Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Fake Explorer.exe and iexplore.exe using high memory


  • Please log in to reply
17 replies to this topic

#1 Qaz21

Qaz21

  • Members
  • 9 posts
  • OFFLINE
  •  

Posted 09 December 2014 - 02:40 PM

To start, this problem had began off having multiple instances of "svchost.exe" and getting alerts of high CPU from dllhost.exe. It has then progressed into a fake "Explorer.exe" and a fake "iexplore.exe" (Only when an internet page is open though). These two processes seem to run over top of the actual ones, causing strange problems like hearing the download tone when there is nothing I can visually notice being downloaded; as well as overall slower speed. And one important thing to note is this machine gets frequent "blocked attack" pop ups from Norton. When i click view details on it, the attacks are always resulting from "Explorer.exe" or "DLLHOST.EXE"

What i do know is, this machine has a Alureon gen!A Trojan, which is a menace to get rid of. But I'm not even sure where to start with attempting to clean this machine, as there are also problems with windows update downloads; they always try to download when the machine is shutdown, but when I check the status of the updates afterwards, it says they all failed.

Been following this awesome site for a while and I am looking forward to any insight/advice from a more experienced individual. DDS will be posted upon request. Thanks in advance.


Edited by Qaz21, 09 December 2014 - 04:47 PM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:59 PM

Posted 14 December 2014 - 10:44 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download Malwarebytes' Anti-Malware from Here

Double-click mbam-setup-2.X.X.XXXX.exe to install the application (X's are the current version number).
  • Make sure a checkmark is placed next to Launch Malwarebytes' Anti-Malware, then click Finish.
  • Once MBAM opens, when it says Your databases are out of date, click the Fix Now button.
  • Click the Settings tab at the top, and then in the left column, select Detections and Protections, and if not already checked place a checkmark in the selection box for Scan for rootkits.
  • Click the Scan tab at the top of the program window, select Threat Scan and click the Scan Now button.
  • If you receive a message that updates are available, click the Update Now button (the update will be downloaded, installed, and the scan will start).
  • The scan may take some time to finish,so please be patient.
  • If potential threats are detected, ensure that Quarantine is selected as the Action for all the listed items, and click the Apply Actions button.
  • While still on the Scan tab, click the link for View detailed log, and in the window that opens click the Export button, select Text file (*.txt), and save the log to your Desktop.
  • The log is automatically saved by MBAM and can also be viewed by clicking the History tab and then selecting Application Logs.
POST THE LOG FOR MY REVIEW.

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.

How is the computer running?
Wait for further instructions.

#3 Qaz21

Qaz21
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  

Posted 15 December 2014 - 10:12 PM

Hello, thank you for the response,

l ran the MBAM scan with root kit checked, it found 2 malware threats, one being a rootkit and the other was something in the MBR.

Had to restart because the computer was very slow and strange after the scan completed, now it cant load windows normally and I'm wondering what i can do to recover. This is why I couldn't post the log.

Edited by Qaz21, 15 December 2014 - 10:15 PM.


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:59 PM

Posted 16 December 2014 - 09:33 AM

Boot to Safe Mode with Internet connection?

Run the Farbar tool. Post the log if you can.
===

If that fails see if you have a good restore point to restore you system to a prior date.

#5 Qaz21

Qaz21
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  

Posted 16 December 2014 - 11:32 AM

I can press F2 when trying to start normally to enter setup, but I cannot get into either safe mode. It will start loading then restart. The restore points were removed by the malware.

Noticed that whichever mode I try to boot, when I'm at the screen where its loading the programs, it always gets to ClassPNP.sys then has to restart.

Can also enable boot-logging if that could find out what the problem is?

Edited by Qaz21, 16 December 2014 - 11:51 AM.


#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:59 PM

Posted 16 December 2014 - 01:43 PM

What is the Manufacturer of this computer.

Restart the computer press old the F8 key.

Can you get to safe mode?

#7 Qaz21

Qaz21
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  

Posted 16 December 2014 - 03:20 PM

It is an Acer Extensa 5230E.

I tried each safe mode and I can't seem to get in.

Gets restarted when it loads to ClassPNP.sys in the list.

Edited by Qaz21, 16 December 2014 - 03:24 PM.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:59 PM

Posted 17 December 2014 - 09:00 AM

How to perform a clean boot in Windows Vista, W7, W8.
http://support.microsoft.com/kb/929135

Read and follow the instructions on the page before proceeding.

Did you find any conflicting issues?
===

#9 Qaz21

Qaz21
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  

Posted 17 December 2014 - 12:56 PM

I cannot boot to where I can access the start menu, unless Its possible to do a clean boot in the F2 setup. I can run startup repair to see what it can do and it finds errors when trying to auto-fix.

Other system recovery options in this menu are Windows Memory Diagnostic, the command prompt, and the Acer eRecovery Management.

Before I try the diagnostic and the Acer recovery, do you know if there's anything I could type in the command prompt to trigger a clean boot that way?

#10 nasdaq

nasdaq

  • Malware Response Team
  • 39,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:59 PM

Posted 17 December 2014 - 01:40 PM

Before I try the diagnostic and the Acer recovery, do you know if there's anything I could type in the command prompt to trigger a clean boot that way?


No sorry.

If you can copy all you important personal files.

As this recovery may reset you computer to the factory level.

#11 Qaz21

Qaz21
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  

Posted 17 December 2014 - 02:17 PM

May I ask how to access my important files? And what type of backup you recommend?

There's two types of recoveries in the Acer program, one that restores to factory defaults, and the other that keeps my files while restoring.

Not sure which one I should do as the one which keeps my files says it won't remove persistent malware. I would prefer to keep my files as well.

#12 nasdaq

nasdaq

  • Malware Response Team
  • 39,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:59 PM

Posted 17 December 2014 - 02:24 PM

Use the one that will keep you files.

We can clean the malware later if we can.

#13 Qaz21

Qaz21
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  

Posted 17 December 2014 - 06:16 PM

Very pleased to say the restore was successful; also kept my files in the process.

Things seem to be running fine so far.

#14 nasdaq

nasdaq

  • Malware Response Team
  • 39,944 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:59 PM

Posted 18 December 2014 - 08:50 AM

Good work.

Run the tools suggested in my post no 2.

I will have a look at the logs.

#15 Qaz21

Qaz21
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  

Posted 18 December 2014 - 03:29 PM

MBAM Log

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 12/18/2014
Scan Time: 2:07:39 PM
Logfile: mbamscan12-18.txt
Administrator: Yes
 
Version: 2.00.4.1028
Malware Database: v2014.12.18.04
Rootkit Database: v2014.12.14.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 7
CPU: x64
File System: NTFS
User: X
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 316125
Time Elapsed: 35 min, 6 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Warn
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 
 

 

(end)
 
AdwCleaner Log 
 
# AdwCleaner v4.105 - Report created 18/12/2014 at 14:44:48
# Updated 08/12/2014 by Xplode
# Database : 2014-12-08.2 [Local]
# Operating System : Windows 7 Home Premium  (64 bits)
# Username : X - X
# Running from : C:\Users\X\Desktop\adwcleaner_4.105.exe
# Option : Scan
 
***** [ Services ] *****
 
Service Found : Partner Service
 
***** [ Files / Folders ] *****
 
File Found : C:\Users\Public\Desktop\eBay.lnk
File Found : C:\Users\Public\Desktop\eBay.lnk
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\Partner
Folder Found : C:\ProgramData\wincert
 
***** [ Scheduled Tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Found : HKLM\SOFTWARE\Classes\AppID\{28A88B70-D874-4F73-BBBA-9B2B222FB7D6}
Key Found : HKLM\SOFTWARE\Classes\AppID\kt_bho_dll.dll
Key Found : HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Found : HKLM\SOFTWARE\Classes\kt_bho.KettleBho
Key Found : HKLM\SOFTWARE\Classes\kt_bho.KettleBho.1
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{86676E13-D6D8-4652-9FCF-F2047F1FB000}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83FF80F4-8C74-4B80-B5BA-C8DDD434E5C4}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v8.0.7600.16385
 
 
-\\ Google Chrome v39.0.2171.95
 
[C:\Users\X\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\X\AppData\Local\Google\Chrome\User Data\Default\Web data] - Found [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
 
*************************
 
AdwCleaner[R0].txt - [2220 octets] - [18/12/2014 14:44:48]
 
########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2280 octets] ##########
 
I did not remove all those registry keys, as I didn't feel comfortable with doing that yet just in case.
 
FRST Log

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 17-12-2014
Ran by X (administrator) on X on 18-12-2014 14:55:51
Running from C:\Users\X\Desktop
Loaded Profile: X (Available profiles: X)
Platform: Windows 7 Home Premium (X64) OS Language: English (United States)
Internet Explorer Version 8
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
() C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(McAfee, Inc.) C:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe
(McAfee, Inc.) C:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan\Mcshield.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\MPF\MpfSrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
() C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\MSK\msksrver.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(O2Micro International) C:\Windows\System32\drivers\o2flash.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Acer) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Acer Inc.) C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Apoint.exe
() C:\Windows\PLFSetI.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\ApntEx.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint2K\Hidfind.exe
(Google Inc.) C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\MSC\mcsvrcnt.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\MSC\mcupdui.exe
(Google Inc.) C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [ePower_DMC] => C:\Program Files\Acer\Empowering Technology\ePower\ePower_DMC.exe [492032 2009-07-20] (Acer Inc.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8060960 2009-08-05] (Realtek Semiconductor)
HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [295936 2009-05-22] (Alps Electric Co., Ltd.)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [200704 2008-07-29] ()
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => c:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [35696 2009-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe [588648 2009-07-24] (Symantec Corporation)
HKLM-x32\...\Run: [mcagent_exe] => C:\Program Files (x86)\McAfee.com\Agent\mcagent.exe [645328 2009-07-23] (McAfee, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [1231368 2009-08-11] (Dritek System Inc.)
HKLM-x32\...\Run: [Acer Assist Launcher] => C:\Program Files (x86)\Acer\Acer Assist\launcher.exe [1261568 2007-11-19] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1990988603-2772687005-2152430749-1000\...\Run: [Global Registration] => C:\Program Files (x86)\Acer\Registration\GREG.exe [2844704 2009-07-31] (Acer Incorporated)
HKU\S-1-5-21-1990988603-2772687005-2152430749-1000\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-08-22] (Google Inc.)
HKU\S-1-5-21-1990988603-2772687005-2152430749-1000\...\MountPoints2: {babdde64-865c-11e4-a975-00262d526688} - E:\LaunchU3.exe -a
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer VCM.lnk
ShortcutTarget: Acer VCM.lnk -> C:\Program Files (x86)\Acer\Acer VCM\AcerVCM.exe (Acer Incorporated)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=extensa_5230&r=27361214b116l0388z115i4821t33r
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=extensa_5230&r=27361214b116l0388z115i4821t33r
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=extensa_5230&r=27361214b116l0388z115i4821t33r
HKU\S-1-5-21-1990988603-2772687005-2152430749-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=extensa_5230&r=27361214b116l0388z115i4821t33r
HKU\S-1-5-21-1990988603-2772687005-2152430749-1000\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=extensa_5230&r=27361214b116l0388z115i4821t33r
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKU\S-1-5-21-1990988603-2772687005-2152430749-1000 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_enUS619
SearchScopes: HKU\S-1-5-21-1990988603-2772687005-2152430749-1000 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_enUS619
BHO: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> C:\Program Files (x86)\McAfee\MSK\mskapbho64.dll ()
BHO: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
BHO: Partner BHO Class -> {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} -> C:\ProgramData\Partner\Partner64.dll (Google Inc.)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll ()
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> c:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: McAfee Phishing Filter -> {27B4851A-3207-45A2-B947-BE8AFE6163AB} -> C:\Program Files (x86)\McAfee\MSK\MskAPBho.dll ()
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} ->  No File
BHO-x32: scriptproxy -> {7DB2D5A0-7241-4E79-B68D-6309F01C5231} -> C:\Program Files (x86)\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
BHO-x32: Partner BHO Class -> {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} -> C:\ProgramData\Partner\Partner.dll (Google Inc.)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll ()
BHO-x32: Google Dictionary Compression sdch -> {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} -> C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll ()
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll ()
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKU\S-1-5-21-1990988603-2772687005-2152430749-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll ()
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll ()
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
 
FireFox:
========
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\2.0.40115.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8064.0206 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{B7082FAA-CB62-4872-9106-E42DD88EDE45}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2009-08-22]
 
Chrome: 
=======
CHR Profile: C:\Users\X\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\X\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-18]
CHR Extension: (Google Docs) - C:\Users\X\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-18]
CHR Extension: (Google Drive) - C:\Users\X\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-18]
CHR Extension: (YouTube) - C:\Users\X\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-18]
CHR Extension: (Google Search) - C:\Users\X\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-18]
CHR Extension: (Google Sheets) - C:\Users\X\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-18]
CHR Extension: (Google Wallet) - C:\Users\X\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-18]
CHR Extension: (Gmail) - C:\Users\X\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-18]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ETService; C:\Program Files\Acer\Empowering Technology\Service\ETService.exe [24576 2009-08-11] () [File not signed]
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [203280 2009-01-23] ()
R2 mcmscsvc; C:\Program Files (x86)\McAfee\MSC\mcmscsvc.exe [865832 2009-07-23] (McAfee, Inc.)
R2 McNASvc; c:\Program Files (x86)\Common Files\McAfee\MNA\McNASvc.exe [2482848 2009-04-09] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [696848 2009-06-16] (McAfee, Inc.)
R2 McProxy; c:\Program Files (x86)\Common Files\McAfee\McProxy\McProxy.exe [359952 2009-04-09] (McAfee, Inc.)
R2 McShield; C:\Program Files\McAfee\VirusScan\Mcshield.exe [155456 2009-06-18] (McAfee, Inc.)
R3 McSysmon; C:\Program Files (x86)\McAfee\VirusScan\mcsysmon.exe [606736 2009-06-16] (McAfee, Inc.)
R2 MpfService; C:\Program Files (x86)\McAfee\MPF\MPFSrv.exe [894136 2009-07-22] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files (x86)\McAfee\MSK\MskSrver.exe [26640 2009-04-09] (McAfee, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
S3 MSSQL$MSSMLBIZ; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29263712 2008-11-24] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 O2FLASH; C:\Windows\system32\DRIVERS\o2flash.exe [65536 2007-02-12] (O2Micro International) [File not signed]
R2 RS_Service; C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe [253952 2009-07-10] (Acer Incorporated) [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [102600 2009-06-18] (McAfee, Inc.)
R1 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [307400 2009-06-18] (McAfee, Inc.)
S3 mferkdk; C:\Windows\System32\drivers\mferkdk.sys [40904 2009-06-18] (McAfee, Inc.)
R3 mfesmfk; C:\Windows\System32\drivers\mfesmfk.sys [49480 2009-06-18] (McAfee, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R1 MPFP; C:\Windows\System32\Drivers\Mpfp.sys [176144 2009-04-09] (McAfee, Inc.)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 O2MDRDR; C:\Windows\system32\DRIVERS\o2mdx64.sys [63264 2009-05-07] (O2Micro )
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-18 14:55 - 2014-12-18 14:56 - 00017298 _____ () C:\Users\X\Desktop\FRST.txt
2014-12-18 14:54 - 2014-12-18 14:55 - 00000000 ____D () C:\FRST
2014-12-18 14:53 - 2014-12-18 14:53 - 02121216 _____ (Farbar) C:\Users\X\Desktop\FRST64.exe
2014-12-18 14:49 - 2014-12-18 14:49 - 00002368 _____ () C:\Users\X\Documents\AdwCleaner[R0] 12-18.txt
2014-12-18 14:44 - 2014-12-18 14:46 - 00000000 ____D () C:\AdwCleaner
2014-12-18 14:43 - 2014-12-18 14:43 - 00001046 _____ () C:\Users\X\Documents\mbamscan12-18.txt
2014-12-18 14:01 - 2014-12-18 14:01 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-18 14:00 - 2014-12-18 14:00 - 00001110 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-18 14:00 - 2014-12-18 14:00 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-18 14:00 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-18 14:00 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-18 14:00 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-18 13:58 - 2014-12-18 13:59 - 02166272 _____ () C:\Users\X\Desktop\adwcleaner_4.105.exe
2014-12-18 13:15 - 2014-12-18 13:15 - 00002263 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-18 13:14 - 2014-12-18 14:19 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-18 13:14 - 2014-12-18 13:19 - 00000890 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-18 13:14 - 2014-12-18 13:14 - 00003890 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-12-18 13:14 - 2014-12-18 13:14 - 00003638 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-12-18 13:13 - 2014-12-18 13:13 - 00000000 ____D () C:\Users\X\AppData\Local\Deployment
2014-12-18 13:13 - 2014-12-18 13:13 - 00000000 ____D () C:\Users\X\AppData\Local\Apps\2.0
2014-12-18 13:12 - 2014-12-18 13:12 - 00001562 _____ () C:\Windows\IE11_main.log
2014-12-17 21:31 - 2014-11-24 14:04 - 00275080 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-12-17 21:27 - 2014-12-17 21:27 - 00000000 ____D () C:\Windows\System32\Tasks\Acer
2014-12-17 21:27 - 2014-12-17 21:27 - 00000000 ____D () C:\Users\X\AppData\Roaming\Leadertech
2014-12-17 21:27 - 2014-12-17 21:27 - 00000000 ____D () C:\Users\X\AppData\Roaming\Acer
2014-12-17 21:19 - 2014-12-17 21:19 - 00002154 _____ () C:\Windows\epplauncher.mif
2014-12-17 21:18 - 2014-12-17 21:18 - 00002121 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-12-17 21:18 - 2014-12-17 21:18 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-12-17 21:17 - 2014-12-17 21:18 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-12-17 21:17 - 2010-04-09 06:06 - 01898376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-12-17 21:17 - 2010-04-09 06:06 - 00374664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-12-17 21:09 - 2012-06-02 17:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-12-17 21:09 - 2012-06-02 17:19 - 00701976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-12-17 21:09 - 2012-06-02 17:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-12-17 21:09 - 2012-06-02 17:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-12-17 21:09 - 2012-06-02 17:19 - 00038424 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-12-17 21:09 - 2012-06-02 17:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-12-17 21:09 - 2012-06-02 17:15 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-12-17 21:08 - 2012-06-02 15:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-12-17 21:08 - 2012-06-02 15:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-12-17 20:18 - 2014-12-17 20:18 - 00000000 ____D () C:\Windows\SysWOW64\x64
2014-12-17 20:18 - 2014-12-17 20:18 - 00000000 ____D () C:\Windows\SysWOW64\Lang
2014-12-17 20:18 - 2009-08-12 13:41 - 00997912 _____ (Intel Corporation) C:\Windows\SysWOW64\igxpun.exe
2014-12-17 20:14 - 2014-12-17 17:41 - 00000494 _____ () C:\Windows\Patch.log
2014-12-17 20:13 - 2014-12-17 20:14 - 00005184 _____ () C:\Windows\WisGAPas.log
2014-12-17 20:13 - 2014-12-17 20:13 - 00000896 _____ () C:\Windows\MOD01SET74000N0006.XML
2014-12-17 20:11 - 2009-07-08 20:49 - 01484800 _____ (Atheros Communications, Inc.) C:\Windows\system32\Drivers\athrx.sys
2014-12-17 20:11 - 2009-07-06 02:55 - 00000000 _____ () C:\Windows\SysWOW64\Drivers\1025_Acer_Acer_Extensa 5230.mrk
2014-12-17 20:11 - 2009-07-06 02:55 - 00000000 _____ () C:\Windows\system32\Drivers\1025_Acer_Acer_Extensa 5230.mrk
2014-12-17 20:11 - 2009-03-27 22:02 - 00309768 _____ (Dritek System Inc.) C:\Windows\UNINST32.EXE
2014-12-17 20:11 - 2009-03-26 14:16 - 00025608 _____ (Dritek System Inc.) C:\Windows\SysWOW64\Drivers\DKbFltr.sys
2014-12-17 20:10 - 2014-12-17 20:10 - 00000000 ____D () C:\Windows\Lan
2014-12-17 20:10 - 2014-12-17 18:06 - 00000201 _____ () C:\Windows\USER.XML
2014-12-17 20:10 - 2009-08-12 13:42 - 00491032 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.exe
2014-12-17 20:10 - 2009-08-12 13:42 - 00365592 _____ (Intel Corporation) C:\Windows\system32\igfxpers.exe
2014-12-17 20:10 - 2009-08-12 13:42 - 00215576 _____ (Intel Corporation) C:\Windows\system32\igfxext.exe
2014-12-17 20:10 - 2009-08-12 13:42 - 00165912 _____ (Intel Corporation) C:\Windows\system32\igfxtray.exe
2014-12-17 20:10 - 2009-08-12 13:41 - 00845848 _____ (Intel Corporation) C:\Windows\system32\igfxcfg.exe
2014-12-17 20:10 - 2009-08-12 13:41 - 00387608 _____ (Intel Corporation) C:\Windows\system32\hkcmd.exe
2014-12-17 20:10 - 2009-08-12 13:41 - 00106008 _____ (Intel Corporation) C:\Windows\system32\difx64.exe
2014-12-17 20:10 - 2009-07-28 19:51 - 00004436 _____ () C:\Windows\system32\iglhxs64.vp
2014-12-17 20:10 - 2009-07-28 18:40 - 01306112 _____ (Intel Corporation) C:\Windows\system32\igfxCoIn_v1855.dll
2014-12-17 20:10 - 2009-07-28 18:35 - 07345632 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd64.sys
2014-12-17 20:10 - 2009-07-28 18:35 - 05616128 _____ (Intel Corporation) C:\Windows\system32\igdumd64.dll
2014-12-17 20:10 - 2009-07-28 18:34 - 00982220 _____ () C:\Windows\SysWOW64\igkrng500.bin
2014-12-17 20:10 - 2009-07-28 18:34 - 00982220 _____ () C:\Windows\system32\igkrng500.bin
2014-12-17 20:10 - 2009-07-28 18:34 - 00439300 _____ () C:\Windows\SysWOW64\igcompkrng500.bin
2014-12-17 20:10 - 2009-07-28 18:34 - 00439300 _____ () C:\Windows\system32\igcompkrng500.bin
2014-12-17 20:10 - 2009-07-28 18:34 - 00134592 _____ () C:\Windows\SysWOW64\igfcg500.bin
2014-12-17 20:10 - 2009-07-28 18:34 - 00134592 _____ () C:\Windows\system32\igfcg500.bin
2014-12-17 20:10 - 2009-07-28 18:34 - 00092216 _____ () C:\Windows\SysWOW64\igfcg500m.bin
2014-12-17 20:10 - 2009-07-28 18:34 - 00092216 _____ () C:\Windows\system32\igfcg500m.bin
2014-12-17 20:10 - 2009-07-28 18:31 - 04233728 _____ (Intel Corporation) C:\Windows\SysWOW64\igdumd32.dll
2014-12-17 20:10 - 2009-07-28 18:26 - 00549888 _____ (Intel Corporation) C:\Windows\SysWOW64\igdumdx32.dll
2014-12-17 20:10 - 2009-07-28 18:25 - 03799552 _____ (Intel Corporation) C:\Windows\system32\igd10umd64.dll
2014-12-17 20:10 - 2009-07-28 18:23 - 03646976 _____ (Intel Corporation) C:\Windows\SysWOW64\igd10umd32.dll
2014-12-17 20:10 - 2009-07-28 18:20 - 08095232 _____ (Intel Corporation) C:\Windows\system32\ig4icd64.dll
2014-12-17 20:10 - 2009-07-28 18:20 - 05195776 _____ (Intel Corporation) C:\Windows\system32\ig4dev64.dll
2014-12-17 20:10 - 2009-07-28 18:14 - 06042112 _____ (Intel Corporation) C:\Windows\SysWOW64\ig4icd32.dll
2014-12-17 20:10 - 2009-07-28 18:14 - 03839488 _____ (Intel Corporation) C:\Windows\SysWOW64\ig4dev32.dll
2014-12-17 20:10 - 2009-07-28 18:09 - 00312832 _____ (Intel Corporation) C:\Windows\system32\igfxrell.lrc
2014-12-17 20:10 - 2009-07-28 18:09 - 00306688 _____ (Intel Corporation) C:\Windows\system32\igfxrita.lrc
2014-12-17 20:10 - 2009-07-28 18:09 - 00305664 _____ (Intel Corporation) C:\Windows\system32\igfxrfra.lrc
2014-12-17 20:10 - 2009-07-28 18:09 - 00305664 _____ (Intel Corporation) C:\Windows\system32\igfxrdeu.lrc
2014-12-17 20:10 - 2009-07-28 18:09 - 00305152 _____ (Intel Corporation) C:\Windows\system32\igfxresp.lrc
2014-12-17 20:10 - 2009-07-28 18:09 - 00301568 _____ (Intel Corporation) C:\Windows\system32\igfxrnld.lrc
2014-12-17 20:10 - 2009-07-28 18:09 - 00296960 _____ (Intel Corporation) C:\Windows\system32\igfxrptg.lrc
2014-12-17 20:10 - 2009-07-28 18:09 - 00293376 _____ (Intel Corporation) C:\Windows\system32\igfxrrus.lrc
2014-12-17 20:10 - 2009-07-28 18:09 - 00291328 _____ (Intel Corporation) C:\Windows\system32\igfxrptb.lrc
2014-12-17 20:10 - 2009-07-28 18:09 - 00290304 _____ (Intel Corporation) C:\Windows\system32\igfxrhun.lrc
2014-12-17 20:10 - 2009-07-28 18:09 - 00289792 _____ (Intel Corporation) C:\Windows\system32\igfxrplk.lrc
2014-12-17 20:10 - 2009-07-28 18:09 - 00284672 _____ (Intel Corporation) C:\Windows\system32\igfxrsve.lrc
2014-12-17 20:10 - 2009-07-28 18:09 - 00284672 _____ (Intel Corporation) C:\Windows\system32\igfxrsky.lrc
2014-12-17 20:10 - 2009-07-28 18:09 - 00284672 _____ (Intel Corporation) C:\Windows\system32\igfxrcsy.lrc
2014-12-17 20:10 - 2009-07-28 18:09 - 00283136 _____ (Intel Corporation) C:\Windows\system32\igfxrfin.lrc
2014-12-17 20:10 - 2009-07-28 18:09 - 00282624 _____ (Intel Corporation) C:\Windows\system32\igfxrdan.lrc
2014-12-17 20:10 - 2009-07-28 18:09 - 00282112 _____ (Intel Corporation) C:\Windows\system32\igfxrnor.lrc
2014-12-17 20:10 - 2009-07-28 18:09 - 00281088 _____ (Intel Corporation) C:\Windows\system32\igfxrtrk.lrc
2014-12-17 20:10 - 2009-07-28 18:09 - 00279552 _____ (Intel Corporation) C:\Windows\system32\igfxrslv.lrc
2014-12-17 20:10 - 2009-07-28 18:09 - 00264704 _____ (Intel Corporation) C:\Windows\system32\igfxrtha.lrc
2014-12-17 20:10 - 2009-07-28 18:09 - 00254464 _____ (Intel Corporation) C:\Windows\system32\igfxrara.lrc
2014-12-17 20:10 - 2009-07-28 18:09 - 00251904 _____ (Intel Corporation) C:\Windows\system32\igfxrheb.lrc
2014-12-17 20:10 - 2009-07-28 18:09 - 00208896 _____ (Intel Corporation) C:\Windows\system32\igfxrjpn.lrc
2014-12-17 20:10 - 2009-07-28 18:09 - 00207360 _____ (Intel Corporation) C:\Windows\system32\igfxrkor.lrc
2014-12-17 20:10 - 2009-07-28 18:09 - 00181760 _____ (Intel Corporation) C:\Windows\system32\igfxrcht.lrc
2014-12-17 20:10 - 2009-07-28 18:09 - 00180224 _____ (Intel Corporation) C:\Windows\system32\igfxrchs.lrc
2014-12-17 20:10 - 2009-07-28 18:06 - 00371712 _____ (Intel Corporation) C:\Windows\system32\igfxTMM.dll
2014-12-17 20:10 - 2009-07-28 18:06 - 00246272 _____ (Intel Corporation) C:\Windows\system32\igfxpph.dll
2014-12-17 20:10 - 2009-07-28 18:06 - 00125952 _____ (Intel Corporation) C:\Windows\system32\igfxcpl.cpl
2014-12-17 20:10 - 2009-07-28 18:05 - 00055808 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.dll
2014-12-17 20:10 - 2009-07-28 18:05 - 00027648 _____ (Intel Corporation) C:\Windows\system32\igfxexps.dll
2014-12-17 20:10 - 2009-07-28 18:04 - 05694976 _____ (Intel Corporation) C:\Windows\system32\igfxress.dll
2014-12-17 20:10 - 2009-07-28 18:04 - 00278016 _____ (Intel Corporation) C:\Windows\system32\igfxrenu.lrc
2014-12-17 20:10 - 2009-07-28 18:04 - 00258560 _____ (Intel Corporation) C:\Windows\system32\igfxdev.dll
2014-12-17 20:10 - 2009-07-28 18:04 - 00142336 _____ (Intel Corporation) C:\Windows\system32\igfxdo.dll
2014-12-17 20:10 - 2009-07-28 18:04 - 00108544 _____ (Intel Corporation) C:\Windows\system32\hccutils.dll
2014-12-17 20:10 - 2009-07-28 18:00 - 00059392 _____ (Intel Corporation) C:\Windows\SysWOW64\oemdspif.dll
2014-12-17 20:10 - 2009-07-28 17:59 - 00216576 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxdv32.dll
2014-12-17 20:10 - 2009-07-28 17:53 - 02805511 _____ () C:\Windows\system32\iglhxa64.cpa
2014-12-17 20:10 - 2009-07-28 17:53 - 00059442 _____ () C:\Windows\system32\iglhxg64.vp
2014-12-17 20:10 - 2009-07-28 17:53 - 00059330 _____ () C:\Windows\system32\iglhxc64.vp
2014-12-17 20:10 - 2009-07-28 17:53 - 00058839 _____ () C:\Windows\system32\iglhxo64.vp
2014-12-17 20:10 - 2009-07-28 17:53 - 00001073 _____ () C:\Windows\system32\iglhxa64.vp
2014-12-17 20:10 - 2009-05-24 22:57 - 00243760 _____ (Alps Electric Co., Ltd.) C:\Windows\system32\Drivers\Apfiltr.sys
2014-12-17 20:10 - 2009-05-08 17:47 - 00098816 _____ (Alps Electric Co., Ltd.) C:\Windows\system32\Vxdif.dll
2014-12-17 20:10 - 2008-12-25 22:45 - 00000000 _____ () C:\Windows\system32\RMCardR.txt
2014-12-17 20:10 - 2008-03-27 19:51 - 01490656 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01007.dll
2014-12-17 20:09 - 2014-12-17 20:13 - 01160181 _____ () C:\Windows\CapsuleDll.log
2014-12-17 20:09 - 2009-08-22 13:15 - 00431104 _____ (Wistron Corp.) C:\Windows\WisMvImg.exe
2014-12-17 20:09 - 2009-08-11 01:00 - 00382976 _____ (Wistron Corp.) C:\Windows\WisGAPasx64.exe
2014-12-17 20:09 - 2009-08-11 01:00 - 00322048 _____ (Wistron Corp.) C:\Windows\WisGAPas.exe
2014-12-17 20:09 - 2009-08-04 08:52 - 00159744 _____ (Wistron Corp.) C:\Windows\PatchFul.exe
2014-12-17 20:09 - 2009-05-25 13:27 - 00335872 _____ (Acer Inc.) C:\Windows\ParseModule_X64.exe
2014-12-17 20:09 - 2009-05-25 13:27 - 00225280 _____ (Acer Inc.) C:\Windows\ParseModule_X86.exe
2014-12-17 19:51 - 2014-12-17 19:51 - 00000000 ____D () C:\Users\X\AppData\Roaming\Adobe
2014-12-17 19:49 - 2014-12-17 20:15 - 00001563 _____ () C:\Windows\WPatchProgress.ini
2014-12-17 19:27 - 2014-12-17 19:27 - 00000000 ____D () C:\Users\X\Documents\Audio
2014-12-17 18:59 - 2014-12-18 13:15 - 00000000 ____D () C:\Users\X\AppData\Local\Google
2014-12-17 18:59 - 2014-12-17 18:59 - 00000000 ____D () C:\Users\X\AppData\Roaming\Google
2014-12-17 18:56 - 2014-12-17 18:16 - 00000000 ____D () C:\Backup
2014-12-17 18:38 - 2011-04-20 11:41 - 00139230 _____ () C:\Users\X\Documents\wom.exe
2014-12-17 18:37 - 2014-12-15 21:09 - 00001422 _____ () C:\Users\X\Documents\mbamscan-12-15.txt
2014-12-17 18:37 - 2014-12-15 20:50 - 00001423 _____ () C:\Users\X\Documents\mbamrootkitscan.txt
2014-12-17 18:37 - 2014-12-09 16:10 - 00009652 _____ () C:\Users\X\Documents\DDS1.txt
2014-12-17 18:37 - 2014-12-09 16:10 - 00007975 _____ () C:\Users\X\Documents\AttachDDS1.txt
2014-12-17 18:37 - 2014-12-09 14:35 - 00688992 ____R (Swearware) C:\Users\X\Documents\dds.com
2014-12-17 18:31 - 2014-12-17 18:31 - 00000000 ____D () C:\Users\X\Documents\Symantec
2014-12-17 18:05 - 2014-12-17 18:05 - 00002609 _____ () C:\Users\Public\Desktop\eBay.lnk
2014-12-17 18:05 - 2014-12-17 18:05 - 00002102 _____ () C:\Users\Public\Desktop\Netflix.lnk
2014-12-17 18:05 - 2014-12-17 18:05 - 00000000 ____D () C:\Program Files (x86)\OEM
2014-12-17 17:49 - 2014-12-17 17:50 - 00000000 ____D () C:\Program Files (x86)\Microsoft Small Business
2014-12-17 17:49 - 2014-12-17 17:49 - 00731106 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-12-17 17:46 - 2014-12-17 17:48 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2014-12-17 17:46 - 2014-12-17 17:47 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2014-12-17 17:44 - 2014-12-17 17:44 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-12-17 17:43 - 2014-12-17 17:45 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-12-17 17:43 - 2014-12-17 17:43 - 00000000 ____D () C:\Program Files (x86)\Windows Live SkyDrive
2014-12-17 17:36 - 2014-12-17 17:38 - 00000000 ____D () C:\Program Files (x86)\InterVideo
2014-12-17 17:34 - 2014-12-17 17:35 - 00488090 _____ () C:\vcredist_x86.log
2014-12-17 17:34 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2014-12-17 17:34 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2014-12-17 17:34 - 2007-01-08 15:30 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2014-12-17 17:34 - 2007-01-08 15:30 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2014-12-17 17:34 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2014-12-17 17:34 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2014-12-17 17:34 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2014-12-17 17:34 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2014-12-17 17:34 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2014-12-17 17:34 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2014-12-17 17:34 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2014-12-17 17:34 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2014-12-17 17:34 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2014-12-17 17:34 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2014-12-17 17:34 - 2006-09-28 16:04 - 00091928 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2014-12-17 17:34 - 2006-09-28 16:04 - 00068888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2014-12-17 17:34 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2014-12-17 17:34 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2014-12-17 17:34 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2014-12-17 17:34 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2014-12-17 17:34 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2014-12-17 17:34 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2014-12-17 17:34 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2014-12-17 17:34 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2014-12-17 17:34 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2014-12-17 17:34 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2014-12-17 17:33 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2014-12-17 17:33 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2014-12-17 17:33 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2014-12-17 17:33 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2014-12-17 17:33 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2014-12-17 17:33 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2014-12-17 17:33 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2014-12-17 17:33 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2014-12-17 17:33 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2014-12-17 17:33 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2014-12-17 17:33 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2014-12-17 17:33 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2014-12-17 17:33 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2014-12-17 17:33 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2014-12-17 17:33 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2014-12-17 17:33 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2014-12-17 17:33 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2014-12-17 17:33 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2014-12-17 17:32 - 2014-12-17 17:45 - 00165357 _____ () C:\Windows\DirectX.log
2014-12-17 17:32 - 2014-12-17 17:32 - 00000000 ____D () C:\Program Files (x86)\COREL
2014-12-17 17:31 - 2014-12-17 17:31 - 00000000 ____D () C:\Users\Public\OEM
2014-12-17 17:30 - 2014-12-17 17:30 - 00000089 _____ () C:\Windows\LManager.UNI
2014-12-17 17:30 - 2014-12-17 17:30 - 00000000 ____D () C:\Users\Public\Documents\Screensaver
2014-12-17 17:30 - 2014-12-17 17:30 - 00000000 ____D () C:\Users\X\AppData\Roaming\Macromedia
2014-12-17 17:30 - 2014-12-17 17:30 - 00000000 ____D () C:\Program Files (x86)\Launch Manager
2014-12-17 17:30 - 2009-07-24 18:08 - 01658880 _____ (SuYin) C:\Windows\Acer Crystal Eye webcam.EXE
2014-12-17 17:30 - 2009-07-24 15:44 - 00008362 _____ () C:\Windows\Suyin.reg
2014-12-17 17:30 - 2009-05-11 17:39 - 00000323 _____ () C:\Windows\PidList.ini
2014-12-17 17:30 - 2008-12-30 13:42 - 00626688 _____ () C:\Windows\Image.dll
2014-12-17 17:30 - 2008-07-29 19:29 - 00200704 _____ () C:\Windows\PLFSetI.exe
2014-12-17 17:30 - 2008-06-25 14:22 - 00020480 _____ () C:\Windows\USB_VIDEO_REG.exe
2014-12-17 17:29 - 2014-12-17 17:29 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_Apfiltr_01007.Wdf
2014-12-17 17:29 - 2014-12-17 17:29 - 00000000 ____D () C:\Users\X\AppData\Roaming\InstallShield
2014-12-17 17:29 - 2014-12-17 17:29 - 00000000 ____D () C:\Program Files\Broadcom
2014-12-17 17:29 - 2014-12-17 17:29 - 00000000 ____D () C:\Program Files\Apoint2K
2014-12-17 17:28 - 2014-12-17 17:28 - 00001989 _____ () C:\RHDSetup.log
2014-12-17 17:28 - 2014-12-17 17:28 - 00000000 ___HD () C:\Program Files (x86)\Temp
2014-12-17 17:28 - 2014-12-17 17:28 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2014-12-17 17:28 - 2014-12-17 17:28 - 00000000 ____D () C:\Program Files\Realtek
2014-12-17 17:28 - 2014-12-17 17:28 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-12-17 17:28 - 2009-08-10 20:05 - 00189796 _____ () C:\Windows\system32\Drivers\RTConvEQ.dat
2014-12-17 17:28 - 2009-08-10 20:05 - 00001112 _____ () C:\Windows\system32\Drivers\RtHdatEx.dat
2014-12-17 17:28 - 2009-08-05 21:33 - 00611872 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2014-12-17 17:28 - 2009-08-05 21:32 - 01603104 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkAPO64.dll
2014-12-17 17:28 - 2009-08-05 21:32 - 01393696 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2014-12-17 17:28 - 2009-08-05 21:32 - 01167904 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2014-12-17 17:28 - 2009-08-05 21:32 - 00417824 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2014-12-17 17:28 - 2009-08-05 21:32 - 00332320 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2014-12-17 17:28 - 2009-08-05 21:32 - 00149536 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2014-12-17 17:28 - 2009-08-05 21:32 - 00063008 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInst64.dll
2014-12-17 17:28 - 2009-08-05 20:46 - 01974944 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2014-12-17 17:28 - 2009-07-22 01:03 - 00294400 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2014-12-17 17:28 - 2009-06-24 13:43 - 00831488 _____ (Realtek Semiconductor Corp.) C:\Windows\RtlExUpd.dll
2014-12-17 17:28 - 2009-04-16 13:13 - 00166400 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2014-12-17 17:28 - 2009-03-31 17:02 - 00108032 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2014-12-17 17:28 - 2009-03-09 08:32 - 00304640 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2014-12-17 17:28 - 2009-03-09 08:30 - 00304640 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2014-12-17 17:28 - 2008-11-09 14:57 - 00311296 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2014-12-17 17:28 - 2008-08-21 16:43 - 00000520 _____ () C:\Windows\system32\Drivers\RTEQEX2.dat
2014-12-17 17:28 - 2008-04-30 11:48 - 00193536 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2014-12-17 17:28 - 2007-07-25 12:34 - 00150528 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2014-12-17 17:28 - 2007-07-13 17:11 - 00000008 _____ () C:\Windows\system32\Drivers\rtkhdaud.dat
2014-12-17 17:28 - 2007-05-17 14:26 - 00211376 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2014-12-17 17:28 - 2006-12-13 13:30 - 00513536 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2014-12-17 17:28 - 2005-06-27 08:29 - 00000520 _____ () C:\Windows\system32\Drivers\RTEQEX1.dat
2014-12-17 17:28 - 2005-06-27 08:29 - 00000520 _____ () C:\Windows\system32\Drivers\RTEQEX0.dat
2014-12-17 17:26 - 2014-12-17 17:26 - 00001451 _____ () C:\Users\X\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-17 17:26 - 2014-12-17 17:26 - 00001417 _____ () C:\Users\X\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
2014-12-17 17:26 - 2014-12-17 17:26 - 00000000 ____D () C:\Users\X\AppData\Local\VirtualStore
2014-12-17 17:25 - 2014-12-17 18:03 - 00000342 _____ () C:\Windows\Tasks\McDefragTask.job
2014-12-17 17:25 - 2014-12-17 18:03 - 00000320 _____ () C:\Windows\Tasks\McQcTask.job
2014-12-17 17:25 - 2014-12-17 17:26 - 00000000 ____D () C:\Users\X
2014-12-17 17:25 - 2014-12-17 17:25 - 00108840 _____ () C:\Users\X\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-17 17:25 - 2014-12-17 17:25 - 00003746 _____ () C:\Windows\System32\Tasks\McQcTask
2014-12-17 17:25 - 2014-12-17 17:25 - 00003682 _____ () C:\Windows\System32\Tasks\McDefragTask
2014-12-17 17:25 - 2014-12-17 17:25 - 00000122 _____ () C:\Windows\WLangUpt.log
2014-12-17 17:25 - 2014-12-17 17:25 - 00000020 ___SH () C:\Users\X\ntuser.ini
2014-12-17 17:25 - 2014-12-17 17:25 - 00000000 ____D () C:\Users\Public\Documents\Acer
2014-12-17 17:25 - 2009-09-11 17:32 - 00000000 ___RD () C:\Users\X\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-12-17 17:25 - 2009-09-11 17:32 - 00000000 ___RD () C:\Users\X\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-17 17:24 - 2014-12-18 12:45 - 00747523 _____ () C:\Windows\WindowsUpdate.log
2014-12-17 17:24 - 2014-12-17 17:24 - 00000000 __SHD () C:\Recovery
2014-12-04 17:42 - 2014-12-04 17:43 - 00000000 ____D () C:\NPE
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2014-12-18 14:00 - 2014-07-03 22:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-18 13:15 - 2009-08-22 04:49 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-18 12:54 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-12-18 12:51 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache
2014-12-18 12:45 - 2009-08-22 04:48 - 00005797 _____ () C:\Windows\system32\Config.MPF
2014-12-18 11:20 - 2009-07-13 23:45 - 00017376 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-18 11:20 - 2009-07-13 23:45 - 00017376 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-18 11:17 - 2009-07-14 00:13 - 00779572 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-18 11:11 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-18 11:11 - 2009-07-13 23:51 - 00062942 _____ () C:\Windows\setupact.log
2014-12-17 21:25 - 2009-08-22 04:45 - 00000000 ____D () C:\Program Files (x86)\McAfee
2014-12-17 20:18 - 2009-07-27 14:43 - 00005767 _____ () C:\Windows\TSSysprep.log
2014-12-17 20:18 - 2009-07-13 23:46 - 00004059 _____ () C:\Windows\DtcInstall.log
2014-12-17 20:16 - 2009-07-14 00:32 - 00028672 _____ () C:\Windows\system32\config\BCD-Template
2014-12-17 20:15 - 2009-07-14 00:38 - 00025600 ___SH () C:\Windows\system32\config\BCD-Template.LOG
2014-12-17 20:15 - 2009-03-12 04:30 - 00000000 ____D () C:\Windows\LP
2014-12-17 20:09 - 2009-07-14 00:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-12-17 20:09 - 2009-07-14 00:32 - 00000000 ____D () C:\Program Files\Microsoft Games
2014-12-17 18:06 - 2009-12-26 00:47 - 00002079 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Assist.lnk
2014-12-17 18:06 - 2009-08-22 04:49 - 00000000 ____D () C:\Program Files (x86)\Acer
2014-12-17 18:06 - 2009-08-22 04:29 - 00741237 _____ () C:\Windows\launApp.log
2014-12-17 18:06 - 2009-07-27 15:26 - 00000000 ___DC () C:\elements
2014-12-17 18:06 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Help
2014-12-17 18:04 - 2009-08-22 05:16 - 00075841 _____ () C:\Windows\PLaunch.log
2014-12-17 18:02 - 2009-09-11 15:33 - 00743340 _____ () C:\Windows\PFRO.log
2014-12-17 17:52 - 2009-08-22 05:16 - 00000214 _____ () C:\Windows\Factory.xml
2014-12-17 17:50 - 2009-09-11 15:35 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2014-12-17 17:47 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\Registration
2014-12-17 17:45 - 2009-10-11 04:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2014-12-17 17:42 - 2009-07-13 22:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-12-17 17:40 - 2009-08-22 04:33 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-17 17:29 - 2009-08-22 04:34 - 00047114 _____ () C:\Windows\DPINST.LOG
2014-12-17 17:29 - 2009-07-14 00:32 - 00000000 ____D () C:\Windows\system32\restore
2014-12-17 17:27 - 2009-08-22 04:45 - 00000000 ____D () C:\ProgramData\McAfee
2014-12-17 17:25 - 2009-08-22 05:18 - 00000000 ___HD () C:\OEM
2014-12-17 17:25 - 2009-08-22 05:16 - 00000189 __RSH () C:\Preload.rev
2014-12-17 17:25 - 2009-08-22 05:16 - 00000168 _____ () C:\Windows\WisLangCode.ini
2014-12-17 17:25 - 2009-07-27 15:41 - 00000000 ____D () C:\Windows\Panther
2014-12-17 17:24 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\Recovery
2014-12-15 11:11 - 2014-10-16 12:18 - 00000000 ___HD () C:\ProgramData\{21BADF0B-6B7A-4BB4-8217-CB8162A7D402}
2014-12-06 13:09 - 2010-01-02 07:54 - 00000952 ___SH () C:\ProgramData\KGyGaAvL.sys
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2014-12-18 12:20
 
==================== End Of Log ============================

Attached Files


Edited by Qaz21, 18 December 2014 - 06:37 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users