Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Browser Hijacked


  • This topic is locked This topic is locked
14 replies to this topic

#1 pyropixie

pyropixie

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Suckramento, CA
  • Local time:09:10 PM

Posted 10 December 2014 - 09:51 PM

Good Evening,

 

Per boopme's request - I am starting a new topic here in hopes that someone can help me with my browser hijack that was recently acquired (12/4)

 

You can see my attempts to rid my laptop from this hijack with no luck here

http://www.bleepingcomputer.com/forums/t/558828/browser-hijacked

 

I was instructed to run DDS but was unable to because it said it cannot be run in comparability mode

 

Here are the log from RSIT

 

Logfile of random's system information tool 1.10 (written by random/random)
Run by User at 2014-12-10 18:40:36
Microsoft Windows 8.1
System drive C: has 657 GB (93%) free of 706 GB
Total RAM: 6023 MB (75% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:40:53 PM, on 12/10/2014
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.9600.17416)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
C:\Program Files (x86)\HiVision Multimedia\VivaStation\ScheduleAgent.exe
C:\Program Files\trend micro\User.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com/?pc=TNJB
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com/?pc=TNJB
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer provided by TOSHIBA
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O4 - HKLM\..\Run: [TSVU] "c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe"
O4 - HKLM\..\Run: [ToshibaAppPlace] "C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe"
O4 - HKLM\..\Run: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
O4 - HKCU\..\Run: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
O4 - HKCU\..\Run: [TiVme Agent] C:\Program Files (x86)\HiVision Multimedia\VivaStation\ScheduleAgent.exe srec
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: DTS APO Service (dts_apo_service) - Unknown owner - C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Fitbit Connect Service (Fitbit Connect) - Fitbit, Inc. - C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® Integrated Clock Controller Service - Intel® ICCS (ICCS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\Windows\system32\IEEtwCollector.exe (file missing)
O23 - Service: Intel® Capability Licensing Service Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\HeciServer.exe
O23 - Service: Intel® Capability Licensing Service TCP IP Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel® ME Service - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\Windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA eco Utility Service - Toshiba Corporation - C:\Program Files\TOSHIBA\Teco\TecoService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7500 bytes

======Listing Processes======





wininit.exe

winlogon.exe

C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"dwm.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe"
"C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe"
"C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe"
"C:\Program Files\Intel\iCLS Client\HeciServer.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\TODDSrv.exe
"C:\Program Files\TOSHIBA\Teco\TecoService.exe"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe"
"C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe"
"C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
taskhostex.exe
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\skydrive.exe -Embedding
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\system32\igfxsrvc.exe" -Embedding
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe"
"C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe"
"C:\Program Files\TOSHIBA\Teco\TecoResident.exe"
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
"C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
"C:\Program Files (x86)\HiVision Multimedia\VivaStation\ScheduleAgent.exe" srec

"C:\Windows\System32\SettingSyncHost.exe" -Embedding
"C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe" /hide
dashost.exe {6c4340a1-abb1-473d-93bf0ef793a9ef77}
"C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe"

"C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe" -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17246_none_fa4ae8e99b1f603c\TiWorker.exe -Embedding
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe10_ Global\UsGthrCtrlFltPipeMssGthrPipe10 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 560 564 572 65536 568
C:\Windows\system32\msfeedssync.exe sync
"C:\Users\User\Desktop\RSITx64.exe"
C:\Windows\WinStore\WSHost.exe -Embedding
"C:\Program Files\Internet Explorer\IELowutil.exe" -PID:123

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe  /c
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe  /ua /installsource scheduler

=========Mozilla firefox=========

ProfilePath - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0jz2v3md.default-1417925789100

"{C74AB308-BA97-42f6-BB20-00E0868F52FB}"=C:\Program Files\shopperz\Firefox


[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 15.0.0.239 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5]
"Description"=Intel IPT WebApi plugin
"Path"=C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater]
"Description"=This plugin updates Intel WebAPI component
"Path"=C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 15.0.0.239 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll


======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
""= []
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2013-08-30 391152]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2013-08-30 771056]
"Persistence"=C:\Windows\system32\igfxpers.exe [2013-08-30 769520]
"TCrdMain"=C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2013-08-17 2556768]
"TSSSrv"=C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [2013-09-11 296520]
"TecoResident"=C:\Program Files\TOSHIBA\Teco\TecoResident.exe [2013-08-21 178016]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2014-10-01 5595336]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Fitbit Connect"=C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [2014-05-19 3414560]
"TiVme Agent"=C:\Program Files (x86)\HiVision Multimedia\VivaStation\ScheduleAgent.exe [2011-07-28 139264]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"TSVU"=c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [2013-07-23 516512]
"ToshibaAppPlace"=C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [2010-09-23 552960]
"Fitbit Connect"=C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [2014-05-19 3414560]

[HKEY_CURRENT_USER\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"TiVme Agent"=C:\Program Files (x86)\HiVision Multimedia\VivaStationScheduleAgent.exe []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2013-08-26 622080]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CleanHlp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CleanHlp.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro37.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HitmanPro37Crusader]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HitmanPro37CrusaderBoot]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files (x86)\xchat\xchat.exe"="C:\Program Files (x86)\xchat\xchat.exe:*:Enabled:XChat IRC Client"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"VIDC.YUY2"=msyuv.dll
"vidc.i420"=lvcod64.dll
"msacm.msgsm610"=msgsm32.acm
"msacm.msg711"=msg711.acm
"VIDC.YVYU"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"wavemapper"=msacm32.drv
"midimapper"=midimap.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"vidc.msvc"=msvidc32.dll
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo"=vfwwdm32.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-12-10 18:40:36 ----D---- C:\rsit
2014-12-10 18:40:36 ----D---- C:\Program Files\trend micro
2014-12-07 21:48:05 ----SHD---- C:\Config.Msi
2014-12-06 19:52:09 ----D---- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-12-06 10:24:56 ----D---- C:\Windows\ERUNT
2014-12-05 22:41:34 ----D---- C:\Users\User\AppData\Roaming\Mozilla
2014-12-05 22:41:27 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-05 22:41:24 ----D---- C:\Program Files (x86)\Mozilla Firefox
2014-12-05 22:16:55 ----A---- C:\Windows\system32\ffnd.exe
2014-12-05 21:48:20 ----A---- C:\Windows\system32\eamclean.exe
2014-12-05 21:48:20 ----A---- C:\Windows\system32\eamclean.dat
2014-12-05 21:04:29 ----D---- C:\EEK
2014-12-05 20:53:26 ----A---- C:\Windows\system32\drivers\TrueSight.sys
2014-12-05 20:53:24 ----D---- C:\ProgramData\RogueKiller
2014-12-05 20:40:55 ----A---- C:\Windows\ntbtlog.txt
2014-12-05 20:06:45 ----A---- C:\Windows\system32\drivers\MBAMSwissArmy.sys
2014-12-05 20:06:32 ----D---- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-05 20:06:32 ----A---- C:\Windows\system32\drivers\mwac.sys
2014-12-05 20:06:32 ----A---- C:\Windows\system32\drivers\mbamchameleon.sys
2014-12-05 20:06:32 ----A---- C:\Windows\system32\drivers\mbam.sys
2014-12-05 19:58:36 ----A---- C:\Windows\system32\bootdelete.exe
2014-12-05 19:49:31 ----D---- C:\ProgramData\HitmanPro
2014-12-05 19:42:55 ----D---- C:\AdwCleaner
2014-12-05 19:42:55 ----A---- C:\AdwCleanerDebug.txt
2014-12-05 19:38:20 ----D---- C:\Users\User\AppData\Roaming\WildTangent
2014-12-04 22:06:29 ----D---- C:\Users\User\AppData\Roaming\ESET
2014-12-04 22:04:19 ----D---- C:\ProgramData\ESET
2014-12-04 22:04:19 ----D---- C:\Program Files\ESET
2014-12-04 20:57:49 ----D---- C:\ProgramData\Malwarebytes
2014-12-04 20:55:02 ----A---- C:\Windows\system32\drivers\webinstrNewH.sys
2014-12-04 20:44:48 ----D---- C:\PhSp_CS2_UE_Ret
2014-11-19 18:43:20 ----A---- C:\Windows\SYSWOW64\pku2u.dll
2014-11-19 18:43:20 ----A---- C:\Windows\SYSWOW64\kerberos.dll
2014-11-19 18:43:20 ----A---- C:\Windows\system32\pku2u.dll
2014-11-19 18:43:20 ----A---- C:\Windows\system32\kerberos.dll
2014-11-11 16:46:20 ----A---- C:\Windows\SYSWOW64\msi.dll
2014-11-11 16:46:20 ----A---- C:\Windows\system32\msi.dll
2014-11-11 16:46:19 ----A---- C:\Windows\SYSWOW64\authui.dll
2014-11-11 16:46:19 ----A---- C:\Windows\system32\authui.dll
2014-11-11 16:46:18 ----A---- C:\Windows\SYSWOW64\msihnd.dll
2014-11-11 16:46:18 ----A---- C:\Windows\system32\msihnd.dll
2014-11-11 16:46:18 ----A---- C:\Windows\system32\consent.exe
2014-11-11 16:46:18 ----A---- C:\Windows\system32\appinfo.dll
2014-11-11 16:46:13 ----A---- C:\Windows\system32\user32.dll
2014-11-11 16:46:12 ----A---- C:\Windows\SYSWOW64\user32.dll
2014-11-11 16:46:11 ----A---- C:\Windows\system32\drivers\WdNisDrv.sys
2014-11-11 16:46:11 ----A---- C:\Windows\system32\drivers\WdFilter.sys
2014-11-11 16:46:10 ----A---- C:\Windows\system32\drivers\WdBoot.sys
2014-11-11 16:46:08 ----A---- C:\Windows\SYSWOW64\winshfhc.dll
2014-11-11 16:46:08 ----A---- C:\Windows\system32\winshfhc.dll
2014-11-11 16:45:39 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2014-11-11 16:45:39 ----A---- C:\Windows\system32\msxml3.dll
2014-11-11 16:45:23 ----A---- C:\Windows\SYSWOW64\AUDIOKSE.dll
2014-11-11 16:45:23 ----A---- C:\Windows\system32\audiosrv.dll
2014-11-11 16:45:23 ----A---- C:\Windows\system32\AudioSes.dll
2014-11-11 16:45:23 ----A---- C:\Windows\system32\AUDIOKSE.dll
2014-11-11 16:45:22 ----A---- C:\Windows\SYSWOW64\AudioSes.dll
2014-11-11 16:45:22 ----A---- C:\Windows\SYSWOW64\AudioEng.dll
2014-11-11 16:45:22 ----A---- C:\Windows\system32\EncDump.dll
2014-11-11 16:45:22 ----A---- C:\Windows\system32\AudioEng.dll
2014-11-11 16:45:22 ----A---- C:\Windows\system32\AudioEndpointBuilder.dll
2014-11-11 16:45:22 ----A---- C:\Windows\system32\audiodg.exe
2014-11-11 16:45:19 ----A---- C:\Windows\system32\mshtml.dll
2014-11-11 16:45:18 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2014-11-11 16:44:43 ----A---- C:\Windows\system32\ieframe.dll
2014-11-11 16:44:36 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2014-11-11 16:44:30 ----A---- C:\Windows\system32\jscript9.dll
2014-11-11 16:44:28 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2014-11-11 16:44:26 ----A---- C:\Windows\system32\wininet.dll
2014-11-11 16:44:25 ----A---- C:\Windows\SYSWOW64\wininet.dll
2014-11-11 16:44:25 ----A---- C:\Windows\system32\urlmon.dll
2014-11-11 16:44:24 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2014-11-11 16:44:24 ----A---- C:\Windows\system32\inetcomm.dll
2014-11-11 16:44:24 ----A---- C:\Windows\system32\iertutil.dll
2014-11-11 16:44:23 ----A---- C:\Windows\SYSWOW64\inetcomm.dll
2014-11-11 16:44:23 ----A---- C:\Windows\system32\actxprxy.dll
2014-11-11 16:44:22 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2014-11-11 16:44:21 ----A---- C:\Windows\SYSWOW64\jscript.dll
2014-11-11 16:44:21 ----A---- C:\Windows\system32\jscript9diag.dll
2014-11-11 16:44:21 ----A---- C:\Windows\system32\jscript.dll
2014-11-11 16:44:21 ----A---- C:\Windows\system32\ieui.dll
2014-11-11 16:44:20 ----A---- C:\Windows\system32\msfeeds.dll
2014-11-11 16:44:19 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2014-11-11 16:44:19 ----A---- C:\Windows\SYSWOW64\jscript9diag.dll
2014-11-11 16:44:19 ----A---- C:\Windows\SYSWOW64\ieui.dll
2014-11-11 16:44:18 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2014-11-11 16:44:18 ----A---- C:\Windows\system32\vbscript.dll
2014-11-11 16:44:17 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2014-11-11 16:44:17 ----A---- C:\Windows\system32\dxtmsft.dll
2014-11-11 16:44:16 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2014-11-11 16:44:16 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2014-11-11 16:44:16 ----A---- C:\Windows\system32\dxtrans.dll
2014-11-11 16:44:15 ----A---- C:\Windows\system32\ieapfltr.dll
2014-11-11 16:44:14 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2014-11-11 16:44:14 ----A---- C:\Windows\system32\webcheck.dll
2014-11-11 16:44:14 ----A---- C:\Windows\system32\ieetwproxystub.dll
2014-11-11 16:44:13 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2014-11-11 16:44:12 ----A---- C:\Windows\SYSWOW64\hlink.dll
2014-11-11 16:44:12 ----A---- C:\Windows\system32\iedkcs32.dll
2014-11-11 16:44:11 ----A---- C:\Windows\SYSWOW64\msrating.dll
2014-11-11 16:44:11 ----A---- C:\Windows\system32\ieUnatt.exe
2014-11-11 16:44:11 ----A---- C:\Windows\system32\iesysprep.dll
2014-11-11 16:44:11 ----A---- C:\Windows\system32\iepeers.dll
2014-11-11 16:44:11 ----A---- C:\Windows\system32\ieetwcollector.exe
2014-11-11 16:44:11 ----A---- C:\Windows\system32\ie4uinit.exe
2014-11-11 16:44:11 ----A---- C:\Windows\system32\hlink.dll
2014-11-11 16:44:10 ----A---- C:\Windows\SYSWOW64\inseng.dll
2014-11-11 16:44:10 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2014-11-11 16:44:10 ----A---- C:\Windows\SYSWOW64\iesysprep.dll
2014-11-11 16:44:10 ----A---- C:\Windows\SYSWOW64\iepeers.dll
2014-11-11 16:44:10 ----A---- C:\Windows\SYSWOW64\actxprxy.dll
2014-11-11 16:44:09 ----A---- C:\Windows\SYSWOW64\msfeedsbs.dll
2014-11-11 16:44:09 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2014-11-11 16:44:09 ----A---- C:\Windows\system32\mshtmled.dll
2014-11-11 16:44:09 ----A---- C:\Windows\system32\msfeedsbs.dll
2014-11-11 16:44:09 ----A---- C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-11 16:44:09 ----A---- C:\Windows\system32\inseng.dll
2014-11-11 16:44:08 ----A---- C:\Windows\SYSWOW64\occache.dll
2014-11-11 16:44:08 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2014-11-11 16:44:08 ----A---- C:\Windows\SYSWOW64\IEAdvpack.dll
2014-11-11 16:44:08 ----A---- C:\Windows\system32\jsproxy.dll
2014-11-11 16:44:07 ----A---- C:\Windows\SYSWOW64\JavaScriptCollectionAgent.dll
2014-11-11 16:44:07 ----A---- C:\Windows\SYSWOW64\iexpress.exe
2014-11-11 16:44:07 ----A---- C:\Windows\system32\msrating.dll
2014-11-11 16:44:07 ----A---- C:\Windows\system32\MshtmlDac.dll
2014-11-11 16:44:06 ----A---- C:\Windows\SYSWOW64\MshtmlDac.dll
2014-11-11 16:44:06 ----A---- C:\Windows\SYSWOW64\imgutil.dll
2014-11-11 16:44:06 ----A---- C:\Windows\system32\occache.dll
2014-11-11 16:44:06 ----A---- C:\Windows\system32\imgutil.dll
2014-11-11 16:44:05 ----A---- C:\Windows\SYSWOW64\pngfilt.dll
2014-11-11 16:44:05 ----A---- C:\Windows\SYSWOW64\licmgr10.dll
2014-11-11 16:44:05 ----A---- C:\Windows\SYSWOW64\ieetwproxystub.dll
2014-11-11 16:44:05 ----A---- C:\Windows\system32\pngfilt.dll
2014-11-11 16:44:05 ----A---- C:\Windows\system32\licmgr10.dll
2014-11-11 16:44:04 ----A---- C:\Windows\SYSWOW64\wextract.exe
2014-11-11 16:44:04 ----A---- C:\Windows\SYSWOW64\url.dll
2014-11-11 16:44:04 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2014-11-11 16:44:04 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2014-11-11 16:44:04 ----A---- C:\Windows\system32\url.dll
2014-11-11 16:44:04 ----A---- C:\Windows\system32\iernonce.dll
2014-11-11 16:44:03 ----A---- C:\Windows\system32\wextract.exe
2014-11-11 16:44:03 ----A---- C:\Windows\system32\IEAdvpack.dll
2014-11-11 16:44:02 ----A---- C:\Windows\SYSWOW64\mshta.exe
2014-11-11 16:44:02 ----A---- C:\Windows\SYSWOW64\msfeedssync.exe
2014-11-11 16:44:02 ----A---- C:\Windows\system32\mshta.exe
2014-11-11 16:44:02 ----A---- C:\Windows\system32\msfeedssync.exe
2014-11-11 16:44:02 ----A---- C:\Windows\system32\iexpress.exe
2014-11-11 16:44:02 ----A---- C:\Windows\system32\iesetup.dll
2014-11-11 16:43:11 ----A---- C:\Windows\SYSWOW64\schannel.dll
2014-11-11 16:43:11 ----A---- C:\Windows\SYSWOW64\ncryptsslp.dll
2014-11-11 16:43:11 ----A---- C:\Windows\system32\schannel.dll
2014-11-11 16:43:11 ----A---- C:\Windows\system32\ncryptsslp.dll
2014-11-11 16:43:11 ----A---- C:\Windows\system32\dpapisrv.dll
2014-11-11 16:42:44 ----A---- C:\Windows\system32\win32k.sys
2014-11-11 16:42:43 ----A---- C:\Windows\system32\packager.dll
2014-11-11 16:42:42 ----A---- C:\Windows\SYSWOW64\packager.dll
2014-11-11 16:42:40 ----A---- C:\Windows\SYSWOW64\certcli.dll
2014-11-11 16:42:40 ----A---- C:\Windows\system32\rdpcorets.dll
2014-11-11 16:42:40 ----A---- C:\Windows\system32\lsasrv.dll
2014-11-11 16:42:40 ----A---- C:\Windows\system32\certcli.dll
2014-11-11 16:42:39 ----A---- C:\Windows\SYSWOW64\msaudite.dll
2014-11-11 16:42:39 ----A---- C:\Windows\SYSWOW64\adtschema.dll
2014-11-11 16:42:39 ----A---- C:\Windows\system32\rfxvmt.dll
2014-11-11 16:42:39 ----A---- C:\Windows\system32\drivers\rdpvideominiport.sys
2014-11-11 16:42:39 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2014-11-11 16:42:39 ----A---- C:\Windows\system32\drivers\cng.sys
2014-11-11 16:42:39 ----A---- C:\Windows\system32\adtschema.dll
2014-11-11 16:42:38 ----A---- C:\Windows\system32\rdpudd.dll
2014-11-11 16:42:38 ----A---- C:\Windows\system32\msaudite.dll
2014-11-11 16:41:44 ----A---- C:\Windows\SYSWOW64\oleaut32.dll
2014-11-11 16:41:44 ----A---- C:\Windows\system32\oleaut32.dll
2014-11-11 16:41:41 ----A---- C:\Windows\system32\wuaueng.dll
2014-11-11 16:41:40 ----A---- C:\Windows\system32\wuapi.dll
2014-11-11 16:41:39 ----A---- C:\Windows\SYSWOW64\wuapi.dll
2014-11-11 16:41:39 ----A---- C:\Windows\system32\WUSettingsProvider.dll
2014-11-11 16:41:39 ----A---- C:\Windows\system32\wucltux.dll
2014-11-11 16:41:38 ----A---- C:\Windows\SYSWOW64\wuwebv.dll
2014-11-11 16:41:38 ----A---- C:\Windows\SYSWOW64\wudriver.dll
2014-11-11 16:41:38 ----A---- C:\Windows\SYSWOW64\wuapp.exe
2014-11-11 16:41:38 ----A---- C:\Windows\system32\wuwebv.dll
2014-11-11 16:41:38 ----A---- C:\Windows\system32\wups.dll
2014-11-11 16:41:38 ----A---- C:\Windows\system32\wudriver.dll
2014-11-11 16:41:38 ----A---- C:\Windows\system32\wuauclt.exe
2014-11-11 16:41:37 ----A---- C:\Windows\SYSWOW64\wups.dll
2014-11-11 16:41:37 ----A---- C:\Windows\system32\wups2.dll
2014-11-11 16:41:37 ----A---- C:\Windows\system32\wuapp.exe
2014-11-11 16:41:37 ----A---- C:\Windows\system32\wuaext.dll
2014-11-11 16:40:43 ----A---- C:\Windows\system32\shell32.dll
2014-11-11 16:40:40 ----A---- C:\Windows\system32\ntoskrnl.exe
2014-11-11 16:40:38 ----A---- C:\Windows\SYSWOW64\shell32.dll
2014-11-11 16:40:37 ----A---- C:\Windows\system32\twinui.dll
2014-11-11 16:40:37 ----A---- C:\Windows\system32\SettingsHandlers.dll
2014-11-11 16:40:36 ----A---- C:\Windows\system32\drivers\tcpip.sys
2014-11-11 16:40:35 ----A---- C:\Windows\system32\mfmp4srcsnk.dll
2014-11-11 16:40:35 ----A---- C:\Windows\system32\MFMediaEngine.dll
2014-11-11 16:40:35 ----A---- C:\Windows\system32\localspl.dll
2014-11-11 16:40:30 ----A---- C:\Windows\SYSWOW64\twinui.dll
2014-11-11 16:40:29 ----A---- C:\Windows\SYSWOW64\mfmp4srcsnk.dll
2014-11-11 16:40:29 ----A---- C:\Windows\SYSWOW64\MFMediaEngine.dll
2014-11-11 16:40:29 ----A---- C:\Windows\system32\win32spl.dll
2014-11-11 16:40:28 ----A---- C:\Windows\system32\WsmSvc.dll
2014-11-11 16:40:28 ----A---- C:\Windows\system32\drivers\netio.sys
2014-11-11 16:40:27 ----AC---- C:\Windows\system32\drivers\USBSTOR.SYS
2014-11-11 16:40:27 ----A---- C:\Windows\SYSWOW64\WsmSvc.dll
2014-11-11 16:40:27 ----A---- C:\Windows\SYSWOW64\puiobj.dll
2014-11-11 16:40:27 ----A---- C:\Windows\system32\puiobj.dll
2014-11-11 16:40:19 ----A---- C:\Windows\SYSWOW64\untfs.dll
2014-11-11 16:40:19 ----A---- C:\Windows\system32\untfs.dll
2014-11-11 16:40:19 ----A---- C:\Windows\system32\drivers\FWPKCLNT.SYS
2014-11-11 16:40:18 ----A---- C:\Windows\system32\FXSCOMEX.dll
2014-11-11 16:40:18 ----A---- C:\Windows\system32\FXSAPI.dll
2014-11-11 16:40:17 ----A---- C:\Windows\SYSWOW64\FXSAPI.dll

======List of files/folders modified in the last 1 month======

2014-12-10 18:40:36 ----RD---- C:\Program Files
2014-12-10 18:40:32 ----D---- C:\Windows\CbsTemp
2014-12-10 18:39:33 ----D---- C:\Windows\Temp
2014-12-10 18:39:09 ----D---- C:\Windows\system32\config
2014-12-10 18:37:49 ----HD---- C:\Program Files\WindowsApps
2014-12-10 18:37:48 ----D---- C:\Windows\Prefetch
2014-12-10 18:37:30 ----D---- C:\Windows\system32\sru
2014-12-08 21:05:21 ----D---- C:\Windows\AppReadiness
2014-12-07 21:58:31 ----RAD---- C:\Windows\System32
2014-12-07 21:58:31 ----D---- C:\Windows\Inf
2014-12-07 21:58:31 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-12-07 21:52:38 ----HD---- C:\ProgramData
2014-12-07 21:48:06 ----SHD---- C:\Windows\Installer
2014-12-07 21:48:06 ----D---- C:\Program Files (x86)\Google
2014-12-07 21:46:36 ----D---- C:\Program Files (x86)
2014-12-07 21:38:10 ----D---- C:\Windows\system32\drivers
2014-12-07 17:08:23 ----RD---- C:\Program Files (x86)\Skype
2014-12-07 17:07:37 ----SHD---- C:\System Volume Information
2014-12-07 17:02:10 ----D---- C:\Users\User\AppData\Roaming\OBS
2014-12-07 15:22:41 ----D---- C:\Windows\Microsoft.NET
2014-12-07 08:37:16 ----D---- C:\Program Files (x86)\OBS
2014-12-07 08:27:28 ----D---- C:\Program Files (x86)\Hearthstone
2014-12-07 08:24:06 ----D---- C:\Program Files (x86)\Battle.net
2014-12-06 19:48:55 ----AD---- C:\Windows
2014-12-06 10:14:31 ----D---- C:\Program Files (x86)\Common Files
2014-12-06 10:14:17 ----D---- C:\Windows\SysWOW64
2014-12-05 20:15:48 ----D---- C:\Windows\system32\Tasks
2014-12-05 19:38:21 ----D---- C:\Program Files (x86)\WildTangent Games
2014-12-05 19:38:20 ----D---- C:\ProgramData\WildTangent
2014-12-05 19:29:30 ----SD---- C:\Users\User\AppData\Roaming\Microsoft
2014-12-04 23:40:25 ----D---- C:\Program Files (x86)\xchat
2014-12-04 23:40:13 ----D---- C:\Program Files (x86)\Adobe
2014-12-04 23:40:12 ----D---- C:\Users\User\AppData\Roaming\Adobe
2014-12-04 23:39:33 ----D---- C:\Program Files (x86)\Steam
2014-12-04 23:31:13 ----D---- C:\Windows\AppCompat
2014-12-04 23:02:57 ----A---- C:\Windows\win.ini
2014-12-04 22:05:22 ----D---- C:\Windows\system32\GroupPolicy
2014-12-04 22:05:06 ----D---- C:\Windows\system32\DriverStore
2014-12-04 21:55:04 ----D---- C:\Windows\Tasks
2014-12-04 20:59:52 ----D---- C:\Windows\apppatch
2014-12-04 20:36:41 ----D---- C:\ProgramData\Adobe
2014-12-04 20:35:28 ----D---- C:\Program Files\Common Files\Adobe
2014-11-28 21:28:38 ----D---- C:\Windows\WinSxS
2014-11-22 20:59:41 ----D---- C:\Windows\system32\wdi
2014-11-21 23:29:07 ----D---- C:\Windows\rescache
2014-11-20 12:51:37 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2014-11-16 13:55:27 ----RSD---- C:\Windows\assembly
2014-11-16 11:29:52 ----D---- C:\Program Files\Windows Defender
2014-11-16 11:29:52 ----D---- C:\Program Files (x86)\Windows Defender
2014-11-16 11:29:50 ----RD---- C:\Windows\ToastData
2014-11-16 11:29:50 ----D---- C:\Windows\system32\wbem
2014-11-16 11:29:50 ----D---- C:\Windows\system32\en-US
2014-11-16 11:29:49 ----RD---- C:\Windows\ImmersiveControlPanel
2014-11-16 11:29:47 ----D---- C:\Windows\SYSWOW64\en-US
2014-11-16 11:29:46 ----D---- C:\Windows\SYSWOW64\migration
2014-11-16 11:29:46 ----D---- C:\Program Files (x86)\Internet Explorer
2014-11-16 11:29:45 ----D---- C:\Windows\system32\migration
2014-11-16 11:29:45 ----D---- C:\Program Files\Internet Explorer
2014-11-15 11:20:45 ----D---- C:\Windows\system32\MRT
2014-11-15 11:18:07 ----A---- C:\Windows\system32\MRT.exe
2014-11-11 16:39:42 ----D---- C:\Windows\system32\catroot2

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 edevmon;edevmon; C:\Windows\system32\DRIVERS\edevmon.sys [2014-08-18 241368]
R0 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2014-09-18 63160]
R0 iaStorA;iaStorA; C:\Windows\System32\drivers\iaStorA.sys [2013-08-07 644968]
R0 tos_sps64;@oem20.inf,%SERVICE_DESC_amd64%;TOSHIBA tos_sps64 Service; C:\Windows\System32\drivers\tos_sps64.sys [2012-06-18 499096]
R0 TVALZ;@oem18.inf,%TVALZ.SvcDesc%;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\Windows\System32\drivers\TVALZ_O.SYS [2013-08-15 32832]
R1 A2DDA;A2 Direct Disk Access Support Driver; \??\C:\EEK\BIN\a2ddax64.sys [2014-12-06 26176]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2014-08-18 243440]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2014-08-18 169280]
R1 EpfwLWF;@oem34.inf,%EpfwLWF_Desc%;Epfw NDIS LightWeight Filter; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2014-08-18 44632]
R1 vwififlt;@%SystemRoot%\System32\drivers\vwififlt.sys,-259; C:\Windows\system32\DRIVERS\vwififlt.sys [2014-04-29 71680]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2014-08-18 222280]
R2 webinstrNewH;webinstrNewH; \??\C:\Windows\system32\Drivers\webinstrNewH.sys [2014-12-04 106456]
R3 FwLnk;@oem19.inf,%DiskServiceDesc%;FwLnk Driver; C:\Windows\System32\drivers\FwLnk.sys [2013-08-20 9216]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2013-08-26 4166656]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2013-08-21 3591000]
R3 IntcDAud;@oem6.inf,%IntcDAud.SvcDesc%;Intel® Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2013-08-26 449528]
R3 iwdbus;@oem5.inf,%iwdbus.SVCDESC%;IWD Bus Enumerator; C:\Windows\System32\drivers\iwdbus.sys [2013-08-22 26008]
R3 L1C;@oem9.inf,%L1C.Service.DispName%;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C63x64.sys [2013-07-18 130248]
R3 MEIx64;@oem2.inf,%TEE_SvcDesc%;Intel® Management Engine Interface ; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [2013-09-03 99288]
R3 RSUSBVSTOR;@oem14.inf,%RSUSBVSTOR.SvcDesc%;RtsUVStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUVStor.sys [2013-08-08 329944]
R3 RTWlanE;@oem10.inf,%RTWlanE.DeviceDesc.DispName%;Realtek Wireless LAN 802.11n PCI-E Network Adapter; C:\Windows\system32\DRIVERS\rtwlane.sys [2013-09-12 2945240]
R3 SmbDrvI;SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [2014-08-06 34544]
R3 SynTP;@oem31.inf,%SynTP.SvcDesc%;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2014-08-06 528112]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\Windows\system32\DRIVERS\tdcmdpst.sys [2012-07-25 31184]
R3 Thotkey;@oem15.inf,%Thotkey%;Toshiba Hotkey Driver; C:\Windows\System32\drivers\Thotkey.sys [2013-08-19 32624]
R3 usbvideo;@usbvideo.inf,%USBVideo.SvcDesc%;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2013-08-22 212224]
R3 vwifimp;@%SystemRoot%\System32\drivers\vwifimp.sys,-261; C:\Windows\system32\DRIVERS\vwifimp.sys [2014-04-29 38912]
R3 WinDriver6;WinDriver6; C:\Windows\system32\drivers\windrvr6.sys [2012-08-26 266752]
S1 cherimoya;cherimoya; C:\Windows\system32\drivers\cherimoya.sys []
S3 athr;@athw8x.inf,%ATHR.Service.DispName%;Qualcomm Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athw8x.sys [2013-06-18 3680256]
S3 cleanhlp;cleanhlp; \??\C:\EEK\bin\cleanhlp64.sys [2014-12-06 57024]
S3 ElgatoGC658Y;@oem26.inf,%Service.FriendlyName%;Elgato Game Capture; C:\Windows\System32\Drivers\ElgatoGC658.sys [2012-11-12 50288]
S3 intaud_WaveExtensible;@oem4.inf,%INTAUD_WEX.SvcDesc%;Intel WiDi Audio Device; C:\Windows\system32\drivers\intelaud.sys [2013-08-22 39320]
S3 LVRS64;@oem23.inf,%lvrs.SrvDesc%;Logitech RightSound Filter Driver; C:\Windows\system32\DRIVERS\lvrs64.sys [2012-10-26 351520]
S3 LVUVC64;@oem24.inf,%PID_082D_DD%(UVC);Logitech HD Pro Webcam C920(UVC); C:\Windows\system32\DRIVERS\lvuvc64.sys [2012-10-26 4758176]
S3 usbaudio;@wdma_usb.inf,%USBAudio.SvcDesc%;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2013-12-12 121088]
S3 WinUsb;@wpdmtp.inf,%WinUsb.SvcDesc%;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2013-08-22 78848]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-05-11 65640]
R2 dts_apo_service;DTS APO Service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [2013-09-10 19792]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2014-10-01 1349576]
R2 Fitbit Connect;Fitbit Connect Service; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [2014-05-19 1436192]
R2 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-05-11 733696]
R2 Intel® ME Service;Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [2013-09-03 131544]
R2 jhi_service;Intel® Dynamic Application Loader Host Interface Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [2013-09-03 169432]
R2 LMS;Intel® Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe [2013-09-03 390616]
R2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\Windows\system32\TODDSrv.exe [2009-07-28 140632]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\Teco\TecoService.exe [2013-08-09 328544]
R3 ICCS;Intel® Integrated Clock Controller Service - Intel® ICCS; C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe [2012-04-24 169752]
R3 TMachInfo;TMachInfo; C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2013-07-31 53864]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-20 116648]
S3 cphs;Intel® Content Protection HECI Service; C:\Windows\SysWow64\IntelCpHeciSvc.exe [2013-08-30 279024]
S3 FontCache3.0.0.0;@%SystemRoot%\system32\PresentationHost.exe,-3309; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2013-08-22 43696]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-09-20 116648]
S3 Intel® Capability Licensing Service TCP IP Interface;Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-05-11 822232]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2014-11-26 114800]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2014-11-18 833728]

-----------------EOF-----------------
 


I want the life you think I have.

BC AdBot (Login to Remove)

 


#2 satchfan

satchfan

  • Malware Response Team
  • 2,661 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:06:10 AM

Posted 11 December 2014 - 05:24 AM

Hello pyropixie and welcome to the Bleeping Computer forum.

My name is Satchfan and I would be glad to help you with your computer problem.

Please read the following guidelines which will help to make cleaning your machine easier:

  • please follow all instructions in the order posted
  • please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear
  • all logs/reports, etc. must be posted in Notepad. Please ensure that word wrap is unchecked. In Notepad click Format, uncheck Word wrap if it is checked
  • if you don't understand something, please don't hesitate to ask for clarification before proceeding
  • the fixes are specific to your problem and should only be used for this issue on this machine.
  • please reply within 3 days. If you do not reply within this period I will post a reminder but topics with no reply in 4 days will be closed!

IMPORTANT:

Please DO NOT install/uninstall any programs unless asked to.
Please DO NOT run any scans other than those requested


Run RogueKiller

IMPORTANT: Please remove any usb or external drives from the computer before you run this scan!

Close all running programs.


Download RogueKiller to your desktop


  • close all running programs
  • for Windows Vista/Seven, right click -> run as administrator, for XP simply double-click on RogueKiller.exe
  • when the pre-scan is finished, click on Scan
  • click on Report and copy/paste the content in your next post
  • NOTE: DO NOT attempt to remove anything that the scan detects –everything that is reported is not necessarily bad

If the program is blocked, continue to try it several times. If it still doesn’t work, (it could happen), rename it to winlogon.exe.

Please post the contents of the RKreport.txt in your next reply.

===================================================

Run Farbar Recovery Scan Tool

Please download Farbar Recovery Scan Tool and save it to your Desktop.
 

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • press Scan button
  • it will produce a log called FRST.txt in the same directory the tool is run from
  • please copy and paste log back here.
  • the first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Logs to include with next post:

RKreport.txt
FRST.txt
Addition.txt


Thanks

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#3 pyropixie

pyropixie
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Suckramento, CA
  • Local time:09:10 PM

Posted 12 December 2014 - 12:36 AM

RogueKiller V10.1.0.0 [Dec 11 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : User [Administrator]
Mode : Scan -- Date : 12/11/2014  21:02:46

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 4 ¤¤¤
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: TOSHIBA MQ01ABD075 +++++
--- User ---
[MBR] a84dd93b5b19931ceaddbccc47850486
[BSP] df4f83c1f72e36823a12b0dfc7617313 : Empty MBR Code
Partition table:
0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097151 MB
User = LL1 ... OK
User = LL2 ... OK


============================================
RKreport_DEL_12052014_210232.log - RKreport_DEL_12052014_210235.log - RKreport_DEL_12052014_210246.log - RKreport_SCN_12052014_210106.log

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-12-2014 03
Ran by User (administrator) on PIXIE on 11-12-2014 21:38:16
Running from C:\Users\User\Desktop
Loaded Profile: User (Available profiles: User)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
() C:\Program Files (x86)\HiVision Multimedia\VivaStation\ScheduleAgent.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-17] (TOSHIBA Corporation)
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296520 2013-09-11] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5595336 2014-10-01] (ESET)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512 2013-07-23] (TOSHIBA)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3414560 2014-05-19] (Fitbit, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-562819725-3130915416-309187118-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3414560 2014-05-19] (Fitbit, Inc.)
HKU\S-1-5-21-562819725-3130915416-309187118-1001\...\Run: [TiVme Agent] => C:\Program Files (x86)\HiVision Multimedia\VivaStation\ScheduleAgent.exe [139264 2011-07-28] ()
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com/?pc=TNJB
SearchScopes: HKU\S-1-5-21-562819725-3130915416-309187118-1001 -> {699C7C9B-6E8D-450D-9411-DF7D6BBADF25} URL =
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\0jz2v3md.default-1417925789100
FF DefaultSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{C74AB308-BA97-42f6-BB20-00E0868F52FB}] - C:\Program Files\shopperz\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{C74AB308-BA97-42f6-BB20-00E0868F52FB}] - C:\Program Files\shopperz\Firefox
FF HKU\S-1-5-21-562819725-3130915416-309187118-1001\...\Firefox\Extensions: [{4CB69BA2-CF07-199E-21BF-DF78B77031DF}] - C:\Program Files (x86)\ver9SpeeditUp\184.xpi

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19792 2013-09-10] ()
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1349576 2014-10-01] (ESET)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [1436192 2014-05-19] (Fitbit, Inc.)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-03] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 A2DDA; C:\EEK\BIN\a2ddax64.sys [26176 2014-12-06] (Emsisoft GmbH)
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2014-12-06] (Emsisoft GmbH)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [243440 2014-08-18] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [241368 2014-08-18] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [169280 2014-08-18] (ESET)
S3 ElgatoGC658Y; C:\Windows\System32\Drivers\ElgatoGC658.sys [50288 2012-11-12] (UB658)
R2 epfw; C:\Windows\system32\DRIVERS\epfw.sys [222280 2014-08-18] (ESET)
R1 EpfwLWF; C:\Windows\system32\DRIVERS\EpfwLWF.sys [44632 2014-08-18] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [63160 2014-09-18] (ESET)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2945240 2013-09-12] (Realtek Semiconductor Corporation                           )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2014-08-06] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows ® Win 7 DDK provider)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2014-12-11] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
R2 webinstrNewH; C:\Windows\system32\Drivers\webinstrNewH.sys [106456 2014-12-04] (Corsica)
R3 WinDriver6; C:\Windows\system32\drivers\windrvr6.sys [266752 2012-08-26] (Jungo)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
S1 cherimoya; system32\drivers\cherimoya.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-11 21:38 - 2014-12-11 21:38 - 00010125 _____ () C:\Users\User\Desktop\FRST.txt
2014-12-11 21:38 - 2014-12-11 21:38 - 00000000 ____D () C:\FRST
2014-12-11 21:37 - 2014-12-11 21:37 - 02119680 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2014-12-11 20:58 - 2014-12-11 20:58 - 15201368 _____ () C:\Users\User\Downloads\RogueKiller.exe
2014-12-10 18:40 - 2014-12-10 18:40 - 00000000 ____D () C:\rsit
2014-12-10 18:40 - 2014-12-10 18:40 - 00000000 ____D () C:\Program Files\trend micro
2014-12-10 18:39 - 2014-12-10 18:39 - 01222144 _____ () C:\Users\User\Desktop\RSITx64.exe
2014-12-08 21:19 - 2014-12-08 21:20 - 00688992 _____ (Swearware) C:\Users\User\Downloads\dds.scr
2014-12-08 21:07 - 2014-12-08 21:07 - 00688992 _____ (Swearware) C:\Users\User\Desktop\dds.com
2014-12-07 21:38 - 2014-12-07 21:38 - 00010918 _____ () C:\Users\User\Desktop\HitmanPro_20141207_2138.log
2014-12-07 20:26 - 2014-12-07 20:26 - 02153472 _____ () C:\Users\User\Desktop\adwcleaner_4.104(1).exe
2014-12-07 17:15 - 2014-12-07 17:15 - 00000970 _____ () C:\Users\User\Desktop\1.txt
2014-12-07 12:28 - 2014-12-07 12:28 - 00126040 _____ () C:\Users\User\Downloads\smb3_hurry_up.wav
2014-12-07 12:28 - 2014-12-07 12:28 - 00065900 _____ () C:\Users\User\Downloads\smsunshine_nintendo_logo_coin.wav
2014-12-07 12:28 - 2014-12-07 12:28 - 00035538 _____ () C:\Users\User\Downloads\smb_pipe.wav
2014-12-07 08:21 - 2014-12-07 08:21 - 00000136 _____ () C:\Users\User\Desktop\eset.txt
2014-12-06 19:52 - 2014-12-06 20:09 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-12-06 19:50 - 2014-12-06 19:51 - 00003326 _____ () C:\Users\User\Desktop\Rkill.txt
2014-12-06 10:27 - 2014-12-06 10:27 - 00000621 _____ () C:\Users\User\Desktop\JRT.txt
2014-12-06 10:24 - 2014-12-06 10:24 - 00000000 ____D () C:\Windows\ERUNT
2014-12-05 22:41 - 2014-12-05 22:41 - 00001182 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-05 22:41 - 2014-12-05 22:41 - 00001170 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-05 22:41 - 2014-12-05 22:41 - 00000000 ____D () C:\Users\User\AppData\Roaming\Mozilla
2014-12-05 22:41 - 2014-12-05 22:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-05 22:41 - 2014-12-05 22:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-05 22:22 - 2014-12-05 22:22 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieUserList
2014-12-05 22:22 - 2014-12-05 22:22 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieSiteList
2014-12-05 22:22 - 2014-12-05 22:22 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieBrowserModeList
2014-12-05 22:16 - 2010-03-08 02:10 - 00013824 _____ (Kephyr) C:\Windows\system32\ffnd.exe
2014-12-05 21:48 - 2014-12-05 21:48 - 00077312 _____ (Emsisoft GmbH) C:\Windows\system32\eamclean.exe
2014-12-05 21:48 - 2014-12-05 21:48 - 00000114 _____ () C:\Windows\system32\eamclean.dat
2014-12-05 21:04 - 2014-12-05 21:05 - 00000000 ____D () C:\EEK
2014-12-05 21:04 - 2014-12-05 21:04 - 00000766 _____ () C:\Users\User\Desktop\Start Emsisoft Emergency Kit.lnk
2014-12-05 20:53 - 2014-12-11 20:58 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-12-05 20:53 - 2014-12-05 20:53 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-12-05 20:06 - 2014-12-07 21:11 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-05 20:06 - 2014-12-07 21:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-05 20:06 - 2014-12-07 21:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-05 20:06 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-05 20:06 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-05 20:06 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-05 19:58 - 2014-12-05 19:58 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-12-05 19:49 - 2014-12-05 19:58 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-12-05 19:42 - 2014-12-07 20:31 - 00000000 ____D () C:\AdwCleaner
2014-12-05 19:42 - 2014-12-07 20:30 - 00000385 _____ () C:\AdwCleanerDebug.txt
2014-12-05 19:38 - 2014-12-05 19:38 - 00000000 ____D () C:\Users\User\AppData\Roaming\WildTangent
2014-12-04 23:40 - 2014-12-04 23:40 - 00003162 _____ () C:\Windows\System32\Tasks\{9258F7AD-6770-4764-913D-CEBF5C1A976D}
2014-12-04 23:31 - 2014-12-04 23:31 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-12-04 22:06 - 2014-12-04 22:06 - 00000000 ____D () C:\Users\User\AppData\Roaming\ESET
2014-12-04 22:06 - 2014-12-04 22:06 - 00000000 ____D () C:\Users\User\AppData\Local\ESET
2014-12-04 22:04 - 2014-12-04 22:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2014-12-04 22:04 - 2014-12-04 22:04 - 00000000 ____D () C:\ProgramData\ESET
2014-12-04 22:04 - 2014-12-04 22:04 - 00000000 ____D () C:\Program Files\ESET
2014-12-04 21:01 - 2014-12-04 21:55 - 00000000 ____D () C:\Users\User\AppData\Local\2811
2014-12-04 20:57 - 2014-12-04 20:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-04 20:55 - 2014-12-04 20:55 - 00001974 _____ () C:\Windows\patsearch.bin
2014-12-04 20:55 - 2014-12-04 20:55 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrNewH_01009.Wdf
2014-12-04 20:55 - 2014-12-04 20:54 - 00106456 _____ (Corsica) C:\Windows\system32\Drivers\webinstrNewH.sys
2014-12-04 20:44 - 2014-12-04 20:49 - 00000000 ____D () C:\PhSp_CS2_UE_Ret
2014-11-19 18:43 - 2014-11-09 15:19 - 00991232 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 18:43 - 2014-11-09 15:19 - 00806400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 18:43 - 2014-11-09 15:18 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 18:43 - 2014-11-09 15:18 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-11 16:46 - 2014-10-12 18:33 - 00116032 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-11-11 16:46 - 2014-10-10 16:58 - 03320320 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-11 16:46 - 2014-10-10 16:53 - 03607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-11 16:46 - 2014-10-07 23:30 - 00110080 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2014-11-11 16:46 - 2014-10-07 23:09 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-11-11 16:46 - 2014-10-07 22:27 - 00325120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-11-11 16:46 - 2014-10-07 21:32 - 02773504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-11-11 16:46 - 2014-10-07 21:19 - 02459136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-11-11 16:46 - 2014-09-21 20:38 - 01519488 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2014-11-11 16:46 - 2014-09-21 19:06 - 00258368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2014-11-11 16:46 - 2014-09-21 19:06 - 00114496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2014-11-11 16:46 - 2014-09-21 18:49 - 00035320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2014-11-11 16:46 - 2014-09-18 16:16 - 01346048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2014-11-11 16:46 - 2014-09-02 14:08 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\winshfhc.dll
2014-11-11 16:46 - 2014-09-02 14:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winshfhc.dll
2014-11-11 16:45 - 2014-10-30 21:28 - 25110016 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-11-11 16:45 - 2014-10-30 19:42 - 19781632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-11-11 16:45 - 2014-10-06 22:28 - 00500016 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-11 16:45 - 2014-10-06 22:27 - 00482872 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-11 16:45 - 2014-10-06 22:27 - 00394120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-11 16:45 - 2014-10-06 22:27 - 00272248 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2014-11-11 16:45 - 2014-10-06 22:27 - 00108432 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-11 16:45 - 2014-10-06 19:34 - 00370424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-11 16:45 - 2014-10-06 19:34 - 00344536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-11 16:45 - 2014-10-06 19:33 - 00424544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-11 16:45 - 2014-10-06 17:54 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2014-11-11 16:45 - 2014-10-06 17:46 - 00911360 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-11 16:45 - 2014-08-22 21:18 - 02149376 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-11 16:45 - 2014-08-22 21:03 - 01346048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-11 16:44 - 2014-10-30 21:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2014-11-11 16:44 - 2014-10-30 21:12 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2014-11-11 16:44 - 2014-10-30 21:10 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2014-11-11 16:44 - 2014-10-30 21:09 - 00064512 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2014-11-11 16:44 - 2014-10-30 21:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2014-11-11 16:44 - 2014-10-30 21:06 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-11-11 16:44 - 2014-10-30 21:06 - 00237568 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-11-11 16:44 - 2014-10-30 21:06 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-11-11 16:44 - 2014-10-30 21:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-11-11 16:44 - 2014-10-30 21:05 - 02884096 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-11-11 16:44 - 2014-10-30 21:05 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-11-11 16:44 - 2014-10-30 21:04 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-11-11 16:44 - 2014-10-30 20:57 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-11-11 16:44 - 2014-10-30 20:56 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-11-11 16:44 - 2014-10-30 20:54 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2014-11-11 16:44 - 2014-10-30 20:53 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-11-11 16:44 - 2014-10-30 20:52 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2014-11-11 16:44 - 2014-10-30 20:51 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-11-11 16:44 - 2014-10-30 20:51 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-11-11 16:44 - 2014-10-30 20:51 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-11-11 16:44 - 2014-10-30 20:50 - 06040064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-11-11 16:44 - 2014-10-30 20:50 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-11-11 16:44 - 2014-10-30 20:40 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2014-11-11 16:44 - 2014-10-30 20:38 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-11-11 16:44 - 2014-10-30 20:30 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-11-11 16:44 - 2014-10-30 20:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2014-11-11 16:44 - 2014-10-30 20:29 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2014-11-11 16:44 - 2014-10-30 20:28 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2014-11-11 16:44 - 2014-10-30 20:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-11-11 16:44 - 2014-10-30 20:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-11-11 16:44 - 2014-10-30 20:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2014-11-11 16:44 - 2014-10-30 20:23 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-11-11 16:44 - 2014-10-30 20:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-11-11 16:44 - 2014-10-30 20:19 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2014-11-11 16:44 - 2014-10-30 20:15 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2014-11-11 16:44 - 2014-10-30 20:08 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-11-11 16:44 - 2014-10-30 20:06 - 00372736 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-11-11 16:44 - 2014-10-30 20:05 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-11-11 16:44 - 2014-10-30 20:05 - 00716800 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-11-11 16:44 - 2014-10-30 20:03 - 02124288 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-11-11 16:44 - 2014-10-30 19:59 - 14390272 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-11-11 16:44 - 2014-10-30 19:45 - 02365440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-11-11 16:44 - 2014-10-30 19:44 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2014-11-11 16:44 - 2014-10-30 19:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2014-11-11 16:44 - 2014-10-30 19:32 - 01550336 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-11-11 16:44 - 2014-10-30 19:28 - 00137728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2014-11-11 16:44 - 2014-10-30 19:28 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2014-11-11 16:44 - 2014-10-30 19:27 - 00152064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2014-11-11 16:44 - 2014-10-30 19:26 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2014-11-11 16:44 - 2014-10-30 19:25 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2014-11-11 16:44 - 2014-10-30 19:24 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-11-11 16:44 - 2014-10-30 19:24 - 00235520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-11-11 16:44 - 2014-10-30 19:24 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-11-11 16:44 - 2014-10-30 19:23 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-11-11 16:44 - 2014-10-30 19:23 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-11-11 16:44 - 2014-10-30 19:22 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-11-11 16:44 - 2014-10-30 19:20 - 00799232 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-11-11 16:44 - 2014-10-30 19:18 - 02277376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-11-11 16:44 - 2014-10-30 19:16 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-11-11 16:44 - 2014-10-30 19:15 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-11-11 16:44 - 2014-10-30 19:14 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2014-11-11 16:44 - 2014-10-30 19:13 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-11-11 16:44 - 2014-10-30 19:13 - 00099328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2014-11-11 16:44 - 2014-10-30 19:12 - 00661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-11-11 16:44 - 2014-10-30 19:12 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-11-11 16:44 - 2014-10-30 19:11 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-11-11 16:44 - 2014-10-30 19:03 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2014-11-11 16:44 - 2014-10-30 19:02 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-11-11 16:44 - 2014-10-30 18:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-11-11 16:44 - 2014-10-30 18:56 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2014-11-11 16:44 - 2014-10-30 18:56 - 00090624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2014-11-11 16:44 - 2014-10-30 18:56 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2014-11-11 16:44 - 2014-10-30 18:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-11-11 16:44 - 2014-10-30 18:53 - 00052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2014-11-11 16:44 - 2014-10-30 18:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-11-11 16:44 - 2014-10-30 18:51 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-11-11 16:44 - 2014-10-30 18:50 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-11-11 16:44 - 2014-10-30 18:48 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2014-11-11 16:44 - 2014-10-30 18:46 - 04298240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-11-11 16:44 - 2014-10-30 18:46 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2014-11-11 16:44 - 2014-10-30 18:42 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-11-11 16:44 - 2014-10-30 18:40 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-11-11 16:44 - 2014-10-30 18:40 - 00325632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-11-11 16:44 - 2014-10-30 18:39 - 02051072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-11-11 16:44 - 2014-10-30 18:30 - 12819456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-11-11 16:44 - 2014-10-30 18:26 - 01042944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2014-11-11 16:44 - 2014-10-30 18:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2014-11-11 16:44 - 2014-10-30 18:17 - 01892864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-11-11 16:44 - 2014-10-30 18:13 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-11-11 16:44 - 2014-10-30 18:11 - 00708096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-11-11 16:43 - 2014-09-26 23:13 - 00104336 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2014-11-11 16:43 - 2014-09-26 21:24 - 00088800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2014-11-11 16:43 - 2014-09-26 19:38 - 00426496 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-11 16:43 - 2014-09-26 19:30 - 00185856 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2014-11-11 16:43 - 2014-09-26 19:17 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-11 16:42 - 2014-10-22 21:48 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-11 16:42 - 2014-10-22 21:05 - 00072192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-11 16:42 - 2014-10-09 17:58 - 00177472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-11 16:42 - 2014-10-09 17:58 - 00027456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-11-11 16:42 - 2014-10-09 17:44 - 00563976 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2014-11-11 16:42 - 2014-10-07 23:37 - 00736768 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-11 16:42 - 2014-10-07 23:37 - 00154112 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-11 16:42 - 2014-10-07 23:34 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-11-11 16:42 - 2014-10-07 23:24 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\rfxvmt.dll
2014-11-11 16:42 - 2014-10-07 22:56 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2014-11-11 16:42 - 2014-10-07 22:51 - 00736768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-11 16:42 - 2014-10-07 22:51 - 00154112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-11 16:42 - 2014-10-07 22:18 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2014-11-11 16:42 - 2014-10-07 22:17 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-11 16:42 - 2014-10-07 21:23 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-11-11 16:42 - 2014-10-06 19:30 - 04182016 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-11 16:41 - 2014-10-18 01:55 - 00055776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-11-11 16:41 - 2014-10-18 00:09 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-11-11 16:41 - 2014-10-18 00:09 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-11-11 16:41 - 2014-10-17 23:25 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-11-11 16:41 - 2014-10-17 22:50 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
2014-11-11 16:41 - 2014-10-17 22:38 - 03557376 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-11-11 16:41 - 2014-10-17 22:27 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-11-11 16:41 - 2014-10-17 22:26 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-11-11 16:41 - 2014-10-17 22:23 - 00407552 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2014-11-11 16:41 - 2014-10-17 22:23 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-11-11 16:41 - 2014-10-17 22:21 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-11-11 16:41 - 2014-10-17 22:20 - 01714176 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-11-11 16:41 - 2014-10-17 22:14 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-11-11 16:41 - 2014-10-17 22:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-11-11 16:41 - 2014-10-17 22:12 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-11-11 16:41 - 2014-10-17 22:11 - 00723968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-11-11 16:41 - 2014-10-16 23:01 - 00789184 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-11 16:41 - 2014-10-16 22:58 - 00602768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-11 16:40 - 2014-09-09 22:25 - 00474432 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2014-11-11 16:40 - 2014-09-07 19:07 - 02497344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-11-11 16:40 - 2014-09-07 19:07 - 00428864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-11-11 16:40 - 2014-09-07 14:08 - 00389176 _____ () C:\Windows\system32\ApnDatabase.xml
2014-11-11 16:40 - 2014-09-04 14:30 - 00822272 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-11-11 16:40 - 2014-09-04 14:21 - 01053184 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-11-11 16:40 - 2014-09-03 19:05 - 00836176 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2014-11-11 16:40 - 2014-09-03 18:22 - 00670384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2014-11-11 16:40 - 2014-09-03 17:01 - 00448512 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2014-11-11 16:40 - 2014-09-03 16:32 - 00334336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2014-11-11 16:40 - 2014-08-30 16:17 - 00148800 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2014-11-11 16:40 - 2014-08-30 16:15 - 21197152 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-11-11 16:40 - 2014-08-30 14:59 - 18723112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-11-11 16:40 - 2014-08-30 14:05 - 00615424 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOMEX.dll
2014-11-11 16:40 - 2014-08-30 13:58 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\FXSAPI.dll
2014-11-11 16:40 - 2014-08-30 13:04 - 00941568 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2014-11-11 16:40 - 2014-08-30 12:53 - 00239104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FXSAPI.dll
2014-11-11 16:40 - 2014-08-30 12:17 - 00799744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2014-11-11 16:40 - 2014-08-27 18:55 - 07484224 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-11-11 16:40 - 2014-08-27 16:21 - 02480128 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-11-11 16:40 - 2014-08-27 16:06 - 02030592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-11-11 16:40 - 2014-08-22 21:14 - 13424128 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2014-11-11 16:40 - 2014-08-22 21:04 - 11820544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2014-11-11 16:40 - 2014-08-22 20:50 - 02714112 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2014-11-11 16:40 - 2014-08-01 16:51 - 00545792 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2014-11-11 16:40 - 2014-08-01 16:35 - 00485376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-11 21:16 - 2013-09-20 22:36 - 01233605 _____ () C:\Windows\WindowsUpdate.log
2014-12-11 21:00 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\sru
2014-12-11 20:56 - 2014-04-14 19:57 - 00000000 ____D () C:\Users\User\AppData\Local\Battle.net
2014-12-11 19:33 - 2013-12-25 12:07 - 00003910 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{7C64A9AC-5E86-464C-8EEB-2EA245115A79}
2014-12-11 18:42 - 2014-06-02 20:21 - 00019573 _____ () C:\Windows\system32\lvcoinst.log
2014-12-10 22:49 - 2013-12-22 18:51 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-562819725-3130915416-309187118-1001
2014-12-10 22:47 - 2013-08-22 07:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-12-10 22:45 - 2014-02-01 17:46 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 22:44 - 2014-02-01 17:46 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-10 19:00 - 2013-09-20 22:50 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-10 18:55 - 2014-04-14 19:57 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-12-10 18:37 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-12-07 21:58 - 2013-09-12 20:20 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-07 21:56 - 2014-09-20 21:23 - 00000000 ____D () C:\Users\User\OneDrive
2014-12-07 21:53 - 2013-08-22 06:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-07 20:31 - 2013-09-12 20:09 - 00391234 _____ () C:\Windows\PFRO.log
2014-12-07 19:45 - 2013-08-22 05:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-12-07 17:08 - 2014-03-17 21:42 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-07 17:02 - 2014-04-30 18:48 - 00000000 ____D () C:\Users\User\AppData\Roaming\OBS
2014-12-07 08:39 - 2013-08-22 06:46 - 00023747 _____ () C:\Windows\setupact.log
2014-12-07 08:37 - 2014-04-30 18:48 - 00000000 ____D () C:\Program Files (x86)\OBS
2014-12-07 08:27 - 2014-04-14 19:58 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-12-06 10:25 - 2014-04-15 22:12 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps
2014-12-06 10:19 - 2013-12-31 21:08 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe
2014-12-05 22:16 - 2013-12-22 18:49 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Anti-Theft
2014-12-05 19:38 - 2013-09-12 20:42 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-12-05 19:38 - 2013-09-12 20:42 - 00000000 ____D () C:\ProgramData\WildTangent
2014-12-05 19:38 - 2013-09-12 20:42 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games
2014-12-04 23:40 - 2013-12-25 17:38 - 00000000 ____D () C:\Program Files (x86)\xchat
2014-12-04 23:40 - 2013-12-22 18:46 - 00000000 ____D () C:\Users\User\AppData\Roaming\Adobe
2014-12-04 23:40 - 2013-09-12 20:39 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-12-04 23:39 - 2013-12-25 17:36 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-12-04 23:31 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\AppCompat
2014-12-04 23:02 - 2013-08-22 05:25 - 00000194 _____ () C:\Windows\win.ini
2014-12-04 22:05 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\GroupPolicy
2014-12-04 20:36 - 2013-09-12 20:39 - 00000000 ____D () C:\ProgramData\Adobe
2014-12-04 20:35 - 2014-04-20 09:52 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-11-21 23:29 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\rescache
2014-11-20 12:51 - 2014-08-23 15:23 - 00714208 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-20 12:51 - 2014-08-23 15:23 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-16 14:28 - 2014-09-25 21:56 - 00000000 ____D () C:\Users\User\AppData\Local\CSDSteamBuild
2014-11-16 11:33 - 2013-08-22 06:44 - 05005016 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-16 11:29 - 2013-08-22 07:36 - 00000000 ___RD () C:\Windows\ToastData
2014-11-16 11:29 - 2013-08-22 07:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2014-11-16 11:29 - 2013-08-22 07:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-16 11:29 - 2013-08-22 07:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-16 11:29 - 2013-08-22 07:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-11-16 11:29 - 2013-08-22 07:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender

Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\dllnt_dump.dll
C:\Users\User\AppData\Local\Temp\Quarantine.exe
C:\Users\User\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-11 02:26

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-12-2014 03
Ran by User at 2014-12-11 21:38:49
Running from C:\Users\User\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Smart Security 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

 FUTURA XL-400 Software (HKLM-x32\...\{DE21A2BD-46ED-46B2-9564-B030B447C526}) (Version: 4.0.0.0 - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.249 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.239 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.03)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
BattleBlock Theater (HKLM-x32\...\Steam App 238460) (Version:  - The Behemoth)
BIT.TRIP RUNNER (HKLM-x32\...\Steam App 63710) (Version:  - Gaijin Games)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cook, Serve, Delicious! (HKLM-x32\...\Steam App 247020) (Version:  - Vertigo Gaming)
Costume Quest 2 (HKLM-x32\...\Steam App 275180) (Version:  - Double Fine Productions)
Crawl (HKLM-x32\...\Steam App 293780) (Version:  - Powerhoof)
DTS Sound (HKLM-x32\...\{2DFA9084-CEB3-4A48-B9F7-9038FEF1B8F4}) (Version: 1.01.2700 - DTS, Inc.)
Elgato Game Capture HD (HKLM-x32\...\{BB6E10AB-CB79-463F-9548-B7DCEDC3BF28}) (Version: 1.42.24.539 - Elgato Systems GmbH)
ESET Smart Security (HKLM\...\{C082CDB9-D173-4740-AE0E-C685E6F44850}) (Version: 8.0.304.0 - ESET, spol s r. o.)
Fitbit Connect (HKLM-x32\...\{D3CD091B-296B-48E9-9F0F-E9FE53E02E41}) (Version: 1.0.3.5511 - Fitbit Inc.)
FUTURA XL-400 Software (x32 Version: 4.0.0.0 - Default Company Name) Hidden
Gauntlet™  (HKLM-x32\...\Steam App 258970) (Version:  - Arrowhead Game Studios)
Hammerwatch (HKLM-x32\...\Steam App 239070) (Version:  - )
Hearthstone (HKLM-x32\...\Hearthstone) (Version:  - Blizzard Entertainment)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3282 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{4FFA2088-8317-3B14-93CD-4C699DB37843}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 34.0.5 - Mozilla)
Nimble Quest (HKLM-x32\...\Steam App 259780) (Version:  - )
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version:  - )
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Prison Architect (HKLM-x32\...\Steam App 233450) (Version:  - Introversion Software)
Qualcomm Atheros Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39052 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7023 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\InstallShield_{95F38874-065A-40AB-AFC1-B764B192FFE7}) (Version: 2.00.0002 - REALTEK Semiconductor Corp.)
REALTEK Wireless LAN Driver (x32 Version: 2.00.0002 - REALTEK Semiconductor Corp.) Hidden
Risk of Rain (HKLM-x32\...\Steam App 248820) (Version:  - )
Skype™ 6.20 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.20.104 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.10.51 - Synaptics Incorporated)
Tabletop Simulator (HKLM-x32\...\Steam App 286160) (Version:  - Berserk Games)
Tiny Thief (HKLM-x32\...\Steam App 257080) (Version:  - 5 Ants)
Torchlight II (HKLM-x32\...\Steam App 200710) (Version:  - Runic Games)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM\...\{21A63CA3-75C0-4E56-B602-B7CD2EF6B621}) (Version: 9.0.2.4 - Toshiba Corporation)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.17.0 - Toshiba Corporation)
Toshiba Book Place (HKLM-x32\...\{11244D6B-9842-440F-8579-6A4D771A0D9B}) (Version: 3.3.9661 - K-NFB Reading Technology, Inc.)
TOSHIBA Display Utility (HKLM\...\{84FA4D2D-4273-4C66-BD3D-ADD3FE48DFA2}) (Version: 1.1.5.0 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.2.0.6404 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.1.0001.6403 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\{B1786E63-2127-42C9-95A3-146E5F727BF1}) (Version: v2.1.0.14 - Toshiba Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.9.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.1.02.55065006 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{FBFCEEA5-96EA-4C8E-9262-43CBBEBAE413}) (Version: 2.6.8 - Toshiba Corporation)
TOSHIBA Start (HKLM-x32\...\{A74C9CC1-2211-4A75-A688-6F7CFE2C2B12}) (Version: 1.00.02 - TOSHIBA America Information Systems, Inc)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0030 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.1.2.32001 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.27.102 - Toshiba Corporation)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
USB Video/Audio Device Driver (HKLM-x32\...\{3717C4F2-7412-4793-9BB8-D73D2817B3D6}) (Version: 1.00.0000 - EETI)
VivaStation Software (HKLM-x32\...\VivaStation_is1) (Version:  - )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

29-11-2014 02:47:32 Windows Update
05-12-2014 07:38:11 Removed SewArt
06-12-2014 18:13:32 Removed Java 7 Update 67
08-12-2014 01:07:22 Removed Skype Click to Call
11-12-2014 06:42:01 Windows Update

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 05:25 - 2013-08-22 05:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {180163FD-AD62-4E4B-9936-5B05C55296E1} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-08-06] (Synaptics Incorporated)
Task: {3322AE17-0996-4CBF-879E-588A1422907D} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-07-31] (TOSHIBA Corporation)
Task: {9F887DB1-E98B-4D89-9099-3A84D58EE364} - System32\Tasks\{9258F7AD-6770-4764-913D-CEBF5C1A976D} => pcalua.exe -a "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\Creative Cloud Uninstaller.exe"
Task: {BFDEC71E-3E34-4959-A87A-381943879201} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2014-12-10] (Microsoft Corporation)
Task: {E29286DB-BC43-431B-9ACA-ACB20E3131EA} - System32\Tasks\Resolution+ Setting Task => C:\Program Files\Toshiba\TOSHIBA Smart View Utility\Plugins\ResolutionPlus\TosRegPermissionChg.exe [2013-08-28] (TODO: <Company name>)
Task: {F723A7D6-6839-459A-8253-14DB3FC34F66} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2013-08-21] (Realtek Semiconductor)

==================== Loaded Modules (whitelisted) =============

2013-09-10 11:54 - 2013-09-10 11:54 - 00019792 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
2013-08-12 18:52 - 2013-08-12 18:52 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2012-07-18 17:38 - 2012-07-18 17:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2014-06-20 18:46 - 2011-07-28 13:59 - 00139264 _____ () C:\Program Files (x86)\HiVision Multimedia\VivaStation\ScheduleAgent.exe
2014-10-26 21:15 - 2014-10-26 21:15 - 01459712 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.UI\70975006261385b6d373c650e536a2a8\Windows.UI.ni.dll
2014-10-26 21:15 - 2014-10-26 21:15 - 00521216 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Data\aa9ff1b67253446c779f9ab3849e0834\Windows.Data.ni.dll
2014-10-26 21:15 - 2014-10-26 21:15 - 00363520 _____ () C:\Windows\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\6077ef6b49cd1fd09ea749690afdd4bc\Windows.Foundation.ni.dll
2013-09-20 22:17 - 2013-09-03 15:52 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2014-06-20 18:46 - 2011-05-27 14:59 - 00027648 _____ () C:\Program Files (x86)\HiVision Multimedia\VivaStation\ScheduledRecording.dll
2014-06-20 18:46 - 2011-05-03 13:48 - 00026112 _____ () C:\Program Files (x86)\HiVision Multimedia\VivaStation\DeviceInfo.dll
2014-06-20 18:46 - 2011-02-25 08:11 - 00012288 _____ () C:\Program Files (x86)\HiVision Multimedia\VivaStation\INIFile.dll
2014-06-20 18:46 - 2009-08-05 13:15 - 00282624 _____ () C:\Program Files (x86)\HiVision Multimedia\VivaStation\DirectShowLib-2005.dll
2014-06-20 18:46 - 2009-09-15 12:56 - 00005632 _____ () C:\Program Files (x86)\HiVision Multimedia\VivaStation\SRPOTimer.dll
2014-12-05 22:41 - 2014-11-26 08:40 - 03758192 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\User\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-562819725-3130915416-309187118-500 - Administrator - Disabled)
Guest (S-1-5-21-562819725-3130915416-309187118-501 - Limited - Disabled)
User (S-1-5-21-562819725-3130915416-309187118-1001 - Administrator - Enabled) => C:\Users\User

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/07/2014 09:56:32 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (12/07/2014 09:48:18 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (12/07/2014 08:32:40 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (12/07/2014 07:46:42 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (12/07/2014 05:17:29 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (12/07/2014 05:11:28 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (12/07/2014 03:23:36 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (12/07/2014 03:22:23 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.

Error: (12/07/2014 03:22:01 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (12/07/2014 07:25:38 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifest.


System errors:
=============
Error: (12/11/2014 08:58:35 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Windows\System32\drivers\TrueSight.sys

Error: (12/07/2014 09:52:12 PM) (Source: DCOM) (EventID: 10010) (User: PIXIE)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (12/07/2014 08:31:27 PM) (Source: DCOM) (EventID: 10005) (User: PIXIE)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (12/07/2014 08:30:01 PM) (Source: DCOM) (EventID: 10005) (User: PIXIE)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (12/07/2014 08:27:45 PM) (Source: DCOM) (EventID: 10005) (User: PIXIE)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (12/07/2014 08:27:01 PM) (Source: DCOM) (EventID: 10005) (User: PIXIE)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (12/07/2014 08:26:58 PM) (Source: DCOM) (EventID: 10005) (User: PIXIE)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (12/07/2014 08:26:58 PM) (Source: DCOM) (EventID: 10005) (User: PIXIE)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (12/07/2014 08:26:58 PM) (Source: DCOM) (EventID: 10005) (User: PIXIE)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}

Error: (12/07/2014 08:26:58 PM) (Source: DCOM) (EventID: 10005) (User: PIXIE)
Description: 1084WSearchUnavailable{B52D54BB-4818-4EB9-AA80-F9EACD371DF8}


Microsoft Office Sessions:
=========================
Error: (12/07/2014 09:56:32 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (12/07/2014 09:48:18 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\User\Downloads\esetsmartinstaller_enu.exe

Error: (12/07/2014 08:32:40 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (12/07/2014 07:46:42 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\User\Downloads\esetsmartinstaller_enu.exe

Error: (12/07/2014 05:17:29 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (12/07/2014 05:11:28 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (12/07/2014 03:23:36 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (12/07/2014 03:22:23 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (12/07/2014 03:22:01 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (12/07/2014 07:25:38 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_6242a4b3ecbb55a1.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.17031_none_a9efdb8b01377ea7.manifestC:\Users\User\Downloads\esetsmartinstaller_enu.exe


CodeIntegrity Errors:
===================================
  Date: 2014-12-03 01:02:44.531
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-03 01:02:44.421
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-03 01:02:43.390
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-03 01:02:43.265
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-03 01:02:43.031
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-03 01:02:42.906
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-03 01:02:42.671
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-03 01:02:42.499
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-03 01:02:41.593
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2014-12-03 01:02:41.468
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i3-3120M CPU @ 2.50GHz
Percentage of memory in use: 41%
Total physical RAM: 6023.27 MB
Available physical RAM: 3510.64 MB
Total Pagefile: 6983.27 MB
Available Pagefile: 4535.57 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB

==================== Drives ================================

Drive c: (TI10673200G) (Fixed) (Total:689.26 GB) (Free:642.54 GB) NTFS
Drive d: (DIRTY_DANCING) (CDROM) (Total:5.94 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================


Edited by pyropixie, 12 December 2014 - 12:39 AM.

I want the life you think I have.

#4 satchfan

satchfan

  • Malware Response Team
  • 2,661 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:06:10 AM

Posted 12 December 2014 - 07:30 AM

There’s nothing “bad” showing but we’ll get rid of what’s been found.

Open notepad. Please copy the contents of the code box below.


GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
FF HKLM\...\Firefox\Extensions: [{C74AB308-BA97-42f6-BB20-00E0868F52FB}] - C:\Program Files\shopperz\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{C74AB308-BA97-42f6-BB20-00E0868F52FB}] - C:\Program Files\shopperz\Firefox
FF HKU\S-1-5-21-562819725-3130915416-309187118-1001\...\Firefox\Extensions: [{4CB69BA2-CF07-199E-21BF-DF78B77031DF}] - C:\Program Files (x86)\ver9SpeeditUp\184.xpi
S1 cherimoya; system32\drivers\cherimoya.sys [X]
2014-12-04 21:01 - 2014-12-04 21:55 - 00000000 ____D () C:\Users\User\AppData\Local\2811
2014-12-04 20:55 - 2014-12-04 20:55 - 00001974 _____ () C:\Windows\patsearch.bin
2014-12-04 20:55 - 2014-12-04 20:55 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrNewH_01009.Wdf
2014-12-04 20:55 - 2014-12-04 20:54 - 00106456 _____ (Corsica) C:\Windows\system32\Drivers\webinstrNewH.sys  
C:\Program Files\shopperz
C:\Program Files (x86)\ver9SpeeditUp

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system


  • save the files as fixlist.txt in the same folder as FRST – NOTE: It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work
  • run FRST64 then click Fix just once and wait
  • it will create a log (Fixlog.txt); please post it to your reply.

================================================

Reset Firefox

You need to reset Firefox to its default settings which will remove everything from Firefox.

If you need to keep your bookmarks, follow the instructions here.

  • at the top of the Firefox window, click on the Help menu and select Troubleshooting Information
  • click the "Reset Firefox" button in the upper-right corner of the Troubleshooting Information page.
  • on the right, click Reset Firefox
  • Firefox will close and be reset
  • when it's finished, click Finish and Firefox will open
  • restart the computer and check Firefox again.

================================================

Run CKScanner

Download CKScanner by askey127 from here & save it to your Desktop.

  • double-click CKScanner.exe then click Search For Files
  • when the cursor hourglass disappears, click Save List To File
  • a message box will verify the file saved
  • double-click the CKFiles.txt icon on your desktop then copy/paste the contents in your next reply.

When you’ve done all of the above, please run FRST again and send a new log.

Logs to include in the next post:

Fixlog.txt
CKFiles.txt
New FRST log


Can you tell me how Firefox is now.

Thanks

Satchfan
 

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#5 pyropixie

pyropixie
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Suckramento, CA
  • Local time:09:10 PM

Posted 12 December 2014 - 09:37 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-12-2014 03
Ran by User at 2014-12-12 18:27:22 Run:1
Running from C:\Users\User\Desktop
Loaded Profile: User (Available profiles: User)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
FF HKLM\...\Firefox\Extensions: [{C74AB308-BA97-42f6-BB20-00E0868F52FB}] - C:\Program Files\shopperz\Firefox
FF HKLM-x32\...\Firefox\Extensions: [{C74AB308-BA97-42f6-BB20-00E0868F52FB}] - C:\Program Files\shopperz\Firefox
FF HKU\S-1-5-21-562819725-3130915416-309187118-1001\...\Firefox\Extensions: [{4CB69BA2-CF07-199E-21BF-DF78B77031DF}] - C:\Program Files (x86)\ver9SpeeditUp\184.xpi
S1 cherimoya; system32\drivers\cherimoya.sys [X]
2014-12-04 21:01 - 2014-12-04 21:55 - 00000000 ____D () C:\Users\User\AppData\Local\2811
2014-12-04 20:55 - 2014-12-04 20:55 - 00001974 _____ () C:\Windows\patsearch.bin
2014-12-04 20:55 - 2014-12-04 20:55 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webinstrNewH_01009.Wdf
2014-12-04 20:55 - 2014-12-04 20:54 - 00106456 _____ (Corsica) C:\Windows\system32\Drivers\webinstrNewH.sys  
C:\Program Files\shopperz
C:\Program Files (x86)\ver9SpeeditUp
*****************

C:\Windows\system32\GroupPolicy\Machine => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKLM\Software\Mozilla\Firefox\Extensions\\{C74AB308-BA97-42f6-BB20-00E0868F52FB} => value deleted successfully.
HKLM\Software\Wow6432Node\Mozilla\Firefox\Extensions\\{C74AB308-BA97-42f6-BB20-00E0868F52FB} => value deleted successfully.
HKU\S-1-5-21-562819725-3130915416-309187118-1001\Software\Mozilla\Firefox\Extensions\\{4CB69BA2-CF07-199E-21BF-DF78B77031DF} => value deleted successfully.
cherimoya => Service deleted successfully.
C:\Users\User\AppData\Local\2811 => Moved successfully.
C:\Windows\patsearch.bin => Moved successfully.
C:\Windows\system32\Drivers\Msft_Kernel_webinstrNewH_01009.Wdf => Moved successfully.
C:\Windows\system32\Drivers\webinstrNewH.sys => Moved successfully.
"C:\Program Files\shopperz" => File/Directory not found.
"C:\Program Files (x86)\ver9SpeeditUp" => File/Directory not found.


The system needed a reboot.

==== End of Fixlog ====

 

CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
c:\users\user\favorites\movies, videos & tv\crackle - free hollywood movies & tv series.url
scanner sequence 3.AP.11.QMNAOZ
 ----- EOF -----
 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-12-2014 03
Ran by User (administrator) on PIXIE on 12-12-2014 18:38:29
Running from C:\Users\User\Desktop
Loaded Profile: User (Available profiles: User)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Integrated Clock Controller Service\ICCProxy.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
() C:\Program Files (x86)\HiVision Multimedia\VivaStation\ScheduleAgent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
() C:\Users\User\Desktop\CKScanner.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.3.9600.17246_none_fa4ae8e99b1f603c\TiWorker.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-17] (TOSHIBA Corporation)
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296520 2013-09-11] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5595336 2014-10-01] (ESET)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512 2013-07-23] (TOSHIBA)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3414560 2014-05-19] (Fitbit, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-562819725-3130915416-309187118-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [3414560 2014-05-19] (Fitbit, Inc.)
HKU\S-1-5-21-562819725-3130915416-309187118-1001\...\Run: [TiVme Agent] => C:\Program Files (x86)\HiVision Multimedia\VivaStation\ScheduleAgent.exe [139264 2011-07-28] ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba13.msn.com/?pc=TNJB
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-562819725-3130915416-309187118-1001 -> {699C7C9B-6E8D-450D-9411-DF7D6BBADF25} URL =
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\z9yt9kk0.default-1418437912810
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_15_0_0_239.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_239.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

Chrome:
=======

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19792 2013-09-10] ()
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1349576 2014-10-01] (ESET)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [1436192 2014-05-19] (Fitbit, Inc.)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-03] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 A2DDA; C:\EEK\BIN\a2ddax64.sys [26176 2014-12-06] (Emsisoft GmbH)
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2014-12-06] (Emsisoft GmbH)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [243440 2014-08-18] (ESET)
R0 edevmon; C:\Windows\System32\DRIVERS\edevmon.sys [241368 2014-08-18] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [169280 2014-08-18] (ESET)
S3 ElgatoGC658Y; C:\Windows\System32\Drivers\ElgatoGC658.sys [50288 2012-11-12] (UB658)
R2 epfw; C:\Windows\system32\DRIVERS\epfw.sys [222280 2014-08-18] (ESET)
R1 EpfwLWF; C:\Windows\system32\DRIVERS\EpfwLWF.sys [44632 2014-08-18] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [63160 2014-09-18] (ESET)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [2945240 2013-09-12] (Realtek Semiconductor Corporation                           )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2014-08-06] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [32624 2013-08-19] (Windows ® Win 7 DDK provider)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2014-12-11] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
R3 WinDriver6; C:\Windows\system32\drivers\windrvr6.sys [266752 2012-08-26] (Jungo)
S3 xusb22; C:\Windows\System32\drivers\xusb22.sys [87040 2014-03-18] (Microsoft Corporation)
S2 webinstrNewH; \??\C:\Windows\system32\Drivers\webinstrNewH.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-12 18:37 - 2014-12-12 18:37 - 00000220 _____ () C:\Users\User\Desktop\ckfiles.txt
2014-12-12 18:33 - 2014-12-12 18:33 - 00468480 _____ () C:\Users\User\Desktop\CKScanner.exe
2014-12-12 18:31 - 2014-12-12 18:31 - 00000000 ____D () C:\Users\User\Desktop\Old Firefox Data
2014-12-11 21:38 - 2014-12-12 18:38 - 00009938 _____ () C:\Users\User\Desktop\FRST.txt
2014-12-11 21:38 - 2014-12-12 18:38 - 00000000 ____D () C:\FRST
2014-12-11 21:38 - 2014-12-11 21:39 - 00033026 _____ () C:\Users\User\Desktop\Addition.txt
2014-12-11 21:37 - 2014-12-11 21:37 - 02119680 _____ (Farbar) C:\Users\User\Desktop\FRST64.exe
2014-12-11 20:58 - 2014-12-11 20:58 - 15201368 _____ () C:\Users\User\Downloads\RogueKiller.exe
2014-12-10 19:01 - 2014-11-09 18:29 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupStatusProvider.dll
2014-12-10 19:01 - 2014-11-09 17:51 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-10 19:01 - 2014-10-30 15:39 - 01970432 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-12-10 19:01 - 2014-10-30 15:38 - 01612992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-12-10 18:45 - 2014-11-21 19:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-10 18:45 - 2014-11-21 18:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-10 18:45 - 2014-11-21 18:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-10 18:45 - 2014-11-21 18:49 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2014-12-10 18:45 - 2014-11-21 18:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-10 18:45 - 2014-11-21 18:35 - 00812544 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-12-10 18:45 - 2014-11-21 18:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-10 18:45 - 2014-11-21 18:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-10 18:45 - 2014-11-21 18:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-10 18:45 - 2014-11-21 18:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-10 18:45 - 2014-11-21 18:06 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2014-12-10 18:45 - 2014-11-21 18:06 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2014-12-10 18:45 - 2014-11-21 18:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-10 18:45 - 2014-11-21 18:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-10 18:45 - 2014-11-21 18:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-10 18:45 - 2014-11-21 17:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2014-12-10 18:45 - 2014-11-21 17:55 - 00661504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-12-10 18:45 - 2014-11-21 17:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2014-12-10 18:45 - 2014-11-21 17:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-10 18:45 - 2014-11-21 17:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-10 18:45 - 2014-11-21 17:49 - 00373760 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-10 18:45 - 2014-11-21 17:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-10 18:45 - 2014-11-21 17:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-10 18:45 - 2014-11-21 17:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-10 18:45 - 2014-11-21 17:34 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2014-12-10 18:45 - 2014-11-21 17:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-10 18:45 - 2014-11-21 17:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-10 18:45 - 2014-11-21 17:29 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2014-12-10 18:45 - 2014-11-21 17:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-10 18:45 - 2014-11-21 17:25 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2014-12-10 18:45 - 2014-11-21 17:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-10 18:45 - 2014-11-21 17:23 - 00326656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-10 18:45 - 2014-11-21 17:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-10 18:45 - 2014-11-21 17:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-10 18:45 - 2014-11-21 17:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-10 18:45 - 2014-11-21 17:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-10 18:45 - 2014-11-21 17:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-10 18:45 - 2014-11-21 16:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-10 18:45 - 2014-11-21 16:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-10 18:45 - 2014-11-06 20:16 - 01762840 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-10 18:45 - 2014-11-06 19:26 - 01489072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-10 18:45 - 2014-10-31 15:57 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2014-12-10 18:45 - 2014-10-31 15:47 - 00790528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2014-12-10 18:45 - 2014-10-12 18:43 - 00238912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2014-12-10 18:45 - 2014-10-12 18:43 - 00153920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2014-12-10 18:45 - 2014-10-12 18:43 - 00086336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2014-12-10 18:45 - 2014-10-12 18:43 - 00039744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\intelpep.sys
2014-12-10 18:40 - 2014-12-10 18:40 - 00000000 ____D () C:\rsit
2014-12-10 18:40 - 2014-12-10 18:40 - 00000000 ____D () C:\Program Files\trend micro
2014-12-10 18:39 - 2014-12-10 18:39 - 01222144 _____ () C:\Users\User\Desktop\RSITx64.exe
2014-12-08 21:19 - 2014-12-08 21:20 - 00688992 _____ (Swearware) C:\Users\User\Downloads\dds.scr
2014-12-08 21:07 - 2014-12-08 21:07 - 00688992 _____ (Swearware) C:\Users\User\Desktop\dds.com
2014-12-07 21:38 - 2014-12-07 21:38 - 00010918 _____ () C:\Users\User\Desktop\HitmanPro_20141207_2138.log
2014-12-07 20:26 - 2014-12-07 20:26 - 02153472 _____ () C:\Users\User\Desktop\adwcleaner_4.104(1).exe
2014-12-07 17:15 - 2014-12-07 17:15 - 00000970 _____ () C:\Users\User\Desktop\1.txt
2014-12-07 12:28 - 2014-12-07 12:28 - 00126040 _____ () C:\Users\User\Downloads\smb3_hurry_up.wav
2014-12-07 12:28 - 2014-12-07 12:28 - 00065900 _____ () C:\Users\User\Downloads\smsunshine_nintendo_logo_coin.wav
2014-12-07 12:28 - 2014-12-07 12:28 - 00035538 _____ () C:\Users\User\Downloads\smb_pipe.wav
2014-12-07 08:21 - 2014-12-07 08:21 - 00000136 _____ () C:\Users\User\Desktop\eset.txt
2014-12-06 19:52 - 2014-12-06 20:09 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-12-06 19:50 - 2014-12-06 19:51 - 00003326 _____ () C:\Users\User\Desktop\Rkill.txt
2014-12-06 10:27 - 2014-12-06 10:27 - 00000621 _____ () C:\Users\User\Desktop\JRT.txt
2014-12-06 10:24 - 2014-12-06 10:24 - 00000000 ____D () C:\Windows\ERUNT
2014-12-05 22:41 - 2014-12-05 22:41 - 00001182 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-05 22:41 - 2014-12-05 22:41 - 00001170 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-05 22:41 - 2014-12-05 22:41 - 00000000 ____D () C:\Users\User\AppData\Roaming\Mozilla
2014-12-05 22:41 - 2014-12-05 22:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-05 22:41 - 2014-12-05 22:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-05 22:22 - 2014-12-05 22:22 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieUserList
2014-12-05 22:22 - 2014-12-05 22:22 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieSiteList
2014-12-05 22:22 - 2014-12-05 22:22 - 00000000 __SHD () C:\Users\User\AppData\Local\EmieBrowserModeList
2014-12-05 22:16 - 2010-03-08 02:10 - 00013824 _____ (Kephyr) C:\Windows\system32\ffnd.exe
2014-12-05 21:48 - 2014-12-05 21:48 - 00077312 _____ (Emsisoft GmbH) C:\Windows\system32\eamclean.exe
2014-12-05 21:48 - 2014-12-05 21:48 - 00000114 _____ () C:\Windows\system32\eamclean.dat
2014-12-05 21:04 - 2014-12-05 21:05 - 00000000 ____D () C:\EEK
2014-12-05 21:04 - 2014-12-05 21:04 - 00000766 _____ () C:\Users\User\Desktop\Start Emsisoft Emergency Kit.lnk
2014-12-05 20:53 - 2014-12-11 20:58 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2014-12-05 20:53 - 2014-12-05 20:53 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-12-05 20:06 - 2014-12-07 21:11 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-05 20:06 - 2014-12-07 21:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-05 20:06 - 2014-12-07 21:07 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-05 20:06 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-12-05 20:06 - 2014-11-21 06:14 - 00064216 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-12-05 20:06 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-12-05 19:58 - 2014-12-05 19:58 - 00012872 _____ (SurfRight B.V.) C:\Windows\system32\bootdelete.exe
2014-12-05 19:49 - 2014-12-05 19:58 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-12-05 19:42 - 2014-12-07 20:31 - 00000000 ____D () C:\AdwCleaner
2014-12-05 19:42 - 2014-12-07 20:30 - 00000385 _____ () C:\AdwCleanerDebug.txt
2014-12-05 19:38 - 2014-12-05 19:38 - 00000000 ____D () C:\Users\User\AppData\Roaming\WildTangent
2014-12-04 23:40 - 2014-12-04 23:40 - 00003162 _____ () C:\Windows\System32\Tasks\{9258F7AD-6770-4764-913D-CEBF5C1A976D}
2014-12-04 23:31 - 2014-12-12 18:30 - 00000008 __RSH () C:\ProgramData\ntuser.pol
2014-12-04 22:06 - 2014-12-04 22:06 - 00000000 ____D () C:\Users\User\AppData\Roaming\ESET
2014-12-04 22:06 - 2014-12-04 22:06 - 00000000 ____D () C:\Users\User\AppData\Local\ESET
2014-12-04 22:04 - 2014-12-04 22:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2014-12-04 22:04 - 2014-12-04 22:04 - 00000000 ____D () C:\ProgramData\ESET
2014-12-04 22:04 - 2014-12-04 22:04 - 00000000 ____D () C:\Program Files\ESET
2014-12-04 20:57 - 2014-12-04 20:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-04 20:44 - 2014-12-04 20:49 - 00000000 ____D () C:\PhSp_CS2_UE_Ret
2014-11-19 18:43 - 2014-11-09 15:19 - 00991232 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-19 18:43 - 2014-11-09 15:19 - 00806400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-19 18:43 - 2014-11-09 15:18 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-19 18:43 - 2014-11-09 15:18 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-12 18:37 - 2014-06-02 20:21 - 00022093 _____ () C:\Windows\system32\lvcoinst.log
2014-12-12 18:37 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\AppReadiness
2014-12-12 18:35 - 2013-09-12 20:20 - 00863592 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-12 18:30 - 2014-09-20 21:23 - 00000000 ___RD () C:\Users\User\OneDrive
2014-12-12 18:29 - 2013-08-22 06:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-12 18:28 - 2013-08-22 05:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2014-12-12 18:27 - 2013-09-20 22:36 - 01472115 _____ () C:\Windows\WindowsUpdate.log
2014-12-12 18:27 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-RS
2014-12-12 18:27 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS
2014-12-12 18:27 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\GroupPolicy
2014-12-12 18:27 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-12 18:24 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\system32\sru
2014-12-11 22:16 - 2013-08-22 06:46 - 00023850 _____ () C:\Windows\setupact.log
2014-12-11 20:56 - 2014-04-14 19:57 - 00000000 ____D () C:\Users\User\AppData\Local\Battle.net
2014-12-11 19:33 - 2013-12-25 12:07 - 00003910 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{7C64A9AC-5E86-464C-8EEB-2EA245115A79}
2014-12-10 22:49 - 2013-12-22 18:51 - 00003596 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-562819725-3130915416-309187118-1001
2014-12-10 22:47 - 2013-08-22 07:20 - 00000000 ____D () C:\Windows\CbsTemp
2014-12-10 22:45 - 2014-02-01 17:46 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-10 22:44 - 2014-02-01 17:46 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-10 19:00 - 2013-09-20 22:50 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-10 18:55 - 2014-04-14 19:57 - 00000000 ____D () C:\Program Files (x86)\Battle.net
2014-12-07 20:31 - 2013-09-12 20:09 - 00391234 _____ () C:\Windows\PFRO.log
2014-12-07 17:08 - 2014-03-17 21:42 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-12-07 17:02 - 2014-04-30 18:48 - 00000000 ____D () C:\Users\User\AppData\Roaming\OBS
2014-12-07 08:37 - 2014-04-30 18:48 - 00000000 ____D () C:\Program Files (x86)\OBS
2014-12-07 08:27 - 2014-04-14 19:58 - 00000000 ____D () C:\Program Files (x86)\Hearthstone
2014-12-06 10:25 - 2014-04-15 22:12 - 00000000 ____D () C:\Users\User\AppData\Local\CrashDumps
2014-12-06 10:19 - 2013-12-31 21:08 - 00000000 ____D () C:\Users\User\AppData\Local\Adobe
2014-12-05 22:16 - 2013-12-22 18:49 - 00000000 ____D () C:\Windows\System32\Tasks\Norton Anti-Theft
2014-12-05 19:38 - 2013-09-12 20:42 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-12-05 19:38 - 2013-09-12 20:42 - 00000000 ____D () C:\ProgramData\WildTangent
2014-12-05 19:38 - 2013-09-12 20:42 - 00000000 ____D () C:\Program Files (x86)\WildTangent Games
2014-12-04 23:40 - 2013-12-25 17:38 - 00000000 ____D () C:\Program Files (x86)\xchat
2014-12-04 23:40 - 2013-12-22 18:46 - 00000000 ____D () C:\Users\User\AppData\Roaming\Adobe
2014-12-04 23:40 - 2013-09-12 20:39 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-12-04 23:39 - 2013-12-25 17:36 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-12-04 23:31 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\AppCompat
2014-12-04 23:02 - 2013-08-22 05:25 - 00000194 _____ () C:\Windows\win.ini
2014-12-04 20:36 - 2013-09-12 20:39 - 00000000 ____D () C:\ProgramData\Adobe
2014-12-04 20:35 - 2014-04-20 09:52 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-11-26 13:10 - 2014-08-23 15:23 - 00714720 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-11-26 13:10 - 2014-08-23 15:23 - 00106976 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-11-21 23:29 - 2013-08-22 07:36 - 00000000 ____D () C:\Windows\rescache
2014-11-16 14:28 - 2014-09-25 21:56 - 00000000 ____D () C:\Users\User\AppData\Local\CSDSteamBuild
2014-11-16 11:33 - 2013-08-22 06:44 - 05005016 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-16 11:29 - 2013-08-22 07:36 - 00000000 ___RD () C:\Windows\ToastData
2014-11-16 11:29 - 2013-08-22 07:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2014-11-16 11:29 - 2013-08-22 07:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-16 11:29 - 2013-08-22 07:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-11-16 11:29 - 2013-08-22 07:36 - 00000000 ____D () C:\Program Files\Windows Defender
2014-11-16 11:29 - 2013-08-22 07:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender

Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\dllnt_dump.dll
C:\Users\User\AppData\Local\Temp\Quarantine.exe
C:\Users\User\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-11 02:26

==================== End Of Log ============================

 

So far so good on the Firefox front - no pop ups yet!


Edited by pyropixie, 12 December 2014 - 09:40 PM.

I want the life you think I have.

#6 satchfan

satchfan

  • Malware Response Team
  • 2,661 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:06:10 AM

Posted 13 December 2014 - 05:11 AM

When you ran SecurityCheck in the previous topic it suggested that Windows Firewall is enabled. It is unlikely but I’d like you to check that it is turned off as you can’t have two firewalls running. Also check Windows Defender settings so that you don’t have two antiviruses running.


To turn off Windows Firewall:

  • press the “Windows key” on your keyboard and then in the search box, (it will appear on the top right of the screen), type control panel
  • in the list of results, click Windows Firewall
  • on the left, click the Turn Windows Firewall on or off option
  • click the Turn off Windows Firewall radio buttons both under the Private network settings and Public network settings. .
  • click OK. If you're prompted for an administrator password or confirmation, type the password or provide confirmation.

To open Windows Defender:

  • open Windows Defender by clicking Start and in the search box, type Defender
  • in the list of results, click Windows Defender
  • click Tools and then click Options
  • click Administrator, then clear the Use this program check box
  • click Save. If you're prompted for an administrator password or confirmation, type the password or provide confirmation.

===================================================

Run Malwarebytes’ Anti-Malware

I noticed that you had MBAM on your system and I’d like an up-to-date run of it: if you no longer have it, you can download it from here:

  • start Malwarebytes-Anti-Malware and update it, (“Update” tab}
  • once it is updated, click on “Scan” tab, select Threat Scan, then click Scan.
  • when the scan is complete, if no malicious items are found you can close the program
  • if malicious items are found be sure that everything is checked and click Quarantine
  • when removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
  • the log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • copy and paste the contents of that report in your next reply and exit MBAM.

NOTE: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Can you tell me if everything is still OK or if there are any outstanding problems.

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#7 pyropixie

pyropixie
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Suckramento, CA
  • Local time:09:10 PM

Posted 13 December 2014 - 02:56 PM

Both the firewall and defender are disabled

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 12/13/2014
Scan Time: 11:33:47 AM
Logfile:
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2014.12.13.05
Rootkit Database: v2014.12.08.03
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 8.1
CPU: x64
File System: NTFS
User: User

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 320848
Time Elapsed: 17 min, 32 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 1
PUP.Optional.WebInstrNew.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\webinstrNewH, Quarantined, [9d2a68f824582d09f86ebd917093c43c],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

Browser seems to be running well since last night!


Edited by pyropixie, 13 December 2014 - 02:58 PM.

I want the life you think I have.

#8 satchfan

satchfan

  • Malware Response Team
  • 2,661 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:06:10 AM

Posted 13 December 2014 - 05:04 PM

I’d like you to run an online scan. Although this is also an Eset scan, it runs in your web browser and is independent of your Eset antivirus.

Run ESET Online Scan

IMPORTANT Please make sure you uncheck the box next to Remove found threats. Eset will detect anything that looks even slightly suspicious, which could include legitimate program files. If you do not uncheck the box, Eset will automatically remove all suspicious files which could leave some of your software inoperable.

Note: You can use Internet Explorer, FireFox or  Chrome for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.

ESET OnlineScan

  • click the Eset online Scanner button
  • for alternate browsers only: (Microsoft Internet Explorer users can skip these steps)


    o    click on esetinstaller.exe to download the ESET Smart Installer. Save it to your desktop.
    o    double click on the Eset installer icon on your desktop.
     

  • check Yes, I accept the Terms of Use
  • click the Start button
  • accept any security warnings from your browser
  • check Enable detection of potentially unwanted applications
  • click Advanced settings and select the following:


    o    scan archives
    o    scan for potentially unsafe applications
    o    enable Anti-Stealth technology
     

    Note: Do not check Remove found threats
     
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • when the scan completes, push List of found threats
  • push Export to Text file and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.


    Note - if ESET doesn't find any threats, no report will be created.
     

  • push the back button.
  • push Finish

When the scan is complete:

If no threats were found:


o    put a checkmark in "Uninstall application on close"
o    close program
o    report to me that nothing was found.
 

If threats were found:


o    click on "list of threats found"
o    click on "export to text file" and save it as ESET results and save to the desktop
o    Click on back
o    put a checkmark in "Uninstall application on close"
o    click on finish
o    close program
o    copy and paste the report here.
 

Thanks

Satchfan
 

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#9 pyropixie

pyropixie
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Suckramento, CA
  • Local time:09:10 PM

Posted 13 December 2014 - 05:58 PM

No threats were found - hooray!


I want the life you think I have.

#10 satchfan

satchfan

  • Malware Response Team
  • 2,661 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:06:10 AM

Posted 14 December 2014 - 04:03 AM

Well done pyropixie, your computer appears to be clean.


Now that you’re free from malware, as long as your computer seems to be running well, please follow these simple steps to tidy up you computer and decrease the likelihood of getting infected again:

Uninstall AdwCleaner

  • double click on adwcleaner.exe to run the tool
  • click on Uninstall
  • confirm with Yes.

You can delete all other logs and programs we’ve used that are on your desktop. Just click on them and press Delete.

===================================================

Download & run Delfix

  • download Delfix from here to remove many of the tools we've used during the cleaning process.
  • ensure “Remove disinfection tools” is checked.

Also place a checkmark next to:


o    Create registry backup
o    Purge system restore

  • click the Run button.

You can delete all other logs and programs we’ve used that are on your desktop. Just click on them and press Delete.

===================================================

Update installed programs

Your versions of Flash Player is out-of-date and need to be removed and updated.

Having the latest updates to any program and removing old versions ensures there are no security vulnerabilities in your system.

Uninstall this program:

Adobe Flash Player 12.0.0.43

  • right-click in the screen’s bottom-left corner and choose the Control Panelfrom the pop-up menu
  • choose Uninstall a Program from the “Programs” category
  • the “Uninstall” window appears, listing your currently installed programs each of the programs in turn and then Uninstall.
    the menu bar above the programs’ names displays an Uninstall button
  • click on Adobe Flash Player 12.0.0.43 and then on the Uninstall button.

 

If you are prompted for an administrator password or confirmation, type the password or provide confirmation.

Go here and download the latest version of Flash Player.

Note: Before you hit the Download now button, uncheck the Chrome offer if it’s not something you want.

===================================================

Recommended programs

SpywareBlaster. SpywareBlaster protects against bad ActiveX, it immunizes your PC against them. It blocks over 11,000 bad sites and uses no resources of your computer.

===================================================

Update and run Malwarebytes. This really is an excellent program that you should also update and run on a regular basis, probably weekly.

===================================================

It’s important to keep programs up to date so that malware doesn't exploit any old security flaws.

FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated.

===================================================

MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

A couple of links with information here and here which can answer any questions you might have about installing/using it.

===================================================

Unchecky

Be careful when downloading free software. Many free programs come bundled with adware, many of which cause redirects/popups and verge on being malware. There is a program that automatically “unckecks” the boxes you may not notice when downloading programs.

Download and install Unchecky .


I also recommend that you read the following:

How to prevent malware by miekiemoes

Simple and easy ways to keep your computer safe and secure on the Internet  by Lawrence Abrams

I will keep this open for 24 hours in case you have any problems, after which I’ll close the topic.

Safe computing

Satchfan

 


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#11 pyropixie

pyropixie
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Suckramento, CA
  • Local time:09:10 PM

Posted 14 December 2014 - 06:34 PM

Hi there,

 

I followed all the instructions you previously listed - thank you so so much for your help.

 

The only issue that I am running into now is that I can't delete some of the files/logs off my desktop - any ideas?

 

desktop.jpg


I want the life you think I have.

#12 satchfan

satchfan

  • Malware Response Team
  • 2,661 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:06:10 AM

Posted 15 December 2014 - 02:43 AM

Are you logged on as Administrator? Try following the instructions here.

 

Also, have you tried to delete them in File Explorer, (right-click on the start button and choose File Explorer).

If that doesn't work, can you tell me the message you receive when trying to delete them.

Satchfan


Edited by satchfan, 15 December 2014 - 03:00 AM.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#13 pyropixie

pyropixie
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Suckramento, CA
  • Local time:09:10 PM

Posted 15 December 2014 - 10:20 PM

Weird when I tried to delete them normally from the desktop it wouldn't then when I tried to delete them via the file explorer they didnt show up, but they were still showing on my desktop. I resorted the files in the explorer and now they are gone off my desktop - that was very odd, but anyways they are gone

 

thank you again so so much for your help!


I want the life you think I have.

#14 satchfan

satchfan

  • Malware Response Team
  • 2,661 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:06:10 AM

Posted 16 December 2014 - 05:54 AM

Well worked out. :clapping:

 

You're again welcome.

 

Regards

 

Satchfan


My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.


#15 satchfan

satchfan

  • Malware Response Team
  • 2,661 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Devon, UK
  • Local time:06:10 AM

Posted 16 December 2014 - 06:01 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

My help is always free of charge. If you are happy with the help provided, if you wish you can make a donation to buy me a beer.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users