Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Cant delete Search Scopes/Cant update 1 Windows file


  • This topic is locked This topic is locked
32 replies to this topic

#1 rocks911

rocks911

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:02:18 AM

Posted 19 December 2014 - 07:36 AM

I just cleaned this machine a few weeks ago and am having problems again. In my zeal to keep everything up to date (I think last time I got infected it was because some programs werent up to date) I think I fell for a fake Java update.

 

I repeatedly ran AdwCleaner 4.105 and it deleted

Key Deleted : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}

Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}

 

But after reboot those keys were right back. I tried it in safe mode with the same result.

 

The problem became obvious when I could not update Windows with one file.

 

Here is my DDS Log and I have attached the other:

 

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17496
Run by D's at 6:25:22 on 2014-12-19
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.16376.13327 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\atieclxx.exe
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe
C:\Program Files (x86)\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\EventGhost\plugins\MceRemote_Vista\AlternateMceIrService_x64.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Serviio\bin\ServiioService.exe
C:\Program Files\Serviio\bin\ServiioService.exe
c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\alg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\Serviio\bin\ServiioConsole.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\Explorer.exe
C:\Program Files\pia_manager\pia_manager.exe
C:\Users\D's\AppData\Local\Temp\ocr951D.tmp\bin\rubyw.exe
C:\Program Files\pia_manager\pia_manager.exe
C:\Users\D's\AppData\Local\Temp\ocrA3EC.tmp\bin\rubyw.exe
C:\Program Files\pia_manager\pia_tray\pia_tray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe
C:\Program Files\pia_manager\openvpn.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [Advanced SystemCare 8] "C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe" /Auto
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRun: [GoTrusted] C:\Program Files (x86)\GoTrusted.com\GoTrusted Secure Tunnel v2.3.7.3\GoTrusted Secure Tunnel.exe
StartupFolder: C:\Users\D's\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Serviio.lnk - C:\Program Files\Serviio\bin\ServiioConsole.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:221
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1339597769964
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 209.222.18.222 209.222.18.218
TCP: Interfaces\{5A3D453F-73C8-486A-AA9C-35682E0854B9} : DHCPNameServer = 209.222.18.222 209.222.18.218
TCP: Interfaces\{A1384C42-BF5E-4E22-80E6-C0B689313F8F}\759474D443 : DHCPNameServer = 192.168.1.1 68.238.96.12
TCP: Interfaces\{A699191F-EA1B-47C3-9A28-FBB1356E6756} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab
x64-DPF: {AA570693-00E2-4907-B6F1-60A1199B030C} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
x64-DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 127.0.0.1    www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\D's\AppData\Roaming\Mozilla\Firefox\Profiles\olu1kilr.default-1389898630782\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 2
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1214154.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_246.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2014-12-04 03:50; iobitapps@mybrowserbar.com; C:\Program Files (x86)\IObit Apps Toolbar\FF
.
============= SERVICES / DRIVERS ===============
.
R0 ahcix64s;ahcix64s;C:\Windows\System32\drivers\ahcix64s.sys [2014-11-30 293720]
R0 fltsrv;Acronis Storage Filter Management;C:\Windows\System32\drivers\fltsrv.sys [2011-12-13 137312]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-7-17 269008]
R0 vidsflt67;Acronis Disk Storage Filter (67);C:\Windows\System32\drivers\vsflt67.sys [2012-5-20 146528]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-9-23 45856]
R1 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2013-11-17 93400]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2012-7-11 172344]
R2 Active@ Disk Monitor;Active@ Disk Monitor;C:\Program Files (x86)\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe [2011-12-3 1465016]
R2 AdvancedSystemCareService8;Advanced SystemCare Service 8;C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [2014-11-26 815392]
R2 AlternateMceIrService;AlternateMceIrService;C:\Program Files (x86)\EventGhost\plugins\MceRemote_Vista\AlternateMceIrService_x64.exe [2011-11-7 36352]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-9-27 239616]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-9-28 361984]
R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]
R2 ASTRA64;ASTRA64 Kernel Driver 1.0.0.1;C:\Program Files (x86)\ASTRA32\astra64.sys [2007-2-22 21200]
R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2012-6-13 168448]
R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2012-6-13 131072]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2013-1-8 2464400]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2013-6-28 14624]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE\mbamscheduler.exe [2014-11-24 1871160]
R2 MBAMService;MBAMService;C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE\mbamservice.exe [2014-11-24 969016]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 125584]
R2 ReflectService.exe;Macrium Reflect Image Mounting Service;C:\Program Files\Macrium\Reflect\ReflectService.exe [2014-7-21 3272656]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2014-11-30 290520]
R2 Serviio;Serviio;C:\Program Files\Serviio\bin\ServiioService.exe [2014-3-20 359936]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-7-10 46136]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2014-11-30 94720]
R3 DKRtWrt;DKRtWrt;C:\Windows\System32\drivers\DKRtWrt.sys [2012-1-12 44624]
R3 gttap1;GoTrusted Adapter;C:\Windows\System32\drivers\gttap1.sys [2013-9-12 38184]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-10-2 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-11-24 129752]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-11-24 63704]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2014-11-30 2472136]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-8-22 368624]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2012-8-27 107912]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2012-8-27 226696]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2014-11-30 272600]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-11-30 941784]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2013-5-7 58536]
R3 vl810filter;VL810 Filter Driver;C:\Windows\System32\drivers\vl810filter.sys [2012-11-26 17008]
S1 Uim_VIM;UIM Virtual Image Plugin;C:\Windows\System32\drivers\uim_vimx64.sys [2012-12-2 390352]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2014-11-26 2630432]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-12-17 114688]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 pwdrvio;pwdrvio;C:\Windows\System32\pwdrvio.sys [2013-2-2 19936]
S3 pwdspio;pwdspio;C:\Windows\System32\pwdspio.sys [2013-2-2 13280]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-12-4 19456]
S3 tapoas;TAP-Win32 Adapter OAS;C:\Windows\System32\drivers\tapoas.sys [2012-7-15 30720]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-12-4 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-10-1 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
S4 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-6-6 1119768]
.
=============== Created Last 30 ================
.
2014-12-18 19:39:48    75888    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1EC8A22F-5753-42DA-9172-7BCA0445F9A1}\offreg.dll
2014-12-18 13:00:44    1188440    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ABF7C94D-19B6-4536-B25F-07528489E019}\gapaengine.dll
2014-12-18 13:00:28    144384    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-12-18 13:00:28    115712    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-12-18 13:00:04    11870360    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{1EC8A22F-5753-42DA-9172-7BCA0445F9A1}\mpengine.dll
2014-12-17 12:31:57    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-12-17 12:12:31    165888    ----a-w-    C:\Windows\System32\charmap.exe
2014-12-17 12:12:29    155136    ----a-w-    C:\Windows\SysWow64\charmap.exe
2014-12-17 12:12:04    2020352    ----a-w-    C:\Windows\System32\WsmSvc.dll
2014-12-17 12:12:03    1177088    ----a-w-    C:\Windows\SysWow64\WsmSvc.dll
2014-12-17 12:12:02    346624    ----a-w-    C:\Windows\System32\WSManMigrationPlugin.dll
2014-12-17 12:12:02    310272    ----a-w-    C:\Windows\System32\WsmWmiPl.dll
2014-12-17 12:12:02    266240    ----a-w-    C:\Windows\System32\WSManHTTPConfig.exe
2014-12-17 12:12:02    248832    ----a-w-    C:\Windows\SysWow64\WSManMigrationPlugin.dll
2014-12-17 12:12:02    214016    ----a-w-    C:\Windows\SysWow64\WsmWmiPl.dll
2014-12-17 12:12:02    181248    ----a-w-    C:\Windows\System32\WsmAuto.dll
2014-12-17 12:12:01    198656    ----a-w-    C:\Windows\SysWow64\WSManHTTPConfig.exe
2014-12-17 12:12:01    145920    ----a-w-    C:\Windows\SysWow64\WsmAuto.dll
2014-12-17 12:11:48    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2014-12-17 12:11:48    2048    ----a-w-    C:\Windows\System32\tzres.dll
2014-12-17 09:27:54    3178496    ----a-w-    C:\Windows\System32\rdpcorets.dll
2014-12-17 09:27:54    16384    ----a-w-    C:\Windows\System32\RdpGroupPolicyExtension.dll
2014-12-17 08:57:26    11870360    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-12-04 15:12:24    --------    d-----w-    C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-03 20:25:17    --------    d-sh--w-    C:\Users\D's\AppData\Local\EmieBrowserModeList
2014-12-03 06:31:20    227048    ----a-w-    C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2014-12-01 01:55:39    --------    d-----w-    C:\Program Files\Reason
2014-11-30 16:07:56    --------    d-----w-    C:\FRST
2014-11-30 15:54:29    1959128    ----a-w-    C:\Windows\System32\RTSnMg64.cpl
2014-11-30 15:54:28    2834648    ----a-w-    C:\Windows\System32\RtPgEx64.dll
2014-11-30 15:54:26    628952    ----a-w-    C:\Windows\System32\RtDataProc64.dll
2014-11-30 15:54:26    3962840    ----a-w-    C:\Windows\System32\drivers\RTKVHD64.sys
2014-11-30 15:54:26    1022168    ----a-w-    C:\Windows\System32\RtkApi64.dll
2014-11-30 15:54:25    2800344    ----a-w-    C:\Windows\System32\RltkAPO64.dll
2014-11-30 15:54:25    1286872    ----a-w-    C:\Windows\System32\RTCOM64.dll
2014-11-30 15:54:24    948952    ----a-w-    C:\Windows\System32\RCoInstII64.dll
2014-11-30 15:54:24    60636160    ----a-w-    C:\Windows\System32\RCoRes64.dat
2014-11-30 15:54:10    2770976    ----a-w-    C:\Windows\System32\FMAPO64.dll
2014-11-30 15:54:08    113576    ----a-w-    C:\Windows\System32\CONEQMSAPOGUILibrary.dll
2014-11-30 15:54:06    209096    ----a-w-    C:\Windows\System32\AERTAC64.dll
2014-11-30 15:53:50    94720    ----a-w-    C:\Windows\System32\drivers\AtihdW76.sys
2014-11-30 15:53:50    110080    ----a-w-    C:\Windows\System32\DelayAPO.dll
2014-11-30 15:53:25    332080    ----a-w-    C:\Windows\System32\RaCoInstx.dll
2014-11-30 15:53:25    2472136    ----a-w-    C:\Windows\System32\drivers\netr28x.sys
2014-11-30 15:26:05    941784    ----a-w-    C:\Windows\System32\drivers\Rt64win7.sys
2014-11-30 15:26:05    73800    ----a-w-    C:\Windows\System32\RtNicProp64.dll
2014-11-30 15:25:52    293720    ----a-w-    C:\Windows\System32\drivers\ahcix64s.sys
2014-11-27 23:49:27    111016    ----a-w-    C:\Windows\System32\WindowsAccessBridge-64.dll
2014-11-27 23:47:40    --------    d-----w-    C:\ProgramData\UMS
2014-11-27 20:27:35    --------    d-----w-    C:\ProgramData\Spybot - Search & Destroy
2014-11-27 20:27:29    --------    d-----w-    C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-11-27 20:01:57    --------    d-----w-    C:\Program Files\Serviio
2014-11-26 20:28:32    861696    ----a-w-    C:\Windows\System32\oleaut32.dll
2014-11-26 20:28:32    571904    ----a-w-    C:\Windows\SysWow64\oleaut32.dll
2014-11-26 20:22:12    --------    d-----w-    C:\Users\D's\AppData\Roaming\ProductData
2014-11-26 19:48:58    1943696    ----a-w-    C:\Windows\System32\dfshim.dll
2014-11-26 19:45:27    424448    ----a-w-    C:\Windows\System32\rastls.dll
2014-11-26 19:44:24    77824    ----a-w-    C:\Windows\System32\packager.dll
2014-11-26 19:44:23    67584    ----a-w-    C:\Windows\SysWow64\packager.dll
2014-11-26 19:43:43    455168    ----a-w-    C:\Windows\System32\winlogon.exe
2014-11-26 19:43:43    235520    ----a-w-    C:\Windows\System32\winsta.dll
2014-11-26 19:43:43    212480    ----a-w-    C:\Windows\System32\drivers\rdpwd.sys
2014-11-26 19:43:43    157696    ----a-w-    C:\Windows\SysWow64\winsta.dll
2014-11-26 19:43:43    150528    ----a-w-    C:\Windows\System32\rdpcorekmts.dll
2014-11-26 19:43:36    39936    ----a-w-    C:\Windows\System32\drivers\tssecsrv.sys
2014-11-26 19:43:24    3198976    ----a-w-    C:\Windows\System32\win32k.sys
2014-11-26 19:42:24    3241984    ----a-w-    C:\Windows\System32\msi.dll
2014-11-26 19:42:24    2363904    ----a-w-    C:\Windows\SysWow64\msi.dll
2014-11-26 13:36:22    --------    d-sh--w-    C:\Windows\SysWow64\AI_RecycleBin
2014-11-26 13:36:16    --------    d-----w-    C:\Program Files (x86)\Reason
2014-11-26 13:30:10    --------    d-----w-    C:\Program Files\AMD
2014-11-25 20:24:28    24294072    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
2014-11-25 19:59:38    18638520    ----a-w-    C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
2014-11-25 17:42:59    --------    d-----w-    C:\ProgramData\Oracle
2014-11-25 03:44:44    --------    d-----w-    C:\ProgramData\ProductData
2014-11-25 03:44:35    --------    d-----w-    C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2014-11-25 03:44:32    --------    d-----w-    C:\ProgramData\IObit
2014-11-25 03:44:32    --------    d-----w-    C:\Program Files (x86)\Common Files\IObit
2014-11-25 03:44:16    --------    d-----w-    C:\Program Files (x86)\IObit
2014-11-25 03:44:14    --------    d-----w-    C:\Users\D's\AppData\Roaming\IObit
2014-11-25 01:02:13    129752    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-11-25 00:59:34    63704    ----a-w-    C:\Windows\System32\drivers\mwac.sys
.
==================== Find3M  ====================
.
2014-12-17 10:13:22    701104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-12-17 10:13:21    71344    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-11-30 15:27:58    98816    ----a-w-    C:\Windows\System32\OpenVideo64.dll
2014-11-30 15:26:08    107552    ----a-w-    C:\Windows\System32\RTNUninst64.dll
2014-11-22 03:06:23    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-11-22 03:06:11    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-11-22 02:50:39    66560    ----a-w-    C:\Windows\System32\iesetup.dll
2014-11-22 02:50:10    580096    ----a-w-    C:\Windows\System32\vbscript.dll
2014-11-22 02:48:20    88064    ----a-w-    C:\Windows\System32\MshtmlDac.dll
2014-11-22 02:35:29    114688    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-11-22 02:34:51    814080    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-11-22 02:34:07    6039552    ----a-w-    C:\Windows\System32\jscript9.dll
2014-11-22 02:26:31    968704    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-22 02:20:44    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-11-22 02:14:16    77824    ----a-w-    C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-22 02:07:43    501248    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-11-22 02:07:17    62464    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-11-22 02:06:32    47616    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05:02    64000    ----a-w-    C:\Windows\SysWow64\MshtmlDac.dll
2014-11-22 01:54:30    620032    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-11-22 01:47:10    1359360    ----a-w-    C:\Windows\System32\mshtmlmedia.dll
2014-11-22 01:46:58    2125312    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-11-22 01:40:04    60416    ----a-w-    C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29:26    4299264    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-11-22 01:28:21    2358272    ----a-w-    C:\Windows\System32\wininet.dll
2014-11-22 01:22:49    2052096    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-11-22 01:21:57    1155072    ----a-w-    C:\Windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:00:20    1888256    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-11-21 12:14:12    93400    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-11-21 12:14:08    25816    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-11-19 10:26:34    1614504    ----a-w-    C:\Windows\System32\FM20.DLL
2014-11-11 03:09:06    1424384    ----a-w-    C:\Windows\System32\WindowsCodecs.dll
2014-11-11 03:08:52    241152    ----a-w-    C:\Windows\System32\pku2u.dll
2014-11-11 03:08:48    728064    ----a-w-    C:\Windows\System32\kerberos.dll
2014-11-11 02:44:45    1230336    ----a-w-    C:\Windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44:32    186880    ----a-w-    C:\Windows\SysWow64\pku2u.dll
2014-11-11 02:44:25    550912    ----a-w-    C:\Windows\SysWow64\kerberos.dll
2014-11-11 01:46:26    119296    ----a-w-    C:\Windows\System32\drivers\tdx.sys
2014-10-30 16:44:38    166384    ----a-w-    C:\Windows\System32\drivers\psmounterex.sys
2014-10-30 11:25:26    275080    ------w-    C:\Windows\System32\MpSigStub.exe
2014-10-18 02:05:21    4121600    ----a-w-    C:\Windows\System32\mf.dll
2014-10-18 01:33:13    3209728    ----a-w-    C:\Windows\SysWow64\mf.dll
2014-10-14 02:16:37    155064    ----a-w-    C:\Windows\System32\drivers\ksecpkg.sys
2014-10-14 02:13:06    683520    ----a-w-    C:\Windows\System32\termsrv.dll
2014-10-14 02:12:57    1460736    ----a-w-    C:\Windows\System32\lsasrv.dll
2014-10-14 02:09:31    146432    ----a-w-    C:\Windows\System32\msaudite.dll
2014-10-14 02:07:31    681984    ----a-w-    C:\Windows\System32\adtschema.dll
2014-10-14 01:50:47    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
2014-10-14 01:49:38    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2014-10-14 01:47:30    146432    ----a-w-    C:\Windows\SysWow64\msaudite.dll
2014-10-14 01:46:02    681984    ----a-w-    C:\Windows\SysWow64\adtschema.dll
2014-10-03 02:12:00    500224    ----a-w-    C:\Windows\System32\AUDIOKSE.dll
2014-10-03 02:11:54    284672    ----a-w-    C:\Windows\System32\EncDump.dll
2014-10-03 02:11:51    680960    ----a-w-    C:\Windows\System32\audiosrv.dll
2014-10-03 02:11:51    440832    ----a-w-    C:\Windows\System32\AudioEng.dll
2014-10-03 02:11:51    296448    ----a-w-    C:\Windows\System32\AudioSes.dll
2014-10-03 01:44:42    442880    ----a-w-    C:\Windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:44:26    374784    ----a-w-    C:\Windows\SysWow64\AudioEng.dll
2014-10-03 01:44:26    195584    ----a-w-    C:\Windows\SysWow64\AudioSes.dll
2014-09-25 02:08:38    371712    ----a-w-    C:\Windows\System32\qdvd.dll
2014-09-25 01:40:50    519680    ----a-w-    C:\Windows\SysWow64\qdvd.dll
2013-08-19 13:22:47    15604224    ----a-w-    C:\Program Files (x86)\Common Files\lpuninstall.exe
2013-08-19 13:22:37    916992    ----a-w-    C:\Program Files (x86)\LPToolbar_x64.dll
2013-08-19 13:22:37    612864    ----a-w-    C:\Program Files (x86)\LPToolbar.dll
2013-08-19 13:22:37    180736    ----a-w-    C:\Program Files (x86)\WinBioStandalone.exe
2013-08-19 13:22:37    1425408    ----a-w-    C:\Program Files (x86)\LPIEHome64.ocx
2013-08-19 13:22:37    11877888    ----a-w-    C:\Program Files (x86)\LPPlugin_x64.dll
2013-08-19 13:22:37    1068544    ----a-w-    C:\Program Files (x86)\LPIEHome.ocx
2013-08-19 13:22:36    6484992    ----a-w-    C:\Program Files (x86)\LPPlugin.dll
2013-04-09 19:05:31    2401112    ----a-w-    C:\Program Files\d3dx9_43.dll
2013-04-09 19:05:31    184320    ----a-w-    C:\Program Files\ssl3.dll
2013-04-09 19:05:31    119296    ----a-w-    C:\Program Files\nssutil3.dll
2013-04-09 19:05:31    111104    ----a-w-    C:\Program Files\smime3.dll
2013-04-09 19:05:30    763904    ----a-w-    C:\Program Files\mozsqlite3.dll
2013-04-09 19:05:29    221696    ----a-w-    C:\Program Files\nspr4.dll
2013-04-09 19:05:29    17408    ----a-w-    C:\Program Files\plc4.dll
2013-04-09 19:05:29    15360    ----a-w-    C:\Program Files\plds4.dll
2013-04-09 19:05:29    14848    ----a-w-    C:\Program Files\xpcom.dll
.
============= FINISH:  6:25:46.20 ===============
 

Any help would be appreciated.

 

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,765 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:18 AM

Posted 24 December 2014 - 07:40 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/560355 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 rocks911

rocks911
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:02:18 AM

Posted 24 December 2014 - 08:59 AM

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17496
Run by D's at 7:55:52 on 2014-12-24
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.16376.11741 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\atieclxx.exe
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files (x86)\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\EventGhost\plugins\MceRemote_Vista\AlternateMceIrService_x64.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
C:\Program Files\Macrium\Reflect\ReflectService.exe
C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Serviio\bin\ServiioService.exe
C:\Program Files\Serviio\bin\ServiioService.exe
c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\alg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files\Serviio\bin\ServiioConsole.exe
C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\Explorer.exe
C:\Program Files\pia_manager\pia_manager.exe
C:\Users\D's\AppData\Local\Temp\ocr951D.tmp\bin\rubyw.exe
C:\Program Files\pia_manager\pia_manager.exe
C:\Users\D's\AppData\Local\Temp\ocrA3EC.tmp\bin\rubyw.exe
C:\Program Files\pia_manager\pia_tray\pia_tray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Program Files\pia_manager\openvpn.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [Advanced SystemCare 8] "C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe" /Auto
uRunOnce: [Adobe Speed Launcher] 1419176778
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
dRun: [GoTrusted] C:\Program Files (x86)\GoTrusted.com\GoTrusted Secure Tunnel v2.3.7.3\GoTrusted Secure Tunnel.exe
StartupFolder: C:\Users\D's\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Serviio.lnk - C:\Program Files\Serviio\bin\ServiioConsole.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:221
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1339597769964
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: NameServer = 209.222.18.222 209.222.18.218
TCP: Interfaces\{5A3D453F-73C8-486A-AA9C-35682E0854B9} : DHCPNameServer = 209.222.18.222 209.222.18.218
TCP: Interfaces\{A1384C42-BF5E-4E22-80E6-C0B689313F8F}\759474D443 : DHCPNameServer = 192.168.1.1 68.238.96.12
TCP: Interfaces\{A699191F-EA1B-47C3-9A28-FBB1356E6756} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.71\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll
x64-Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
x64-RunOnce: [NCPluginUpdater] "C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe" Update
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab
x64-DPF: {AA570693-00E2-4907-B6F1-60A1199B030C} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
x64-DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
Hosts: 127.0.0.1    www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\D's\AppData\Roaming\Mozilla\Firefox\Profiles\olu1kilr.default-1389898630782\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: network.proxy.type - 2
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrlui.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1215155.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2014-12-04 03:50; iobitapps@mybrowserbar.com; C:\Program Files (x86)\IObit Apps Toolbar\FF
.
============= SERVICES / DRIVERS ===============
.
R0 ahcix64s;ahcix64s;C:\Windows\System32\drivers\ahcix64s.sys [2014-11-30 293720]
R0 fltsrv;Acronis Storage Filter Management;C:\Windows\System32\drivers\fltsrv.sys [2011-12-13 137312]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2014-7-17 269008]
R0 vidsflt67;Acronis Disk Storage Filter (67);C:\Windows\System32\drivers\vsflt67.sys [2012-5-20 146528]
R1 avgtp;avgtp;C:\Windows\System32\drivers\avgtpx64.sys [2013-9-23 45856]
R1 mbamchameleon;mbamchameleon;C:\Windows\System32\drivers\mbamchameleon.sys [2013-11-17 93400]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2012-7-11 172344]
R2 Active@ Disk Monitor;Active@ Disk Monitor;C:\Program Files (x86)\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe [2011-12-3 1465016]
R2 AdvancedSystemCareService8;Advanced SystemCare Service 8;C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [2014-11-26 815392]
R2 AlternateMceIrService;AlternateMceIrService;C:\Program Files (x86)\EventGhost\plugins\MceRemote_Vista\AlternateMceIrService_x64.exe [2011-11-7 36352]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-9-27 239616]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-9-28 361984]
R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]
R2 ASTRA64;ASTRA64 Kernel Driver 1.0.0.1;C:\Program Files (x86)\ASTRA32\astra64.sys [2007-2-22 21200]
R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE [2012-6-13 168448]
R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2012-6-13 131072]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2013-1-8 2464400]
R2 IntuitUpdateServiceV4;Intuit Update Service v4;C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2013-6-28 14624]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE\mbamscheduler.exe [2014-11-24 1871160]
R2 MBAMService;MBAMService;C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE\mbamservice.exe [2014-11-24 969016]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-8-30 125584]
R2 ReflectService.exe;Macrium Reflect Image Mounting Service;C:\Program Files\Macrium\Reflect\ReflectService.exe [2014-7-21 3272656]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2014-11-30 290520]
R2 Serviio;Serviio;C:\Program Files\Serviio\bin\ServiioService.exe [2014-3-20 359936]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2012-7-10 46136]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2014-11-30 94720]
R3 DKRtWrt;DKRtWrt;C:\Windows\System32\drivers\DKRtWrt.sys [2012-1-12 44624]
R3 gttap1;GoTrusted Adapter;C:\Windows\System32\drivers\gttap1.sys [2013-9-12 38184]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-10-2 25816]
R3 MBAMSwissArmy;MBAMSwissArmy;C:\Windows\System32\drivers\MBAMSwissArmy.sys [2014-11-24 129752]
R3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2014-11-24 63704]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\drivers\netr28x.sys [2014-11-30 2472136]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-8-22 368624]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2012-8-27 107912]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2012-8-27 226696]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2014-11-30 272600]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2014-11-30 941784]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2013-5-7 58536]
R3 vl810filter;VL810 Filter Driver;C:\Windows\System32\drivers\vl810filter.sys [2012-11-26 17008]
S1 Uim_VIM;UIM Virtual Image Plugin;C:\Windows\System32\drivers\uim_vimx64.sys [2012-12-2 390352]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2014-11-26 2630432]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2014-12-17 114688]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 pwdrvio;pwdrvio;C:\Windows\System32\pwdrvio.sys [2013-2-2 19936]
S3 pwdspio;pwdspio;C:\Windows\System32\pwdspio.sys [2013-2-2 13280]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2014-12-4 19456]
S3 tapoas;TAP-Win32 Adapter OAS;C:\Windows\System32\drivers\tapoas.sys [2012-7-15 30720]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2014-12-4 57856]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-10-1 1255736]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-8-5 291896]
S4 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2011-6-6 1119768]
.
=============== Created Last 30 ================
.
2014-12-24 04:54:26    11870360    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E75C29B8-802D-4F7B-9ABF-67F23BBF60D6}\mpengine.dll
2014-12-23 04:54:16    11870360    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-12-20 11:29:55    1188440    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{7B5603F9-981B-4884-9E68-4EC5A51B14F5}\gapaengine.dll
2014-12-18 13:00:44    1188440    ----a-w-    C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ABF7C94D-19B6-4536-B25F-07528489E019}\gapaengine.dll
2014-12-18 13:00:28    144384    ----a-w-    C:\Windows\System32\ieUnatt.exe
2014-12-18 13:00:28    115712    ----a-w-    C:\Windows\SysWow64\ieUnatt.exe
2014-12-17 12:31:57    48640    ----a-w-    C:\Windows\System32\ieetwproxystub.dll
2014-12-17 12:12:31    165888    ----a-w-    C:\Windows\System32\charmap.exe
2014-12-17 12:12:29    155136    ----a-w-    C:\Windows\SysWow64\charmap.exe
2014-12-17 12:12:04    2020352    ----a-w-    C:\Windows\System32\WsmSvc.dll
2014-12-17 12:12:03    1177088    ----a-w-    C:\Windows\SysWow64\WsmSvc.dll
2014-12-17 12:12:02    346624    ----a-w-    C:\Windows\System32\WSManMigrationPlugin.dll
2014-12-17 12:12:02    310272    ----a-w-    C:\Windows\System32\WsmWmiPl.dll
2014-12-17 12:12:02    266240    ----a-w-    C:\Windows\System32\WSManHTTPConfig.exe
2014-12-17 12:12:02    248832    ----a-w-    C:\Windows\SysWow64\WSManMigrationPlugin.dll
2014-12-17 12:12:02    214016    ----a-w-    C:\Windows\SysWow64\WsmWmiPl.dll
2014-12-17 12:12:02    181248    ----a-w-    C:\Windows\System32\WsmAuto.dll
2014-12-17 12:12:01    198656    ----a-w-    C:\Windows\SysWow64\WSManHTTPConfig.exe
2014-12-17 12:12:01    145920    ----a-w-    C:\Windows\SysWow64\WsmAuto.dll
2014-12-17 12:11:48    2048    ----a-w-    C:\Windows\SysWow64\tzres.dll
2014-12-17 12:11:48    2048    ----a-w-    C:\Windows\System32\tzres.dll
2014-12-17 09:27:54    3178496    ----a-w-    C:\Windows\System32\rdpcorets.dll
2014-12-17 09:27:54    16384    ----a-w-    C:\Windows\System32\RdpGroupPolicyExtension.dll
2014-12-04 15:12:24    --------    d-----w-    C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-03 20:25:17    --------    d-sh--w-    C:\Users\D's\AppData\Local\EmieBrowserModeList
2014-12-03 06:31:20    227048    ----a-w-    C:\Program Files (x86)\Internet Explorer\Plugins\nppdf32.dll
2014-12-01 01:55:39    --------    d-----w-    C:\Program Files\Reason
2014-11-30 16:07:56    --------    d-----w-    C:\FRST
2014-11-30 15:54:29    1959128    ----a-w-    C:\Windows\System32\RTSnMg64.cpl
2014-11-30 15:54:28    2834648    ----a-w-    C:\Windows\System32\RtPgEx64.dll
2014-11-30 15:54:26    628952    ----a-w-    C:\Windows\System32\RtDataProc64.dll
2014-11-30 15:54:26    3962840    ----a-w-    C:\Windows\System32\drivers\RTKVHD64.sys
2014-11-30 15:54:26    1022168    ----a-w-    C:\Windows\System32\RtkApi64.dll
2014-11-30 15:54:25    2800344    ----a-w-    C:\Windows\System32\RltkAPO64.dll
2014-11-30 15:54:25    1286872    ----a-w-    C:\Windows\System32\RTCOM64.dll
2014-11-30 15:54:24    948952    ----a-w-    C:\Windows\System32\RCoInstII64.dll
2014-11-30 15:54:24    60636160    ----a-w-    C:\Windows\System32\RCoRes64.dat
2014-11-30 15:54:10    2770976    ----a-w-    C:\Windows\System32\FMAPO64.dll
2014-11-30 15:54:08    113576    ----a-w-    C:\Windows\System32\CONEQMSAPOGUILibrary.dll
2014-11-30 15:54:06    209096    ----a-w-    C:\Windows\System32\AERTAC64.dll
2014-11-30 15:53:50    94720    ----a-w-    C:\Windows\System32\drivers\AtihdW76.sys
2014-11-30 15:53:50    110080    ----a-w-    C:\Windows\System32\DelayAPO.dll
2014-11-30 15:53:25    332080    ----a-w-    C:\Windows\System32\RaCoInstx.dll
2014-11-30 15:53:25    2472136    ----a-w-    C:\Windows\System32\drivers\netr28x.sys
2014-11-30 15:26:05    941784    ----a-w-    C:\Windows\System32\drivers\Rt64win7.sys
2014-11-30 15:26:05    73800    ----a-w-    C:\Windows\System32\RtNicProp64.dll
2014-11-30 15:25:52    293720    ----a-w-    C:\Windows\System32\drivers\ahcix64s.sys
2014-11-27 23:49:27    111016    ----a-w-    C:\Windows\System32\WindowsAccessBridge-64.dll
2014-11-27 23:47:40    --------    d-----w-    C:\ProgramData\UMS
2014-11-27 20:27:35    --------    d-----w-    C:\ProgramData\Spybot - Search & Destroy
2014-11-27 20:27:29    --------    d-----w-    C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-11-27 20:01:57    --------    d-----w-    C:\Program Files\Serviio
2014-11-26 20:28:32    861696    ----a-w-    C:\Windows\System32\oleaut32.dll
2014-11-26 20:28:32    571904    ----a-w-    C:\Windows\SysWow64\oleaut32.dll
2014-11-26 20:22:12    --------    d-----w-    C:\Users\D's\AppData\Roaming\ProductData
2014-11-26 19:48:58    1943696    ----a-w-    C:\Windows\System32\dfshim.dll
2014-11-26 19:45:27    424448    ----a-w-    C:\Windows\System32\rastls.dll
2014-11-26 19:44:24    77824    ----a-w-    C:\Windows\System32\packager.dll
2014-11-26 19:44:23    67584    ----a-w-    C:\Windows\SysWow64\packager.dll
2014-11-26 19:43:43    455168    ----a-w-    C:\Windows\System32\winlogon.exe
2014-11-26 19:43:43    235520    ----a-w-    C:\Windows\System32\winsta.dll
2014-11-26 19:43:43    212480    ----a-w-    C:\Windows\System32\drivers\rdpwd.sys
2014-11-26 19:43:43    157696    ----a-w-    C:\Windows\SysWow64\winsta.dll
2014-11-26 19:43:43    150528    ----a-w-    C:\Windows\System32\rdpcorekmts.dll
2014-11-26 19:43:36    39936    ----a-w-    C:\Windows\System32\drivers\tssecsrv.sys
2014-11-26 19:43:24    3198976    ----a-w-    C:\Windows\System32\win32k.sys
2014-11-26 19:42:24    3241984    ----a-w-    C:\Windows\System32\msi.dll
2014-11-26 19:42:24    2363904    ----a-w-    C:\Windows\SysWow64\msi.dll
2014-11-26 13:36:22    --------    d-sh--w-    C:\Windows\SysWow64\AI_RecycleBin
2014-11-26 13:36:16    --------    d-----w-    C:\Program Files (x86)\Reason
2014-11-26 13:30:10    --------    d-----w-    C:\Program Files\AMD
2014-11-25 20:24:28    24294072    ----a-w-    C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
2014-11-25 19:59:38    18638520    ----a-w-    C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
2014-11-25 17:42:59    --------    d-----w-    C:\ProgramData\Oracle
2014-11-25 03:44:44    --------    d-----w-    C:\ProgramData\ProductData
2014-11-25 03:44:35    --------    d-----w-    C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2014-11-25 03:44:32    --------    d-----w-    C:\ProgramData\IObit
2014-11-25 03:44:32    --------    d-----w-    C:\Program Files (x86)\Common Files\IObit
2014-11-25 03:44:16    --------    d-----w-    C:\Program Files (x86)\IObit
2014-11-25 03:44:14    --------    d-----w-    C:\Users\D's\AppData\Roaming\IObit
2014-11-25 01:02:13    129752    ----a-w-    C:\Windows\System32\drivers\MBAMSwissArmy.sys
2014-11-25 00:59:34    63704    ----a-w-    C:\Windows\System32\drivers\mwac.sys
.
==================== Find3M  ====================
.
2014-12-19 14:04:02    71344    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-19 14:04:02    701616    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-11-30 15:27:58    98816    ----a-w-    C:\Windows\System32\OpenVideo64.dll
2014-11-30 15:26:08    107552    ----a-w-    C:\Windows\System32\RTNUninst64.dll
2014-11-22 03:06:23    2724864    ----a-w-    C:\Windows\System32\mshtml.tlb
2014-11-22 03:06:11    4096    ----a-w-    C:\Windows\System32\ieetwcollectorres.dll
2014-11-22 02:50:39    66560    ----a-w-    C:\Windows\System32\iesetup.dll
2014-11-22 02:50:10    580096    ----a-w-    C:\Windows\System32\vbscript.dll
2014-11-22 02:48:20    88064    ----a-w-    C:\Windows\System32\MshtmlDac.dll
2014-11-22 02:35:29    114688    ----a-w-    C:\Windows\System32\ieetwcollector.exe
2014-11-22 02:34:51    814080    ----a-w-    C:\Windows\System32\jscript9diag.dll
2014-11-22 02:34:07    6039552    ----a-w-    C:\Windows\System32\jscript9.dll
2014-11-22 02:26:31    968704    ----a-w-    C:\Windows\System32\MsSpellCheckingFacility.exe
2014-11-22 02:20:44    2724864    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2014-11-22 02:14:16    77824    ----a-w-    C:\Windows\System32\JavaScriptCollectionAgent.dll
2014-11-22 02:07:43    501248    ----a-w-    C:\Windows\SysWow64\vbscript.dll
2014-11-22 02:07:17    62464    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2014-11-22 02:06:32    47616    ----a-w-    C:\Windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05:02    64000    ----a-w-    C:\Windows\SysWow64\MshtmlDac.dll
2014-11-22 01:54:30    620032    ----a-w-    C:\Windows\SysWow64\jscript9diag.dll
2014-11-22 01:47:10    1359360    ----a-w-    C:\Windows\System32\mshtmlmedia.dll
2014-11-22 01:46:58    2125312    ----a-w-    C:\Windows\System32\inetcpl.cpl
2014-11-22 01:40:04    60416    ----a-w-    C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29:26    4299264    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2014-11-22 01:28:21    2358272    ----a-w-    C:\Windows\System32\wininet.dll
2014-11-22 01:22:49    2052096    ----a-w-    C:\Windows\SysWow64\inetcpl.cpl
2014-11-22 01:21:57    1155072    ----a-w-    C:\Windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:00:20    1888256    ----a-w-    C:\Windows\SysWow64\wininet.dll
2014-11-21 12:14:12    93400    ----a-w-    C:\Windows\System32\drivers\mbamchameleon.sys
2014-11-21 12:14:08    25816    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2014-11-19 10:26:34    1614504    ----a-w-    C:\Windows\System32\FM20.DLL
2014-11-11 03:09:06    1424384    ----a-w-    C:\Windows\System32\WindowsCodecs.dll
2014-11-11 03:08:52    241152    ----a-w-    C:\Windows\System32\pku2u.dll
2014-11-11 03:08:48    728064    ----a-w-    C:\Windows\System32\kerberos.dll
2014-11-11 02:44:45    1230336    ----a-w-    C:\Windows\SysWow64\WindowsCodecs.dll
2014-11-11 02:44:32    186880    ----a-w-    C:\Windows\SysWow64\pku2u.dll
2014-11-11 02:44:25    550912    ----a-w-    C:\Windows\SysWow64\kerberos.dll
2014-11-11 01:46:26    119296    ----a-w-    C:\Windows\System32\drivers\tdx.sys
2014-10-30 16:44:38    166384    ----a-w-    C:\Windows\System32\drivers\psmounterex.sys
2014-10-30 11:25:26    275080    ------w-    C:\Windows\System32\MpSigStub.exe
2014-10-18 02:05:21    4121600    ----a-w-    C:\Windows\System32\mf.dll
2014-10-18 01:33:13    3209728    ----a-w-    C:\Windows\SysWow64\mf.dll
2014-10-14 02:16:37    155064    ----a-w-    C:\Windows\System32\drivers\ksecpkg.sys
2014-10-14 02:13:06    683520    ----a-w-    C:\Windows\System32\termsrv.dll
2014-10-14 02:12:57    1460736    ----a-w-    C:\Windows\System32\lsasrv.dll
2014-10-14 02:09:31    146432    ----a-w-    C:\Windows\System32\msaudite.dll
2014-10-14 02:07:31    681984    ----a-w-    C:\Windows\System32\adtschema.dll
2014-10-14 01:50:47    22016    ----a-w-    C:\Windows\SysWow64\secur32.dll
2014-10-14 01:49:38    96768    ----a-w-    C:\Windows\SysWow64\sspicli.dll
2014-10-14 01:47:30    146432    ----a-w-    C:\Windows\SysWow64\msaudite.dll
2014-10-14 01:46:02    681984    ----a-w-    C:\Windows\SysWow64\adtschema.dll
2014-10-03 02:12:00    500224    ----a-w-    C:\Windows\System32\AUDIOKSE.dll
2014-10-03 02:11:54    284672    ----a-w-    C:\Windows\System32\EncDump.dll
2014-10-03 02:11:51    680960    ----a-w-    C:\Windows\System32\audiosrv.dll
2014-10-03 02:11:51    440832    ----a-w-    C:\Windows\System32\AudioEng.dll
2014-10-03 02:11:51    296448    ----a-w-    C:\Windows\System32\AudioSes.dll
2014-10-03 01:44:42    442880    ----a-w-    C:\Windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:44:26    374784    ----a-w-    C:\Windows\SysWow64\AudioEng.dll
2014-10-03 01:44:26    195584    ----a-w-    C:\Windows\SysWow64\AudioSes.dll
2013-08-19 13:22:47    15604224    ----a-w-    C:\Program Files (x86)\Common Files\lpuninstall.exe
2013-08-19 13:22:37    916992    ----a-w-    C:\Program Files (x86)\LPToolbar_x64.dll
2013-08-19 13:22:37    612864    ----a-w-    C:\Program Files (x86)\LPToolbar.dll
2013-08-19 13:22:37    180736    ----a-w-    C:\Program Files (x86)\WinBioStandalone.exe
2013-08-19 13:22:37    1425408    ----a-w-    C:\Program Files (x86)\LPIEHome64.ocx
2013-08-19 13:22:37    11877888    ----a-w-    C:\Program Files (x86)\LPPlugin_x64.dll
2013-08-19 13:22:37    1068544    ----a-w-    C:\Program Files (x86)\LPIEHome.ocx
2013-08-19 13:22:36    6484992    ----a-w-    C:\Program Files (x86)\LPPlugin.dll
2013-04-09 19:05:31    2401112    ----a-w-    C:\Program Files\d3dx9_43.dll
2013-04-09 19:05:31    184320    ----a-w-    C:\Program Files\ssl3.dll
2013-04-09 19:05:31    119296    ----a-w-    C:\Program Files\nssutil3.dll
2013-04-09 19:05:31    111104    ----a-w-    C:\Program Files\smime3.dll
2013-04-09 19:05:30    763904    ----a-w-    C:\Program Files\mozsqlite3.dll
2013-04-09 19:05:29    221696    ----a-w-    C:\Program Files\nspr4.dll
2013-04-09 19:05:29    17408    ----a-w-    C:\Program Files\plc4.dll
2013-04-09 19:05:29    15360    ----a-w-    C:\Program Files\plds4.dll
2013-04-09 19:05:29    14848    ----a-w-    C:\Program Files\xpcom.dll
.
============= FINISH:  7:56:19.39 ===============
 



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:18 AM

Posted 24 December 2014 - 10:14 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Download the version of this tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a folder on your computer's Desktop.
Double-click to run it. When the tool opens click Yes to disclaimer.
Press Scan button.
It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
===

Please paste the logs in your next reply DO NOT ATTACH THEM unless specified.
To attach a file select the "More Reply Option" and follow the instructions.


Wait for further instructions.

#5 rocks911

rocks911
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:02:18 AM

Posted 24 December 2014 - 01:23 PM

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-12-2014
Ran by D's (administrator) on ROCKS911 on 24-12-2014 12:14:25
Running from C:\Users\D's\Desktop\Bleeping computer
Loaded Profile: D's (Available profiles: D's & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
(LSoft Technologies Inc) C:\Program Files (x86)\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe
() C:\Program Files (x86)\EventGhost\plugins\MceRemote_Vista\AlternateMceIrService_x64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(H.D.S. Hungary) C:\Program Files (x86)\Hard Disk Sentinel\HDSentinel.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Malwarebytes Corporation) C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE\mbamservice.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
(Malwarebytes Corporation) C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE\mbam.exe
(Paramount Software UK Ltd) C:\Program Files\Macrium\Reflect\ReflectService.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
() C:\Program Files\Serviio\bin\ServiioService.exe
() C:\Program Files\Serviio\bin\ServiioService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
() C:\Program Files (x86)\IObit\Advanced SystemCare 8\RealTimeProtector.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
() C:\Program Files\Serviio\bin\ServiioConsole.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe
(Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
() C:\Program Files\pia_manager\pia_manager.exe
(http://www.ruby-lang.org/) C:\Users\D's\AppData\Local\Temp\ocr951D.tmp\bin\rubyw.exe
() C:\Program Files\pia_manager\pia_manager.exe
(http://www.ruby-lang.org/) C:\Users\D's\AppData\Local\Temp\ocrA3EC.tmp\bin\rubyw.exe
() C:\Program Files\pia_manager\pia_tray\pia_tray.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
() C:\Program Files\pia_manager\openvpn.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Tixati Software Inc.) C:\Program Files\tixati\tixati.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\D's\Desktop\Bleeping computer\FRST64(1).exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-11-30] (Realtek Semiconductor)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [115048 2011-09-16] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-11-20] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [507776 2014-10-07] (Oracle Corporation)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-11-11] (Hewlett-Packard)
HKU\S-1-5-21-1956317476-2017758912-4027474406-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7780120 2014-12-18] (SUPERAntiSpyware)
HKU\S-1-5-21-1956317476-2017758912-4027474406-1001\...\Run: [Advanced SystemCare 8] => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe [2425632 2014-11-07] (IObit)
HKU\S-1-5-21-1956317476-2017758912-4027474406-1001\...\RunOnce: [Adobe Speed Launcher] => 1419176778
HKU\S-1-5-21-1956317476-2017758912-4027474406-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\...\Run: [GoTrusted] => C:\Program Files (x86)\GoTrusted.com\GoTrusted Secure Tunnel v2.3.7.3\GoTrusted Secure Tunnel.exe
Startup: C:\Users\D's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Serviio.lnk
ShortcutTarget: Serviio.lnk -> C:\Program Files\Serviio\bin\ServiioConsole.exe ()
Startup: C:\Users\DS\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall LastPass RunOnce.lnk
ShortcutTarget: Uninstall LastPass RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Uninstall LastPass RunOnce.lnk
ShortcutTarget: Uninstall LastPass RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1956317476-2017758912-4027474406-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
HKU\S-1-5-21-1956317476-2017758912-4027474406-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKLM-x32 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1956317476-2017758912-4027474406-1001 -> {3FFCB352-10BD-4198-903D-1C3E61DBEF24} URL = http://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
SearchScopes: HKU\S-1-5-21-1956317476-2017758912-4027474406-1001 -> {d944bb61-2e34-4dbf-a683-47e505c587dc} URL = http://rover.ebay.com/rover/1/711-111092-2357-0/4?satitle={searchTerms}&mfe=Desktops
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
DPF: HKLM {AA570693-00E2-4907-B6F1-60A1199B030C} https://juniper.net/dana-cached/sc/JuniperSetupClient64.cab
DPF: HKLM-x32 {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} http://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1339597769964
DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 209.222.18.222 209.222.18.218

FireFox:
========
FF ProfilePath: C:\Users\D's\AppData\Roaming\Mozilla\Firefox\Profiles\olu1kilr.default-1389898630782
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF NetworkProxy: "autoconfig_url", "http://clientconfig.immunicity.org/pacs/all.pac"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_235.dll ()
FF Plugin: @java.com/DTPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_235.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1215155.dll (Adobe Systems, Inc.)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @garmin.com/GpsControl -> C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.11.2 -> C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\D's\AppData\Roaming\Mozilla\Firefox\Profiles\olu1kilr.default-1389898630782\searchplugins\firefox-add-ons.xml
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\D's\AppData\Roaming\Mozilla\Firefox\Profiles\olu1kilr.default-1389898630782\Extensions\iobitascsurfingprotection@iobit.com [2014-12-04]
FF Extension: YesScript - C:\Users\D's\AppData\Roaming\Mozilla\Firefox\Profiles\olu1kilr.default-1389898630782\Extensions\yesscript@userstyles.org.xpi [2014-02-19]
FF Extension: Multi Smart Search - C:\Users\D's\AppData\Roaming\Mozilla\Firefox\Profiles\olu1kilr.default-1389898630782\Extensions\{5a70bdd5-7fb1-44eb-8193-5dd6ad27038f}.xpi [2014-01-17]
FF Extension: Context Search - C:\Users\D's\AppData\Roaming\Mozilla\Firefox\Profiles\olu1kilr.default-1389898630782\Extensions\{902D2C4A-457A-4EF9-AD43-7014562929FF}.xpi [2014-01-16]
FF Extension: Selected Search - C:\Users\D's\AppData\Roaming\Mozilla\Firefox\Profiles\olu1kilr.default-1389898630782\Extensions\{a3b1e8b3-ba2c-4280-9768-198db1817b5d}.xpi [2014-01-17]
FF Extension: Adblock Plus - C:\Users\D's\AppData\Roaming\Mozilla\Firefox\Profiles\olu1kilr.default-1389898630782\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-01-16]
FF Extension: Adblock Edge - C:\Users\D's\AppData\Roaming\Mozilla\Firefox\Profiles\olu1kilr.default-1389898630782\Extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi [2014-01-16]
FF Extension: No Name - C:\Program Files (x86)\IObit Apps Toolbar\FF [Not Found]

Chrome:
=======
CHR Profile: C:\Users\D's\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\D's\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-11-27]
CHR Extension: (Adblock Plus) - C:\Users\D's\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-11-28]
CHR Extension: (IP Address) - C:\Users\D's\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckgdoapjnjcjngggefgbkjmhgjoghcog [2014-11-28]
CHR Extension: (AdBlock Plus for Chrome) - C:\Users\D's\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcobmjifdimfbihnbnafhcpmifgmjlka [2014-11-28]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-08-14] (SUPERAntiSpyware.com)
R2 Active@ Disk Monitor; C:\Program Files (x86)\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe [1465016 2011-06-16] (LSoft Technologies Inc)
R2 AdvancedSystemCareService8; C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [815392 2014-11-04] (IObit)
R2 AlternateMceIrService; C:\Program Files (x86)\EventGhost\plugins\MceRemote_Vista\AlternateMceIrService_x64.exe [36352 2011-03-27] () [File not signed]
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-09-28] (Advanced Micro Devices, Inc.) [File not signed]
R2 Diskeeper; C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe [2627920 2011-03-03] (Diskeeper Corporation)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2464400 2012-09-07] (Realsil Microelectronics Inc.)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2630432 2014-11-04] (IObit)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R2 MSSQL$MSSMLBIZ; c:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [29293408 2010-12-10] (Microsoft Corporation)
R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
S4 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1119768 2010-09-28] (PDF Complete Inc)
R2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3272656 2014-07-21] (Paramount Software UK Ltd)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [241734 2010-09-20] () [File not signed]
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-11-30] (Realtek Semiconductor)
R2 Serviio; C:\Program Files\Serviio\bin\ServiioService.exe [359936 2014-03-20] () [File not signed]
S3 x10nets; C:\Program Files (x86)\Common Files\Snapstream\Common\X10nets.exe [20480 2003-12-21] (X10) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-09-23] (AVG Technologies)
R3 CVPNDRVA; C:\Windows\system32\Drivers\CVPNDRVA.sys [304784 2010-03-23] ()
R3 DKRtWrt; C:\Windows\System32\DRIVERS\DKRtWrt.sys [44624 2011-02-14] (Diskeeper Corporation)
U5 FontCache3.0.0.0; C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [42856 2010-11-04] (Microsoft Corporation)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [93400 2014-11-21] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-24] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19936 2012-01-18] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [13280 2012-01-18] ()
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 tapoas; C:\Windows\System32\DRIVERS\tapoas.sys [30720 2012-07-15] (The OpenVPN Project)
S1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [90960 2012-12-02] (Windows ® 2000 DDK provider)
S1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [633680 2012-12-02] (Paragon)
S1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [390352 2012-12-02] (Paragon)
R3 vl810filter; C:\Windows\System32\DRIVERS\vl810filter.sys [17008 2011-02-16] (VIA Labs, Inc.)
S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [33048 2006-11-30] (X10 Wireless Technology, Inc.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)


2014-12-18 08:04 - 2014-12-18 08:06 - 00000274 _____ () C:\Windows\Tasks\Uninstaller_SkipUac_D's.job
2014-12-18 07:53 - 2014-12-18 07:53 - 06332560 _____ () C:\Users\D's\Desktop\Windows6.0-KB967723-x64.msu
2014-12-18 07:36 - 2014-12-18 07:36 - 00003495 _____ () C:\JavaRa.log
2014-12-18 07:00 - 2014-12-12 23:09 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-12-18 07:00 - 2014-12-12 21:33 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-12-17 06:37 - 2014-11-10 21:09 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-12-17 06:37 - 2014-11-10 20:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-12-17 06:37 - 2014-11-10 19:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2014-12-17 06:37 - 2014-10-17 20:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2014-12-17 06:37 - 2014-10-17 19:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2014-12-17 06:37 - 2014-07-06 20:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2014-12-17 06:37 - 2014-07-06 20:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2014-12-17 06:37 - 2014-07-06 20:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2014-12-17 06:37 - 2014-07-06 20:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2014-12-17 06:37 - 2014-07-06 19:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2014-12-17 06:37 - 2014-07-06 19:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2014-12-17 06:37 - 2014-07-06 19:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2014-12-17 06:37 - 2014-07-06 19:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2014-12-17 06:31 - 2014-11-26 19:43 - 00389296 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-12-17 06:31 - 2014-11-26 19:10 - 00342200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-12-17 06:31 - 2014-11-21 21:13 - 25059840 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-12-17 06:31 - 2014-11-21 21:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-12-17 06:31 - 2014-11-21 21:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-12-17 06:31 - 2014-11-21 20:50 - 00580096 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-12-17 06:31 - 2014-11-21 20:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-12-17 06:31 - 2014-11-21 20:49 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-12-17 06:31 - 2014-11-21 20:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-12-17 06:31 - 2014-11-21 20:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-12-17 06:31 - 2014-11-21 20:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-12-17 06:31 - 2014-11-21 20:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-12-17 06:31 - 2014-11-21 20:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-12-17 06:31 - 2014-11-21 20:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-12-17 06:31 - 2014-11-21 20:34 - 06039552 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-12-17 06:31 - 2014-11-21 20:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-12-17 06:31 - 2014-11-21 20:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-12-17 06:31 - 2014-11-21 20:22 - 19749376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-12-17 06:31 - 2014-11-21 20:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-12-17 06:31 - 2014-11-21 20:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-12-17 06:31 - 2014-11-21 20:14 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-12-17 06:31 - 2014-11-21 20:09 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-12-17 06:31 - 2014-11-21 20:08 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-12-17 06:31 - 2014-11-21 20:07 - 00501248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-12-17 06:31 - 2014-11-21 20:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-12-17 06:31 - 2014-11-21 20:06 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-12-17 06:31 - 2014-11-21 20:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-12-17 06:31 - 2014-11-21 20:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-12-17 06:31 - 2014-11-21 20:01 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-12-17 06:31 - 2014-11-21 19:59 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-12-17 06:31 - 2014-11-21 19:58 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-12-17 06:31 - 2014-11-21 19:56 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-12-17 06:31 - 2014-11-21 19:54 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-12-17 06:31 - 2014-11-21 19:49 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-12-17 06:31 - 2014-11-21 19:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-12-17 06:31 - 2014-11-21 19:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-12-17 06:31 - 2014-11-21 19:46 - 02125312 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-12-17 06:31 - 2014-11-21 19:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-12-17 06:31 - 2014-11-21 19:43 - 14412800 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-12-17 06:31 - 2014-11-21 19:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-17 06:31 - 2014-11-21 19:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-12-17 06:31 - 2014-11-21 19:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-12-17 06:31 - 2014-11-21 19:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-12-17 06:31 - 2014-11-21 19:29 - 04299264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-12-17 06:31 - 2014-11-21 19:28 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-12-17 06:31 - 2014-11-21 19:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-12-17 06:31 - 2014-11-21 19:22 - 02052096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-12-17 06:31 - 2014-11-21 19:21 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-12-17 06:31 - 2014-11-21 19:15 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-12-17 06:31 - 2014-11-21 19:13 - 12836864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-12-17 06:31 - 2014-11-21 19:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-12-17 06:31 - 2014-11-21 19:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-12-17 06:31 - 2014-11-21 18:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-12-17 06:31 - 2014-11-21 18:54 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-12-17 06:12 - 2014-10-29 20:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2014-12-17 06:12 - 2014-10-29 19:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2014-12-17 06:12 - 2014-10-02 20:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2014-12-17 06:12 - 2014-10-02 20:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2014-12-17 06:12 - 2014-10-02 20:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2014-12-17 06:12 - 2014-10-02 20:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2014-12-17 06:12 - 2014-10-02 20:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2014-12-17 06:12 - 2014-10-02 19:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2014-12-17 06:12 - 2014-10-02 19:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-17 06:12 - 2014-10-02 19:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2014-12-17 06:12 - 2014-10-02 19:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2014-12-17 06:12 - 2014-10-02 19:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2014-12-17 06:11 - 2014-11-07 21:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-12-17 06:11 - 2014-11-07 20:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-12-17 05:55 - 2014-12-17 05:55 - 00879096 _____ (Microsoft Corporation) C:\Users\D's\Downloads\NetFxRepairTool.exe
2014-12-17 05:41 - 2014-12-17 05:41 - 00024788 _____ () C:\Users\D's\Desktop\cc_20141217_054143.reg
2014-12-17 03:27 - 2014-12-17 03:27 - 03178496 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2014-12-17 03:27 - 2014-12-17 03:27 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2014-12-04 11:31 - 2014-12-04 11:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macrium
2014-12-04 11:30 - 2014-12-04 11:31 - 00483852 _____ () C:\Reflect_Install.log
2014-12-04 11:28 - 2014-12-04 11:31 - 00002483 _____ () C:\Users\Public\Desktop\Reflect.lnk
2014-12-04 10:01 - 2014-12-04 10:01 - 05773824 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-12-04 10:01 - 2014-12-04 10:01 - 04916224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-12-04 10:01 - 2014-12-04 10:01 - 01123840 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2014-12-04 10:01 - 2014-12-04 10:01 - 01048064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2014-12-04 10:01 - 2014-12-04 10:01 - 00384000 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2014-12-04 10:01 - 2014-12-04 10:01 - 00322560 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2014-12-04 10:01 - 2014-12-04 10:01 - 00269312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2014-12-04 10:01 - 2014-12-04 10:01 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2014-12-04 10:01 - 2014-12-04 10:01 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2014-12-04 10:01 - 2014-12-04 10:01 - 00192000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpendp_winip.dll
2014-12-04 10:01 - 2014-12-04 10:01 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2014-12-04 10:01 - 2014-12-04 10:01 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2014-12-04 10:01 - 2014-12-04 10:01 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2014-12-04 10:01 - 2014-12-04 10:01 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2014-12-04 10:01 - 2014-12-04 10:01 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2014-12-04 10:01 - 2014-12-04 10:01 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2014-12-04 10:01 - 2014-12-04 10:01 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2014-12-04 10:01 - 2014-12-04 10:01 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2014-12-04 10:01 - 2014-12-04 10:01 - 00018432 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2014-12-04 10:01 - 2014-12-04 10:01 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2014-12-04 10:01 - 2014-12-04 10:01 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2014-12-04 10:01 - 2014-12-04 10:01 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2014-12-04 09:12 - 2014-12-04 09:12 - 00001159 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-12-04 09:12 - 2014-12-04 09:12 - 00001147 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-12-04 09:12 - 2014-12-04 09:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-04 09:12 - 2014-12-04 09:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-04 08:04 - 2014-12-04 08:05 - 00000000 ___HD () C:\Users\D's\Downloads\.ptmp190172
2014-12-04 08:04 - 2014-12-04 08:04 - 00160350 _____ () C:\Users\D's\Downloads\JavaRa (2).zip
2014-12-03 14:27 - 2014-12-03 14:27 - 00160350 _____ () C:\Users\D's\Downloads\JavaRa (1).zip
2014-12-03 14:25 - 2014-12-03 14:25 - 00000000 __SHD () C:\Users\D's\AppData\Local\EmieBrowserModeList
2014-12-03 14:24 - 2014-12-03 14:24 - 00160350 _____ () C:\Users\D's\Downloads\JavaRa.zip
2014-12-03 10:54 - 2014-12-03 10:54 - 02515504 _____ (Reason Company Software Inc.) C:\Users\D's\Downloads\herdProtectScan_Setup (1).exe
2014-12-03 10:54 - 2014-12-03 10:54 - 00001109 _____ () C:\Users\Public\Desktop\herdProtect.lnk
2014-12-03 10:54 - 2014-12-03 10:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\herdProtect
2014-12-03 10:47 - 2014-12-03 10:47 - 00000085 _____ () C:\Windows\wininit.ini
2014-12-03 07:05 - 2014-12-03 07:05 - 24754216 _____ (Moonchild Productions) C:\Users\D's\Downloads\palemoon-25.1.0.win64.installer.exe

2014-12-01 08:35 - 2014-12-01 08:35 - 00000000 ____D () C:\ProgramData\Acronis
2014-12-01 08:34 - 2014-12-01 08:35 - 03493462 _____ () C:\Windows\system32\AcronisTrueImage.msi.txt
2014-12-01 08:33 - 2014-12-01 08:35 - 00241632 _____ () C:\Windows\SysWOW64\AcronisTrueImage.msi.txt
2014-11-30 19:55 - 2014-11-30 19:55 - 02515504 _____ (Reason Company Software Inc.) C:\Users\D's\Downloads\herdProtectScan_Setup.exe
2014-11-30 19:55 - 2014-11-30 19:55 - 00000000 ____D () C:\Program Files\Reason
2014-11-30 11:12 - 2014-11-30 11:12 - 00347816 _____ (Microsoft Corporation) C:\Users\D's\Downloads\MicrosoftFixit.dvd.MATSKB.Run (1).exe
2014-11-30 11:09 - 2014-11-30 11:09 - 00347816 _____ (Microsoft Corporation) C:\Users\D's\Downloads\MicrosoftFixit.dvd.MATSKB.Run.exe
2014-11-30 10:07 - 2014-12-24 12:14 - 00000000 ____D () C:\FRST
2014-11-30 09:54 - 2014-11-30 09:54 - 60636160 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2014-11-30 09:54 - 2014-11-30 09:54 - 03962840 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2014-11-30 09:54 - 2014-11-30 09:54 - 02834648 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2014-11-30 09:54 - 2014-11-30 09:54 - 02800344 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2014-11-30 09:54 - 2014-11-30 09:54 - 02770976 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2014-11-30 09:54 - 2014-11-30 09:54 - 01959128 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2014-11-30 09:54 - 2014-11-30 09:54 - 01286872 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2014-11-30 09:54 - 2014-11-30 09:54 - 01099203 _____ () C:\Windows\system32\Drivers\RTAIODAT.DAT
2014-11-30 09:54 - 2014-11-30 09:54 - 01022168 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2014-11-30 09:54 - 2014-11-30 09:54 - 00948952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2014-11-30 09:54 - 2014-11-30 09:54 - 00628952 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2014-11-30 09:54 - 2014-11-30 09:54 - 00209096 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2014-11-30 09:54 - 2014-11-30 09:54 - 00113576 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2014-11-30 09:53 - 2014-11-30 09:53 - 02472136 _____ (Ralink Technology, Corp.) C:\Windows\system32\Drivers\netr28x.sys
2014-11-30 09:53 - 2014-11-30 09:53 - 00332080 _____ (Ralink Technology, Inc.) C:\Windows\system32\RaCoInstx.dll
2014-11-30 09:53 - 2014-11-30 09:53 - 00110080 _____ (Advanced Micro Devices) C:\Windows\system32\DelayAPO.dll
2014-11-30 09:53 - 2014-11-30 09:53 - 00094720 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\AtihdW76.sys
2014-11-30 09:53 - 2014-11-30 09:53 - 00013973 _____ () C:\Windows\system32\RaCoInst.dat
2014-11-30 09:27 - 2014-11-30 09:27 - 33867264 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\amdocl64.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 28770304 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\amdocl.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 27918336 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atio6axx.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 23375360 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atioglxx.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 16750080 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmdag.sys
2014-11-30 09:27 - 2014-11-30 09:27 - 15716352 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticaldd64.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 14302208 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticaldd.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 09890008 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RsCRIcon.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 09254184 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atidxx32.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 08296296 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd64.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 08044976 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiumd6a.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 07207592 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdva.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 07028336 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiumdag.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 05639168 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmantle64.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 04480000 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmantle32.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 03471376 _____ () C:\Windows\SysWOW64\atiumdva.cap
2014-11-30 09:27 - 2014-11-30 09:27 - 03437632 _____ () C:\Windows\system32\atiumd6a.cap
2014-11-30 09:27 - 2014-11-30 09:27 - 01187342 _____ () C:\Windows\system32\amdocl_as64.exe
2014-11-30 09:27 - 2014-11-30 09:27 - 01113576 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\aticfx32.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 01061902 _____ () C:\Windows\system32\amdocl_ld64.exe
2014-11-30 09:27 - 2014-11-30 09:27 - 00995342 _____ () C:\Windows\SysWOW64\amdocl_as32.exe
2014-11-30 09:27 - 2014-11-30 09:27 - 00900608 _____ (Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\atiadlxy.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 00827392 _____ (AMD) C:\Windows\system32\coinst_14.30.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 00798734 _____ () C:\Windows\SysWOW64\amdocl_ld32.exe
2014-11-30 09:27 - 2014-11-30 09:27 - 00759301 _____ () C:\Windows\system32\amdicdxx.dat
2014-11-30 09:27 - 2014-11-30 09:27 - 00734861 _____ () C:\Windows\system32\atiicdxx.dat
2014-11-30 09:27 - 2014-11-30 09:27 - 00609272 _____ () C:\Windows\SysWOW64\atiapfxx.blb
2014-11-30 09:27 - 2014-11-30 09:27 - 00609272 _____ () C:\Windows\system32\atiapfxx.blb
2014-11-30 09:27 - 2014-11-30 09:27 - 00576000 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\atikmpag.sys
2014-11-30 09:27 - 2014-11-30 09:27 - 00442368 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atidemgy.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 00367104 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiapfxx.exe
2014-11-30 09:27 - 2014-11-30 09:27 - 00322868 _____ () C:\Windows\system32\ativvaxy_vi.dat
2014-11-30 09:27 - 2014-11-30 09:27 - 00321200 _____ () C:\Windows\system32\ativvaxy_vi_nd.dat
2014-11-30 09:27 - 2014-11-30 09:27 - 00293088 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdacpksd.sys
2014-11-30 09:27 - 2014-11-30 09:27 - 00290080 _____ () C:\Windows\system32\ativvaxy_cz_nd.dat
2014-11-30 09:27 - 2014-11-30 09:27 - 00272600 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RtsUStor.sys
2014-11-30 09:27 - 2014-11-30 09:27 - 00235008 _____ () C:\Windows\system32\clinfo.exe
2014-11-30 09:27 - 2014-11-30 09:27 - 00234164 _____ () C:\Windows\system32\ativvaxy_cik.dat
2014-11-30 09:27 - 2014-11-30 09:27 - 00232752 _____ () C:\Windows\system32\ativvaxy_cik_nd.dat
2014-11-30 09:27 - 2014-11-30 09:27 - 00190976 _____ (AMD) C:\Windows\system32\atitmm64.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 00158928 _____ () C:\Windows\system32\ativce03.dat
2014-11-30 09:27 - 2014-11-30 09:27 - 00157224 _____ () C:\Windows\system32\amde31a.dat
2014-11-30 09:27 - 2014-11-30 09:27 - 00146944 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6txx.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 00133632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atigktxx.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 00127488 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantle64.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 00126848 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiuxpag.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 00113664 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantle32.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 00100032 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiu9pag.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 00098816 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OpenVideo64.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 00091648 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\mantleaxl64.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 00086528 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\OVDecode64.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 00085504 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\mantleaxl32.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 00083456 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OpenVideo.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 00082128 _____ () C:\Windows\system32\ativce02.dat
2014-11-30 09:27 - 2014-11-30 09:27 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atimpc64.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 00078432 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdpcom64.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 00075264 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atig6pxx.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 00073216 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\OVDecode.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atimpc32.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 00071704 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdpcom32.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\atiglpxx.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 00069632 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiglpxx.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 00065024 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 00062464 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalrt64.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 00058880 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 00055808 _____ (Advanced Micro Devices Inc.) C:\Windows\system32\aticalcl64.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 00052224 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalrt.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 00049152 _____ (Advanced Micro Devices Inc.) C:\Windows\SysWOW64\aticalcl.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 00048128 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\amdmmcl6.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 00043520 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\Drivers\ati2erec.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 00037888 _____ (Advanced Micro Devices, Inc. ) C:\Windows\SysWOW64\amdmmcl.dll
2014-11-30 09:27 - 2014-11-30 09:27 - 00031232 _____ (AMD) C:\Windows\system32\atimuixx.dll
2014-11-30 09:26 - 2014-11-30 09:26 - 00941784 _____ (Realtek ) C:\Windows\system32\Drivers\Rt64win7.sys
2014-11-30 09:26 - 2014-11-30 09:26 - 00073800 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2014-11-30 09:25 - 2014-11-30 09:25 - 00293720 _____ (Advanced Micro Devices, Inc) C:\Windows\system32\Drivers\ahcix64s.sys
2014-11-30 09:21 - 2014-12-17 02:44 - 00002850 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (D's)
2014-11-30 09:17 - 2014-11-30 09:17 - 02117632 _____ (Farbar) C:\Users\D's\Downloads\FRST64 (1).exe
2014-11-30 08:58 - 2014-12-24 12:14 - 00000000 ____D () C:\Users\D's\Desktop\Bleeping computer
2014-11-30 08:58 - 2014-11-30 08:58 - 02117632 _____ (Farbar) C:\Users\D's\Downloads\FRST64.exe
2014-11-28 17:52 - 2014-11-28 17:53 - 00000000 ____D () C:\Users\D's\Downloads\Still.Alice.2014.DVDSCR.X264.AC3-Blackjesus
2014-11-28 17:51 - 2014-11-28 17:52 - 00000000 ____D () C:\Users\D's\Downloads\To.Write.Love.On.Her.Arms.2015.DVDSCR.x264.AC3.SiMPLE
2014-11-28 09:03 - 2014-11-28 09:03 - 00002299 _____ () C:\Users\D's\Desktop\Chrome App Launcher.lnk
2014-11-28 09:03 - 2014-11-28 09:03 - 00000000 ____D () C:\Users\D's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-11-27 17:49 - 2014-11-27 17:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-11-27 17:49 - 2014-11-27 17:48 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2014-11-27 17:47 - 2014-12-17 03:11 - 00000000 ____D () C:\ProgramData\UMS
2014-11-27 17:47 - 2014-11-27 17:47 - 00000000 ____D () C:\Users\D's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AviSynth
2014-11-27 17:47 - 2014-11-27 17:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviSynth
2014-11-27 17:43 - 2014-11-27 17:44 - 47506222 _____ () C:\Users\D's\Downloads\UMS-4.2.2-Java7.exe
2014-11-27 17:29 - 2014-12-18 07:09 - 00002179 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-11-27 17:12 - 2014-01-22 11:08 - 00039260 _____ () C:\Windows\system32\Drivers\etc\hosts.20141127-171213.backup
2014-11-27 15:51 - 2014-11-27 15:51 - 48436736 _____ () C:\Users\D's\Downloads\googlechromestandaloneenterprise64.msi
2014-11-27 14:28 - 2014-11-27 14:28 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-11-27 14:27 - 2014-12-03 10:48 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-11-27 14:27 - 2014-12-03 10:47 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-11-27 14:19 - 2014-11-27 14:26 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\D's\Downloads\spybot-2.4.exe
2014-11-27 14:02 - 2014-11-27 14:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Serviio
2014-11-27 14:01 - 2014-11-27 14:02 - 00000000 ____D () C:\Program Files\Serviio
2014-11-27 14:00 - 2014-11-27 14:01 - 28313048 _____ () C:\Users\D's\Downloads\serviio-1.4.1.2-win-setup(1).exe
2014-11-26 14:28 - 2014-10-17 20:05 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2014-11-26 14:28 - 2014-10-17 19:33 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2014-11-26 14:22 - 2014-12-03 07:37 - 00000000 ____D () C:\Users\D's\AppData\Roaming\ProductData
2014-11-26 14:21 - 2014-12-04 09:49 - 00003162 _____ () C:\Windows\System32\Tasks\ASC8_PerformanceMonitor
2014-11-26 14:21 - 2014-11-26 14:21 - 00002882 _____ () C:\Windows\System32\Tasks\Uninstaller_SkipUac_D's
2014-11-26 14:21 - 2014-11-26 14:21 - 00001228 _____ () C:\Users\Public\Desktop\IObit Uninstaller.lnk
2014-11-26 14:20 - 2014-12-17 04:56 - 00002181 _____ () C:\Users\Public\Desktop\Advanced SystemCare 8.lnk
2014-11-26 14:20 - 2014-12-04 09:49 - 00002850 _____ () C:\Windows\System32\Tasks\ASC8_SkipUac_D's
2014-11-26 14:20 - 2014-12-04 09:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 8
2014-11-26 14:19 - 2014-11-26 14:19 - 43183800 _____ (IObit ) C:\Users\D's\Downloads\advanced-systemcare-setup.exe
2014-11-26 13:49 - 2014-11-10 21:08 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-11-26 13:49 - 2014-11-10 21:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2014-11-26 13:49 - 2014-11-10 20:44 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-11-26 13:49 - 2014-11-10 20:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2014-11-26 13:49 - 2014-10-13 20:16 - 00155064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-11-26 13:49 - 2014-10-13 20:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2014-11-26 13:49 - 2014-10-13 20:12 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-11-26 13:49 - 2014-10-13 20:09 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2014-11-26 13:49 - 2014-10-13 20:07 - 00681984 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2014-11-26 13:49 - 2014-10-13 19:50 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-11-26 13:49 - 2014-10-13 19:49 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-11-26 13:49 - 2014-10-13 19:47 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2014-11-26 13:49 - 2014-10-13 19:46 - 00681984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2014-11-26 13:49 - 2014-08-11 20:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2014-11-26 13:49 - 2014-08-11 19:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2014-11-26 13:48 - 2014-10-02 20:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2014-11-26 13:48 - 2014-10-02 20:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2014-11-26 13:48 - 2014-10-02 20:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2014-11-26 13:48 - 2014-10-02 20:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2014-11-26 13:48 - 2014-10-02 20:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2014-11-26 13:48 - 2014-10-02 19:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2014-11-26 13:48 - 2014-10-02 19:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2014-11-26 13:48 - 2014-10-02 19:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2014-11-26 13:48 - 2014-09-24 20:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-11-26 13:48 - 2014-09-24 19:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-11-26 13:48 - 2014-08-21 00:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-11-26 13:48 - 2014-08-21 00:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-11-26 13:48 - 2014-08-21 00:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-11-26 13:48 - 2014-08-21 00:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-11-26 13:48 - 2014-06-18 16:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2014-11-26 13:48 - 2014-06-18 16:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2014-11-26 13:48 - 2014-06-18 16:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2014-11-26 13:48 - 2014-06-18 16:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2014-11-26 13:48 - 2014-06-18 16:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2014-11-26 13:48 - 2014-06-18 16:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2014-11-26 13:45 - 2014-09-19 03:42 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-11-26 13:45 - 2014-09-19 03:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-11-26 13:45 - 2014-09-19 03:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-11-26 13:45 - 2014-09-19 03:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-11-26 13:45 - 2014-09-19 03:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-11-26 13:45 - 2014-09-19 03:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-11-26 13:45 - 2014-09-19 03:23 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-11-26 13:45 - 2014-09-19 03:23 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-11-26 13:45 - 2014-09-19 03:23 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-11-26 13:45 - 2014-09-19 03:23 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-11-26 13:45 - 2014-09-19 03:23 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-11-26 13:45 - 2014-09-19 03:23 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-11-26 13:45 - 2014-09-03 23:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2014-11-26 13:45 - 2014-09-03 23:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2014-11-26 13:44 - 2014-10-24 19:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-11-26 13:44 - 2014-10-24 19:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-11-26 13:43 - 2014-10-09 18:57 - 03198976 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-11-26 13:43 - 2014-07-16 20:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-11-26 13:43 - 2014-07-16 20:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2014-11-26 13:43 - 2014-07-16 20:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2014-11-26 13:43 - 2014-07-16 19:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2014-11-26 13:43 - 2014-07-16 19:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-11-26 13:43 - 2014-07-16 19:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-11-26 13:42 - 2014-10-13 20:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-11-26 13:42 - 2014-10-13 19:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-11-26 10:09 - 2014-11-26 10:10 - 00362880 _____ (Kaspersky Lab) C:\Users\D's\Downloads\setup.exe
2014-11-26 09:07 - 2014-11-26 09:07 - 00000765 _____ () C:\Users\D's\.pia_manager_crash.log
2014-11-26 07:36 - 2014-11-26 07:36 - 00000000 __SHD () C:\Windows\SysWOW64\AI_RecycleBin
2014-11-26 07:36 - 2014-11-26 07:36 - 00000000 ____D () C:\Program Files (x86)\Reason
2014-11-26 07:30 - 2014-11-26 07:30 - 00000000 ____D () C:\Program Files\AMD
2014-11-25 11:42 - 2014-11-25 11:45 - 00000000 ____D () C:\ProgramData\Oracle
2014-11-25 11:42 - 2014-11-25 11:42 - 00000000 ____D () C:\Program Files (x86)\Java
2014-11-25 04:42 - 2014-11-26 08:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 3
2014-11-24 21:44 - 2014-12-17 03:12 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-11-24 21:44 - 2014-12-17 03:11 - 00000000 ____D () C:\ProgramData\ProductData
2014-11-24 21:44 - 2014-12-03 07:37 - 00000000 ____D () C:\Users\D's\AppData\Roaming\IObit
2014-11-24 21:44 - 2014-11-30 09:21 - 00000000 ____D () C:\ProgramData\IObit
2014-11-24 21:44 - 2014-11-24 21:44 - 00000000 ____D () C:\Windows\Tasks\ImCleanDisabled
2014-11-24 21:44 - 2014-11-24 21:44 - 00000000 ____D () C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2014-11-24 20:20 - 2014-12-21 03:23 - 00003174 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForD's
2014-11-24 20:20 - 2014-12-21 03:23 - 00000324 _____ () C:\Windows\Tasks\HPCeeScheduleForD's.job
2014-11-24 19:02 - 2014-12-24 11:33 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-11-24 18:59 - 2014-12-03 17:54 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-11-24 18:59 - 2014-12-03 17:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-11-24 18:59 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-24 12:13 - 2013-10-27 19:36 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-12-24 12:12 - 2012-06-09 15:54 - 00000000 ____D () C:\Users\D's\AppData\Roaming\tixati
2014-12-24 12:06 - 2013-02-12 07:44 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-24 12:06 - 2011-09-29 13:52 - 00000000 ____D () C:\Users\D's\AppData\Local\CrashDumps
2014-12-24 12:03 - 2012-02-17 15:03 - 00000436 ____H () C:\Windows\Tasks\Windows Driver Foundation.job
2014-12-24 11:25 - 2011-06-06 13:15 - 00521904 _____ () C:\Windows\WindowsUpdate.log
2014-12-24 04:38 - 2014-06-10 15:53 - 00000506 _____ () C:\Windows\Tasks\SUPERAntiSpyware Scheduled Task 6c16f6f2-5bed-4257-a652-0bfa0c6e2c33.job
2014-12-24 04:38 - 2011-09-29 15:34 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-12-24 03:07 - 2009-07-13 22:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-24 03:07 - 2009-07-13 22:45 - 00015792 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-23 19:06 - 2013-02-12 07:44 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-23 14:07 - 2011-09-29 13:55 - 00000000 ____D () C:\Users\D's\Documents\Pool
2014-12-23 14:02 - 2011-09-29 15:13 - 00000000 ____D () C:\Users\D's\AppData\Roaming\vlc
2014-12-23 12:49 - 2009-07-13 23:13 - 00859876 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-12-20 22:57 - 2012-12-04 17:42 - 00000434 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-12-19 08:04 - 2013-10-27 19:36 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-12-19 08:04 - 2013-08-25 11:07 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-12-19 08:04 - 2013-08-25 11:07 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-19 06:11 - 2013-09-09 19:58 - 00000000 ____D () C:\AdwCleaner
2014-12-18 22:03 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\rescache
2014-12-18 15:16 - 2011-06-06 13:13 - 00000000 ___SD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Help & Tools
2014-12-18 13:19 - 2012-09-03 07:59 - 00065536 _____ () C:\Windows\system32\Ikeext.etl
2014-12-18 13:19 - 2009-07-13 23:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-12-18 07:12 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-12-17 06:18 - 2011-09-29 11:41 - 00000000 ____D () C:\Users\D's
2014-12-17 05:57 - 2011-09-29 13:14 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-17 05:50 - 2013-07-17 02:00 - 00000000 ____D () C:\Windows\system32\MRT
2014-12-17 05:45 - 2011-09-30 05:48 - 112710672 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-12-17 05:42 - 2012-05-30 13:52 - 00000000 ____D () C:\Users\D's\AppData\Roaming\Notepad++
2014-12-17 05:40 - 2011-06-06 13:22 - 00000000 ____D () C:\Program Files (x86)\Hp
2014-12-17 05:39 - 2011-06-06 13:22 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2014-12-17 05:39 - 2011-06-06 13:13 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard
2014-12-17 05:38 - 2011-06-06 13:14 - 00000000 ____D () C:\ProgramData\Hewlett-Packard
2014-12-17 05:35 - 2012-01-04 16:51 - 00000000 ____D () C:\Program Files (x86)\TurboTax
2014-12-17 03:22 - 2011-11-04 14:46 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-12-17 03:22 - 2011-10-01 01:03 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-12-17 03:16 - 2013-09-18 17:02 - 00000000 ____D () C:\Users\D's\AppData\Local\ClipX
2014-12-17 03:16 - 2013-09-18 17:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ClipX
2014-12-17 02:52 - 2013-08-20 12:18 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-12-04 11:39 - 2014-03-10 06:41 - 00000000 ____D () C:\Users\D's\Documents\Reflect
2014-12-04 10:46 - 2009-07-13 21:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-04 09:12 - 2011-09-29 13:02 - 00000000 ____D () C:\Users\D's\AppData\Roaming\Mozilla
2014-12-03 17:54 - 2011-10-02 08:53 - 00000000 ____D () C:\Program Files (x86)\MALWAREBYTES ANTI-MALWARE
2014-12-03 14:40 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\Globalization
2014-12-03 14:25 - 2011-09-29 11:47 - 00000000 ____D () C:\Users\D's\AppData\Local\VirtualStore
2014-12-03 11:36 - 2014-01-22 11:07 - 00000000 ____D () C:\Program Files (x86)\Hosts_Anti_Adwares_PUPs
2014-12-03 07:54 - 2012-01-12 07:55 - 00000000 ____D () C:\Program Files (x86)\Paragon Software
2014-12-03 07:37 - 2012-04-04 11:54 - 00000000 ____D () C:\Program Files (x86)\Hard Disk Sentinel
2014-12-03 07:37 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\registration
2014-12-03 07:37 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\AppCompat
2014-12-03 06:39 - 2011-06-06 13:33 - 00000000 ____D () C:\ProgramData\PDFC
2014-12-03 06:35 - 2013-01-16 14:00 - 00000000 ____D () C:\Users\D's\AppData\Roaming\Vso
2014-12-02 06:26 - 2009-07-13 23:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-12-01 11:05 - 2012-08-22 19:11 - 00000000 ____D () C:\Users\D's\AppData\Roaming\dvdcss
2014-12-01 08:51 - 2012-12-05 21:00 - 00000000 ____D () C:\Program Files (x86)\Google
2014-12-01 08:25 - 2013-02-23 11:41 - 00001059 _____ () C:\Users\D's\AppData\Roaming\vso_ts_preview.xml
2014-11-30 20:01 - 2011-09-29 18:29 - 00000000 ____D () C:\Users\D's\Desktop\D's
2014-11-30 19:10 - 2014-08-14 10:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2
2014-11-30 19:10 - 2014-01-03 07:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicDisc
2014-11-30 09:55 - 2013-05-03 13:10 - 00000000 ____D () C:\Windows\SysWOW64\RTCOM
2014-11-30 09:53 - 2011-06-06 13:07 - 00027293 _____ () C:\Windows\system32\RaCoInst.log
2014-11-30 09:30 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\tracing
2014-11-30 09:27 - 2012-09-27 19:39 - 00619008 _____ (AMD) C:\Windows\system32\atieclxx.exe
2014-11-30 09:27 - 2012-09-27 19:38 - 00239616 _____ (AMD) C:\Windows\system32\atiesrxx.exe
2014-11-30 09:27 - 2012-09-27 19:11 - 00118096 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiu9p64.dll
2014-11-30 09:27 - 2012-06-11 10:27 - 01210880 _____ (Advanced Micro Devices, Inc.) C:\Windows\system32\atiadlxx.dll
2014-11-30 09:27 - 2011-06-06 14:04 - 10826488 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atidxx64.dll
2014-11-30 09:27 - 2011-06-06 14:04 - 01335544 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\aticfx64.dll
2014-11-30 09:27 - 2011-06-06 14:04 - 00144328 _____ (Advanced Micro Devices, Inc. ) C:\Windows\system32\atiuxp64.dll
2014-11-30 09:26 - 2011-06-06 14:04 - 00107552 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RTNUninst64.dll
2014-11-29 09:04 - 2011-12-23 14:09 - 00000000 ____D () C:\Users\Guest
2014-11-27 17:48 - 2011-09-29 15:07 - 00000000 ____D () C:\Program Files\Java
2014-11-27 17:47 - 2011-11-22 13:57 - 00000000 ____D () C:\Program Files (x86)\AviSynth 2.5
2014-11-26 15:54 - 2013-02-09 19:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2014-11-26 15:54 - 2013-01-27 15:31 - 00000000 ____D () C:\Users\D's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BlueScreenView
2014-11-26 15:54 - 2012-11-14 12:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avi2Dvd
2014-11-26 15:54 - 2012-06-19 17:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
2014-11-26 15:54 - 2012-05-24 08:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MP3Gain
2014-11-26 15:54 - 2011-12-07 13:20 - 00000000 ____D () C:\Users\D's\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MediaInfo
2014-11-26 15:54 - 2011-12-05 05:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2014-11-26 15:54 - 2011-11-22 13:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AviSynth 2.5
2014-11-26 15:54 - 2011-09-29 15:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 - Codec Pack
2014-11-26 15:54 - 2011-06-06 13:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eReaders
2014-11-26 15:54 - 2011-06-06 13:33 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services
2014-11-26 15:54 - 2009-07-13 23:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-11-26 14:16 - 2011-10-05 20:03 - 00000000 ____D () C:\Program Files (x86)\SlySoft
2014-11-26 14:15 - 2011-09-29 11:47 - 00116448 _____ () C:\Users\D's\AppData\Local\GDIPFONTCACHEV1.DAT
2014-11-26 14:14 - 2009-07-13 22:45 - 00426384 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-11-26 12:23 - 2012-07-19 10:48 - 00000000 ____D () C:\ProgramData\Western Digital
2014-11-26 12:23 - 2011-11-04 08:20 - 00000000 ____D () C:\Program Files (x86)\Western Digital
2014-11-26 09:41 - 2011-10-24 15:27 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-11-26 09:39 - 2014-02-03 15:11 - 00000000 ____D () C:\ProgramData\FLEXnet
2014-11-26 09:00 - 2013-05-06 17:04 - 00008192 _____ () C:\Windows\SysWOW64\WDPABKP.dat
2014-11-26 08:57 - 2013-05-03 13:10 - 00000000 ____D () C:\Windows\system32\SRSLabs
2014-11-26 08:57 - 2011-11-16 10:31 - 00000000 ____D () C:\Windows\system32\Macromed
2014-11-26 08:57 - 2011-10-03 15:21 - 00000000 ____D () C:\Windows\SysWOW64\Adobe
2014-11-26 08:57 - 2009-07-13 21:20 - 00000000 ____D () C:\Windows\servicing
2014-11-26 08:56 - 2014-01-22 10:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2014-11-26 08:56 - 2013-09-24 14:39 - 00000000 ____D () C:\ProgramData\Screentime
2014-11-26 08:56 - 2013-07-03 08:12 - 00000000 ____D () C:\Program Files\res
2014-11-26 08:56 - 2013-07-03 08:12 - 00000000 ____D () C:\Program Files\modules
2014-11-26 08:56 - 2013-07-03 08:12 - 00000000 ____D () C:\Program Files\defaults
2014-11-26 08:56 - 2013-07-03 08:12 - 00000000 ____D () C:\Program Files\chrome
2014-11-26 08:56 - 2012-10-20 07:04 - 00000000 ____D () C:\Users\D's\AppData\Roaming\Foxit Software
2014-11-26 08:56 - 2012-01-30 16:00 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2014-11-26 08:56 - 2011-12-06 18:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Systems VPN Client
2014-11-26 08:56 - 2011-12-06 18:26 - 00000000 ____D () C:\Program Files\Common Files\Deterministic Networks
2014-11-26 08:56 - 2011-09-29 16:46 - 00000000 ____D () C:\Users\D's\AppData\Roaming\Wise Registry Cleaner
2014-11-26 08:56 - 2011-09-29 13:45 - 00000000 ____D () C:\Program Files (x86)\Acronis
2014-11-26 08:56 - 2011-06-06 13:14 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-11-26 08:56 - 2009-07-13 21:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-11-26 08:52 - 2014-02-03 15:10 - 00000000 ____D () C:\ProgramData\Rosetta Stone
2014-11-26 08:52 - 2011-10-05 20:12 - 00000000 ____D () C:\ProgramData\SlySoft
2014-11-26 08:51 - 2012-02-17 12:10 - 00000000 ____D () C:\Program Files (x86)\GoTrusted.com
2014-11-26 07:58 - 2014-08-17 18:42 - 00000000 ____D () C:\Users\D's\Documents\ConvertXToDVD
2014-11-25 05:05 - 2014-08-15 02:30 - 00000000 ____D () C:\Users\D's\AppData\Roaming\Process Hacker 2
2014-11-24 22:00 - 2011-09-29 13:55 - 00000000 ____D () C:\Users\D's\Documents\PcSetup
2014-11-24 21:44 - 2012-02-02 08:17 - 00000000 ____D () C:\Users\D's\AppData\Roaming\Apple Computer
2014-11-24 19:52 - 2012-01-16 20:50 - 00000067 _____ () C:\rescuepe.log
2014-11-24 19:01 - 2013-02-12 07:44 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-11-24 19:01 - 2013-02-12 07:44 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-11-24 19:00 - 2011-09-29 16:24 - 00000000 ____D () C:\Users\D's\AppData\Roaming\Malwarebytes
2014-11-24 18:59 - 2011-10-02 08:53 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-11-24 18:59 - 2011-09-29 16:24 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-11-24 18:56 - 2013-01-24 17:37 - 00000426 _____ () C:\.dir

Files to move or delete:
====================
C:\ProgramData\SMRResults410.dat


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-12-18 21:56

==================== End Of Log ============================



#6 rocks911

rocks911
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:02:18 AM

Posted 24 December 2014 - 01:27 PM

Attached Addition

 

Thanks so much.

Attached Files



#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:18 AM

Posted 24 December 2014 - 02:06 PM

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Extension: No Name - C:\Program Files (x86)\IObit Apps Toolbar\FF [Not Found]

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

======

#8 rocks911

rocks911
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:02:18 AM

Posted 24 December 2014 - 05:52 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-12-2014
Ran by D's at 2014-12-24 16:28:20 Run:2
Running from C:\Users\D's\Desktop\Bleeping computer
Loaded Profile: D's (Available profiles: D's & Guest)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
start

CloseProcesses:

SearchScopes: HKLM-x32 -> {ec29edf6-ad3c-4e1c-a087-d6cb81400c43} URL = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Extension: No Name - C:\Program Files (x86)\IObit Apps Toolbar\FF [Not Found]

End
*****************

Processes closed successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{ec29edf6-ad3c-4e1c-a087-d6cb81400c43} => Key not found.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.8" => Key deleted successfully.
C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll => Moved successfully.
C:\Program Files (x86)\IObit Apps Toolbar\FF not found.


The system needed a reboot.

==== End of Fixlog 16:28:22 ====



#9 rocks911

rocks911
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:02:18 AM

Posted 24 December 2014 - 05:58 PM

 Results of screen317's Security Check version 0.99.93  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:`````````
 MVPS Hosts File  
 Wise Registry Cleaner 8.21  
 Java version 32-bit out of Date!
 Adobe Flash Player 16.0.0.235  
 Adobe Reader XI  
 Mozilla Firefox (34.0.5)
 Google Chrome (39.0.2171.71)
 Google Chrome (39.0.2171.95)
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````
 



#10 rocks911

rocks911
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:02:18 AM

Posted 24 December 2014 - 05:59 PM

The PC seems more stable now.

Thanks, and Happy Holidays to you and yours!



#11 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:18 AM

Posted 25 December 2014 - 09:04 AM

Glad we could help.

If all is well.

To learn more about how to protect yourself while on the internet read this little guide Best security practices Keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#12 rocks911

rocks911
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:02:18 AM

Posted 27 December 2014 - 11:45 AM

I have no indication that I am infected with anything but I am unable to install one Windows update after eradicating whatever maleware I had.

 

I am at another forum trying to help with the update. Never had this problem before. Ive tried the SURT, tried DL'ing the update and installing manually, as a matter of fact I've tried most everything I can find on the web to overcome this problem thus far to no avail.

 

So I guess my point is that I cant say all is well. I've been working on this on and off for three days and cant get it fixed.



#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:18 AM

Posted 27 December 2014 - 01:44 PM

Can you give me the link of the topic in the other forum.

If not already done try this.

Please Download Tweaking.com - Windows Repair from Here
  • Install and then run the program
  • Click Next at the Welcome Screen, Click Next on Step 1 Screen
  • Click Next on Step 2 Screen, Click Do it on Step 3 Screen, After is has completed click Next
  • On Step 4 Under System Restore Click Create, Then under registry back-up Click Backup When you have completed this click Next
  • Click on Repairs
  • Click Open repairs - Icon in the bottom right corner
  • Click the Unselect All button then select just the item(s) below

  • 01 - Repair Registry Permissions
    03 - Reset Service permissions
    04 - Register System Files
    05 - Repair WMI
    06 - Repair Windows Firewall
    10 - Remove Policies Set By Infections
    13 - Repair Winsock & DNS Cache
    14 - Removed Temp Files
    15 - Repair Proxy Settings
    17 - Repair Windows Updates
    21 - Repair MSI (Windows Installer)
    
  • Click the Start button and let the process run to completion. Copy any error messages into Notepad, Save it on your Desktop. ( Reboot if asked to do so)
  • Please copy and paste the Contents of this file on your next reply.

  • ===

    How is it now?


#14 rocks911

rocks911
  • Topic Starter

  • Members
  • 35 posts
  • OFFLINE
  •  
  • Local time:02:18 AM

Posted 28 December 2014 - 05:49 PM

Just a quick reply to say that it seems to have worked. Although it did not seem to do so immediately after a couple of rounds of updating I no longer have the constant Windows Update icon in my tray and pending more time to do a more complete analysis, all seems fine. Sorry for the short reply but I'm short on time the next day or two.

Thanks a million and my fingers are crossed that its fixed. Thanks for the repair tool, I'll send a donation to them and you if I could get a link to do so for you.

Thanks again.



#15 nasdaq

nasdaq

  • Malware Response Team
  • 40,532 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:03:18 AM

Posted 29 December 2014 - 08:23 AM

My services are free.
Thanks for the offer.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users