Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

CouponDropDown removal, need help!


  • This topic is locked This topic is locked
14 replies to this topic

#1 beholdsporks

beholdsporks

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:08 PM

Posted 10 March 2015 - 08:05 PM

Files are too big! need to split it up into three parts, FRST_1 (1st half of FRST), FRST_2 (2nd half of FRST) and the addition.txt

 

Been having lots of trouble in chrome because of this stupid coupon drop down. Did all of the simple fixes, uninstalled sketchy programs and removed sketchy add-ons/extensions from internet explorer and google chrome.

Attached Files



BC AdBot (Login to Remove)

 


#2 beholdsporks

beholdsporks
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:08 PM

Posted 10 March 2015 - 08:18 PM

actually had to break it into 3 files..

part 2 of 3

Attached Files



#3 beholdsporks

beholdsporks
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:08 PM

Posted 10 March 2015 - 08:24 PM

part 3 with the end as a post (sorry for so much confusion)


2015-03-02 15:00 - 2014-10-28 22:03 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ktmw32.dll
2015-03-02 15:00 - 2014-10-28 22:03 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\txfw32.dll
2015-03-02 15:00 - 2014-10-28 22:03 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wship6.dll
2015-03-02 15:00 - 2014-10-28 22:00 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\miguiresource.dll
2015-03-02 15:00 - 2014-10-28 22:00 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mciseq.dll
2015-03-02 15:00 - 2014-10-28 22:00 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiwer.dll
2015-03-02 15:00 - 2014-10-28 22:00 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osuninst.dll
2015-03-02 15:00 - 2014-10-28 21:59 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msidcrl40.dll
2015-03-02 15:00 - 2014-10-28 21:59 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sas.dll
2015-03-02 15:00 - 2014-10-28 21:59 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comcat.dll
2015-03-02 15:00 - 2014-10-28 21:58 - 00107008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\telephon.cpl
2015-03-02 15:00 - 2014-10-28 21:58 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\colorcpl.exe
2015-03-02 15:00 - 2014-10-28 21:58 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\printui.exe
2015-03-02 15:00 - 2014-10-28 21:58 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntprint.exe
2015-03-02 15:00 - 2014-10-28 21:58 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzutil.exe
2015-03-02 15:00 - 2014-10-28 21:58 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cliconfg.exe
2015-03-02 15:00 - 2014-10-28 21:58 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msyuv.dll
2015-03-02 15:00 - 2014-10-28 21:58 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sort.exe
2015-03-02 15:00 - 2014-10-28 21:58 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hh.exe
2015-03-02 15:00 - 2014-10-28 21:58 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmdkey.exe
2015-03-02 15:00 - 2014-10-28 21:58 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tsbyuv.dll
2015-03-02 15:00 - 2014-10-28 21:58 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TapiUnattend.exe
2015-03-02 15:00 - 2014-10-28 21:58 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dvdplay.exe
2015-03-02 15:00 - 2014-10-28 21:58 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iscsied.dll
2015-03-02 15:00 - 2014-10-28 21:58 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprtprio.dll
2015-03-02 15:00 - 2014-10-28 21:57 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DDOIProxy.dll
2015-03-02 15:00 - 2014-10-28 21:57 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrnsave.scr
2015-03-02 15:00 - 2014-10-28 21:56 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcji32.dll
2015-03-02 15:00 - 2014-10-28 21:56 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odtext32.dll
2015-03-02 15:00 - 2014-10-28 21:56 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odpdx32.dll
2015-03-02 15:00 - 2014-10-28 21:56 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odfox32.dll
2015-03-02 15:00 - 2014-10-28 21:56 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oddbse32.dll
2015-03-02 15:00 - 2014-10-28 21:56 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odexl32.dll
2015-03-02 15:00 - 2014-10-28 21:55 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctfime.ime
2015-03-02 15:00 - 2014-10-28 21:54 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ctfmon.exe
2015-03-02 15:00 - 2014-10-28 21:53 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapimig.exe
2015-03-02 15:00 - 2014-10-28 21:53 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\winhlp32.exe
2015-03-02 15:00 - 2014-10-28 21:52 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iscsicpl.exe
2015-03-02 15:00 - 2014-10-28 21:52 - 00108032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msra.exe
2015-03-02 15:00 - 2014-10-28 21:52 - 00056832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winver.exe
2015-03-02 15:00 - 2014-10-28 21:52 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\regedt32.exe
2015-03-02 15:00 - 2014-10-28 21:52 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\write.exe
2015-03-02 15:00 - 2014-10-28 21:51 - 00017920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\runas.exe
2015-03-02 15:00 - 2014-10-28 21:51 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InfDefaultInstall.exe
2015-03-02 15:00 - 2014-10-28 21:51 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\systray.exe
2015-03-02 15:00 - 2014-10-28 21:46 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\odbcad32.exe
2015-03-02 15:00 - 2014-10-28 21:45 - 00108032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\resmon.exe
2015-03-02 15:00 - 2014-10-28 21:45 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\AxInstUI.exe
2015-03-02 15:00 - 2014-10-28 21:44 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Narrator.exe
2015-03-02 15:00 - 2014-10-28 21:44 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LocationNotifications.exe
2015-03-02 15:00 - 2014-10-28 21:43 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wowreg32.exe
2015-03-02 15:00 - 2014-10-28 21:40 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Netplwiz.exe
2015-03-02 15:00 - 2014-10-28 21:39 - 00217088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SmartScreenSettings.exe
2015-03-02 15:00 - 2014-10-28 21:39 - 00097792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Fondue.exe
2015-03-02 15:00 - 2014-10-28 21:39 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceProperties.exe
2015-03-02 15:00 - 2014-10-28 21:39 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SystemPropertiesRemote.exe
2015-03-02 15:00 - 2014-10-28 21:39 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SystemPropertiesProtection.exe
2015-03-02 15:00 - 2014-10-28 21:39 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SystemPropertiesPerformance.exe
2015-03-02 15:00 - 2014-10-28 21:39 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SystemPropertiesHardware.exe
2015-03-02 15:00 - 2014-10-28 21:39 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SystemPropertiesDataExecutionPrevention.exe
2015-03-02 15:00 - 2014-10-28 21:39 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SystemPropertiesComputerName.exe
2015-03-02 15:00 - 2014-10-28 21:39 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SystemPropertiesAdvanced.exe
2015-03-02 15:00 - 2014-10-28 21:39 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DpiScaling.exe
2015-03-02 15:00 - 2014-10-28 21:39 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RunLegacyCPLElevated.exe
2015-03-02 15:00 - 2014-10-28 21:39 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ComputerDefaults.exe
2015-03-02 15:00 - 2014-10-28 21:32 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spwmp.dll
2015-03-02 15:00 - 2014-10-28 21:29 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapi.dll
2015-03-02 15:00 - 2014-10-28 21:29 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprext.dll
2015-03-02 15:00 - 2014-10-28 21:28 - 00224768 _____ (Microsoft Corporation) C:\WINDOWS\system32\C_G18030.DLL
2015-03-02 15:00 - 2014-10-28 21:28 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprmsg.dll
2015-03-02 15:00 - 2014-10-28 21:28 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\reg.exe
2015-03-02 15:00 - 2014-10-28 21:28 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshhttp.dll
2015-03-02 15:00 - 2014-10-28 21:28 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdhcinst.dll
2015-03-02 15:00 - 2014-10-28 21:28 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\system32\fltLib.dll
2015-03-02 15:00 - 2014-10-28 21:28 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmsgapi.dll
2015-03-02 15:00 - 2014-10-28 21:28 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\C_IS2022.DLL
2015-03-02 15:00 - 2014-10-28 21:28 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\winrssrv.dll
2015-03-02 15:00 - 2014-10-28 21:28 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\whhelper.dll
2015-03-02 15:00 - 2014-10-28 21:28 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdBthProxy.dll
2015-03-02 15:00 - 2014-10-28 21:28 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\TCPSVCS.EXE
2015-03-02 15:00 - 2014-10-28 21:28 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\backgroundTaskHost.exe
2015-03-02 15:00 - 2014-10-28 21:28 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimg32.dll
2015-03-02 15:00 - 2014-10-28 21:27 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\lodctr.exe
2015-03-02 15:00 - 2014-10-28 21:27 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\unlodctr.exe
2015-03-02 15:00 - 2014-10-28 21:27 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecEdit.exe
2015-03-02 15:00 - 2014-10-28 21:27 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\cacls.exe
2015-03-02 15:00 - 2014-10-28 21:27 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\fltMC.exe
2015-03-02 15:00 - 2014-10-28 21:27 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\PING.EXE
2015-03-02 15:00 - 2014-10-28 21:27 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerClient.dll
2015-03-02 15:00 - 2014-10-28 21:27 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\finger.exe
2015-03-02 15:00 - 2014-10-28 21:27 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\TetheringIeProvider.dll
2015-03-02 15:00 - 2014-10-28 21:26 - 00046592 _____ (Microsoft Corporation) C:\WINDOWS\system32\typeperf.exe
2015-03-02 15:00 - 2014-10-28 21:26 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\relog.exe
2015-03-02 15:00 - 2014-10-28 21:26 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\appsruprov.dll
2015-03-02 15:00 - 2014-10-28 21:26 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\VaultCmd.exe
2015-03-02 15:00 - 2014-10-28 21:26 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRINFO.EXE
2015-03-02 15:00 - 2014-10-28 21:26 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityRtapiPal.dll
2015-03-02 15:00 - 2014-10-28 21:26 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpcsvc.dll
2015-03-02 15:00 - 2014-10-28 21:24 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\procinst.dll
2015-03-02 15:00 - 2014-10-28 21:23 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Custom.ps.dll
2015-03-02 15:00 - 2014-10-28 21:21 - 00046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\perfctrs.dll
2015-03-02 15:00 - 2014-10-28 21:21 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipconfig.exe
2015-03-02 15:00 - 2014-10-28 21:21 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallButtons.ProxyStub.dll
2015-03-02 15:00 - 2014-10-28 21:21 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllhst3g.exe
2015-03-02 15:00 - 2014-10-28 21:19 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\raschapext.dll
2015-03-02 15:00 - 2014-10-28 21:19 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2015-03-02 15:00 - 2014-10-28 21:12 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\DsmUserTask.exe
2015-03-02 15:00 - 2014-10-28 21:05 - 00113152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mprmsg.dll
2015-03-02 15:00 - 2014-10-28 21:05 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PATHPING.EXE
2015-03-02 15:00 - 2014-10-28 21:05 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TRACERT.EXE
2015-03-02 15:00 - 2014-10-28 21:05 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TCPSVCS.EXE
2015-03-02 15:00 - 2014-10-28 21:05 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\backgroundTaskHost.exe
2015-03-02 15:00 - 2014-10-28 21:05 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msimg32.dll
2015-03-02 15:00 - 2014-10-28 21:04 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnrollCtrl.exe
2015-03-02 15:00 - 2014-10-28 21:04 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpcsvc.dll
2015-03-02 15:00 - 2014-10-28 21:03 - 00183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchTM.exe
2015-03-02 15:00 - 2014-10-28 21:03 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MRINFO.EXE
2015-03-02 15:00 - 2014-10-28 21:01 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TaskSchdPS.dll
2015-03-02 15:00 - 2014-10-28 21:01 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdProxy.dll
2015-03-02 15:00 - 2014-10-28 21:01 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.ps.dll
2015-03-02 15:00 - 2014-10-28 21:01 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Custom.ps.dll
2015-03-02 15:00 - 2014-10-28 21:01 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Background.ps.dll
2015-03-02 15:00 - 2014-10-28 21:00 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallButtons.ProxyStub.dll
2015-03-02 15:00 - 2014-10-28 20:58 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Startupscan.dll
2015-03-02 15:00 - 2014-10-28 20:58 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\bootim.exe
2015-03-02 15:00 - 2014-10-28 20:50 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchTM.exe
2015-03-02 15:00 - 2014-10-08 03:33 - 00032768 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthHfAud.sys
2015-03-02 14:59 - 2014-10-28 23:54 - 00114176 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthFWWizFwk.dll
2015-03-02 14:59 - 2014-10-28 23:07 - 00114176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AuthFWWizFwk.dll
2015-03-02 14:59 - 2014-10-28 22:50 - 02628608 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsLexicons0009.dll
2015-03-02 14:59 - 2014-10-28 22:49 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceUxRes.dll
2015-03-02 14:59 - 2014-10-28 22:49 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanhlp.dll
2015-03-02 14:59 - 2014-10-28 22:49 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Firewall.cpl
2015-03-02 14:59 - 2014-10-28 22:49 - 00004608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ws2help.dll
2015-03-02 14:59 - 2014-10-28 22:49 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2015-03-02 14:59 - 2014-10-28 22:49 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\rnr20.dll
2015-03-02 14:59 - 2014-10-28 22:48 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\usp10.dll
2015-03-02 14:59 - 2014-10-28 22:48 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ktmw32.dll
2015-03-02 14:59 - 2014-10-28 22:48 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasacd.sys
2015-03-02 14:59 - 2014-10-28 22:48 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\workerdd.dll
2015-03-02 14:59 - 2014-10-28 22:48 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSHTCPIP.DLL
2015-03-02 14:59 - 2014-10-28 22:48 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wship6.dll
2015-03-02 14:59 - 2014-10-28 22:48 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rootmdm.sys
2015-03-02 14:59 - 2014-10-28 22:48 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmi.dll
2015-03-02 14:59 - 2014-10-28 22:47 - 00098304 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbcir.sys
2015-03-02 14:59 - 2014-10-28 22:47 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\qwavedrv.sys
2015-03-02 14:59 - 2014-10-28 22:47 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbscan.sys
2015-03-02 14:59 - 2014-10-28 22:47 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndistapi.sys
2015-03-02 14:59 - 2014-10-28 22:46 - 00081920 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2015-03-02 14:59 - 2014-10-28 22:46 - 00057856 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2015-03-02 14:59 - 2014-10-28 22:46 - 00053248 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2015-03-02 14:59 - 2014-10-28 22:46 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndiscap.sys
2015-03-02 14:59 - 2014-10-28 22:46 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\scfilter.sys
2015-03-02 14:59 - 2014-10-28 22:46 - 00029696 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\TsUsbGD.sys
2015-03-02 14:59 - 2014-10-28 22:45 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\OobeFldr.dll
2015-03-02 14:59 - 2014-10-28 22:45 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2015-03-02 14:59 - 2014-10-28 22:45 - 00103424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Ndu.sys
2015-03-02 14:59 - 2014-10-28 22:45 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mslldp.sys
2015-03-02 14:59 - 2014-10-28 22:45 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mciwave.dll
2015-03-02 14:59 - 2014-10-28 22:45 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\shimeng.dll
2015-03-02 14:59 - 2014-10-28 22:45 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdxm.ocx
2015-03-02 14:59 - 2014-10-28 22:45 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxmasf.dll
2015-03-02 14:59 - 2014-10-28 22:45 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\normaliz.dll
2015-03-02 14:59 - 2014-10-28 22:43 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\system32\diskperf.exe
2015-03-02 14:59 - 2014-10-28 22:43 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dvdplay.exe
2015-03-02 14:59 - 2014-10-28 22:43 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\help.exe
2015-03-02 14:59 - 2014-10-28 22:42 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\TapiUnattend.exe
2015-03-02 14:59 - 2014-10-28 22:42 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomcnfg.exe
2015-03-02 14:59 - 2014-10-28 22:42 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\RpcNs4.dll
2015-03-02 14:59 - 2014-10-28 22:41 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcmsetup.exe
2015-03-02 14:59 - 2014-10-28 22:41 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpksetupproxyserv.dll
2015-03-02 14:59 - 2014-10-28 22:40 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-03-02 14:59 - 2014-10-28 22:38 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\pstorec.dll
2015-03-02 14:59 - 2014-10-28 22:37 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ctfmon.exe
2015-03-02 14:59 - 2014-10-28 22:34 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\systray.exe
2015-03-02 14:59 - 2014-10-28 22:33 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\InfDefaultInstall.exe
2015-03-02 14:59 - 2014-10-28 22:12 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\efsui.exe
2015-03-02 14:59 - 2014-10-28 22:05 - 02628608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsLexicons0009.dll
2015-03-02 14:59 - 2014-10-28 22:04 - 00638976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2015-03-02 14:59 - 2014-10-28 22:04 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceUxRes.dll
2015-03-02 14:59 - 2014-10-28 22:04 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanhlp.dll
2015-03-02 14:59 - 2014-10-28 22:04 - 00004608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ws2help.dll
2015-03-02 14:59 - 2014-10-28 22:04 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2015-03-02 14:59 - 2014-10-28 22:04 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rnr20.dll
2015-03-02 14:59 - 2014-10-28 22:03 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usp10.dll
2015-03-02 14:59 - 2014-10-28 22:03 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSHTCPIP.DLL
2015-03-02 14:59 - 2014-10-28 22:03 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmi.dll
2015-03-02 14:59 - 2014-10-28 22:00 - 00629248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OobeFldr.dll
2015-03-02 14:59 - 2014-10-28 22:00 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shimeng.dll
2015-03-02 14:59 - 2014-10-28 22:00 - 00004608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdxm.ocx
2015-03-02 14:59 - 2014-10-28 22:00 - 00004608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxmasf.dll
2015-03-02 14:59 - 2014-10-28 22:00 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\normaliz.dll
2015-03-02 14:59 - 2014-10-28 22:00 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iprop.dll
2015-03-02 14:59 - 2014-10-28 21:59 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\help.exe
2015-03-02 14:59 - 2014-10-28 21:58 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomcnfg.exe
2015-03-02 14:59 - 2014-10-28 21:57 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RpcNs4.dll
2015-03-02 14:59 - 2014-10-28 21:56 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pstorec.dll
2015-03-02 14:59 - 2014-10-28 21:32 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bthudtask.exe
2015-03-02 14:59 - 2014-10-28 21:29 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\dabapi.dll
2015-03-02 14:59 - 2014-10-28 21:29 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\C_ISCII.DLL
2015-03-02 14:59 - 2014-10-28 21:28 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mountvol.exe
2015-03-02 14:59 - 2014-10-28 21:28 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\TcpipSetup.dll
2015-03-02 14:59 - 2014-10-28 21:27 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\TRACERT.EXE
2015-03-02 14:59 - 2014-10-28 21:27 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\HOSTNAME.EXE
2015-03-02 14:59 - 2014-10-28 21:23 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxStreamingDataSourcePS.dll
2015-03-02 14:59 - 2014-10-28 21:21 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ROUTE.EXE
2015-03-02 14:59 - 2014-10-28 21:06 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\C_ISCII.DLL
2015-03-02 14:59 - 2014-10-28 21:06 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dabapi.dll
2015-03-02 14:59 - 2014-10-08 03:33 - 00131328 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthA2DP.sys
2015-03-02 14:59 - 2014-10-06 23:30 - 00026112 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sermouse.sys
2015-03-02 14:59 - 2014-10-06 23:29 - 00107520 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\i8042prt.sys
2015-03-02 14:59 - 2014-10-06 23:29 - 00032256 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys
2015-03-02 14:59 - 2014-10-06 23:29 - 00030208 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouhid.sys
2015-03-02 14:54 - 2015-03-02 14:54 - 00000000 __SHD () C:\Users\Rowland\AppData\Local\EmieUserList
2015-03-02 14:54 - 2015-03-02 14:54 - 00000000 __SHD () C:\Users\Rowland\AppData\Local\EmieSiteList
2015-03-02 14:54 - 2015-03-02 14:54 - 00000000 __SHD () C:\Users\Rowland\AppData\Local\EmieBrowserModeList
2015-02-25 18:22 - 2014-12-13 17:28 - 00513488 _____ () C:\WINDOWS\SysWOW64\locale.nls
2015-02-25 18:22 - 2014-12-13 17:28 - 00513488 _____ () C:\WINDOWS\system32\locale.nls
2015-02-25 18:22 - 2014-10-28 21:27 - 01200128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2015-02-25 18:22 - 2014-10-28 21:27 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2015-02-25 18:22 - 2014-10-28 21:04 - 00868352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
2015-02-25 18:22 - 2014-10-28 21:04 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GlobCollationHost.dll
2015-02-23 20:28 - 2015-02-23 20:29 - 00000000 ____D () C:\Users\Rowland\Documents\dynamics
2015-02-13 08:14 - 2015-01-23 00:41 - 06041600 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-02-13 08:14 - 2015-01-22 23:17 - 04300800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-02-13 01:25 - 2015-02-13 01:25 - 00000000 ____D () C:\Users\Rowland\Documents\MATLAB
2015-02-13 01:24 - 2015-02-13 01:24 - 00022875 _____ () C:\Users\Rowland\Downloads\lab4data.csv
2015-02-11 18:21 - 2015-02-03 19:38 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
2015-02-11 18:21 - 2015-02-03 19:08 - 00761856 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2015-02-11 18:21 - 2015-02-03 19:08 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2015-02-11 18:21 - 2015-02-02 19:11 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2015-02-11 18:21 - 2015-02-02 19:11 - 00894464 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2015-02-11 18:21 - 2015-02-02 19:11 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-02-11 18:21 - 2015-01-19 14:42 - 01487976 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2015-02-11 18:21 - 2014-12-19 04:57 - 00788680 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2015-02-11 18:21 - 2014-12-19 04:25 - 00602776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2015-02-11 18:21 - 2014-12-08 19:12 - 00391526 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2015-02-11 13:55 - 2015-01-15 18:43 - 00563504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-02-11 13:55 - 2015-01-15 18:43 - 00177984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-02-11 13:55 - 2015-01-14 00:22 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
2015-02-11 13:55 - 2015-01-13 23:53 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
2015-02-11 13:55 - 2015-01-13 18:11 - 01762840 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2015-02-11 13:55 - 2015-01-13 18:04 - 01489072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2015-02-11 13:55 - 2015-01-11 23:09 - 25056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-02-11 13:55 - 2015-01-11 22:48 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-02-11 13:55 - 2015-01-11 22:48 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-02-11 13:55 - 2015-01-11 22:47 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
2015-02-11 13:55 - 2015-01-11 22:34 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-02-11 13:55 - 2015-01-11 22:25 - 19740160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-02-11 13:55 - 2015-01-11 22:21 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
2015-02-11 13:55 - 2015-01-11 22:08 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-02-11 13:55 - 2015-01-11 22:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2015-02-11 13:55 - 2015-01-11 22:05 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
2015-02-11 13:55 - 2015-01-11 22:02 - 02277888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-02-11 13:55 - 2015-01-11 21:58 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2015-02-11 13:55 - 2015-01-11 21:55 - 00664064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-02-11 13:55 - 2015-01-11 21:51 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2015-02-11 13:55 - 2015-01-11 21:48 - 00801280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-02-11 13:55 - 2015-01-11 21:48 - 00718848 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-02-11 13:55 - 2015-01-11 21:48 - 00374272 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-02-11 13:55 - 2015-01-11 21:46 - 02125824 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-02-11 13:55 - 2015-01-11 21:45 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
2015-02-11 13:55 - 2015-01-11 21:43 - 14401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-02-11 13:55 - 2015-01-11 21:34 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll
2015-02-11 13:55 - 2015-01-11 21:30 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2015-02-11 13:55 - 2015-01-11 21:27 - 02865152 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-02-11 13:55 - 2015-01-11 21:27 - 02358272 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-02-11 13:55 - 2015-01-11 21:25 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
2015-02-11 13:55 - 2015-01-11 21:23 - 02052608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-02-11 13:55 - 2015-01-11 21:23 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-02-11 13:55 - 2015-01-11 21:23 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-02-11 13:55 - 2015-01-11 21:14 - 12829184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-02-11 13:55 - 2015-01-11 21:14 - 01548288 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-02-11 13:55 - 2015-01-11 21:02 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2015-02-11 13:55 - 2015-01-11 21:00 - 01888256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-02-11 13:55 - 2015-01-11 20:56 - 01307136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-02-11 13:55 - 2015-01-11 20:55 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2015-02-11 13:55 - 2015-01-10 05:10 - 07472960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-02-11 13:55 - 2015-01-10 05:10 - 01733440 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-02-11 13:55 - 2015-01-10 04:28 - 01498360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-02-11 13:55 - 2015-01-10 04:22 - 04175872 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-02-11 13:55 - 2015-01-10 03:00 - 00430080 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2015-02-11 13:55 - 2015-01-10 02:38 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2015-02-11 13:55 - 2014-12-08 23:45 - 00393728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
2015-02-11 13:55 - 2014-12-08 21:56 - 00538624 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
2015-02-11 13:55 - 2014-10-28 22:51 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
2015-02-11 13:55 - 2014-10-28 22:50 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
2015-02-11 13:55 - 2014-10-28 22:06 - 00736768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
2015-02-11 13:55 - 2014-10-28 22:06 - 00154112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
2015-02-11 13:55 - 2014-10-28 22:02 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64.dll
2015-02-11 13:55 - 2014-10-28 22:02 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-02-11 13:55 - 2014-10-28 21:57 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-02-11 13:55 - 2014-10-28 21:31 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-02-11 13:55 - 2014-10-28 21:15 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll
2015-02-11 13:55 - 2014-10-28 21:15 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wow32.dll
2015-02-11 13:55 - 2014-10-28 21:14 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user.exe
2015-02-11 13:55 - 2014-10-28 21:13 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setup16.exe
2015-02-11 13:55 - 2014-10-28 21:13 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\instnm.exe
2015-02-11 01:34 - 2015-02-11 01:51 - 00014427 _____ () C:\Users\Rowland\Documents\Amanda's crossword.xlsx
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-03-10 19:07 - 2013-10-29 09:53 - 01821658 _____ () C:\WINDOWS\WindowsUpdate.log
2015-03-10 19:01 - 2013-08-22 10:46 - 00327849 _____ () C:\WINDOWS\setupact.log
2015-03-10 19:00 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2015-03-10 18:50 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2015-03-10 18:29 - 2013-08-25 13:10 - 00000932 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-10 18:25 - 2013-08-24 11:00 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-653373433-2252124362-1593081999-1001
2015-03-10 18:22 - 2013-11-27 14:54 - 00000000 ___DO () C:\Users\Rowland\SkyDrive
2015-03-10 17:17 - 2012-07-26 03:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
2015-03-10 15:50 - 2014-09-01 16:36 - 00000439 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.ics
2015-03-10 15:30 - 2013-10-29 10:00 - 00001367 _____ () C:\Users\Rowland\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-10 15:30 - 2013-08-25 13:11 - 00002151 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-10 15:29 - 2013-08-25 13:09 - 00000928 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-10 15:28 - 2013-11-04 00:57 - 00003950 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{7190C144-9E85-4015-86B0-7DD14E94098A}
2015-03-10 15:28 - 2013-09-30 00:04 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-03-10 15:26 - 2013-04-16 02:57 - 00000000 ____D () C:\ProgramData\WinClon
2015-03-10 15:21 - 2013-08-22 10:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-03-10 15:20 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2015-03-08 12:27 - 2013-08-25 13:09 - 00000000 ____D () C:\Program Files (x86)\Google
2015-03-08 12:25 - 2014-08-26 11:30 - 00000000 ____D () C:\Program Files\paint.net
2015-03-07 16:12 - 2013-11-19 16:39 - 01044992 ___SH () C:\Users\Rowland\Downloads\Thumbs.db
2015-03-03 20:00 - 2013-08-22 11:37 - 00005217 _____ () C:\WINDOWS\DtcInstall.log
2015-03-03 19:59 - 2013-08-22 10:44 - 00394368 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2015-03-03 19:51 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2015-03-03 19:51 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-03 19:51 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-03 19:51 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-03-03 19:51 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-03 19:51 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-03 19:51 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-03-03 19:51 - 2013-08-22 11:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-03 19:51 - 2013-08-22 11:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-03 19:51 - 2013-08-22 11:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-03-03 19:51 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2015-03-03 19:51 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\FileManager
2015-03-03 19:51 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\Camera
2015-03-03 19:50 - 2013-09-29 23:51 - 00000000 ____D () C:\Program Files\Windows Journal
2015-03-03 19:50 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\WinStore
2015-03-03 19:50 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\sppui
2015-03-03 19:50 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\setup
2015-03-03 19:50 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Com
2015-03-03 19:50 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Portable Devices
2015-03-03 19:50 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
2015-03-03 19:50 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Multimedia Platform
2015-03-03 19:50 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Common Files\System
2015-03-03 19:50 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\oobe
2015-03-03 19:50 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\servicing
2015-03-03 19:49 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\migwiz
2015-03-03 19:49 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Dism
2015-03-03 19:46 - 2013-08-22 11:36 - 00000000 ___SD () C:\WINDOWS\system32\dsc
2015-03-03 19:46 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
2015-03-03 19:46 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\WinBioPlugIns
2015-03-03 19:46 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\SystemResetPlatform
2015-03-03 19:46 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sppui
2015-03-03 19:46 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\setup
2015-03-03 19:46 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\migwiz
2015-03-03 19:46 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\Com
2015-03-03 19:46 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\IME
2015-03-03 19:46 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2015-03-03 19:46 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\oobe
2015-03-03 19:46 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\Dism
2015-03-03 19:41 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\WindowsPowerShell
2015-03-03 19:41 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files (x86)\Windows Portable Devices
2015-03-03 19:41 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
2015-03-03 19:41 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files (x86)\Windows Multimedia Platform
2015-03-03 09:17 - 2013-11-17 20:31 - 00295552 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-03-02 16:23 - 2013-08-22 11:36 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2015-03-02 16:23 - 2013-08-22 11:36 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2015-02-26 19:09 - 2013-09-29 23:55 - 00472450 _____ () C:\WINDOWS\PFRO.log
2015-02-26 16:30 - 2013-12-08 22:25 - 00000000 ____D () C:\Users\Rowland\Documents\Resume
2015-02-23 14:24 - 2013-08-24 11:48 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-02-17 00:06 - 2013-10-29 09:38 - 00000000 ____D () C:\Users\Rowland
2015-02-14 08:53 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\rescache
2015-02-13 08:33 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-02-12 01:18 - 2013-09-01 15:35 - 116773704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-12 01:18 - 2013-09-01 15:35 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-12 00:52 - 2014-12-10 01:32 - 00000000 ____D () C:\WINDOWS\system32\appraiser
2015-02-12 00:52 - 2014-07-13 13:42 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
2015-02-08 16:24 - 2013-08-25 13:10 - 00003904 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-02-08 16:24 - 2013-08-25 13:09 - 00003668 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
 
==================== Files in the root of some directories =======
 
2015-03-07 15:51 - 2015-03-07 15:51 - 0000000 _____ () C:\Users\Rowland\AppData\Roaming\47B.tmp
2013-04-16 02:43 - 2013-02-19 03:34 - 2064264 _____ (Samsung Electronics) C:\ProgramData\MakeMarkerFile.exe
2013-04-16 02:43 - 2013-01-12 10:51 - 0003004 _____ () C:\ProgramData\MakeMarkerFile.xml
 
Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe
C:\Users\EasySurvey\EasySurvey.exe
 
 
Some content of TEMP:
====================
C:\Users\Rowland\AppData\Local\Temp\GPUpd54FF462F0.exe
C:\Users\Rowland\AppData\Local\Temp\GPUpd54FF46322.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-10 17:01
 
==================== End Of Log ============================

Attached Files



#4 beholdsporks

beholdsporks
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:08 PM

Posted 10 March 2015 - 08:27 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-03-2015 01
Ran by Rowland at 2015-03-10 19:11:16
Running from C:\Users\Rowland\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Reader X (10.1.12) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{83CAF0DE-8D3B-4C37-A631-2B8F16EC3031}) (Version: 3.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{BDD99690-3541-4619-9D2A-3CDDB3E15F9E}) (Version: 8.0.5.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
Bitcasa version 0.9.20.4135 (HKLM\...\{EDA09459-AD7D-4434-BA0C-647F6703EA12}_is1) (Version: 0.9.20.4135 - Bitcasa Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cisco Systems VPN Client 5.0.07.0290 (HKLM\...\{467D5E81-8349-4892-9E81-C3674ED8E451}) (Version: 5.0.7 - Cisco Systems, Inc.)
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4421.02 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Easy File Share (HKLM-x32\...\{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}) (Version: 1.3.6 - Samsung Electronics CO.,LTD.)
E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.)
EPSON XP-410 Series Printer Uninstall (HKLM\...\EPSON XP-410 Series) (Version:  - SEIKO EPSON Corporation)
ETDWare X64 11.7.5.5_WHQL (HKLM\...\Elantech) (Version: 11.7.5.5 - ELAN Microelectronic Corp.)
Galería de fotos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.76 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
Help Desk (HKLM\...\{22B32087-797D-4A1B-AFA7-072C87580ADC}) (Version: 1.0.9 - Samsung Electronics CO., LTD.)
Intel AppUp(SM) center (HKLM-x32\...\Intel AppUp(SM) center 33070) (Version: 3.6.1.33070.11 - Intel)
Intel® Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36843 - Intel Corporation)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.30.1349 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3316 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology (HKLM\...\{DA2600C1-6BDF-4FD1-1212-148929CC1385}) (Version: 2.6.1212.0302 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.7.0.1013 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel® WiDi (HKLM\...\{6097158B-0184-4140-BEC3-7885794D2571}) (Version: 3.5.40.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{87d45b7e-19da-4dd5-9214-5e0d587c312f}) (Version: 15.6.1 - Intel Corporation)
iTunes (HKLM\...\{2ABBBD91-91E5-4AD7-929A-FE15D1DC0576}) (Version: 12.0.1.26 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Juniper Networks, Inc. Setup Client (HKU\S-1-5-21-653373433-2252124362-1593081999-1001\...\Juniper_Setup_Client) (Version: 7.4.4.38461 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client 64-bit Activex Control (HKLM\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
Juniper Networks, Inc. Setup Client Activex Control (HKLM-x32\...\Juniper_Setup_Client Activex Control) (Version: 2.1.1.1 - Juniper Networks, Inc.)
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.8.130.10 - McAfee, Inc.)
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Expression Blend 3 SDK (HKLM-x32\...\{256E7DAC-9BE8-494E-8DE7-7857BF96B774}) (Version: 1.0.1343.0 - Microsoft Corporation)
Microsoft Expression Blend 4 (HKLM-x32\...\Blend_4.0.20525.0) (Version: 4.0.20525.0 - Microsoft Corporation)
Microsoft Expression Blend SDK for .NET 4 (HKLM-x32\...\{9B3A1C97-A361-463E-8817-444F9F88CDFE}) (Version: 2.0.20525.0 - Microsoft Corporation)
Microsoft Expression Blend SDK for Silverlight 4 (HKLM-x32\...\{1C997E1C-5CE9-4AF3-AAA9-DC65E6090827}) (Version: 2.0.20525.0 - Microsoft Corporation)
Microsoft Expression Design 4 (HKLM-x32\...\Design_7.0.20516.0) (Version: 7.0.20516.0 - Microsoft Corporation)
Microsoft Expression Encoder 4 (HKLM-x32\...\Encoder_4.0.1639.0) (Version: 4.0.1639.0 - Microsoft Corporation)
Microsoft Expression Encoder 4 Screen Capture Codec (HKLM-x32\...\{BF127B80-CFD5-4379-9752-E8AF1A5D0141}) (Version: 4.0.1639.0 - Microsoft Corporation)
Microsoft Expression Studio 4 (HKLM-x32\...\ExpressionStudio_4.0.20525.0) (Version: 4.0.20525.0 - Microsoft Corporation)
Microsoft Expression Web 4 (HKLM-x32\...\Web_4.0.1303.0) (Version: 4.0.1303.0 - Microsoft Corporation)
Microsoft Expression Web 4 Service Pack 2 (HKLM-x32\...\{F5993FCC-DF5D-4879-B70D-AA1F379C5C6B}) (Version:  - Microsoft Corporation)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4693.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.31211.0 - Microsoft Corporation)
Microsoft Silverlight 3 SDK (HKLM-x32\...\{2012098D-EEE9-4769-8DD3-B038050854D4}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft Silverlight 4 SDK (HKLM-x32\...\{801B0DA3-A3FF-46CC-B97F-D76D510AF5AE}) (Version: 4.0.50401.0 - Microsoft Corporation)
Microsoft SkyDrive (HKU\S-1-5-21-653373433-2252124362-1593081999-1001\...\SkyDriveSetup.exe) (Version: 17.0.2003.1112 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
NetMon (HKU\S-1-5-21-653373433-2252124362-1593081999-1001\...\NetMon) (Version: 0.5b - NetMon)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.51 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.1.0.14 - Symantec Corporation) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
Phone Screen Sharing (HKLM-x32\...\{DF02C515-40B5-45AC-A601-5DC69D03885C}) (Version: 1.0.0.1 - RSUPPORT)
RealMYST (HKLM-x32\...\BFG-RealMYST) (Version:  - )
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.4.907.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6818 - Realtek Semiconductor Corp.)
Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.9.6 - Samsung Electronics CO., LTD.)
S Agent (Version: 1.1.50 - Samsung Electronics CO., LTD.) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.2.13021_11 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.2.13021_11 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.16.0 - SAMSUNG Electronics Co., Ltd.)
Secure Download Manager (HKLM-x32\...\{7682DFED-23C6-44C9-B9FD-109E0B630277}) (Version: 3.1.10 - Kivuto Solutions Inc.)
Settings (HKLM-x32\...\{8CB5C357-12E5-41B1-A024-D57D4E6F32D9}) (Version: 2.0.1 - Samsung Electronics CO., LTD.)
Side Sync (HKLM-x32\...\{34BEB782-66B1-4772-8E3E-71B758BA848B}) (Version: 1.0.2 - Samsung Electronics CO., LTD.)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Support Center (HKLM\...\{5422229D-6131-404C-8107-9B3F87EF65BB}) (Version: 2.1.90 - Samsung Electronics CO., LTD.)
Support Center FAQ (x32 Version: 1.0.9 - Samsung Electronics CO., LTD.) Hidden
SW Update (HKLM-x32\...\{4F1936F8-82B4-437E-BC47-FAB9136A04B2}) (Version: 2.2.2 - Samsung Electronics CO., LTD.)
User Guide (HKLM-x32\...\{3C208DC5-1720-4BD6-B2F4-EFE067C594DD}) (Version: 1.1.00 - Samsung Electronics CO., LTD.)
Windows Live (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
WPF Toolkit February 2010 (Version 3.5.50211.1) (HKLM-x32\...\{5EE6E987-1B79-4A93-832B-27472C7D1579}) (Version: 3.5.50211.1 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-653373433-2252124362-1593081999-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Rowland\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_1\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-653373433-2252124362-1593081999-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Rowland\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_1\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-653373433-2252124362-1593081999-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Rowland\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_1\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-653373433-2252124362-1593081999-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Rowland\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_1\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-653373433-2252124362-1593081999-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Rowland\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112_1\amd64\FileSyncApi64.dll (Microsoft Corporation)
 
==================== Restore Points  =========================
 
11-02-2015 15:30:18 Windows Update
23-02-2015 15:56:53 Scheduled Checkpoint
02-03-2015 16:14:04 Windows Update
08-03-2015 12:24:22 Removed paint.net
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {2ADA1428-E5F9-42C3-81E0-2B0440F94B0C} - System32\Tasks\Malware Cleaner => C:\Users\Rowland\AppData\Roaming\47B.tmp.exe <==== ATTENTION
Task: {39DAF2B8-0838-4EBA-B65F-1C97F6A98719} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {60FFE9F9-7D85-4DD5-86AF-9A256B001659} - System32\Tasks\Get Plus Uplifter => C:\Program Files (x86)\PrivateVPN\gpup.exe [2015-03-07] () <==== ATTENTION
Task: {61CD1FD1-7666-489A-95C6-57D51FEE13D7} - System32\Tasks\SideSyncAutoRun => C:\Program Files (x86)\Samsung\Side Sync\SideSync.exe [2013-03-09] (Samsung Electronics CO., LTD.)
Task: {7DA124F7-4C12-4964-AE0F-DBE6D9F9FC18} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: {8E41F5D2-7FD4-4DAB-9CFF-1CA15AE72BB3} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2012-09-13] (Intel Corporation)
Task: {A7951760-AEA7-4981-8F2B-4C491D291BBE} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-12-30] (Microsoft Corporation)
Task: {B2B54150-8C92-4B74-9AA5-AAFE76B508BD} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2013-01-31] (Samsung Electronics CO., LTD.)
Task: {BC6892BB-2735-423A-A375-E86B1A9AAB38} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2012-09-13] (Intel Corporation)
Task: {CDFC32EF-919D-40AE-8FC0-FCCD075ACED2} - System32\Tasks\Jelbrus Secure Web Task => C:\Program Files (x86)\Jelbrus Secure Web\jswtask.exe [2015-03-10] (Jelbrus) <==== ATTENTION
Task: {CE222216-A675-4CBB-93DE-99CEE8320174} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-02-12] (Microsoft Corporation)
Task: {E32EDD11-843A-4D18-92ED-661807FA79BD} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2014-10-10] (Samsung Electronics CO., LTD.)
Task: {EEA65F7E-7381-499C-A069-6376AA5D98D0} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2013-03-11] (SEC)
Task: {F026151D-2941-49AE-A5D0-0EFC506EB36D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-12-30] (Microsoft Corporation)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2015-02-23 14:23 - 2014-12-23 15:53 - 08898728 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-03-17 14:55 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-01-31 21:52 - 2013-01-31 21:52 - 00085040 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
2013-10-03 22:42 - 2013-10-03 22:42 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
2014-10-10 21:35 - 2014-10-10 21:35 - 00088624 _____ () C:\Program Files\Samsung\S Agent\ToastX64.dll
2015-03-10 15:29 - 2015-03-10 15:29 - 00840206 _____ () C:\Users\Rowland\AppData\Roaming\NetMon\netmon.exe
2012-09-13 04:24 - 2012-09-13 04:24 - 00119808 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\updateui.exe
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-10-11 14:05 - 2014-10-11 14:05 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2010-03-23 13:26 - 2010-03-23 13:26 - 00201512 _____ () C:\Program Files (x86)\Cisco Systems\VPN Client\vpnapi.dll
2013-01-31 21:52 - 2013-01-31 21:52 - 00029232 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll
2013-01-31 21:52 - 2013-01-31 21:52 - 01106480 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll
2013-01-31 21:52 - 2013-01-31 21:52 - 00111152 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll
2013-01-31 21:52 - 2013-01-31 21:52 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll
2013-01-31 21:52 - 2013-01-31 21:52 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
2013-01-31 21:52 - 2013-01-31 21:52 - 00027184 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
2013-01-31 21:52 - 2013-01-31 21:52 - 00111152 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
2013-01-31 21:52 - 2013-01-31 21:52 - 00060976 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
2013-01-31 21:52 - 2013-01-31 21:52 - 00103472 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
2015-03-03 17:29 - 2015-02-27 21:56 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.76\libglesv2.dll
2015-03-03 17:29 - 2015-02-27 21:56 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.76\libegl.dll
2015-03-03 17:29 - 2015-02-27 21:56 - 09279304 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.76\pdf.dll
2013-03-09 15:58 - 2013-03-09 15:58 - 00192048 _____ () C:\Program Files (x86)\Samsung\Side Sync\SideSyncNetworkFramework.dll
2013-04-16 00:30 - 2013-01-14 14:25 - 01200088 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll
2011-08-15 07:12 - 2011-08-15 07:12 - 02603520 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtCore4.dll
2012-09-13 03:14 - 2012-09-13 03:14 - 00015872 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\featureController.dll
2011-08-15 07:12 - 2011-08-15 07:12 - 01006592 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtNetwork4.dll
2011-08-15 07:15 - 2011-08-15 07:15 - 00382464 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtXml4.dll
2011-08-17 03:41 - 2011-08-17 03:41 - 00400384 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\sqlite3.dll
2011-08-17 03:48 - 2011-08-17 03:48 - 00322048 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\log4cplus.dll
2011-08-17 03:48 - 2011-08-17 03:48 - 00195584 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\libgsoap.dll
2011-08-15 06:23 - 2011-08-15 06:23 - 00062464 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\zlib1.dll
2012-09-13 03:13 - 2012-09-13 03:13 - 00473088 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\DeviceProfile.dll
2012-09-13 03:23 - 2012-09-13 03:23 - 00499552 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\plugin\PServerPlugin.dll
2012-09-13 03:12 - 2012-09-13 03:12 - 00013824 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\eventsSender.dll
2011-07-19 03:05 - 2011-07-19 03:05 - 14978048 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtWebKit4.dll
2011-08-15 07:17 - 2011-08-15 07:17 - 09224704 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtGui4.dll
2011-07-19 03:04 - 2011-07-19 03:04 - 00317952 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\phonon4.dll
2015-03-03 17:29 - 2015-02-27 21:56 - 14965064 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.76\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\WINDOWS\system32\Drivers\btmhsf.sys:Microsoft_Appcompat_ReinstallUpgrade
AlternateDataStreams: C:\ProgramData\Temp:12F3508C
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\Users\Rowland\SkyDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-653373433-2252124362-1593081999-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Rowland\Pictures\pt8va0E.jpg
DNS Servers: 192.168.1.1
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-653373433-2252124362-1593081999-500 - Administrator - Disabled)
Guest (S-1-5-21-653373433-2252124362-1593081999-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-653373433-2252124362-1593081999-1003 - Limited - Enabled)
Rowland (S-1-5-21-653373433-2252124362-1593081999-1001 - Administrator - Enabled) => C:\Users\Rowland
 
==================== Faulty Device Manager Devices =============
 
Name: Cisco Systems VPN Adapter for 64-bit Windows
Description: Cisco Systems VPN Adapter for 64-bit Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: CVirtA
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
Name: MTP USB Device
Description: MTP USB Device
Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a}
Manufacturer: (Standard MTP Device)
Service: WUDFWpdMtp
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/10/2015 06:26:17 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FileManager.exe version 6.3.9600.17418 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 17f0
 
Start Time: 01d05b809cf6776c
 
Termination Time: 4294967295
 
Application Path: C:\WINDOWS\FileManager\FileManager.exe
 
Report Id: 74f89fa8-c774-11e4-bee7-b4b6766c7be9
 
Faulting package full name: FileManager_6.3.9600.16384_neutral_neutral_cw5n1h2txyewy
 
Faulting package-relative application ID: Microsoft.Windows.FileManager
 
Error: (03/10/2015 06:26:12 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: ROWLANDSMITH)
Description: Package FileManager_6.3.9600.16384_neutral_neutral_cw5n1h2txyewy+Microsoft.Windows.FileManager was terminated because it took too long to suspend.
 
Error: (03/10/2015 03:56:32 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: There was an error with the Windows Location Provider database
 
Error: (03/08/2015 00:01:43 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (03/07/2015 04:21:52 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (03/07/2015 00:01:06 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (03/06/2015 00:15:18 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (03/04/2015 01:04:22 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (03/04/2015 00:28:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 58837875
 
Error: (03/04/2015 00:28:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 58837875
 
 
System errors:
=============
Error: (03/10/2015 07:07:46 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 105.
 
Error: (03/10/2015 07:03:59 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 105.
 
Error: (03/10/2015 07:02:19 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: 
 
Error: (03/10/2015 06:49:50 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 105.
 
Error: (03/10/2015 06:49:47 PM) (Source: Schannel) (EventID: 4120) (User: NT AUTHORITY)
Description: A fatal alert was generated and sent to the remote endpoint. This may result in termination of the connection. The TLS protocol defined fatal error code is 70. The Windows SChannel error state is 105.
 
Error: (03/10/2015 06:24:37 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: 
 
Error: (03/10/2015 06:12:30 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: 
 
Error: (03/10/2015 05:34:49 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: 
 
Error: (03/10/2015 05:22:41 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: 
 
Error: (03/10/2015 04:45:04 PM) (Source: ipnathlp) (EventID: 1233) (User: )
Description: 
 
 
Microsoft Office Sessions:
=========================
Error: (03/10/2015 06:26:17 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: FileManager.exe6.3.9600.1741817f001d05b809cf6776c4294967295C:\WINDOWS\FileManager\FileManager.exe74f89fa8-c774-11e4-bee7-b4b6766c7be9FileManager_6.3.9600.16384_neutral_neutral_cw5n1h2txyewyMicrosoft.Windows.FileManager
 
Error: (03/10/2015 06:26:12 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: ROWLANDSMITH)
Description: FileManager_6.3.9600.16384_neutral_neutral_cw5n1h2txyewy+Microsoft.Windows.FileManager
 
Error: (03/10/2015 03:56:32 PM) (Source: Microsoft-Windows-LocationProvider) (EventID: 2006) (User: NT AUTHORITY)
Description: -2147024883
 
Error: (03/08/2015 00:01:43 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (03/07/2015 04:21:52 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (03/07/2015 00:01:06 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (03/06/2015 00:15:18 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (03/04/2015 01:04:22 PM) (Source: Customer Experience Improvement Program) (EventID: 1008) (User: )
Description: 80070005
 
Error: (03/04/2015 00:28:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 58837875
 
Error: (03/04/2015 00:28:50 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 58837875
 
 
CodeIntegrity Errors:
===================================
  Date: 2015-03-08 11:53:04.313
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-03-08 11:53:04.129
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-03-08 11:53:03.901
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-03-08 11:53:03.645
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-03-08 11:53:03.445
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-03-07 13:55:01.460
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-03-07 13:55:01.304
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-03-07 13:55:01.163
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-03-07 13:55:01.023
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-03-07 13:55:00.820
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-3230M CPU @ 2.60GHz
Percentage of memory in use: 53%
Total physical RAM: 6029.63 MB
Available physical RAM: 2775.99 MB
Total Pagefile: 11405.64 MB
Available Pagefile: 7312.82 MB
Total Virtual: 131072 MB
Available Virtual: 131071.78 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:675.08 GB) (Free:572.92 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: D85DB74D)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================


#5 beholdsporks

beholdsporks
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:08 PM

Posted 10 March 2015 - 08:34 PM

I'm sorry this is ridiculously confusing!

the first part of FRST attached as FRST_1 ||

then the 2nd part is in the attachment FRST_2 ||

then the third part is attachment FRST_3||

then the fourth part is the TEXT in the reply (it's the same reply that has the FRST_3 attachment|| i.e. the words of the reply are last and the attachment is second to last

 

then the last part is the addition.txt 

 

I am really sorry about that! My file was just a little bit bigger than the biggest file allowed :(



#6 beholdsporks

beholdsporks
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:08 PM

Posted 11 March 2015 - 10:40 AM

Please?


Edited by beholdsporks, 11 March 2015 - 04:12 PM.


#7 nasdaq

nasdaq

  • Malware Response Team
  • 38,942 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:08 PM

Posted 14 March 2015 - 08:31 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.
 
start

CloseProcesses:

(AV Security Software) C:\Windows\mlwps.exe
(Jelbrus) C:\Users\Rowland\AppData\Local\Temp\GPUpd54FF462F0.exe
() C:\Users\Rowland\AppData\Roaming\NetMon\netmon.exe
HKU\S-1-5-21-653373433-2252124362-1593081999-1001\...\Run: [NetMon] => C:\Users\Rowland\AppData\Roaming\NetMon\netmon.exe [840206 2015-03-10] ()
HKU\S-1-5-21-653373433-2252124362-1593081999-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com/?type=293224&fr=spigot-yhp-ie
BHO-x32: SecureWebBHO Class -> {D3C24E2B-C820-4492-9B69-11BF7163F998} -> C:\Program Files (x86)\Jelbrus Secure Web\jsie.dll [2015-03-07] (Jelbrus)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll No File
R2 Live Malware Protection; C:\WINDOWS\mlwps.exe [239104 2015-03-07] (AV Security Software) [File not signed] <==== ATTENTION
S2 gupdate; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /svc [X]
S3 gupdatem; "C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /medsvc [X]
Task: {2ADA1428-E5F9-42C3-81E0-2B0440F94B0C} - System32\Tasks\Malware Cleaner => C:\Users\Rowland\AppData\Roaming\47B.tmp.exe <==== ATTENTION
Task: {60FFE9F9-7D85-4DD5-86AF-9A256B001659} - System32\Tasks\Get Plus Uplifter => C:\Program Files (x86)\PrivateVPN\gpup.exe [2015-03-07] () <==== ATTENTION
Task: {CDFC32EF-919D-40AE-8FC0-FCCD075ACED2} - System32\Tasks\Jelbrus Secure Web Task => C:\Program Files (x86)\Jelbrus Secure Web\jswtask.exe [2015-03-10] (Jelbrus) <==== ATTENTION
AlternateDataStreams: C:\WINDOWS\system32\Drivers\btmhsf.sys:Microsoft_Appcompat_ReinstallUpgrade
AlternateDataStreams: C:\ProgramData\Temp:12F3508C
AlternateDataStreams: C:\ProgramData\Temp:2CB9631F
AlternateDataStreams: C:\Users\Rowland\SkyDrive:ms-properties
C:\Users\Rowland\AppData\Local\Temp\GPUpd54FF462F0.exe
C:\Users\Rowland\AppData\Local\Temp\GPUpd54FF46322.exe
C:\Users\Rowland\AppData\Roaming\NetMon
C:\Program Files (x86)\Jelbrus Secure Web
C:\Program Files (x86)\PrivateVPN

End
Save the files as fixlist.txt into the same folder as FRST

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the Report button and the report will open in Notepad.
IMPORTANT
  • If you click the Clean button all items listed in the report will be removed.
If you find some false positive items or programs that you wish to keep, Close the AdwCleaner windows.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Check off the element(s) you wish to keep.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number).
===

How is the computer running now?

#8 beholdsporks

beholdsporks
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:08 PM

Posted 16 March 2015 - 08:46 PM

Everything seems great!

 

So the thing that was messing with me was called PrivoxyService?

 

and thank you so much wow you guys really are the best. Is there anything I should be aware of in the future to prevent this?

 

# AdwCleaner v4.112 - Logfile created 16/03/2015 at 21:31:32
# Updated 09/03/2015 by Xplode
# Database : 2015-03-15.1 [Server]
# Operating system : Windows 8.1  (x64)
# Username : Rowland - ROWLANDSMITH
# Running from : C:\Users\Rowland\Downloads\adwcleaner_4.112.exe
# Option : Cleaning
 
***** [ Services ] *****
 
[#] Service Deleted : PrivoxyService
 
***** [ Files / Folders ] *****
 
File Deleted : C:\Users\Rowland\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage
File Deleted : C:\Users\Rowland\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.azlyrics.com_0.localstorage-journal
File Deleted : C:\Users\Rowland\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Deleted : C:\Users\Rowland\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
File Deleted : C:\Users\Rowland\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
File Deleted : C:\Users\Rowland\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
File Deleted : C:\Users\Rowland\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage-journal
File Deleted : C:\Users\Rowland\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_services.hearstmags.com_0.localstorage
File Deleted : C:\Users\Rowland\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage-journal
File Deleted : C:\Users\Rowland\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_static.olark.com_0.localstorage
File Deleted : C:\Users\Rowland\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.metrolyrics.com_0.localstorage
File Deleted : C:\Users\Rowland\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.metrolyrics.com_0.localstorage-journal
 
***** [ Scheduled tasks ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3C24E2B-C820-4492-9B69-11BF7163F998}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3C24E2B-C820-4492-9B69-11BF7163F998}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - 127.0.0.1:8118
 
***** [ Web browsers ] *****
 
-\\ Internet Explorer v11.0.9600.17416
 
 
-\\ Google Chrome v41.0.2272.76
 
 
*************************
 
AdwCleaner[R0].txt - [3581 bytes] - [16/03/2015 21:26:27]
AdwCleaner[S0].txt - [3556 bytes] - [16/03/2015 21:31:32]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3615  bytes] ##########


#9 beholdsporks

beholdsporks
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:08 PM

Posted 16 March 2015 - 08:51 PM

also can i removed FRST and all of its buddies now? or does it protect my comp etc.



#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,942 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:08 PM

Posted 17 March 2015 - 07:58 AM

That service did not show on any of your logs.

I sustpect if came with this.
C:\Program Files (x86)\PrivateVPN\gpup.exe [2015-03-07] () <==== ATTENTION

Glad to see that all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

p.s.
The Farbar tool is just a reporting tool.
You should keep it for future needs to report issues. (Hope you do not have to.)
Just copy the .exe file in a folder of you choice. The files and folders created by the tools are no longer needed.

#11 beholdsporks

beholdsporks
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:08 PM

Posted 18 March 2015 - 06:14 PM

Hey nasdaq,

 

Everything WAS going great for about 3 day but now it seems to be back... I haven't downloaded anything except for maybe a couple of docs for school. Any ideas? should I run FRST again and send you the info?



#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,942 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:08 PM

Posted 19 March 2015 - 07:10 AM

Yes please do.

Let me know were the files came from.

#13 beholdsporks

beholdsporks
  • Topic Starter

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:10:08 PM

Posted 22 March 2015 - 08:08 PM

Sorry to keep bothering you! I downloaded AVAST free protection and since then I haven't had any issues... I will let you know if I do and thank you so much again!



#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,942 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:08 PM

Posted 28 March 2015 - 08:18 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

#15 nasdaq

nasdaq

  • Malware Response Team
  • 38,942 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:10:08 PM

Posted 28 March 2015 - 08:18 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users