hi, I decided to do a scan on my laptop with Malwarebytes and it was trojan.agent.dad and so I removed this file permanently. I downloaded RogueKiller and ran a scan and it can up with a lot of PUM.Dns. I did some researching and seen that this is a virus. I have deleted many times through the Roguekiller but it keeps coming back when I scan it again. Can anybody help? Thanks.



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:57 AM

Posted 05 November 2014 - 08:45 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/554191 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Twch7

Twch7
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 08 November 2014 - 11:50 PM

I performed a scan with RogueKiller and a lot of PUM.Dns keeps showing up. My desktop keeps being modified randomly for example, my computer shortcut was added and my documents. My computer told me that there was high cpu usage from svchost.exe and that it was doing a disk scan? Since then my twitter account was hacked into and the password changed. I need help removing this virus. Thank you. I have scanned with Norton Antivirus, Malwarebytes as well and nothing comes up.

Here is the DDS log:

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 11.0.9600.17344  BrowserJavaVersion: 10.21.2
Run by Twch at 21:45:58 on 2014-11-08
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.5883.3364 [GMT -7:00]
.
AV: Norton Internet Security *Enabled/Updated* {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
SP: Norton Internet Security *Enabled/Updated* {631E4324-D31C-783F-EC5C-35AD42B18466}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security *Enabled* {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atibtmon.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\AllShareFrameworkManagerDMS.exe
C:\Program Files\Samsung\AllShare Play\AllShare Play Service.exe
C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\AllShareFrameworkDMS.exe
C:\Program Files\Samsung\AllShare Play\AllShare Play Service.exe
C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe
C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\rundll32.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Users\Twch\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\msiexec.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uSearch Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coieplg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\ips\ipsbho.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
BHO: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - <orphaned>
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned>
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100: {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coieplg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
uRun: [Spotify Web Helper] "C:\Users\Twch\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Microsoft Default Manager] "C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
mRun: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - 
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{B2412CAD-3A49-4672-99F8-F976A7636A08} : DHCPNameServer = 192.168.1.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coieplg.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - 
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden
x64-Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe
x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - 
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - 
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - 
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2010-5-14 73856]
R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2010-5-14 28800]
R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\NISx64\1506000.020\symds64.sys [2014-10-3 493656]
R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\NISx64\1506000.020\symefa64.sys [2014-10-3 1148120]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-10-29 49952]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20141030.001\BHDrvx64.sys [2014-11-3 1587416]
R1 ccSet_NIS;NIS Settings Manager;C:\Windows\System32\drivers\NISx64\1506000.020\ccsetx64.sys [2014-10-3 162392]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20141107.001\IDSviA64.sys [2014-11-7 633560]
R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\NISx64\1506000.020\ironx64.sys [2014-10-3 266968]
R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\NISx64\1506000.020\symnets.sys [2014-10-3 593112]
R2 AllShare Framework DMS;AllShare Framework DMS;C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\AllShareFrameworkManagerDMS.exe [2012-10-23 408184]
R2 AllShare Play Service;AllShare Play Service;C:\Program Files\Samsung\AllShare Play\AllShare Play Service.exe [2013-1-26 662600]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-12-15 203776]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2010-12-15 354304]
R2 AMD Reservation Manager;AMD Reservation Manager;C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-6-17 194496]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2013-4-22 822504]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2013-11-4 92160]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-7-21 103992]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-3-5 35200]
R2 NIS;Norton Internet Security;C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe [2014-10-3 276376]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2013-6-26 523944]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-5-11 46136]
R3 clwvd;CyberLink WebCam Virtual Driver;C:\Windows\System32\drivers\clwvd.sys [2010-12-10 31088]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2014-9-9 142640]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2011-5-11 1860672]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2011-5-11 333416]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-5-11 406632]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2013-6-26 767144]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2013-6-26 273576]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2013-6-26 28840]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2013-6-26 23208]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2013-6-26 207528]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-5-11 38528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-2-28 161384]
S3 DrvAgent64;DrvAgent64;C:\Windows\SysWOW64\drivers\DrvAgent64.SYS [2014-10-29 21712]
S3 FlyUsb;FLY Fusion;C:\Windows\System32\drivers\FlyUsb.sys [2008-5-13 24576]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-10-15 111616]
S3 InputFilter_Hid_FlexDef2b;Siliten HID Devices(FlexDef2b) Driver Service;C:\Windows\System32\drivers\InputFilter_FlexDef2b.sys [2010-6-19 17920]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-10-31 129752]
S3 netw5v64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;C:\Windows\System32\drivers\netw5v64.sys [2009-6-10 5434368]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 SWNC8UA3;Sierra Wireless MUX NDIS Driver (UMTSA3);C:\Windows\System32\drivers\swnc8ua3.sys [2009-8-12 280064]
S3 SWUMXA3;Sierra Wireless USB MUX Driver (UMTSA3);C:\Windows\System32\drivers\swumxa3.sys [2009-7-22 199552]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-11-22 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-11-22 1255736]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-6-10 389120]
.
=============== Created Last 30 ================
.
2014-11-01 01:27:58 -------- d-----w- C:\FRST
2014-10-31 23:30:02 34808 ----a-w- C:\Windows\System32\drivers\TrueSight.sys
2014-10-31 23:29:54 -------- d-----w- C:\ProgramData\RogueKiller
2014-10-31 17:23:48 129752 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-10-31 17:23:33 93400 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2014-10-31 17:23:33 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2014-10-31 17:23:33 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2014-10-31 17:23:32 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-30 23:01:19 -------- d-----w- C:\Users\Twch\AppData\Roaming\TuneUp Software
2014-10-30 23:01:19 -------- d-----w- C:\Users\Twch\AppData\Local\TuneUp Software
2014-10-30 22:58:33 -------- d-sh--w- C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-10-30 22:58:31 -------- d-----w- C:\ProgramData\TuneUp Software
2014-10-30 22:57:46 -------- d-----w- C:\Program Files\Common Files\VST2
2014-10-30 22:57:45 -------- d-----w- C:\Program Files\Common Files\Propellerhead Software
2014-10-30 22:57:44 -------- d-----w- C:\Program Files (x86)\Common Files\Propellerhead Software
2014-10-30 22:56:58 -------- d-----w- C:\Program Files\Image-Line
2014-10-30 22:56:50 78936 ----a-r- C:\Windows\System32\drivers\SymIMV.sys
2014-10-30 04:08:26 21712 ----a-w- C:\Windows\SysWow64\drivers\DrvAgent64.SYS
2014-10-30 03:44:42 -------- d-----w- C:\Users\Twch\AppData\Roaming\ScoreCloud
2014-10-22 01:36:42 -------- d-----w- C:\Users\Twch\AppData\Roaming\Advanced Chemistry Development
2014-10-17 01:52:58 -------- d-----w- C:\Program Files\iPod
2014-10-17 01:52:54 -------- d-----w- C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-10-17 01:52:54 -------- d-----w- C:\Program Files (x86)\iTunes
2014-10-16 03:46:32 -------- d-----w- C:\818babf85d98673615ab
2014-10-15 19:05:59 663552 ----a-w- C:\Windows\System32\drivers\PEAuth.sys
2014-10-15 19:03:50 3241472 ----a-w- C:\Windows\System32\msi.dll
.
==================== Find3M  ====================
.
2014-10-10 02:05:59 276480 ----a-w- C:\Windows\System32\generaltel.dll
2014-10-10 02:05:42 507392 ----a-w- C:\Windows\System32\aepdu.dll
2014-10-10 02:00:38 424448 ----a-w- C:\Windows\System32\aeinv.dll
2014-09-29 00:58:48 3198976 ----a-w- C:\Windows\System32\win32k.sys
2014-09-25 22:32:04 2017280 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2014-09-25 22:31:02 2108416 ----a-w- C:\Windows\System32\inetcpl.cpl
2014-09-25 02:08:38 371712 ----a-w- C:\Windows\System32\qdvd.dll
2014-09-25 01:40:50 519680 ----a-w- C:\Windows\SysWow64\qdvd.dll
2014-09-23 23:09:14 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-23 23:09:14 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-09-19 01:56:02 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2014-09-19 01:55:49 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2014-09-19 01:40:43 66048 ----a-w- C:\Windows\System32\iesetup.dll
2014-09-19 01:40:03 547328 ----a-w- C:\Windows\System32\vbscript.dll
2014-09-19 01:39:58 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2014-09-19 01:38:27 83968 ----a-w- C:\Windows\System32\MshtmlDac.dll
2014-09-19 01:36:57 5829632 ----a-w- C:\Windows\System32\jscript9.dll
2014-09-19 01:26:00 139264 ----a-w- C:\Windows\System32\ieUnatt.exe
2014-09-19 01:25:49 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe
2014-09-19 01:25:12 4201472 ----a-w- C:\Windows\SysWow64\jscript9.dll
2014-09-19 01:25:09 758272 ----a-w- C:\Windows\System32\jscript9diag.dll
2014-09-19 01:18:02 940032 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2014-09-19 01:14:57 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2014-09-19 01:06:47 72704 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-09-19 01:02:07 454656 ----a-w- C:\Windows\SysWow64\vbscript.dll
2014-09-19 01:01:47 61952 ----a-w- C:\Windows\SysWow64\iesetup.dll
2014-09-19 01:01:03 51200 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2014-09-19 00:59:40 61952 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2014-09-19 00:50:16 112128 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2014-09-19 00:49:31 597504 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2014-09-19 00:40:12 1249280 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2014-09-19 00:36:23 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-09-19 00:33:18 2309632 ----a-w- C:\Windows\System32\wininet.dll
2014-09-19 00:18:55 1068032 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2014-09-18 23:59:11 1810944 ----a-w- C:\Windows\SysWow64\wininet.dll
2014-09-18 01:32:52 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2014-09-13 01:58:18 77312 ----a-w- C:\Windows\System32\packager.dll
2014-09-13 01:40:05 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2014-09-09 22:11:04 2048 ----a-w- C:\Windows\System32\tzres.dll
2014-09-09 21:47:10 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2014-09-04 05:23:20 424448 ----a-w- C:\Windows\System32\rastls.dll
2014-09-04 05:04:15 372736 ----a-w- C:\Windows\SysWow64\rastls.dll
2014-08-26 02:20:22 876248 ----a-w- C:\Windows\System32\drivers\NISx64\1506000.020\srtsp64.sys
2014-08-26 02:20:22 37592 ----a-w- C:\Windows\System32\drivers\NISx64\1506000.020\srtspx64.sys
2014-08-23 02:07:00 404480 ----a-w- C:\Windows\System32\gdi32.dll
2014-08-23 01:45:55 311808 ----a-w- C:\Windows\SysWow64\gdi32.dll
2014-08-19 03:11:28 693176 ----a-w- C:\Windows\System32\winload.efi
2014-08-19 03:10:10 616352 ----a-w- C:\Windows\System32\winresume.efi
2014-08-19 03:08:04 503808 ----a-w- C:\Windows\System32\srcore.dll
2014-08-19 03:08:04 50176 ----a-w- C:\Windows\System32\srclient.dll
2014-08-19 03:08:03 63488 ----a-w- C:\Windows\System32\setbcdlocale.dll
2014-08-19 03:07:51 58880 ----a-w- C:\Windows\System32\appidapi.dll
2014-08-19 03:07:51 32256 ----a-w- C:\Windows\System32\appidsvc.dll
2014-08-19 03:07:33 296960 ----a-w- C:\Windows\System32\rstrui.exe
2014-08-19 03:07:11 17920 ----a-w- C:\Windows\System32\appidcertstorecheck.exe
2014-08-19 03:07:11 146944 ----a-w- C:\Windows\System32\appidpolicyconverter.exe
2014-08-19 02:41:39 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2014-08-19 02:41:22 50688 ----a-w- C:\Windows\SysWow64\appidapi.dll
2014-08-19 02:06:56 61440 ----a-w- C:\Windows\System32\drivers\appid.sys
.
============= FINISH: 21:47:37.79 ===============


#4 Twch7

Twch7
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 09 November 2014 - 12:29 AM

I removed the PUM.Dns files but they keep returning... I did another scan with RK:

 

RogueKiller V10.0.4.0 [Oct 29 2014] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Twch [Administrator]
Mode : Scan -- Date : 11/08/2014  22:26:43
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 8 ¤¤¤
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-735052286-2147399504-1280964394-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-735052286-2147399504-1280964394-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-735052286-2147399504-1280964394-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-735052286-2147399504-1280964394-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-735052286-2147399504-1280964394-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-735052286-2147399504-1280964394-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-735052286-2147399504-1280964394-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-735052286-2147399504-1280964394-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: Hitachi HTS547575A9E384 SATA Disk Device +++++
--- User ---
[MBR] f7f144709978dddccc7f8316ea698e52
[BSP] 734ada28caf28e87245c2357477cd006 : Windows Vista/7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 199 MB
1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 699265 MB
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1432504320 | Size: 15836 MB
3 - [XXXXXX] FAT32-LBA (0xc) [VISIBLE] Offset (sectors): 1464936448 | Size: 102 MB
User = LL1 ... OK
User != LL2 ... KO!
--- LL2 ---
[MBR] 26a9f055083a541132b0f264fee69524
[BSP] 734ada28caf28e87245c2357477cd006 : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 409600 | Size: 77824 MB
1 - [XXXXXX] FAT16 (0x6) [VISIBLE] Offset (sectors): 159793152 | Size: 4000 MB
2 - [ACTIVE] FAT16 (0x6) [VISIBLE] Offset (sectors): 167985152 | Size: 2000 MB
3 - [XXXXXX] FAT16 (0x6) [VISIBLE] Offset (sectors): 172081152 | Size: 20000 MB
 
 
============================================
RKreport_DEL_10312014_180331.log - RKreport_DEL_10312014_185615.log - RKreport_DEL_10312014_194500.log - RKreport_DEL_11072014_223528.log
RKreport_SCN_10312014_174451.log - RKreport_SCN_10312014_185313.log - RKreport_SCN_10312014_192233.log - RKreport_SCN_11072014_221105.log


#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,997 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:57 PM

Posted 09 November 2014 - 10:08 AM

Greetings Twch7 and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far, we are currently quite busy. While I review our situation please run the below for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop <<< Important
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Make sure the Addition.txt box is checked
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log
  • System Summary Information

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 Twch7

Twch7
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 09 November 2014 - 01:53 PM

FRST results:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-11-2014 01
Ran by Twch (administrator) on TWCH-HP on 09-11-2014 11:38:02
Running from C:\Users\Twch\Downloads
Loaded Profile: Twch (Available profiles: Twch)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Windows\System32\atibtmon.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\AllShareFrameworkManagerDMS.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\AllShare Play\AllShare Play Service.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\AllShareFrameworkDMS.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\AllShare Play\AllShare Play Service.exe
(Advanced Micro Devices) C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.25.5\GoogleCrashHandler64.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\nis.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
(Spotify Ltd) C:\Users\Twch\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Microsoft Corporation) C:\Windows\System32\msinfo32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\Twch\Downloads\frst64 (1).exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [524800 2010-12-01] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2480936 2010-12-16] (Synaptics Incorporated)
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-07-21] (Hewlett-Packard Company)
HKLM\...\Run: [Windows Mobile Device Center] => C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2010-12-15] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [439568 2010-05-10] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-10-21] (Hewlett-Packard)
HKU\S-1-5-21-735052286-2147399504-1280964394-1001\...\Run: [LightScribe Control Panel] => C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2736128 2010-11-22] (Hewlett-Packard Company)
HKU\S-1-5-21-735052286-2147399504-1280964394-1001\...\Run: [Spotify Web Helper] => C:\Users\Twch\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-06] (Spotify Ltd)
HKU\S-1-5-21-735052286-2147399504-1280964394-1001\...\MountPoints2: {93c0f843-08c8-11e1-b66c-78e3b54e5513} - F:\WIN\setup.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers: [00Zecter] -> {D25B32FE-CB96-491A-98FF-AD59DA382D69} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll (Versionate Inc.)
ShellIconOverlayIdentifiers: [01Zecter] -> {EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll (Versionate Inc.)
ShellIconOverlayIdentifiers: [02Zecter] -> {B3C78E40-6B64-47C3-AE34-60B770881EB8} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll (Versionate Inc.)
ShellIconOverlayIdentifiers: [03Zecter] -> {622AFE52-33F6-4D9F-9966-E0BC52D7D69D} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll (Versionate Inc.)
ShellIconOverlayIdentifiers: [04Zecter] -> {855156F0-2A0F-11DE-8C30-0800200C9A66} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll (Versionate Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://g.msn.com/HPCON/4
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON/4
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine64\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll No File
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: RealPlayer Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Search Helper -> {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} -> C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Bing Bar BHO -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - @C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll,-100 - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_152.dll ()
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.21.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpWinExt,version=5.0 -> C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\npwinext.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL No File
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=15.0.6.14 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprjplug;version=15.0.6.14 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpchromebrowserrecordext;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprphtml5videoshim;version=15.0.6.14 -> C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=15.0.6.14 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-735052286-2147399504-1280964394-1001: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Twch\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKU\S-1-5-21-735052286-2147399504-1280964394-1001: samsung.com/AllSharePlayPCPlugin -> C:\Program Files\Samsung\AllShare Play\utils\npAllSharePlayPCPlugin.dll (Samsung)
FF HKLM-x32\...\Firefox\Extensions: [msntoolbar@msn.com] - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox
FF Extension: Bing Bar - C:\Program Files (x86)\MSN Toolbar\Platform\6.0.2282.0\Firefox [2011-05-11]
FF HKLM-x32\...\Firefox\Extensions: [{27182e60-b5f3-411c-b545-b44205977502}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension
FF Extension: Search Helper Extension - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension [2011-05-11]
FF HKLM-x32\...\Firefox\Extensions: [{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}] - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension
FF Extension: Default Manager - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension [2011-05-11]
FF HKLM-x32\...\Firefox\Extensions: [{0153E448-190B-4987-BDE1-F256CADA672F}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012-09-17]
FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn [2014-11-09]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-09-08]
 
Chrome: 
=======
CHR HomePage: Default -> 
CHR Profile: C:\Users\Twch\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Mountains and Valleys) - C:\Users\Twch\AppData\Local\Google\Chrome\User Data\Default\Extensions\ahmkddoeinidjdkekkgcglfonmhhcgkf [2014-03-21]
CHR Extension: (Google Docs) - C:\Users\Twch\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-21]
CHR Extension: (Google Drive) - C:\Users\Twch\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-13]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Twch\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-22]
CHR Extension: (YouTube) - C:\Users\Twch\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-09-17]
CHR Extension: (Google Search) - C:\Users\Twch\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-09-17]
CHR Extension: (Norton Identity Safe) - C:\Users\Twch\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-08-24]
CHR Extension: (RealPlayer HTML5Video Downloader Extension) - C:\Users\Twch\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk [2012-09-17]
CHR Extension: (Google Wallet) - C:\Users\Twch\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-02]
CHR Extension: (Gmail) - C:\Users\Twch\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-09-17]
CHR HKLM-x32\...\Chrome\Extension: [jfmjfhklogoienhpfnppmbcbjfjnkonk] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Chrome\Ext\rphtml5video.crx [2012-09-17]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\AllShareFrameworkManagerDMS.exe [408184 2012-10-23] (Samsung)
R2 AllShare Play Service; C:\Program Files\Samsung\AllShare Play\AllShare Play Service.exe [662600 2013-01-24] (Copyright 2013 SAMSUNG)
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [354304 2010-12-15] (Advanced Micro Devices, Inc.) [File not signed]
R2 AMD Reservation Manager; C:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [194496 2010-06-17] (Advanced Micro Devices)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [92160 2013-11-04] (Hewlett-Packard Company) [File not signed]
R2 LightScribeService; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [73728 2010-11-22] (Hewlett-Packard Company) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\NIS.exe [276376 2014-09-21] (Symantec Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [49952 2014-03-20] (AVG Technologies)
R1 BHDrvx64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20141030.001\BHDrvx64.sys [1587416 2014-10-03] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1506000.020\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-29] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [142640 2014-09-09] (Symantec Corporation)
S3 FlyUsb; C:\Windows\System32\DRIVERS\FlyUsb.sys [24576 2008-05-13] (LeapFrog)
R1 IDSVia64; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20141107.001\IDSvia64.sys [633560 2014-09-01] (Symantec Corporation)
S3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys [17920 2010-06-19] (Siliten)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-04] (Malwarebytes Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20141108.003\ENG64.SYS [129752 2014-11-01] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20141108.003\EX64.SYS [2137304 2014-11-01] (Symantec Corporation)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R3 SRTSP; C:\Windows\System32\Drivers\NISx64\1506000.020\SRTSP64.SYS [876248 2014-08-25] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NISx64\1506000.020\SRTSPX64.SYS [37592 2014-08-25] (Symantec Corporation)
S3 SWMX00; C:\Windows\System32\DRIVERS\swmx00.sys [86528 2007-02-22] (Sierra Wireless Inc.) [File not signed]
S3 SWNC5E00; C:\Windows\System32\DRIVERS\SWNC5E00.sys [115712 2007-01-12] (Sierra Wireless Inc.) [File not signed]
S3 SWNC8UA3; C:\Windows\System32\DRIVERS\swnc8ua3.sys [280064 2009-08-12] (Sierra Wireless Inc.)
S3 SWUMXA3; C:\Windows\System32\DRIVERS\swumxa3.sys [199552 2009-07-22] (Sierra Wireless Inc.)
R0 SymDS; C:\Windows\System32\drivers\NISx64\1506000.020\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NISx64\1506000.020\SYMEFA64.SYS [1148120 2014-03-03] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-14] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [78936 2013-09-09] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NISx64\1506000.020\Ironx64.SYS [266968 2014-08-06] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1506000.020\SYMNETS.SYS [593112 2014-02-17] (Symantec Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-11-08] ()
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2008-11-11] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [27136 2008-11-11] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [33792 2008-11-11] (LG Electronics Inc.)
S3 btmaudio; system32\drivers\btmaud.sys [X]
S3 BTMCOM; System32\Drivers\btmcom.sys [X]
S3 swmsflt; system32\DRIVERS\swmsflt.sys [X]
S3 SWUMX20; system32\DRIVERS\swumx20.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-09 11:38 - 2014-11-09 11:38 - 00106928 _____ () C:\Users\Twch\Documents\Summary.zip
2014-11-09 11:37 - 2014-11-09 11:37 - 02116096 _____ (Farbar) C:\Users\Twch\Downloads\frst64 (1).exe
2014-11-09 11:36 - 2014-11-09 11:36 - 02957774 _____ () C:\Users\Twch\Documents\Summary.nfo
2014-11-08 21:43 - 2014-11-08 21:44 - 00688992 ____R (Swearware) C:\Users\Twch\Downloads\dds.com
2014-11-07 21:22 - 2014-11-07 21:26 - 14670424 _____ () C:\Users\Twch\Downloads\RogueKiller (2).exe
2014-11-05 14:13 - 2014-11-05 14:13 - 08832319 _____ () C:\Users\Twch\Documents\303 nv 5.wma
2014-11-05 11:03 - 2014-11-05 11:03 - 33558749 _____ () C:\Users\Twch\Documents\204 nov 5.wma
2014-11-02 13:58 - 2014-11-09 11:19 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForTwch.job
2014-11-02 09:59 - 2014-11-08 21:35 - 00003336 _____ () C:\Windows\System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-735052286-2147399504-1280964394-1001
2014-10-31 21:19 - 2014-10-31 21:19 - 00000861 _____ () C:\Windows\SysWOW64\InstallUtil.InstallLog
2014-10-31 19:16 - 2014-10-31 19:16 - 02347384 _____ (ESET) C:\Users\Twch\Downloads\esetsmartinstaller_enu.exe
2014-10-31 19:11 - 2014-10-31 19:11 - 01375089 _____ () C:\Users\Twch\Downloads\adwcleaner_3.311 (1).exe
2014-10-31 18:29 - 2014-10-31 18:29 - 00035682 _____ () C:\Users\Twch\Downloads\Addition.txt
2014-10-31 18:28 - 2014-11-09 11:38 - 00026773 _____ () C:\Users\Twch\Downloads\FRST.txt
2014-10-31 18:27 - 2014-11-09 11:38 - 00000000 ____D () C:\FRST
2014-10-31 18:27 - 2014-10-31 18:27 - 02113536 _____ (Farbar) C:\Users\Twch\Downloads\FRST64.exe
2014-10-31 17:48 - 2014-10-31 17:49 - 14670424 _____ () C:\Users\Twch\Downloads\RogueKiller (1).exe
2014-10-31 16:30 - 2014-11-08 22:21 - 00034808 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-10-31 16:29 - 2014-10-31 16:30 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-10-31 16:29 - 2014-10-31 16:29 - 14670424 _____ () C:\Users\Twch\Downloads\RogueKiller.exe
2014-10-31 16:24 - 2014-10-31 16:24 - 04184008 _____ (Kaspersky Lab ZAO) C:\Users\Twch\Downloads\tdsskiller.exe
2014-10-31 15:41 - 2014-10-31 15:41 - 00004840 _____ () C:\Users\Twch\Downloads\Remove Embedded Files.eal
2014-10-31 10:23 - 2014-11-04 16:00 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-10-31 10:23 - 2014-10-31 10:23 - 00001062 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-10-31 10:23 - 2014-10-31 10:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-10-31 10:23 - 2014-10-31 10:23 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-10-31 10:23 - 2014-10-01 10:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-10-31 10:23 - 2014-10-01 10:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-10-31 10:23 - 2014-10-01 10:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-10-31 10:20 - 2014-10-31 10:21 - 19828376 _____ (Malwarebytes Corporation ) C:\Users\Twch\Downloads\mbam-setup-2.0.3.1025.exe
2014-10-31 10:10 - 2014-10-31 10:11 - 01375089 _____ () C:\Users\Twch\Downloads\adwcleaner_3.311.exe
2014-10-31 09:34 - 2014-10-31 09:35 - 34281550 _____ () C:\Users\Twch\Downloads\torbrowser-install-4.0_en-US.exe
2014-10-30 16:01 - 2014-10-30 16:01 - 00000000 ____D () C:\Users\Twch\AppData\Roaming\TuneUp Software
2014-10-30 16:01 - 2014-10-30 16:01 - 00000000 ____D () C:\Users\Twch\AppData\Local\TuneUp Software
2014-10-30 15:58 - 2014-10-30 16:02 - 00000000 ____D () C:\ProgramData\TuneUp Software
2014-10-30 15:58 - 2014-10-30 15:58 - 00000000 __SHD () C:\ProgramData\{FE8D473A-6F06-4F99-B5F4-BED72B2A038C}
2014-10-30 15:57 - 2014-10-30 15:57 - 00000000 ____D () C:\Users\Twch\Documents\Image-Line
2014-10-30 15:57 - 2014-10-30 15:57 - 00000000 ____D () C:\Program Files\Common Files\VST2
2014-10-30 15:57 - 2014-10-30 15:57 - 00000000 ____D () C:\Program Files\Common Files\Propellerhead Software
2014-10-30 15:56 - 2014-10-30 15:57 - 00000000 ____D () C:\Users\Twch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2014-10-30 15:56 - 2014-10-30 15:56 - 00000000 ____D () C:\Program Files\Image-Line
2014-10-30 15:56 - 2013-09-09 19:47 - 00078936 ____R (Symantec Corporation) C:\Windows\system32\Drivers\SymIMV.sys
2014-10-30 15:41 - 2014-10-30 15:42 - 00000000 ____D () C:\Users\Twch\Downloads\FL Studio Producer Edition 11.1.1 (32-64 bit) (Reg R2R) [ChingLiu]
2014-10-30 15:40 - 2014-10-30 15:40 - 00015078 _____ () C:\Users\Twch\Downloads\Fl Studio 11.1.1 ProEdition.torrent
2014-10-30 15:39 - 2014-10-30 15:39 - 01689168 _____ (BitTorrent Inc.) C:\Users\Twch\Downloads\uTorrent (1).exe
2014-10-30 15:39 - 2014-10-30 15:39 - 00000829 _____ () C:\Users\Twch\AppData\Roaming\Microsoft\Windows\Start Menu\µTorrent.lnk
2014-10-30 15:37 - 2014-10-30 15:37 - 01689168 _____ (BitTorrent Inc.) C:\Users\Twch\Downloads\uTorrent.exe
2014-10-29 21:08 - 2014-10-29 21:08 - 00021712 _____ (Phoenix Technologies) C:\Windows\SysWOW64\Drivers\DrvAgent64.SYS
2014-10-29 21:07 - 2014-10-29 21:07 - 00974568 _____ (Copyright © 2013 eSupport.com, Inc • All Rights Reserved ) C:\Users\Twch\Downloads\driveragent-setup-794.exe
2014-10-29 20:44 - 2014-10-29 21:37 - 00000000 ____D () C:\Users\Twch\AppData\Roaming\ScoreCloud
2014-10-29 20:29 - 2014-10-29 20:42 - 162119288 _____ () C:\Users\Twch\Downloads\ScoreCloud-Win-312.exe
2014-10-29 17:58 - 2014-10-29 17:58 - 00003935 _____ () C:\Users\Twch\Downloads\ok.aup
2014-10-29 17:58 - 2014-10-29 17:58 - 00000000 ____D () C:\Users\Twch\Downloads\ok_data
2014-10-29 17:42 - 2014-10-29 17:42 - 00005526 _____ () C:\Users\Twch\Downloads\NoiseGate.zip
2014-10-24 04:52 - 2014-11-08 21:40 - 00003180 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForTwch
2014-10-21 18:46 - 2014-10-21 18:46 - 00000584 _____ () C:\Users\Twch\Documents\grstyles.stl
2014-10-21 18:40 - 2014-10-21 18:40 - 00000012 _____ () C:\Users\Twch\Documents\UserStl.sk
2014-10-21 18:38 - 2014-10-21 18:38 - 00001921 _____ () C:\Users\Twch\Documents\template.cfg
2014-10-21 18:38 - 2014-10-21 18:38 - 00000207 _____ () C:\Windows\SMMacro.INI
2014-10-21 18:36 - 2014-10-21 18:38 - 00000000 ____D () C:\Users\Twch\AppData\Roaming\Advanced Chemistry Development
2014-10-21 18:34 - 2014-10-21 18:35 - 89311689 _____ (Advanced Chemistry Development Inc.) C:\Users\Twch\Downloads\nmrproc_academia12.exe
2014-10-21 11:53 - 2014-10-21 11:53 - 01943208 _____ () C:\Users\Twch\Downloads\winrar-x64-52b2.exe
2014-10-21 11:53 - 2014-10-21 11:53 - 00000000 ____D () C:\Users\Twch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-10-21 11:53 - 2014-10-21 11:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-10-21 11:53 - 2014-10-21 11:53 - 00000000 ____D () C:\Program Files\WinRAR
2014-10-18 10:12 - 2014-10-18 10:12 - 41275995 _____ (CipSoft GmbH ) C:\Users\Twch\Downloads\tibia1059 (5).exe
2014-10-17 13:00 - 2014-10-17 13:00 - 00000000 ____D () C:\Users\Twch\Documents\Random not needed files
2014-10-16 18:53 - 2014-10-16 18:53 - 00001743 _____ () C:\Users\Public\Desktop\iTunes.lnk
2014-10-16 18:53 - 2014-10-16 18:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2014-10-16 18:52 - 2014-10-16 18:53 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2014-10-16 18:52 - 2014-10-16 18:53 - 00000000 ____D () C:\Program Files (x86)\iTunes
2014-10-16 18:52 - 2014-10-16 18:52 - 00000000 ____D () C:\Program Files\iPod
2014-10-16 13:29 - 2014-10-16 13:29 - 41275995 _____ (CipSoft GmbH ) C:\Users\Twch\Downloads\tibia1059 (4).exe
2014-10-16 13:25 - 2014-10-16 13:26 - 41275995 _____ (CipSoft GmbH ) C:\Users\Twch\Downloads\tibia1059 (3).exe
2014-10-16 13:22 - 2014-11-08 21:35 - 00003200 _____ () C:\Windows\System32\Tasks\RealUpgradeLogonTaskS-1-5-21-735052286-2147399504-1280964394-1001
2014-10-15 20:46 - 2014-10-15 20:46 - 00000000 ____D () C:\818babf85d98673615ab
2014-10-15 12:06 - 2014-09-28 17:58 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-10-15 12:06 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-10-15 12:06 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-10-15 12:06 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-10-15 12:06 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-10-15 12:06 - 2014-07-08 19:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-10-15 12:06 - 2014-07-08 18:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-10-15 12:06 - 2014-07-08 18:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-10-15 12:06 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-10-15 12:06 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-10-15 12:06 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-10-15 12:06 - 2014-07-08 15:38 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-10-15 12:06 - 2014-07-08 15:30 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-10-15 12:06 - 2014-07-06 19:07 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2014-10-15 12:06 - 2014-07-06 19:07 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2014-10-15 12:06 - 2014-07-06 19:06 - 04120576 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-10-15 12:06 - 2014-07-06 19:06 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2014-10-15 12:06 - 2014-07-06 19:06 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2014-10-15 12:06 - 2014-07-06 19:06 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-10-15 12:06 - 2014-07-06 19:06 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2014-10-15 12:06 - 2014-07-06 18:40 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2014-10-15 12:06 - 2014-07-06 18:40 - 03208704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-10-15 12:06 - 2014-07-06 18:40 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2014-10-15 12:06 - 2014-07-06 18:40 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2014-10-15 12:06 - 2014-07-06 18:40 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2014-10-15 12:06 - 2014-06-18 15:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-10-15 12:06 - 2014-06-18 15:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-10-15 12:06 - 2014-06-18 15:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-10-15 12:06 - 2014-06-18 15:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-10-15 12:06 - 2014-06-18 15:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-10-15 12:06 - 2014-06-18 15:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-10-15 12:05 - 2014-10-09 19:05 - 00507392 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-10-15 12:05 - 2014-10-09 19:05 - 00276480 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-10-15 12:05 - 2014-10-09 19:00 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-10-15 12:05 - 2014-10-06 19:54 - 00378552 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-10-15 12:05 - 2014-10-06 19:04 - 00331448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-10-15 12:05 - 2014-09-25 15:50 - 13619200 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-10-15 12:05 - 2014-09-25 15:46 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-10-15 12:05 - 2014-09-25 15:46 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-10-15 12:05 - 2014-09-25 15:46 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-10-15 12:05 - 2014-09-25 15:43 - 11807232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-10-15 12:05 - 2014-09-25 15:32 - 02017280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-10-15 12:05 - 2014-09-25 15:31 - 02108416 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-10-15 12:05 - 2014-09-18 19:25 - 23631360 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-10-15 12:05 - 2014-09-18 18:56 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-10-15 12:05 - 2014-09-18 18:55 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-10-15 12:05 - 2014-09-18 18:44 - 17484800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-10-15 12:05 - 2014-09-18 18:41 - 02796032 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-10-15 12:05 - 2014-09-18 18:40 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-10-15 12:05 - 2014-09-18 18:40 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-10-15 12:05 - 2014-09-18 18:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-10-15 12:05 - 2014-09-18 18:38 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-10-15 12:05 - 2014-09-18 18:36 - 05829632 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-10-15 12:05 - 2014-09-18 18:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-10-15 12:05 - 2014-09-18 18:30 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-10-15 12:05 - 2014-09-18 18:27 - 00595968 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-10-15 12:05 - 2014-09-18 18:26 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-10-15 12:05 - 2014-09-18 18:25 - 04201472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-10-15 12:05 - 2014-09-18 18:25 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-10-15 12:05 - 2014-09-18 18:25 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-10-15 12:05 - 2014-09-18 18:18 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-10-15 12:05 - 2014-09-18 18:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-10-15 12:05 - 2014-09-18 18:14 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-10-15 12:05 - 2014-09-18 18:06 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-10-15 12:05 - 2014-09-18 18:02 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-10-15 12:05 - 2014-09-18 18:01 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-10-15 12:05 - 2014-09-18 18:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-10-15 12:05 - 2014-09-18 18:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-10-15 12:05 - 2014-09-18 18:00 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-10-15 12:05 - 2014-09-18 17:59 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-10-15 12:05 - 2014-09-18 17:58 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-10-15 12:05 - 2014-09-18 17:55 - 02187264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-10-15 12:05 - 2014-09-18 17:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-10-15 12:05 - 2014-09-18 17:53 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-10-15 12:05 - 2014-09-18 17:51 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-10-15 12:05 - 2014-09-18 17:50 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-10-15 12:05 - 2014-09-18 17:49 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-10-15 12:05 - 2014-09-18 17:42 - 00731136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-10-15 12:05 - 2014-09-18 17:42 - 00710656 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-10-15 12:05 - 2014-09-18 17:40 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-10-15 12:05 - 2014-09-18 17:36 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-10-15 12:05 - 2014-09-18 17:33 - 02309632 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-10-15 12:05 - 2014-09-18 17:32 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-10-15 12:05 - 2014-09-18 17:20 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-10-15 12:05 - 2014-09-18 17:18 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-10-15 12:05 - 2014-09-18 17:14 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-10-15 12:05 - 2014-09-18 16:59 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-10-15 12:05 - 2014-09-18 16:59 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-10-15 12:05 - 2014-09-18 16:53 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-10-15 12:05 - 2014-09-18 16:52 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-10-15 12:05 - 2014-08-18 20:11 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2014-10-15 12:05 - 2014-08-18 20:10 - 00616352 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2014-10-15 12:05 - 2014-08-18 20:08 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2014-10-15 12:05 - 2014-08-18 20:08 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2014-10-15 12:05 - 2014-08-18 20:08 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2014-10-15 12:05 - 2014-08-18 20:07 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2014-10-15 12:05 - 2014-08-18 20:07 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2014-10-15 12:05 - 2014-08-18 20:07 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2014-10-15 12:05 - 2014-08-18 20:07 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2014-10-15 12:05 - 2014-08-18 20:07 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2014-10-15 12:05 - 2014-08-18 19:41 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2014-10-15 12:05 - 2014-08-18 19:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2014-10-15 12:05 - 2014-08-18 19:06 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2014-10-15 12:05 - 2014-07-06 19:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-10-15 12:05 - 2014-07-06 19:06 - 05551032 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-10-15 12:05 - 2014-07-06 19:06 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-10-15 12:05 - 2014-07-06 19:06 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-10-15 12:05 - 2014-07-06 19:06 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2014-10-15 12:05 - 2014-07-06 19:06 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-10-15 12:05 - 2014-07-06 19:06 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2014-10-15 12:05 - 2014-07-06 19:06 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2014-10-15 12:05 - 2014-07-06 19:06 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-10-15 12:05 - 2014-07-06 19:06 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2014-10-15 12:05 - 2014-07-06 19:06 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2014-10-15 12:05 - 2014-07-06 19:06 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-10-15 12:05 - 2014-07-06 19:06 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-10-15 12:05 - 2014-07-06 19:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-10-15 12:05 - 2014-07-06 19:06 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2014-10-15 12:05 - 2014-07-06 19:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-10-15 12:05 - 2014-07-06 19:06 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2014-10-15 12:05 - 2014-07-06 19:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-10-15 12:05 - 2014-07-06 19:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-10-15 12:05 - 2014-07-06 19:06 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2014-10-15 12:05 - 2014-07-06 19:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2014-10-15 12:05 - 2014-07-06 19:06 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2014-10-15 12:05 - 2014-07-06 19:05 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2014-10-15 12:05 - 2014-07-06 19:05 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-10-15 12:05 - 2014-07-06 19:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-10-15 12:05 - 2014-07-06 18:52 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2014-10-15 12:05 - 2014-07-06 18:40 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-10-15 12:05 - 2014-07-06 18:40 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-10-15 12:05 - 2014-07-06 18:40 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2014-10-15 12:05 - 2014-07-06 18:40 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2014-10-15 12:05 - 2014-07-06 18:40 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2014-10-15 12:05 - 2014-07-06 18:40 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-10-15 12:05 - 2014-07-06 18:40 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2014-10-15 12:05 - 2014-07-06 18:40 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-10-15 12:05 - 2014-07-06 18:40 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2014-10-15 12:05 - 2014-07-06 18:40 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2014-10-15 12:05 - 2014-07-06 18:40 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-10-15 12:05 - 2014-07-06 18:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-10-15 12:05 - 2014-07-06 18:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-10-15 12:05 - 2014-07-06 18:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-10-15 12:05 - 2014-07-06 18:40 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2014-10-15 12:05 - 2014-07-06 18:40 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2014-10-15 12:05 - 2014-07-06 18:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2014-10-15 12:05 - 2014-07-06 18:40 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2014-10-15 12:05 - 2014-07-06 18:39 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2014-10-15 12:05 - 2014-07-06 18:39 - 03970488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-10-15 12:05 - 2014-07-06 18:39 - 03914680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-10-15 12:05 - 2014-07-06 18:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-10-15 12:05 - 2014-07-06 18:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-10-15 12:05 - 2014-07-06 18:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-10-15 12:05 - 2014-06-27 17:21 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2014-10-15 12:05 - 2014-06-27 17:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2014-10-15 12:05 - 2014-06-27 17:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2014-10-15 12:03 - 2014-09-17 19:00 - 03241472 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-10-15 12:03 - 2014-09-17 18:32 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-10-15 12:03 - 2014-09-12 18:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-10-15 12:03 - 2014-09-12 18:40 - 00067072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-10-15 12:03 - 2014-09-03 22:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-10-15 12:03 - 2014-09-03 22:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-10-15 12:03 - 2014-07-16 19:07 - 03722240 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-10-15 12:03 - 2014-07-16 19:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-10-15 12:03 - 2014-07-16 19:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-10-15 12:03 - 2014-07-16 19:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-10-15 12:03 - 2014-07-16 19:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-10-15 12:03 - 2014-07-16 19:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-10-15 12:03 - 2014-07-16 19:07 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-10-15 12:03 - 2014-07-16 19:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-10-15 12:03 - 2014-07-16 18:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-10-15 12:03 - 2014-07-16 18:39 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-10-15 12:03 - 2014-07-16 18:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-10-15 12:03 - 2014-07-16 18:39 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-10-15 12:03 - 2014-07-16 18:39 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-10-15 12:03 - 2014-07-16 18:39 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-10-15 12:03 - 2014-07-16 18:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-10-15 12:03 - 2014-07-16 18:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-10-13 13:06 - 2014-10-13 13:07 - 41275995 _____ (CipSoft GmbH ) C:\Users\Twch\Downloads\tibia1059 (2).exe
2014-10-12 07:49 - 2014-10-19 08:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tibia
2014-10-12 07:48 - 2014-10-12 07:50 - 41275995 _____ (CipSoft GmbH ) C:\Users\Twch\Downloads\tibia1059 (1).exe
2014-10-12 07:46 - 2014-10-12 07:48 - 41275995 _____ (CipSoft GmbH ) C:\Users\Twch\Downloads\tibia1059.exe
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-09 11:33 - 2011-05-11 10:48 - 01282617 _____ () C:\Windows\WindowsUpdate.log
2014-11-09 11:28 - 2009-07-13 21:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-09 11:28 - 2009-07-13 21:45 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-09 11:26 - 2009-07-13 22:13 - 00783400 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-09 11:20 - 2012-09-17 20:26 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-09 11:19 - 2014-01-03 18:56 - 00023576 _____ () C:\Windows\setupact.log
2014-11-09 11:19 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-08 23:19 - 2012-09-13 19:21 - 00000000 ____D () C:\ProgramData\Skype
2014-11-08 23:09 - 2012-11-18 21:39 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-08 22:45 - 2012-09-17 20:26 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-07 13:18 - 2013-05-07 16:41 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-735052286-2147399504-1280964394-1001UA.job
2014-11-06 17:46 - 2013-05-07 16:41 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-735052286-2147399504-1280964394-1001Core.job
2014-11-06 12:15 - 2014-09-26 14:57 - 00000000 ____D () C:\Users\Twch\AppData\Roaming\Spotify
2014-11-06 11:51 - 2014-09-26 15:08 - 00000000 ____D () C:\Users\Twch\AppData\Local\Spotify
2014-11-04 15:55 - 2013-01-12 20:11 - 00000000 ____D () C:\Users\Twch\AppData\Local\NPE
2014-11-03 13:26 - 2012-10-27 21:20 - 00000000 ____D () C:\Users\Twch\AppData\Roaming\Audacity
2014-11-02 19:52 - 2012-01-09 19:26 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-11-02 19:52 - 2011-11-21 08:44 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-10-31 19:12 - 2014-03-21 15:24 - 00000000 ____D () C:\AdwCleaner
2014-10-31 17:21 - 2011-06-29 02:07 - 00000000 ____D () C:\Users\Twch
2014-10-31 17:09 - 2013-06-21 17:20 - 00155832 _____ () C:\Windows\PFRO.log
2014-10-31 12:35 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\Branding
2014-10-31 05:16 - 2011-07-03 14:25 - 00000000 ____D () C:\Program Files (x86)\Microsoft Application Virtualization Client
2014-10-29 21:38 - 2012-02-08 20:24 - 00000000 ____D () C:\Users\Twch\AppData\Local\CrashDumps
2014-10-29 21:18 - 2009-07-13 21:45 - 00463712 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-10-29 20:44 - 2011-06-29 02:14 - 00118320 _____ () C:\Users\Twch\AppData\Local\GDIPFONTCACHEV1.DAT
2014-10-20 10:32 - 2014-10-03 06:50 - 00000000 ____D () C:\Users\Twch\Documents\University of Alberta
2014-10-20 08:40 - 2012-09-17 20:26 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-10-20 08:40 - 2012-09-17 20:26 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-10-20 06:48 - 2009-07-13 22:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-10-18 17:07 - 2011-11-27 15:25 - 00000000 ____D () C:\Users\Twch\AppData\Local\Windows Live Writer
2014-10-18 13:25 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\rescache
2014-10-16 18:53 - 2011-08-21 16:43 - 00000000 ____D () C:\Program Files\iTunes
2014-10-16 18:52 - 2014-09-11 18:52 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2014-10-16 18:52 - 2012-09-10 13:34 - 00000000 ____D () C:\Program Files\Common Files\Apple
2014-10-16 10:17 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-10-16 10:16 - 2014-04-29 23:26 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-10-16 10:16 - 2009-07-13 20:20 - 00000000 ____D () C:\Windows\system32\Dism
2014-10-16 07:17 - 2012-12-16 19:34 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-10-16 07:07 - 2009-07-13 20:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-10-15 20:46 - 2013-08-18 21:35 - 00000000 ____D () C:\Windows\system32\MRT
2014-10-15 20:46 - 2013-02-16 22:04 - 103265616 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-10-10 14:56 - 2012-09-08 18:21 - 00000000 ____D () C:\AllShare Play
2014-10-10 10:07 - 2012-09-13 19:21 - 00000000 ____D () C:\Users\Twch\AppData\Roaming\Skype
 
Some content of TEMP:
====================
C:\Users\Twch\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Twch\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Twch\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Twch\AppData\Local\Temp\lwtemp_TWCH-HP_4932141z6tz1B.dll
C:\Users\Twch\AppData\Local\Temp\Quarantine.exe
C:\Users\Twch\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Twch\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Twch\AppData\Local\Temp\sp64126.exe
C:\Users\Twch\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\Twch\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Twch\AppData\Local\Temp\uttDD33.tmp.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-10-31 04:56
 
==================== End Of Log ============================
 
Addition results:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-11-2014 01
Ran by Twch at 2014-11-09 11:39:49
Running from C:\Users\Twch\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton Internet Security (Enabled - Up to date) {D87FA2C0-F526-77B1-D6EC-0EDF3936CEDB}
AS: Norton Internet Security (Enabled - Up to date) {631E4324-D31C-783F-EC5C-35AD42B18466}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Norton Internet Security (Enabled) {E04423E5-BF49-76E9-FDB3-A7EAC7E589A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
ACD/Labs Software in C:\ACDFREE12\ (HKLM-x32\...\ACDLabs in C__ACDFREE12_) (Version: v12.00, FREE - ACD/Labs)
Adobe Digital Editions 2.0 (HKLM-x32\...\Adobe Digital Editions 2.0) (Version: 2.0 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.167 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.152 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.09) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.09 - Adobe Systems Incorporated)
Adobe Shockwave Player 11.5 (HKLM-x32\...\{3B834B54-EC4B-48E2-BFC6-03FF5DA06F62}) (Version: 11.5.8.612 - Adobe Systems, Inc)
AllShare Framework DMS (HKLM\...\{1ABC9BD2-7E06-4D70-929B-AC1B6461A8B2}) (Version: 1.3.06 - Samsung)
AllShare Play 1.5.0.1301241209 (HKLM\...\8474-7877-9059-0204) (Version: 1.5.0.1301241209 - Copyright 2013 SAMSUNG)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASIO4ALL (HKLM-x32\...\ASIO4ALL) (Version: 2.11 Beta2 - Michael Tippach)
ATI Catalyst Install Manager (HKLM\...\{16563676-2243-041A-DC00-5F0A34FA17F2}) (Version: 3.0.804.0 - ATI Technologies, Inc.)
Audacity 2.0.4 (HKLM-x32\...\Audacity_is1) (Version: 2.0.4 - Audacity Team)
Avogadro (HKLM-x32\...\Avogadro) (Version: 1.1.0 - Humanity)
Bing Bar (HKLM-x32\...\{08234a0d-cf39-4dca-99f0-0c5cb496da81}) (Version: 6.0.2282.0 - Microsoft Corporation)
Bing Bar Platform (x32 Version: 6.0.2282.0 - Microsoft Corporation) Hidden
Blio (HKLM-x32\...\{504CC891-B140-4E1B-860B-5E4C1DFBA9E3}) (Version: 2.0.5350 - K-NFB Reading Technology, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
ccc-core-static (x32 Version: 2010.1215.1159.21448 - ATI) Hidden
Copy (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
CyberLink DVD Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 7.0.3525 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.2.1.3609 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DDXL Student (HKLM-x32\...\DDXL Student) (Version:  - )
Destinations (x32 Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
DJ_AIO_05_F4400_Software_Min (x32 Version: 140.0.690.000 - Hewlett-Packard) Hidden
DriverAgent by eSupport.com (HKLM-x32\...\DriverAgent_is1) (Version:  - Copyright © 2013 eSupport.com, Inc • All Rights Reserved)
Energy Star Digital Logo (HKLM-x32\...\{BD1A34C9-4764-4F79-AE1F-112F8C89D3D4}) (Version: 1.0.1 - Hewlett-Packard)
ESU for Microsoft Windows 7 (HKLM-x32\...\{3877C901-7B90-4727-A639-B6ED2DD59D43}) (Version: 1.0.0 - Hewlett-Packard)
F4400 (x32 Version: 140.0.696.000 - Hewlett-Packard) Hidden
Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
FL Studio 11 (HKLM-x32\...\FL Studio 11) (Version:  - Image-Line)
FLY World (HKLM-x32\...\FLY World) (Version: 1.4.4.5064 - Leapfrog)
FLY World (x32 Version: 1.4.4.5064 - Leapfrog) Hidden
Free PDF To PPT Converter (HKLM-x32\...\{F0712F9D-4B28-4AED-9AA5-BEE9B0B533D5}) (Version: 1.0.0 - freepdftool)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 38.0.2125.111 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP CloudDrive (HKLM-x32\...\ZumoDrive) (Version:  - Zecter Inc.)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Deskjet F4400 Printer Driver Software 14.0 Rel. 5 (HKLM\...\{A800FCC9-8E1E-4D84-9CED-47870701FDE1}) (Version: 14.0 - HP)
HP Documentation (HKLM-x32\...\{53CD60C7-12F9-420D-A9BF-EC8D815475A9}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Games (HKLM-x32\...\WildTangent hp Master Uninstall) (Version: 1.0.1.5 - WildTangent)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP On Screen Display (HKLM-x32\...\{ED1BD69A-07E3-418C-91F1-D856582581BF}) (Version: 1.3.5 - Hewlett-Packard Company)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Power Manager (HKLM-x32\...\{E44578C7-4667-4124-8BC2-1161BCA54978}) (Version: 1.4.4 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{53B17A98-5BF0-40BC-AAFF-850A357975AC}) (Version: 2.7.2 - Hewlett-Packard Company)
HP Setup (HKLM-x32\...\{802C068E-0576-4F25-8137-D54B7DB0FC5E}) (Version: 8.4.4487.3576 - Hewlett-Packard Company)
HP Setup Manager (HKLM-x32\...\{AE856388-AFAD-4753-81DF-D96B19D0A17C}) (Version: 1.0.12845.3522 - Hewlett-Packard Company)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Software Framework (HKLM-x32\...\{962CB079-85E6-405F-8704-1C62365AE46F}) (Version: 4.5.10.1 - Hewlett-Packard Company)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Assistant (HKLM-x32\...\{E35A3B13-78CD-4967-8AC8-AA9FDA693EDE}) (Version: 7.4.45.4 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HP Wireless Assistant (HKLM\...\{13DCC2C7-454D-42F0-A892-E0E9A5DE4E67}) (Version: 4.0.10.0 - Hewlett-Packard Company)
HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.211.000 - Hewlett-Packard) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6315.0 - IDT)
IL Download Manager (HKLM-x32\...\IL Download Manager) (Version:  - Image-Line)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 7 Update 21 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217021FF}) (Version: 7.0.210 - Oracle)
Java™ 6 Update 22 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416022FF}) (Version: 6.0.220 - Oracle)
Junk Mail filter update (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
K-Lite Codec Pack 8.4.0 (Basic) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 8.4.0 - )
LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3429 - CyberLink Corp.)
LabelPrint (x32 Version: 2.5.3429 - CyberLink Corp.) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LG USB Modem driver (HKLM-x32\...\{C3ABE126-2BB2-4246-BFE1-6797679B3579}) (Version:  - )
LightScribe System Software (HKLM-x32\...\{FD7F0DB8-0E96-4D64-AD4D-9B5A936AF2A8}) (Version: 1.18.20.1 - LightScribe)
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office Basic Edition 2003 (HKLM-x32\...\{91130409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-735052286-2147399504-1280964394-1001\...\SkyDriveSetup.exe) (Version: 17.0.2003.1112 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Neuro-Programmer 3.2.3 (HKLM-x32\...\Neuro-Programmer 3_is1) (Version:  - Transparent Corporation)
Norton Internet Security (HKLM-x32\...\NIS) (Version: 21.6.0.32 - Symantec Corporation)
OpenOffice 4.0.1 (HKLM-x32\...\{47F460DA-D1BE-4D85-8DF2-AA1F31D3445F}) (Version: 4.01.9714 - Apache Software Foundation)
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
PictureMover (HKLM-x32\...\{264FE20A-757B-492a-B0C3-4009E2997D8A}) (Version: 3.5.0.35 - Hewlett-Packard Company)
Pixillion Image Converter (HKLM-x32\...\Pixillion) (Version: 2.59 - NCH Software)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.4725 - CyberLink Corp.)
Power2Go (x32 Version: 6.1.4725 - CyberLink Corp.) Hidden
Ralink RT5390 802.11b/g/n WiFi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 3.2.13.0 - Ralink)
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 15.0) (Version: 15.0.6 - RealNetworks)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.31.1025.2010 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.1.7600.72 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recovery Manager (x32 Version: 1.0.22 - Hewlett-Packard) Hidden
Scan (x32 Version: 140.0.80.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skype™ 6.3 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.3.105 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.213.000 - Hewlett-Packard) Hidden
Spotify (HKU\S-1-5-21-735052286-2147399504-1280964394-1001\...\Spotify) (Version: 0.9.14.13.gba5645ad - Spotify AB)
Status (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.4.4 - Synaptics Incorporated)
Tibia (HKLM-x32\...\Tibia_is1) (Version: 10.59 - CipSoft GmbH)
Toolbox (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
WebReg (x32 Version: 140.0.212.017 - Hewlett-Packard) Hidden
Windows Driver Package - LeapFrog (FlyUsb) USB  (06/15/2007 1.0.0.6) (HKLM\...\8F1A19F8168CB0908127999D4F53773EAF35C31E) (Version: 06/15/2007 1.0.0.6 - LeapFrog)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Media Player Firefox Plugin (HKLM-x32\...\{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}) (Version: 1.0.0.8 - Microsoft Corp)
Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
WinRAR 5.20 beta 2 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.20.2 - win.rar GmbH)
WMV9/VC-1 Video Playback (Version: 1.00.0000 - ATI Technologies Inc.) Hidden
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-735052286-2147399504-1280964394-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Twch\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-735052286-2147399504-1280964394-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Twch\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-735052286-2147399504-1280964394-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Twch\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-735052286-2147399504-1280964394-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Twch\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-735052286-2147399504-1280964394-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Twch\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Restore Points  =========================
 
01-11-2014 07:30:21 Windows Update
02-11-2014 01:06:38 Windows Update
02-11-2014 18:01:50 Windows Update
03-11-2014 04:35:36 Windows Update
04-11-2014 03:57:41 Windows Update
05-11-2014 04:37:23 Windows Update
06-11-2014 05:35:40 Windows Update
07-11-2014 04:15:09 Windows Update
09-11-2014 04:40:35 Windows Update
09-11-2014 06:19:18 Windows Update
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {056AD888-7145-4328-ADB1-32E125CAF4CD} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe
Task: {11A4EF7E-04F8-4A6C-A89F-2794B9BA04F0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\Update Check => C:\ProgramData\Hewlett-Packard\HP Support Framework\Resources\Updater7\HPSFUpdater.exe [2014-05-12] (Hewlett-Packard Company)
Task: {22BB0109-530D-4140-914C-0F885B2DB92D} - System32\Tasks\{63339731-373C-4495-BF05-0D52B169D4A1} => Chrome.exe http://ui.skype.com/ui/0/6.6.0.106/en/abandoninstall?page=tsProgressBar
Task: {2416F5F4-206E-467C-BE0B-9497878EA47D} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {2C93F73E-D571-49C4-978A-211CB97E08BE} - System32\Tasks\{F0AC57F0-D6E8-4940-B8C3-69C19D0661F6} => Chrome.exe http://ui.skype.com/ui/0/6.5.0.158/en/go/help.faq.installer?LastError=1603
Task: {31B56BA8-D43B-4312-83B6-A0F8D1D58184} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-735052286-2147399504-1280964394-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)
Task: {340A716B-173D-4531-9C44-50DF7B18F4B0} - System32\Tasks\HPCeeScheduleForTwch => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2011-07-15] (Hewlett-Packard)
Task: {56098489-582D-4FEF-83A9-6688C7DA4CF9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-10] (Google Inc.)
Task: {56ABF094-6CD0-4834-B84E-C290E15EF9DE} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-735052286-2147399504-1280964394-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2012-07-27] (RealNetworks, Inc.)
Task: {6820A4F9-7445-453F-BE38-640F3DE820CF} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {7E050D09-0692-4CE6-BA73-D8317DE9944B} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\WSCStub.exe [2014-09-21] (Symantec Corporation)
Task: {7F99F9C1-852C-48B3-A76F-D2D78CCC11BD} - System32\Tasks\{9C0DD6A3-CC48-4FF6-A156-219AF13B763E} => Chrome.exe http://ui.skype.com/ui/0/6.5.0.158/en/go/help.faq.installer?LastError=1603
Task: {88868C89-DC10-49A6-933A-8151882F4870} - System32\Tasks\{F94E253C-4C7D-43C6-BE18-A1B0D9CC363B} => Chrome.exe http://ui.skype.com/ui/0/6.5.0.158/en/go/help.faq.installer?LastError=1603
Task: {8EF2BDA9-2C85-4B5D-B3E0-8EE05A93EB97} - System32\Tasks\NCH Software\PixillionDowngrade => C:\Program Files (x86)\NCH Software\Pixillion\pixillion.exe
Task: {9E2CA502-CBFA-4DCF-B0B3-781163557073} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-03-10] (Google Inc.)
Task: {A74A9DB9-BC07-418B-8102-16479C9EB68E} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-735052286-2147399504-1280964394-1001Core => C:\Users\Twch\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-05-07] (Facebook Inc.)
Task: {A8DA1AF8-4ACC-434A-9654-9F8B74E5A215} - System32\Tasks\ServicePlan => C:\Program Files (x86)\Hewlett-Packard\HP Setup\RemEngine.exe [2010-11-17] ()
Task: {A98A3033-B3EC-442C-B0B7-629F6AF56B67} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-23] (Adobe Systems Incorporated)
Task: {AF014DAF-E49C-4247-9D8F-E77C63E5D7E1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2013-11-04] (Hewlett-Packard Company)
Task: {B09E5AF1-29A0-4ACD-84F7-8A8B157913F2} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {BB9F73D3-41C8-426B-845E-3B0DF985C1CF} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-735052286-2147399504-1280964394-1001UA => C:\Users\Twch\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-05-07] (Facebook Inc.)
Task: {CB0FCBC7-2DF2-4F32-B667-735A305ACF03} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2010-12-10] (CyberLink)
Task: {D06FA83C-F172-4CBF-AA82-8BD9C64B36C2} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\21.6.0.32\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-735052286-2147399504-1280964394-1001Core.job => C:\Users\Twch\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-735052286-2147399504-1280964394-1001UA.job => C:\Users\Twch\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\HPCeeScheduleForTwch.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
 
==================== Loaded Modules (whitelisted) =============
 
2010-12-15 12:08 - 2010-12-15 12:08 - 00079872 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Services.dll
2010-12-15 12:08 - 2010-12-15 12:08 - 00073728 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2010-12-15 12:09 - 2010-12-15 12:09 - 00101888 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2010-12-15 11:57 - 2010-12-15 11:57 - 00243712 _____ () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
2010-11-26 11:15 - 2010-11-26 11:15 - 00016384 ____R () C:\Program Files (x86)\ATI Technologies\ATI.ACE\Branding\Branding.dll
2010-07-21 15:33 - 2010-07-21 15:33 - 00267832 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPCommon.XmlSerializers.dll
2010-07-21 15:33 - 2010-07-21 15:33 - 00030264 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_LogicLayer.dll
2010-07-21 15:33 - 2010-07-21 15:33 - 00052280 _____ () C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HardwareAccess.dll
2012-10-22 16:55 - 2012-10-22 16:55 - 01113600 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\DMSManager.dll
2012-10-05 17:27 - 2012-10-05 17:27 - 00704000 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\ContentDirectoryPresenter.dll
2012-08-21 19:06 - 2012-08-21 19:06 - 00107008 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\DCMCDP.dll
2012-08-21 19:06 - 2012-08-21 19:06 - 00101376 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\FolderCDP.dll
2012-08-14 11:42 - 2012-08-14 11:42 - 00077312 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\MetadataFramework.dll
2012-08-14 11:13 - 2012-08-14 11:13 - 00520234 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\sqlite3.dll
2012-08-14 11:13 - 2012-08-14 11:13 - 00450560 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\MoodExtractor.dll
2012-08-14 11:43 - 2012-08-14 11:43 - 05717504 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\DCMImgExtractor.dll
2012-08-14 11:42 - 2012-08-14 11:42 - 00028672 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\AutoChaptering.dll
2012-08-14 11:42 - 2012-08-14 11:42 - 00147456 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\libexpat.dll
2012-08-14 11:42 - 2012-08-14 11:42 - 00012288 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\VideoThumb.dll
2012-08-14 11:43 - 2012-08-14 11:43 - 04671488 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\avcodec-52.dll
2012-08-14 11:42 - 2012-08-14 11:42 - 00070656 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\avutil-50.dll
2012-08-14 11:42 - 2012-08-14 11:42 - 00686080 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\avformat-52.dll
2012-08-14 11:43 - 2012-08-14 11:43 - 00152064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\swscale-0.dll
2012-08-14 11:42 - 2012-08-14 11:42 - 00028160 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\AudioExtractor.dll
2012-08-14 11:42 - 2012-08-14 11:42 - 00063488 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\ID3Driver.dll
2012-08-14 11:42 - 2012-08-14 11:42 - 00366592 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\tag.dll
2012-08-14 11:42 - 2012-08-14 11:42 - 00289792 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\libThumbnail.dll
2012-08-14 11:42 - 2012-08-14 11:42 - 00023040 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\RichInfoDriver.dll
2012-08-14 11:42 - 2012-08-14 11:42 - 00017920 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\VideoExtractor.dll
2012-10-22 16:55 - 2012-10-22 16:55 - 00117248 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\ThumbnailMaker.dll
2012-10-22 16:55 - 2012-10-22 16:55 - 01033216 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\ImageMagickWrapper.dll
2012-08-14 11:42 - 2012-08-14 11:42 - 00133120 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\VideoMetadataDriver.dll
2012-08-14 11:42 - 2012-08-14 11:42 - 00290816 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\libKeyFrame.dll
2012-08-14 11:42 - 2012-08-14 11:42 - 00024064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\SECMetaDriver.dll
2012-08-14 11:42 - 2012-08-14 11:42 - 00012288 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\ImageExtractor.dll
2012-08-14 11:42 - 2012-08-14 11:42 - 00024064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\photoDriver.dll
2012-08-14 11:43 - 2012-08-14 11:43 - 00399826 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\libexif-12.dll.dll
2012-08-14 11:42 - 2012-08-14 11:42 - 00013824 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\TextExtractor.dll
2012-08-14 11:42 - 2012-08-14 11:42 - 00032768 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\Autobackup.dll
2012-08-14 11:42 - 2012-08-14 11:42 - 00055808 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\RosettaAllShare.dll
2012-08-21 11:25 - 2012-08-21 11:25 - 00227840 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\boost_serialization-vc90-mt-1_47.dll
2012-08-21 11:26 - 2012-08-21 11:26 - 00038912 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\boost_date_time-vc90-mt-1_47.dll
2012-08-21 11:25 - 2012-08-21 11:25 - 00012800 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\boost_system-vc90-mt-1_47.dll
2012-08-21 11:26 - 2012-08-21 11:26 - 00046592 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\boost_thread-vc90-mt-1_47.dll
2012-08-14 11:42 - 2012-08-14 11:42 - 00044032 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.06\us.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 12:05 - 2014-10-11 12:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-11-22 14:00 - 2010-11-22 14:00 - 02121728 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
2010-11-22 14:00 - 2010-11-22 14:00 - 07745536 _____ () C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
2010-11-22 14:00 - 2010-11-22 14:00 - 00135168 _____ () C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
2014-10-27 14:47 - 2014-10-21 21:04 - 01042760 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libglesv2.dll
2014-10-27 14:47 - 2014-10-21 21:04 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\libegl.dll
2014-10-27 14:47 - 2014-10-21 21:04 - 08910664 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\pdf.dll
2014-10-27 14:47 - 2014-10-21 21:04 - 01681224 _____ () C:\Program Files (x86)\Google\Chrome\Application\38.0.2125.111\ffmpegsumo.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\ProgramData\Temp:157E1AD3
AlternateDataStreams: C:\Users\Twch\Downloads\Volunteering Question.eml:OECustomProperty
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish PictureMover.lnk => C:\Windows\pss\Snapfish PictureMover.lnk.CommonStartup
MSCONFIG\startupreg: AllShare Play => C:\Program Files\Samsung\AllShare Play\utils\AllShare Play Launcher.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: Facebook Update => "C:\Users\Twch\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: FlyMonitor => "C:\Program Files (x86)\Leapfrog\FlyWorld\bin\FlyMonitor.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: msnmsgr => "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify => "C:\Users\Twch\AppData\Roaming\Spotify\spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Twch\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe" -osboot
MSCONFIG\startupreg: TRUUpdater => "C:\Program Files (x86)\Sierra Wireless Inc\WebUpdater\TRUUpdater.exe" /bkground
MSCONFIG\startupreg: uTorrent => "C:\Users\Twch\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: WatcherHelper => "C:\Program Files (x86)\Sierra Wireless Inc\3G Watcher\WaHelper.exe"
MSCONFIG\startupreg: Zune Launcher => "C:\Program Files\Zune\ZuneLauncher.exe"
 
========================= Accounts: ==========================
 
Administrator (S-1-5-21-735052286-2147399504-1280964394-500 - Administrator - Disabled)
Guest (S-1-5-21-735052286-2147399504-1280964394-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-735052286-2147399504-1280964394-1003 - Limited - Enabled)
Twch (S-1-5-21-735052286-2147399504-1280964394-1001 - Administrator - Enabled) => C:\Users\Twch
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/09/2014 11:19:48 AM) (Source: AllShare Framework DMS) (EventID: 1) (User: )
Description: AllShare Framework DMSSvcInit started failed with 0
 
Error: (11/09/2014 11:19:48 AM) (Source: AllShare Framework DMS) (EventID: 1) (User: )
Description: AllShare Framework DMSSvcMain failed with 0
 
Error: (11/08/2014 11:19:54 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Skype™ 6.11 -- Error 1316. The specified account already exists.
 
Error: (11/08/2014 09:46:03 PM) (Source: AllShare Framework DMS) (EventID: 1) (User: )
Description: AllShare Framework DMSSvcCtrlHandler received  failed with 0
 
Error: (11/08/2014 09:42:10 PM) (Source: MsiInstaller) (EventID: 11316) (User: NT AUTHORITY)
Description: Product: Skype™ 6.11 -- Error 1316. The specified account already exists.
 
Error: (11/08/2014 09:35:44 PM) (Source: AllShare Framework DMS) (EventID: 1) (User: )
Description: AllShare Framework DMSSvcInit started failed with 0
 
Error: (11/08/2014 09:35:44 PM) (Source: AllShare Framework DMS) (EventID: 1) (User: )
Description: AllShare Framework DMSSvcMain failed with 0
 
Error: (11/07/2014 09:09:44 PM) (Source: AllShare Framework DMS) (EventID: 1) (User: )
Description: AllShare Framework DMSSvcInit started failed with 0
 
Error: (11/07/2014 09:09:44 PM) (Source: AllShare Framework DMS) (EventID: 1) (User: )
Description: AllShare Framework DMSSvcMain failed with 0
 
Error: (11/07/2014 09:01:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 685672
 
 
System errors:
=============
Error: (11/08/2014 11:19:55 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Skype for Windows desktop 6.11 (KB2876229).
 
Error: (11/08/2014 10:21:31 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\System32\drivers\TrueSight.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (11/08/2014 09:44:34 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Skype for Windows desktop 6.11 (KB2876229).
 
Error: (11/08/2014 09:41:39 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 70. The internal error state is 105.
 
Error: (11/07/2014 10:04:00 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\System32\drivers\TrueSight.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (11/06/2014 09:16:54 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Skype for Windows desktop 6.11 (KB2876229).
 
Error: (11/05/2014 10:37:13 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Skype for Windows desktop 6.11 (KB2876229).
 
Error: (11/05/2014 02:55:15 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the HPWMISVC service.
 
Error: (11/04/2014 09:40:06 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Skype for Windows desktop 6.11 (KB2876229).
 
Error: (11/04/2014 03:53:37 PM) (Source: Disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR1.
 
 
Microsoft Office Sessions:
=========================
 
CodeIntegrity Errors:
===================================
  Date: 2014-08-26 21:12:44.693
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-08-26 21:12:44.553
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-08-26 21:11:32.161
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-08-26 21:11:32.021
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-04-12 14:05:31.086
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2014-04-12 14:05:30.962
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: AMD Phenom™ II P960 Quad-Core Processor
Percentage of memory in use: 39%
Total physical RAM: 5882.9 MB
Available physical RAM: 3577.16 MB
Total Pagefile: 11763.98 MB
Available Pagefile: 8921.12 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:682.88 GB) (Free:599.65 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (RECOVERY) (Fixed) (Total:15.46 GB) (Free:1.91 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: F4B39D96)
Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=682.9 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=15.5 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=103 MB) - (Type=0C)
 
==================== End Of Log ============================
 
I couldn't figure out how to save the FRST tool to desktop. The FRST tool was blocked by my Norton Antivirus so I clicked on the pop-up window and restored it. Nice to meet you by the way, my name is Cody.
 

Edited by Twch7, 09 November 2014 - 02:05 PM.


#7 Twch7

Twch7
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 09 November 2014 - 01:59 PM

Ok I figured out how to attach the Summary.

Attached Files



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,997 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:57 PM

Posted 09 November 2014 - 03:32 PM

Greetings Cody,

Let's cut and paste the FRST program from your Downloads folder to your desktop. If we don't do that the below fix will not work.

Running from C:\Users\Twch\Downloads


Those PUM items are not malware related. RogueKiller automatically scans certain areas and reports on its findings. Those entries are normal and are related to whether or not you want to hide desktop items.

Please consider and do this.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have Bit Torrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall Bit Torrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKU\S-1-5-21-735052286-2147399504-1280964394-1001\...\MountPoints2: {93c0f843-08c8-11e1-b66c-78e3b54e5513} - F:\WIN\setup.exe
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL No File
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll No File
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
S3 btmaudio; system32\drivers\btmaud.sys [X]
S3 BTMCOM; System32\Drivers\btmcom.sys [X]
S3 swmsflt; system32\DRIVERS\swmsflt.sys [X]
S3 SWUMX20; system32\DRIVERS\swumx20.sys [X]
C:\Users\Twch\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Twch\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Twch\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Twch\AppData\Local\Temp\lwtemp_TWCH-HP_4932141z6tz1B.dll
C:\Users\Twch\AppData\Local\Temp\Quarantine.exe
C:\Users\Twch\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Twch\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Twch\AppData\Local\Temp\sp64126.exe
C:\Users\Twch\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\Twch\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Twch\AppData\Local\Temp\uttDD33.tmp.exe
AlternateDataStreams: C:\ProgramData\Temp:157E1AD3
AlternateDataStreams: C:\Users\Twch\Downloads\Volunteering Question.eml:OECustomProperty
File: C:\Users\Twch\Downloads\tibia1059 (5).exe
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Twch7

Twch7
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 09 November 2014 - 04:00 PM

Ok so here's what happened. I previously tried to delete the Utorrent program I went into my computer and deleted the folder from Program Files (x86) so for some reason it does not show up when I go to Control Panel>Add or Remove Programs. I cut and pasted the FRST.exe to my desktop and saved the fixlist.txt file to desktop as well. After I pressed fix on FRST a file was created on my desktop called FRST-OlderVersion. I did not receive a Fixlog.txt file. Thanks.



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,997 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:57 PM

Posted 09 November 2014 - 04:15 PM

Please download a new FRST and save it to your desktop. You can right click on the download link I provided and select Save Link As...  Rerun the fixlist and post the results


Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 Twch7

Twch7
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 09 November 2014 - 04:38 PM

Fixlog results:

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-11-2014 01
Ran by Twch at 2014-11-09 14:37:14 Run:1
Running from C:\Users\Twch\Desktop
Loaded Profile: Twch (Available profiles: Twch)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKU\S-1-5-21-735052286-2147399504-1280964394-1001\...\MountPoints2: {93c0f843-08c8-11e1-b66c-78e3b54e5513} - F:\WIN\setup.exe
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL No File
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL No File
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll No File
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO-x32: No Name -> {DBC80044-A445-435b-BC74-9C25C1C588A9} ->  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
S3 btmaudio; system32\drivers\btmaud.sys [X]
S3 BTMCOM; System32\Drivers\btmcom.sys [X]
S3 swmsflt; system32\DRIVERS\swmsflt.sys [X]
S3 SWUMX20; system32\DRIVERS\swumx20.sys [X]
C:\Users\Twch\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Twch\AppData\Local\Temp\DseShExt-x64.dll
C:\Users\Twch\AppData\Local\Temp\DseShExt-x86.dll
C:\Users\Twch\AppData\Local\Temp\lwtemp_TWCH-HP_4932141z6tz1B.dll
C:\Users\Twch\AppData\Local\Temp\Quarantine.exe
C:\Users\Twch\AppData\Local\Temp\SDShelEx-win32.dll
C:\Users\Twch\AppData\Local\Temp\SDShelEx-x64.dll
C:\Users\Twch\AppData\Local\Temp\sp64126.exe
C:\Users\Twch\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll
C:\Users\Twch\AppData\Local\Temp\UninstallHPSA.exe
C:\Users\Twch\AppData\Local\Temp\uttDD33.tmp.exe
AlternateDataStreams: C:\ProgramData\Temp:157E1AD3
AlternateDataStreams: C:\Users\Twch\Downloads\Volunteering Question.eml:OECustomProperty
File: C:\Users\Twch\Downloads\tibia1059 (5).exe
*****************
 
"HKU\S-1-5-21-735052286-2147399504-1280964394-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{93c0f843-08c8-11e1-b66c-78e3b54e5513}" => Key deleted successfully.
"HKCR\CLSID\{93c0f843-08c8-11e1-b66c-78e3b54e5513}" => Key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro1 (ErrorConflict)" => Key deleted successfully.
"HKCR\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}" => Key deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro2 (SyncInProgress)" => Key deleted successfully.
"HKCR\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}" => Key deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrivePro3 (InSync)" => Key deleted successfully.
"HKCR\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}" => Key deleted successfully.
"HKCR\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}" => Key deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
"HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => Key not found.
btmaudio => Service deleted successfully.
BTMCOM => Service deleted successfully.
swmsflt => Service deleted successfully.
SWUMX20 => Service deleted successfully.
C:\Users\Twch\AppData\Local\Temp\dllnt_dump.dll => Moved successfully.
C:\Users\Twch\AppData\Local\Temp\DseShExt-x64.dll => Moved successfully.
C:\Users\Twch\AppData\Local\Temp\DseShExt-x86.dll => Moved successfully.
C:\Users\Twch\AppData\Local\Temp\lwtemp_TWCH-HP_4932141z6tz1B.dll => Moved successfully.
C:\Users\Twch\AppData\Local\Temp\Quarantine.exe => Moved successfully.
C:\Users\Twch\AppData\Local\Temp\SDShelEx-win32.dll => Moved successfully.
C:\Users\Twch\AppData\Local\Temp\SDShelEx-x64.dll => Moved successfully.
C:\Users\Twch\AppData\Local\Temp\sp64126.exe => Moved successfully.
C:\Users\Twch\AppData\Local\Temp\sqlite-3.7.2-sqlitejdbc.dll => Moved successfully.
C:\Users\Twch\AppData\Local\Temp\UninstallHPSA.exe => Moved successfully.
C:\Users\Twch\AppData\Local\Temp\uttDD33.tmp.exe => Moved successfully.
C:\ProgramData\Temp => ":157E1AD3" ADS removed successfully.
C:\Users\Twch\Downloads\Volunteering Question.eml => ":OECustomProperty" ADS removed successfully.
 
========================= File: C:\Users\Twch\Downloads\tibia1059 (5).exe ========================
 
MD5: 
Creation and modification date: 2014-10-18 10:12 - 2014-10-18 10:12
Size: 41275995
Attributes: ----A
Company Name: CipSoft GmbH                                                
Internal Name: 
Original Name: 
Product Name: Tibia                                                       
Description: Tibia 1059                                                  
File Version: 10.59               
Product Version: 10.59                                             
Copyright: CipSoft GmbH                                                                                        
 
====== End Of File: ======
 
 
==== End of Fixlog ====


#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,997 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:57 PM

Posted 09 November 2014 - 04:44 PM

Very nice Cody, thanks.

Please do this.

===================================================

Emsisoft Emergency Kit Scan

--------------------
  • Download Emsisoft Emergency Kit and save it to your desktop.
  • Double click on the EmsisoftEmergencyKit.exe icon, click Run then Extract
  • Double click the Start Emsisoft Emergency Kit icon that will appear after extraction
  • Click Yes to update the program
  • Once the update is completed click the Back button
  • Click on 2. Scan (not Quick Scan or Smart Scan)
  • Click Yes to detect Potentially Unwanted Programs (PUPs)
  • Patiently wait for the thorough scan to complete, this can be a lengthy process
  • Once completed click Quarantine selected objects (if computer is clean you will not have this option) then click OK
  • Click View Report
  • Attach the report to your reply
  • Close the program then click Close
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double click the icon to launch the program
  • Click OK
  • Select Run Note: If you receive an error message attempt to run the program in Safe Mode
  • Press any key to start the program
  • Allow the program to run
  • A Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Emsisoft report (if applicable)
  • Security Check log
  • How is your computer running, any issues?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Twch7

Twch7
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 09 November 2014 - 09:28 PM

Emsisoft report:

 

Emsisoft Emergency Kit - Version 9.0
Last update: 11/9/2014 3:32:00 PM
User account: Twch-HP\Twch
 
Scan settings:
 
Scan type: Full Scan
Objects: Rootkits, Memory, Traces, C:\, D:\, Q:\
 
Detect PUPs: On
Scan archives: On
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
 
Scan start: 11/9/2014 3:32:47 PM
C:\Users\Twch\AppData\Local\cre detected: Application.AppInstall (A)
C:\Windows\couponprinter.ocx detected: Application.AdCoup (A)
 
Scanned 278479
Found 2
 
Scan end: 11/9/2014 7:00:43 PM
Scan time: 3:27:56
 
C:\Windows\couponprinter.ocx Quarantined Application.AdCoup (A)
C:\Users\Twch\AppData\Local\cre Quarantined Application.AppInstall (A)
 
Quarantined 2
 
Security Check Log:
 

 Results of screen317's Security Check version 0.99.89  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Norton Internet Security   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 7 Update 21  
 Java version out of Date! 
 Adobe Flash Player 15.0.0.152  
 Adobe Reader XI  
 Google Chrome 38.0.2125.104  
 Google Chrome 38.0.2125.111  
````````Process Check: objlist.exe by Laurent````````  
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C: 10% 
````````````````````End of Log`````````````````````` 
 
 
I had no issues and my computer seems to be running fine.


#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,997 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:09:57 PM

Posted 09 November 2014 - 09:57 PM

Thank you,

Nothing of concern in the Emsisoft report but the out of date Java is a security vulnerability. Please do this.

===================================================

Update Java

-------------------

Important Note: Your version of Java is out of date. Older versions have vulnerabilities that malicious sites can use to exploit and infect your system.

Please follow these steps to update Java and remove any existing older versions:
  • Click here to evaluate your current version of Java
  • Click Free Java Download
  • Click the Agree and Start Free Download
  • Save jxpiinstall.exe to your desktop
  • Double click the icon then click Run
  • Click Install
  • Uncheck any Ask Toolbar offers
  • Click Next
  • You should be notified You have successfully installed Java
Go to StartBtn.gif > Control Panel, double-click on Add/Remove Programs or Programs and Features in Vista/Windows 7 and remove all older versions of Java.
  • In addition, check (highlight) any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button and follow the onscreen instructions for the Java uninstaller.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did Java install properly?
  • One last check, is everything still running well?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 Twch7

Twch7
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:57 PM

Posted 10 November 2014 - 06:43 PM

Java installed properly. The computer seems to be running fine thanks.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users