Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

To Machiavelli: Also have 'Unknown Process' Eraem Vire Studaa 2021


  • This topic is locked This topic is locked
3 replies to this topic

#1 gentleguy

gentleguy

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:38 PM

Posted 07 January 2015 - 09:57 PM

*Sorry, I tried to reply to PR1Pk12's post but I didn't have permission.  This is my very first post here so I am not aware of rules and apologize if this adds any confusion to those searching for or giving help towards a solution* 

 

Hi Machiavelli,

 

So glad I found this site.  I have the exact same problem encountered by the original poster (specifically  #3).  The Eraem Vire Studaa 2021 bug is springing up all over the net, but no solutions as yet!   

 

I have followed your instructions and will post my text files below.  I hope this doesn't interfere with the original poster's thread or your process of helping.

Also just wanted to add, the Eraem bug sometimes plays audio through my speakers (when connected to internet) but there is no visible process except in task manager.  It has also been reported to send confidential info from computer to waiting hackers... eek.

 

Thank you

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 07-01-2015
Ran by Admin (administrator) on PC2 on 07-01-2015 21:22:09
Running from C:\Users\Admin\Desktop\Dear.com\MyImages
Loaded Profiles: Admin &  (Available profiles: Admin & Administrator)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\BCMWLTRY.EXE
(IObit) C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.21\AllShareFrameworkManagerDMS.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Samsung) C:\Program Files\Samsung\AllShare Framework DMS\1.3.21\AllShareFrameworkDMS.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
(CrypKey (Canada) Ltd.) C:\Windows\System32\Crypserv.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe
() C:\Program Files (x86)\Acer Incorporated\HID Monitor\HIDMonitor.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\CHS\ChsIME.exe
(Microsoft Corporation) C:\Windows\System32\InputMethod\JPN\JpnIME.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Ezel Sensor\EzelSvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Instant Service\Sleep Memory Optimizer\FFSService.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Acer Incorporated) C:\OEM\EZELSENSORBEHAVIOR\EZelSensorBehavior.exe
(Acer Incorporated) C:\OEM\EZELSENSORBEHAVIOR\EzelAudio.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(Copyright 2013 SAMSUNG) C:\Program Files\Samsung\Samsung Link\Samsung Link.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Dolby Laboratories Inc.) C:\Dolby PCEE4\pcee4.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
() C:\Program Files (x86)\Mobipocket.com\Mobipocket Reader\reader.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Eraem Corniratu) C:\Users\Admin\AppData\Roaming\Erabkiy\idlyy.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
() C:\Program Files (x86)\Acer Incorporated\HID Monitor\HIDMonitor.exe
(Dropbox, Inc.) C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicatorCom.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Screen Grasp\Launch Screen Grasp.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Eraem Corniratu) C:\Users\Admin\AppData\Roaming\Erabkiy\idlyy.exe
(Eraem Corniratu) C:\Users\Admin\AppData\Roaming\Erabkiy\idlyy.exe
(Eraem Corniratu) C:\Users\Admin\AppData\Roaming\Erabkiy\idlyy.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe
(Eraem Corniratu) C:\Users\Admin\AppData\Roaming\Erabkiy\idlyy.exe
(Eraem Corniratu) C:\Users\Admin\AppData\Roaming\Erabkiy\idlyy.exe
(Eraem Corniratu) C:\Users\Admin\AppData\Roaming\Erabkiy\idlyy.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [2876816 2013-03-04] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13449288 2013-03-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1278024 2013-03-08] (Realtek Semiconductor)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe [10141184 2013-06-19] (Broadcom Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [444904 2012-09-20] (Adobe Systems Incorporated)
HKLM\...\Run: [TouchPalKeyboard] => C:\Program Files\CooTek\TouchPal\keyboard\TPKeyBoard.exe [1144392 2013-11-19] ()
HKLM\...\Run: [TouchPalToolBar] => C:\Program Files\CooTek\TouchPal\toolbar\TouchPalToolBar.exe [802888 2013-11-19] ()
HKLM\...\Run: [Samsung Link] => C:\Program Files\Samsung\Samsung Link\Samsung Link Tray Agent.exe [597576 2013-11-05] (Copyright 2013 SAMSUNG)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [49208 2011-10-28] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-05-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3478600 2013-05-11] (Adobe Systems Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM-x32\...\Run: [Aimersoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe [1667072 2012-02-28] (AimerSoft)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [271744 2014-09-26] (Oracle Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [IObit Malware Fighter] => C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe [1802048 2014-10-13] (IObit)
HKLM-x32\...\Run: [Gemomouxvyems] => C:\Users\Admin\AppData\Roaming\Erabkiy\idlyy.exe [508951 2015-01-01] (Eraem Corniratu)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKLM\...\Policies\Explorer: [TaskbarNoNotification] 0
HKLM\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-250147280-1769494927-4047674166-1001\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-250147280-1769494927-4047674166-1001\...\Run: [Online Ad Scanner] => C:\Users\Admin\AppData\Roaming\OAS\oasupd.exe [28672 2014-09-23] ()
HKU\S-1-5-21-250147280-1769494927-4047674166-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-250147280-1769494927-4047674166-1001\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-250147280-1769494927-4047674166-1001\...\Run: [ginmbig] => rundll32 "C:\Users\Admin\AppData\Local\ginmbig.dll",ginmbig <===== ATTENTION
HKU\S-1-5-21-250147280-1769494927-4047674166-1001\...\Run: [ConiMpexi] => regsvr32.exe "C:\ProgramData\ConiMpexi\AidwAfgo.kfl"
HKU\S-1-5-21-250147280-1769494927-4047674166-1001\...\Run: [BluetoothS] => rundll32.exe "%appdata%\BtvStack.dll",BTHF_Register
HKU\S-1-5-21-250147280-1769494927-4047674166-1001\...\Run: [Gemomouxvyems] => C:\Users\Admin\AppData\Roaming\Erabkiy\idlyy.exe [508951 2015-01-01] (Eraem Corniratu)
HKU\S-1-5-21-250147280-1769494927-4047674166-1001\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-250147280-1769494927-4047674166-1001\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-250147280-1769494927-4047674166-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3696912 2014-03-04] (Disc Soft Ltd)
HKU\S-1-5-21-250147280-1769494927-4047674166-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Online Ad Scanner] => C:\Users\Admin\AppData\Roaming\OAS\oasupd.exe [28672 2014-09-23] ()
HKU\S-1-5-21-250147280-1769494927-4047674166-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-250147280-1769494927-4047674166-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-250147280-1769494927-4047674166-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ginmbig] => rundll32 "C:\Users\Admin\AppData\Local\ginmbig.dll",ginmbig <===== ATTENTION
HKU\S-1-5-21-250147280-1769494927-4047674166-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [ConiMpexi] => regsvr32.exe "C:\ProgramData\ConiMpexi\AidwAfgo.kfl"
HKU\S-1-5-21-250147280-1769494927-4047674166-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [BluetoothS] => rundll32.exe "%appdata%\BtvStack.dll",BTHF_Register
HKU\S-1-5-21-250147280-1769494927-4047674166-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Gemomouxvyems] => C:\Users\Admin\AppData\Roaming\Erabkiy\idlyy.exe [508951 2015-01-01] (Eraem Corniratu)
HKU\S-1-5-21-250147280-1769494927-4047674166-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-21-250147280-1769494927-4047674166-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Policies\Explorer: [HideSCAHealth] 0
HKU\S-1-5-21-250147280-1769494927-4047674166-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2013-08-22] (Microsoft Corporation)
HKU\S-1-5-18\...\Policies\Explorer: [TaskbarNoNotification] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideSCAHealth] 0
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Admin\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk
ShortcutTarget: EvernoteClipper.lnk -> C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - .lnk
ShortcutTarget: Monitor Ink Alerts - .lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk
ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-250147280-1769494927-4047674166-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com
HKU\S-1-5-21-250147280-1769494927-4047674166-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com
HKU\S-1-5-21-250147280-1769494927-4047674166-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer13.msn.com
HKU\S-1-5-21-250147280-1769494927-4047674166-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com
SearchScopes: HKU\S-1-5-21-250147280-1769494927-4047674166-1001 -> DefaultScope {4DA4CB1B-91D7-4CBB-B71F-A0389D78FC57} URL = http://www.bing.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-250147280-1769494927-4047674166-1001 -> {4DA4CB1B-91D7-4CBB-B71F-A0389D78FC57} URL = http://www.bing.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-250147280-1769494927-4047674166-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {4DA4CB1B-91D7-4CBB-B71F-A0389D78FC57} URL = http://www.bing.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-250147280-1769494927-4047674166-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {4DA4CB1B-91D7-4CBB-B71F-A0389D78FC57} URL = http://www.bing.com/search?q={searchTerms}
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
BHO: No Name -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} ->  No File
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: No Name -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} ->  No File
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: Ads Removal -> {9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F} -> C:\Program Files (x86)\IObit\IObit Malware Fighter\adsremoval\IE\Adblock.dll (Adblock)
BHO-x32: Adobe Acrobat Create PDF Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-250147280-1769494927-4047674166-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-250147280-1769494927-4047674166-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{74F1B9E7-FD58-46AE-86E3-6626E8E5A49F}: [NameServer] 208.67.222.222
 
FireFox:
========
FF ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\69nl86qk.default-1420484284529
FF DefaultSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_15_0_0_223.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin64.dll (Skype)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF Plugin: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_15_0_0_223.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.72.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.72.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @Skype Technologies S.A..com/Skype Web Plugin -> C:\Program Files (x86)\SkypeWebPlugin\npSkypeWebPlugin.dll (Skype)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.25.11\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.3 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.7 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF Plugin-x32: samsung.com/SamsungLinkPCPlugin -> C:\Program Files\Samsung\Samsung Link\utils\npSamsungLinkPCPlugin.dll (Samsung)
FF Plugin-x32: wacom.com/WacomTabletPlugin -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin HKU\S-1-5-21-250147280-1769494927-4047674166-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Admin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-250147280-1769494927-4047674166-1001: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin HKU\S-1-5-21-250147280-1769494927-4047674166-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Admin\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-250147280-1769494927-4047674166-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: wacom.com/WacomTabletPlugin -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Extension: DownloadHelper - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\69nl86qk.default-1420484284529\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2015-01-05]
FF Extension: Evernote Web Clipper - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\69nl86qk.default-1420484284529\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800} [2015-01-06]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2013-12-25]
 
Chrome: 
=======
CHR Profile: C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-09-09]
CHR Extension: (Google Docs) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-09-09]
CHR Extension: (Google Drive) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-09-09]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2014-09-30]
CHR Extension: (YouTube) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-09-09]
CHR Extension: (Google Search) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-09-09]
CHR Extension: (Google Sheets) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-09-09]
CHR Extension: (Google Wallet) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-09-09]
CHR Extension: (Gmail) - C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-09-09]
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2013-05-11]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdvancedSystemCareService7; C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASCService.exe [893216 2014-08-18] (IObit)
R2 AllShare Framework DMS; C:\Program Files\Samsung\AllShare Framework DMS\1.3.21\AllShareFrameworkManagerDMS.exe [404360 2013-10-11] (Samsung) [File not signed]
R2 BcmBtRSupport; C:\WINDOWS\system32\btwrsupportservice.exe [2251992 2014-11-03] (Broadcom Corporation.)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2615368 2013-02-19] (Acer Incorporated)
R2 CrypKey License; C:\Windows\system32\crypserv.exe [126976 2010-03-18] (CrypKey (Canada) Ltd.) [File not signed]
R2 DACoreService; C:\Program Files (x86)\Nuance\Dragon Assistant\Core\DACore.exe [431504 2013-03-12] (Nuance Communications, Inc.)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [662088 2013-03-15] (Acer Incorporated)
R2 EzelSvc; C:\Program Files\Acer\Acer Ezel Sensor\EzelSvc.exe [213032 2013-04-23] (Acer Incorporate)
R2 FFSOpzSvc; C:\Program Files\Acer\Acer Instant Service\Sleep Memory Optimizer\FFSService.exe [161384 2012-03-12] (Acer Incorporated)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [314696 2014-05-20] (Intel Corporation)
R2 IMFservice; C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [344896 2014-09-30] (IObit)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)
S3 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-19] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165336 2013-01-14] (Intel Corporation)
S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2283296 2014-11-03] (IObit)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [431656 2013-03-14] (Acer Incorporate)
R2 Samsung Link Service; C:\Program Files\Samsung\Samsung Link\Samsung Link.exe [605768 2013-11-05] (Copyright 2013 SAMSUNG)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
S3 TunnelBearMaintenance; C:\Program Files (x86)\TunnelBear\TBear.Maintenance.exe [26048 2014-08-12] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [368632 2014-09-21] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2014-09-21] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe [5574656 2013-06-19] (Broadcom Corporation) [File not signed]
S3 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [656664 2014-08-19] (Wacom Technology, Corp.)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 bbcap; C:\Windows\system32\DRIVERS\bbcap.sys [4608 2014-01-31] (Windows ® Codename Longhorn DDK provider)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [172760 2013-04-23] (Broadcom Corporation.)
R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [9524400 2013-05-23] (Broadcom Corporation)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-09-24] (Microsoft Corporation)
R3 btwpanfl; C:\WINDOWS\system32\drivers\btwpanfl.sys [44912 2013-01-19] (Broadcom Corporation.)
R1 dtsoftbus01; C:\Windows\System32\drivers\dtsoftbus01.sys [283064 2014-08-28] (Disc Soft Ltd)
S3 FileMonitor; C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [23048 2013-03-23] (IObit)
R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-20] (Intel Corporation)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-01-09] (Acer Incorporated)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-07] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [125952 2014-11-03] (Intel Corporation)
R1 NetworkX; C:\Windows\System32\ckldrv.sys [30272 2010-03-18] ()
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [15704 2013-01-09] (Acer Incorporated)
S3 RegFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [34848 2013-11-19] (IObit.com)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [293592 2014-11-02] (Realtek Semiconductor Corp.)
R3 SensorsHIDClassDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-11-19] (Synaptics Incorporated)
S3 SndTAudio; C:\Windows\system32\drivers\SndTAudio.sys [34504 2013-12-16] (Windows ® Win 7 DDK provider)
S3 ssudserd; C:\Windows\system32\DRIVERS\ssudserd.sys [206080 2014-01-22] (DEVGURU Co., LTD.(www.devguru.co.kr))
R3 tap-tb-0901; C:\Windows\system32\DRIVERS\tap-tb-0901.sys [38656 2014-08-12] (The OpenVPN Project)
S3 UrlFilter; C:\Program Files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [23016 2013-11-19] (IObit.com)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2014-09-21] (Microsoft Corporation)
R3 WsAudio_Device(1); C:\Windows\system32\drivers\VirtualAudio1.sys [31080 2013-01-25] (Wondershare)
S3 BTATH_BUS; \SystemRoot\System32\drivers\btath_bus.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2022-06-15 19:45 - 2022-06-15 19:45 - 00000000 ____D () C:\Users\Admin\.swt
2022-06-15 09:36 - 2014-11-24 00:56 - 00000000 ____D () C:\Users\Admin\AppData\Local\Packages
2015-01-07 21:20 - 2015-01-07 21:22 - 00000000 ____D () C:\FRST
2015-01-07 21:14 - 2015-01-07 21:14 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth
2015-01-07 20:55 - 2015-01-07 20:55 - 00000822 _____ () C:\WINDOWS\PFRO.log
2015-01-07 20:55 - 2015-01-07 20:55 - 00000162 _____ () C:\WINDOWS\errord.log
2015-01-07 20:55 - 2015-01-07 20:55 - 00000124 _____ () C:\WINDOWS\error.log
2015-01-07 20:13 - 2015-01-07 21:21 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Local Store
2015-01-07 20:13 - 2015-01-07 21:00 - 00000812 _____ () C:\WINDOWS\Tasks\Security Center Update - 3913945883.job
2015-01-07 20:13 - 2015-01-07 21:00 - 00000812 _____ () C:\WINDOWS\Tasks\Security Center Update - 2129551741.job
2015-01-07 20:13 - 2015-01-07 21:00 - 00000810 _____ () C:\WINDOWS\Tasks\Security Center Update - 4186313602.job
2015-01-07 20:13 - 2015-01-07 21:00 - 00000810 _____ () C:\WINDOWS\Tasks\Security Center Update - 1648686291.job
2015-01-07 20:13 - 2015-01-07 21:00 - 00000808 _____ () C:\WINDOWS\Tasks\Security Center Update - 2399642923.job
2015-01-07 20:13 - 2015-01-07 20:13 - 00003784 _____ () C:\WINDOWS\System32\Tasks\Security Center Update - 3913945883
2015-01-07 20:13 - 2015-01-07 20:13 - 00003784 _____ () C:\WINDOWS\System32\Tasks\Security Center Update - 2129551741
2015-01-07 20:13 - 2015-01-07 20:13 - 00003782 _____ () C:\WINDOWS\System32\Tasks\Security Center Update - 4186313602
2015-01-07 20:13 - 2015-01-07 20:13 - 00003782 _____ () C:\WINDOWS\System32\Tasks\Security Center Update - 1648686291
2015-01-07 20:13 - 2015-01-07 20:13 - 00003780 _____ () C:\WINDOWS\System32\Tasks\Security Center Update - 2399642923
2015-01-07 20:13 - 2015-01-07 20:13 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Tievilp
2015-01-07 20:13 - 2015-01-07 20:13 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Leloawga
2015-01-07 20:13 - 2015-01-07 20:13 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Hywyiqe
2015-01-07 20:13 - 2015-01-07 20:13 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Hodiydb
2015-01-07 20:13 - 2015-01-07 20:13 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Erabkiy
2015-01-07 20:09 - 2015-01-07 20:09 - 00023552 _____ () C:\Users\Admin\AppData\Local\ginmbig.dll
2015-01-07 10:52 - 2015-01-07 10:52 - 00000000 _____ () C:\WINDOWS\setuperr.log
2015-01-07 10:52 - 2015-01-07 10:52 - 00000000 _____ () C:\WINDOWS\setupact.log
2015-01-06 23:46 - 2015-01-06 23:46 - 95473664 _____ () C:\WINDOWS\system32\config\SOFTWARE.iobit
2015-01-06 23:46 - 2015-01-06 23:46 - 01867776 _____ () C:\WINDOWS\system32\config\DEFAULT.iobit
2015-01-06 23:46 - 2015-01-06 23:46 - 00024576 _____ () C:\WINDOWS\system32\config\SECURITY.iobit
2015-01-06 23:46 - 2015-01-06 23:46 - 00024576 _____ () C:\WINDOWS\system32\config\SAM.iobit
2015-01-06 22:53 - 2015-01-06 22:53 - 00000000 ____D () C:\ProgramData\LHService
2015-01-06 22:08 - 2015-01-06 22:08 - 00000000 ____D () C:\ProgramData\LockHunter
2015-01-06 22:02 - 2015-01-06 22:02 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\LockHunter
2015-01-06 22:02 - 2015-01-06 22:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LockHunter
2015-01-06 22:02 - 2015-01-06 22:02 - 00000000 ____D () C:\Program Files\LockHunter
2015-01-06 21:39 - 2015-01-06 23:57 - 00000000 ____D () C:\Users\Admin\Desktop\VirusBlaster
2015-01-06 21:22 - 2015-01-06 21:22 - 00000000 ____D () C:\WINDOWS\Hewlett-Packard
2015-01-05 13:58 - 2015-01-05 13:58 - 00000000 ____D () C:\Users\Admin\Desktop\Old Firefox Data
2015-01-05 12:40 - 2015-01-05 12:40 - 00001756 _____ () C:\Users\Admin\Desktop\Computer.lnk
2015-01-05 12:40 - 2015-01-05 12:40 - 00000288 _____ () C:\Users\Admin\AppData\Roaming\464ECE65.reg
2015-01-05 11:33 - 2015-01-05 16:01 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Tubyytu
2015-01-05 11:33 - 2015-01-05 16:01 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Odsonotu
2015-01-02 14:06 - 2015-01-02 14:06 - 00000144 _____ () C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2014-12-30 20:18 - 2014-12-31 17:26 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Hyfeci
2014-12-29 17:17 - 2014-12-29 17:18 - 00000000 ____D () C:\ProgramData\calibre
2014-12-29 17:16 - 2015-01-07 20:10 - 00000000 ____D () C:\ProgramData\rkrbrj
2014-12-29 17:14 - 2015-01-07 20:09 - 00000000 ____D () C:\ProgramData\ConiMpexi
2014-12-23 23:21 - 2014-12-23 23:21 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\com.adobe.formscentral.FormsCentralForAcrobat
2014-12-23 23:14 - 2015-01-07 21:14 - 00164864 ___SH () C:\Users\Admin\Desktop\Thumbs.db
2014-12-23 14:10 - 2014-12-23 14:10 - 00000000 ____D () C:\Users\Public\Documents\Adobe
2014-12-23 14:10 - 2014-12-23 14:10 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2014-12-18 23:35 - 2013-04-23 11:25 - 00186584 _____ (Broadcom Corporation.) C:\WINDOWS\system32\Drivers\btwaudio.sys
2014-12-18 23:35 - 2013-04-23 11:24 - 00228568 _____ (Broadcom Corporation.) C:\WINDOWS\system32\Drivers\btwavdt.sys
2014-12-18 23:35 - 2013-04-23 11:24 - 00022744 _____ (Broadcom Corporation.) C:\WINDOWS\system32\Drivers\btwrchid.sys
2014-12-18 23:35 - 2012-07-26 18:48 - 00040248 _____ (Broadcom Corporation.) C:\WINDOWS\system32\Drivers\btwl2cap.sys
2014-12-18 23:19 - 2014-12-18 23:19 - 00000000 ____D () C:\Users\Admin\Documents\Bluetooth Folder
2014-12-18 23:19 - 2014-12-18 23:19 - 00000000 ____D () C:\Users\Admin\Desktop\WLAN_Broadcom_6.30.223.98_W8x64
2014-12-18 23:17 - 2014-12-18 23:22 - 00000000 ____D () C:\Program Files (x86)\Qualcomm Atheros
2014-12-18 23:14 - 2014-12-18 23:16 - 00000000 ____D () C:\ProgramData\Qualcomm Atheros
2014-12-18 23:10 - 2014-12-18 23:11 - 00000000 ____D () C:\Users\Admin\Desktop\WLAN_Atheros_10.0.0.251_W8x64
2014-12-15 18:08 - 2014-11-26 16:10 - 00714720 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-12-15 18:08 - 2014-11-26 16:10 - 00106976 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-12-15 18:02 - 2014-12-15 18:02 - 00000000 __SHD () C:\found.000
2014-12-14 10:38 - 2014-10-30 17:37 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2014-12-14 10:38 - 2014-10-30 17:34 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2014-12-10 01:12 - 2014-12-10 01:12 - 00003021 _____ () C:\Users\Admin\Desktop\Mindmaster.lnk
2014-12-10 01:12 - 2014-12-10 01:12 - 00002981 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mindmaster.lnk
2014-12-10 01:12 - 2014-12-10 01:12 - 00000000 ____D () C:\Users\Admin\Documents\MindMaster
2014-12-10 01:12 - 2014-12-10 01:12 - 00000000 ____D () C:\ProgramData\MindMaster
2014-12-10 01:12 - 2014-12-10 01:12 - 00000000 ____D () C:\MindMaster
2014-12-10 00:09 - 2014-11-09 21:29 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceSetupStatusProvider.dll
2014-12-10 00:09 - 2014-11-09 20:51 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceSetupStatusProvider.dll
2014-12-10 00:09 - 2014-10-31 18:57 - 01091072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-12-10 00:09 - 2014-10-31 18:47 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-12-10 00:09 - 2014-10-30 18:39 - 01970432 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2014-12-10 00:09 - 2014-10-30 18:38 - 01612992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2014-12-09 22:21 - 2014-11-21 22:13 - 25059840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-12-09 22:21 - 2014-11-21 21:50 - 00580096 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-12-09 22:21 - 2014-11-21 21:49 - 02885120 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-12-09 22:21 - 2014-11-21 21:49 - 00417280 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
2014-12-09 22:21 - 2014-11-21 21:48 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2014-12-09 22:21 - 2014-11-21 21:35 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2014-12-09 22:21 - 2014-11-21 21:34 - 06039552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-12-09 22:21 - 2014-11-21 21:22 - 19749376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-12-09 22:21 - 2014-11-21 21:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2014-12-09 22:21 - 2014-11-21 21:07 - 00501248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-12-09 22:21 - 2014-11-21 21:06 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
2014-12-09 22:21 - 2014-11-21 21:06 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2014-12-09 22:21 - 2014-11-21 21:05 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2014-12-09 22:21 - 2014-11-21 21:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2014-12-09 22:21 - 2014-11-21 21:01 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-12-09 22:21 - 2014-11-21 20:59 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2014-12-09 22:21 - 2014-11-21 20:55 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2014-12-09 22:21 - 2014-11-21 20:52 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2014-12-09 22:21 - 2014-11-21 20:49 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-12-09 22:21 - 2014-11-21 20:49 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-12-09 22:21 - 2014-11-21 20:49 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2014-12-09 22:21 - 2014-11-21 20:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-12-09 22:21 - 2014-11-21 20:43 - 14412800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-12-09 22:21 - 2014-11-21 20:35 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
2014-12-09 22:21 - 2014-11-21 20:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2014-12-09 22:21 - 2014-11-21 20:33 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
2014-12-09 22:21 - 2014-11-21 20:29 - 04299264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-12-09 22:21 - 2014-11-21 20:29 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2014-12-09 22:21 - 2014-11-21 20:28 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-12-09 22:21 - 2014-11-21 20:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2014-12-09 22:21 - 2014-11-21 20:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-12-09 22:21 - 2014-11-21 20:23 - 00326656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2014-12-09 22:21 - 2014-11-21 20:22 - 02052096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-12-09 22:21 - 2014-11-21 20:15 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-12-09 22:21 - 2014-11-21 20:13 - 12836864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-12-09 22:21 - 2014-11-21 20:03 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-12-09 22:21 - 2014-11-21 20:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-12-09 22:21 - 2014-11-21 19:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-12-09 22:21 - 2014-11-21 19:54 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-12-09 22:21 - 2014-11-06 23:16 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2014-12-09 22:21 - 2014-11-06 22:26 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2014-12-09 22:21 - 2014-10-12 21:43 - 00238912 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2014-12-09 22:21 - 2014-10-12 21:43 - 00153920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2014-12-09 22:21 - 2014-10-12 21:43 - 00086336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2014-12-09 22:21 - 2014-10-12 21:43 - 00039744 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2014-12-09 06:04 - 2014-12-09 06:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 3.4
2014-12-09 06:03 - 2014-12-09 06:04 - 00000000 ____D () C:\Python34
2014-12-09 03:10 - 2014-12-09 03:10 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-12-09 00:40 - 2014-12-25 22:04 - 00000000 ____D () C:\My E-Books
2014-12-09 00:39 - 2014-12-27 16:59 - 00000000 ____D () C:\Users\Admin\AppData\Local\Martview
2014-12-09 00:39 - 2014-12-09 00:39 - 00000953 _____ () C:\Users\Public\Desktop\MartView.lnk
2014-12-09 00:39 - 2014-12-09 00:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MartView
2014-12-09 00:39 - 2014-12-09 00:39 - 00000000 ____D () C:\ProgramData\Caphyon
2014-12-09 00:39 - 2014-12-09 00:39 - 00000000 ____D () C:\Program Files (x86)\MartView
2014-12-08 02:47 - 2014-12-08 02:47 - 00001118 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-12-08 00:49 - 2014-12-08 00:49 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_WinUsb_01007.Wdf
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-01-07 21:19 - 2013-12-07 20:40 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-250147280-1769494927-4047674166-1001
2015-01-07 21:17 - 2014-11-14 13:12 - 00000914 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-01-07 21:14 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2015-01-07 21:07 - 2014-10-23 01:36 - 01234479 _____ () C:\WINDOWS\WindowsUpdate.log
2015-01-07 21:02 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-01-07 21:00 - 2014-04-06 18:41 - 00129752 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-01-07 20:56 - 2014-11-14 13:12 - 00000910 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-01-07 20:56 - 2012-07-26 00:26 - 00000219 _____ () C:\WINDOWS\win.ini
2015-01-07 20:55 - 2014-10-23 01:08 - 00000000 ____D () C:\Users\Admin
2015-01-07 20:55 - 2014-02-03 19:06 - 00000031 _____ () C:\WINDOWS\system32\bbcap.err
2015-01-07 20:55 - 2013-08-22 09:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-01-07 20:50 - 2013-12-25 17:00 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Azureus
2015-01-07 20:37 - 2014-10-02 00:53 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\OAS
2015-01-07 11:47 - 2013-12-22 18:30 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\vlc
2015-01-07 01:35 - 2014-09-13 22:28 - 00000000 ____D () C:\Users\Admin\.FBReader
2015-01-07 00:35 - 2014-09-12 12:25 - 00000000 ____D () C:\Users\Admin\Documents\My eBooks
2015-01-06 23:59 - 2014-10-23 04:58 - 00000000 ___DC () C:\WINDOWS\Panther
2015-01-06 23:57 - 2013-12-21 16:29 - 00000000 ___RD () C:\Users\Admin\Dropbox
2015-01-06 23:57 - 2013-12-21 16:24 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Dropbox
2015-01-06 23:55 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-01-06 23:45 - 2013-12-27 01:43 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Audacity
2015-01-06 23:08 - 2014-08-03 19:02 - 00000000 ____D () C:\Users\Admin\AppData\Local\CrashDumps
2015-01-06 23:02 - 2014-08-28 14:19 - 00003510 _____ () C:\WINDOWS\System32\Tasks\AutoKMS
2015-01-06 22:52 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2015-01-06 22:52 - 2013-08-22 08:25 - 01048576 ___SH () C:\WINDOWS\system32\config\BBI
2015-01-06 22:51 - 2014-05-01 01:53 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\AdvertismentImages
2015-01-06 19:45 - 2014-11-07 15:52 - 00908800 ___SH () C:\Users\Admin\Documents\Thumbs.db
2015-01-05 21:00 - 2014-09-24 02:15 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-01-05 17:05 - 2014-09-21 23:58 - 00000000 ____D () C:\Users\Admin\dwhelper
2015-01-05 16:02 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\addins
2015-01-05 16:01 - 2014-02-08 09:43 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Apple Computer
2015-01-05 15:37 - 2014-11-03 02:05 - 00000286 _____ () C:\WINDOWS\Tasks\Uninstaller_SkipUac_Admin.job
2015-01-05 12:30 - 2014-10-28 15:20 - 00000630 _____ () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\~Recent.lnk
2015-01-01 22:35 - 2014-01-26 15:13 - 00000000 ____D () C:\Users\Admin\Documents\Calibre Library
2015-01-01 13:58 - 2014-11-02 23:18 - 00003102 _____ () C:\WINDOWS\System32\Tasks\Driver Booster SkipUAC (Admin)
2015-01-01 13:53 - 2014-11-02 23:19 - 00000000 ____D () C:\ProgramData\ProductData
2014-12-31 17:26 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\InputMethod
2014-12-31 06:14 - 2014-01-29 21:17 - 00298120 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2014-12-29 21:16 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-12-29 17:16 - 2013-12-07 22:27 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Macromedia
2014-12-23 15:25 - 2014-08-30 16:43 - 00000000 ____D () C:\Users\Admin\Documents\Biran Family
2014-12-18 23:22 - 2014-11-05 22:12 - 00000000 ____D () C:\ProgramData\Package Cache
2014-12-18 23:21 - 2014-10-23 01:01 - 00000000 ____D () C:\WINDOWS\SysWOW64\RTCOM
2014-12-18 23:17 - 2013-04-10 08:52 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-12-18 01:14 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2014-12-17 13:38 - 2013-12-21 16:24 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-12-16 10:53 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-12-15 18:05 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-RS
2014-12-15 18:05 - 2013-08-22 10:36 - 00000000 ____D () C:\WINDOWS\system32\sr-Latn-CS
2014-12-15 17:52 - 2014-01-09 19:53 - 00000000 ____D () C:\Users\Admin\AppData\Roaming\Skype
2014-12-11 16:24 - 2014-02-13 22:12 - 00000000 ____D () C:\Program Files (x86)\Karaoke Builder Player
2014-12-11 02:35 - 2013-12-07 20:54 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-12-10 00:38 - 2013-12-21 13:52 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-12-10 00:36 - 2013-12-27 21:07 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-12-10 00:28 - 2013-12-27 21:07 - 112710672 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-12-09 06:12 - 2014-11-05 01:46 - 00000000 ____D () C:\Users\Admin\.idlerc
2014-12-08 02:47 - 2014-04-06 18:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-12-08 02:47 - 2014-04-06 18:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-12-08 01:04 - 2013-12-25 17:00 - 00001810 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vuze.lnk
2014-12-08 01:04 - 2013-12-25 16:59 - 00000000 ____D () C:\Program Files\Vuze
 
Some content of TEMP:
====================
C:\Users\Admin\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpj5tj5l.dll
C:\Users\Admin\AppData\Local\Temp\i4jdel0.exe
C:\Users\Admin\AppData\Local\Temp\UpdateFlashPlayer_56bd3367.exe
C:\Users\Admin\AppData\Local\Temp\UpdateFlashPlayer_6435b324.exe
C:\Users\Admin\AppData\Local\Temp\UpdateFlashPlayer_8119a6ad.exe
C:\Users\Admin\AppData\Local\Temp\UpdateFlashPlayer_e53f8f73.exe
C:\Users\Admin\AppData\Local\Temp\UpdateFlashPlayer_eb2df8bf.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-01-07 00:58
 
==================== End Of Log ============================

 

 

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-01-2015

Ran by Admin at 2015-01-07 21:23:08
Running from C:\Users\Admin\Desktop\Dear.com\MyImages
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: IObit Malware Fighter (Enabled - Up to date) {A751AC20-3B48-5237-898A-78C4436BB78D}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
 clear.fi SDK - Video 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
 clear.fi SDK- Movie 2 (x32 Version: 2.1.2606 - CyberLink Corp.) Hidden
4Media 2D to 3D Video Converter (HKLM-x32\...\4Media 2D to 3D Video Converter) (Version: 1.0.0.1202 - 4Media)
Acer Ezel Sensor (HKLM\...\{8AB88082-5BBB-4D66-BF7C-561118D3827C}) (Version: 1.01.1013 - Acer Incorporated)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.3003 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3013 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3016 - Acer Incorporated)
Acer Screen Grasp (HKLM-x32\...\{84443E5D-0767-438B-B1C8-6A52FAB2101B}) (Version: 1.00.3007 - Acer Incorporated)
Acer USB Charge Manager (HKLM\...\{07E867C5-0C48-40FF-A013-DDAF4565AD47}) (Version: 2.00.3003 - Acer Incorporated)
AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.01.2008 - Acer Incorporated)
AcerCloud Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.02.2021 - Acer Incorporated)
AceReader Pro Deluxe (HKLM-x32\...\{A6D16075-3CF6-4CC9-A715-B73DA9DAE563}) (Version: 5.00.0000 -  StepWare, Inc.)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.03 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe Flash Player 15 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 15.0.0.223 - Adobe Systems Incorporated)
Adobe Help Manager (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 4.0.244 - Adobe Systems Incorporated)
Adobe Premiere Pro CS6 (HKLM-x32\...\{7176B973-6011-43C1-AEBC-2D73FE7C6982}) (Version: 6.0 - Adobe Systems Incorporated)
Advanced SystemCare 7 (HKLM-x32\...\Advanced SystemCare 7_is1) (Version: 7.4.0 - IObit)
Aimersoft DRM Media Converter(Build 1.5.5.0) (HKLM-x32\...\Aimersoft DRM Media Converter_is1) (Version:  - Aimersoft Software)
AllShare Framework DMS (HKLM\...\{BF01E7C5-918C-4AAB-8099-2D4411E6E6F4}) (Version: 1.3.21 - Samsung)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
BB FlashBack Pro 3 (HKLM-x32\...\BB FlashBack Pro 3) (Version: 3.2.2.2096 - Blueberry)
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Broadcom Wireless Utility (HKLM\...\{4CDA59B9-7AD3-4283-9F5C-BC469FF975B6}) (Version: 6.30.223.98 - Broadcom Corporation)
calibre (HKLM-x32\...\{04DA2FBD-B750-4070-90DE-D387DAC13C71}) (Version: 1.21.0 - Kovid Goyal)
clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.02.2012 - Acer Incorporated)
clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.02.2016 - Acer Incorporated)
convert-wma-to-mp3 4.5.1 (HKLM-x32\...\{3FD0CA8C-418C-490F-83D8-71D49A930776}_is1) (Version: 4.5.1 - AceSoft)
CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3729_45993 - CyberLink Corp.)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Debut Video Capture Software (HKLM-x32\...\Debut) (Version: 1.88 - NCH Software)
Dirk's Piano Tuner Trial V4.0 (HKLM-x32\...\Dirk's Piano Tuner Trial) (Version: 4.0 - Dirk's Projects)
Dolby Home Theater v4 (HKLM-x32\...\{B26438B4-BF51-49C3-9567-7F14A5E40CB9}) (Version: 7.2.8000.17 - Dolby Laboratories Inc)
Dragon Assistant Application en-US version 1.5.2 (HKLM-x32\...\{1CCBE73F-4948-4711-8D12-22E2FD65D706}_is1) (Version: 1.5.2 - Nuance Communications, Inc.)
Dragon Assistant Core Recognition Service version 1.1.7 (HKLM-x32\...\{E97BA7A6-46FC-4EBF-B24A-B8362948C696}_is1) (Version: 1.1.7 - Nuance Communications, Inc.)
Dragon Assistant Language Data en-US version 1.1.1 (HKLM-x32\...\{4C0C1E4E-D3B1-4496-98EC-DA14D45EC855}_is1) (Version: 1.1.1 - Nuance Communications, Inc.)
Dragon Assistant version 1.5.2 (HKLM-x32\...\{D57A8269-3BE5-4D10-B882-64D0F2D448BF}_is1) (Version: 1.5.2 - Nuance Communications, Inc.)
Driver Booster 2 (HKLM-x32\...\Driver Booster_is1) (Version: 2.0 - IObit)
DriverToolkit version 8.3.0.0 (HKLM-x32\...\{D66BF89F-B0A2-48F5-A2E4-242EB645AB76}_is1) (Version: 8.3.0.0 - Megaify Software)
Dropbox (HKU\S-1-5-21-250147280-1769494927-4047674166-1001\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
Dropbox (HKU\S-1-5-21-250147280-1769494927-4047674166-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
ETDWare PS/2-X64 11.6.20.203_WHQL (HKLM\...\Elantech) (Version: 11.6.20.203 - ELAN Microelectronic Corp.)
Evernote v. 5.7.2 (HKLM-x32\...\{FB57263E-706F-11E4-A65F-00163E98E7D6}) (Version: 5.7.2.5753 - Evernote Corp.)
Express Burn (HKLM-x32\...\ExpressBurn) (Version: 4.68 - NCH Software)
Express Zip (HKLM-x32\...\ExpressZip) (Version: 2.28 - NCH Software)
FBReader for Windows (HKLM-x32\...\FBReader for Windows) (Version:  - )
FFmpeg v0.6.2 for Audacity (HKLM-x32\...\FFmpeg for Audacity_is1) (Version:  - )
File Association Manager (HKLM-x32\...\FileAssociationManager) (Version: 0.11 - File Association Manager)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 39.0.2171.95 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
HID Monitor (HKLM-x32\...\{65DEBA1C-0072-4089-B10B-672F252692C9}) (Version: 1.1.5 - Acer Incorporated)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{2BF5E9CC-C55D-4B0F-ACAF-FFE77F333CD8}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3006 - Acer Incorporated)
IDroo 1.0.0.186 (HKLM-x32\...\IDroo) (Version: 1.0.0.186 - Iteral Group OÜ)
Inkscape 0.48.5 (HKLM-x32\...\Inkscape) (Version: 0.48.5 - )
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.30.1349 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3621 - Intel Corporation)
Intel® Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 2.1.0.1002 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.7.1.1001 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
IObit Malware Fighter (HKLM-x32\...\IObit Malware Fighter_is1) (Version: 2.5 - IObit)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.0.4.30 - IObit)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Java 7 Update 72 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217072FF}) (Version: 7.0.720 - Oracle)
Karaoke Builder Player 3.0 (HKLM-x32\...\Karaoke Builder Player 3.0) (Version:  - )
LADSPA_plugins-win-0.4.15 (HKLM-x32\...\LADSPA_plugins-win_is1) (Version:  - Audacity Team)
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3010 - Acer Incorporated)
LockHunter 3.1, 32/64 bit (HKLM\...\LockHunter_is1) (Version:  - Crystal Rich Ltd)
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MartView (HKLM-x32\...\MartView) (Version: 2.52 - MartView) <==== ATTENTION!
MartView (x32 Version: 2.52 - MartView) Hidden
Media Player Classic - Home Cinema v1.5.2.3456 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.5.2.3456 - MPC-HC Team)
MediaPlayerLite 0.5.1.0 (HKLM-x32\...\MediaPlayerLite) (Version: 0.5.1.0 - MediaPlayerLite)
Microsoft Office Language Pack 2010 - English (HKLM-x32\...\Office14.OMUI.en-us) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-250147280-1769494927-4047674166-1001\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-250147280-1769494927-4047674166-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
MindMaster (HKLM-x32\...\{906C1DAC-A419-4A7E-BAA1-DECC4582242D}) (Version: 2.2.7 - MindMaster)
Mobipocket Creator 4.2 (HKLM-x32\...\{AFE499B5-FCC4-45E6-A1A5-3C51AE0E539B}) (Version: 4.2.41 - Mobipocket.com)
Mobipocket Reader 6.2 (HKLM-x32\...\{342126E1-173C-4585-BFBE-3EBDD20E3E9E}) (Version: 6.2.608 - Mobipocket.com)
Mozilla Firefox 34.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 34.0.5 (x86 en-US)) (Version: 34.0.5 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MPC-HC 1.7.1 (64-bit) (HKLM\...\{2ACBF1FA-F5C3-4B19-A774-B22A31F231B9}_is1) (Version: 1.7.1.0 - MPC-HC Team)
Nero BackItUp 12 Essentials OEM.a01 (HKLM-x32\...\{4CA8F973-6377-4ABF-9ED5-CC2323B3C000}) (Version: 12.5.00500 - Nero AG)
OAS (HKU\S-1-5-21-250147280-1769494927-4047674166-1001\...\Online Ad Scanner) (Version: 1.00 - OAS Corp)
OAS (HKU\S-1-5-21-250147280-1769494927-4047674166-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Online Ad Scanner) (Version: 1.00 - OAS Corp)
Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.02.2008 - Acer)
Office Addin 2003 (HKLM-x32\...\{1FCC073B-CC01-4443-AD20-E559F66E6E83}) (Version: 2.02.2008 - Acer)
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
Prism Video File Converter (HKLM-x32\...\Prism) (Version: 2.07 - NCH Software)
Protected Music Converter 1.0.0.17 (HKLM-x32\...\Protected Music Converter_is1) (Version: 1.0.0.17 - WMA-MP3.com)
Python 2.7.6 (HKLM-x32\...\{C3CC4DF5-39A5-4027-B136-2B3E1F5AB6E2}) (Version: 2.7.6150 - Python Software Foundation)
Python 3.4.2 (64-bit) (HKLM\...\{cd723946-09c1-38d3-8542-732ba931e9ef}) (Version: 3.4.2150 - Python Software Foundation)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6870 - Realtek Semiconductor Corp.)
Realtek PCIE Card Reader (HKLM-x32\...\{0D61A55C-3ADC-409F-BF5B-A1766D1F5944}) (Version: 6.2.9200.29053 - Realtek Semiconductor Corp.)
Realtek USB Ethernet Controller Driver (HKLM-x32\...\{D2B61BE0-B18B-4091-81B4-F234F4C30DFD}) (Version: 8.7.227.2013 - Realtek)
Samsung Link 1.7.0.1311052230 (HKLM\...\8474-7877-9059-0204) (Version: 1.7.0.1311052230 - Copyright 2013 SAMSUNG)
Screencast-O-Matic (HKU\S-1-5-21-250147280-1769494927-4047674166-1001\...\Screencast-O-Matic) (Version:  - Screencast-O-Matic)
Screencast-O-Matic (HKU\S-1-5-21-250147280-1769494927-4047674166-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Screencast-O-Matic) (Version:  - Screencast-O-Matic)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 Language Pack (KB2687449) 32-Bit Edition (HKLM-x32\...\{90140000-0100-0409-0000-0000000FF1CE}_Office14.OMUI.en-us_{840912CB-128E-4A73-9CD9-F807BC9B7684}) (Version:  - Microsoft)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
SketchUp 2014 (HKLM-x32\...\{F246092E-FA0B-47C8-9D3E-CF8C210293C8}) (Version: 14.1.1282 - Trimble Navigation Limited)
Skype Web Plugin (HKLM-x32\...\{B51DD93B-3CB5-4D9D-BFF2-FD19DBBBFD9A}) (Version: 2.9.13008.18866 - Skype Technologies S.A.)
Skype™ 6.21 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 6.21.104 - Skype Technologies S.A.)
Sleep Memory Optimizer (HKLM\...\{BF63C2C3-9A5B-4366-AA5F-015292B919F0}) (Version: 1.01.3000 - Acer Incorporated)
Smart Timer (HKLM-x32\...\{89DB52FC-EA72-468F-A0C7-150AF8B7AB74}) (Version: 1.00.3007 - Acer Incorporated)
SmoothDraw version 4.0.5 (HKLM-x32\...\SmoothDraw_is1) (Version: 4.0.5 - )
Sparkol VideoScribe (HKLM-x32\...\Sparkol VideoScribe 2.0) (Version: 2.0 - Sparkol)
Sparkol VideoScribe (x32 Version: 2.0 - Sparkol) Hidden
Stereoscopic Player (HKLM-x32\...\{5F757102-EC4C-4416-8B4F-D098456C29BC}) (Version: 1.9.9 - 3dtv.at)
Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.0 - IObit)
The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.9.0.126 - PandoraTV)
The KMPlayer 2.0 (HKLM-x32\...\The KMPlayer 2.0) (Version: 2.0 - RePack by CUTA)
TouchPal Smartinput Win8 (HKLM\...\TouchPal Smartinput Win8_is1) (Version: 1.3.0 - CooTek)
TunnelBear (HKLM-x32\...\{c8811a2f-f50d-405f-a18e-ca32f0528e73}) (Version: 2.2.27.0 - TunnelBear)
TunnelBear (x32 Version: 2.2.27.0 - TunnelBear) Hidden
Unity Web Player (HKU\S-1-5-21-250147280-1769494927-4047674166-1001\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Unity Web Player (HKU\S-1-5-21-250147280-1769494927-4047674166-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
Update for Japanese Microsoft IME Postal Code Dictionary (HKLM-x32\...\{15015752-9990-4516-A2B1-93823281FB8E}) (Version: 15.0.1759 - Microsoft Corporation)
Update for Japanese Microsoft IME Standard Dictionary (HKLM-x32\...\{7DB71278-9AD7-4480-AB08-8649C5010B17}) (Version: 15.0.1215 - Microsoft Corporation)
Update for Japanese Microsoft IME Standard Extended Dictionary (HKLM-x32\...\{78CE66A9-85AF-4BD8-8FB7-35B5F3846C00}) (Version: 15.0.1215 - Microsoft Corporation)
VideoPad Video Editor (HKLM-x32\...\VideoPad) (Version: 3.24 - NCH Software)
Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version:  - Microsoft Corporation)
Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.5.0.0 - Azureus Software, Inc.)
Wacom (HKLM\...\Pen Tablet Driver) (Version: 5.3.5-3 - Wacom Technology Corp.)
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 5.55 - NCH Software)
WebTablet FB Plugin 32 bit (HKLM-x32\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WebTablet FB Plugin 64 bit (HKLM\...\Wacom WebTabletPlugin for Internet Explorer and Netscape) (Version: 2.1.0.7 - Wacom Technology Corp.)
WIDCOMM Bluetooth Software (HKLM\...\{C6D9ED03-6FCF-4410-9CB7-45CA285F9E11}) (Version: 12.0.0.6900 - Broadcom Corporation)
Zipeg (HKU\S-1-5-21-250147280-1769494927-4047674166-1001\...\Zipeg) (Version: 2.9.3.1316 - http://zipeg.com)
Zipeg (HKU\S-1-5-21-250147280-1769494927-4047674166-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Zipeg) (Version: 2.9.3.1316 - http://zipeg.com)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
 
==================== Restore Points  =========================
 
18-12-2014 23:35:24 Broadcom BTW Restore Point
29-12-2014 19:08:31 Scheduled Checkpoint
06-01-2015 21:23:16 Installed HP Update.
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2014-11-04 15:32 - 00000826 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {0560B164-AC6A-4A56-A3C4-0D15D6FA295C} - System32\Tasks\EZel Sensor Behavior => C:\Program Files\Acer\Acer Ezel Sensor\Launcher.exe [2013-04-23] (Acer Incorporated)
Task: {08FCE161-99E6-4147-A88A-6D71770E3C51} - System32\Tasks\Security Center Update - 1648686291 => C:\Users\Admin\AppData\Roaming\Hodiydb\gykoma.exe [2014-11-16] (Eraem Corniratu) <==== ATTENTION
Task: {0F28B9EB-FA78-4BF4-8826-60FC0285C49F} - System32\Tasks\AutoKMS => C:\Windows\AutoKMS\AutoKMS.exe [2014-08-28] ()
Task: {0FF924D3-E1A1-47F3-93AC-1BE8950D7640} - System32\Tasks\TunnelBear => C:\Program Files (x86)\TunnelBear\TBear.Client.exe [2014-08-12] (TunnelBear)
Task: {1F33AC6D-C8EA-4DA0-9401-308EA7C8BEF5} - System32\Tasks\{C90E963F-586A-4356-A1E6-49B45247DA68} => Iexplore.exe http://ui.skype.com/ui/0/5.10.0.116/en/go/help.faq.installer?LastError=1603
Task: {20150A72-B4D9-4D25-BD51-DD1C7AA4A1EC} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2013-02-07] (CyberLink)
Task: {2B641EAB-E418-4126-85BF-4C8DD606C7C0} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2013-03-13] ()
Task: {2F04AF05-7549-4A32-8AAA-4472B98FF18B} - System32\Tasks\Launch Screen Grasp_First => C:\Program Files (x86)\Acer\Screen Grasp\Launch Screen Grasp.exe [2013-04-23] (Acer Incorporated)
Task: {337CCE12-D0DD-4E4C-B058-AE0485535CBA} - System32\Tasks\Security Center Update - 2129551741 => C:\Users\Admin\AppData\Roaming\Hywyiqe\gailadv.exe [2015-01-06] (Eraem Corniratu) <==== ATTENTION
Task: {34605D9E-9580-410C-B234-01E26CA9D8F1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-09] (Google Inc.)
Task: {367BC884-B7D1-41C5-BCB3-451874BB9FD1} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {3D1E42FA-C821-4F5C-99FC-59952B533E54} - System32\Tasks\Dolby Selector => C:\Dolby PCEE4\pcee4.exe [2012-08-31] (Dolby Laboratories Inc.)
Task: {464F8B2A-65DD-4579-A713-16D6C2D9AF51} - System32\Tasks\Security Center Update - 2399642923 => C:\Users\Admin\AppData\Roaming\Erabkiy\idlyy.exe [2015-01-01] (Eraem Corniratu) <==== ATTENTION
Task: {46834B0B-B7A1-4008-A25A-7DEFC2C2E618} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2013-03-14] (Acer Incorporate)
Task: {59EE75FD-7B53-4EF6-B7A7-8892C5DB2948} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-12-10] (Microsoft Corporation)
Task: {5B320BAF-35DB-43B7-BDB7-A0FEE4401506} - System32\Tasks\{DBF9CFBD-9B8F-4C58-AFBA-FBDDA172D62B} => Iexplore.exe http://ui.skype.com/ui/0/5.10.0.116/en/abandoninstall?page=tsBing
Task: {6B5AB3DC-6D58-45ED-AE3D-00BC8398D32D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-09-09] (Google Inc.)
Task: {6FCE56FA-A760-471F-93B9-A6703781AE54} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2013-01-22] ()
Task: {8CDED882-6330-431B-A69C-BF2C712411CE} - System32\Tasks\Uninstaller_SkipUac_Admin => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-11-03] (IObit)
Task: {964B0932-4EDB-4582-B6E0-232D08D58B9E} - System32\Tasks\Acer Aspire R7 Tutorial => C:\ProgramData\OEM\Acer Aspire R7 Tutorial\EzelToastNotificationAgent.exe [2013-03-18] (acer)
Task: {9C12B3C9-48DD-4B42-9637-AB13499B636F} - System32\Tasks\Security Center Update - 3913945883 => C:\Users\Admin\AppData\Roaming\Leloawga\esmua.exe [2014-10-28] (Eraem Corniratu) <==== ATTENTION
Task: {C00DEDC0-DB15-45FB-878C-757E8B51DCEA} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2013-03-15] (Acer Incorporated)
Task: {D5269528-EA12-4724-A3C5-A983AD578DD6} - System32\Tasks\HIDMonitor => C:\Program Files\Acer Incorporated\HID Monitor\HIDMonitor.exe
Task: {DEA452F1-2AC1-477A-A203-82A5BB9662B7} - System32\Tasks\prelauncher_First => C:\Program Files (x86)\Acer\Screen Grasp\InputTask.exe [2013-04-03] (Acer Incorporated)
Task: {E048B3E3-31C3-41E5-A6FA-3CC7FF34A31C} - System32\Tasks\Smart Timer Task Scheduler => C:\Program Files\Smart Timer\Smart_Timer.exe [2012-06-22] (Acer Incorporated)
Task: {E87B646D-3A46-426A-BEF9-6DAECA494FE5} - System32\Tasks\Security Center Update - 4186313602 => C:\Users\Admin\AppData\Roaming\Tievilp\atepmi.exe [2014-11-17] (Eraem Corniratu) <==== ATTENTION
Task: {E94FFB07-4F5F-42A3-9543-787ACA53EC5D} - System32\Tasks\ASC7_SkipUac_Admin => C:\Program Files (x86)\IObit\Advanced SystemCare 7\ASC.exe [2014-08-22] (IObit)
Task: {EB017DD2-3282-4137-B94F-C815017821AE} - System32\Tasks\Driver Booster SkipUAC (Admin) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2014-10-22] (IObit)
Task: {EF0C1B18-48D4-4DD9-8A36-CFC99C791CDD} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {F865D598-3BC3-4270-9D9D-5A773F657510} - System32\Tasks\{96A60BEB-EABF-4263-A448-F267E5C2F439} => Iexplore.exe http://ui.skype.com/ui/0/5.10.0.116/en/abandoninstall?page=tsProgressBar
Task: {FB5E91E6-DE63-457A-9694-DB6DE19147A9} - System32\Tasks\Prelauncher => C:\Program Files (x86)\Acer\Screen Grasp\InputTask.exe [2013-04-03] (Acer Incorporated)
Task: {FE0C0774-FDAA-4265-8FBF-654BA0F1E418} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe [2014-10-13] (IObit)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Security Center Update - 1648686291.job => C:\Users\Admin\AppData\Roaming\Hodiydb\gykoma.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Security Center Update - 2129551741.job => C:\Users\Admin\AppData\Roaming\Hywyiqe\gailadv.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Security Center Update - 2399642923.job => C:\Users\Admin\AppData\Roaming\Erabkiy\idlyy.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Security Center Update - 3913945883.job => C:\Users\Admin\AppData\Roaming\Leloawga\esmua.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Security Center Update - 4186313602.job => C:\Users\Admin\AppData\Roaming\Tievilp\atepmi.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Admin.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
 
==================== Loaded Modules (whitelisted) =============
 
2013-05-06 13:29 - 2013-05-06 13:29 - 00049368 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btwleapi.dll
2012-08-23 16:02 - 2012-08-23 16:02 - 00030640 _____ () C:\Program Files (x86)\Acer Incorporated\HID Monitor\HIDMonitor.exe
2013-09-04 23:17 - 2013-09-04 23:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2013-05-20 10:14 - 2013-02-21 00:58 - 00111176 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2014-12-15 20:09 - 2014-12-15 20:09 - 02019840 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Devices\0b4b3f23bdebd1d056b32b31e2f746bb\Windows.Devices.ni.dll
2014-12-15 20:00 - 2014-12-15 20:00 - 00363520 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\6382e6f5ad8b7a9db4f5cd4817e70319\Windows.Foundation.ni.dll
2013-12-28 17:47 - 2013-11-05 22:30 - 00012800 _____ () C:\Program Files\Samsung\Samsung Link\JniSys.dll
2015-01-07 20:55 - 2015-01-07 20:55 - 00515584 _____ () C:\Windows\Temp\sqlite-3.7.2-sqlitejdbc.dll
2013-12-28 17:48 - 2013-11-05 22:30 - 01394176 _____ () C:\Program Files\Samsung\Samsung Link\scone_proxy.dll
2013-12-28 17:48 - 2013-11-05 22:30 - 01435648 _____ () C:\Program Files\Samsung\Samsung Link\scone_stub.dll
2013-12-28 17:48 - 2013-11-05 22:30 - 01588736 _____ () C:\Program Files\Samsung\Samsung Link\SppAgentSvc.dll
2013-10-11 15:34 - 2013-10-11 15:34 - 00036864 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.21\64bit\JNIInterface.dll
2013-10-11 15:35 - 2013-10-11 15:35 - 00144384 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.21\64bit\ASFAPI.dll
2013-10-11 15:36 - 2013-10-11 15:36 - 00018944 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.21\64bit\MediaDB_Manager.dll
2013-10-01 10:09 - 2013-10-01 10:09 - 00030720 _____ () C:\WINDOWS\SYSTEM32\MediaDB64.dll
2013-10-01 10:09 - 2013-10-01 10:09 - 00908800 _____ () C:\WINDOWS\SYSTEM32\ContentDirectoryPresenter64.dll
2013-10-11 15:35 - 2013-10-11 15:35 - 00521728 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.21\64bit\DMS_Manager.dll
2013-07-23 19:19 - 2013-07-23 19:19 - 00049152 _____ () C:\WINDOWS\SYSTEM32\boost_date_time-vc90-mt-1_47.dll
2013-07-23 19:19 - 2013-07-23 19:19 - 00016896 _____ () C:\WINDOWS\SYSTEM32\boost_system-vc90-mt-1_47.dll
2013-07-23 19:19 - 2013-07-23 19:19 - 00058880 _____ () C:\WINDOWS\SYSTEM32\boost_thread-vc90-mt-1_47.dll
2013-07-23 19:19 - 2013-07-23 19:19 - 00299520 _____ () C:\WINDOWS\SYSTEM32\boost_serialization-vc90-mt-1_47.dll
2008-05-23 10:28 - 2008-05-23 10:28 - 05922816 _____ () C:\Program Files (x86)\Mobipocket.com\Mobipocket Reader\reader.exe
2014-11-03 00:06 - 2013-10-25 12:08 - 00517408 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 7\sqlite3.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-02-12 19:58 - 2014-02-12 19:58 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-10-10 22:40 - 2013-10-10 22:40 - 01114624 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.21\DMSManager.dll
2013-07-23 19:18 - 2013-07-23 19:18 - 00227840 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.21\boost_serialization-vc90-mt-1_47.dll
2013-07-23 19:18 - 2013-07-23 19:18 - 00038912 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.21\boost_date_time-vc90-mt-1_47.dll
2013-07-23 19:18 - 2013-07-23 19:18 - 00012800 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.21\boost_system-vc90-mt-1_47.dll
2013-07-23 19:18 - 2013-07-23 19:18 - 00046592 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.21\boost_thread-vc90-mt-1_47.dll
2013-10-01 09:11 - 2013-10-01 09:11 - 00706560 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.21\ContentDirectoryPresenter.dll
2013-10-01 09:46 - 2013-10-01 09:46 - 00107008 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.21\DCMCDP.dll
2013-10-01 09:11 - 2013-10-01 09:11 - 00102400 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.21\FolderCDP.dll
2013-10-01 09:47 - 2013-10-01 09:47 - 00032768 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.21\Autobackup.dll
2013-04-19 16:38 - 2013-04-19 16:38 - 00055808 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.21\RosettaAllShare.dll
2013-10-01 09:10 - 2013-10-01 09:10 - 00077312 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.21\MetadataFramework.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00520234 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.21\sqlite3.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00450560 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.21\MoodExtractor.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 05717504 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.21\DCMImgExtractor.dll
2013-08-12 19:27 - 2013-08-12 19:27 - 00028672 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.21\AutoChaptering.dll
2013-08-09 17:07 - 2013-08-09 17:07 - 00028160 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.21\AudioExtractor.dll
2013-08-23 10:51 - 2013-08-23 10:51 - 00017920 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.21\VideoExtractor.dll
2013-08-23 10:51 - 2013-08-23 10:51 - 00012288 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.21\ImageExtractor.dll
2013-08-09 17:07 - 2013-08-09 17:07 - 00013824 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.21\TextExtractor.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00147456 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.21\libexpat.dll
2013-08-12 19:27 - 2013-08-12 19:27 - 00012288 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.21\VideoThumb.dll
2013-08-09 17:07 - 2013-08-09 17:07 - 00064000 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.21\ID3Driver.dll
2013-08-09 17:07 - 2013-08-09 17:07 - 00023040 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.21\RichInfoDriver.dll
2013-08-23 10:51 - 2013-08-23 10:51 - 00117248 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.21\ThumbnailMaker.dll
2013-08-22 18:17 - 2013-08-22 18:17 - 00134144 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.21\VideoMetadataDriver.dll
2013-08-09 17:07 - 2013-08-09 17:07 - 00024064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.21\SECMetaDriver.dll
2013-04-12 08:58 - 2013-04-12 08:58 - 00024064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.21\photoDriver.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 04671488 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.21\avcodec-52.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00686080 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.21\avformat-52.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00070656 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.21\avutil-50.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00152064 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.21\swscale-0.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00366592 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.21\tag.dll
2013-04-12 08:58 - 2013-04-12 08:58 - 00289792 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.21\libThumbnail.dll
2013-08-23 10:51 - 2013-08-23 10:51 - 01033216 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.21\ImageMagickWrapper.dll
2013-08-09 17:07 - 2013-08-09 17:07 - 00290816 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.21\libKeyFrame.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00399826 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.21\libexif-12.dll.dll
2013-02-14 19:42 - 2013-02-14 19:42 - 00044032 _____ () C:\Program Files\Samsung\AllShare Framework DMS\1.3.21\us.dll
2013-05-20 10:12 - 2013-03-12 17:34 - 00387984 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\fl_core.dll
2013-05-20 10:12 - 2013-03-12 17:34 - 01165712 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_asr.dll
2013-05-20 10:12 - 2013-03-12 17:34 - 00199056 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_base.dll
2013-05-20 10:12 - 2013-03-12 17:34 - 01132944 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_pron.dll
2013-05-20 10:12 - 2013-03-12 17:34 - 00035216 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\vocon3200_platform.dll
2013-05-20 10:12 - 2013-03-12 17:34 - 00229264 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\sdxg.dll
2013-05-20 10:12 - 2013-03-12 17:33 - 00027648 _____ () C:\Program Files (x86)\Nuance\Dragon Assistant\Core\WASAPIResamplingStreamCOMServer.dll
2013-01-04 18:19 - 2013-01-04 18:19 - 00035336 _____ () C:\Program Files (x86)\Acer Incorporated\HID Monitor\ElanTPAPI.dll
2013-05-20 10:14 - 2013-02-21 00:58 - 00089672 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext.dll
2015-01-07 20:09 - 2015-01-07 20:09 - 00023552 _____ () C:\Users\Admin\AppData\Local\ginmbig.dll
2014-10-21 19:22 - 2014-10-21 19:22 - 00750080 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\libGLESv2.dll
2015-01-07 20:58 - 2015-01-07 20:58 - 00043008 _____ () c:\users\admin\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpj5tj5l.dll
2014-10-21 19:22 - 2014-10-21 19:22 - 00047616 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\libEGL.dll
2014-10-21 19:22 - 2014-10-21 19:22 - 00863744 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll
2014-10-21 19:22 - 2014-10-21 19:22 - 00200704 _____ () C:\Users\Admin\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll
2014-11-19 22:14 - 2014-11-19 22:14 - 00438336 _____ () C:\Program Files (x86)\Evernote\Evernote\libxml2.dll
2014-11-19 22:14 - 2014-11-19 22:14 - 00320064 _____ () C:\Program Files (x86)\Evernote\Evernote\libtidy.dll
2013-05-20 09:48 - 2013-01-14 13:25 - 01200088 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2013-09-04 23:14 - 2013-09-04 23:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-07-07 15:38 - 2013-07-07 15:38 - 00163840 _____ () C:\Program Files (x86)\DroidCam\lib\DroidCam.dll
2013-07-07 15:38 - 2013-07-07 15:38 - 00081920 _____ () C:\Program Files (x86)\DroidCam\lib\DroidCamFilter.ax
2014-12-12 01:19 - 2014-12-05 20:50 - 01077064 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libglesv2.dll
2014-12-12 01:19 - 2014-12-05 20:50 - 00211272 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\libegl.dll
2014-12-12 01:19 - 2014-12-05 20:50 - 09009480 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\pdf.dll
2014-12-12 01:18 - 2014-12-05 20:50 - 01677128 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\ffmpegsumo.dll
2014-12-12 01:19 - 2014-12-05 20:50 - 14913352 _____ () C:\Program Files (x86)\Google\Chrome\Application\39.0.2171.95\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Users\Admin\Local Settings:QkBfV6bVvw5W3F3a26
AlternateDataStreams: C:\Users\Admin\AppData\Local:QkBfV6bVvw5W3F3a26
AlternateDataStreams: C:\Users\Admin\AppData\Local\Application Data:QkBfV6bVvw5W3F3a26
AlternateDataStreams: C:\Users\Admin\AppData\Local\OTv0n1xHAQdz4:Eq4LkOw9ffwAW00kIvpm
AlternateDataStreams: C:\Users\Admin\AppData\Local\Temp:RyVFS6DV0lmMk4UG6kvi7
AlternateDataStreams: C:\ProgramData\Temp:C39E55C5
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) =============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== MSCONFIG/TASK MANAGER disabled items =========
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run: => "TouchPalKeyboard"
HKLM\...\StartupApproved\Run: => "TouchPalToolBar"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "Samsung Link"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Adobe ARM"
HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
HKLM\...\StartupApproved\Run32: => "Aimersoft Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "IObit Malware Fighter"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "SwitchBoard"
HKU\S-1-5-21-250147280-1769494927-4047674166-1001\...\StartupApproved\Run: => "HP Officejet Pro 8600 (NET)"
HKU\S-1-5-21-250147280-1769494927-4047674166-1001\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-250147280-1769494927-4047674166-1001\...\StartupApproved\Run: => "Online Ad Scanner"
HKU\S-1-5-21-250147280-1769494927-4047674166-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "HP Officejet Pro 8600 (NET)"
HKU\S-1-5-21-250147280-1769494927-4047674166-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "DAEMON Tools Lite"
HKU\S-1-5-21-250147280-1769494927-4047674166-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "Online Ad Scanner"
 
========================= Accounts: ==========================
 
Admin (S-1-5-21-250147280-1769494927-4047674166-1001 - Administrator - Enabled) => C:\Users\Admin
Administrator (S-1-5-21-250147280-1769494927-4047674166-500 - Administrator - Disabled) => C:\Users\Administrator
Guest (S-1-5-21-250147280-1769494927-4047674166-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-250147280-1769494927-4047674166-1003 - Limited - Enabled)
 
==================== Faulty Device Manager Devices =============
 
Name: 
Description: 
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/07/2015 09:21:40 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The configuration registry database is corrupt.
 
Error: (01/07/2015 09:21:40 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights. 
 
 DETAIL - The configuration registry database is corrupt.
 for C:\Users\Admin\AppData\Local\Microsoft\Windows\\UsrClass.dat
 
Error: (01/07/2015 09:21:40 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The configuration registry database is corrupt.
 
Error: (01/07/2015 09:21:40 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights. 
 
 DETAIL - The configuration registry database is corrupt.
 for C:\Users\Admin\AppData\Local\Microsoft\Windows\\UsrClass.dat
 
Error: (01/07/2015 09:20:42 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The configuration registry database is corrupt.
 
Error: (01/07/2015 09:20:42 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights. 
 
 DETAIL - The configuration registry database is corrupt.
 for C:\Users\Admin\AppData\Local\Microsoft\Windows\\UsrClass.dat
 
Error: (01/07/2015 09:20:42 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The configuration registry database is corrupt.
 
Error: (01/07/2015 09:20:42 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights. 
 
 DETAIL - The configuration registry database is corrupt.
 for C:\Users\Admin\AppData\Local\Microsoft\Windows\\UsrClass.dat
 
Error: (01/07/2015 09:16:14 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The configuration registry database is corrupt.
 
Error: (01/07/2015 09:16:14 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights. 
 
 DETAIL - The configuration registry database is corrupt.
 for C:\Users\Admin\AppData\Local\Microsoft\Windows\\UsrClass.dat
 
 
System errors:
=============
Error: (01/07/2015 08:55:17 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 8:13:28 PM on ‎1/‎7/‎2015 was unexpected.
 
Error: (01/07/2015 08:30:25 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.
 
Error: (01/07/2015 08:30:22 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.
 
Error: (01/07/2015 08:22:13 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.
 
Error: (01/07/2015 08:18:53 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 40.
 
Error: (01/07/2015 08:03:14 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BFE service.
 
Error: (01/07/2015 11:50:42 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (01/07/2015 10:48:58 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BFE service.
 
Error: (01/07/2015 04:38:33 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (01/06/2015 11:41:22 PM) (Source: DCOM) (EventID: 10010) (User: PC2)
Description: App
 
 
Microsoft Office Sessions:
=========================
Error: (01/07/2015 09:21:40 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: The configuration registry database is corrupt.
 
Error: (01/07/2015 09:21:40 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: The configuration registry database is corrupt.
C:\Users\Admin\AppData\Local\Microsoft\Windows\\UsrClass.dat
 
Error: (01/07/2015 09:21:40 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: The configuration registry database is corrupt.
 
Error: (01/07/2015 09:21:40 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: The configuration registry database is corrupt.
C:\Users\Admin\AppData\Local\Microsoft\Windows\\UsrClass.dat
 
Error: (01/07/2015 09:20:42 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: The configuration registry database is corrupt.
 
Error: (01/07/2015 09:20:42 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: The configuration registry database is corrupt.
C:\Users\Admin\AppData\Local\Microsoft\Windows\\UsrClass.dat
 
Error: (01/07/2015 09:20:42 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: The configuration registry database is corrupt.
 
Error: (01/07/2015 09:20:42 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: The configuration registry database is corrupt.
C:\Users\Admin\AppData\Local\Microsoft\Windows\\UsrClass.dat
 
Error: (01/07/2015 09:16:14 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: The configuration registry database is corrupt.
 
Error: (01/07/2015 09:16:14 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: The configuration registry database is corrupt.
C:\Users\Admin\AppData\Local\Microsoft\Windows\\UsrClass.dat
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-01-07 10:52:14.217
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-01-07 10:52:13.972
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-01-07 04:39:22.713
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-01-07 04:39:22.526
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-01-07 04:39:22.418
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-01-07 04:39:22.178
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-01-07 04:39:22.091
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-01-07 04:39:21.204
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-01-07 04:39:20.783
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-01-07 04:39:19.769
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3337U CPU @ 1.80GHz
Percentage of memory in use: 47%
Total physical RAM: 5959.27 MB
Available physical RAM: 3154.29 MB
Total Pagefile: 10055.27 MB
Available Pagefile: 6317.28 MB
Total Virtual: 131072 MB
Available Virtual: 131071.8 MB
 
==================== Drives ================================
 
Drive c: (Acer) (Fixed) (Total:445.75 GB) (Free:199.88 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: D77FA55E)
 
Partition: GPT Partition Type.
 
========================================================
Disk: 1 (Size: 22.4 GB) (Disk ID: 8B5FF68F)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================


BC AdBot (Login to Remove)

 


#2 gentleguy

gentleguy
  • Topic Starter

  • Members
  • 3 posts
  • OFFLINE
  •  
  • Local time:07:38 PM

Posted 08 January 2015 - 03:52 AM

Well, it's been several hours, and my system seems stable and with no sign of Eraem Vire!!!

 

Thank you to Machiavelli, the FRST.exe solution worked!

 

Here's what I did.

1. Run Frst.exe (farbar recovery scan tool) as administrator

2. Run a scan which will produce the frst.txt and addition.txt files

3. Create a notepad file called 'fixlist.txt' and save it in the same directory as frst.exe and two .txt files

4. I copied every line from the frst.txt file that included the words "Eraem" or "Attention" into the fixlist.txt file and saved again.

*Note there were also some funny "updateflashplayer_***.exe" files in my appdata/local/temp directory which I included in the fixlist.txt file

 

5. Run frst.exe as adminstrator (if it has closed).  Type fixlist.txt in the search field.

6. Hit Fix.

7. The fixlog.txt should show all files removed!!!

 

I did run malwarebytes before running fabar to no avail (it came back).

I also ran adwcleaner after restarting my computer, which may or may not have helped. 

 

 

So far so good.  Will update if Eraem returns... dun dun done!  (I HOPE)



#3 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:38 PM

Posted 10 January 2015 - 11:06 AM

Hey my friend. :)

Being honest this can be quite dangerous.
  • Run FRST. (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the FRST icon and select Run as Administrator)
  • Click Scan to start FRST.
  • When FRST finishes scanning, a log, FRST.txt, will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 


#4 Machiavelli

Machiavelli

    Agent 007


  • Malware Response Instructor
  • 3,975 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:38 PM

Posted 14 January 2015 - 10:29 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.

~Machiavelli

If I don't reply within 24 hours please PM me!

  • Every topic with no replies within 5 days will be closed.
  • If you like my help here please give me feedback.

unite_blue.png
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users