Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Logonui.exe Bad Image. Trojan or Corrupt?


  • This topic is locked This topic is locked
19 replies to this topic

#1 svenson14

svenson14

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:07 PM

Posted 26 November 2014 - 02:27 AM

Where do I begin... I'll try an organize this as best as possible.

 

Symptom 1: (Upon startup)

"LogonUI.exe - Bad Image
C:\Windows\System32\credui.dll is either not designed to run on Windows or it contains an error. Try installing the program again using the original installation media or contact your system administrator or the software vendor for support."
 
Immediately after desktop appears:
"netsh.exe bad image
C:\Windows\System32\credui.dll is either not designed to run on Windows or it contains an error. Try installing the program again using the original installation media or contact your system administrator or the software vendor for support."
Symptom 2: While trying to open almost any .exe. 
"C:\.....exe.
The specified procedure could not be found."
  • Can't install anything
  • Cannot run DDS
  • Can't run Windows repair disc
Symptom 3Can't uninstall anything:
"Windows Installer   
The system administrator has set policies to prevent this installation."
Symptom 4Task Manager doesn't work
"taskmgr.exe - Bad Image
C:\Windows\System32\credui.dll is either not designed to run on Windows or it contains an error. Try installing the program again using the original installation media or contact your system administrator or the software vendor for support."
 
In Safe Mode:
  • No popups. I can install and uninstall (mostly)
  • I can run DDS (attached)
  • Windows Explorer doesn't work
  • Task Manager doesn't work

 

I'm not sure whether this is a Windows corruption, Bios issue, or Trojan.

I've ran Windows Repair Disc from boot. No issues found.

I've talked to Microsoft Support. They say it's a Trojan.

I've talked to Symantec Support. They say it's a Windows issue.

I've ran Malware-bites, RKill, HitmanPro, Avast, AVG, Ccleaner and most have found nothing.

ChkDsk

 

I've searched the other forums and haven't found the same logonui.exe or related issues.  I'm hoping someone can help me out.  Or if this is a lost cause and I should perform a clean install, let me know.

 

....If I remember anything I have forgotten, I'll post it.

 

Windows 7 Pro, SP1 x64

Intel i5-3470 3.2GHz

ASRock Z77 LGA 1155 MB

8GB Ram DDR3

 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,242 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:07 PM

Posted 30 November 2014 - 10:33 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

Wait for further instructions.

#3 svenson14

svenson14
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:07 PM

Posted 30 November 2014 - 06:09 PM

Hi Nasdaq,

I cannot seem to run any .exe's in normal mode, so all scans were performed in Safe Mode.

I installed Malware-bites the other day.  I might have a log from when I first ran it, but here's today's log (nothing found):

 

Malwarebytes Anti-Malware

www.malwarebytes.org
 
Scan Date: 11/30/2014
Scan Time: 2:12:36 PM
Logfile: Malware-Bites.txt
Administrator: Yes
 
Version: 2.00.3.1025
Malware Database: v2014.11.30.08
Rootkit Database: v2014.11.30.01
License: Trial
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Evan
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 371174
Time Elapsed: 5 min, 7 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

 

AdwCleaner: 

 

 

# AdwCleaner v4.102 - Report created 30/11/2014 at 14:34:05

# Updated 23/11/2014 by Xplode
# Database : 2014-11-23.7 [Local]
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : Evan - ODIN
# Running from : C:\Users\Evan\Desktop\adwcleaner_4.102 (2).exe
# Option : Clean
 
***** [ Services ] *****
 
[#] Service Deleted : iSafeKrnlBoot
Service Deleted : iSafeKrnlKit
[#] Service Deleted : iSafeKrnlR3
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Program Files (x86)\Elex-tech
Folder Deleted : C:\Users\Evan\AppData\Local\Temp\iSafeRightKeyScan
Folder Deleted : C:\Users\Evan\AppData\Roaming\Elex-tech
File Deleted : C:\END
File Deleted : C:\Windows\System32\drivers\iSafeKrnlBoot.sys
File Deleted : C:\Windows\System32\log\iSafeKrnlCall.log
File Deleted : C:\Users\Evan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\YAC.lnk
File Deleted : D:\\END
File Deleted : C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
File Deleted : C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
File Deleted : C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsmode.com_0.localstorage
File Deleted : C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.lyricsmode.com_0.localstorage-journal
File Deleted : C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage-journal
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
[x] Not Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
[x] Not Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
[x] Not Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[x] Not Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
[x] Not Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
[x] Not Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
[x] Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[x] Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[x] Not Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[x] Not Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{5411D116-5A37-47D4-B154-5F7FCD9062F0}
[x] Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
[x] Not Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17420
 
 
-\\ Google Chrome v39.0.2171.71
 
[C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://en.softonic.com/s/{searchTerms}
[C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [3495 octets] - [30/11/2014 14:30:26]
AdwCleaner[S0].txt - [3522 octets] - [30/11/2014 14:34:05]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3582 octets] ##########
 
 
I was unsure about the registry items, so I did not remove any of them.
Once I clicked "CLEAN" the following error occurred:
Attached File  netsh.exe.png   9.28KB   0 downloads
 
Farbar Recovery:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 30-11-2014 01

Ran by Evan (administrator) on ODIN on 30-11-2014 14:41:47
Running from C:\Users\Evan\Desktop
Loaded Profile: Evan (Available profiles: Evan)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Safe Mode (with Networking)
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2404296 2014-08-08] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-26] (Intel Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-07-31] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3653136 2014-11-09] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3528412979-78158528-2696249114-1000\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-3528412979-78158528-2696249114-1000\...\Run: [Google Update] => C:\Users\Evan\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-06-19] (Google Inc.)
HKU\S-1-5-21-3528412979-78158528-2696249114-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673696 2013-08-01] (Disc Soft Ltd)
HKU\S-1-5-21-3528412979-78158528-2696249114-1000\...\RunOnce: [Report] => C:\AdwCleaner\AdwCleaner[S0].txt [3674 2014-11-30] ()
HKU\S-1-5-21-3528412979-78158528-2696249114-1000\...\MountPoints2: {2ac7a700-293e-11e4-a84a-bc5ff4af40ca} - H:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3528412979-78158528-2696249114-1000\...\MountPoints2: {cfa0963f-43dd-11e3-ae85-bc5ff4af40ca} - H:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3528412979-78158528-2696249114-1000\...\MountPoints2: {f1987495-3fd9-11e3-a3bd-d07bb1219106} - G:\AutoRun.exe
Startup: C:\Users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-3528412979-78158528-2696249114-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
SearchScopes: HKLM -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKLM -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3528412979-78158528-2696249114-1000 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3528412979-78158528-2696249114-1000 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Tcpip\..\Interfaces\{176F6B5C-640D-41C3-A3D1-7A3B83331B1A}: [NameServer] 192.168.1.1,192.168.1.10
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3528412979-78158528-2696249114-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Evan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-3528412979-78158528-2696249114-1000: @talk.google.com/O1DPlugin -> C:\Users\Evan\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-3528412979-78158528-2696249114-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Evan\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3528412979-78158528-2696249114-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Evan\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Evan\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Evan\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Evan\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-03-04]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-06]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-11-02]
FF HKU\S-1-5-21-3528412979-78158528-2696249114-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "https://www.google.com/"
CHR DefaultSuggestURL: Default -> 
CHR Profile: C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-19]
CHR Extension: (That is Worth) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apcjfffnnlfkhfilnooghekpobiadgmd [2014-10-14]
CHR Extension: (Google Drive) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-19]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-28]
CHR Extension: (Adblock Plus) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-04-19]
CHR Extension: (Pandora to Spotify Playlist Converter) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgkmfkggcmoclhipfkabaemflflellek [2014-09-01]
CHR Extension: (Google Search) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-28]
CHR Extension: (Mailto: for Gmail™) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgkkmcknielgdhebimdnfahpipajcpjn [2014-04-19]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2014-04-19]
CHR Extension: (Tapiture) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcafflfojcedkgjkoiebkbhnhldokecj [2014-04-19]
CHR Extension: (RSS Subscription Extension (by Google)) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd [2014-04-19]
CHR Extension: (Google Wallet) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-02]
CHR Extension: (Gmail) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-28]
CHR Extension: (RSS Feed Reader) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp [2014-04-19]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-07-06]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-07-06] (AVAST Software)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3488784 2014-11-09] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-11-09] (AVG Technologies CZ, s.r.o.)
S3 cphs; C:\Windows\SysWow64\IntelCpHeciSvc.exe [276288 2012-09-20] (Intel Corporation) [File not signed]
S3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
S2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
S2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-20] (Hewlett-Packard Co.) [File not signed]
S2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-07-05] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-08-21] (Intel Corporation)
S2 LeapService; C:\Program Files (x86)\Leap Motion\Core Services\LeapSvc64.exe [8989696 2014-11-19] (Leap Motion, Inc.) [File not signed]
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1721800 2014-08-08] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18974152 2014-08-08] (NVIDIA Corporation)
S2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
S2 Synergy; C:\Program Files\Synergy\synergyd.exe [292352 2014-02-17] () [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 asahci64; C:\Windows\System32\drivers\asahci64.sys [49760 2011-09-21] (Asmedia Technology)
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-07-06] ()
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-07-06] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-07-06] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-07-06] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-11-23] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-07-06] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-07-06] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-07-06] ()
S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [263960 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-18] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.)
S3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [14720 2009-06-10] () [File not signed]
S1 discache; C:\Windows\System32\drivers\discache.sys [0 2009-07-13] () [File not signed]
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-06-13] (Disc Soft Ltd)
S3 hcwPP2; C:\Windows\System32\DRIVERS\hcwPP2.sys [227328 2007-02-06] (Hauppauge Computer Works, Inc.)
R3 HidEmulator; C:\Windows\System32\DRIVERS\HidEmulator.sys [10480 2013-11-03] (Leap Motion, Inc.)
R3 HidEmulatorKmdf; C:\Windows\System32\DRIVERS\HidEmulatorKmdf.sys [24432 2013-11-03] ()
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2014-11-25] ()
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-19] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-11-30] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
S3 Modem; C:\Windows\System32\drivers\modem.sys [0 2009-07-13] () [File not signed]
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [21448 2014-08-08] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [2976472 2013-09-11] (Realtek Semiconductor Corporation                           )
S3 sfloppy; C:\Windows\system32\drivers\sfloppy.sys [16896 2009-07-13] ()
S3 WacomPen; C:\Windows\system32\drivers\wacompen.sys [0 2009-07-13] () [File not signed]
S3 AsrCDDrv; \??\C:\Windows\SysWOW64\Drivers\AsrCDDrv.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-30 14:41 - 2014-11-30 14:41 - 00021427 _____ () C:\Users\Evan\Desktop\FRST.txt
2014-11-30 14:40 - 2014-11-30 14:41 - 00000000 ____D () C:\FRST
2014-11-30 14:33 - 2014-11-30 14:35 - 00003561 _____ () C:\Users\Evan\Desktop\AdwCleaner[R0].txt
2014-11-30 14:30 - 2014-11-30 14:34 - 00000000 ____D () C:\AdwCleaner
2014-11-30 14:27 - 2014-11-30 14:16 - 02148864 _____ () C:\Users\Evan\Desktop\adwcleaner_4.102 (2).exe
2014-11-30 14:27 - 2014-11-30 14:16 - 02117120 _____ (Farbar) C:\Users\Evan\Desktop\FRST64.exe
2014-11-30 14:24 - 2014-11-30 14:24 - 00001064 _____ () C:\Users\Evan\Desktop\Malware-Bites.txt
2014-11-30 14:09 - 2014-11-30 14:09 - 00000000 ____D () C:\Users\Evan\AppData\Local\CrashDumps
2014-11-25 22:54 - 2014-11-25 22:54 - 00005312 _____ () C:\Users\Evan\Desktop\attach.zip
2014-11-25 22:53 - 2014-11-25 22:53 - 00020570 _____ () C:\Users\Evan\Desktop\attach.txt
2014-11-25 22:53 - 2014-11-25 22:52 - 00024814 _____ () C:\Users\Evan\Desktop\dds.txt
2014-11-25 22:46 - 2014-11-25 22:46 - 00688992 ____R (Swearware) C:\Users\Evan\Desktop\dds.com
2014-11-25 22:35 - 2014-11-25 22:35 - 00043664 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-11-25 22:33 - 2014-11-25 22:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Leap Motion
2014-11-25 22:21 - 2014-11-30 14:19 - 00000030 _____ () C:\Users\Evan\Desktop\Norton.txt
2014-11-25 21:53 - 2014-11-25 22:49 - 00000000 ____D () C:\Users\Evan\AppData\Local\NPE
2014-11-25 21:53 - 2014-11-25 21:53 - 00000000 ____D () C:\ProgramData\SMR430
2014-11-25 21:53 - 2014-11-25 21:53 - 00000000 ____D () C:\ProgramData\Norton
2014-11-23 21:35 - 2014-11-23 21:35 - 00105423 _____ () C:\ProgramData\1416807303.bdinstall.bin
2014-11-23 21:35 - 2014-11-23 21:35 - 00000000 ____D () C:\Users\Evan\AppData\Roaming\QuickScan
2014-11-23 21:31 - 2014-11-23 21:31 - 00000000 ____D () C:\Users\Evan\AppData\Roaming\TuneUp Software
2014-11-23 21:31 - 2014-11-23 21:31 - 00000000 ____D () C:\Users\Evan\AppData\Roaming\AVG2015
2014-11-23 21:31 - 2014-11-23 21:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-11-23 21:30 - 2014-11-23 21:31 - 00000000 ____D () C:\ProgramData\AVG2015
2014-11-23 21:30 - 2014-11-23 21:30 - 00000000 ___HD () C:\$AVG
2014-11-23 21:30 - 2014-11-23 21:30 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-11-23 21:26 - 2014-11-30 12:04 - 00000000 ____D () C:\ProgramData\MFAData
2014-11-23 21:26 - 2014-11-23 21:37 - 00000000 ____D () C:\Users\Evan\AppData\Local\Avg2015
2014-11-23 21:26 - 2014-11-23 21:26 - 00000000 ____D () C:\Users\Evan\AppData\Local\MFAData
2014-11-23 21:18 - 2014-11-23 21:18 - 00003366 _____ () C:\Windows\system32\.crusader
2014-11-23 21:11 - 2014-11-25 22:44 - 00000000 ____D () C:\Program Files\HitmanPro
2014-11-23 20:50 - 2014-11-23 21:18 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-11-23 20:49 - 2014-11-30 14:26 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-23 20:48 - 2014-11-30 14:34 - 00000000 ____D () C:\Windows\system32\log
2014-11-23 20:48 - 2014-11-23 20:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-23 20:48 - 2014-11-23 20:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-23 20:48 - 2014-11-23 20:48 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-23 20:48 - 2014-11-03 01:04 - 00049320 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeNetFilter.sys
2014-11-23 20:48 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-23 20:48 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-23 20:48 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-23 19:32 - 2014-11-30 14:37 - 00005218 _____ () C:\Windows\PFRO.log
2014-11-23 19:20 - 2014-11-10 19:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-23 19:20 - 2014-11-10 19:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-23 19:20 - 2014-11-10 18:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-23 19:20 - 2014-11-10 18:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-23 19:18 - 2014-11-23 19:18 - 00000756 _____ () C:\Windows\LkmdfCoInst.log
2014-11-21 19:48 - 2014-11-23 19:18 - 00000000 ____D () C:\Users\Evan\AppData\Local\Python Keyring
2014-11-11 18:11 - 2014-11-07 11:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-11 18:11 - 2014-11-07 11:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-11 18:11 - 2014-11-05 20:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-11 18:11 - 2014-11-05 20:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-11 18:11 - 2014-11-05 20:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-11 18:11 - 2014-11-05 19:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-11 18:11 - 2014-11-05 19:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-11 18:11 - 2014-11-05 19:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-11 18:11 - 2014-11-05 19:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-11 18:11 - 2014-11-05 19:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-11 18:11 - 2014-11-05 19:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-11 18:11 - 2014-11-05 19:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-11 18:11 - 2014-11-05 19:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-11 18:11 - 2014-11-05 19:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-11 18:11 - 2014-11-05 19:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-11 18:11 - 2014-11-05 19:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-11 18:11 - 2014-11-05 19:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-11 18:11 - 2014-11-05 19:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-11 18:11 - 2014-11-05 19:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-11 18:11 - 2014-11-05 19:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-11 18:11 - 2014-11-05 19:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-11 18:11 - 2014-11-05 19:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-11 18:11 - 2014-11-05 19:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-11 18:11 - 2014-11-05 19:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-11 18:11 - 2014-11-05 19:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-11 18:11 - 2014-11-05 19:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-11 18:11 - 2014-11-05 19:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-11 18:11 - 2014-11-05 19:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-11 18:11 - 2014-11-05 19:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-11 18:11 - 2014-11-05 19:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-11 18:11 - 2014-11-05 19:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-11 18:11 - 2014-11-05 19:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-11 18:11 - 2014-11-05 18:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-11 18:11 - 2014-11-05 18:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-11 18:11 - 2014-11-05 18:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-11 18:11 - 2014-11-05 18:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-11 18:11 - 2014-11-05 18:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-11 18:11 - 2014-11-05 18:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-11 18:11 - 2014-11-05 18:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-11 18:11 - 2014-11-05 18:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-11 18:11 - 2014-11-05 18:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-11 18:11 - 2014-11-05 18:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-11 18:11 - 2014-11-05 18:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-11 18:11 - 2014-11-05 18:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-11 18:11 - 2014-11-05 18:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-11 18:11 - 2014-11-05 18:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-11 18:11 - 2014-11-05 18:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-11 18:11 - 2014-11-05 18:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-11 18:11 - 2014-11-05 18:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-11 18:11 - 2014-11-05 18:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-11 18:11 - 2014-11-05 18:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-11 18:11 - 2014-11-05 18:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-11 18:11 - 2014-11-05 17:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-11 18:11 - 2014-11-05 17:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-11 18:11 - 2014-11-05 17:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-11 18:11 - 2014-11-05 17:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-11 18:11 - 2014-11-05 09:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-11 18:11 - 2014-11-05 09:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-11 18:11 - 2014-11-05 09:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-11 18:11 - 2014-10-13 18:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-11 18:11 - 2014-10-13 18:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-11 18:11 - 2014-10-13 18:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-11 18:11 - 2014-10-13 18:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-11 18:11 - 2014-10-13 18:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-11 18:11 - 2014-10-13 17:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-11 18:11 - 2014-10-13 17:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-11 18:11 - 2014-10-13 17:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-11 18:11 - 2014-10-13 17:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-11 18:10 - 2014-10-24 17:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-11 18:10 - 2014-10-24 17:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-11 18:10 - 2014-10-17 18:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-11 18:10 - 2014-10-17 17:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-11 18:10 - 2014-10-13 18:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-11 18:10 - 2014-10-13 17:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-11 18:10 - 2014-10-09 16:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-11 18:10 - 2014-10-02 18:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-11 18:10 - 2014-10-02 18:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-11 18:10 - 2014-10-02 18:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-11 18:10 - 2014-10-02 18:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-11 18:10 - 2014-10-02 18:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-11 18:10 - 2014-10-02 17:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-11 18:10 - 2014-10-02 17:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-11 18:10 - 2014-10-02 17:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-11 18:10 - 2014-09-19 01:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-11 18:10 - 2014-09-19 01:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-11 18:10 - 2014-09-19 01:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-11 18:10 - 2014-09-19 01:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-11 18:10 - 2014-09-19 01:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-11 18:10 - 2014-09-19 01:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-11 18:10 - 2014-09-19 01:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-11 18:10 - 2014-09-19 01:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-11 18:10 - 2014-09-19 01:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-11 18:10 - 2014-09-19 01:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-11 18:10 - 2014-09-19 01:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-11 18:10 - 2014-09-19 01:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-11 18:10 - 2014-08-20 22:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-11 18:10 - 2014-08-20 22:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-11 18:10 - 2014-08-20 22:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-11 18:10 - 2014-08-20 22:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-11 18:10 - 2014-08-11 18:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-11 18:10 - 2014-08-11 17:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-04 22:14 - 2014-11-04 22:14 - 00283172 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2014-11-04 03:00 - 2014-11-04 03:00 - 00288018 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2014-11-04 03:00 - 2014-11-04 03:00 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2014-11-02 22:56 - 2014-11-02 22:56 - 00000000 ____D () C:\Users\Evan\AppData\Roaming\HP
2014-11-02 22:56 - 2014-11-02 22:56 - 00000000 ____D () C:\ProgramData\WEBREG
2014-11-02 22:55 - 2014-11-23 19:22 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
2014-11-02 22:55 - 2014-11-02 22:55 - 00000000 ____D () C:\Users\Evan\AppData\Roaming\Yahoo!
2014-11-02 22:54 - 2014-11-23 19:23 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-11-02 22:54 - 2014-11-02 22:54 - 00001321 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\HP Solution Center.lnk
2014-11-02 22:54 - 2014-11-02 22:54 - 00001054 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
2014-11-02 22:54 - 2014-11-02 22:54 - 00000000 ____D () C:\Windows\SysWOW64\spool
2014-11-02 22:54 - 2014-11-02 22:54 - 00000000 ____D () C:\ProgramData\HP Product Assistant
2014-11-02 22:53 - 2014-11-23 19:23 - 00000000 ____D () C:\Program Files (x86)\HP
2014-11-02 22:52 - 2014-11-23 19:23 - 00004883 _____ () C:\ProgramData\hpzinstall.log
2014-11-02 22:52 - 2014-11-02 23:00 - 00221544 _____ () C:\Windows\hpoins19.dat
2014-11-02 22:52 - 2014-11-02 22:56 - 00000000 ____D () C:\ProgramData\HP
2014-11-02 22:52 - 2014-11-02 22:52 - 00000000 ____D () C:\Program Files\HP
2014-11-02 22:52 - 2009-10-19 20:30 - 00013898 ____N () C:\Windows\hpomdl19.dat
2014-11-02 22:52 - 2009-07-08 02:51 - 00642360 _____ (Hewlett-Packard) C:\Windows\system32\hpzids40.dll
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-11-30 14:41 - 2009-07-13 21:13 - 00781790 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-11-30 14:28 - 2014-06-13 18:43 - 01495160 _____ () C:\Windows\WindowsUpdate.log
2014-11-30 14:28 - 2009-07-13 20:45 - 00031904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-11-30 14:28 - 2009-07-13 20:45 - 00031904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-11-30 14:27 - 2014-06-01 09:06 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-11-30 14:25 - 2014-07-20 17:25 - 07467677 _____ () C:\Windows\setupact.log
2014-11-30 14:25 - 2014-06-13 18:43 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-11-30 14:25 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-11-30 14:06 - 2014-06-08 17:03 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-11-30 13:29 - 2014-06-01 09:06 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-11-30 13:24 - 2014-06-19 18:05 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3528412979-78158528-2696249114-1000UA.job
2014-11-29 23:04 - 2013-10-28 10:57 - 00000000 ____D () C:\Users\Evan\AppData\Roaming\uTorrent
2014-11-25 23:06 - 2014-06-08 17:03 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-25 23:06 - 2014-06-08 17:03 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-25 23:06 - 2014-06-08 17:03 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-25 22:48 - 2014-06-11 18:02 - 00000000 ____D () C:\Users\Evan\AppData\Local\LogMeIn Rescue Applet
2014-11-25 22:33 - 2014-10-09 06:41 - 00044130 _____ () C:\Windows\DPINST.LOG
2014-11-25 22:33 - 2013-10-28 08:24 - 00000000 ____D () C:\Program Files (x86)\Leap Motion
2014-11-24 02:03 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2014-11-23 20:56 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\Branding
2014-11-23 19:18 - 2014-07-06 19:14 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-11-23 19:18 - 2014-07-06 19:14 - 00003924 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-11-23 19:18 - 2014-06-13 18:45 - 00000000 ____D () C:\Users\Evan
2014-11-23 19:18 - 2014-06-13 18:44 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2014-11-23 18:56 - 2014-07-06 19:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-11-23 18:56 - 2014-06-19 18:47 - 00000000 ____D () C:\Users\Evan\AppData\Roaming\vlc
2014-11-23 18:56 - 2013-10-28 07:32 - 00000000 ____D () C:\Users\Evan\AppData\Roaming\Rainmeter
2014-11-23 18:56 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\registration
2014-11-19 19:56 - 2014-09-01 13:06 - 00000000 ____D () C:\Users\Evan\AppData\Local\Spotify
2014-11-19 19:51 - 2013-10-28 07:28 - 00000000 ____D () C:\Program Files\WinRAR
2014-11-18 20:29 - 2013-10-30 18:05 - 00000000 ____D () C:\Users\Evan\AppData\Roaming\FileBot
2014-11-18 20:28 - 2014-09-01 13:05 - 00000000 ____D () C:\Users\Evan\AppData\Roaming\Spotify
2014-11-18 19:47 - 2013-10-28 07:28 - 00000000 ____D () C:\Users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-11-18 19:47 - 2013-10-28 07:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-11-18 18:13 - 2013-11-23 11:29 - 00000000 ____D () C:\Users\Evan\AppData\Roaming\XBMC
2014-11-17 13:24 - 2014-06-01 09:06 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-17 13:24 - 2014-06-01 09:06 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-14 09:24 - 2014-06-19 18:05 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3528412979-78158528-2696249114-1000Core.job
2014-11-14 09:19 - 2014-06-19 18:05 - 00003872 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3528412979-78158528-2696249114-1000UA
2014-11-14 09:19 - 2014-06-19 18:05 - 00003476 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3528412979-78158528-2696249114-1000Core
2014-11-13 23:52 - 2014-06-04 18:06 - 00000000 ____D () C:\Windows\pss
2014-11-12 21:00 - 2014-06-13 23:39 - 00109680 _____ () C:\Users\Evan\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-12 20:59 - 2014-06-14 02:18 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-12 20:59 - 2009-07-13 20:45 - 00408912 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-11 23:29 - 2013-11-02 09:18 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-11 23:27 - 2013-10-31 23:56 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-11 23:25 - 2014-06-14 00:39 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-04 14:30 - 2010-11-20 19:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-11-02 23:02 - 2013-10-28 06:21 - 00000000 ____D () C:\temp
2014-11-02 23:00 - 2009-07-13 18:34 - 00000591 _____ () C:\Windows\win.ini
 
Some content of TEMP:
====================
C:\Users\Evan\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe
C:\Users\Evan\AppData\Local\Temp\HitmanPro.exe
C:\Users\Evan\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Evan\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Evan\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Evan\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Evan\AppData\Local\Temp\nvStInst.exe
C:\Users\Evan\AppData\Local\Temp\Quarantine.exe
C:\Users\Evan\AppData\Local\Temp\sqlite3.dll
C:\Users\Evan\AppData\Local\Temp\vlc-2.1.5-win64.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-11-30 12:04
 
==================== End Of Log ============================

 

During the scan, I received the following error:

Attached File  wevtutil.exe.png   9.42KB   0 downloads

 
 
Edit: Attached "Addition.txt"

Attached Files


Edited by svenson14, 30 November 2014 - 06:11 PM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,242 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:07 PM

Posted 01 December 2014 - 09:07 AM


Logonui.exe Bad Image


Try these fixes.

Check for missing or corrupted Operating files in your system.

Execute the instructions on this page.
http://www.sevenforums.com/tutorials/1538-sfc-scannow-command-system-file-checker.html
===

Restore you Windows 7 to the Last good configuration
Follow the instructions on this page.

http://windows.microsoft.com/en-ca/windows/using-last-known-good-configuration#1TC=windows-7
<<<>>>

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
S3 AsrCDDrv; \??\C:\Windows\SysWOW64\Drivers\AsrCDDrv.sys [X]
AlternateDataStreams: C:\ProgramData\TEMP:054203E4
C:\Users\Evan\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe
C:\Users\Evan\AppData\Local\Temp\HitmanPro.exe
C:\Users\Evan\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Evan\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Evan\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Evan\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Evan\AppData\Local\Temp\nvStInst.exe
C:\Users\Evan\AppData\Local\Temp\sqlite3.dll
C:\Users\Evan\AppData\Local\Temp\vlc-2.1.5-win64.exe

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Keep me posted.

#5 svenson14

svenson14
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:07 PM

Posted 02 December 2014 - 10:13 PM

Nasdaq,

I tried running SFC /Scannow Method 2 (from Windows Running CMD.exe) as administrator gives me the error:

 

I tried Method 1 (Windows CD in Boot) and I got the error prior to the "System Recovery Options" window:

RevEnv.exe - Corrupt File

The file or directory C:\found.004\dir0007.chk is corrupt and unreadable. Please run the Chkdsk utility.s

RevEnv.exe - Corrupt File

The file or directory C:\found.004\dir0006.chk is corrupt and unreadable. Please run the Chkdsk utility.s

sfc /scannow /offbootdir=c:\ /offwindir=c:\windows

Code above in command prompt did not work the first time or after restating and a ChkDsk:

 

Beginning system scan. This process will take some time.

There is a system repair pending which requires reboot to complete. Restart Windows and run sfc again.

 

****************

I tried restoring to a previous date.  This did not remove the issue.

 

 

With these errors, shall I continue with the fixlist.txt and FRST?

 

 

Thanks,

Evan



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,242 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:07 PM

Posted 03 December 2014 - 09:44 AM

Beginning system scan. This process will take some time.
There is a system repair pending which requires reboot to complete. Restart Windows and run sfc again.


Did you run the SFC tool one more time?
====

With these errors, shall I continue with the fixlist.txt and FRST?


Yes, we are only removing empty registry keys.

#7 svenson14

svenson14
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:07 PM

Posted 04 December 2014 - 10:40 AM

Did you run the SFC tool one more time?

 

 

Yes, ran it after restarting and performing DskChk and it still gave the same error.

 

 

Yes, we are only removing empty registry keys.

 

 

 

Done.  Fixlog.txt:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 03-12-2014
Ran by Evan at 2014-12-04 07:32:11 Run:1
Running from C:\Users\Evan\Desktop\FRST
Loaded Profile: Evan (Available profiles: Evan)
Boot Mode: Safe Mode (with Networking)
==============================================
 
Content of fixlist:
*****************
start
 
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
S3 AsrCDDrv; \??\C:\Windows\SysWOW64\Drivers\AsrCDDrv.sys [X]
AlternateDataStreams: C:\ProgramData\TEMP:054203E4
C:\Users\Evan\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe
C:\Users\Evan\AppData\Local\Temp\HitmanPro.exe
C:\Users\Evan\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Evan\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Evan\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Evan\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Evan\AppData\Local\Temp\nvStInst.exe
C:\Users\Evan\AppData\Local\Temp\sqlite3.dll
C:\Users\Evan\AppData\Local\Temp\vlc-2.1.5-win64.exe
 
End
*****************
 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value deleted successfully.
"HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => Key not found.
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
AsrCDDrv => Service deleted successfully.
C:\ProgramData\TEMP => ":054203E4" ADS removed successfully.
C:\Users\Evan\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe => Moved successfully.
C:\Users\Evan\AppData\Local\Temp\HitmanPro.exe => Moved successfully.
C:\Users\Evan\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe => Moved successfully.
C:\Users\Evan\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe => Moved successfully.
C:\Users\Evan\AppData\Local\Temp\nvSCPAPI.dll => Moved successfully.
C:\Users\Evan\AppData\Local\Temp\nvSCPAPI64.dll => Moved successfully.
C:\Users\Evan\AppData\Local\Temp\nvStInst.exe => Moved successfully.
C:\Users\Evan\AppData\Local\Temp\sqlite3.dll => Moved successfully.
C:\Users\Evan\AppData\Local\Temp\vlc-2.1.5-win64.exe => Moved successfully.
 
==== End of Fixlog ====

 

 

 
FRST.txt:
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 03-12-2014
Ran by Evan (administrator) on ODIN on 04-12-2014 07:31:40
Running from C:\Users\Evan\Desktop\FRST
Loaded Profile: Evan (Available profiles: Evan)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Safe Mode (with Networking)
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\System32\wisptis.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [EvtMgr6] => C:\Program Files\Logitech\SetPointP\SetPoint.exe [3091224 2013-07-31] (Logitech, Inc.)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2404296 2014-08-08] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [135536 2010-12-13] (Microsoft Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-26] (Intel Corporation)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5226600 2014-11-30] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2015\avgui.exe [3653136 2014-11-09] (AVG Technologies CZ, s.r.o.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKU\S-1-5-21-3528412979-78158528-2696249114-1000\...\Run: [RocketDock] => C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-3528412979-78158528-2696249114-1000\...\Run: [Google Update] => C:\Users\Evan\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2014-06-19] (Google Inc.)
HKU\S-1-5-21-3528412979-78158528-2696249114-1000\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673696 2013-08-01] (Disc Soft Ltd)
HKU\S-1-5-21-3528412979-78158528-2696249114-1000\...\Run: [Spotify Web Helper] => C:\Users\Evan\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1514040 2014-10-14] (Spotify Ltd)
HKU\S-1-5-21-3528412979-78158528-2696249114-1000\...\MountPoints2: {2ac7a700-293e-11e4-a84a-bc5ff4af40ca} - H:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3528412979-78158528-2696249114-1000\...\MountPoints2: {6fee65f0-3fd7-11e3-b75f-806e6f6e6963} - F:\setup.exe
HKU\S-1-5-21-3528412979-78158528-2696249114-1000\...\MountPoints2: {c016a429-7b65-11e4-9fcf-bc5ff4af40ca} - H:\HTC_Sync_Manager_PC.exe
HKU\S-1-5-21-3528412979-78158528-2696249114-1000\...\MountPoints2: {cfa0963f-43dd-11e3-ae85-bc5ff4af40ca} - H:\HTC_Sync_Manager_PC.exe
Startup: C:\Users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Rainmeter.lnk
ShortcutTarget: Rainmeter.lnk -> C:\Program Files\Rainmeter\Rainmeter.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-3528412979-78158528-2696249114-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.com/
SearchScopes: HKLM -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKLM -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3528412979-78158528-2696249114-1000 -> DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-3528412979-78158528-2696249114-1000 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = http://www.google.com/search?q={searchTerms}
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll (Logitech, Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: No Name -> {02478D38-C3F9-4efb-9B51-7695ECA05670} ->  No File
BHO-x32: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Tcpip\..\Interfaces\{176F6B5C-640D-41C3-A3D1-7A3B83331B1A}: [NameServer] 192.168.1.1,192.168.1.10
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3528412979-78158528-2696249114-1000: @talk.google.com/GoogleTalkPlugin -> C:\Users\Evan\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKU\S-1-5-21-3528412979-78158528-2696249114-1000: @talk.google.com/O1DPlugin -> C:\Users\Evan\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKU\S-1-5-21-3528412979-78158528-2696249114-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Evan\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKU\S-1-5-21-3528412979-78158528-2696249114-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Evan\AppData\Local\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Evan\AppData\Roaming\mozilla\plugins\npatgpc.dll (Cisco WebEx LLC)
FF Plugin ProgramFiles/Appdata: C:\Users\Evan\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\Evan\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)
FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt
FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-03-04]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-07-06]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-11-02]
FF HKU\S-1-5-21-3528412979-78158528-2696249114-1000\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://google.com/
CHR StartupUrls: Default -> "https://www.google.com/"
CHR DefaultSuggestURL: Default -> 
CHR Profile: C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-04-19]
CHR Extension: (That is Worth) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apcjfffnnlfkhfilnooghekpobiadgmd [2014-10-14]
CHR Extension: (Google Drive) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-19]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-05-23]
CHR Extension: (YouTube) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-10-28]
CHR Extension: (Adblock Plus) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-04-19]
CHR Extension: (Pandora to Spotify Playlist Converter) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgkmfkggcmoclhipfkabaemflflellek [2014-09-01]
CHR Extension: (Google Search) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-10-28]
CHR Extension: (Mailto: for Gmail™) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dgkkmcknielgdhebimdnfahpipajcpjn [2014-04-19]
CHR Extension: (Logitech Smooth Scrolling) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkpejdfnpdkhifgbancbammdijojoffk [2014-04-19]
CHR Extension: (Tapiture) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcafflfojcedkgjkoiebkbhnhldokecj [2014-04-19]
CHR Extension: (RSS Subscription Extension (by Google)) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd [2014-04-19]
CHR Extension: (Google Wallet) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-11-02]
CHR Extension: (Gmail) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-10-28]
CHR Extension: (RSS Feed Reader) - C:\Users\Evan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp [2014-04-19]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-11-30]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-11-30] (AVAST Software)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4012248 2014-11-30] (Avast Software)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2015\avgidsagent.exe [3488784 2014-11-09] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2015\avgwdsvc.exe [298080 2014-11-09] (AVG Technologies CZ, s.r.o.)
S3 cphs; C:\Windows\SysWow64\IntelCpHeciSvc.exe [276288 2012-09-20] (Intel Corporation) [File not signed]
S3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
S2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
S2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-20] (Hewlett-Packard Co.) [File not signed]
S2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-07-05] (Intel Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe [174368 2014-02-28] ()
S2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-08-21] (Intel Corporation)
S2 LeapService; C:\Program Files (x86)\Leap Motion\Core Services\LeapSvc64.exe [8989696 2014-11-19] (Leap Motion, Inc.) [File not signed]
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-10-01] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [968504 2014-10-01] (Malwarebytes Corporation)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
S2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1721800 2014-08-08] (NVIDIA Corporation)
S2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [18974152 2014-08-08] (NVIDIA Corporation)
S2 PassThru Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [167424 2012-12-07] () [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
S2 Synergy; C:\Program Files\Synergy\synergyd.exe [292352 2014-02-17] () [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 asahci64; C:\Windows\System32\drivers\asahci64.sys [49760 2011-09-21] (Asmedia Technology)
S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-11-30] ()
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2014-11-30] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-11-30] (AVAST Software)
S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-11-30] ()
S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2014-11-30] (AVAST Software)
S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2014-11-30] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2014-11-30] (AVAST Software)
S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2014-11-30] ()
S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [153368 2014-06-18] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [263960 2014-10-29] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-18] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [243480 2014-08-28] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [313624 2014-07-18] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [124184 2014-10-05] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-18] (AVG Technologies CZ, s.r.o.)
R1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [274200 2014-10-10] (AVG Technologies CZ, s.r.o.)
S3 BrUsbSer; C:\Windows\System32\Drivers\BrUsbSer.sys [14720 2009-06-10] () [File not signed]
S1 discache; C:\Windows\System32\drivers\discache.sys [0 2009-07-13] () [File not signed]
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2014-06-13] (Disc Soft Ltd)
S3 hcwPP2; C:\Windows\System32\DRIVERS\hcwPP2.sys [227328 2007-02-06] (Hauppauge Computer Works, Inc.)
R3 HidEmulator; C:\Windows\System32\DRIVERS\HidEmulator.sys [10480 2013-11-03] (Leap Motion, Inc.)
R3 HidEmulatorKmdf; C:\Windows\System32\DRIVERS\HidEmulatorKmdf.sys [24432 2013-11-03] ()
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [43664 2014-11-25] ()
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-19] ()
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-10-01] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-04] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-10-01] (Malwarebytes Corporation)
S3 Modem; C:\Windows\System32\drivers\modem.sys [0 2009-07-13] () [File not signed]
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [21448 2014-08-08] (NVIDIA Corporation)
S3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [2976472 2013-09-11] (Realtek Semiconductor Corporation                           )
S3 sfloppy; C:\Windows\system32\drivers\sfloppy.sys [16896 2009-07-13] ()
S3 WacomPen; C:\Windows\system32\drivers\wacompen.sys [0 2009-07-13] () [File not signed]
S3 AsrCDDrv; \??\C:\Windows\SysWOW64\Drivers\AsrCDDrv.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-04 07:27 - 2014-12-04 07:27 - 00000955 _____ () C:\Users\Evan\Desktop\FRST64.exe - Shortcut.lnk
2014-12-04 07:26 - 2014-12-04 07:31 - 00000000 ____D () C:\Users\Evan\Desktop\FRST
2014-12-02 19:04 - 2014-12-02 19:04 - 00003400 ____N () C:\bootsqm.dat
2014-12-01 18:27 - 2014-12-01 18:27 - 00000247 _____ () C:\Windows\system32\2014-12-02-02-27-08.094-aswFe.exe-5704.log
2014-12-01 18:27 - 2014-12-01 18:27 - 00000197 _____ () C:\Windows\system32\2014-12-02-02-27-06.068-AvastVBoxSVC.exe-1428.log
2014-12-01 18:25 - 2014-12-01 18:25 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2014-12-01 18:25 - 2014-12-01 18:25 - 00000000 ____D () C:\Windows\system32\vbox
2014-11-30 18:25 - 2014-11-30 18:25 - 00364512 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-11-30 18:25 - 2014-11-30 18:25 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-11-30 15:49 - 2014-11-25 21:53 - 03060320 _____ (Symantec Corporation) C:\Users\Evan\Desktop\NPE.exe
2014-11-30 15:43 - 2014-11-30 15:43 - 00000000 __SHD () C:\Users\Evan\AppData\Local\EmieBrowserModeList
2014-11-30 14:40 - 2014-12-04 07:31 - 00000000 ____D () C:\FRST
2014-11-30 14:33 - 2014-11-30 14:55 - 00003497 _____ () C:\Users\Evan\Desktop\AdwCleaner[R0].txt
2014-11-30 14:30 - 2014-11-30 14:34 - 00000000 ____D () C:\AdwCleaner
2014-11-30 14:27 - 2014-11-30 14:16 - 02148864 _____ () C:\Users\Evan\Desktop\adwcleaner_4.102 (2).exe
2014-11-30 14:24 - 2014-11-30 14:24 - 00001064 _____ () C:\Users\Evan\Desktop\Malware-Bites.txt
2014-11-30 14:09 - 2014-12-02 18:40 - 00000000 ____D () C:\Users\Evan\AppData\Local\CrashDumps
2014-11-25 22:53 - 2014-11-25 22:52 - 00024814 _____ () C:\Users\Evan\Desktop\dds.txt
2014-11-25 22:46 - 2014-11-25 22:46 - 00688992 ____R (Swearware) C:\Users\Evan\Desktop\dds.com
2014-11-25 22:35 - 2014-11-25 22:35 - 00043664 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-11-25 22:33 - 2014-11-25 22:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Leap Motion
2014-11-25 22:21 - 2014-11-30 14:19 - 00000030 _____ () C:\Users\Evan\Desktop\Norton.txt
2014-11-25 21:53 - 2014-11-25 22:49 - 00000000 ____D () C:\Users\Evan\AppData\Local\NPE
2014-11-25 21:53 - 2014-11-25 21:53 - 00000000 ____D () C:\ProgramData\SMR430
2014-11-25 21:53 - 2014-11-25 21:53 - 00000000 ____D () C:\ProgramData\Norton
2014-11-23 21:35 - 2014-11-23 21:35 - 00105423 _____ () C:\ProgramData\1416807303.bdinstall.bin
2014-11-23 21:35 - 2014-11-23 21:35 - 00000000 ____D () C:\Users\Evan\AppData\Roaming\QuickScan
2014-11-23 21:31 - 2014-11-23 21:31 - 00000000 ____D () C:\Users\Evan\AppData\Roaming\TuneUp Software
2014-11-23 21:31 - 2014-11-23 21:31 - 00000000 ____D () C:\Users\Evan\AppData\Roaming\AVG2015
2014-11-23 21:31 - 2014-11-23 21:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2014-11-23 21:30 - 2014-11-23 21:31 - 00000000 ____D () C:\ProgramData\AVG2015
2014-11-23 21:30 - 2014-11-23 21:30 - 00000000 ___HD () C:\$AVG
2014-11-23 21:30 - 2014-11-23 21:30 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-11-23 21:26 - 2014-12-04 07:25 - 00000000 ____D () C:\ProgramData\MFAData
2014-11-23 21:26 - 2014-11-23 21:37 - 00000000 ____D () C:\Users\Evan\AppData\Local\Avg2015
2014-11-23 21:26 - 2014-11-23 21:26 - 00000000 ____D () C:\Users\Evan\AppData\Local\MFAData
2014-11-23 21:18 - 2014-11-23 21:18 - 00003366 _____ () C:\Windows\system32\.crusader
2014-11-23 21:11 - 2014-11-25 22:44 - 00000000 ____D () C:\Program Files\HitmanPro
2014-11-23 20:50 - 2014-11-23 21:18 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-11-23 20:49 - 2014-12-04 07:23 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-23 20:48 - 2014-11-30 14:34 - 00000000 ____D () C:\Windows\system32\log
2014-11-23 20:48 - 2014-11-23 20:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-23 20:48 - 2014-11-23 20:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-23 20:48 - 2014-11-23 20:48 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-11-23 20:48 - 2014-11-03 01:04 - 00049320 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeNetFilter.sys
2014-11-23 20:48 - 2014-10-01 11:11 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-11-23 20:48 - 2014-10-01 11:11 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-11-23 20:48 - 2014-10-01 11:11 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-11-23 19:32 - 2014-12-01 18:23 - 00007810 _____ () C:\Windows\PFRO.log
2014-11-23 19:20 - 2014-11-10 19:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-23 19:20 - 2014-11-10 19:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-23 19:20 - 2014-11-10 18:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-23 19:20 - 2014-11-10 18:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-23 19:18 - 2014-11-23 19:18 - 00000756 _____ () C:\Windows\LkmdfCoInst.log
2014-11-21 19:48 - 2014-11-23 19:18 - 00000000 ____D () C:\Users\Evan\AppData\Local\Python Keyring
2014-11-11 18:11 - 2014-11-07 11:49 - 00388272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-11 18:11 - 2014-11-07 11:23 - 00341168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-11 18:11 - 2014-11-05 20:04 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-11-11 18:11 - 2014-11-05 20:03 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-11 18:11 - 2014-11-05 20:03 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-11-11 18:11 - 2014-11-05 19:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-11 18:11 - 2014-11-05 19:46 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-11 18:11 - 2014-11-05 19:46 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-11 18:11 - 2014-11-05 19:44 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-11 18:11 - 2014-11-05 19:43 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-11 18:11 - 2014-11-05 19:36 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-11 18:11 - 2014-11-05 19:35 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-11 18:11 - 2014-11-05 19:31 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-11 18:11 - 2014-11-05 19:30 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-11 18:11 - 2014-11-05 19:30 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-11 18:11 - 2014-11-05 19:29 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-11 18:11 - 2014-11-05 19:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-11-11 18:11 - 2014-11-05 19:23 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-11 18:11 - 2014-11-05 19:20 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-11-11 18:11 - 2014-11-05 19:16 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-11 18:11 - 2014-11-05 19:13 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-11 18:11 - 2014-11-05 19:13 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-11 18:11 - 2014-11-05 19:12 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-11 18:11 - 2014-11-05 19:10 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-11 18:11 - 2014-11-05 19:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-11 18:11 - 2014-11-05 19:07 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-11 18:11 - 2014-11-05 19:05 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-11 18:11 - 2014-11-05 19:04 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-11 18:11 - 2014-11-05 19:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-11 18:11 - 2014-11-05 19:02 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-11 18:11 - 2014-11-05 19:00 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-11 18:11 - 2014-11-05 19:00 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-11 18:11 - 2014-11-05 18:59 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-11 18:11 - 2014-11-05 18:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-11 18:11 - 2014-11-05 18:57 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-11 18:11 - 2014-11-05 18:48 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-11 18:11 - 2014-11-05 18:42 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-11 18:11 - 2014-11-05 18:41 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-11 18:11 - 2014-11-05 18:41 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-11 18:11 - 2014-11-05 18:39 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-11-11 18:11 - 2014-11-05 18:38 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-11 18:11 - 2014-11-05 18:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-11 18:11 - 2014-11-05 18:36 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-11 18:11 - 2014-11-05 18:34 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-11 18:11 - 2014-11-05 18:30 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-11 18:11 - 2014-11-05 18:22 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-11 18:11 - 2014-11-05 18:21 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-11 18:11 - 2014-11-05 18:21 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-11 18:11 - 2014-11-05 18:20 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-11-11 18:11 - 2014-11-05 18:17 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-11 18:11 - 2014-11-05 18:04 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-11 18:11 - 2014-11-05 18:03 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-11 18:11 - 2014-11-05 17:53 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-11 18:11 - 2014-11-05 17:52 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-11 18:11 - 2014-11-05 17:48 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-11 18:11 - 2014-11-05 17:47 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-11 18:11 - 2014-11-05 09:56 - 00304640 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2014-11-11 18:11 - 2014-11-05 09:56 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-11-11 18:11 - 2014-11-05 09:52 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-11-11 18:11 - 2014-10-13 18:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-11 18:11 - 2014-10-13 18:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-11 18:11 - 2014-10-13 18:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-11 18:11 - 2014-10-13 18:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-11 18:11 - 2014-10-13 18:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-11 18:11 - 2014-10-13 17:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-11 18:11 - 2014-10-13 17:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-11 18:11 - 2014-10-13 17:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-11 18:11 - 2014-10-13 17:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-11 18:10 - 2014-10-24 17:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-11 18:10 - 2014-10-24 17:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-11 18:10 - 2014-10-17 18:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-11 18:10 - 2014-10-17 17:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-11 18:10 - 2014-10-13 18:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-11 18:10 - 2014-10-13 17:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-11 18:10 - 2014-10-09 16:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-11 18:10 - 2014-10-02 18:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-11 18:10 - 2014-10-02 18:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-11 18:10 - 2014-10-02 18:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-11 18:10 - 2014-10-02 18:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-11 18:10 - 2014-10-02 18:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-11 18:10 - 2014-10-02 17:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-11 18:10 - 2014-10-02 17:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-11 18:10 - 2014-10-02 17:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-11 18:10 - 2014-09-19 01:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-11 18:10 - 2014-09-19 01:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-11 18:10 - 2014-09-19 01:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-11 18:10 - 2014-09-19 01:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-11 18:10 - 2014-09-19 01:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-11 18:10 - 2014-09-19 01:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-11 18:10 - 2014-09-19 01:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-11 18:10 - 2014-09-19 01:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-11 18:10 - 2014-09-19 01:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-11 18:10 - 2014-09-19 01:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-11 18:10 - 2014-09-19 01:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-11 18:10 - 2014-09-19 01:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-11 18:10 - 2014-08-20 22:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-11 18:10 - 2014-08-20 22:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-11 18:10 - 2014-08-20 22:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-11 18:10 - 2014-08-20 22:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-11 18:10 - 2014-08-11 18:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-11 18:10 - 2014-08-11 17:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-04 22:14 - 2014-11-04 22:14 - 00283172 _____ () C:\Windows\msxml4-KB973688-enu.LOG
2014-11-04 03:00 - 2014-11-04 03:00 - 00288018 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2014-11-04 03:00 - 2014-11-04 03:00 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-04 07:27 - 2014-06-13 18:43 - 01604388 _____ () C:\Windows\WindowsUpdate.log
2014-12-04 07:27 - 2009-07-13 21:13 - 00781790 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-04 07:27 - 2009-07-13 20:45 - 00031904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-04 07:27 - 2009-07-13 20:45 - 00031904 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-04 07:24 - 2014-06-19 18:05 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3528412979-78158528-2696249114-1000UA.job
2014-12-04 07:23 - 2014-06-01 09:06 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-04 07:21 - 2014-07-20 17:25 - 07993196 _____ () C:\Windows\setupact.log
2014-12-04 07:21 - 2014-06-13 18:43 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-12-04 07:21 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-03 22:29 - 2014-06-01 09:06 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-03 22:06 - 2014-06-08 17:03 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-03 21:25 - 2014-09-01 13:05 - 00000000 ____D () C:\Users\Evan\AppData\Roaming\Spotify
2014-12-03 19:31 - 2014-09-01 13:06 - 00000000 ____D () C:\Users\Evan\AppData\Local\Spotify
2014-12-03 19:30 - 2014-07-06 19:14 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-12-02 19:58 - 2014-06-19 18:47 - 00000000 ____D () C:\Users\Evan\AppData\Roaming\vlc
2014-12-02 19:35 - 2014-06-13 18:45 - 00000000 ____D () C:\Users\Evan
2014-11-30 21:52 - 2013-10-28 10:57 - 00000000 ____D () C:\Users\Evan\AppData\Roaming\uTorrent
2014-11-30 18:25 - 2014-07-06 19:14 - 01050432 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsnx.sys
2014-11-30 18:25 - 2014-07-06 19:14 - 00436624 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-11-30 18:25 - 2014-07-06 19:14 - 00267632 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-11-30 18:25 - 2014-07-06 19:14 - 00116728 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-11-30 18:25 - 2014-07-06 19:14 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-11-30 18:25 - 2014-07-06 19:14 - 00083280 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-11-30 18:25 - 2014-07-06 19:14 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-11-30 18:25 - 2014-07-06 19:14 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-11-25 23:06 - 2014-06-08 17:03 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-25 23:06 - 2014-06-08 17:03 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-25 23:06 - 2014-06-08 17:03 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-11-25 22:48 - 2014-06-11 18:02 - 00000000 ____D () C:\Users\Evan\AppData\Local\LogMeIn Rescue Applet
2014-11-25 22:33 - 2014-10-09 06:41 - 00044130 _____ () C:\Windows\DPINST.LOG
2014-11-25 22:33 - 2013-10-28 08:24 - 00000000 ____D () C:\Program Files (x86)\Leap Motion
2014-11-24 02:03 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2014-11-23 20:56 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\Branding
2014-11-23 19:23 - 2014-11-02 22:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-11-23 19:23 - 2014-11-02 22:53 - 00000000 ____D () C:\Program Files (x86)\HP
2014-11-23 19:23 - 2014-11-02 22:52 - 00004883 _____ () C:\ProgramData\hpzinstall.log
2014-11-23 19:22 - 2014-11-02 22:55 - 00000000 ____D () C:\Program Files (x86)\Yahoo!
2014-11-23 19:18 - 2014-06-13 18:44 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2014-11-23 18:56 - 2013-10-28 07:32 - 00000000 ____D () C:\Users\Evan\AppData\Roaming\Rainmeter
2014-11-23 18:56 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\registration
2014-11-19 19:51 - 2013-10-28 07:28 - 00000000 ____D () C:\Program Files\WinRAR
2014-11-18 20:29 - 2013-10-30 18:05 - 00000000 ____D () C:\Users\Evan\AppData\Roaming\FileBot
2014-11-18 19:47 - 2013-10-28 07:28 - 00000000 ____D () C:\Users\Evan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-11-18 19:47 - 2013-10-28 07:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2014-11-18 18:13 - 2013-11-23 11:29 - 00000000 ____D () C:\Users\Evan\AppData\Roaming\XBMC
2014-11-17 13:24 - 2014-06-01 09:06 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-17 13:24 - 2014-06-01 09:06 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-14 09:24 - 2014-06-19 18:05 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3528412979-78158528-2696249114-1000Core.job
2014-11-14 09:19 - 2014-06-19 18:05 - 00003872 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3528412979-78158528-2696249114-1000UA
2014-11-14 09:19 - 2014-06-19 18:05 - 00003476 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3528412979-78158528-2696249114-1000Core
2014-11-13 23:52 - 2014-06-04 18:06 - 00000000 ____D () C:\Windows\pss
2014-11-12 21:00 - 2014-06-13 23:39 - 00109680 _____ () C:\Users\Evan\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-12 20:59 - 2014-06-14 02:18 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-11-12 20:59 - 2009-07-13 20:45 - 00408912 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-11 23:29 - 2013-11-02 09:18 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-11-11 23:27 - 2013-10-31 23:56 - 00000000 ____D () C:\Windows\system32\MRT
2014-11-11 23:25 - 2014-06-14 00:39 - 103374192 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-11-04 14:30 - 2010-11-20 19:27 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
 
Some content of TEMP:
====================
C:\Users\Evan\AppData\Local\Temp\FP_AX_MSI_INSTALLER.exe
C:\Users\Evan\AppData\Local\Temp\HitmanPro.exe
C:\Users\Evan\AppData\Local\Temp\jre-7u67-windows-i586-iftw.exe
C:\Users\Evan\AppData\Local\Temp\jre-7u71-windows-i586-iftw.exe
C:\Users\Evan\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Evan\AppData\Local\Temp\nvSCPAPI64.dll
C:\Users\Evan\AppData\Local\Temp\nvStInst.exe
C:\Users\Evan\AppData\Local\Temp\Quarantine.exe
C:\Users\Evan\AppData\Local\Temp\sqlite3.dll
C:\Users\Evan\AppData\Local\Temp\vlc-2.1.5-win64.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-11-30 12:04
 
==================== End Of Log ============================

 

 



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,242 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:07 PM

Posted 04 December 2014 - 11:56 AM

Re the Chkdsk issue.
Your registry setting must be wrong.

Check this page and change the setting if neede.
Check Disk runs at every startup in Windows 7

http://www.thewindowsclub.com/check-disk-runs-at-every-startup-windows

Restart the computer after the change.

How is it now?

#9 svenson14

svenson14
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:07 PM

Posted 06 December 2014 - 05:31 PM

Restarted with one complete Disk Check.

Verified Registry for Check Disk every start up.

Ran SFC /Scannow from Command Prompt in Recovery Boot Disc:

Windows Resource Protection found corrupt files but was unable to fix some of them. Details are included in CBS.log Windir/Logs\CBS\CBS.log  For example C:\Windows\Logs\CBS\CBS.log

 

 

Ran SFC/Scannow from Command Prompt in Safemode:

Same error as above.

 

But, most of the issues have been fixed!

  1. "LogonUI.exe - Bad Image" (Upon startup) - Fixed
  2. "netsh.exe bad image Upon startup - Fixed
  3. "The specified procedure could not be found" when running any .exe - Fixed
  4. Can't install anything - Fixed
  5. Can't run DDS - Fixed
  6. Can't uninstall - Fixed
  7. Task Manager doesn't work - Fixed
I'll have to review the safe mode symptoms to see if they've gone away.
 
Thanks Nasdaq!

 

 



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,242 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:07 PM

Posted 07 December 2014 - 09:44 AM

Repair safe mode if still giving you problems.

Please Download Tweaking.com - Windows Repair from Here
  • Install and then run the program
  • Click Next at the Welcome Screen, Click Next on Step 1 Screen
  • Click Next on Step 2 Screen, Click Do it on Step 3 Screen, After is has completed click Next
  • On Step 4 Under System Restore Click Create, Then under registry back-up Click Backup When you have completed this click Next
  • On Start Repairs Click Start
  • Click the Unselect All button then select just the items below
    24 - Repair Windows Safe Mode
    
  • Click the Start button and let the process run to completion. Copy any error messages into Notepad, Save it on your Desktop. ( Reboot if asked to do so)
  • Please copy and paste the Contents of this file on your next reply.


#11 svenson14

svenson14
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:07 PM

Posted 08 December 2014 - 02:51 AM

I spoke to soon, immediately after my last post, I tried running a back up of my C:/ drive to my M:/ (1TB HDD).  Backup kept producing a "corrupt and unreadable" error message, so I ran a Check Disk on my other two HDDs (D:/ and E:/, of which certain folders are included in the Backup).

 

After the two Check Disks were performed the computer was held up in the Windows Splash/Startup Screen. I cannot seem to get past the second Startup screen.

 

I can boot to safemode. Which I then loaded Tweaking.com - Windows Repair:

Check Disk on C:/ Ran

Step 3 was System Check (SFC Scannow) Ran this again, and gave a "corrupt" error

Step 4 was Registry Backup and Restore Point  - Complete

 

I think Your instructions are a little off, but I think I did what you wanted:  Selected Open Repairs, then Unselect All, selected 24 - Repair Windows Safe Mode, then Start Repairs.

(If I would had done "On Start Repairs Click Start," this would have started ALL repairs.)

 

I recieved no error messages that I know of.  Let me know if you need the Chkdks logs.

_Windows_Repair_Log.txt:

Tweaking.com - Windows Repair v2.10.2

--------------------------------------------------------------------------------
 
System Variables
--------------------------------------------------------------------------------
OS: Windows 7 Professional
OS Architecture: 64-bit
OS Version: 6.1.7601
OS Service Pack: Service Pack 1
Computer Name: ODIN
Windows Drive: C:\
Windows Path: C:\Windows
Program Files: C:\Program Files
Program Files (x86): C:\Program Files (x86)
Current Profile: C:\Users\Evan
Current Profile SID: S-1-5-21-3528412979-78158528-2696249114-1000
Current Profile Classes: S-1-5-21-3528412979-78158528-2696249114-1000_Classes
Profiles Location: C:\Users
Profiles Location 2: C:\Windows\ServiceProfiles
Local Settings AppData: C:\Users\Evan\AppData\Local
--------------------------------------------------------------------------------
 
System Information
--------------------------------------------------------------------------------
System Up Time: 0 Days 00:14:31
 
Process Count: 27
Commit Total: 984.50 MB
Commit Limit: 15.77 GB
Commit Peak: 1.18 GB
Handle Count: 5733
Kernel Total: 437.35 MB
Kernel Paged: 359.00 MB
Kernel Non Paged: 78.35 MB
System Cache: 5.82 GB
Thread Count: 271
--------------------------------------------------------------------------------
 
Memory Before Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 7.89 GB
Memory Used: 1.04 GB(13.1876%)
Memory Avail.: 6.85 GB
--------------------------------------------------------------------------------
 
Cleaning Memory Before Starting Repairs...
 
Memory After Cleaning with CleanMem
--------------------------------------------------------------------------------
Memory Total: 7.89 GB
Memory Used: 888.53 MB(11.0033%)
Memory Avail.: 7.02 GB
--------------------------------------------------------------------------------
 
Starting Repairs...
   Started at (12/7/2014 11:45:31 PM)
 
24 - Repair Windows Safe Mode
   Start (12/7/2014 11:45:32 PM)
   Running Repair Under Current User Account
   Running Repair Under System Account
   Done (12/7/2014 11:45:34 PM)
 
Cleaning up empty logs...
 
All Selected Repairs Done.
   Done at (12/7/2014 11:45:34 PM)
   Total Repair Time: 00:00:05
 
 
...YOU MUST RESTART YOUR SYSTEM...

 



#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,242 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:07 PM

Posted 08 December 2014 - 08:41 AM

I think Your instructions are a little off, but I think I did what you wanted: Selected Open Repairs, then Unselect All, selected 24 - Repair Windows Safe Mode, then Start Repairs.
(If I would had done "On Start Repairs Click Start," this would have started ALL repairs.)


Thank you for the headup. I will changed my canned speech.

===

Is Safe mode running now?

What are the other issues if any.

#13 svenson14

svenson14
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:07 PM

Posted 08 December 2014 - 10:43 AM

 

Is Safe mode running now?

What are the other issues if any.

 

 

 

Safe Mode has always been running.

 

Now it seems I cant boot into normal mode.  I'm stuck at the Windows Welcome screen.

Attached File  0PczP.png   130.16KB   0 downloads

 

 

Beyond that my only other symptoms (when I was in normal mode):

  • SFC /Scannnow gives a corruption error: "SFC /scannow found corrupt files but was unable to fix some of them"  
  • Backup failure: "The file or directory is corrupted and unreadable"


Edited by svenson14, 08 December 2014 - 10:45 AM.


#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,242 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:09:07 PM

Posted 08 December 2014 - 02:21 PM


Try to restore the last good configuration.

Restore you Windows 7 to the Last good configuration
Follow the instructions on this page.

http://windows.microsoft.com/en-ca/windows/using-last-known-good-configuration#1TC=windows-7
<<<>>>


If that fails the lets check these files.

credui.dll
Logonui.exe


Please run the Farbar Recovery Scan Tool. Enter credui.dll;Logonui.exe in the Search Box and hit the File Search button.
Post the content of the Search.txt in your next reply.

<<<>>>


Lets look also in the Registry.

Please run the Farbar Recovery Scan Tool. Enter credui.dll;Logonui.exe in the Search Box.
Click the Search Registry button, post the content of the Search.txt file in your next reply.

#15 svenson14

svenson14
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:07 PM

Posted 08 December 2014 - 09:49 PM

Last known Good Configuration of Windows did not work.

 

 

Search.txt:

Farbar Recovery Scan Tool (x64) Version: 03-12-2014
Ran by Evan at 2014-12-08 18:44:03
Running from D:\Misc Files\FRST
Boot Mode: Safe Mode (minimal)
 
================== Search Files: "credui.dll;Logonui.exe" =============
 
C:\Windows\winsxs\x86_microsoft-windows-credui_31bf3856ad364e35_6.1.7601.22472_none_dd8558c8067fc128\credui.dll
[2014-06-13 23:55][2013-10-03 18:02] 0168960 ____A (Microsoft Corporation) A8BAB22C88E4BD8369C75A7BE2B76408 [File is signed]
 
C:\Windows\winsxs\x86_microsoft-windows-credui_31bf3856ad364e35_6.1.7601.18276_none_dcffbb3eed5e8993\credui.dll
[2014-06-13 23:55][2013-10-03 17:56] 0168960 ____A (Microsoft Corporation) E9BB0CD09DA17C71FD1B9954D75AEEF7 [File is signed]
 
C:\Windows\winsxs\x86_microsoft-windows-credui_31bf3856ad364e35_6.1.7601.17514_none_dd3eb6aced2f8d13\credui.dll
[2010-11-20 19:24][2010-11-20 19:24] 0168960 ____A (Microsoft Corporation) 108C2CFA5527458C096A699929ECBD80 [File is signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-credui_31bf3856ad364e35_6.1.7601.22472_none_39a3f44bbedd325e\credui.dll
[2014-06-13 23:55][2013-10-03 18:25] 0197120 ____A (Microsoft Corporation) 78C84E743EDF286689FD72EFD0D3DBE3 [File is signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-credui_31bf3856ad364e35_6.1.7601.18276_none_391e56c2a5bbfac9\credui.dll
[2014-06-13 23:55][2014-12-06 13:37] 0197120 ____A (Microsoft Corporation) 4403D5ECE7D8323CAF1207D1AA38FA01 [File is signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-credui_31bf3856ad364e35_6.1.7601.17514_none_395d5230a58cfe49\credui.dll
[2010-11-20 19:24][2010-11-20 19:24] 0197120 ____A (Microsoft Corporation) CC0AB40F02D2C2A12209715A3C1B07B8 [File is signed]
 
C:\Windows\winsxs\amd64_microsoft-windows-authentication-logonui_31bf3856ad364e35_6.1.7601.17514_none_c3b917fd89d834f3\LogonUI.exe
[2010-11-20 19:24][2010-11-20 19:24] 0027648 ____A (Microsoft Corporation) 715F03B4C7223349768013EA95D9E5B7 [File is signed]
 
C:\Windows\SysWOW64\credui.dll
[2014-06-13 23:55][2013-10-03 17:56] 0168960 ____A (Microsoft Corporation) E9BB0CD09DA17C71FD1B9954D75AEEF7 [File is signed]
 
C:\Windows\System32\credui.dll
[2014-06-13 23:55][2014-12-06 13:37] 0197120 ____A (Microsoft Corporation) 4403D5ECE7D8323CAF1207D1AA38FA01 [File is signed]
 
C:\Windows\System32\LogonUI.exe
[2010-11-20 19:24][2010-11-20 19:24] 0027648 ____A (Microsoft Corporation) 715F03B4C7223349768013EA95D9E5B7 [File is signed]
 
====== End Of Search ======

 

 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users