Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Need Help Removing Virus multi explorer.exe instances


  • This topic is locked This topic is locked
4 replies to this topic

#1 froglevelmc

froglevelmc

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:29 PM

Posted 22 December 2014 - 11:02 AM

I have multiple instances of explorer running eating up memory and trying to access websites in the background.  I have run TDSS Killer, awdcleaner, roguekiller, combofix, Sophos virus removal tool. Kaspersky antivirus, spybot S&D, bit defender root kit removal, IOBIT malware fighter..... All of which cleaned something but this explorer thing is still there... can't figure it out.

 

Thank in advance,

 

Chris

 

Farbar scan below.

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-12-2014 01
Ran by Phil Borneman (administrator) on PHIL-PC on 22-12-2014 10:56:55
Running from C:\Users\Phil Borneman\Desktop
Loaded Profile: Phil Borneman (Available profiles: Phil Borneman)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Windows\System32\GFNEXSrv.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avpui.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\Teco.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoService.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
(Nero AG) C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\SymcPCCULaunchSvc.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\regedit.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoHook.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_246_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672152 2014-12-09] (Realtek Semiconductor)
HKLM\...\Run: [SRS Premium Sound HD] => C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe [2165120 2012-03-22] (SRS Labs, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2866960 2011-12-19] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-09-23] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [989056 2012-02-13] (TOSHIBA Corporation)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1562032 2012-02-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-12-14] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2012-02-24] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597936 2011-07-27] (TOSHIBA Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1331288 2014-08-22] (Microsoft Corporation)
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [253312 2011-11-21] (TOSHIBA)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe [3218864 2011-06-22] (Toshiba)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [NBAgent] => C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [1234216 2010-03-26] (Nero AG)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [1802048 2014-10-13] (IObit)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-18\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoInternetOpenWith] 1
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-667345152-2384861562-3348176582-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.toshiba.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = https://www.google.com
HKU\S-1-5-21-667345152-2384861562-3348176582-1004\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/en-us
HKU\S-1-5-21-667345152-2384861562-3348176582-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.toshiba.com/?cid=C001B2Y
SearchScopes: HKU\.DEFAULT -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\.DEFAULT -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-667345152-2384861562-3348176582-1004 -> DefaultScope {B71164C6-4191-4FC4-9A18-0962203A984D} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
SearchScopes: HKU\S-1-5-21-667345152-2384861562-3348176582-1004 -> {B71164C6-4191-4FC4-9A18-0962203A984D} URL = http://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNO
BHO: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: No Name -> {AA58ED58-01DD-4d91-8333-CF10577473F7} ->  No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
BHO-x32: Content Blocker Plugin -> {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: SteadyVideoBHO Class -> {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} -> C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Virtual Keyboard Plugin -> {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Advanced SystemCare Surfing Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin -> {E3D96E85-529D-4269-AC6A-97CF9E2221E3} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.25.2 -> C:\windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.25.2 -> C:\Program Files (x86)\Java\jre1.8.0_25\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @kaspersky.com/content_blocker_6418E0D362104DADA084DC312DFA8ABC -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/online_banking_69A4E213815F42BD863D889007201D82 -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com ()
FF Plugin-x32: @kaspersky.com/virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com ()
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.31211.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\3\NP_wtapp.dll ()
FF HKLM-x32\...\Firefox\Extensions: [content_blocker_6418E0D362104DADA084DC312DFA8ABC@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com
FF Extension: Модуль блокування небезпечних веб-сайтів - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\content_blocker@kaspersky.com [2014-12-13]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard_294FF26A1D5B455495946778FDE7CEDB@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Віртуальна клавіатура - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\virtual_keyboard@kaspersky.com [2014-12-13]
FF HKLM-x32\...\Firefox\Extensions: [online_banking_69A4E213815F42BD863D889007201D82@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com
FF Extension: Безпечні платежі - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\FFExt\online_banking@kaspersky.com [2014-12-13]

Chrome:
=======
CHR HomePage: Default -> hxxp://start.toshiba.com/?cid=C001B2Y
CHR StartupUrls: Default -> "hxxp://start.toshiba.com/?cid=C001B2Y"
CHR Profile: C:\Users\Phil Borneman\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Phil Borneman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-12-19]
CHR Extension: (Google Docs) - C:\Users\Phil Borneman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-12-19]
CHR Extension: (Google Drive) - C:\Users\Phil Borneman\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-12-19]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Phil Borneman\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-12-20]
CHR Extension: (YouTube) - C:\Users\Phil Borneman\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-12-19]
CHR Extension: (Google Search) - C:\Users\Phil Borneman\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-12-19]
CHR Extension: (Kaspersky Protection) - C:\Users\Phil Borneman\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbhjdbfgekjfcfkkfjjmlmojhbllhbho [2014-12-19]
CHR Extension: (Google Sheets) - C:\Users\Phil Borneman\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-12-19]
CHR Extension: (Google Wallet) - C:\Users\Phil Borneman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-19]
CHR Extension: (Gmail) - C:\Users\Phil Borneman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-12-19]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AVP15.0.1; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe [234520 2014-08-30] (Kaspersky Lab ZAO)
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-05-28] (WildTangent)
R2 GFNEXSrv; C:\Windows\System32\GFNEXSrv.exe [162824 2010-09-09] ()
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [344896 2014-09-30] (IObit)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2631456 2014-11-26] (IObit)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2014-08-22] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [368624 2014-08-22] (Microsoft Corporation)
R2 Norton PC Checkup Application Launcher; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\SymcPCCULaunchSvc.exe [123320 2014-02-04] (Symantec Corporation)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe [126392 2011-11-30] (Symantec Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-12-09] (Realtek Semiconductor)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S3 SophosVirusRemovalTool; C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [151848 2013-10-15] (Sophos Limited)
R2 TosCoSrv; C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe [580608 2012-02-02] (TOSHIBA Corporation) [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdide64; C:\Windows\System32\DRIVERS\amdide64.sys [11944 2014-12-09] (Advanced Micro Devices Inc.)
S3 amdkmdag; C:\Windows\System32\DRIVERS\atikmdag.sys [10826240 2012-02-13] (Advanced Micro Devices, Inc.) [File not signed]
S3 amdkmdap; C:\Windows\System32\DRIVERS\atikmpag.sys [328704 2012-02-13] (Advanced Micro Devices, Inc.) [File not signed]
R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [31872 2012-02-01] (Advanced Micro Devices, Inc.)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2011-03-01] (Microsoft Corporation)
R2 APXACC; C:\Windows\System32\DRIVERS\appexDrv.sys [219360 2013-04-18] (AppEx Networks Corporation)
R0 cm_km_w; C:\Windows\System32\DRIVERS\cm_km_w.sys [238288 2013-01-14] (Kaspersky Lab UK Ltd)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [468576 2014-03-31] (Kaspersky Lab ZAO)
R2 kldisk; C:\Windows\System32\DRIVERS\kldisk.sys [46144 2014-07-02] (Kaspersky Lab ZAO)
R3 klflt; C:\Windows\System32\DRIVERS\klflt.sys [150536 2014-12-13] (Kaspersky Lab ZAO)
R1 klhk; C:\Windows\System32\DRIVERS\klhk.sys [246456 2014-08-12] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [818888 2014-12-13] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [30304 2014-02-25] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [28768 2014-03-28] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-08-08] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55872 2014-06-05] (Kaspersky Lab ZAO)
R1 Klwtp; C:\Windows\System32\DRIVERS\klwtp.sys [77512 2014-12-13] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [179776 2014-07-09] (Kaspersky Lab ZAO)
S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2014-12-09] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [269008 2014-07-17] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [125584 2014-07-17] (Microsoft Corporation)
S3 RTWlanE; C:\Windows\System32\DRIVERS\rtwlane.sys [1148048 2012-08-14] (Realtek Semiconductor Corporation                           )
S3 Serial; C:\Windows\system32\drivers\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-12-12] ()
S3 cpuz137; \??\C:\Users\Phil\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-22 10:56 - 2014-12-22 10:57 - 00025359 _____ () C:\Users\Phil Borneman\Desktop\FRST.txt
2014-12-22 10:56 - 2014-12-22 10:56 - 02122240 _____ (Farbar) C:\Users\Phil Borneman\Desktop\FRST64.exe
2014-12-22 10:22 - 2014-12-22 10:56 - 00000000 ____D () C:\FRST
2014-12-20 18:41 - 2014-12-20 18:41 - 00000000 ____D () C:\Users\Phil Borneman\AppData\Local\CrashDumps
2014-12-20 18:34 - 2014-12-20 18:36 - 00004094 _____ () C:\Users\Phil Borneman\Desktop\Rkill.txt
2014-12-20 18:13 - 2014-12-20 18:13 - 00001184 _____ () C:\Users\Public\Desktop\IObit Malware Fighter.lnk
2014-12-20 18:13 - 2014-12-20 18:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Malware Fighter
2014-12-20 15:40 - 2014-12-20 15:41 - 00001908 _____ () C:\windows\diagwrn.xml
2014-12-20 15:40 - 2014-12-20 15:41 - 00001908 _____ () C:\windows\diagerr.xml
2014-12-20 15:32 - 2014-12-20 15:32 - 00002128 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2014-12-20 15:32 - 2014-12-20 15:32 - 00001945 _____ () C:\windows\epplauncher.mif
2014-12-20 15:32 - 2014-12-20 15:32 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-12-20 15:31 - 2014-12-20 15:32 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-12-20 15:03 - 2014-12-20 19:03 - 00000779 _____ () C:\windows\setupact.log
2014-12-20 15:03 - 2014-12-20 15:40 - 00000000 _____ () C:\windows\setuperr.log
2014-12-20 14:11 - 2014-12-20 15:46 - 00081990 _____ () C:\windows\PFRO.log
2014-12-20 14:10 - 2014-12-20 14:10 - 00032768 _____ () C:\windows\system32\persistent_q.db-shm
2014-12-20 14:10 - 2014-12-20 14:10 - 00003176 _____ () C:\windows\system32\persistent_q.db-wal
2014-12-20 14:10 - 2014-12-20 14:10 - 00001024 _____ () C:\windows\system32\persistent_q.db
2014-12-20 12:33 - 2014-12-20 12:33 - 00002788 _____ () C:\windows\System32\Tasks\CCleanerSkipUAC
2014-12-20 12:33 - 2014-12-20 12:33 - 00000000 ____D () C:\Program Files\CCleaner
2014-12-20 12:28 - 2014-12-20 12:28 - 00000000 ____D () C:\windows\System32\Tasks\Safer-Networking
2014-12-20 12:27 - 2014-12-20 12:27 - 00001402 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-12-20 12:27 - 2014-12-20 12:27 - 00001390 _____ () C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-12-20 12:27 - 2014-12-20 12:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-12-20 12:26 - 2014-12-20 14:04 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-12-20 12:26 - 2014-12-20 12:32 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-12-20 12:26 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\windows\system32\sdnclean64.exe
2014-12-20 12:17 - 2014-12-20 12:17 - 00000000 ____D () C:\Users\Phil Borneman\Pavark
2014-12-20 01:15 - 2014-12-20 01:15 - 00006172 _____ () C:\windows\SysWOW64\PerfStringBackup.TMP
2014-12-19 16:39 - 2014-12-19 16:39 - 00000207 _____ () C:\windows\tweaking.com-regbackup-PHIL-PC-Microsoft-Windows-7-Home-Premium-(64-bit).dat
2014-12-19 16:39 - 2014-12-19 16:39 - 00000000 ____D () C:\RegBackup
2014-12-19 16:37 - 2014-12-19 16:37 - 00001047 _____ () C:\Users\Phil Borneman\Desktop\JRT.txt
2014-12-19 16:36 - 2014-12-19 16:36 - 00000000 ____D () C:\Users\Phil Borneman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2014-12-19 16:36 - 2014-12-19 16:36 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-12-19 16:26 - 2014-12-19 16:26 - 00000000 ____D () C:\windows\ERUNT
2014-12-19 15:59 - 2014-12-19 15:59 - 00000000 __SHD () C:\Users\Phil Borneman\AppData\Local\EmieUserList
2014-12-19 15:59 - 2014-12-19 15:59 - 00000000 __SHD () C:\Users\Phil Borneman\AppData\Local\EmieSiteList
2014-12-19 15:59 - 2014-12-19 15:59 - 00000000 __SHD () C:\Users\Phil Borneman\AppData\Local\EmieBrowserModeList
2014-12-19 15:47 - 2014-12-19 15:47 - 00000000 ____D () C:\windows\system32\MRT
2014-12-19 15:46 - 2014-11-27 16:40 - 112710672 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-12-19 15:23 - 2014-12-20 18:11 - 00000000 ____D () C:\Users\Phil Borneman\AppData\Roaming\IObit
2014-12-19 15:22 - 2014-12-19 15:22 - 00000000 ____D () C:\Users\Phil Borneman\AppData\Roaming\ProductData
2014-12-19 14:24 - 2014-12-13 00:09 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2014-12-19 14:24 - 2014-12-12 22:33 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2014-12-19 14:22 - 2014-12-19 14:22 - 00000000 ____D () C:\Users\Phil Borneman\AppData\Roaming\ATI
2014-12-19 14:22 - 2014-12-19 14:22 - 00000000 ____D () C:\Users\Phil Borneman\AppData\Local\ATI
2014-12-19 14:19 - 2014-12-19 14:19 - 00000000 ____D () C:\Users\Phil Borneman\AppData\Roaming\Toshiba
2014-12-19 14:17 - 2014-12-20 11:37 - 00109296 _____ () C:\Users\Phil Borneman\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-19 14:17 - 2014-12-19 14:17 - 00000000 ____D () C:\Users\Phil Borneman\AppData\Roaming\Nero
2014-12-19 14:17 - 2014-12-19 14:17 - 00000000 ____D () C:\Users\Phil Borneman\AppData\Local\TOSHIBA
2014-12-19 14:17 - 2014-12-19 14:17 - 00000000 ____D () C:\Users\Phil Borneman\AppData\Local\SRS Labs
2014-12-19 14:15 - 2014-12-19 14:15 - 00001424 _____ () C:\Users\Phil Borneman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-19 14:15 - 2014-12-19 14:15 - 00000000 ____D () C:\Users\Phil Borneman\AppData\Roaming\Adobe
2014-12-19 14:15 - 2014-12-19 14:15 - 00000000 ____D () C:\Users\Phil Borneman\AppData\Local\Google
2014-12-19 14:14 - 2014-12-19 14:14 - 00000000 ____D () C:\Users\Phil Borneman\AppData\Local\VirtualStore
2014-12-19 14:13 - 2014-12-20 12:17 - 00000000 ____D () C:\Users\Phil Borneman
2014-12-19 14:13 - 2014-12-19 14:13 - 00000020 ___SH () C:\Users\Phil Borneman\ntuser.ini
2014-12-19 14:13 - 2013-09-10 13:19 - 00000000 ____D () C:\Users\Phil Borneman\AppData\Local\Microsoft Help
2014-12-19 14:13 - 2012-04-18 04:07 - 00000000 ____D () C:\Users\Phil Borneman\AppData\Roaming\Macromedia
2014-12-19 14:13 - 2009-07-13 23:54 - 00000000 ___RD () C:\Users\Phil Borneman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-19 14:13 - 2009-07-13 23:49 - 00000000 ___RD () C:\Users\Phil Borneman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-12-15 13:06 - 2013-09-29 13:08 - 00000000 ____D () C:\Users\Public\Desktop\Nero-10.0.13100  (Serials + Themepacks)
2014-12-15 12:44 - 2013-09-29 15:50 - 00000000 ____D () C:\Users\Public\Desktop\amos,n andy
2014-12-14 15:13 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDYAK.DLL
2014-12-14 15:13 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDTAT.DLL
2014-12-14 15:13 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDRU1.DLL
2014-12-14 15:13 - 2014-07-08 21:03 - 00007168 _____ (Microsoft Corporation) C:\windows\system32\KBDBASH.DLL
2014-12-14 15:13 - 2014-07-08 21:03 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\KBDRU.DLL
2014-12-14 15:13 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDYAK.DLL
2014-12-14 15:13 - 2014-07-08 20:31 - 00007168 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDTAT.DLL
2014-12-14 15:13 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU1.DLL
2014-12-14 15:13 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDRU.DLL
2014-12-14 15:13 - 2014-07-08 20:31 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\KBDBASH.DLL
2014-12-14 15:13 - 2014-07-08 17:38 - 00419992 _____ () C:\windows\system32\locale.nls
2014-12-14 15:13 - 2014-07-08 17:30 - 00419992 _____ () C:\windows\SysWOW64\locale.nls
2014-12-13 17:01 - 2014-12-13 17:01 - 00002341 _____ () C:\Users\Admin\Desktop\Safe Money.lnk
2014-12-13 17:00 - 2014-12-13 17:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2014-12-13 17:00 - 2014-12-13 16:58 - 00002143 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2014-12-13 16:56 - 2013-05-06 09:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\windows\system32\klfphc.dll
2014-12-13 16:55 - 2014-12-22 10:11 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-12-13 16:55 - 2014-12-13 16:55 - 00000000 ____D () C:\windows\ELAMBKUP
2014-12-13 16:55 - 2014-12-13 16:55 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-12-13 16:53 - 2014-08-12 18:33 - 00246456 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\klhk.sys
2014-12-13 16:46 - 2014-12-13 16:50 - 202839360 _____ (Kaspersky Lab) C:\Users\Admin\Desktop\kis15.0.1.415EN_6710.exe
2014-12-13 16:42 - 2014-12-13 16:42 - 00000000 __SHD () C:\Users\Admin\AppData\Local\EmieBrowserModeList
2014-12-13 08:28 - 2014-12-13 08:28 - 00000000 ____D () C:\windows\system32\appraiser
2014-12-13 04:35 - 2014-10-17 21:05 - 04121600 _____ (Microsoft Corporation) C:\windows\system32\mf.dll
2014-12-13 04:35 - 2014-10-17 20:33 - 03209728 _____ (Microsoft Corporation) C:\windows\SysWOW64\mf.dll
2014-12-13 04:35 - 2014-07-06 21:06 - 00206848 _____ (Microsoft Corporation) C:\windows\system32\mfps.dll
2014-12-13 04:35 - 2014-07-06 21:06 - 00055808 _____ (Microsoft Corporation) C:\windows\system32\rrinstaller.exe
2014-12-13 04:35 - 2014-07-06 21:06 - 00024576 _____ (Microsoft Corporation) C:\windows\system32\mfpmp.exe
2014-12-13 04:35 - 2014-07-06 21:02 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\mferror.dll
2014-12-13 04:35 - 2014-07-06 20:40 - 00103424 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfps.dll
2014-12-13 04:35 - 2014-07-06 20:39 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\rrinstaller.exe
2014-12-13 04:35 - 2014-07-06 20:39 - 00023040 _____ (Microsoft Corporation) C:\windows\SysWOW64\mfpmp.exe
2014-12-13 04:35 - 2014-07-06 20:37 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\mferror.dll
2014-12-13 03:55 - 2014-06-26 21:08 - 02777088 _____ (Microsoft Corporation) C:\windows\system32\msmpeg2vdec.dll
2014-12-13 03:55 - 2014-06-26 20:45 - 02285056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msmpeg2vdec.dll
2014-12-13 03:29 - 2014-12-13 03:29 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\ProductData
2014-12-13 03:17 - 2014-06-30 17:24 - 00008856 _____ (Microsoft Corporation) C:\windows\system32\icardres.dll
2014-12-13 03:17 - 2014-06-30 17:14 - 00008856 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardres.dll
2014-12-13 03:17 - 2014-03-09 16:48 - 01389208 _____ (Microsoft Corporation) C:\windows\system32\icardagt.exe
2014-12-13 03:17 - 2014-03-09 16:48 - 00171160 _____ (Microsoft Corporation) C:\windows\system32\infocardapi.dll
2014-12-13 03:17 - 2014-03-09 16:47 - 00619672 _____ (Microsoft Corporation) C:\windows\SysWOW64\icardagt.exe
2014-12-13 03:17 - 2014-03-09 16:47 - 00099480 _____ (Microsoft Corporation) C:\windows\SysWOW64\infocardapi.dll
2014-12-13 03:16 - 2014-06-06 01:16 - 00035480 _____ (Microsoft Corporation) C:\windows\SysWOW64\TsWpfWrp.exe
2014-12-13 03:16 - 2014-06-06 01:12 - 00035480 _____ (Microsoft Corporation) C:\windows\system32\TsWpfWrp.exe
2014-12-13 02:43 - 2014-10-13 21:13 - 00683520 _____ (Microsoft Corporation) C:\windows\system32\termsrv.dll
2014-12-13 02:43 - 2014-10-13 21:09 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2014-12-13 02:43 - 2014-10-13 21:07 - 00681984 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2014-12-13 02:43 - 2014-10-13 20:47 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2014-12-13 02:43 - 2014-10-13 20:46 - 00681984 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2014-12-13 02:42 - 2014-10-29 21:03 - 00165888 _____ (Microsoft Corporation) C:\windows\system32\charmap.exe
2014-12-13 02:42 - 2014-10-29 20:45 - 00155136 _____ (Microsoft Corporation) C:\windows\SysWOW64\charmap.exe
2014-12-13 02:42 - 2014-10-13 21:13 - 03241984 _____ (Microsoft Corporation) C:\windows\system32\msi.dll
2014-12-13 02:42 - 2014-10-13 20:50 - 02363904 _____ (Microsoft Corporation) C:\windows\SysWOW64\msi.dll
2014-12-13 02:42 - 2014-06-03 05:02 - 01941504 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2014-12-13 02:42 - 2014-06-03 05:02 - 00504320 _____ (Microsoft Corporation) C:\windows\system32\msihnd.dll
2014-12-13 02:42 - 2014-06-03 05:02 - 00112064 _____ (Microsoft Corporation) C:\windows\system32\consent.exe
2014-12-13 02:42 - 2014-06-03 04:29 - 01805824 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2014-12-13 02:42 - 2014-06-03 04:29 - 00337408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msihnd.dll
2014-12-13 02:37 - 2014-12-03 21:50 - 00830976 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2014-12-13 02:37 - 2014-12-03 21:50 - 00741376 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2014-12-13 02:37 - 2014-12-03 21:50 - 00413184 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2014-12-13 02:37 - 2014-12-03 21:50 - 00396800 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2014-12-13 02:37 - 2014-12-03 21:50 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2014-12-13 02:37 - 2014-12-03 21:50 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\aepic.dll
2014-12-13 02:37 - 2014-12-03 21:44 - 01083392 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2014-12-13 02:37 - 2014-12-01 18:28 - 01232040 _____ (Microsoft Corporation) C:\windows\system32\aitstatic.exe
2014-12-13 02:37 - 2014-08-01 06:53 - 01031168 _____ (Microsoft Corporation) C:\windows\system32\TSWorkspace.dll
2014-12-13 02:37 - 2014-08-01 06:35 - 00793600 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSWorkspace.dll
2014-12-13 02:34 - 2014-06-23 22:29 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2014-12-13 02:34 - 2014-06-23 21:59 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2014-12-13 02:34 - 2014-06-18 17:23 - 01943696 _____ (Microsoft Corporation) C:\windows\system32\dfshim.dll
2014-12-13 02:34 - 2014-06-18 17:23 - 01131664 _____ (Microsoft Corporation) C:\windows\SysWOW64\dfshim.dll
2014-12-13 02:34 - 2014-06-18 17:23 - 00156824 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscorier.dll
2014-12-13 02:34 - 2014-06-18 17:23 - 00156312 _____ (Microsoft Corporation) C:\windows\system32\mscorier.dll
2014-12-13 02:34 - 2014-06-18 17:23 - 00081560 _____ (Microsoft Corporation) C:\windows\SysWOW64\mscories.dll
2014-12-13 02:34 - 2014-06-18 17:23 - 00073880 _____ (Microsoft Corporation) C:\windows\system32\mscories.dll
2014-12-13 02:32 - 2014-06-17 21:18 - 00692736 _____ (Microsoft Corporation) C:\windows\system32\osk.exe
2014-12-13 02:32 - 2014-06-17 20:51 - 00646144 _____ (Microsoft Corporation) C:\windows\SysWOW64\osk.exe
2014-12-13 02:30 - 2014-11-26 20:43 - 00389296 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2014-12-13 02:30 - 2014-11-26 20:10 - 00342200 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2014-12-13 02:30 - 2014-11-21 22:13 - 25059840 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-12-13 02:30 - 2014-11-21 22:06 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-12-13 02:30 - 2014-11-21 22:06 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2014-12-13 02:30 - 2014-11-21 21:50 - 00580096 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2014-12-13 02:30 - 2014-11-21 21:50 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-12-13 02:30 - 2014-11-21 21:49 - 02885120 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-12-13 02:30 - 2014-11-21 21:49 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2014-12-13 02:30 - 2014-11-21 21:48 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2014-12-13 02:30 - 2014-11-21 21:41 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-12-13 02:30 - 2014-11-21 21:40 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-12-13 02:30 - 2014-11-21 21:37 - 00633856 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-12-13 02:30 - 2014-11-21 21:35 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2014-12-13 02:30 - 2014-11-21 21:34 - 06039552 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-12-13 02:30 - 2014-11-21 21:34 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2014-12-13 02:30 - 2014-11-21 21:26 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2014-12-13 02:30 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-12-13 02:30 - 2014-11-21 21:22 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2014-12-13 02:30 - 2014-11-21 21:20 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-12-13 02:30 - 2014-11-21 21:14 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2014-12-13 02:30 - 2014-11-21 21:09 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-12-13 02:30 - 2014-11-21 21:08 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2014-12-13 02:30 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2014-12-13 02:30 - 2014-11-21 21:07 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-12-13 02:30 - 2014-11-21 21:06 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2014-12-13 02:30 - 2014-11-21 21:05 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2014-12-13 02:30 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2014-12-13 02:30 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-12-13 02:30 - 2014-11-21 20:59 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-12-13 02:30 - 2014-11-21 20:58 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-12-13 02:30 - 2014-11-21 20:56 - 00478208 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-12-13 02:30 - 2014-11-21 20:54 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2014-12-13 02:30 - 2014-11-21 20:49 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-12-13 02:30 - 2014-11-21 20:49 - 00718848 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-12-13 02:30 - 2014-11-21 20:47 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2014-12-13 02:30 - 2014-11-21 20:46 - 02125312 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2014-12-13 02:30 - 2014-11-21 20:45 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2014-12-13 02:30 - 2014-11-21 20:43 - 14412800 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-12-13 02:30 - 2014-11-21 20:40 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-12-13 02:30 - 2014-11-21 20:36 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-12-13 02:30 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2014-12-13 02:30 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2014-12-13 02:30 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-12-13 02:30 - 2014-11-21 20:28 - 02358272 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-12-13 02:30 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-12-13 02:30 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2014-12-13 02:30 - 2014-11-21 20:21 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2014-12-13 02:30 - 2014-11-21 20:15 - 01548288 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-12-13 02:30 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-12-13 02:30 - 2014-11-21 20:03 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2014-12-13 02:30 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-12-13 02:30 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-12-13 02:30 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2014-12-13 02:30 - 2014-11-10 22:09 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-12-13 02:30 - 2014-11-10 21:44 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-12-13 02:30 - 2014-11-10 20:46 - 00119296 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tdx.sys
2014-12-13 02:30 - 2014-08-21 01:43 - 01882624 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2014-12-13 02:30 - 2014-08-21 01:40 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2014-12-13 02:30 - 2014-08-21 01:26 - 01237504 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2014-12-13 02:30 - 2014-08-21 01:23 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2014-12-13 02:30 - 2014-06-06 05:10 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-12-13 02:30 - 2014-06-06 04:44 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-12-13 02:30 - 2014-05-30 01:45 - 00497152 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2014-12-13 02:26 - 2014-11-10 22:08 - 00728064 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-12-13 02:26 - 2014-11-10 22:08 - 00241152 _____ (Microsoft Corporation) C:\windows\system32\pku2u.dll
2014-12-13 02:26 - 2014-11-10 21:44 - 00550912 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-12-13 02:26 - 2014-11-10 21:44 - 00186880 _____ (Microsoft Corporation) C:\windows\SysWOW64\pku2u.dll
2014-12-13 02:26 - 2014-10-13 21:16 - 00155064 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2014-12-13 02:26 - 2014-10-13 21:12 - 01460736 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2014-12-13 02:26 - 2014-10-13 20:50 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2014-12-13 02:26 - 2014-10-13 20:49 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2014-12-13 02:26 - 2014-09-24 21:08 - 00371712 _____ (Microsoft Corporation) C:\windows\system32\qdvd.dll
2014-12-13 02:26 - 2014-09-24 20:40 - 00519680 _____ (Microsoft Corporation) C:\windows\SysWOW64\qdvd.dll
2014-12-13 02:26 - 2014-08-11 21:02 - 00878080 _____ (Microsoft Corporation) C:\windows\system32\IMJP10K.DLL
2014-12-13 02:26 - 2014-08-11 20:36 - 00701440 _____ (Microsoft Corporation) C:\windows\SysWOW64\IMJP10K.DLL
2014-12-13 02:24 - 2014-10-02 21:12 - 02020352 _____ (Microsoft Corporation) C:\windows\system32\WsmSvc.dll
2014-12-13 02:24 - 2014-10-02 21:12 - 00500224 _____ (Microsoft Corporation) C:\windows\system32\AUDIOKSE.dll
2014-12-13 02:24 - 2014-10-02 21:12 - 00346624 _____ (Microsoft Corporation) C:\windows\system32\WSManMigrationPlugin.dll
2014-12-13 02:24 - 2014-10-02 21:12 - 00310272 _____ (Microsoft Corporation) C:\windows\system32\WsmWmiPl.dll
2014-12-13 02:24 - 2014-10-02 21:12 - 00181248 _____ (Microsoft Corporation) C:\windows\system32\WsmAuto.dll
2014-12-13 02:24 - 2014-10-02 21:11 - 00680960 _____ (Microsoft Corporation) C:\windows\system32\audiosrv.dll
2014-12-13 02:24 - 2014-10-02 21:11 - 00440832 _____ (Microsoft Corporation) C:\windows\system32\AudioEng.dll
2014-12-13 02:24 - 2014-10-02 21:11 - 00296448 _____ (Microsoft Corporation) C:\windows\system32\AudioSes.dll
2014-12-13 02:24 - 2014-10-02 21:11 - 00284672 _____ (Microsoft Corporation) C:\windows\system32\EncDump.dll
2014-12-13 02:24 - 2014-10-02 21:11 - 00266240 _____ (Microsoft Corporation) C:\windows\system32\WSManHTTPConfig.exe
2014-12-13 02:24 - 2014-10-02 20:45 - 01177088 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmSvc.dll
2014-12-13 02:24 - 2014-10-02 20:45 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManMigrationPlugin.dll
2014-12-13 02:24 - 2014-10-02 20:45 - 00214016 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmWmiPl.dll
2014-12-13 02:24 - 2014-10-02 20:45 - 00145920 _____ (Microsoft Corporation) C:\windows\SysWOW64\WsmAuto.dll
2014-12-13 02:24 - 2014-10-02 20:44 - 00442880 _____ (Microsoft Corporation) C:\windows\SysWOW64\AUDIOKSE.dll
2014-12-13 02:24 - 2014-10-02 20:44 - 00374784 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioEng.dll
2014-12-13 02:24 - 2014-10-02 20:44 - 00198656 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSManHTTPConfig.exe
2014-12-13 02:24 - 2014-10-02 20:44 - 00195584 _____ (Microsoft Corporation) C:\windows\SysWOW64\AudioSes.dll
2014-12-13 02:24 - 2014-09-04 00:23 - 00424448 _____ (Microsoft Corporation) C:\windows\system32\rastls.dll
2014-12-13 02:24 - 2014-09-04 00:04 - 00372736 _____ (Microsoft Corporation) C:\windows\SysWOW64\rastls.dll
2014-12-13 02:24 - 2014-06-15 21:10 - 00985536 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2014-12-13 02:23 - 2014-06-24 21:05 - 14175744 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-12-13 02:23 - 2014-06-24 20:41 - 12874240 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-12-13 02:21 - 2014-11-07 22:16 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\tzres.dll
2014-12-13 02:21 - 2014-11-07 21:45 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\tzres.dll
2014-12-13 02:19 - 2014-09-19 04:42 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-12-13 02:19 - 2014-09-19 04:42 - 00314880 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2014-12-13 02:19 - 2014-09-19 04:42 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2014-12-13 02:19 - 2014-09-19 04:42 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2014-12-13 02:19 - 2014-09-19 04:42 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2014-12-13 02:19 - 2014-09-19 04:42 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2014-12-13 02:19 - 2014-09-19 04:23 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2014-12-13 02:19 - 2014-09-19 04:23 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-12-13 02:19 - 2014-09-19 04:23 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2014-12-13 02:19 - 2014-09-19 04:23 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2014-12-13 02:19 - 2014-09-19 04:23 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2014-12-13 02:19 - 2014-09-19 04:23 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2014-12-13 02:16 - 2014-10-24 20:57 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\packager.dll
2014-12-13 02:16 - 2014-10-24 20:32 - 00067584 _____ (Microsoft Corporation) C:\windows\SysWOW64\packager.dll
2014-12-13 02:14 - 2014-10-09 19:57 - 03198976 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-12-13 02:14 - 2014-07-16 21:07 - 03722240 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2014-12-13 02:14 - 2014-07-16 21:07 - 01118720 _____ (Microsoft Corporation) C:\windows\system32\mstsc.exe
2014-12-13 02:14 - 2014-07-16 21:07 - 00455168 _____ (Microsoft Corporation) C:\windows\system32\winlogon.exe
2014-12-13 02:14 - 2014-07-16 21:07 - 00235520 _____ (Microsoft Corporation) C:\windows\system32\winsta.dll
2014-12-13 02:14 - 2014-07-16 21:07 - 00150528 _____ (Microsoft Corporation) C:\windows\system32\rdpcorekmts.dll
2014-12-13 02:14 - 2014-07-16 20:40 - 00157696 _____ (Microsoft Corporation) C:\windows\SysWOW64\winsta.dll
2014-12-13 02:14 - 2014-07-16 20:39 - 03221504 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2014-12-13 02:14 - 2014-07-16 20:39 - 01051136 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstsc.exe
2014-12-13 02:14 - 2014-07-16 20:39 - 00131584 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll
2014-12-13 02:14 - 2014-07-16 20:21 - 00212480 _____ (Microsoft Corporation) C:\windows\system32\Drivers\rdpwd.sys
2014-12-13 02:14 - 2014-07-16 20:21 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tssecsrv.sys
2014-12-13 02:10 - 2014-08-22 21:07 - 00404480 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-12-13 02:10 - 2014-08-22 20:45 - 00311808 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-12-13 02:09 - 2014-10-17 21:05 - 00861696 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2014-12-13 02:09 - 2014-10-17 20:33 - 00571904 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2014-12-13 02:07 - 2014-07-13 21:02 - 01216000 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2014-12-13 02:07 - 2014-07-13 20:40 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2014-12-12 22:50 - 2014-12-12 22:52 - 00000000 ____D () C:\ProgramData\Sophos
2014-12-12 22:49 - 2014-12-12 22:49 - 00003205 _____ () C:\Users\Admin\Desktop\Sophos Virus Removal Tool.lnk
2014-12-12 22:49 - 2014-12-12 22:49 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Sophos
2014-12-12 22:47 - 2014-12-12 22:47 - 00000000 ____D () C:\Program Files (x86)\Sophos
2014-12-12 22:27 - 2014-12-12 21:50 - 05600944 ____R (Swearware) C:\Users\Public\Documents\combofix.exe
2014-12-12 22:27 - 2013-11-22 17:34 - 78618840 _____ (Sophos Limited) C:\Users\Public\Documents\Sophos Virus Removal Tool.exe
2014-12-12 21:58 - 2011-06-26 01:45 - 00256000 _____ () C:\windows\PEV.exe
2014-12-12 21:58 - 2010-11-07 12:20 - 00208896 _____ () C:\windows\MBR.exe
2014-12-12 21:58 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\windows\NIRCMD.exe
2014-12-12 21:58 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\windows\SWREG.exe
2014-12-12 21:58 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\windows\SWSC.exe
2014-12-12 21:58 - 2000-08-30 19:00 - 00098816 _____ () C:\windows\sed.exe
2014-12-12 21:58 - 2000-08-30 19:00 - 00080412 _____ () C:\windows\grep.exe
2014-12-12 21:58 - 2000-08-30 19:00 - 00068096 _____ () C:\windows\zip.exe
2014-12-12 21:57 - 2014-12-12 21:58 - 00000000 ___SD () C:\32788R22FWJFW
2014-12-12 21:57 - 2014-12-12 21:58 - 00000000 ____D () C:\Qoobox
2014-12-12 21:57 - 2014-12-12 21:57 - 00000000 ____D () C:\windows\erdnt
2014-12-12 21:55 - 2014-12-12 21:55 - 00000278 _____ () C:\windows\Tasks\Uninstaller_SkipUac_Admin.job
2014-12-12 21:29 - 2014-12-12 21:55 - 00000000 ____D () C:\ProgramData\ParetoLogic
2014-12-12 21:29 - 2014-12-12 21:29 - 00000563 _____ () C:\windows\Tasks\RegCure Pro_sch_DD867A9C-826F-11E4-9C22-4C72B92D6028.job
2014-12-12 21:29 - 2014-12-12 21:29 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\ParetoLogic
2014-12-12 19:37 - 2014-12-12 19:37 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Nero
2014-12-12 19:37 - 2014-12-12 19:37 - 00000000 ____D () C:\Users\Admin\AppData\Local\AppEx Networks
2014-12-12 19:20 - 2014-12-12 19:20 - 00000000 ____D () C:\ProgramData\ATI
2014-12-12 19:14 - 2014-12-12 19:15 - 00000000 ____D () C:\Program Files\AMD Quick Stream
2014-12-12 19:14 - 2014-12-12 19:14 - 00055445 _____ () C:\windows\SysWOW64\CCCInstall_201412121914187036.log
2014-12-12 19:14 - 2014-12-12 19:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Quick Stream
2014-12-12 19:14 - 2014-12-12 19:14 - 00000000 ____D () C:\ProgramData\AMD
2014-12-12 19:14 - 2014-12-12 19:14 - 00000000 ____D () C:\Program Files (x86)\AMD AVT
2014-12-12 19:14 - 2013-04-18 07:04 - 00219360 _____ (AppEx Networks Corporation) C:\windows\system32\Drivers\appexDrv.sys
2014-12-12 19:13 - 2014-12-12 19:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2014-12-12 18:32 - 2014-12-12 18:32 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\ATI
2014-12-12 18:32 - 2014-12-12 18:32 - 00000000 ____D () C:\Users\Admin\AppData\Local\ATI
2014-12-12 18:29 - 2014-12-12 18:32 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-12 18:27 - 2014-12-12 19:13 - 00000000 ____D () C:\Program Files\ATI Technologies
2014-12-12 18:12 - 2014-12-12 18:12 - 00000023 _____ () C:\model.bat
2014-12-12 18:12 - 2014-12-12 18:12 - 00000000 ____D () C:\UBIOS
2014-12-12 18:11 - 2014-12-12 18:11 - 00000000 ____D () C:\skbqv610
2014-12-12 18:03 - 2012-07-19 09:47 - 01411216 _____ (Realtek Semiconductor Corporation ) C:\windows\system32\Drivers\rtl8188ee.sys
2014-12-12 18:03 - 2012-02-14 19:37 - 00594432 _____ (Realtek Semiconductor Corp. ) C:\windows\system32\Rtlihvs.dll
2014-12-12 17:59 - 2014-12-12 17:59 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\WinBatch
2014-12-12 07:12 - 2014-12-12 07:12 - 00000000 ____D () C:\Users\Admin\AppData\Local\CrashDumps
2014-12-12 07:10 - 2014-12-12 19:48 - 00000382 _____ () C:\TMachInfo.log
2014-12-12 07:10 - 2014-12-12 07:10 - 00000000 __SHD () C:\Users\Admin\AppData\Local\EmieUserList
2014-12-12 07:10 - 2014-12-12 07:10 - 00000000 __SHD () C:\Users\Admin\AppData\Local\EmieSiteList
2014-12-12 06:53 - 2014-12-12 07:09 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\IObit
2014-12-12 06:45 - 2014-12-12 06:45 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Toshiba
2014-12-12 06:45 - 2014-12-12 06:45 - 00000000 ____D () C:\Users\Admin\AppData\Local\SRS Labs
2014-12-12 06:43 - 2014-12-13 14:18 - 00109296 _____ () C:\Users\Admin\AppData\Local\GDIPFONTCACHEV1.DAT
2014-12-12 06:43 - 2014-12-12 06:44 - 00000000 ____D () C:\Users\Admin\AppData\Local\TOSHIBA
2014-12-12 06:42 - 2014-12-12 06:42 - 00001424 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-12-12 06:42 - 2014-12-12 06:42 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Adobe
2014-12-12 06:42 - 2014-12-12 06:42 - 00000000 ____D () C:\Users\Admin\AppData\Local\Google
2014-12-12 06:40 - 2014-12-12 06:40 - 00000000 ____D () C:\Users\Admin\AppData\Local\VirtualStore
2014-12-12 06:40 - 2014-12-12 06:40 - 00000000 ____D () C:\Users\Admin\AppData\Local\Symantec
2014-12-12 06:39 - 2014-12-12 06:42 - 00000000 ____D () C:\Users\Admin
2014-12-12 06:39 - 2014-12-12 06:39 - 00000020 ___SH () C:\Users\Admin\ntuser.ini
2014-12-12 06:39 - 2013-09-10 13:19 - 00000000 ____D () C:\Users\Admin\AppData\Local\Microsoft Help
2014-12-12 06:39 - 2012-04-18 04:07 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Macromedia
2014-12-12 06:39 - 2009-07-13 23:54 - 00000000 ___RD () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-12-12 06:39 - 2009-07-13 23:49 - 00000000 ___RD () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-12-10 01:23 - 2014-12-10 01:23 - 11222744 _____ (SurfRight B.V.) C:\Users\Phil\Downloads\hitmanpro_x64.exe
2014-12-09 19:47 - 2014-12-09 19:47 - 00000000 ____D () C:\windows\Sun
2014-12-09 19:45 - 2014-12-09 19:38 - 00895912 _____ (Oracle Corporation) C:\windows\SysWOW64\npdeployJava1.dll
2014-12-09 19:45 - 2014-12-09 19:38 - 00816552 _____ (Oracle Corporation) C:\windows\SysWOW64\deployJava1.dll
2014-12-09 19:45 - 2014-12-09 19:38 - 00272296 _____ (Oracle Corporation) C:\windows\SysWOW64\javaws.exe
2014-12-09 19:45 - 2014-12-09 19:38 - 00176552 _____ (Oracle Corporation) C:\windows\SysWOW64\javaw.exe
2014-12-09 19:45 - 2014-12-09 19:38 - 00176552 _____ (Oracle Corporation) C:\windows\SysWOW64\java.exe
2014-12-09 19:41 - 2014-12-09 19:38 - 00098216 _____ (Oracle Corporation) C:\windows\SysWOW64\WindowsAccessBridge-32.dll
2014-12-09 19:40 - 2014-12-09 19:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2014-12-09 19:36 - 2014-12-09 19:36 - 00000000 ____D () C:\ProgramData\Oracle
2014-12-09 19:33 - 2014-12-09 19:33 - 00638888 _____ (Oracle Corporation) C:\Users\Phil\Downloads\chromeinstall-8u25.exe
2014-12-09 19:03 - 2014-12-12 06:28 - 00007609 _____ () C:\Users\Phil\AppData\Local\Resmon.ResmonCfg
2014-12-09 16:24 - 2014-12-09 16:24 - 77447168 _____ () C:\windows\system32\config\SOFTWARE.iobit
2014-12-09 16:24 - 2014-12-09 16:24 - 00294912 _____ () C:\windows\system32\config\DEFAULT.iobit
2014-12-09 16:24 - 2014-12-09 16:24 - 00057344 _____ () C:\windows\system32\config\SAM.iobit
2014-12-09 16:24 - 2014-12-09 16:24 - 00028672 _____ () C:\windows\system32\config\SECURITY.iobit
2014-12-09 13:31 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_7.dll
2014-12-09 13:31 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_7.dll
2014-12-09 13:31 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine3_7.dll
2014-12-09 13:31 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\windows\system32\xactengine3_7.dll
2014-12-09 13:31 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\windows\system32\XAPOFX1_5.dll
2014-12-09 13:31 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAPOFX1_5.dll
2014-12-09 13:31 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_43.dll
2014-12-09 13:31 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\windows\system32\D3DX9_43.dll
2014-12-09 13:31 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_43.dll
2014-12-09 13:31 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DX9_43.dll
2014-12-09 13:31 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\windows\system32\d3dcsx_43.dll
2014-12-09 13:31 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dcsx_43.dll
2014-12-09 13:31 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_43.dll
2014-12-09 13:31 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_43.dll
2014-12-09 13:31 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\windows\system32\d3dx11_43.dll
2014-12-09 13:31 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx11_43.dll
2014-12-09 13:31 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_6.dll
2014-12-09 13:31 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_6.dll
2014-12-09 13:31 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine3_6.dll
2014-12-09 13:31 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\windows\system32\xactengine3_6.dll
2014-12-09 13:31 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\windows\system32\XAPOFX1_4.dll
2014-12-09 13:31 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAPOFX1_4.dll
2014-12-09 13:31 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\windows\system32\X3DAudio1_7.dll
2014-12-09 13:31 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\windows\SysWOW64\X3DAudio1_7.dll
2014-12-09 13:31 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_5.dll
2014-12-09 13:31 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine3_5.dll
2014-12-09 13:31 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\windows\system32\xactengine3_5.dll
2014-12-09 13:31 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\windows\system32\XAPOFX1_3.dll
2014-12-09 13:31 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\windows\system32\d3dcsx_42.dll
2014-12-09 13:31 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dcsx_42.dll
2014-12-09 13:31 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_42.dll
2014-12-09 13:31 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\windows\system32\D3DX9_42.dll
2014-12-09 13:31 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_42.dll
2014-12-09 13:31 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DX9_42.dll
2014-12-09 13:31 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\windows\system32\d3dx11_42.dll
2014-12-09 13:31 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx11_42.dll
2014-12-09 13:31 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_4.dll
2014-12-09 13:31 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_4.dll
2014-12-09 13:31 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine3_4.dll
2014-12-09 13:31 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\windows\system32\xactengine3_4.dll
2014-12-09 13:31 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\windows\system32\X3DAudio1_6.dll
2014-12-09 13:31 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\windows\SysWOW64\X3DAudio1_6.dll
2014-12-09 13:31 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\windows\system32\D3DX9_41.dll
2014-12-09 13:31 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DX9_41.dll
2014-12-09 13:31 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_41.dll
2014-12-09 13:31 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_41.dll
2014-12-09 13:31 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_3.dll
2014-12-09 13:31 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_3.dll
2014-12-09 13:31 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine3_3.dll
2014-12-09 13:31 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\windows\system32\xactengine3_3.dll
2014-12-09 13:31 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\windows\system32\XAPOFX1_2.dll
2014-12-09 13:31 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAPOFX1_2.dll
2014-12-09 13:31 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\windows\system32\X3DAudio1_5.dll
2014-12-09 13:31 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\windows\SysWOW64\X3DAudio1_5.dll
2014-12-09 13:31 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\windows\system32\D3DX9_40.dll
2014-12-09 13:31 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DX9_40.dll
2014-12-09 13:31 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_40.dll
2014-12-09 13:31 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_40.dll
2014-12-09 13:31 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_40.dll
2014-12-09 13:31 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_40.dll
2014-12-09 13:31 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine3_2.dll
2014-12-09 13:31 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\windows\system32\xactengine3_2.dll
2014-12-09 13:31 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\windows\system32\XAPOFX1_1.dll
2014-12-09 13:31 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAPOFX1_1.dll
2014-12-09 13:31 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_2.dll
2014-12-09 13:31 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_2.dll
2014-12-09 13:31 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_39.dll
2014-12-09 13:31 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\windows\system32\D3DX9_39.dll
2014-12-09 13:31 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DX9_39.dll
2014-12-09 13:31 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_39.dll
2014-12-09 13:31 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_39.dll
2014-12-09 13:31 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_39.dll
2014-12-09 13:31 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_1.dll
2014-12-09 13:31 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_1.dll
2014-12-09 13:31 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine3_1.dll
2014-12-09 13:31 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\windows\system32\xactengine3_1.dll
2014-12-09 13:31 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\windows\system32\XAPOFX1_0.dll
2014-12-09 13:31 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAPOFX1_0.dll
2014-12-09 13:31 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\windows\SysWOW64\X3DAudio1_4.dll
2014-12-09 13:31 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\windows\system32\X3DAudio1_4.dll
2014-12-09 13:31 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\windows\system32\D3DX9_38.dll
2014-12-09 13:31 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DX9_38.dll
2014-12-09 13:31 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_38.dll
2014-12-09 13:31 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_38.dll
2014-12-09 13:31 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_38.dll
2014-12-09 13:31 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_38.dll
2014-12-09 13:31 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\windows\system32\XAudio2_0.dll
2014-12-09 13:31 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\windows\SysWOW64\XAudio2_0.dll
2014-12-09 13:31 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine3_0.dll
2014-12-09 13:31 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\windows\system32\xactengine3_0.dll
2014-12-09 13:31 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\windows\system32\X3DAudio1_3.dll
2014-12-09 13:31 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\windows\SysWOW64\X3DAudio1_3.dll
2014-12-09 13:31 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\windows\system32\D3DX9_37.dll
2014-12-09 13:31 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DX9_37.dll
2014-12-09 13:31 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_37.dll
2014-12-09 13:31 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_37.dll
2014-12-09 13:31 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_37.dll
2014-12-09 13:31 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_37.dll
2014-12-09 13:31 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_10.dll
2014-12-09 13:31 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_10.dll
2014-12-09 13:31 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\windows\system32\X3DAudio1_2.dll
2014-12-09 13:31 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\windows\SysWOW64\X3DAudio1_2.dll
2014-12-09 13:31 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_36.dll
2014-12-09 13:31 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_36.dll
2014-12-09 13:31 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_36.dll
2014-12-09 13:31 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_36.dll
2014-12-09 13:31 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_36.dll
2014-12-09 13:31 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_36.dll
2014-12-09 13:31 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_9.dll
2014-12-09 13:31 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_9.dll
2014-12-09 13:31 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_35.dll
2014-12-09 13:31 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_35.dll
2014-12-09 13:31 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_35.dll
2014-12-09 13:31 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_35.dll
2014-12-09 13:31 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_35.dll
2014-12-09 13:31 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_35.dll
2014-12-09 13:31 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_8.dll
2014-12-09 13:31 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_8.dll
2014-12-09 13:31 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_34.dll
2014-12-09 13:31 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_34.dll
2014-12-09 13:31 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_34.dll
2014-12-09 13:31 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_34.dll
2014-12-09 13:31 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_34.dll
2014-12-09 13:31 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_34.dll
2014-12-09 13:31 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_7.dll
2014-12-09 13:31 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_7.dll
2014-12-09 13:31 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\windows\system32\xinput1_3.dll
2014-12-09 13:31 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\windows\SysWOW64\xinput1_3.dll
2014-12-09 13:31 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\windows\system32\d3dx10_33.dll
2014-12-09 13:31 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10_33.dll
2014-12-09 13:31 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_33.dll
2014-12-09 13:31 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_33.dll
2014-12-09 13:31 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\windows\system32\D3DCompiler_33.dll
2014-12-09 13:31 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\windows\SysWOW64\D3DCompiler_33.dll
2014-12-09 13:31 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_6.dll
2014-12-09 13:31 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_6.dll
2014-12-09 13:30 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\windows\system32\x3daudio1_1.dll
2014-12-09 13:30 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\windows\SysWOW64\x3daudio1_1.dll
2014-12-09 13:30 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_5.dll
2014-12-09 13:30 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_5.dll
2014-12-09 13:30 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\windows\system32\d3dx10.dll
2014-12-09 13:30 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx10.dll
2014-12-09 13:30 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_31.dll
2014-12-09 13:30 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_31.dll
2014-12-09 13:30 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_4.dll
2014-12-09 13:30 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_4.dll
2014-12-09 13:30 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\windows\system32\xinput1_2.dll
2014-12-09 13:30 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_3.dll
2014-12-09 13:30 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_3.dll
2014-12-09 13:30 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\windows\SysWOW64\xinput1_2.dll
2014-12-09 13:30 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_2.dll
2014-12-09 13:30 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_2.dll
2014-12-09 13:30 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_30.dll
2014-12-09 13:30 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_30.dll
2014-12-09 13:30 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_1.dll
2014-12-09 13:30 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_1.dll
2014-12-09 13:30 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\windows\system32\xinput1_1.dll
2014-12-09 13:30 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\windows\SysWOW64\xinput1_1.dll
2014-12-09 13:30 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_29.dll
2014-12-09 13:30 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_29.dll
2014-12-09 13:30 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\windows\system32\xactengine2_0.dll
2014-12-09 13:30 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\windows\SysWOW64\xactengine2_0.dll
2014-12-09 13:30 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\windows\system32\x3daudio1_0.dll
2014-12-09 13:30 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\windows\SysWOW64\x3daudio1_0.dll
2014-12-09 13:30 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_28.dll
2014-12-09 13:30 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_28.dll
2014-12-09 13:30 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_27.dll
2014-12-09 13:30 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_27.dll
2014-12-09 13:30 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_26.dll
2014-12-09 13:30 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_26.dll
2014-12-09 13:30 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_25.dll
2014-12-09 13:30 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_25.dll
2014-12-09 13:30 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\windows\system32\d3dx9_24.dll
2014-12-09 13:30 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3dx9_24.dll
2014-12-09 13:26 - 2014-12-09 19:45 - 00000000 ____D () C:\Program Files (x86)\Java
2014-12-09 13:25 - 2014-12-09 13:25 - 00011944 _____ (Advanced Micro Devices Inc.) C:\windows\system32\Drivers\amdide64.sys
2014-12-09 13:22 - 2014-12-09 13:22 - 01959128 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RTSnMg64.cpl
2014-12-09 13:21 - 2014-12-09 13:22 - 02834648 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtPgEx64.dll
2014-12-09 13:21 - 2014-12-09 13:21 - 03962840 _____ (Realtek Semiconductor Corp.) C:\windows\system32\Drivers\RTKVHD64.sys
2014-12-09 13:21 - 2014-12-09 13:21 - 02800344 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RltkAPO64.dll
2014-12-09 13:21 - 2014-12-09 13:21 - 02770976 _____ (Fortemedia Corporation) C:\windows\system32\FMAPO64.dll
2014-12-09 13:21 - 2014-12-09 13:21 - 01286872 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RTCOM64.dll
2014-12-09 13:21 - 2014-12-09 13:21 - 01099203 _____ () C:\windows\system32\Drivers\RTAIODAT.DAT
2014-12-09 13:21 - 2014-12-09 13:21 - 01022168 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtkApi64.dll
2014-12-09 13:21 - 2014-12-09 13:21 - 00948952 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RCoInstII64.dll
2014-12-09 13:21 - 2014-12-09 13:21 - 00628952 _____ (Realtek Semiconductor Corp.) C:\windows\system32\RtDataProc64.dll
2014-12-09 13:21 - 2014-12-09 13:21 - 00209096 _____ (Andrea Electronics Corporation) C:\windows\system32\AERTAC64.dll
2014-12-09 13:21 - 2014-12-09 13:21 - 00113576 _____ (Real Sound Lab SIA) C:\windows\system32\CONEQMSAPOGUILibrary.dll
2014-12-09 13:21 - 2014-12-09 13:21 - 00108640 _____ (Andrea Electronics Corporation) C:\windows\system32\AERTAR64.dll
2014-12-09 13:19 - 2014-12-09 13:19 - 00110080 _____ (Advanced Micro Devices) C:\windows\system32\DelayAPO.dll
2014-12-09 13:19 - 2014-12-09 13:19 - 00094720 _____ (Advanced Micro Devices) C:\windows\system32\Drivers\AtihdW76.sys
2014-12-09 13:17 - 2012-08-14 11:20 - 01148048 _____ (Realtek Semiconductor Corporation ) C:\windows\system32\Drivers\rtwlane.sys
2014-12-09 13:14 - 2014-12-09 13:14 - 00941784 _____ (Realtek ) C:\windows\system32\Drivers\Rt64win7.sys
2014-12-09 13:14 - 2014-12-09 13:14 - 00107552 _____ (Realtek Semiconductor Corporation) C:\windows\system32\RTNUninst64.dll
2014-12-09 13:14 - 2014-12-09 13:14 - 00073800 _____ (Realtek Semiconductor Corporation) C:\windows\system32\RtNicProp64.dll
2014-12-09 13:12 - 2014-12-09 13:12 - 09890008 _____ (Realtek Semiconductor Corp.) C:\windows\SysWOW64\RsCRIcon.dll
2014-12-09 13:12 - 2014-12-09 13:12 - 00272600 _____ (Realtek Semiconductor Corp.) C:\windows\system32\Drivers\RtsUStor.sys
2014-12-09 13:11 - 2014-12-09 13:11 - 00106816 _____ (Advanced Micro Devices, INC.) C:\windows\system32\Drivers\amdhub30.sys
2014-12-09 12:42 - 2014-12-09 13:09 - 00227648 _____ (Advanced Micro Devices, INC.) C:\windows\system32\Drivers\amdxhc.sys
2014-12-09 12:34 - 2014-05-14 11:23 - 02477536 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2014-12-09 12:34 - 2014-05-14 11:23 - 00058336 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2014-12-09 12:34 - 2014-05-14 11:23 - 00044512 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2014-12-09 12:34 - 2014-05-14 11:21 - 02620928 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2014-12-09 12:33 - 2014-05-14 11:23 - 00700384 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2014-12-09 12:33 - 2014-05-14 11:23 - 00581600 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2014-12-09 12:33 - 2014-05-14 11:23 - 00038880 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2014-12-09 12:33 - 2014-05-14 11:23 - 00036320 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2014-12-09 12:33 - 2014-05-14 11:20 - 00097792 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2014-12-09 12:33 - 2014-05-14 11:17 - 00092672 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2014-12-09 12:32 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2014-12-09 12:32 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2014-12-09 12:32 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2014-12-09 12:32 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2014-12-09 12:29 - 2014-12-09 12:29 - 00002884 _____ () C:\windows\System32\Tasks\Uninstaller_SkipUac_Phil
2014-12-09 12:29 - 2014-12-09 12:29 - 00000000 ____D () C:\Users\Phil\AppData\Roaming\ProductData
2014-12-09 12:28 - 2014-12-09 12:28 - 00000000 ____D () C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2014-12-09 12:26 - 2014-12-09 12:26 - 00000000 ____D () C:\windows\Tasks\ImCleanDisabled
2014-12-09 12:26 - 2014-12-09 12:26 - 00000000 ____D () C:\Users\Phil\AppData\Roaming\Apple Computer
2014-12-09 12:23 - 2014-12-19 15:22 - 00000000 ____D () C:\ProgramData\ProductData
2014-12-09 12:20 - 2014-12-20 18:13 - 00000000 ____D () C:\ProgramData\IObit
2014-12-09 12:20 - 2014-12-10 01:07 - 00002852 _____ () C:\windows\System32\Tasks\Driver Booster SkipUAC (Phil)
2014-12-09 12:20 - 2014-12-09 12:28 - 00000000 ____D () C:\Users\Phil\AppData\Roaming\IObit
2014-12-09 12:20 - 2014-12-09 12:20 - 00003212 _____ () C:\windows\System32\Tasks\Driver Booster Scan
2014-12-09 12:20 - 2014-12-09 12:20 - 00003156 _____ () C:\windows\System32\Tasks\Driver Booster Update
2014-12-09 12:19 - 2014-12-20 18:10 - 00000000 ____D () C:\Program Files (x86)\IObit
2014-12-09 12:19 - 2014-12-09 12:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 2
2014-12-08 14:35 - 2014-12-09 20:18 - 00000045 _____ () C:\windows\SysWOW64\_WKERNEL.SYL
2014-12-08 14:34 - 2014-12-08 14:40 - 00000000 ____D () C:\Program Files (x86)\WinUtilities
2014-12-08 14:34 - 2014-12-08 14:34 - 00001039 _____ () C:\Users\Public\Desktop\WinUtilities.lnk
2014-12-08 14:34 - 2014-12-08 14:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinUtilities
2014-12-08 14:34 - 2010-07-25 22:23 - 01706800 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdiplus.dll
2014-12-08 14:34 - 2010-07-25 22:23 - 00544768 _____ (Stardock Corporation) C:\windows\SysWOW64\wbocx.ocx
2014-12-08 14:34 - 2010-07-25 22:23 - 00258352 _____ (Microsoft Corporation) C:\windows\SysWOW64\unicows.dll
2014-12-08 14:34 - 2010-07-25 22:23 - 00056496 _____ (Stardock.Net, Inc) C:\windows\SysWOW64\wbhelp2.dll
2014-12-08 14:34 - 2010-07-25 22:23 - 00033968 _____ (Neil Banfield) C:\windows\SysWOW64\anim.dll
2014-12-08 14:34 - 2010-07-25 22:23 - 00004608 _____ (Microsoft Corporation) C:\windows\SysWOW64\W95INF32.DLL
2014-12-08 14:34 - 2010-07-25 22:23 - 00002272 _____ (Microsoft Corporation) C:\windows\SysWOW64\W95INF16.DLL
2014-12-08 10:26 - 2014-12-11 22:42 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-12-07 17:26 - 2014-12-22 10:20 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-12-07 16:56 - 2014-12-09 20:17 - 00129752 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2014-12-07 16:56 - 2014-12-07 16:56 - 00001113 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-07 16:56 - 2014-12-07 16:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-07 16:55 - 2014-12-07 16:56 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-07 16:55 - 2014-12-07 16:55 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-12-07 16:55 - 2014-11-21 06:14 - 00093400 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbamchameleon.sys
2014-12-07 16:55 - 2014-11-21 06:14 - 00063704 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mwac.sys
2014-12-07 16:55 - 2014-11-21 06:14 - 00025816 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-12-07 16:53 - 2014-12-12 06:54 - 00034808 _____ () C:\windows\system32\Drivers\TrueSight.sys
2014-12-07 16:52 - 2014-12-07 16:52 - 00000000 ____D () C:\ProgramData\RogueKiller
2014-12-07 16:28 - 2014-12-07 16:28 - 20447072 _____ (Malwarebytes Corporation ) C:\Users\Phil\Downloads\mbam-setup-2.0.4.1028.exe
2014-12-07 16:27 - 2014-12-07 16:27 - 15196248 _____ () C:\Users\Phil\Downloads\RogueKiller.exe
2014-12-07 16:23 - 2014-12-12 06:59 - 00000000 ____D () C:\AdwCleaner
2014-12-07 16:23 - 2014-12-07 16:23 - 02153472 _____ () C:\Users\Phil\Downloads\AdwCleaner.exe
2014-12-07 16:23 - 2014-12-07 16:23 - 00000000 _____ () C:\Users\Phil\Downloads\AdwCleaner.exe.5umgnbr.partial

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-12-22 10:13 - 2014-11-17 08:08 - 00000898 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-12-22 10:06 - 2014-11-17 08:08 - 00000894 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-12-22 10:06 - 2013-09-05 16:20 - 01693117 _____ () C:\windows\WindowsUpdate.log
2014-12-22 09:57 - 2014-10-21 17:24 - 00000000 ___HD () C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2014-12-20 19:11 - 2014-11-12 14:41 - 00006560 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-12-20 19:11 - 2014-11-12 14:41 - 00006560 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-12-20 19:09 - 2014-11-12 14:48 - 00006172 _____ () C:\windows\system32\PerfStringBackup.TMP
2014-12-20 19:03 - 2014-11-12 14:37 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-12-20 12:58 - 2014-08-28 13:52 - 00000000 ____D () C:\windows\Minidump
2014-12-20 02:25 - 2009-07-13 23:45 - 00408136 _____ () C:\windows\system32\FNTCACHE.DAT
2014-12-20 02:04 - 2009-07-13 21:34 - 00000616 _____ () C:\windows\win.ini
2014-12-19 16:06 - 2009-07-14 00:09 - 00000000 ____D () C:\windows\System32\Tasks\WPD
2014-12-15 03:06 - 2013-09-10 12:23 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-12-15 03:06 - 2013-09-10 12:23 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-12-15 03:02 - 2013-09-10 12:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-12-14 16:29 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\rescache
2014-12-14 01:16 - 2014-06-30 17:17 - 00000000 ___HD () C:\Tools
2014-12-13 17:10 - 2014-08-20 18:04 - 00818888 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\klif.sys
2014-12-13 17:10 - 2014-08-18 14:43 - 00150536 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\klflt.sys
2014-12-13 17:10 - 2014-08-13 19:34 - 00077512 _____ (Kaspersky Lab ZAO) C:\windows\system32\Drivers\klwtp.sys
2014-12-13 08:28 - 2014-05-07 02:05 - 00000000 ___SD () C:\windows\system32\CompatTel
2014-12-13 08:28 - 2010-11-21 02:17 - 00000000 ____D () C:\Program Files\Windows Journal
2014-12-13 08:28 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\AppCompat
2014-12-13 08:26 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\SysWOW64\Dism
2014-12-13 08:26 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\system32\Dism
2014-12-13 08:26 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\PolicyDefinitions
2014-12-13 07:34 - 2013-09-05 17:09 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-12 21:21 - 2009-07-13 22:20 - 00000000 ____D () C:\windows\system32\NDF
2014-12-12 19:43 - 2014-06-30 18:11 - 00000000 ____D () C:\windows\pss
2014-12-12 19:11 - 2013-09-05 16:21 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2014-12-12 18:04 - 2013-09-05 16:34 - 00000000 ____D () C:\Program Files (x86)\Realtek WLAN Driver
2014-12-12 06:12 - 2014-11-04 10:44 - 00002194 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-12-09 19:26 - 2012-04-18 04:08 - 00701104 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-12-09 19:26 - 2012-04-18 04:08 - 00071344 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-09 19:26 - 2012-04-18 04:08 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-12-09 16:54 - 2012-04-18 03:32 - 00000000 ____D () C:\windows\Panther
2014-12-09 13:28 - 2013-09-12 15:31 - 00000000 ____D () C:\Users\Phil\AppData\Local\Adobe
2014-12-09 13:28 - 2013-09-06 10:39 - 00000000 ____D () C:\Users\Phil\AppData\Roaming\Adobe
2014-12-09 13:23 - 2013-09-05 16:26 - 00000000 ____D () C:\windows\SysWOW64\RTCOM
2014-12-08 15:28 - 2013-09-05 17:24 - 00000000 ____D () C:\Users\Phil\AppData\Local\CrashDumps
2014-12-08 12:34 - 2013-09-05 16:16 - 00000000 ____D () C:\Users\Phil
2014-11-24 14:04 - 2010-11-20 22:27 - 00275080 ____N (Microsoft Corporation) C:\windows\system32\MpSigStub.exe

Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Phil\AppData\Local\Temp\Quarantine.exe
C:\Users\Phil Borneman\AppData\Local\Temp\CLKAMI.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2014-12-15 00:04

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 22-12-2014 01
Ran by Phil Borneman at 2014-12-22 10:57:38
Running from C:\Users\Phil Borneman\Desktop
Boot Mode: Normal
==========================================================

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
AS: Microsoft Security Essentials (Enabled - Up to date) {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Disabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: IObit Malware Fighter (Enabled - Up to date) {A751AC20-3B48-5237-898A-78C4436BB78D}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.356 - Adobe Systems Incorporated)
Adobe Flash Player 15 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 15.0.0.246 - Adobe Systems Incorporated)
Adobe Reader X MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.0.0 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{EEB4B649-8EAB-508E-1043-0FCA9091D6F6}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.4.4.2 - AppEx Networks)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.01 - Piriform)
Connect to an OMG Technician 855-316-8324 (HKLM-x32\...\{A22B8513-EA8C-46A1-9735-F5BE971C368D}) (Version: 7.4.515 - LogMeIn, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Driver Booster 2 (HKLM-x32\...\Driver Booster_is1) (Version: 2.0 - IObit)
FATE (x32 Version: 2.2.0.97 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.5111.1712 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
High-Definition Video Playback 10 (x32 Version: 7.0.11400.29.0 - Nero AG) Hidden
IObit Malware Fighter (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 2.5 - IObit)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.1.5.24 - IObit)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{8ED07EBD-22AD-415A-B71E-C1AD86862C2E}) (Version: 15.0.1.415 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 15.0.1.415 - Kaspersky Lab) Hidden
Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Primary Interoperability Assemblies 2005 (HKLM-x32\...\{D24DB8B9-BB6C-4334-9619-BA1C650E13D3}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.6.305.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Nero BackItUp 10 (HKLM-x32\...\{68AB6930-5BFF-4FF6-923B-516A91984FE6}) (Version: 5.4.11600.19.100 - Nero AG)
Nero Burning ROM 10 (HKLM-x32\...\{7A5D731D-B4B3-490E-B339-75685712BAAB}) (Version: 10.0.11100.10.100 - Nero AG)
Nero BurnRights 10 (HKLM-x32\...\{943CFD7D-5336-47AF-9418-E02473A5A517}) (Version: 4.0.11000.12.100 - Nero AG)
Nero CoverDesigner 10 (HKLM-x32\...\{FCF00A6E-FB58-477A-ABE9-232907105521}) (Version: 5.0.10900.11.100 - Nero AG)
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.0.10800.7.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.0.11000.10.100 - Nero AG)
Nero InfoTool 10 (HKLM-x32\...\{F412B4AF-388C-4FF5-9B2F-33DB1C536953}) (Version: 7.0.10800.8.100 - Nero AG)
Nero MediaHub 10 (HKLM-x32\...\{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}) (Version: 1.0.13400.11.100 - Nero AG)
Nero Multimedia Suite 10 (HKLM-x32\...\{277C1559-4CF7-44FF-8D07-98AA9C13AABD}) (Version: 10.0.13100 - Nero AG)
Nero Recode 10 (HKLM-x32\...\{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}) (Version: 4.6.10900.4.100 - Nero AG)
Nero RescueAgent 10 (HKLM-x32\...\{E337E787-CF61-4B7B-B84F-509202A54023}) (Version: 3.0.10900.9.100 - Nero AG)
Nero SoundTrax 10 (HKLM-x32\...\{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}) (Version: 4.6.10600.2.100 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.0.11200.12.100 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0017 - Nero AG)
Nero Vision 10 (HKLM-x32\...\{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}) (Version: 7.0.11100.8.100 - Nero AG)
Nero WaveEditor 10 (HKLM-x32\...\{EDCDFAD5-DF80-4600-A493-E9DAD6810230}) (Version: 5.6.10600.2.100 - Nero AG)
OMG Toolkit version 5.26 (HKLM-x32\...\{B3D8C0B8-4D33-4191-A3C1-65D8B2A11840}_is1) (Version: 5.26 - OMG Tech Help)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Premium Sound HD (HKLM\...\{3007FF9F-5B2C-41FF-8BFC-08BF25DB2681}) (Version: 1.12.1800 - SRS Labs, Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7246 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.7601.30130 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0020 - REALTEK Semiconductor Corp.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.4 - Sophos Limited)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.2 - IObit)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.3.38.2 - Synaptics Incorporated)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.2 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.1 - TOSHIBA CORPORATION)
Toshiba Book Place (HKLM-x32\...\{C31337DE-0CDC-45A9-9A32-F099AC78D557}) (Version: 3.0.9490 - K-NFB Reading Technology, Inc.)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}) (Version: 1.6.11.64 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.11 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{C9C56642-9AAB-4267-9454-36FF1CC59168}) (Version: 1.3.11.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.18.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{2FD5D2C5-A7A1-4065-89BA-90542BF7CCD3}) (Version: 2.00.0020 - TOSHIBA)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.12 - TOSHIBA Corporation)
Toshiba Laptop Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.17.38 - Symantec Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.5 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.7.7 - TOSHIBA CORPORATION)
Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.31 - Toshiba)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.15.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.4 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.6.52020009 - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.21.64 - TOSHIBA Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.3.03 - TOSHIBA Corporation)
Toshiba Security Dashboard (HKLM-x32\...\ToshibaSD) (Version: 1.0.0.48 - Symantec Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.13 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.0022.000104 - TOSHIBA Corporation)
TOSHIBA Supervisor Password (HKLM-x32\...\{119826A8-4EF6-4BE5-A88B-D2D81FA7CEE2}) (Version: 2.00.0009 - TOSHIBA)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.0023.640204 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.33 - TOSHIBA Corporation)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.9 - TOSHIBA)
Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.10.2 - Tweaking.com)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.3.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.11.2 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinUtilities Free Edition 11.27 (HKLM-x32\...\{FC274982-5AAD-4C20-848D-4424A5043010}_is1) (Version: 11.27 - YL Computing, Inc)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-667345152-2384861562-3348176582-1004_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32 -> C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\lsmproxy.dll (Microsoft Corporation)

==================== Restore Points  =========================

14-12-2014 02:38:50 Windows Update
15-12-2014 03:00:16 Windows Update
19-12-2014 14:11:49 Windows Update
19-12-2014 15:05:25 Windows Update
19-12-2014 15:42:59 Windows Update
20-12-2014 13:44:16 Checkpoint by HitmanPro

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2014-12-20 13:18 - 00450796 ___RA C:\windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com

There are 1000 more lines.

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0F890451-0349-49EB-B658-77EC019AC661} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {11B4F109-31AE-4D6F-84A4-C8E345FB0155} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {23877180-386B-4623-9154-C622C8CFF252} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe
Task: {3E9E7ED9-8A4F-48C4-8A6C-A31ADFE2007A} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {4576FC4C-D4C9-426C-8591-33F8B3A71F22} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-19] (Google Inc.)
Task: {46DC1D4F-6A13-4F69-9174-44243F942947} - System32\Tasks\Driver Booster SkipUAC (Phil) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2014-11-27] (IObit)
Task: {4BE8DFC1-326B-4563-B83A-F14DF35D527F} - System32\Tasks\Driver Booster Scan => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2014-10-08] (IObit)
Task: {61FF8405-B3E6-485F-B6E8-CFCC13391D38} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {812F0178-372F-47A9-B456-1AFA58BDD7CF} - System32\Tasks\Uninstaller_SkipUac_Phil => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-11-04] (IObit)
Task: {9D90F0C8-DD5C-466D-8329-E29070CE4072} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {A4B22DB9-21F3-401D-8F81-4AB63F1DA859} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe
Task: {E7BAEA7A-9D74-4B87-A537-8404E1B479E2} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-12-09] (Adobe Systems Incorporated)
Task: {E9FB4FB2-39FC-481A-BBD4-6134419E9EC9} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-12-12] (Piriform Ltd)
Task: {FA35FD62-347F-4DBB-87D0-3C02322A37B0} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe [2014-10-13] (IObit)
Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\RegCure Pro_sch_DD867A9C-826F-11E4-9C22-4C72B92D6028.job => C:\Program Files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe <==== ATTENTION
Task: C:\windows\Tasks\Uninstaller_SkipUac_Admin.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe

==================== Loaded Modules (whitelisted) =============

2013-09-05 16:38 - 2010-09-09 19:26 - 00162824 _____ () C:\Windows\System32\GFNEXSrv.exe
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2011-08-22 17:19 - 2011-08-22 17:19 - 11204992 _____ () C:\Program Files\Toshiba\FlashCards\BlackPng.dll
2010-12-15 17:19 - 2010-12-15 17:19 - 00124320 _____ () C:\Program Files\Toshiba\TECO\MUIHelp.dll
2012-02-24 16:35 - 2012-02-24 16:35 - 00079784 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2014-08-30 17:12 - 2014-08-30 17:12 - 01269952 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\kpcengine.2.3.dll
2014-12-20 12:26 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-12-20 12:26 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-12-20 12:26 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-12-20 18:10 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madExcept_.bpl
2014-12-20 18:10 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madBasic_.bpl
2014-12-20 18:10 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\madDisAsm_.bpl
2014-12-20 18:10 - 2013-12-12 18:46 - 08001344 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\WebUI.dll
2014-12-20 18:10 - 2013-05-16 19:26 - 00182080 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\unrar.dll
2014-12-20 18:13 - 2013-10-16 22:17 - 00185168 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\libcurl-4.dll
2014-12-20 18:10 - 2013-05-16 19:26 - 00145216 _____ () C:\Program Files (x86)\IObit\IObit Malware Fighter\zlibwapi.dll
2014-12-09 12:26 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2014-12-09 12:26 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2014-12-09 12:26 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\17364012.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer => "Service"=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SophosVirusRemovalTool => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\17364012.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MSIServer => "Service"=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SophosVirusRemovalTool => ""="Service"

==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)

==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)

========================= Accounts: ==========================

Administrator (S-1-5-21-667345152-2384861562-3348176582-500 - Administrator - Disabled)
Guest (S-1-5-21-667345152-2384861562-3348176582-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-667345152-2384861562-3348176582-1002 - Limited - Enabled)
Phil Borneman (S-1-5-21-667345152-2384861562-3348176582-1004 - Administrator - Enabled) => C:\Users\Phil Borneman

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (12/20/2014 07:09:15 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 009 language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (12/20/2014 07:09:15 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 009 language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (12/20/2014 07:09:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17496 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1b64

Start Time: 01d01cb2443ddfa5

Termination Time: 57

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (12/20/2014 07:06:12 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.17496 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1444

Start Time: 01d01cb1c384d38e

Termination Time: 10

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (12/20/2014 06:41:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: RootkitRevealer.exe, version: 1.71.0.0, time stamp: 0x44e255aa
Faulting module name: RootkitRevealer.exe, version: 1.71.0.0, time stamp: 0x44e255aa
Exception code: 0xc0000005
Fault offset: 0x000040cd
Faulting process id: 0x550
Faulting application start time: 0xRootkitRevealer.exe0
Faulting application path: RootkitRevealer.exe1
Faulting module path: RootkitRevealer.exe2
Report Id: RootkitRevealer.exe3

Error: (12/20/2014 06:28:24 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 009 language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (12/20/2014 06:28:23 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 009 language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (12/20/2014 03:52:30 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 009 language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (12/20/2014 03:52:29 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 009 language ID. The first DWORD in the Data section contains the Win32 error code.

Error: (12/20/2014 03:17:08 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: Unable to read the performance counter strings defined for the 009 language ID. The first DWORD in the Data section contains the Win32 error code.

System errors:
=============
Error: (12/21/2014 00:45:28 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.

Error: (12/21/2014 00:41:35 AM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: The following fatal alert was generated: 40. The internal error state is 252.

Error: (12/20/2014 11:33:51 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: The following fatal alert was received: 20.

Error: (12/20/2014 07:05:02 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The LiveUpdate service terminated unexpectedly.  It has done this 1 time(s).

Error: (12/20/2014 07:04:46 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053

Error: (12/20/2014 07:04:46 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (12/20/2014 07:04:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053

Error: (12/20/2014 07:04:13 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (12/20/2014 06:41:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (12/20/2014 06:41:58 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Microsoft Office Sessions:
=========================
Error: (12/20/2014 07:09:15 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: 0098020000002D010000

Error: (12/20/2014 07:09:15 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: 009120200000000000000AF000000

Error: (12/20/2014 07:09:11 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.174961b6401d01cb2443ddfa557C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (12/20/2014 07:06:12 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: IEXPLORE.EXE11.0.9600.17496144401d01cb1c384d38e10C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (12/20/2014 06:41:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: RootkitRevealer.exe1.71.0.044e255aaRootkitRevealer.exe1.71.0.044e255aac0000005000040cd55001d01cae7e411645C:\Users\Phil Borneman\AppData\Local\Temp\Temp1_RootkitRevealer.zip\RootkitRevealer.exeC:\Users\Phil Borneman\AppData\Local\Temp\Temp1_RootkitRevealer.zip\RootkitRevealer.exec6319052-88a1-11e4-8f3b-4c72b92d6028

Error: (12/20/2014 06:28:24 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: 0098020000002D010000

Error: (12/20/2014 06:28:23 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: 009120200000000000000AF000000

Error: (12/20/2014 03:52:30 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: 0098020000002D010000

Error: (12/20/2014 03:52:29 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: 009120200000000000000AF000000

Error: (12/20/2014 03:17:08 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3006) (User: NT AUTHORITY)
Description: 0098020000002D010000

CodeIntegrity Errors:
===================================
  Date: 2014-12-20 22:30:47.403
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-20 22:30:47.403
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-20 21:06:03.865
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-20 21:06:03.865
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-14 16:10:45.183
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-14 16:10:45.152
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-14 16:08:50.351
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-14 16:08:50.320
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-14 14:54:10.643
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-12-14 14:54:09.333
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\KLELAMX64\klelam.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: AMD A6-4400M APU with Radeon™ HD Graphics
Percentage of memory in use: 47%
Total physical RAM: 3558.37 MB
Available physical RAM: 1876 MB
Total Pagefile: 7114.91 MB
Available Pagefile: 4630.13 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (TI106426W0A) (Fixed) (Total:581.16 GB) (Free:464.02 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596.2 GB) (Disk ID: 68E5EEC5)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=581.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=13.5 GB) - (Type=17)

==================== End Of Log ============================



BC AdBot (Login to Remove)

 


#2 froglevelmc

froglevelmc
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:29 PM

Posted 22 December 2014 - 11:19 AM

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17496  BrowserJavaVersion: 11.25.2
Run by Phil Borneman at 11:10:48 on 2014-12-22
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.3558.1815 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {4F35CFC4-45A3-FC37-EF17-759A02E39AB1}
SP: Microsoft Security Essentials *Enabled/Updated* {F4542E20-6399-F3B9-D5A7-4EE87964D00C}
SP: Kaspersky Internet Security *Enabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Disabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: IObit Malware Fighter *Enabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D}
FW: Kaspersky Internet Security *Enabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
.
============== Running Processes ===============
.
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k netsvcs
C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
C:\windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\GFNEXSrv.exe
C:\windows\system32\WLANExt.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
C:\windows\system32\taskhost.exe
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avpui.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
C:\Program Files\Toshiba\TECO\Teco.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\TODDSrv.exe
C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\TOSHIBA\TECO\TecoService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\windows\system32\SearchIndexer.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Windows\System32\wbem\WmiPrvSE.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe
C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe
C:\Windows\System32\wbem\unsecapp.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe
C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Program Files (x86)\Nero\Update\NASvc.exe
C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\SymcPCCULaunchSvc.exe
C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
C:\windows\system32\ctfmon.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\windows\regedit.exe
C:\Program Files\Toshiba\TECO\TecoHook.exe
C:\windows\system32\taskeng.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\windows\system32\Macromed\Flash\FlashUtil64_15_0_0_246_ActiveX.exe
C:\windows\System32\MsSpellCheckingFacility.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\windows\explorer.exe
C:\windows\system32\taskmgr.exe
C:\windows\system32\SearchProtocolHost.exe
C:\windows\system32\SearchFilterHost.exe
C:\windows\system32\SearchProtocolHost.exe
C:\Windows\System32\wbem\WmiPrvSE.exe
C:\windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uDefault_Page_URL = hxxp://start.toshiba.com/?cid=C001B2Y
mStart Page = hxxps://www.google.com
mDefault_Page_URL = hxxps://www.google.com
mWinlogon: Userinit = userinit.exe,
BHO: Content Blocker Plugin: {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\AMD\SteadyVideo\SteadyVideo.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Virtual Keyboard Plugin: {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll
BHO: Advanced SystemCare Surfing Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_25\bin\jp2ssv.dll
BHO: Safe Money Plugin: {E3D96E85-529D-4269-AC6A-97CF9E2221E3} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll
BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
mRun: [TSleepSrv] C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
mRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe" UNATTENDED
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [IObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:60
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
mPolicies-Explorer: NoResolveTrack = dword:1
IE: {09A10376-994C-4BBF-9121-F50CF7BA237E} - {F2A56BFE-7911-451A-BC74-A9C3C2E95126} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\IEExt\ie_plugin.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-0018-0000-0025-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.8.0/jinstall-1_8_0_25-windows-i586.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{17609ECE-F859-498A-84CB-7F17D05E979C} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\AMD\SteadyVideo\VideoMIMEFilter.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = hxxp://start.toshiba.com
x64-mDefault_Page_URL = hxxp://start.toshiba.com
x64-BHO: Content Blocker Plugin: {03C04F0A-E2A3-4F7F-BA30-BFA06FFD1358} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll
x64-BHO: ExplorerWnd Helper: {10921475-03CE-4E04-90CE-E2E7EF20C814} - C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll
x64-BHO: SteadyVideoBHO Class: {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - <orphaned>
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Virtual Keyboard Plugin: {B5D5BB14-C8E2-478D-9C97-574AC10AF9E8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll
x64-BHO: Safe Money Plugin: {E3D96E85-529D-4269-AC6A-97CF9E2221E3} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll
x64-BHO: TOSHIBA Media Controller Plug-in: {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\Toshiba\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [SRS Premium Sound HD] "C:\Program Files\SRS Labs\SRS Control Panel\SRSPanel_64.exe"  /f="C:\Program Files\SRS Labs\SRS Control Panel\SRS_Premium_Sound_HD.zip" /h
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [TPwrMain] C:\Program Files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
x64-Run: [TCrdMain] C:\Program Files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
x64-Run: [Teco] "C:\Program Files (x86)\TOSHIBA\TECO\Teco.exe" /r
x64-Run: [TosWaitSrv] C:\Program Files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
x64-Run: [TosSENotify] C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe
x64-Run: [TosVolRegulator] C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe
x64-Run: [TosReelTimeMonitor] C:\Program Files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
x64-Run: [TosNC] C:\Program Files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {09A10376-994C-4BBF-9121-F50CF7BA237E} - {F2A56BFE-7911-451A-BC74-A9C3C2E95126} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\x64\IEExt\ie_plugin.dll
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
Hosts: 127.0.0.1 www.spywareinfo.com
.
============= SERVICES / DRIVERS ===============
.
R0 amdide64;amdide64;C:\windows\System32\drivers\amdide64.sys [2014-12-9 11944]
R0 amdkmpfd;AMD PCI Root Bus Lower Filter;C:\windows\System32\drivers\amdkmpfd.sys [2013-9-5 31872]
R0 cm_km_w;Kaspersky Lab Crypto Module (FDE PDK);C:\windows\System32\drivers\cm_km_w.sys [2013-1-14 238288]
R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2014-7-17 269008]
R1 klhk;klhk;C:\windows\System32\drivers\klhk.sys [2014-12-13 246456]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\windows\System32\drivers\klim6.sys [2014-2-25 30304]
R1 klpd;klpd;C:\windows\System32\drivers\klpd.sys [2013-4-12 15456]
R1 kltdi;kltdi;C:\windows\System32\drivers\kltdi.sys [2014-6-5 55872]
R1 Klwtp;Klwtp;C:\windows\System32\drivers\klwtp.sys [2014-8-13 77512]
R1 kneps;kneps;C:\windows\System32\drivers\kneps.sys [2014-7-9 179776]
R2 APXACC;AppEx Networks Accelerator LWF;C:\windows\System32\drivers\appexDrv.sys [2014-12-12 219360]
R2 AVP15.0.1;Kaspersky Anti-Virus Service 15.0.1;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 15.0.1\avp.exe [2014-8-30 234520]
R2 GFNEXSrv;GFNEX Service;C:\windows\System32\GFNEXSrv.exe [2013-9-5 162824]
R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2014-12-20 344896]
R2 kldisk;kldisk;C:\windows\System32\drivers\kldisk.sys [2014-7-2 46144]
R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-3-25 490280]
R2 NisDrv;Microsoft Network Inspection System;C:\windows\System32\drivers\NisDrvWFP.sys [2014-7-17 125584]
R2 Norton PC Checkup Application Launcher;Toshiba Laptop Checkup Application Launcher;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\SymcPCCULaunchSvc.exe [2013-9-5 123320]
R2 PCCUJobMgr;Common Client Job Manager Service;C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.17.38\ccSvcHst.exe [2013-9-5 126392]
R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RTKAUDIOSERVICE64.EXE [2014-12-9 290520]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2014-12-20 2088408]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2014-12-20 171928]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\Toshiba\TECO\TecoService.exe [2012-2-9 295360]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;C:\windows\System32\drivers\TVALZFL.sys [2009-6-19 14472]
R3 amdhub30;AMD USB 3.0 Hub Driver;C:\windows\System32\drivers\amdhub30.sys [2014-12-9 106816]
R3 amdxhc;AMD USB 3.0 Host Controller Driver;C:\windows\System32\drivers\amdxhc.sys [2014-12-9 227648]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\windows\System32\drivers\AtihdW76.sys [2014-12-9 94720]
R3 klflt;Kaspersky Lab Kernel DLL;C:\windows\System32\drivers\klflt.sys [2014-8-18 150536]
R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\windows\System32\drivers\klkbdflt.sys [2014-3-28 28768]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\windows\System32\drivers\klmouflt.sys [2013-8-8 29280]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2014-8-22 368624]
R3 PGEffect;Pangu effect driver;C:\windows\System32\drivers\PGEffect.sys [2013-9-5 38096]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2014-12-9 272600]
R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2014-12-9 941784]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;C:\windows\System32\drivers\rtl8192ce.sys [2013-9-5 880272]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe [2013-9-5 57216]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2012-2-24 138152]
R3 TPCHSrv;TPCH Service;C:\Program Files\Toshiba\TPHM\TPCHSrv.exe [2011-12-14 833976]
R3 usbfilter;AMD USB Filter Driver;C:\windows\System32\drivers\usbfilter.sys [2013-9-5 56448]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]
S2 LiveUpdateSvc;LiveUpdate;C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2014-12-9 2631456]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2014-12-20 1738168]
S3 GamesAppIntegrationService;GamesAppIntegrationService;C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [2013-9-5 227904]
S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 203344]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\windows\System32\ieetwcollector.exe [2014-12-13 114688]
S3 MBAMSwissArmy;MBAMSwissArmy;C:\windows\System32\drivers\MBAMSwissArmy.sys [2014-12-7 129752]
S3 RTWlanE;Realtek Wireless LAN 802.11n PCI-E Network Adapter;C:\windows\System32\drivers\rtwlane.sys [2014-12-9 1148048]
S3 SophosVirusRemovalTool;Sophos Virus Removal Tool;C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [2013-10-15 151848]
S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2013-9-11 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2014-12-22 15:22:27 -------- d-----w- C:\FRST
2014-12-22 15:05:53 11870360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{041297D5-11DD-4ACE-91F9-C1D88BFD4513}\mpengine.dll
2014-12-20 23:41:54 -------- d-----w- C:\Users\Phil Borneman\AppData\Local\CrashDumps
2014-12-20 20:34:36 11870360 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2014-12-20 20:33:57 1188440 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9FD44C84-BE2A-4E24-9256-DD5BA5C35B7D}\gapaengine.dll
2014-12-20 20:32:03 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
2014-12-20 20:31:56 -------- d-----w- C:\Program Files\Microsoft Security Client
2014-12-20 17:33:30 -------- d-----w- C:\Program Files\CCleaner
2014-12-20 17:26:49 21040 ----a-w- C:\windows\System32\sdnclean64.exe
2014-12-20 17:26:47 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2014-12-20 17:26:42 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-12-20 17:26:16 -------- d-----w- C:\Users\Phil Borneman\AppData\Local\Programs
2014-12-20 17:17:01 -------- d-----w- C:\Users\Phil Borneman\Pavark
2014-12-20 07:15:19 -------- d-----w- C:\windows\System32\catroot2
2014-12-20 06:15:26 6172 ----a-w- C:\windows\SysWow64\PerfStringBackup.TMP
2014-12-20 06:15:26 -------- d-----w- C:\windows\SysWow64\wbem\Performance
2014-12-19 21:39:50 -------- d-----w- C:\RegBackup
2014-12-19 21:36:03 -------- d-----w- C:\Program Files (x86)\Tweaking.com
2014-12-19 21:26:28 -------- d-----w- C:\windows\ERUNT
2014-12-19 20:59:09 -------- d-sh--w- C:\Users\Phil Borneman\AppData\Local\EmieUserList
2014-12-19 20:59:09 -------- d-sh--w- C:\Users\Phil Borneman\AppData\Local\EmieBrowserModeList
2014-12-19 20:59:08 -------- d-sh--w- C:\Users\Phil Borneman\AppData\Local\EmieSiteList
2014-12-19 20:47:17 -------- d-----w- C:\windows\System32\MRT
2014-12-19 20:23:04 -------- d-----w- C:\Users\Phil Borneman\AppData\Roaming\IObit
2014-12-19 20:22:58 -------- d-----w- C:\Users\Phil Borneman\AppData\Roaming\ProductData
2014-12-19 19:24:30 11870360 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{C403B9DE-0D4C-48B5-A6A2-2F87FAF71CEE}\mpengine.dll
2014-12-19 19:24:08 144384 ----a-w- C:\windows\System32\ieUnatt.exe
2014-12-19 19:24:08 115712 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2014-12-19 19:22:23 -------- d-----w- C:\Users\Phil Borneman\AppData\Local\ATI
2014-12-19 19:17:55 -------- d-----w- C:\Users\Phil Borneman\AppData\Local\SRS Labs
2014-12-19 19:17:03 -------- d-----w- C:\Users\Phil Borneman\AppData\Local\TOSHIBA
2014-12-19 19:15:46 -------- d-----w- C:\Users\Phil Borneman\AppData\Local\Google
2014-12-19 19:14:44 -------- d-----w- C:\Users\Phil Borneman\AppData\Local\VirtualStore
2014-12-15 07:19:37 11632448 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2014-12-14 20:13:11 7168 ----a-w- C:\windows\SysWow64\KBDYAK.DLL
2014-12-14 20:13:11 7168 ----a-w- C:\windows\System32\KBDYAK.DLL
2014-12-14 20:13:11 7168 ----a-w- C:\windows\System32\KBDBASH.DLL
2014-12-14 20:13:11 6656 ----a-w- C:\windows\SysWow64\KBDBASH.DLL
2014-12-13 21:56:45 110176 ----a-w- C:\windows\System32\klfphc.dll
2014-12-13 21:55:14 -------- d-----w- C:\windows\ELAMBKUP
2014-12-13 21:55:09 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab
2014-12-13 21:55:08 -------- d-----w- C:\ProgramData\Kaspersky Lab
2014-12-13 21:53:21 246456 ----a-w- C:\windows\System32\drivers\klhk.sys
2014-12-13 13:28:06 -------- d-----w- C:\windows\System32\appraiser
2014-12-13 09:35:49 55808 ----a-w- C:\windows\System32\rrinstaller.exe
2014-12-13 09:35:49 24576 ----a-w- C:\windows\System32\mfpmp.exe
2014-12-13 09:35:49 23040 ----a-w- C:\windows\SysWow64\mfpmp.exe
2014-12-13 09:35:49 2048 ----a-w- C:\windows\SysWow64\mferror.dll
2014-12-13 09:35:49 2048 ----a-w- C:\windows\System32\mferror.dll
2014-12-13 09:35:48 50176 ----a-w- C:\windows\SysWow64\rrinstaller.exe
2014-12-13 09:35:48 3209728 ----a-w- C:\windows\SysWow64\mf.dll
2014-12-13 09:35:48 206848 ----a-w- C:\windows\System32\mfps.dll
2014-12-13 09:35:48 103424 ----a-w- C:\windows\SysWow64\mfps.dll
2014-12-13 09:35:46 4121600 ----a-w- C:\windows\System32\mf.dll
2014-12-13 08:55:15 2777088 ----a-w- C:\windows\System32\msmpeg2vdec.dll
2014-12-13 08:55:15 2285056 ----a-w- C:\windows\SysWow64\msmpeg2vdec.dll
2014-12-13 08:17:16 99480 ----a-w- C:\windows\SysWow64\infocardapi.dll
2014-12-13 08:17:16 619672 ----a-w- C:\windows\SysWow64\icardagt.exe
2014-12-13 08:17:16 171160 ----a-w- C:\windows\System32\infocardapi.dll
2014-12-13 08:17:16 1389208 ----a-w- C:\windows\System32\icardagt.exe
2014-12-13 08:17:13 8856 ----a-w- C:\windows\SysWow64\icardres.dll
2014-12-13 08:17:13 8856 ----a-w- C:\windows\System32\icardres.dll
2014-12-13 08:16:36 35480 ----a-w- C:\windows\SysWow64\TsWpfWrp.exe
2014-12-13 08:16:36 35480 ----a-w- C:\windows\System32\TsWpfWrp.exe
2014-12-13 07:43:50 683520 ----a-w- C:\windows\System32\termsrv.dll
2014-12-13 07:43:49 681984 ----a-w- C:\windows\SysWow64\adtschema.dll
2014-12-13 07:43:49 681984 ----a-w- C:\windows\System32\adtschema.dll
2014-12-13 07:43:49 146432 ----a-w- C:\windows\SysWow64\msaudite.dll
2014-12-13 07:43:49 146432 ----a-w- C:\windows\System32\msaudite.dll
2014-12-13 07:42:44 165888 ----a-w- C:\windows\System32\charmap.exe
2014-12-13 07:42:44 155136 ----a-w- C:\windows\SysWow64\charmap.exe
2014-12-13 07:42:35 3241984 ----a-w- C:\windows\System32\msi.dll
2014-12-13 07:42:35 2363904 ----a-w- C:\windows\SysWow64\msi.dll
2014-12-13 07:42:34 1941504 ----a-w- C:\windows\System32\authui.dll
2014-12-13 07:42:34 1805824 ----a-w- C:\windows\SysWow64\authui.dll
2014-12-13 07:42:33 504320 ----a-w- C:\windows\System32\msihnd.dll
2014-12-13 07:42:33 337408 ----a-w- C:\windows\SysWow64\msihnd.dll
2014-12-13 07:42:33 112064 ----a-w- C:\windows\System32\consent.exe
2014-12-13 07:34:57 81560 ----a-w- C:\windows\SysWow64\mscories.dll
2014-12-13 07:34:57 73880 ----a-w- C:\windows\System32\mscories.dll
2014-12-13 07:34:57 1943696 ----a-w- C:\windows\System32\dfshim.dll
2014-12-13 07:34:57 156824 ----a-w- C:\windows\SysWow64\mscorier.dll
2014-12-13 07:34:57 156312 ----a-w- C:\windows\System32\mscorier.dll
2014-12-13 07:34:57 1131664 ----a-w- C:\windows\SysWow64\dfshim.dll
2014-12-13 07:34:01 2565120 ----a-w- C:\windows\System32\d3d10warp.dll
2014-12-13 07:34:00 1987584 ----a-w- C:\windows\SysWow64\d3d10warp.dll
2014-12-13 07:32:19 1247232 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\tipskins.dll
2014-12-13 07:32:18 692736 ----a-w- C:\windows\System32\osk.exe
2014-12-13 07:32:18 646144 ----a-w- C:\windows\SysWow64\osk.exe
2014-12-13 07:32:18 503296 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\tiptsf.dll
2014-12-13 07:32:18 449024 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\tabskb.dll
2014-12-13 07:32:18 348672 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\tiptsf.dll
2014-12-13 07:32:18 224768 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\TabTip.exe
2014-12-13 07:32:17 544768 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\TipRes.dll
2014-12-13 07:32:17 110592 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ink\TipBand.dll
2014-12-13 07:32:17 10240 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\ink\TabTip32.exe
2014-12-13 07:29:59 10949120 ----a-w- C:\Program Files\Internet Explorer\F12Resources.dll
2014-12-13 07:26:40 371712 ----a-w- C:\windows\System32\qdvd.dll
2014-12-13 07:26:39 519680 ----a-w- C:\windows\SysWow64\qdvd.dll
2014-12-13 07:26:34 878080 ----a-w- C:\windows\System32\IMJP10K.DLL
2014-12-13 07:26:34 701440 ----a-w- C:\windows\SysWow64\IMJP10K.DLL
2014-12-13 07:26:23 728064 ----a-w- C:\windows\System32\kerberos.dll
2014-12-13 07:26:23 1460736 ----a-w- C:\windows\System32\lsasrv.dll
2014-12-13 07:26:22 550912 ----a-w- C:\windows\SysWow64\kerberos.dll
2014-12-13 07:26:21 155064 ----a-w- C:\windows\System32\drivers\ksecpkg.sys
2014-12-13 07:26:20 96768 ----a-w- C:\windows\SysWow64\sspicli.dll
2014-12-13 07:26:20 241152 ----a-w- C:\windows\System32\pku2u.dll
2014-12-13 07:26:20 22016 ----a-w- C:\windows\SysWow64\secur32.dll
2014-12-13 07:26:20 186880 ----a-w- C:\windows\SysWow64\pku2u.dll
2014-12-13 07:21:48 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2014-12-13 07:21:48 2048 ----a-w- C:\windows\System32\tzres.dll
2014-12-13 07:19:14 342016 ----a-w- C:\windows\System32\schannel.dll
2014-12-13 07:19:14 248832 ----a-w- C:\windows\SysWow64\schannel.dll
2014-12-13 07:19:13 314880 ----a-w- C:\windows\System32\msv1_0.dll
2014-12-13 07:19:13 309760 ----a-w- C:\windows\System32\ncrypt.dll
2014-12-13 07:19:13 259584 ----a-w- C:\windows\SysWow64\msv1_0.dll
2014-12-13 07:19:13 221184 ----a-w- C:\windows\SysWow64\ncrypt.dll
2014-12-13 07:19:13 210944 ----a-w- C:\windows\System32\wdigest.dll
2014-12-13 07:19:13 172032 ----a-w- C:\windows\SysWow64\wdigest.dll
2014-12-13 07:19:12 86528 ----a-w- C:\windows\System32\TSpkg.dll
2014-12-13 07:19:12 65536 ----a-w- C:\windows\SysWow64\TSpkg.dll
2014-12-13 07:19:12 22016 ----a-w- C:\windows\System32\credssp.dll
2014-12-13 07:19:12 17408 ----a-w- C:\windows\SysWow64\credssp.dll
2014-12-13 07:16:55 77824 ----a-w- C:\windows\System32\packager.dll
2014-12-13 07:16:55 67584 ----a-w- C:\windows\SysWow64\packager.dll
2014-12-13 07:14:29 3198976 ----a-w- C:\windows\System32\win32k.sys
2014-12-13 07:14:14 3221504 ----a-w- C:\windows\SysWow64\mstscax.dll
2014-12-13 07:14:12 3722240 ----a-w- C:\windows\System32\mstscax.dll
2014-12-13 07:14:10 1118720 ----a-w- C:\windows\System32\mstsc.exe
2014-12-13 07:14:10 1051136 ----a-w- C:\windows\SysWow64\mstsc.exe
2014-12-13 07:14:08 235520 ----a-w- C:\windows\System32\winsta.dll
2014-12-13 07:14:08 157696 ----a-w- C:\windows\SysWow64\winsta.dll
2014-12-13 07:14:07 455168 ----a-w- C:\windows\System32\winlogon.exe
2014-12-13 07:14:07 212480 ----a-w- C:\windows\System32\drivers\rdpwd.sys
2014-12-13 07:14:07 150528 ----a-w- C:\windows\System32\rdpcorekmts.dll
2014-12-13 07:14:06 131584 ----a-w- C:\windows\SysWow64\aaclient.dll
2014-12-13 07:14:05 39936 ----a-w- C:\windows\System32\drivers\tssecsrv.sys
2014-12-13 07:10:31 404480 ----a-w- C:\windows\System32\gdi32.dll
2014-12-13 07:10:31 311808 ----a-w- C:\windows\SysWow64\gdi32.dll
2014-12-13 07:09:25 861696 ----a-w- C:\windows\System32\oleaut32.dll
2014-12-13 07:09:24 571904 ----a-w- C:\windows\SysWow64\oleaut32.dll
2014-12-13 07:07:06 664064 ----a-w- C:\windows\SysWow64\rpcrt4.dll
2014-12-13 07:07:06 1216000 ----a-w- C:\windows\System32\rpcrt4.dll
2014-12-13 03:50:27 -------- d-----w- C:\ProgramData\Sophos
2014-12-13 03:47:22 -------- d-----w- C:\Program Files (x86)\Sophos
2014-12-13 03:26:51 -------- d-sh--w- C:\$RECYCLE.BIN
2014-12-13 02:58:16 98816 ----a-w- C:\windows\sed.exe
2014-12-13 02:58:16 256000 ----a-w- C:\windows\PEV.exe
2014-12-13 02:58:16 208896 ----a-w- C:\windows\MBR.exe
2014-12-13 02:29:27 -------- d-----w- C:\ProgramData\ParetoLogic
2014-12-13 00:14:43 219360 ----a-w- C:\windows\System32\drivers\appexDrv.sys
2014-12-13 00:14:42 -------- d-----w- C:\Program Files\AMD Quick Stream
2014-12-13 00:14:34 -------- d-----w- C:\ProgramData\AMD
2014-12-13 00:14:31 -------- d-----w- C:\Program Files (x86)\AMD AVT
2014-12-12 23:29:52 -------- d-----w- C:\ProgramData\Package Cache
2014-12-12 23:27:22 -------- d-----w- C:\Program Files\ATI Technologies
2014-12-12 23:12:03 23 ----a-w- C:\model.bat
2014-12-12 23:12:01 -------- d-----w- C:\UBIOS
2014-12-12 23:11:42 -------- d-----w- C:\skbqv610
2014-12-12 23:03:36 594432 ----a-w- C:\windows\System32\Rtlihvs.dll
2014-12-12 23:03:36 1411216 ----a-w- C:\windows\System32\drivers\rtl8188ee.sys
2014-12-10 00:45:02 895912 ----a-w- C:\windows\SysWow64\npdeployJava1.dll
2014-12-10 00:45:02 816552 ----a-w- C:\windows\SysWow64\deployJava1.dll
2014-12-10 00:41:42 98216 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-12-10 00:36:58 -------- d-----w- C:\ProgramData\Oracle
2014-12-09 18:30:59 469264 ----a-w- C:\windows\System32\d3dx10.dll
2014-12-09 18:25:01 11944 ----a-w- C:\windows\System32\drivers\amdide64.sys
2014-12-09 18:22:01 1959128 ----a-w- C:\windows\System32\RTSnMg64.cpl
2014-12-09 18:21:59 2834648 ----a-w- C:\windows\System32\RtPgEx64.dll
2014-12-09 18:21:56 3962840 ----a-w- C:\windows\System32\drivers\RTKVHD64.sys
2014-12-09 18:21:54 628952 ----a-w- C:\windows\System32\RtDataProc64.dll
2014-12-09 18:21:54 1022168 ----a-w- C:\windows\System32\RtkApi64.dll
2014-12-09 18:21:53 1286872 ----a-w- C:\windows\System32\RTCOM64.dll
2014-12-09 18:21:52 2800344 ----a-w- C:\windows\System32\RltkAPO64.dll
2014-12-09 18:21:51 948952 ----a-w- C:\windows\System32\RCoInstII64.dll
2014-12-09 18:21:10 2770976 ----a-w- C:\windows\System32\FMAPO64.dll
2014-12-09 18:21:07 113576 ----a-w- C:\windows\System32\CONEQMSAPOGUILibrary.dll
2014-12-09 18:21:06 209096 ----a-w- C:\windows\System32\AERTAC64.dll
2014-12-09 18:21:06 108640 ----a-w- C:\windows\System32\AERTAR64.dll
2014-12-09 18:19:20 94720 ----a-w- C:\windows\System32\drivers\AtihdW76.sys
2014-12-09 18:19:20 110080 ----a-w- C:\windows\System32\DelayAPO.dll
2014-12-09 18:17:59 1148048 ----a-w- C:\windows\System32\drivers\rtwlane.sys
2014-12-09 18:14:40 941784 ----a-w- C:\windows\System32\drivers\Rt64win7.sys
2014-12-09 18:14:40 73800 ----a-w- C:\windows\System32\RtNicProp64.dll
2014-12-09 18:14:40 107552 ----a-w- C:\windows\System32\RTNUninst64.dll
2014-12-09 18:12:46 272600 ----a-w- C:\windows\System32\drivers\RtsUStor.sys
2014-12-09 18:12:42 9890008 ----a-w- C:\windows\SysWow64\RsCRIcon.dll
2014-12-09 18:11:33 106816 ----a-w- C:\windows\System32\drivers\amdhub30.sys
2014-12-09 17:42:19 227648 ----a-w- C:\windows\System32\drivers\amdxhc.sys
2014-12-09 17:34:49 2620928 ----a-w- C:\windows\System32\wucltux.dll
2014-12-09 17:33:25 97792 ----a-w- C:\windows\System32\wudriver.dll
2014-12-09 17:33:25 92672 ----a-w- C:\windows\SysWow64\wudriver.dll
2014-12-09 17:32:33 33792 ----a-w- C:\windows\SysWow64\wuapp.exe
2014-12-09 17:32:33 198600 ----a-w- C:\windows\System32\wuwebv.dll
2014-12-09 17:32:33 179656 ----a-w- C:\windows\SysWow64\wuwebv.dll
2014-12-09 17:32:32 36864 ----a-w- C:\windows\System32\wuapp.exe
2014-12-09 17:28:12 -------- d-----w- C:\ProgramData\{BAF091CA-86C4-4627-ADA1-897E2621C1B0}
2014-12-09 17:26:02 -------- d-----w- C:\Program Files (x86)\Common Files\IObit
2014-12-09 17:23:56 -------- d-----w- C:\ProgramData\ProductData
2014-12-09 17:20:28 -------- d-----w- C:\ProgramData\IObit
2014-12-09 17:19:49 -------- d-----w- C:\Program Files (x86)\IObit
2014-12-08 19:34:24 56496 ----a-w- C:\windows\SysWow64\wbhelp2.dll
2014-12-08 19:34:24 544768 ----a-w- C:\windows\SysWow64\wbocx.ocx
2014-12-08 19:34:24 258352 ----a-w- C:\windows\SysWow64\unicows.dll
2014-12-08 19:34:21 4608 ----a-w- C:\windows\SysWow64\W95INF32.DLL
2014-12-08 19:34:21 33968 ----a-w- C:\windows\SysWow64\anim.dll
2014-12-08 19:34:21 2272 ----a-w- C:\windows\SysWow64\W95INF16.DLL
2014-12-08 19:34:21 1706800 ----a-w- C:\windows\SysWow64\gdiplus.dll
2014-12-08 19:34:18 -------- d-----w- C:\Program Files (x86)\WinUtilities
2014-12-08 15:26:14 -------- d-----w- C:\ProgramData\HitmanPro
2014-12-07 21:56:42 129752 ----a-w- C:\windows\System32\drivers\MBAMSwissArmy.sys
2014-12-07 21:55:55 93400 ----a-w- C:\windows\System32\drivers\mbamchameleon.sys
2014-12-07 21:55:55 63704 ----a-w- C:\windows\System32\drivers\mwac.sys
2014-12-07 21:55:55 25816 ----a-w- C:\windows\System32\drivers\mbam.sys
2014-12-07 21:55:53 -------- d-----w- C:\ProgramData\Malwarebytes
2014-12-07 21:55:53 -------- d-----w- C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-07 21:53:33 34808 ----a-w- C:\windows\System32\drivers\TrueSight.sys
2014-12-07 21:52:43 -------- d-----w- C:\ProgramData\RogueKiller
2014-12-07 21:23:41 -------- d-----w- C:\AdwCleaner
2014-11-25 18:59:38 18638520 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSO.DLL
.
==================== Find3M  ====================
.
2014-12-21 00:09:15 6172 ----a-w- C:\windows\System32\PerfStringBackup.TMP
2014-12-13 22:10:19 77512 ----a-w- C:\windows\System32\drivers\klwtp.sys
2014-12-13 22:10:18 150536 ----a-w- C:\windows\System32\drivers\klflt.sys
2014-12-10 00:26:03 701104 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2014-12-10 00:26:02 71344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-04 02:50:55 413184 ----a-w- C:\windows\System32\generaltel.dll
2014-12-04 02:50:45 741376 ----a-w- C:\windows\System32\invagent.dll
2014-12-04 02:50:40 396800 ----a-w- C:\windows\System32\devinv.dll
2014-12-04 02:50:38 830976 ----a-w- C:\windows\System32\appraiser.dll
2014-12-04 02:50:37 227328 ----a-w- C:\windows\System32\aepdu.dll
2014-12-04 02:50:37 192000 ----a-w- C:\windows\System32\aepic.dll
2014-12-04 02:44:48 1083392 ----a-w- C:\windows\System32\aeinv.dll
2014-12-01 23:28:44 1232040 ----a-w- C:\windows\System32\aitstatic.exe
2014-11-24 19:04:56 275080 ------w- C:\windows\System32\MpSigStub.exe
2014-11-22 03:06:23 2724864 ----a-w- C:\windows\System32\mshtml.tlb
2014-11-22 03:06:11 4096 ----a-w- C:\windows\System32\ieetwcollectorres.dll
2014-11-22 02:50:39 66560 ----a-w- C:\windows\System32\iesetup.dll
2014-11-22 02:50:10 580096 ----a-w- C:\windows\System32\vbscript.dll
2014-11-22 02:49:54 48640 ----a-w- C:\windows\System32\ieetwproxystub.dll
2014-11-22 02:48:20 88064 ----a-w- C:\windows\System32\MshtmlDac.dll
2014-11-22 02:35:29 114688 ----a-w- C:\windows\System32\ieetwcollector.exe
2014-11-22 02:34:51 814080 ----a-w- C:\windows\System32\jscript9diag.dll
2014-11-22 02:34:07 6039552 ----a-w- C:\windows\System32\jscript9.dll
2014-11-22 02:26:31 968704 ----a-w- C:\windows\System32\MsSpellCheckingFacility.exe
2014-11-22 02:20:44 2724864 ----a-w- C:\windows\SysWow64\mshtml.tlb
2014-11-22 02:14:16 77824 ----a-w- C:\windows\System32\JavaScriptCollectionAgent.dll
2014-11-22 02:07:43 501248 ----a-w- C:\windows\SysWow64\vbscript.dll
2014-11-22 02:07:17 62464 ----a-w- C:\windows\SysWow64\iesetup.dll
2014-11-22 02:06:32 47616 ----a-w- C:\windows\SysWow64\ieetwproxystub.dll
2014-11-22 02:05:02 64000 ----a-w- C:\windows\SysWow64\MshtmlDac.dll
2014-11-22 01:54:30 620032 ----a-w- C:\windows\SysWow64\jscript9diag.dll
2014-11-22 01:47:10 1359360 ----a-w- C:\windows\System32\mshtmlmedia.dll
2014-11-22 01:46:58 2125312 ----a-w- C:\windows\System32\inetcpl.cpl
2014-11-22 01:40:04 60416 ----a-w- C:\windows\SysWow64\JavaScriptCollectionAgent.dll
2014-11-22 01:29:26 4299264 ----a-w- C:\windows\SysWow64\jscript9.dll
2014-11-22 01:28:21 2358272 ----a-w- C:\windows\System32\wininet.dll
2014-11-22 01:22:49 2052096 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2014-11-22 01:21:57 1155072 ----a-w- C:\windows\SysWow64\mshtmlmedia.dll
2014-11-22 01:00:20 1888256 ----a-w- C:\windows\SysWow64\wininet.dll
2014-11-19 09:31:16 1217192 ----a-w- C:\windows\SysWow64\FM20.DLL
2014-11-11 03:09:06 1424384 ----a-w- C:\windows\System32\WindowsCodecs.dll
2014-11-11 02:44:45 1230336 ----a-w- C:\windows\SysWow64\WindowsCodecs.dll
2014-11-11 01:46:26 119296 ----a-w- C:\windows\System32\drivers\tdx.sys
2014-10-03 02:12:23 310272 ----a-w- C:\windows\System32\WsmWmiPl.dll
2014-10-03 02:12:23 2020352 ----a-w- C:\windows\System32\WsmSvc.dll
2014-10-03 02:12:22 346624 ----a-w- C:\windows\System32\WSManMigrationPlugin.dll
2014-10-03 02:12:22 181248 ----a-w- C:\windows\System32\WsmAuto.dll
2014-10-03 02:12:00 500224 ----a-w- C:\windows\System32\AUDIOKSE.dll
2014-10-03 02:11:54 284672 ----a-w- C:\windows\System32\EncDump.dll
2014-10-03 02:11:51 680960 ----a-w- C:\windows\System32\audiosrv.dll
2014-10-03 02:11:51 440832 ----a-w- C:\windows\System32\AudioEng.dll
2014-10-03 02:11:51 296448 ----a-w- C:\windows\System32\AudioSes.dll
2014-10-03 02:11:49 266240 ----a-w- C:\windows\System32\WSManHTTPConfig.exe
2014-10-03 01:45:03 248832 ----a-w- C:\windows\SysWow64\WSManMigrationPlugin.dll
2014-10-03 01:45:03 214016 ----a-w- C:\windows\SysWow64\WsmWmiPl.dll
2014-10-03 01:45:03 145920 ----a-w- C:\windows\SysWow64\WsmAuto.dll
2014-10-03 01:45:03 1177088 ----a-w- C:\windows\SysWow64\WsmSvc.dll
2014-10-03 01:44:42 442880 ----a-w- C:\windows\SysWow64\AUDIOKSE.dll
2014-10-03 01:44:26 374784 ----a-w- C:\windows\SysWow64\AudioEng.dll
2014-10-03 01:44:26 195584 ----a-w- C:\windows\SysWow64\AudioSes.dll
2014-10-03 01:44:25 198656 ----a-w- C:\windows\SysWow64\WSManHTTPConfig.exe
.
============= FINISH: 11:12:19.38 ===============

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 9/5/2013 5:16:34 PM
System Uptime: 12/22/2014 3:29:46 AM (8 hours ago)
.
Motherboard: AMD |  | Pumori
Processor: AMD A6-4400M APU with Radeon™ HD Graphics    | Socket FT1 | 2700/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 581 GiB total, 464.012 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP78: 12/14/2014 2:38:50 AM - Windows Update
RP79: 12/15/2014 3:00:16 AM - Windows Update
RP80: 12/19/2014 2:11:49 PM - Windows Update
RP81: 12/19/2014 3:05:25 PM - Windows Update
RP82: 12/19/2014 3:42:59 PM - Windows Update
RP83: 12/20/2014 1:44:16 PM - Checkpoint by HitmanPro
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Flash Player 15 ActiveX
Adobe Reader X MUI
AMD Accelerated Video Transcoding
AMD APP SDK Runtime
AMD Catalyst Control Center
AMD Catalyst Install Manager
AMD Media Foundation Decoders
AMD Quick Stream
AMD Steady Video Plug-In
Bejeweled 3
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
Connect to an OMG Technician 855-316-8324
D3DX10
Definition Update for Microsoft Office 2010 (KB2910899) 32-Bit Edition
Driver Booster 2
FATE
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
High-Definition Video Playback 10
IObit Malware Fighter
IObit Uninstaller
Java 8 Update 25
Java Auto Updater
Junk Mail filter update
Kaspersky Internet Security
Letters from Nowhere 2
Malwarebytes Anti-Malware version 2.0.4.1028
Mesh Runtime
Microsoft .NET Framework 4.5.1
Microsoft Application Error Reporting
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office Groove MUI (English) 2010
Microsoft Office InfoPath MUI (English) 2010
Microsoft Office Office 64-bit Components 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared 64-bit MUI (English) 2010
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Word MUI (English) 2010
Microsoft Primary Interoperability Assemblies 2005
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 10 Menu TemplatePack Basic
Nero 10 Movie ThemePack Basic
Nero BackItUp 10
Nero BackItUp 10 Help (CHM)
Nero Burning ROM 10
Nero BurningROM 10 Help (CHM)
Nero BurnRights 10
Nero BurnRights 10 Help (CHM)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero CoverDesigner 10
Nero CoverDesigner 10 Help (CHM)
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Dolby Files 10
Nero Express 10
Nero Express 10 Help (CHM)
Nero InfoTool 10
Nero InfoTool 10 Help (CHM)
Nero MediaHub 10
Nero MediaHub 10 Help (CHM)
Nero Multimedia Suite 10
Nero Recode 10
Nero Recode 10 Help (CHM)
Nero RescueAgent 10
Nero RescueAgent 10 Help (CHM)
Nero SoundTrax 10
Nero SoundTrax 10 Help (CHM)
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
Nero Vision 10
Nero Vision 10 Help (CHM)
Nero WaveEditor 10
Nero WaveEditor 10 Help (CHM)
OMG Toolkit version 5.26
Penguins!
Plants vs. Zombies - Game of the Year
PlayReady PC Runtime amd64
PlayReady PC Runtime x86
Polar Bowler
Premium Sound HD
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Realtek WLAN Driver
Security Update for Microsoft .NET Framework 4.5.1 (KB2894854v2)
Security Update for Microsoft .NET Framework 4.5.1 (KB2898869)
Security Update for Microsoft .NET Framework 4.5.1 (KB2901126)
Security Update for Microsoft .NET Framework 4.5.1 (KB2931368)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.1 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.1 (KB2978128)
Security Update for Microsoft .NET Framework 4.5.1 (KB2979578v2)
Security Update for Microsoft Excel 2010 (KB2910902) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553154) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553284) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2687423) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2810073) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2850016) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2880971) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2881071) 32-Bit Edition
Security Update for Microsoft Word 2010 (KB2899519) 32-Bit Edition
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition
Sophos Virus Removal Tool
Spybot - Search & Destroy
Surfing Protection
Synaptics Pointing Device Driver
TOSHIBA Application Installer
TOSHIBA Assist
Toshiba Book Place
TOSHIBA Bulletin Board
TOSHIBA Disc Creator
TOSHIBA eco Utility
TOSHIBA Face Recognition
TOSHIBA Hardware Setup
TOSHIBA HDD/SSD Alert
Toshiba Laptop Checkup
TOSHIBA Media Controller
TOSHIBA Media Controller Plug-in
Toshiba Online Backup
TOSHIBA PC Health Monitor
TOSHIBA Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA ReelTime
TOSHIBA Resolution+ Plug-in for Windows Media Player
Toshiba Security Dashboard
TOSHIBA Service Station
TOSHIBA Sleep Utility
TOSHIBA Supervisor Password
TOSHIBA User's Guide
TOSHIBA Value Added Package
TOSHIBA Web Camera Application
TOSHIBARegistration
Tweaking.com - Windows Repair (All in One)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition
Update for Microsoft Excel 2010 (KB2589348) 32-Bit Edition
Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553140) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition
Update for Microsoft Office 2010 (KB2589386) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597089) 32-Bit Edition
Update for Microsoft Office 2010 (KB2687275) 32-Bit Edition
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837602) 32-Bit Edition
Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition
Update for Microsoft Office 2010 (KB2883019) 32-Bit Edition
Update for Microsoft Office 2010 (KB2889818) 32-Bit Edition
Update for Microsoft Office 2010 (KB2910896) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2597088) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition
Update for Microsoft PowerPoint 2010 (KB2880517) 32-Bit Edition
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition
Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition
Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition
Update Installer for WildTangent Games App
WildTangent Games
WildTangent Games App (Toshiba Games)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinUtilities Free Edition 11.27
.
==== Event Viewer Messages From Past Week ========
.
12/21/2014 12:45:28 AM, Error: Schannel [36888]  - The following fatal alert was generated: 40. The internal error state is 252.
12/20/2014 7:05:02 PM, Error: Service Control Manager [7034]  - The LiveUpdate service terminated unexpectedly.  It has done this 1 time(s).
12/20/2014 7:04:46 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
12/20/2014 7:04:46 PM, Error: Service Control Manager [7000]  - The Spybot-S&D 2 Scanner Service service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
12/20/2014 6:41:58 PM, Error: Service Control Manager [7001]  - The Computer Browser service depends on the Server service which failed to start because of the following error:  The dependency service or group failed to start.
12/20/2014 6:24:37 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
12/20/2014 6:24:36 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
12/20/2014 6:24:22 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
12/20/2014 6:24:13 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
12/20/2014 6:24:10 PM, Error: Microsoft-Windows-WLAN-AutoConfig [10000]  - WLAN Extensibility Module has failed to start. Module Path: C:\windows\system32\Rtlihvs.dll Error Code: 21
12/20/2014 6:24:00 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  discache klhk KLIF klpd kneps MpFilter spldr Wanarpv6
12/20/2014 6:23:52 PM, Error: Microsoft Antimalware [3002]  - Microsoft Antimalware Real-Time Protection feature has encountered an error and failed.   Feature: On Access   Error Code: 0x8007043c   Error description: This service cannot be started in Safe Mode    Reason: Antimalware protection has stopped functioning for an unknown reason. In some instances, restarting the service may resolve the problem.
12/20/2014 6:23:51 PM, Error: Service Control Manager [7001]  - The Microsoft Network Inspection System service depends on the Microsoft Malware Protection Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
12/20/2014 6:23:50 PM, Error: Microsoft-Windows-Eventlog [106]  - Corruption was detected in the log for the System channel and some data was erased.
12/20/2014 3:34:00 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Definition Update for Microsoft Security Essentials - KB2310138 (Definition 1.191.529.0).
12/20/2014 3:33:59 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version: 0.0.0.0   Update Source: Microsoft Update Server   Update Stage: Install   Source Path: http://www.microsoft.com   Signature Type: AntiVirus   Update Type: Full   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version: 0.0.0.0   Error code: 0x80070643   Error description: Fatal error during installation.
12/20/2014 3:33:57 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version:    Update Source: User   Update Stage: Install   Source Path:    Signature Type: AntiVirus   Update Type: Delta   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version:    Error code: 0x80070002   Error description: The system cannot find the file specified.
12/20/2014 3:33:57 PM, Error: Microsoft Antimalware [2001]  - Microsoft Antimalware has encountered an error trying to update signatures.   New Signature Version:    Previous Signature Version:    Update Source: User   Update Stage: Install   Source Path:    Signature Type: AntiSpyware   Update Type: Delta   User: NT AUTHORITY\SYSTEM   Current Engine Version:    Previous Engine Version:    Error code: 0x80070002   Error description: The system cannot find the file specified.
12/20/2014 3:05:53 PM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AVP15.0.1 service.
12/20/2014 2:31:03 AM, Error: Service Control Manager [7022]  - The Windows Update service hung on starting.
12/20/2014 2:11:38 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  ccSet_NAT discache klhk KLIF klpd kneps spldr Wanarpv6
12/20/2014 12:12:21 PM, Error: Microsoft-Windows-DistributedCOM [10001]  - Unable to start a DCOM Server: {C39EE728-D419-4BD4-A3EF-EDA059DBD935} as /. The error: "5" Happened while starting this command: C:\windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
12/20/2014 11:33:51 PM, Error: Schannel [36887]  - The following fatal alert was received: 20.
12/19/2014 10:05:20 PM, Error: Schannel [36888]  - The following fatal alert was generated: 10. The internal error state is 10.
.
==== End Of File ===========================

 



#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:29 PM

Posted 26 December 2014 - 08:54 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===



Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
start

CloseProcesses:

HKLM\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-18\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-18\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 1
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-667345152-2384861562-3348176582-1004\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL =
SearchScopes: HKU\.DEFAULT -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name -> {AA58ED58-01DD-4d91-8333-CF10577473F7} ->  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
CHR Extension: (Google Wallet) - C:\Users\Phil Borneman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-12-19]
CHR HKLM\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [dbhjdbfgekjfcfkkfjjmlmojhbllhbho] - https://chrome.google.com/webstore/detail/dbhjdbfgekjfcfkkfjjmlmojhbllhbho [Not Found]
S3 cpuz137; \??\C:\Users\Phil\AppData\Local\Temp\cpuz137\cpuz137_x64.sys [X]
C:\Users\Admin\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Phil Borneman\AppData\Local\Temp\CLKAMI.exe
Task: C:\windows\Tasks\RegCure Pro_sch_DD867A9C-826F-11E4-9C22-4C72B92D6028.job => C:\Program Files (x86)\\RegCure Pro\RegCurePro.exe <==== ATTENTION

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log Fixlog.txt please post it to your reply.
===

Download Security Check by screen317 from here
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
p.s.
If the SecurityCheck program fails to run for any reason, run it as an Administrator.

If the site is busy or not available use this mirror site:
http://www.bleepingcomputer.com/download/securitycheck/

How is the computer running now?

======

#4 froglevelmc

froglevelmc
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:10:29 PM

Posted 29 December 2014 - 10:32 AM

Thanks for you response.  I ran out of time and ended up just wiping the drive and reinstalling the OS. 

 

 



#5 nasdaq

nasdaq

  • Malware Response Team
  • 40,246 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:29 PM

Posted 30 December 2014 - 08:51 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users