Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

about:blank Homepage and Windows Update Disabled


  • This topic is locked This topic is locked
48 replies to this topic

#1 BenjaminGordonT

BenjaminGordonT

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:25 PM

Posted 16 March 2015 - 10:30 AM

So on occasion I get the message from the action center that Automatic Updates are disabled and I click on the Notification to re enable them. This does not happen very often and I wouldn't think much of it if it weren't for the fact that it was mighty strange that Automatic Updates kept needing to get re-enabled at my approval when I have already enabled them. Also sometimes, particularly when my browser is slow, the homepage gets changed to about:blank and I can't change it back until I reboot my computer. Just out of curiosity I googled the problems and they both seemed to have something to do with malware although the only thing I could find were lame malware removal guides that told you to buy "Spyhunter" or another one of their "Removal Products". So rather than trying to figure it out on my own I turned to my favorite computer resource, BC. This computer is fairly new and I haven't downloaded any malicious programs as far as I know. These could be unrelated and innocent problems that could be easily fixed but when I googled these problems the only solutions I could find were related to deep malware so I figure I'm better off safe than sorry. This is a Lenovo B575 running Windows 8.1 64-Bit and Ubuntu Linux Dual boot. I will post some logs you can take a look at your earliest convenience. Thanks,
 
-Benjamin
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Benjamin (administrator) on BENJAMINSPC on 16-03-2015 09:53:12
Running from C:\Users\Benjamin\Desktop
Loaded Profiles: Benjamin (Available profiles: Benjamin)
Platform: Windows 8.1 Pro (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(AOMEI Tech Co., Ltd.) C:\Program Files (x86)\AOMEI Backupper\ABService.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(TeamViewer) C:\Program Files (x86)\ITbrain Agent\itbrain_agent.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(@ByELDI) C:\Program Files\KMSpico\Service_KMS.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
(VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
() C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(SanDisk Corporation) C:\Users\Benjamin\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\Power2Go9\Power2GoExpress9.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Mega Limited) C:\Users\Benjamin\AppData\Local\MEGAsync\MEGAsync.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go9\CLMLSvc_P2G9.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\acrotray.exe
(CANON INC.) C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDSurrogateHost.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\livecomm.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Prodege) C:\Users\Public\SBExtension\SBExtnBack.exe
(Eyeo GmbH) C:\Program Files\Adblock Plus for IE\AdblockPlusEngine.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Teaching Textbooks Inc. ) C:\Program Files (x86)\Teaching Textbooks\Geometry\Geometry.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2015\bdagent.exe [1689576 2015-03-01] (Bitdefender)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [Energy Management] => C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [9745312 2015-03-07] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] => C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [5374880 2015-03-07] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [YouCam Service6] => C:\Program Files (x86)\CyberLink\YouCam6\YouCamService6.exe [517080 2015-02-04] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer_For_P2G9] => C:\Program Files (x86)\CyberLink\Power2Go9\CLMLSvc_P2G9.exe [110344 2013-11-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive9] => C:\Program Files (x86)\CyberLink\Power2Go9\VirtualDrive9.exe [979208 2013-11-07] (CyberLink Corp.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [335232 2015-02-10] (Oracle Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498728 2014-12-03] (Adobe Systems Inc.)
HKLM-x32\...\Run: [IJNetworkScanUtility] => C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.EXE [124256 2010-01-18] (CANON INC.)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2368736 2014-06-03] (Microsoft Corp.)
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [114368 2015-02-06] (VMware, Inc.)
HKU\S-1-5-21-2135493077-3049852841-3259435936-1001\...\Run: [SansaDispatch] => C:\Users\Benjamin\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe [1465616 2015-03-02] (SanDisk Corporation)
HKU\S-1-5-21-2135493077-3049852841-3259435936-1001\...\Run: [Power2GoExpress9] => C:\Program Files (x86)\CyberLink\Power2Go9\Power2GoExpress9.exe [2336520 2013-11-07] (CyberLink Corp.)
HKU\S-1-5-21-2135493077-3049852841-3259435936-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-2135493077-3049852841-3259435936-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-2135493077-3049852841-3259435936-1001\...\Run: [AppleIEDAV] => C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleIEDAV.exe [1080104 2014-09-19] (Apple Inc.)
HKU\S-1-5-21-2135493077-3049852841-3259435936-1001\...\Run: [iCloudDrive] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudDrive.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-2135493077-3049852841-3259435936-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31344744 2015-02-26] (Skype Technologies S.A.)
HKU\S-1-5-21-2135493077-3049852841-3259435936-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [26232152 2015-02-19] (Google)
HKU\S-1-5-21-2135493077-3049852841-3259435936-1001\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [785416 2015-03-14] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-2135493077-3049852841-3259435936-1001\...\MountPoints2: {c8d41c57-c098-11e4-824e-806e6f6e6963} - "D:\Autorun.exe"
HKU\S-1-5-21-2135493077-3049852841-3259435936-1001\...\MountPoints2: {c8d41c58-c098-11e4-824e-806e6f6e6963} - "H:\setup.exe"
Startup: C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk
ShortcutTarget: MEGAsync.lnk -> C:\Users\Benjamin\AppData\Local\MEGAsync\MEGAsync.exe (Mega Limited)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Benjamin\AppData\Local\MEGAsync\ShellExtX64.dll ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Benjamin\AppData\Local\MEGAsync\ShellExtX64.dll ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Benjamin\AppData\Local\MEGAsync\ShellExtX64.dll ()
ShellIconOverlayIdentifiers: [__SafeBox1] -> {152C96EB-288E-4EDC-B7C6-D21F8250ADF3} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox2] -> {342DAA0B-D796-460D-8566-901E08A1CCAD} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox3] -> {57595DAE-1AE1-4D97-A49E-67CBB53B52DF} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers: [__SafeBox4] -> {33816773-98AE-4723-ADE0-EBE54C8B5A67} => C:\Program Files\Bitdefender\Bitdefender SafeBox\SafeBoxShell.dll (Bitdefender)
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Benjamin\AppData\Local\MEGAsync\ShellExtX32.dll ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Benjamin\AppData\Local\MEGAsync\ShellExtX32.dll ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Benjamin\AppData\Local\MEGAsync\ShellExtX32.dll ()
BootExecute: autocheck autochk /p \??\G:autocheck autochk *

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-03-01] (Bitdefender)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-02-25] (Eyeo GmbH)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll [2015-03-01] (Bitdefender)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2015-02-10] (Microsoft Corporation)
BHO-x32: SwagButton -> {5CE831FC-884E-4773-B203-BB76561EDB98} -> C:\Program Files (x86)\Prodege\SwagButton\SBExtension.dll [2015-02-27] (Prodege)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\ssv.dll [2015-03-03] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2015-01-21] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\jp2ssv.dll [2015-03-03] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-02-25] (Eyeo GmbH)
Toolbar: HKLM - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\pmbxie.dll [2015-03-01] (Bitdefender)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2015\Antispam32\pmbxie.dll [2015-03-01] (Bitdefender)
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-2135493077-3049852841-3259435936-1001 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2014-05-08] (Adobe Systems Incorporated)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-01-21] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

FireFox:
========
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2014-04-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\dtplugin\npDeployJava1.dll [2015-03-03] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.40.2 -> C:\Program Files (x86)\Java\jre1.8.0_40\bin\plugin2\npjp2.dll [2015-03-03] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-01-21] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-02] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2014-04-29] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-01-21] (Microsoft Corporation)
FF HKLM\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext
FF Extension: Bitdefender Antispam Toolbar - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext [2015-03-01]
FF HKLM-x32\...\Firefox\Extensions: [bdwteff@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff
FF Extension: Bitdefender Wallet - C:\Program Files\Bitdefender\Bitdefender 2015\antispam32\bdwteff [2015-03-01]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2015-03-03]
FF HKLM-x32\...\Thunderbird\Extensions: [bdThunderbird@bitdefender.com] - C:\Program Files\Bitdefender\Bitdefender 2015\bdtbext

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-02]
CHR Extension: (Google Drive) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-02]
CHR Extension: (YouTube) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-02]
CHR Extension: (Google Search) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-02]
CHR Extension: (Bitdefender Wallet) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fabcmochhfpldjekobfaaggijgohadih [2015-03-02]
CHR Extension: (Gmail) - C:\Users\Benjamin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-02]
CHR HKU\S-1-5-21-2135493077-3049852841-3259435936-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2014-12-03]
CHR HKLM-x32\...\Chrome\Extension: [fabcmochhfpldjekobfaaggijgohadih] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2014-07-14]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-07-04] (Advanced Micro Devices, Inc.) [File not signed]
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 Backupper Service; C:\Program Files (x86)\AOMEI Backupper\ABService.exe [29912 2015-02-11] (AOMEI Tech Co., Ltd.)
S3 BdDesktopParental; C:\Program Files\Bitdefender\Bitdefender 2015\bdparentalservice.exe [78144 2014-12-09] (Bitdefender)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173792 2014-06-03] (Microsoft Corp.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2014-11-21] (Microsoft Corporation)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
R2 ITbrain Agent; C:\Program Files (x86)\ITbrain Agent\itbrain_agent.exe [5567488 2013-08-22] (TeamViewer) [File not signed]
S4 SafeBox; C:\Program Files\Bitdefender\Bitdefender SafeBox\safeboxservice.exe [94624 2013-07-08] (Bitdefender)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [175112 2015-02-17] (Sandboxie Holdings, LLC)
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [965776 2014-10-26] (@ByELDI) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5436176 2015-02-17] (TeamViewer GmbH)
R2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2015\updatesrv.exe [67320 2014-10-27] (Bitdefender)
R2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [12730048 2015-02-06] ()
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2015\vsserv.exe [1547936 2015-03-01] (Bitdefender)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-02-03] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-02-03] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R0 ambakdrv; C:\Windows\System32\ambakdrv.sys [30648 2013-07-31] () [File not signed]
R2 ammntdrv; C:\Windows\system32\ammntdrv.sys [151480 2013-07-31] () [File not signed]
R2 amwrtdrv; C:\Windows\system32\amwrtdrv.sys [17848 2013-07-31] () [File not signed]
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1306464 2015-03-01] (BitDefender)
R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [262544 2015-03-01] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [677104 2015-03-01] (BitDefender)
S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23568 2013-09-08] (Bitdefender)
R1 BdfNdisf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys [98768 2015-03-01] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [107008 2013-07-29] (BitDefender LLC)
S3 bdfwfpf_pc; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys [121928 2013-07-02] (Bitdefender SRL)
S3 BDSandBox; C:\Windows\system32\drivers\bdsandbox.sys [82824 2015-03-01] (BitDefender SRL)
R1 BDVEDISK; C:\Windows\system32\DRIVERS\bdvedisk.sys [79192 2013-07-30] (BitDefender)
R1 CLVirtualDrive1.1; C:\Windows\system32\DRIVERS\CLVirtualDrive1_1.sys [91912 2013-06-03] (CyberLink)
R3 clwvd6; C:\Windows\system32\DRIVERS\clwvd6.sys [41704 2013-10-29] (CyberLink Corporation)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [155912 2014-10-22] (BitDefender LLC)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [237064 2015-02-17] (Sandboxie Holdings, LLC)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [452040 2014-10-15] (BitDefender S.R.L.)
R0 vsock; C:\Windows\System32\drivers\vsock.sys [76480 2015-01-07] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [33872 2013-08-28] (VMware, Inc.)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-02-03] (Microsoft Corporation)
S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)

========================== Drivers MD5 =======================

C:\Windows\System32\drivers\1394ohci.sys E1832BD9FD7E0FC2DC9FA5935DE3E8C1
C:\Windows\System32\drivers\3ware.sys AD508A1A46EC21B740AB31C28EFDFDB1
C:\Windows\System32\drivers\ACPI.sys E796AE43DDD1844281DB4D57294D17C0
C:\Windows\System32\Drivers\acpiex.sys AC8279D229398BCF05C3154ADCA86813
C:\Windows\System32\drivers\acpipagr.sys A8970D9BF23CD309E0403978A1B58F3F
C:\Windows\System32\drivers\acpipmi.sys 111A89C99C5B4F1A7BCE5F643DD86F65
C:\Windows\System32\drivers\acpitime.sys 5758387D68A20AE7D3245011B07E36E7
C:\Windows\System32\drivers\AcpiVpc.sys 5BBFF8B826EC38D32C26334E079C7EFC
C:\Windows\System32\drivers\ADP80XX.SYS 7C1FDF1B48298CBA7CE4BDD4978951AD
C:\Windows\system32\drivers\afd.sys 374E27295F0A9DCAA8FC96370F9BEEA5
C:\Windows\System32\drivers\agp440.sys 7DFAEBA9AD62D20102B576D5CAC45EC8
C:\Windows\System32\DRIVERS\ahcache.sys F0CB6DB513CAC393D04A0FCE0A59E1BF
C:\Windows\System32\ambakdrv.sys E019017558B28A707119F8545AD1A1C0
C:\Windows\System32\drivers\amdk8.sys 7589DE749DB6F71A68489DCE04158729
C:\Windows\system32\DRIVERS\atikmdag.sys 71F8D8B977ACC5973FA042BF906E709F
C:\Windows\system32\DRIVERS\atikmpag.sys 4AA027F91A8093B1CDF453B5394F6715
C:\Windows\System32\drivers\amdppm.sys B46D2D89AFF8A9490FA8C98C7A5616E3
C:\Windows\System32\drivers\amdsata.sys D2BF2F94A47D332814910FD47C6BBCD2
C:\Windows\System32\drivers\amdsbs.sys A8E04943C7BBA7219AA50400272C3C6E
C:\Windows\System32\drivers\amdxata.sys CEA5F4F27CFC08E3A44D576811B35F50
C:\Windows\system32\ammntdrv.sys 46014EDFDC8AF8733E14947448D122C5
C:\Windows\system32\amwrtdrv.sys 7CD08E63219E00BB206077F5BA708677
C:\Windows\system32\drivers\appid.sys 415DD71628795197F7AFC176CBADC74E
C:\Windows\System32\drivers\arcsas.sys 65045784366F7EC5FB4E71BCF923187B
C:\Windows\System32\drivers\atapi.sys 74B14192CF79A72F7536B27CB8814FBD
C:\Windows\System32\DRIVERS\avc3.sys 1517FBA8213F75ECCD9311DE493DD8C9
C:\Windows\system32\DRIVERS\avchv.sys 075AE98458B00E98F3104D777C062032
C:\Windows\System32\DRIVERS\avckf.sys D1A0A4A314FCE6478F2E8C05D8DABC5B
C:\Windows\System32\drivers\bxvbda.sys A4A73F631FE2AA2826FBE4A399B04DEF
C:\Windows\System32\drivers\BasicDisplay.sys 8CC7F7E4AFCBA605921B137ED7992C68
C:\Windows\System32\drivers\BasicRender.sys 38A82F4EE8C416A6744B6D30381ED768
C:\Windows\System32\drivers\bcmfn2.sys C1ABB0F7E3BEA48A0417BDF6FF14AB21
C:\Windows\System32\drivers\bdelam.sys 3701D3BF4AC12EAACB1F58847C1D32FC
C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfndisf6.sys 3AB8C5FA9589B637930783165DD94E54
C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys 923E8216382E2F64EC8AADBA3C2CFFEE
C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf_pc.sys C0247341C1BCD7FF2742821D0AD7AFBC
C:\Windows\system32\drivers\bdsandbox.sys 397307349A31F530718DAE781825A8EB
C:\Windows\system32\DRIVERS\bdvedisk.sys F7F20DFE87C425221D8FCE77C5ED46AC
C:\Windows\System32\Drivers\Beep.sys EC19013E4CF87609534165DF897274D6
C:\Windows\System32\DRIVERS\bowser.sys 6B4FFFDDC618FCF64473CAA86E305697
C:\Windows\System32\drivers\BthAvrcpTg.sys A8F23D453A424FF4DE04989C4727ECC7
C:\Windows\system32\DRIVERS\BthEnum.sys 1104A31260CCF4318C884E0AE6C513BF
C:\Windows\System32\drivers\bthhfenum.sys 67343511D80BF3D6D9EEDB5BA8D0B06B
C:\Windows\System32\drivers\BthHFHid.sys 71FE2A48E4C93DDB9798C024880B6C07
C:\Windows\System32\drivers\bthmodem.sys EF4B9E7C9AD88C00C18A12B0D22D1894
C:\Windows\system32\DRIVERS\bthpan.sys 25BB93167DEF270188072603F92A1EF5
C:\Windows\System32\Drivers\BTHport.sys C37F4930795B771400C63C3C87E7A6C2
C:\Windows\System32\Drivers\BTHUSB.sys 08EA90955AED2D959EE67DF6EDF0E2B6
C:\Windows\System32\DRIVERS\cdfs.sys 2FA6510E33F7DEFEC03658B74101A9B9
C:\Windows\System32\drivers\cdrom.sys C6796EA22B513E3457514D92DCDB1A3D
C:\Windows\System32\drivers\circlass.sys BE9936EDD3267FAAFF94A7835867F00B
C:\Windows\System32\drivers\CLFS.sys 179A41249055D5F039F1B6703F3B6D2B
C:\Windows\system32\DRIVERS\CLVirtualDrive1_1.sys 65324438CA020237999C4331A2709E19
C:\Windows\system32\DRIVERS\clwvd6.sys 7BB935831ACAEEF54684B675575530E5
C:\Windows\System32\drivers\CmBatt.sys EF6EF85DADC3184A10D8F2F7159973CB
C:\Windows\System32\Drivers\cng.sys 3930E508DDA46C1FF68FD963F350AA0A
C:\Windows\System32\drivers\CompositeBus.sys 03AAED827C36F35D70900558B8274905
C:\Windows\System32\drivers\condrv.sys A1FF7DFBFBE164CF92603C651D304DD2
C:\Windows\System32\drivers\csc.sys 9DBC32A45CFA67074432D2AF6C2832B6
C:\Windows\System32\drivers\dam.sys 389C998C64319CD97625B0550E52ECFA
C:\Windows\System32\Drivers\dfsc.sys A03F362C5557E238CBFA914689C77248
C:\Windows\System32\drivers\disk.sys 4D40C9B33F738797CF50E77CB7C53E85
C:\Windows\System32\drivers\dmvsc.sys EB70A894708D1BC176AFD690FF06085F
C:\Windows\system32\drivers\drmkaud.sys 00C594D5A1DBD22AD8B2902B9F6EFF94
C:\Windows\System32\drivers\dxgkrnl.sys E1BB0B6F00F470B451AB45EA13EBA0B3
C:\Windows\System32\drivers\evbda.sys 114BCFDF367FF37C3F1B0A96AF542E4D
C:\Windows\System32\drivers\EhStorClass.sys 43531A5993380CC5113242C29D265FD9
C:\Windows\System32\drivers\EhStorTcgDrv.sys 6F8E738A9505A388B1157FDDE7B3101B
C:\Windows\System32\drivers\errdev.sys DFFFAE1442BA4076E18EED5E406FA0D3
C:\Windows\System32\Drivers\exfat.sys 7729D294A555C7AEB281ED8E4D0E01E4
C:\Windows\System32\Drivers\fastfat.sys 7C4E0D5900B2A1D11EDD626D6DDB937B
C:\Windows\System32\drivers\fdc.sys 5D8402613E778B3BD45E687A8372710B
C:\Windows\System32\drivers\fileinfo.sys BCFD8B149B3ADF92D0DB1E909CAF0265
C:\Windows\System32\drivers\filetrace.sys A1A66C4FDAFD6B0289523232AFB7D8AF
C:\Windows\System32\drivers\flpydisk.sys BE743083CF7063C486A4398E3AEFE59A
C:\Windows\System32\drivers\fltmgr.sys C1FB505A73FA2E9019D32444AB33B75A
C:\Windows\System32\Drivers\FPSensor.sys 08D943FB7405AD4985D89B1E6C4EB2D0
C:\Windows\System32\drivers\FsDepends.sys A7C31B168F371E8E6796219F23E354DB
C:\Windows\System32\Drivers\Fs_Rec.sys 09F460AFEDCA03F3BF6E07D1CCC9AC42
C:\Windows\System32\DRIVERS\fvevol.sys F152D55E497E12256290C43B31C7D0CE
C:\Windows\System32\drivers\fxppm.sys 9591D0B9351ED489EAFD9D1CE52A8015
C:\Windows\System32\drivers\gagp30kx.sys FC3EF65EE20D39F8749C2218DBA681CA
C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 8E98D21EE06192492A5671A6144D092F
C:\Windows\System32\drivers\vmgencounter.sys 0BF5CAD281E25F1418E5B8875DC5ADD1
C:\Windows\System32\Drivers\msgpioclx.sys 8DF1254093B5C354CE725EB6B9B0DE19
C:\Windows\System32\DRIVERS\gzflt.sys C8B54E81501386A91B0E0BD596965C9B
C:\Windows\system32\drivers\hcmon.sys 2AC2F4227EA41501E7BD2FFA7B3D82F8
C:\Windows\system32\drivers\HdAudio.sys 56F69F7C25FB67C970997D7066DBC593
C:\Windows\System32\drivers\HDAudBus.sys D4B7ED39C7900384D9E5C1283F1E7926
C:\Windows\System32\drivers\HidBatt.sys 10A70BC1871CD955D85CD88372724906
C:\Windows\System32\drivers\hidbth.sys 42F88B57CAE42FC10059C887B3FCFCEA
C:\Windows\System32\drivers\hidi2c.sys C241A8BAFBBFC90176EA0F5240EACC17
C:\Windows\System32\drivers\hidir.sys 9BDDEE26255421017E161CCB9D5EDA95
C:\Windows\System32\drivers\hidusb.sys 8DB8EAB9D0C6A5DF0BDCADEA239220B4
C:\Windows\System32\drivers\HpSAMD.sys A6AACEA4C785789BDA5912AD1FEDA80D
C:\Windows\System32\drivers\HTTP.sys 9DDCA7F18983C5410DEFF79F819DF93C
C:\Windows\System32\drivers\hwpolicy.sys 90656C0B3864804B090434EFC582404F
C:\Windows\System32\drivers\hyperkbd.sys 6D6F9E3BF0484967E52F7E846BFF1CA1
C:\Windows\system32\DRIVERS\HyperVideo.sys 907C870F8C31F8DDD6F090857B46AB25
C:\Windows\System32\drivers\i8042prt.sys 49EE0AE9E5B64FFBBD06D55C4984B598
C:\Windows\System32\drivers\iaLPSSi_GPIO.sys 5D90E32E36CE5D4C535D17CE08AEAF05
C:\Windows\System32\drivers\iaLPSSi_I2C.sys DD05E7E80F52ADE9AEB292819920F32C
C:\Windows\System32\drivers\iaStorAV.sys 08BFE413B0B4AA8DFA4B5684CE06D3DC
C:\Windows\System32\drivers\iaStorV.sys A2200C3033FA4EF249FC096A7A7D02A2
C:\Windows\System32\drivers\intelide.sys 4E448FCFFD00E8D657CD9E48D3E47157
C:\Windows\System32\drivers\intelpep.sys 7AA01AB1C110916825E6E1389F1B9AF2
C:\Windows\System32\drivers\intelppm.sys 47E74A8E53C7C24DCE38311E1451C1D9
C:\Windows\System32\DRIVERS\ipfltdrv.sys 9DB76D7F9E4E53EFE5DD8C53DE837514
C:\Windows\System32\drivers\IPMIDrv.sys 9C096BF5E10CA8BFA56F32522A89FAF1
C:\Windows\System32\drivers\ipnat.sys B7342B3C58E91107F6E946A93D9D4EFD
C:\Windows\System32\drivers\irenum.sys AE44C526AB5F8A487D941CEB57B10C97
C:\Windows\System32\drivers\isapnp.sys 8AFEEA3955AA43616A60F133B1D25F21
C:\Windows\System32\drivers\msiscsi.sys D90AB68D0FAC9F357F663670FDBB511E
C:\Windows\System32\drivers\kbdclass.sys 5917AFE4A3F695A54B99C1849C8207FE
C:\Windows\System32\drivers\kbdhid.sys 8CD840A062F6BDF41DDE3ACB96164B72
C:\Windows\System32\drivers\kbldfltr.sys DB7A09BC90DF20F44F16F8B0F9ED3491
C:\Windows\system32\DRIVERS\kdnic.sys 813871C7D402A05F2E3A7075F9584A05
C:\Windows\System32\Drivers\ksecdd.sys 4E829B18D5BAEC29893792A3C671A847
C:\Windows\System32\Drivers\ksecpkg.sys 15C8C65CEA018C02EA0F648448C491C5
C:\Windows\system32\drivers\ksthunk.sys 11AFB527AA370B1DAFD5C36F35F6D45F
C:\Windows\System32\DRIVERS\LhdX64.sys BE166935083F9C38EDFDC21B9A7A679B
C:\Windows\system32\DRIVERS\lltdio.sys C09010B3680860131631F53E8FE7BAD8
C:\Windows\System32\drivers\lsi_sas.sys C755AE4635457AA2A11F79C0DF857ABC
C:\Windows\System32\drivers\lsi_sas2.sys ADAC09CBE7A2040B7F68B5E5C9A75141
C:\Windows\System32\drivers\lsi_sas3.sys 04D1274BB9BBCCF12BD12374002AA191
C:\Windows\System32\drivers\lsi_sss.sys 327469EEF3833D0C584B7E88A76AEC0C
C:\Windows\system32\drivers\luafv.sys DDEE191AB32DFC22C6465002ECDF5EE4
C:\Windows\System32\drivers\megasas.sys EB5C03A070F30D64A6DF80E53B22F53F
C:\Windows\System32\drivers\megasr.sys F6F13533196DE7A582D422B0241E4363
C:\Windows\System32\drivers\modem.sys 8B38C44F69259987C95135C9627E2378
C:\Windows\System32\drivers\monitor.sys 601589000CC90F0DF8DA2CC254A3CCC9
C:\Windows\System32\drivers\mouclass.sys 08374E4E5B8914DE6067CBA99F61E930
C:\Windows\System32\drivers\mouhid.sys 5FCBAB60598AE119E02B4C27DE6B99EA
C:\Windows\System32\drivers\mountmgr.sys D1D82F007A079A4D623DBD1F36EF30A1
C:\Windows\System32\drivers\mpsdrv.sys 6FC047578785B0435F4E2660946D1ADC
C:\Windows\system32\drivers\mrxdav.sys DB32958F0E704EFBF7F15161A569E39F
C:\Windows\System32\DRIVERS\mrxsmb.sys 31233271EDE50D1BBB220F78AFA60486
C:\Windows\System32\DRIVERS\mrxsmb10.sys 3E28B99198B514DFEB152EACF913025E
C:\Windows\System32\DRIVERS\mrxsmb20.sys 6276AC2AA203CF47811F6EFBBD214FBF
C:\Windows\system32\DRIVERS\bridge.sys F3C060444777A59FC63D920719E43CCD
C:\Windows\System32\Drivers\Msfs.sys D13329FBF8345B28AB30F44CC247DC08
C:\Windows\System32\drivers\msgpiowin32.sys C6B474E46F9E543B875981ED3FFE6ADD
C:\Windows\System32\drivers\mshidkmdf.sys 65C92EB9D08DB5C69F28C7FFD4E84E31
C:\Windows\System32\drivers\mshidumdf.sys 52299F086AC2DAFD100DD5DC4A8614BA
C:\Windows\System32\drivers\msisadrv.sys 36D92AF3343C3A3E57FEF11C449AEA4C
C:\Windows\system32\drivers\MSKSSRV.sys A9BBBD2BAE6142253B9195E949AC2E8D
C:\Windows\system32\DRIVERS\mslldp.sys 51B3AC0560848CD6D65AC2033E293113
C:\Windows\system32\drivers\MSPCLOCK.sys 7B2128EB875DCBC006E6A913211006D6
C:\Windows\system32\drivers\MSPQM.sys 1E88171579B218115C7A772F8DE04BD8
C:\Windows\System32\Drivers\MsRPC.sys BBE2A455053E63BECBF42C2F9B21FAE0
C:\Windows\System32\drivers\mssmbios.sys 8D6B7D515C5CBCDB75B928A0B73C3C5E
C:\Windows\system32\drivers\MSTEE.sys 115019AE01E0EB9C048530D2928AB4A2
C:\Windows\System32\drivers\MTConfig.sys 96D604A35070360F0DD4A7A8AF410B5E
C:\Windows\System32\Drivers\mup.sys 619CA29326B82372621DB2C0964D8365
C:\Windows\System32\drivers\mvumis.sys B8C35C94DCB2DFEAF03BB42131F2F77F
C:\Windows\system32\DRIVERS\nwifi.sys 008F7CED69FD5B30CBDE1E03C6F36A27
C:\Windows\System32\drivers\ndis.sys 6D3A2565E01B3E4B0F1BEDB0D4B00B3F
C:\Windows\system32\DRIVERS\ndiscap.sys 8CECC8DA55F3274181FD1EA28AD76664
C:\Windows\system32\DRIVERS\NdisImPlatform.sys 269882812E9A68FFF1AFE1283D428322
C:\Windows\system32\DRIVERS\ndistapi.sys DC1D9F692C2AD84C214584C28501C1F7
C:\Windows\system32\DRIVERS\ndisuio.sys B832B35055BA2B7B4181861FF94D8E59
C:\Windows\System32\drivers\NdisVirtualBus.sys 1F58E48EF75F34C35D8E93A0DC535CFE
C:\Windows\system32\DRIVERS\ndiswan.sys DEC29080202D4F9F17F55E18BCFCC41A
C:\Windows\system32\DRIVERS\ndiswan.sys DEC29080202D4F9F17F55E18BCFCC41A
C:\Windows\System32\Drivers\NDProxy.sys 0BBE2FA30BAD58C9ADC01E4F84A3D2A1
C:\Windows\System32\drivers\Ndu.sys 3083926D1CC5B56EA0786527B557DD1B
C:\Windows\System32\DRIVERS\netbios.sys 42FF4975D032CAE558AE4BB8448F6E5A
C:\Windows\System32\DRIVERS\netbt.sys 0217532E19A748F0E5D569307363D5FD
C:\Windows\system32\DRIVERS\netr28x.sys E32D07CDCEB656AD11E15F121393C6CA
C:\Windows\System32\drivers\netvsc63.sys D4DCE03870314D3354F3501F9DDD4123
C:\Windows\System32\Drivers\Npfs.sys 8F44A2F57C9F1A19AC9C6288C10FB351
C:\Windows\System32\drivers\npsvctrig.sys CBDB4F0871C88DF930FC0E8588CA67FC
C:\Windows\System32\drivers\nsiproxy.sys 0E046FF5823B95326D10CF1B4AF23541
C:\Windows\System32\Drivers\Ntfs.sys 7F68063A5A0461E02BC860CE0E6BFDDC
C:\Windows\System32\Drivers\Null.sys EF1B290FC9F0E47CC0B537292BEE5904
C:\Windows\System32\drivers\nvraid.sys BC6B5942AFF25EBAF62DE43C3807EDF8
C:\Windows\System32\drivers\nvstor.sys 1F43ABFFAC3D6CA356851D517392966E
C:\Windows\System32\drivers\nv_agp.sys 6934A936A7369DFE37B7DBA93F5E5E49
C:\Windows\System32\drivers\parport.sys 764B1121867B2D9B31C491668AC72B2B
C:\Windows\System32\drivers\partmgr.sys BAFF6122CFC9F95CA175AD8C348179A4
C:\Windows\System32\drivers\pci.sys 91ED124E261EA8FAA1C0FFDF2A71B0C4
C:\Windows\System32\drivers\pciide.sys 346E38FCC6859A727DD28AFAD1F0AFF4
C:\Windows\System32\drivers\pcmcia.sys 4D3BDCC1C7B40C9D7B6AD990E6DEC397
C:\Windows\System32\drivers\pcw.sys BF28771D1436C88BE1D297D3098B0F7D
C:\Windows\System32\drivers\pdc.sys ED54A75050211DC77F9B98C41E026858
C:\Windows\System32\drivers\peauth.sys 0ECEE590F2E2EF969FB74A6FC583A1E6
C:\Windows\System32\drivers\processr.sys ECD373F9571C745894367CC2635EA44F
C:\Windows\system32\DRIVERS\pacer.sys FC0141B4A5AD6D637D883C1A89FC45C5
C:\Windows\system32\drivers\qwavedrv.sys 83868EB2924E6BC21A54337C65D614D1
C:\Windows\System32\DRIVERS\rasacd.sys B337B1F1E82A83E20A1743E008E25C0F
C:\Windows\system32\DRIVERS\raspppoe.sys 5247F308C4103CDC4FE12AE1D235800A
C:\Windows\System32\DRIVERS\rdbss.sys A1A5E79C0D1352AFDC08328A623DA051
C:\Windows\System32\drivers\rdpbus.sys 6B21EBF892CD8CACB71669B35AB5DE32
C:\Windows\System32\drivers\rdpdr.sys 680C1DAE268B6FB67FA21B389A8B79EF
C:\Windows\System32\drivers\rdpvideominiport.sys BC8A79C625568DDB7DCA49D0C2741A64
C:\Windows\System32\drivers\rdyboost.sys A26AEC49F318FEE141DDDB2C5F99B3E6
C:\Windows\System32\Drivers\ReFS.sys 615DFD97DEA56CE1C3A52185A3038FF8
C:\Windows\system32\DRIVERS\rfcomm.sys DC66AE45816614D2999DCD3834DCCC4E
C:\Windows\System32\Drivers\RimUsb_AMD64.sys 7B04C9843921AB1F695FB395422C5360
C:\Windows\system32\DRIVERS\rspndr.sys 2D05A5508F4685412F2B89E8C2189ABC
C:\Windows\System32\Drivers\RtsUVStor.sys 55E66BAE5B30E09FDE217FBF0CDAA579
C:\Windows\system32\DRIVERS\Rt630x64.sys 19764658C1468C2C0CEF133D28414A6B
C:\Windows\System32\drivers\vms3cap.sys 1A063730F221B2746FF00457AE17E4F0
C:\Program Files\Sandboxie\SbieDrv.sys E941B5387C3D79FB39A9840F758BAB91
C:\Windows\System32\drivers\sbp2port.sys C624A1B32211C3166EDB3F4AB02A30B7
C:\Windows\System32\DRIVERS\scfilter.sys 13BEA6C882D4D877A5A85CA149C86BC1
C:\Windows\System32\drivers\sdbus.sys 27FF998504DEF8D29A771FBB41707C5E
C:\Windows\System32\drivers\sdstor.sys 0B1E929D11A8E358106955603FAC65E8
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\SerCx.sys DB2FF24CE0BDD15FE75870AFE312BA89
C:\Windows\System32\drivers\SerCx2.sys 0044B31F93946D5D41982314381FE431
C:\Windows\System32\drivers\serenum.sys 3CD600C089C1251BEEB4CD4CD5164F9E
C:\Windows\System32\drivers\serial.sys D864381BC9C725FAB01D94C060660166
C:\Windows\System32\drivers\sermouse.sys 148195AE95D9BC7375A08846439FDAC1
C:\Windows\System32\drivers\sfloppy.sys 472B7A5AC181C050888DB454663DD764
C:\Windows\System32\drivers\SiSRaid2.sys 2F518D13DD6F3053837FE606F1A2EA1F
C:\Windows\System32\drivers\sisraid4.sys 1AC9A200A9C49C4508F04AAFFCA34A3F
C:\Windows\System32\drivers\spaceport.sys D24B1945ED1F9C96DA786DBBF1E983CE
C:\Windows\System32\drivers\SpbCx.sys F337BE11071818FC3F5DC2940B6BDE34
C:\Windows\System32\DRIVERS\srv.sys 6416E79A58A8FCC33A447A4DDDD3BF04
C:\Windows\System32\DRIVERS\srv2.sys 00D8AC8E3053290BDE6EA2FB6810D2FC
C:\Windows\System32\DRIVERS\srvnet.sys D047CD668E6277FD80F0C613946F034C
C:\Windows\System32\drivers\stexstor.sys 366DEA74BBA65B362BCCFC6FC2ADFD8B
C:\Windows\system32\DRIVERS\serscan.sys 8F3C0CCF27CFFE89424F30E9FB3381AB
C:\Windows\System32\drivers\storahci.sys 0ED2E318ABB68C1A35A8B8038BDB4C90
C:\Windows\System32\drivers\vmstorfl.sys 8B9486B64E5FC17FB9CC04CA10B77A34
C:\Windows\System32\drivers\stornvme.sys 6B06E2D11E604BE2B1A406C4CB3B90DE
C:\Windows\System32\drivers\storvsc.sys 548759755BC73DAD663250239D7E0B9F
C:\Windows\System32\drivers\storvsp.sys 03618F935379614837F915D04C45FC0E
C:\Windows\System32\drivers\swenum.sys 65454187E0F8B6C0DCECB0287D06EC43
C:\Windows\System32\drivers\tcpip.sys 3C2DF97A21A9BBE6355B0A51F288EFFF
C:\Windows\system32\DRIVERS\tcpip.sys 3C2DF97A21A9BBE6355B0A51F288EFFF
C:\Windows\System32\drivers\tcpipreg.sys 41CF802064F72E55F50CA0A221FD36D4
C:\Windows\system32\DRIVERS\tdx.sys FFF28F9F6823EB1756C60F1649560BBF
C:\Windows\system32\DRIVERS\teamviewervpn.sys F5520DBB47C60EE83024B38720ABDA24
C:\Windows\System32\drivers\terminpt.sys 232D185D2337F141311D0CF1983E1431
C:\Windows\system32\drivers\tpm.sys 82F909359600D3603FE852DB7F135626
C:\Windows\System32\DRIVERS\trufos.sys 3E75A47D2DEFD2683DCA409572FBE8B2
C:\Windows\System32\drivers\tsusbflt.sys BF8F54CA37E9C9D6582C31C5761F8C93
C:\Windows\System32\drivers\TsUsbGD.sys 20185BEB7512EDE4EFECDFA148AC9F99
C:\Windows\system32\DRIVERS\tunnel.sys C8E0E78B5D284C2FF59BDFFDAF997242
C:\Windows\System32\drivers\uagp35.sys F6EEAD052943B5A3104C1405BB856C54
C:\Windows\System32\drivers\uaspstor.sys FE6067B1FD4E63650C667B33D080565B
C:\Windows\System32\drivers\ucx01000.sys 807F8CF3E973305FC435C61CBBEE2A49
C:\Windows\System32\DRIVERS\udfs.sys 1EC649F112896FAE33250F0B97AC5D0B
C:\Windows\System32\drivers\UEFI.sys 9578691F297E1B1F519970FE6D47CB21
C:\Windows\System32\drivers\uliagpkx.sys 5EAB5117DDB24FC4D39E6FFFCF1837B9
C:\Windows\System32\drivers\umbus.sys DA34C39A18E60E7C3FA0630566408034
C:\Windows\System32\drivers\umpass.sys AE8294875E5446E359B1E8035D40C05E
C:\Windows\System32\drivers\usbccgp.sys FF78D053A05E5A394F4E3C1816CC65A8
C:\Windows\System32\drivers\usbcir.sys 0139248F6B95CF0D837B5B46A2722D40
C:\Windows\System32\drivers\usbehci.sys 48BA326A3DBA5B5BEB5F2777F4618696
C:\Windows\System32\drivers\usbhub.sys FEF0BC107812B36849741C3211BA6B60
C:\Windows\System32\drivers\UsbHub3.sys FAA564A13576F9284546BF016D27B551
C:\Windows\System32\drivers\usbohci.sys 3019097FB6C985EF24C058090FF3BDBD
C:\Windows\System32\drivers\usbprint.sys 4D655E3B684BE9B0F7FFD8A2935C348C
C:\Windows\System32\drivers\USBSTOR.SYS 66732C13628BDB1AB0D6FD46027327C2
C:\Windows\System32\drivers\usbuhci.sys 064260B3A5868AC894A4943543BC7AB7
C:\Windows\System32\Drivers\usbvideo.sys 5C8F604F6DC74177CDD8372D7B1ADFF0
C:\Windows\System32\drivers\USBXHCI.SYS 1A20F03700D2B2ED775E38D751EF2F63
C:\Windows\System32\drivers\vdrvroot.sys FEB26E3B8345A7E8D62F945C4AE86562
C:\Windows\System32\drivers\VerifierExt.sys A026EDEAA5EECAE0B08E2748B616D4BD
C:\Windows\System32\drivers\vhdmp.sys F6ECFD6128A16A4851CFE98D4E01B011
C:\Windows\System32\drivers\viaide.sys 06D38968028E9AB19DE9B618C7B6D199
C:\Windows\System32\drivers\Vid.sys 3CE922E34DB12D9F3C0EA856BC09687C
C:\Windows\System32\drivers\vmbus.sys 511AD3FF957A0127E6BD336FF6F89C38
C:\Windows\System32\drivers\VMBusHID.sys DA40BEA0A863CE768C940CA9723BF81F
C:\Windows\System32\drivers\vmbusr.sys 68F8C26DEA2D42E8DEC0778943433C80
C:\Windows\System32\drivers\vmci.sys BE8E5E5D53ACF71D4E8E686B68C99B04
C:\Windows\system32\drivers\VMkbd.sys BE720B60B61D1704C4A335A88CF849F7
C:\Windows\system32\DRIVERS\vmnetadapter.sys A3412EC3FF7A5AC2CA3A3951476BFA9C
C:\Windows\system32\DRIVERS\vmnetbridge.sys F76AD463DBE8D30CB715A09DF9FF2BE9
C:\Windows\system32\drivers\vmnetuserif.sys FC13DEAE57DE3230B609AAEFF8AFF588
C:\Windows\system32\drivers\vmx86.sys 20BBEDC86615741AC9ACDED5C30A41A8
C:\Windows\System32\drivers\volmgr.sys 55D7D963DE85162F1C49721E502F9744
C:\Windows\System32\drivers\volmgrx.sys CCB9E901F7254BF96D28EB1B0E5329B7
C:\Windows\System32\drivers\volsnap.sys 64CA2B4A49A8EAF495E435623ECCE7DB
C:\Windows\System32\drivers\vpci.sys EF31713EE4C7CCFE4049F7E7F15645A2
C:\Windows\System32\drivers\vpcivsp.sys ADBE96C33D1A5BB1BBAF90B4BC84F523
C:\Windows\System32\drivers\vsmraid.sys 4539F45F9F4C9757A86A56C949421E07
C:\Windows\System32\drivers\vsock.sys 9884BBFB96048DC37A120A1712E0B479
C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys C279CC22288F277A14620EB949F0E1B9
C:\Windows\System32\drivers\vstxraid.sys 0849B7260F26FE05EA56DED0672E2F4B
C:\Windows\System32\drivers\vwifibus.sys BE970C369E43B509C1EDA2B8FA7CECB0
C:\Windows\system32\DRIVERS\vwififlt.sys 6B26AD573CCDD5209DF4397438B76354
C:\Windows\system32\DRIVERS\vwifimp.sys 0B48E0DFB44EE475F4FD8A8EE599AF30
C:\Windows\System32\drivers\wacompen.sys 0910AB9ED404C1434E2D0376C2AD5D8B
C:\Windows\system32\drivers\WdBoot.sys 1751F6B031ADAC34724511057D2E455D
C:\Windows\System32\drivers\Wdf01000.sys CB6C63FF8342B467E2EF76E98D5B934D
C:\Windows\system32\drivers\WdFilter.sys D296D0F0DB2CD1504F90405603664493
C:\Windows\System32\Drivers\WdNisDrv.sys 9F4DF0043965808973023A9B51A11136
C:\Windows\System32\DRIVERS\wfplwfs.sys 715ABA3DD164D06457A2A3C92F6EA9D5
C:\Windows\System32\drivers\wimmount.sys 5F66B7BB330AA80067FC66149A692620
C:\Windows\system32\DRIVERS\WinUsb.sys AC263C2F66405589528995AA41040599
C:\Windows\System32\drivers\wmiacpi.sys 2834D9D3B4F554A39C72F00EA3F0E128
C:\Windows\System32\Drivers\Wof.sys 7FC5667DF73D4B04AA457CC3A4180E09
C:\Windows\System32\DRIVERS\wpcfltr.sys A2468CC3509394A33C4C32F99563D845
C:\Windows\System32\drivers\WpdUpFltr.sys 9F2904B55F6CECCD1A8D986B5CE2609A
C:\Windows\system32\drivers\ws2ifsl.sys AE072B0339D0A18E455DC21666CAD572
C:\Windows\System32\drivers\WSDPrint.sys F586F3F1BF962FE9AE4316E0D896B22F
C:\Windows\system32\DRIVERS\wsvd.sys 72B4E9DF6456C43C42A1419B09486045
C:\Windows\System32\drivers\WudfPf.sys 481286719402E4BAEFEA0604AB1B5113
C:\Windows\System32\drivers\WUDFRd.sys D7B4859227B02BCC1055B279A63C937F
C:\Windows\system32\DRIVERS\WUDFRd.sys D7B4859227B02BCC1055B279A63C937F
C:\Windows\system32\DRIVERS\WUDFRd.sys D7B4859227B02BCC1055B279A63C937F
C:\Windows\system32\DRIVERS\WUDFRd.sys D7B4859227B02BCC1055B279A63C937F

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== Three Months Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-16 09:53 - 2015-03-16 09:54 - 00049382 _____ () C:\Users\Benjamin\Desktop\FRST.txt
2015-03-16 09:53 - 2015-03-16 09:53 - 00000000 ____D () C:\FRST
2015-03-16 09:50 - 2015-03-16 09:50 - 01402880 _____ () C:\Users\Benjamin\Desktop\HiJackThis.msi
2015-03-16 09:49 - 2015-03-16 09:49 - 02095616 _____ (Farbar) C:\Users\Benjamin\Desktop\FRST64.exe
2015-03-15 21:19 - 2015-03-15 21:19 - 00000000 ____D () C:\Users\Benjamin\AppData\Roaming\Mozilla
2015-03-15 19:02 - 2015-03-15 19:02 - 00044812 _____ () C:\Users\Benjamin\Documents\OMCAR.lxf
2015-03-15 18:38 - 2015-03-15 21:19 - 00000000 ____D () C:\Users\Benjamin\Documents\LEGO Creations
2015-03-15 18:38 - 2015-03-15 18:38 - 00000000 ____D () C:\Users\Benjamin\AppData\Roaming\LEGO Company
2015-03-15 18:38 - 2015-03-15 18:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LEGO Company
2015-03-15 18:38 - 2015-03-15 18:38 - 00000000 ____D () C:\Program Files (x86)\LEGO Company
2015-03-15 17:45 - 2015-03-15 17:46 - 00000000 ____D () C:\Users\Benjamin\AppData\Roaming\VMware
2015-03-15 17:45 - 2015-03-15 17:46 - 00000000 ____D () C:\Users\Benjamin\AppData\Local\VMware
2015-03-15 17:33 - 2015-02-06 18:40 - 00066752 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmx86.sys
2015-03-15 17:33 - 2015-02-06 18:39 - 00033472 _____ (VMware, Inc.) C:\Windows\system32\Drivers\VMkbd.sys
2015-03-15 17:33 - 2015-01-07 15:55 - 00076480 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vsock.sys
2015-03-15 17:33 - 2015-01-07 15:55 - 00068288 _____ (VMware, Inc.) C:\Windows\system32\vsocklib.dll
2015-03-15 17:33 - 2015-01-07 15:55 - 00064192 _____ (VMware, Inc.) C:\Windows\SysWOW64\vsocklib.dll
2015-03-15 17:32 - 2015-02-06 18:40 - 00438464 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnat.exe
2015-03-15 17:32 - 2015-02-06 18:40 - 00359104 _____ (VMware, Inc.) C:\Windows\SysWOW64\vmnetdhcp.exe
2015-03-15 17:32 - 2015-02-06 18:40 - 00026816 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetuserif.sys
2015-03-15 17:32 - 2015-02-06 18:39 - 00931008 _____ (VMware, Inc.) C:\Windows\system32\vnetlib64.dll
2015-03-15 17:32 - 2015-01-07 08:02 - 00055488 _____ (VMware, Inc.) C:\Windows\system32\Drivers\hcmon.sys
2015-03-15 17:31 - 2015-03-15 17:31 - 00881814 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-03-15 17:31 - 2015-03-15 17:31 - 00001024 _____ () C:\Windows\SysWOW64\%TMP%
2015-03-15 17:31 - 2015-03-15 17:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VMware
2015-03-15 17:31 - 2015-03-15 17:31 - 00000000 ____D () C:\Program Files\Common Files\VMware
2015-03-15 17:30 - 2015-03-16 08:21 - 00000000 ____D () C:\ProgramData\VMware
2015-03-15 17:30 - 2015-03-15 17:30 - 00000000 ____D () C:\Users\Public\Documents\Shared Virtual Machines
2015-03-15 17:30 - 2015-03-15 17:30 - 00000000 ____D () C:\Program Files (x86)\VMware
2015-03-15 16:15 - 2015-03-16 09:52 - 00000000 ____D () C:\Program Files (x86)\ITbrain Agent
2015-03-15 16:15 - 2015-03-15 16:15 - 00000000 __HDC () C:\ProgramData\{651038AD-E038-410A-BD90-28FB006FD850}
2015-03-15 16:15 - 2015-03-15 16:15 - 00000000 ____D () C:\Users\Default\AppData\Local\PackageAware
2015-03-15 16:15 - 2015-03-15 16:15 - 00000000 ____D () C:\Users\Default User\AppData\Local\PackageAware
2015-03-15 16:13 - 2015-03-15 16:13 - 00000000 ____D () C:\Users\Benjamin\AppData\Local\TeamViewer
2015-03-15 16:11 - 2015-03-15 16:44 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-03-15 16:11 - 2015-03-15 16:11 - 00001059 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk
2015-03-15 16:11 - 2015-03-15 16:11 - 00000000 ____D () C:\Users\Benjamin\AppData\Roaming\TeamViewer
2015-03-15 16:11 - 2015-01-20 05:45 - 00035112 _____ (TeamViewer GmbH) C:\Windows\system32\Drivers\teamviewervpn.sys
2015-03-14 15:47 - 2015-03-14 15:47 - 00000000 ____D () C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iCloud
2015-03-14 15:47 - 2015-03-14 15:47 - 00000000 ____D () C:\Users\Benjamin\AppData\Local\Deployment
2015-03-14 15:15 - 2015-03-15 16:09 - 00001762 _____ () C:\Windows\Sandboxie.ini
2015-03-14 15:14 - 2015-03-14 15:24 - 00000000 ____D () C:\Program Files\Sandboxie
2015-03-14 15:14 - 2015-03-14 15:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2015-03-14 15:02 - 2015-03-14 15:02 - 00000000 ___RD () C:\Sandbox
2015-03-14 14:34 - 2015-03-14 14:34 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-03-14 14:34 - 2015-03-14 14:34 - 00000000 ____D () C:\Program Files\7-Zip
2015-03-14 14:26 - 2015-03-14 14:26 - 00000000 ____D () C:\Users\Benjamin\Documents\long_path_tool
2015-03-14 13:02 - 2015-03-15 19:03 - 00000000 ____D () C:\Users\Benjamin\Documents\iCloud Activation Bypass
2015-03-14 12:02 - 2015-03-16 08:24 - 00000000 ___RD () C:\Users\Benjamin\Google Drive
2015-03-14 12:01 - 2015-03-14 12:01 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-03-13 19:53 - 2015-03-13 19:56 - 00000000 ___RD () C:\Users\Benjamin\Documents\MEGAsync
2015-03-13 19:52 - 2015-03-13 19:52 - 00000000 ____D () C:\Users\Benjamin\AppData\Local\Mega Limited
2015-03-13 19:51 - 2015-03-13 19:51 - 00000000 ____D () C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync
2015-03-13 19:51 - 2015-03-13 19:51 - 00000000 ____D () C:\Users\Benjamin\AppData\Local\MEGAsync
2015-03-12 20:27 - 2015-03-12 21:01 - 1044381696 _____ () C:\Users\Benjamin\Downloads\ubuntu-14.04.2-desktop-amd64.iso
2015-03-12 15:43 - 2015-03-12 15:43 - 00000000 ___HD () C:\$WINDOWS.~BT
2015-03-12 15:28 - 2015-03-12 21:26 - 00000400 __RSH () C:\ProgramData\ntuser.pol
2015-03-12 15:26 - 2015-03-12 15:26 - 00362029 _____ () C:\Windows\SysWOW64\sqlite3.dll
2015-03-12 10:08 - 2015-03-12 10:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon IJ Network Utilities
2015-03-12 10:06 - 2015-03-12 10:06 - 00000000 ___HD () C:\Windows\system32\CanonIJ Uninstaller Information
2015-03-12 10:06 - 2015-03-12 10:06 - 00000000 ___HD () C:\ProgramData\CanonBJ
2015-03-12 10:06 - 2015-03-12 10:06 - 00000000 ___HD () C:\Program Files\CanonBJ
2015-03-12 10:06 - 2015-03-12 10:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX700 series
2015-03-12 10:06 - 2012-08-30 11:18 - 00252416 _____ (CANON INC.) C:\Windows\system32\CNMN6PPM.DLL
2015-03-12 10:06 - 2012-08-30 11:18 - 00152064 _____ (CANON INC.) C:\Windows\system32\CNMN6UI.DLL
2015-03-12 10:06 - 2012-08-30 11:15 - 00366080 _____ (CANON INC.) C:\Windows\SysWOW64\CNMNPPM.DLL
2015-03-12 10:06 - 2007-05-22 05:00 - 00258560 _____ (CANON INC.) C:\Windows\system32\CNMLM95.DLL
2015-03-12 10:06 - 2007-05-21 14:40 - 00183296 _____ (Canon Inc.) C:\Windows\system32\CNCF2Le.DLL
2015-03-12 10:06 - 2007-05-21 14:35 - 00143360 _____ (Canon Inc.) C:\Windows\system32\CNCFMSe.EXE
2015-03-12 10:06 - 2007-05-21 14:32 - 00003584 _____ (Canon Inc.) C:\Windows\system32\CNCFLeUS.DLL
2015-03-12 10:06 - 2007-05-21 14:32 - 00003072 _____ (Canon Inc.) C:\Windows\system32\CNCFLeJP.DLL
2015-03-12 10:06 - 2007-04-27 11:08 - 00247296 _____ (CANON INC.) C:\Windows\system32\CNC700L.DLL
2015-03-12 10:06 - 2007-03-23 16:33 - 01439744 _____ (CANON INC.) C:\Windows\system32\CNC700C.DLL
2015-03-12 10:06 - 2007-03-23 16:32 - 00092672 _____ (CANON INC.) C:\Windows\system32\CNC700I.DLL
2015-03-12 10:06 - 2007-03-20 00:14 - 00117850 _____ () C:\Windows\system32\Cnmnput.chm
2015-03-12 10:06 - 2007-03-15 14:13 - 00229888 _____ (Canon Inc.) C:\Windows\system32\CNC700O.DLL
2015-03-12 10:05 - 2015-03-12 10:08 - 00000000 ____D () C:\Program Files (x86)\Canon
2015-03-11 10:24 - 2015-03-11 10:24 - 00000000 ___DL () C:\Users\Public\SwagButton.1426069486
2015-03-11 10:24 - 2015-03-11 10:24 - 00000000 ___DL () C:\Users\Public\SwagButton
2015-03-11 10:24 - 2015-03-11 10:24 - 00000000 ____D () C:\Users\Public\SBExtension
2015-03-11 10:24 - 2015-03-11 10:24 - 00000000 ____D () C:\Users\Benjamin\js
2015-03-11 10:24 - 2015-03-11 10:24 - 00000000 ____D () C:\Program Files (x86)\Prodege
2015-03-11 10:24 - 2015-02-27 16:58 - 00540808 _____ (Prodege) C:\Users\Benjamin\SBExtnBack.exe
2015-03-11 09:36 - 2015-03-11 09:36 - 00000000 ____D () C:\Users\Benjamin\AppData\Roaming\BingSearchBot
2015-03-11 09:36 - 2015-03-11 09:36 - 00000000 ____D () C:\ProgramData\OriginData
2015-03-11 08:52 - 2015-02-03 19:58 - 00264000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdFilter.sys
2015-03-11 08:52 - 2015-02-03 19:58 - 00114496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdNisDrv.sys
2015-03-11 08:52 - 2015-02-03 19:58 - 00044024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdBoot.sys
2015-03-11 08:52 - 2015-01-26 23:44 - 00933888 _____ (Microsoft Corporation) C:\Windows\system32\calc.exe
2015-03-11 08:52 - 2015-01-23 21:51 - 00816128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\calc.exe
2015-03-11 08:51 - 2015-03-05 22:53 - 00430080 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 08:51 - 2015-03-05 22:33 - 00358912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-11 08:51 - 2015-02-25 19:26 - 04178944 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 08:51 - 2015-02-06 19:09 - 00396419 _____ () C:\Windows\system32\ApnDatabase.xml
2015-03-11 08:51 - 2015-02-02 19:53 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\winshfhc.dll
2015-03-11 08:51 - 2015-02-02 19:53 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winshfhc.dll
2015-03-11 08:51 - 2015-01-28 21:58 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\photowiz.dll
2015-03-11 08:51 - 2015-01-28 21:29 - 00290816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\photowiz.dll
2015-03-11 08:51 - 2015-01-23 03:17 - 00723072 _____ (Microsoft Corporation) C:\Windows\system32\SHCore.dll
2015-03-11 08:51 - 2015-01-23 01:02 - 00560392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SHCore.dll
2015-03-11 08:50 - 2015-02-20 21:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 08:50 - 2015-02-20 20:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-11 08:50 - 2015-02-20 20:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-11 08:50 - 2015-02-19 23:03 - 00358912 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 08:50 - 2015-02-19 22:58 - 00044032 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 08:50 - 2015-02-19 22:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 08:50 - 2015-02-19 22:20 - 00301056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-11 08:50 - 2015-02-19 22:15 - 00035840 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-11 08:50 - 2015-02-19 21:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 08:50 - 2015-02-05 21:28 - 02257408 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-03-11 08:50 - 2015-02-05 21:08 - 01943040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-03-11 08:50 - 2015-02-05 16:24 - 01113920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-03-11 08:50 - 2015-02-02 20:03 - 03551744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_47.dll
2015-03-11 08:50 - 2015-02-02 20:02 - 04298240 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_47.dll
2015-03-11 08:50 - 2015-01-30 19:42 - 03097600 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-03-11 08:50 - 2015-01-30 19:29 - 02484224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-03-11 08:50 - 2015-01-30 19:20 - 00203264 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 08:50 - 2015-01-29 23:01 - 00097792 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\hidbth.sys
2015-03-11 08:50 - 2015-01-29 23:00 - 00167424 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\rfcomm.sys
2015-03-11 08:50 - 2015-01-29 22:03 - 01488896 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll
2015-03-11 08:50 - 2015-01-29 22:03 - 01464832 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll
2015-03-11 08:50 - 2015-01-29 22:02 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\eappgnui.dll
2015-03-11 08:50 - 2015-01-29 21:44 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll
2015-03-11 08:50 - 2015-01-29 21:42 - 01204224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll
2015-03-11 08:50 - 2015-01-29 21:40 - 00091648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappgnui.dll
2015-03-11 08:50 - 2015-01-29 21:37 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\eapp3hst.dll
2015-03-11 08:50 - 2015-01-29 21:29 - 00035840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\atlthunk.dll
2015-03-11 08:50 - 2015-01-29 21:24 - 00339456 _____ (Microsoft Corporation) C:\Windows\system32\eapphost.dll
2015-03-11 08:50 - 2015-01-29 21:24 - 00250880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapp3hst.dll
2015-03-11 08:50 - 2015-01-29 21:16 - 00266752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eapphost.dll
2015-03-11 08:50 - 2015-01-29 21:08 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\eappcfg.dll
2015-03-11 08:50 - 2015-01-29 21:06 - 00278016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eappcfg.dll
2015-03-11 08:50 - 2015-01-28 21:11 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-11 08:50 - 2015-01-28 21:04 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-03-11 08:50 - 2015-01-28 21:04 - 00864256 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2015-03-11 08:50 - 2015-01-28 21:00 - 00210944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-03-11 08:50 - 2015-01-28 20:59 - 02773504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-03-11 08:50 - 2015-01-28 20:55 - 00971776 _____ (Microsoft Corporation) C:\Windows\system32\WSShared.dll
2015-03-11 08:50 - 2015-01-28 20:50 - 00811008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSShared.dll
2015-03-11 08:50 - 2015-01-28 20:49 - 02459136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-03-11 08:50 - 2015-01-28 11:41 - 07472960 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 08:50 - 2015-01-28 11:41 - 01733440 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-03-11 08:50 - 2015-01-28 11:41 - 01498360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-03-11 08:50 - 2015-01-27 22:24 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\StorageContextHandler.dll
2015-03-11 08:50 - 2015-01-27 21:47 - 00060928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\StorageContextHandler.dll
2015-03-11 08:50 - 2015-01-27 00:22 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-11 08:50 - 2015-01-26 22:11 - 03547648 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-11 08:49 - 2015-02-20 20:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-11 08:49 - 2015-02-20 20:27 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-03-11 08:49 - 2015-02-20 19:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 08:49 - 2015-02-20 19:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-11 08:49 - 2015-02-19 22:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 08:49 - 2015-02-19 22:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 08:49 - 2015-02-19 22:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 08:49 - 2015-02-19 22:35 - 00816128 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-03-11 08:49 - 2015-02-19 22:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 08:49 - 2015-02-19 22:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-11 08:49 - 2015-02-19 22:07 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-03-11 08:49 - 2015-02-19 22:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-11 08:49 - 2015-02-19 22:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 08:49 - 2015-02-19 22:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-11 08:49 - 2015-02-19 21:59 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-03-11 08:49 - 2015-02-19 21:56 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-03-11 08:49 - 2015-02-19 21:52 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-03-11 08:49 - 2015-02-19 21:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 08:49 - 2015-02-19 21:49 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 08:49 - 2015-02-19 21:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 08:49 - 2015-02-19 21:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-11 08:49 - 2015-02-19 21:30 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-03-11 08:49 - 2015-02-19 21:29 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-03-11 08:49 - 2015-02-19 21:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 08:49 - 2015-02-19 21:26 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-03-11 08:49 - 2015-02-19 21:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-11 08:49 - 2015-02-19 21:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-11 08:49 - 2015-02-19 21:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 08:49 - 2015-02-19 21:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 08:49 - 2015-02-19 21:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-11 08:49 - 2015-02-19 20:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-11 08:49 - 2015-02-19 20:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-11 08:49 - 2015-02-12 13:40 - 22291584 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 08:49 - 2015-02-12 13:34 - 19731824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-11 08:49 - 2015-02-07 19:57 - 01090048 _____ (Microsoft Corporation) C:\Windows\system32\MrmCoreR.dll
2015-03-11 08:49 - 2015-02-07 19:49 - 00791040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MrmCoreR.dll
2015-03-11 08:49 - 2015-01-29 14:45 - 01763352 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 08:49 - 2015-01-29 14:34 - 01488040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-11 08:49 - 2015-01-27 21:31 - 00402432 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 08:49 - 2015-01-27 21:11 - 00357376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-11 08:49 - 2015-01-27 19:47 - 02501368 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2015-03-11 08:49 - 2015-01-27 19:41 - 02207488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2015-03-11 08:49 - 2014-12-11 01:36 - 00046456 _____ (Microsoft Corporation) C:\Windows\system32\LockScreenContentServer.exe
2015-03-11 08:48 - 2015-01-21 01:54 - 01384712 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 08:48 - 2015-01-21 01:15 - 01123848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-09 21:28 - 2015-03-09 21:28 - 00000000 ____D () C:\ProgramData\McAfee
2015-03-09 21:21 - 2015-03-09 21:21 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneKey Recovery
2015-03-09 21:21 - 2015-03-09 21:21 - 00000000 ____D () C:\ProgramData\OneKey Recovery
2015-03-09 21:21 - 2012-06-13 17:10 - 00102376 _____ ("CyberLink) C:\Windows\system32\Drivers\wsvd.sys
2015-03-09 09:47 - 2015-03-14 14:13 - 00000000 ____D () C:\AdwCleaner
2015-03-07 18:31 - 2015-03-07 18:31 - 00000035 _____ () C:\OKErr.log
2015-03-07 15:08 - 2015-03-07 15:08 - 00000000 ____D () C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2015-03-07 15:08 - 2015-03-07 15:07 - 00039008 _____ (Lenovo.) C:\Windows\system32\Drivers\LhdX64.sys
2015-03-07 15:07 - 2015-03-07 15:08 - 00000000 ____D () C:\Program Files (x86)\Lenovo
2015-03-05 12:37 - 2015-03-05 12:47 - 00001024 ____H () C:\SYSTAG.BIN
2015-03-05 12:36 - 2015-03-05 12:47 - 00000082 _____ () C:\Windows\SysWOW64\winsevr.dat
2015-03-05 12:36 - 2015-03-05 12:47 - 00000000 ____D () C:\Program Files (x86)\AOMEI Backupper
2015-03-05 12:36 - 2015-03-05 12:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOMEI Backupper
2015-03-05 12:36 - 2015-03-05 12:36 - 00000000 ____D () C:\ProgramData\AomeiBR
2015-03-05 12:36 - 2013-07-31 19:01 - 00151480 _____ () C:\Windows\system32\ammntdrv.sys
2015-03-05 12:36 - 2013-07-31 19:01 - 00030648 _____ () C:\Windows\system32\ambakdrv.sys
2015-03-05 12:36 - 2013-07-31 19:01 - 00017848 _____ () C:\Windows\system32\amwrtdrv.sys
2015-03-05 11:24 - 2015-03-05 11:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2015-03-05 11:23 - 2015-03-05 11:26 - 00000000 ____D () C:\Program Files\Speccy
2015-03-04 14:30 - 2015-03-04 14:30 - 00000000 ____D () C:\ProgramData\Downloaded Installations
2015-03-04 11:01 - 2015-03-04 11:01 - 00000000 ____D () C:\Users\Default\AppData\Local\Microsoft Help
2015-03-04 11:01 - 2015-03-04 11:01 - 00000000 ____D () C:\Users\Default User\AppData\Local\Microsoft Help
2015-03-04 10:45 - 2015-03-16 08:47 - 00004980 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for BENJAMINSPC-Benjamin BenjaminsPC
2015-03-04 10:16 - 2014-06-09 18:13 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2015-03-04 10:16 - 2014-06-09 18:13 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2015-03-03 22:40 - 2015-03-03 22:40 - 00000000 ____D () C:\Users\Benjamin\Documents\Youth Digital
2015-03-03 22:39 - 2015-03-03 22:39 - 00000000 ____D () C:\Users\Benjamin\AppData\Roaming\Youth Digital
2015-03-03 22:39 - 2015-03-03 22:39 - 00000000 ____D () C:\Users\Benjamin\AppData\Roaming\Blender Foundation
2015-03-03 22:23 - 2015-03-03 22:23 - 00000000 ____D () C:\Users\Benjamin\Tracing
2015-03-03 22:22 - 2015-03-16 09:51 - 00000000 ____D () C:\Users\Benjamin\AppData\Roaming\Skype
2015-03-03 22:22 - 2015-03-03 22:22 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-03-03 22:22 - 2015-03-03 22:22 - 00000000 ____D () C:\Users\Benjamin\AppData\Local\Skype
2015-03-03 22:22 - 2015-03-03 22:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-03-03 22:18 - 2015-03-03 22:18 - 00003148 _____ () C:\Windows\System32\Tasks\{D5953DCC-AC87-43A8-995E-C0E7CC25D0D2}
2015-03-03 22:17 - 2015-03-03 22:17 - 00000000 ____D () C:\ProgramData\Skype
2015-03-03 21:35 - 2015-03-03 21:35 - 00002157 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Customization Wizard XI.lnk
2015-03-03 21:29 - 2015-03-03 21:29 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2015-03-03 21:28 - 2015-03-03 22:19 - 00002469 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat XI Pro.lnk
2015-03-03 21:28 - 2015-03-03 22:19 - 00002230 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe FormsCentral.lnk
2015-03-03 21:28 - 2015-03-03 22:19 - 00002069 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat Distiller XI.lnk
2015-03-03 21:28 - 2015-03-03 21:28 - 00002046 _____ () C:\Users\Public\Desktop\Adobe Acrobat XI Pro.lnk
2015-03-03 21:18 - 2015-03-03 21:18 - 00000000 ____D () C:\Windows\system32\appmgmt
2015-03-03 21:05 - 2015-03-03 20:31 - 00002587 _____ () C:\Users\Benjamin\Desktop\Rosetta Stone Version 3.lnk
2015-03-03 21:01 - 2015-03-03 21:01 - 00001055 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Download Assistant.lnk
2015-03-03 21:01 - 2015-03-03 21:01 - 00000000 ____D () C:\Users\Default\AppData\Roaming\Macromedia
2015-03-03 21:01 - 2015-03-03 21:01 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\Macromedia
2015-03-03 21:01 - 2015-03-03 21:01 - 00000000 ____D () C:\Users\Benjamin\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
2015-03-03 21:01 - 2015-03-03 21:01 - 00000000 ____D () C:\Program Files (x86)\Adobe Download Assistant
2015-03-03 20:31 - 2015-03-03 20:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rosetta Stone
2015-03-03 20:31 - 2015-03-03 20:31 - 00000000 ____D () C:\Program Files (x86)\Rosetta Stone
2015-03-03 20:30 - 2015-03-03 20:31 - 00000000 ____D () C:\ProgramData\RosettaStoneLtdBackup
2015-03-03 20:27 - 2015-03-16 09:50 - 00000000 ____D () C:\Users\Public\Documents\TT Geometry
2015-03-03 20:27 - 2015-03-03 20:27 - 00001228 _____ () C:\Users\Public\Desktop\TT Geometry.lnk
2015-03-03 20:27 - 2015-03-03 20:27 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TT Geometry
2015-03-03 20:27 - 2015-03-03 20:27 - 00000000 ____D () C:\Program Files (x86)\Teaching Textbooks
2015-03-03 20:05 - 2015-03-09 15:56 - 00000000 ____D () C:\ProgramData\Rosetta Stone
2015-03-03 19:45 - 2015-03-03 19:45 - 00000000 _____ () C:\Windows\system\tdhitrah.eij
2015-03-03 18:10 - 2015-03-04 09:58 - 00000000 ____D () C:\ProgramData\FLEXnet
2015-03-03 17:33 - 2015-03-14 15:47 - 00000000 ____D () C:\Users\Benjamin\AppData\Local\Apps\2.0
2015-03-03 16:59 - 2015-03-03 16:59 - 00000000 ____D () C:\Program Files\Reference Assemblies
2015-03-03 16:59 - 2015-03-03 16:59 - 00000000 ____D () C:\Program Files\MSBuild
2015-03-03 16:59 - 2015-03-03 16:59 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies
2015-03-03 16:59 - 2015-03-03 16:59 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2015-03-03 16:56 - 2015-03-03 16:56 - 00000000 ____D () C:\Program Files\Adblock Plus for IE
2015-03-03 16:54 - 2013-08-03 00:48 - 01166520 _____ (Microsoft Corporation) C:\Windows\system32\PresentationNative_v0300.dll
2015-03-03 16:54 - 2013-08-03 00:48 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-03-03 16:54 - 2013-08-03 00:41 - 00778936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationNative_v0300.dll
2015-03-03 16:54 - 2013-08-03 00:41 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-03-03 16:50 - 2015-03-11 22:34 - 00000000 ____D () C:\Users\Benjamin\AppData\Roaming\BitTorrent Pro
2015-03-03 16:49 - 2015-03-03 16:49 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-03-03 16:49 - 2015-03-03 16:49 - 00000000 ____D () C:\ProgramData\Sun
2015-03-03 16:49 - 2015-03-03 16:49 - 00000000 ____D () C:\ProgramData\Oracle
2015-03-03 16:49 - 2015-03-03 16:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-03-03 16:49 - 2015-03-03 16:49 - 00000000 ____D () C:\Program Files (x86)\Java
2015-03-03 16:47 - 2015-03-03 16:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BitTorrent PRO
2015-03-03 16:47 - 2015-03-03 16:47 - 00000000 ____D () C:\Program Files (x86)\BitTorrent PRO
2015-03-03 16:21 - 2015-03-12 15:44 - 00001908 _____ () C:\Windows\diagwrn.xml
2015-03-03 16:21 - 2015-03-12 15:44 - 00001908 _____ () C:\Windows\diagerr.xml
2015-03-03 09:47 - 2015-03-03 09:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LEGO MINDSTORMS NXT 2.0
2015-03-03 09:47 - 2015-03-03 09:47 - 00001105 _____ () C:\Users\Public\Desktop\LEGO MINDSTORMS NXT 2.0.lnk
2015-03-03 09:45 - 2015-03-03 09:45 - 00000000 ____D () C:\ProgramData\National Instruments
2015-03-03 09:45 - 2015-03-03 09:45 - 00000000 ____D () C:\Program Files (x86)\National Instruments
2015-03-03 09:45 - 2015-03-03 09:45 - 00000000 ____D () C:\Program Files (x86)\LEGO Software
2015-03-03 09:45 - 2015-03-03 09:45 - 00000000 ____D () C:\Program Files (x86)\IVI Foundation
2015-03-03 08:56 - 2015-03-03 08:56 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-02 17:26 - 2015-03-02 12:42 - 00001451 _____ () C:\Users\Benjamin\Desktop\CyberLink WaveEditor 2.lnk
2015-03-02 17:26 - 2015-03-02 12:41 - 00001355 _____ () C:\Users\Benjamin\Desktop\CyberLink LabelPrint 2.5.lnk
2015-03-02 17:23 - 2015-03-16 08:23 - 00000000 ___RD () C:\Users\Benjamin\iCloudDrive
2015-03-02 17:23 - 2015-03-03 09:14 - 00000000 ____D () C:\Users\Benjamin\AppData\Local\7F966522-22A3-48B5-91B7-59AF8CFD9193.aplzod
2015-03-02 17:23 - 2015-03-02 17:23 - 00000000 ____D () C:\Users\Benjamin\Documents\Outlook Files
2015-03-02 17:23 - 2015-03-02 17:23 - 00000000 ____D () C:\Users\Benjamin\AppData\Local\Apple Inc
2015-03-02 17:21 - 2015-03-02 17:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iCloud
2015-03-02 17:20 - 2015-03-02 17:20 - 00001857 _____ () C:\Users\Public\Desktop\QuickTime Player.lnk
2015-03-02 17:20 - 2015-03-02 17:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-03-02 17:20 - 2015-03-02 17:20 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2015-03-02 17:07 - 2015-03-03 19:53 - 00000000 ____D () C:\Program Files\Total Uninstall 6
2015-03-02 17:07 - 2015-03-02 17:07 - 00000863 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Uninstall 6.lnk
2015-03-02 17:07 - 2015-03-02 17:07 - 00000016 _____ () C:\ProgramData\mntemp
2015-03-02 17:07 - 2015-03-02 17:07 - 00000000 ____D () C:\ProgramData\Martau
2015-03-02 16:53 - 2015-03-02 16:53 - 00000000 ____D () C:\Windows\system32\appraiser
2015-03-02 16:37 - 2015-03-03 09:22 - 00000000 ____D () C:\Users\Benjamin\AppData\Local\Apple Computer
2015-03-02 16:37 - 2015-03-02 17:23 - 00000000 ____D () C:\Users\Benjamin\AppData\Roaming\Apple Computer
2015-03-02 16:36 - 2015-03-02 16:36 - 00001765 _____ () C:\Users\Public\Desktop\iTunes.lnk
2015-03-02 16:36 - 2015-03-02 16:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-03-02 16:36 - 2012-10-03 17:14 - 00033240 _____ (GEAR Software Inc.) C:\Windows\system32\Drivers\GEARAspiWDM.sys
2015-03-02 16:35 - 2015-03-03 09:20 - 00000000 ____D () C:\ProgramData\Apple Computer
2015-03-02 16:35 - 2015-03-02 16:36 - 00000000 ____D () C:\ProgramData\E1864A66-75E3-486a-BD95-D1B7D99A84A7
2015-03-02 16:35 - 2015-03-02 16:36 - 00000000 ____D () C:\Program Files\iTunes
2015-03-02 16:35 - 2015-03-02 16:35 - 00000000 ____D () C:\Program Files\iPod
2015-03-02 16:35 - 2015-03-02 16:35 - 00000000 ____D () C:\Program Files (x86)\iTunes
2015-03-02 16:34 - 2015-03-07 11:55 - 00000000 ____D () C:\Users\Benjamin\AppData\Local\Apple
2015-03-02 16:34 - 2015-03-02 16:34 - 00002535 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2015-03-02 16:34 - 2015-03-02 16:34 - 00000000 ____D () C:\Windows\System32\Tasks\Apple
2015-03-02 16:34 - 2015-03-02 16:34 - 00000000 ____D () C:\Program Files (x86)\Apple Software Update
2015-03-02 16:33 - 2015-03-11 09:36 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-02 16:33 - 2015-03-11 09:28 - 122905848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-02 16:33 - 2015-03-02 16:33 - 00000000 ____D () C:\Program Files\Bonjour
2015-03-02 16:33 - 2015-03-02 16:33 - 00000000 ____D () C:\Program Files (x86)\Bonjour
2015-03-02 16:33 - 2015-03-02 16:33 - 00000000 ____D () C:\b33fa847a2d3827abe0dfccc
2015-03-02 16:32 - 2015-03-02 17:21 - 00000000 ____D () C:\Program Files\Common Files\Apple
2015-03-02 16:32 - 2015-03-02 16:34 - 00000000 ____D () C:\ProgramData\Apple
2015-03-02 16:28 - 2014-04-15 19:35 - 00028352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2015-03-02 16:28 - 2014-04-15 19:34 - 00029888 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2015-03-02 16:24 - 2014-11-14 03:10 - 03558400 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-03-02 16:24 - 2014-11-10 14:06 - 00473408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2015-03-02 16:24 - 2014-11-07 21:58 - 04837376 _____ (Microsoft Corporation) C:\Windows\system32\SyncEngine.dll
2015-03-02 16:24 - 2014-10-30 20:51 - 18823168 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2015-03-02 16:24 - 2014-10-30 20:10 - 15158784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2015-03-02 16:23 - 2014-11-17 16:17 - 00672984 _____ (Microsoft Corporation) C:\Windows\system32\MDMAgent.exe
2015-03-02 16:23 - 2014-11-17 16:17 - 00273240 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlows.exe
2015-03-02 16:23 - 2014-11-15 15:05 - 00801584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-02 16:23 - 2014-11-15 02:29 - 00962216 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-02 16:23 - 2014-11-14 10:36 - 00055776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-03-02 16:23 - 2014-11-14 02:58 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsDatabase.dll
2015-03-02 16:23 - 2014-11-14 02:58 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-03-02 16:23 - 2014-11-14 02:57 - 01027584 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2015-03-02 16:23 - 2014-11-14 02:57 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-03-02 16:23 - 2014-11-14 02:54 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettings.Handlers.dll
2015-03-02 16:23 - 2014-11-14 02:54 - 00407552 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2015-03-02 16:23 - 2014-11-14 02:54 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-03-02 16:23 - 2014-11-14 02:53 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-03-02 16:23 - 2014-11-14 02:52 - 01714176 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-03-02 16:23 - 2014-11-14 02:46 - 02171904 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsAdminFlowUI.dll
2015-03-02 16:23 - 2014-11-14 02:39 - 02819584 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2015-03-02 16:23 - 2014-11-14 01:04 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-03-02 16:23 - 2014-11-14 01:03 - 00885760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2015-03-02 16:23 - 2014-11-14 01:03 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-03-02 16:23 - 2014-11-14 01:01 - 00723968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-03-02 16:23 - 2014-11-14 01:01 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-03-02 16:23 - 2014-11-10 14:06 - 02485056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2015-03-02 16:23 - 2014-11-10 14:06 - 00428864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2015-03-02 16:23 - 2014-11-10 14:06 - 00136512 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wfplwfs.sys
2015-03-02 16:23 - 2014-11-09 22:57 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\agilevpn.sys
2015-03-02 16:23 - 2014-11-09 21:37 - 00845312 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2015-03-02 16:23 - 2014-11-09 21:34 - 01084416 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2015-03-02 16:23 - 2014-11-09 21:26 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2015-03-02 16:23 - 2014-11-09 21:20 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\vpnike.dll
2015-03-02 16:23 - 2014-11-09 21:09 - 00272384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2015-03-02 16:23 - 2014-11-09 21:08 - 00702464 _____ (Microsoft Corporation) C:\Windows\system32\rasapi32.dll
2015-03-02 16:23 - 2014-11-09 21:06 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2015-03-02 16:23 - 2014-11-09 20:57 - 00624640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasapi32.dll
2015-03-02 16:23 - 2014-11-09 20:57 - 00561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2015-03-02 16:23 - 2014-11-08 00:00 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndproxy.sys
2015-03-02 16:23 - 2014-11-08 00:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndistapi.sys
2015-03-02 16:23 - 2014-11-07 23:58 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasl2tp.sys
2015-03-02 16:23 - 2014-11-07 23:58 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\wanarp.sys
2015-03-02 16:23 - 2014-11-07 23:56 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\kmddsp.tsp
2015-03-02 16:23 - 2014-11-07 23:56 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\rasmxs.dll
2015-03-02 16:23 - 2014-11-07 23:56 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\rasser.dll
2015-03-02 16:23 - 2014-11-07 23:24 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\rasdiag.dll
2015-03-02 16:23 - 2014-11-07 23:13 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kmddsp.tsp
2015-03-02 16:23 - 2014-11-07 23:13 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasmxs.dll
2015-03-02 16:23 - 2014-11-07 23:13 - 00022528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasser.dll
2015-03-02 16:23 - 2014-11-07 22:48 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasdiag.dll
2015-03-02 16:23 - 2014-11-07 22:38 - 00166912 _____ (Microsoft Corporation) C:\Windows\system32\AppxAllUserStore.dll
2015-03-02 16:23 - 2014-11-07 22:17 - 00143360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxAllUserStore.dll
2015-03-02 16:23 - 2014-11-07 22:09 - 00182784 _____ (Microsoft Corporation) C:\Windows\system32\rascfg.dll
2015-03-02 16:23 - 2014-11-07 22:03 - 00733696 _____ (Microsoft Corporation) C:\Windows\system32\SkyDriveTelemetry.dll
2015-03-02 16:23 - 2014-11-07 21:59 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rascfg.dll
2015-03-02 16:23 - 2014-11-07 21:49 - 01154048 _____ (Microsoft Corporation) C:\Windows\system32\SkyDrive.exe
2015-03-02 16:23 - 2014-11-06 23:58 - 00952896 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2015-03-02 16:23 - 2014-11-06 23:20 - 00786120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2015-03-02 16:23 - 2014-11-04 22:12 - 00211968 _____ (Microsoft Corporation) C:\Windows\system32\QSHVHOST.DLL
2015-03-02 16:23 - 2014-11-04 22:12 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\QSVRMGMT.DLL
2015-03-02 16:23 - 2014-11-04 22:06 - 00514048 _____ (Microsoft Corporation) C:\Windows\system32\DevicePairing.dll
2015-03-02 16:23 - 2014-11-04 21:44 - 00657920 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2015-03-02 16:23 - 2014-11-04 21:43 - 00252416 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2015-03-02 16:23 - 2014-11-04 21:41 - 00558080 _____ (Microsoft Corporation) C:\Windows\system32\untfs.dll
2015-03-02 16:23 - 2014-11-04 21:39 - 00155648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\QSHVHOST.DLL
2015-03-02 16:23 - 2014-11-04 21:39 - 00094208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\QSVRMGMT.DLL
2015-03-02 16:23 - 2014-11-04 21:33 - 00465408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DevicePairing.dll
2015-03-02 16:23 - 2014-11-04 21:21 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\WSDApi.dll
2015-03-02 16:23 - 2014-11-04 21:20 - 00498688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2015-03-02 16:23 - 2014-11-04 21:18 - 00507392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\untfs.dll
2015-03-02 16:23 - 2014-11-04 21:14 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\WSDMon.dll
2015-03-02 16:23 - 2014-11-04 21:06 - 00555520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSDApi.dll
2015-03-02 16:23 - 2014-11-04 15:33 - 00058176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dam.sys
2015-03-02 16:23 - 2014-11-04 15:25 - 00059712 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\kbdclass.sys
2015-03-02 16:23 - 2014-11-04 15:25 - 00051008 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\mouclass.sys
2015-03-02 16:23 - 2014-11-04 02:55 - 00026112 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\sermouse.sys
2015-03-02 16:23 - 2014-11-04 02:54 - 00108544 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\i8042prt.sys
2015-03-02 16:23 - 2014-11-04 02:54 - 00032256 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\kbdhid.sys
2015-03-02 16:23 - 2014-11-04 02:54 - 00030208 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\mouhid.sys
2015-03-02 16:23 - 2014-11-04 02:27 - 00128512 _____ (Microsoft Corporation) C:\Windows\splwow64.exe
2015-03-02 16:23 - 2014-11-04 01:01 - 00827392 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2015-03-02 16:23 - 2014-10-30 19:39 - 01970432 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-02 16:23 - 2014-10-30 19:38 - 01612992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-02 16:23 - 2014-10-28 23:05 - 00551232 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2015-03-02 16:23 - 2014-10-28 22:02 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-03-02 16:23 - 2014-10-28 22:02 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-03-02 16:23 - 2014-10-28 21:57 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-03-02 16:23 - 2014-10-28 21:55 - 00242176 _____ (Microsoft Corporation) C:\Windows\system32\WinSCard.dll
2015-03-02 16:23 - 2014-10-28 21:15 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-03-02 16:23 - 2014-10-28 21:15 - 00005632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-03-02 16:23 - 2014-10-28 21:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-03-02 16:23 - 2014-10-28 21:13 - 00169984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinSCard.dll
2015-03-02 16:23 - 2014-10-28 21:13 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-03-02 16:23 - 2014-10-28 21:13 - 00008704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-03-02 16:23 - 2014-10-20 21:59 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\eventcls.dll
2015-03-02 16:23 - 2014-10-20 21:19 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\eventcls.dll
2015-03-02 16:23 - 2014-10-20 20:50 - 00074752 _____ (Microsoft Corporation) C:\Windows\system32\vsstrace.dll
2015-03-02 16:23 - 2014-10-20 20:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\vssapi.dll
2015-03-02 16:23 - 2014-10-20 20:31 - 00055296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vsstrace.dll
2015-03-02 16:23 - 2014-10-20 20:30 - 01454080 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe
2015-03-02 16:23 - 2014-10-20 20:20 - 01142272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vssapi.dll
2015-03-02 16:23 - 2014-10-18 04:09 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-03-02 16:23 - 2014-10-18 04:09 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-03-02 16:23 - 2014-10-18 03:25 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-03-02 16:23 - 2014-10-18 02:50 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\wuaext.dll
2015-03-02 16:23 - 2014-10-17 00:56 - 00238912 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2015-03-02 16:23 - 2014-10-17 00:56 - 00153920 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2015-03-02 16:23 - 2014-10-17 00:56 - 00039744 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\intelpep.sys
2015-03-02 16:23 - 2014-10-16 23:35 - 00086336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2015-03-02 16:17 - 2015-03-02 16:17 - 00000000 ____D () C:\Windows\SysWOW64\sda
2015-03-02 16:17 - 2015-03-02 16:17 - 00000000 ____D () C:\Program Files (x86)\Realtek
2015-03-02 16:17 - 2012-06-13 19:24 - 09888912 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RtsUVStoricon.dll
2015-03-02 16:17 - 2012-06-13 19:24 - 00315536 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RtsUVStor.sys
2015-03-02 16:15 - 2015-03-09 21:21 - 00000000 ____D () C:\Program Files\Lenovo
2015-03-02 16:15 - 2015-03-07 15:08 - 00022182 _____ () C:\Windows\DPINST.LOG
2015-03-02 16:15 - 2015-03-07 15:07 - 00019872 _____ (Lenovo (Beijing) Limited) C:\Windows\system32\LenovoSDKEmSubSystem.dll
2015-03-02 16:15 - 2015-03-02 16:15 - 00000000 ____D () C:\Program Files\DIFX
2015-03-02 16:14 - 2015-03-02 16:14 - 00000000 ____D () C:\Users\Benjamin\AppData\Local\Downloaded Installations
2015-03-02 12:50 - 2015-03-02 12:50 - 00000000 ____D () C:\Users\Benjamin\Documents\Avatar
2015-03-02 12:49 - 2015-03-16 08:24 - 00000000 ____D () C:\Users\Benjamin\Documents\YouCam
2015-03-02 12:49 - 2015-03-02 12:49 - 00000000 ____D () C:\Users\Benjamin\AppData\Local\Power2Go9
2015-03-02 12:48 - 2015-03-03 20:34 - 00000000 ____D () C:\Users\Benjamin\AppData\Roaming\CyberLink
2015-03-02 12:48 - 2015-03-02 12:48 - 00000000 ____D () C:\Users\Benjamin\AppData\Local\CyberLink
2015-03-02 12:42 - 2015-03-02 12:42 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink WaveEditor 2
2015-03-02 12:41 - 2015-03-02 12:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink LabelPrint 2.5
2015-03-02 12:40 - 2015-03-02 12:40 - 00001415 _____ () C:\Users\Public\Desktop\CyberLink Power2Go 9.lnk
2015-03-02 12:40 - 2015-03-02 12:40 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Power2Go 9
2015-03-02 12:40 - 2013-06-03 16:18 - 00091912 _____ (CyberLink) C:\Windows\system32\Drivers\CLVirtualDrive1_1.sys
2015-03-02 12:35 - 2015-03-02 12:35 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-03-02 12:34 - 2015-03-02 12:34 - 00000385 _____ () C:\Users\Benjamin\AppData\Roaminguser_gensett.xml
2015-03-02 12:34 - 2015-03-02 12:34 - 00000000 ____D () C:\Users\Benjamin\AppData\Roaming\ATI
2015-03-02 12:34 - 2015-03-02 12:34 - 00000000 ____D () C:\Users\Benjamin\AppData\Local\ATI
2015-03-02 12:34 - 2015-03-02 12:34 - 00000000 ____D () C:\Users\Benjamin\AppData\Local\AMD
2015-03-02 12:34 - 2015-03-02 12:34 - 00000000 ____D () C:\ProgramData\ATI
2015-03-02 12:33 - 2015-03-02 12:33 - 00000000 ____D () C:\ProgramData\AMD
2015-03-02 11:19 - 2015-03-03 18:35 - 00000000 ____D () C:\Users\Public\Documents\CyberLink
2015-03-02 11:19 - 2015-03-02 11:19 - 00000000 ____D () C:\Users\Public\CyberLink
2015-03-02 10:46 - 2015-03-02 10:46 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2015-03-02 10:46 - 2015-03-02 10:46 - 00000000 ____D () C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SanDisk
2015-03-02 10:45 - 2015-03-02 10:46 - 00000000 ____D () C:\Users\Benjamin\AppData\Roaming\SanDisk
2015-03-02 10:32 - 2015-03-09 21:24 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-03-02 10:32 - 2015-03-02 10:32 - 00002181 _____ () C:\Users\Public\Desktop\CyberLink YouCam 6.lnk
2015-03-02 10:32 - 2015-03-02 10:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink YouCam 6
2015-03-02 10:32 - 2013-10-29 03:26 - 00041704 _____ (CyberLink Corporation) C:\Windows\system32\Drivers\clwvd6.sys
2015-03-02 10:29 - 2015-03-09 21:20 - 00000000 ____D () C:\ProgramData\Temp
2015-03-02 10:29 - 2015-03-02 12:42 - 00000000 ____D () C:\Program Files (x86)\CyberLink
2015-03-02 10:28 - 2015-03-02 12:47 - 00000000 ____D () C:\ProgramData\install_clap
2015-03-02 10:28 - 2015-03-02 10:41 - 00000000 ____D () C:\ProgramData\SUPPORTDIR
2015-03-02 10:24 - 2015-03-03 20:34 - 00000000 ____D () C:\ProgramData\CyberLink
2015-03-02 10:22 - 2015-03-16 09:33 - 00000930 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-03-02 10:22 - 2015-03-16 09:33 - 00000926 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-02 10:22 - 2015-03-14 12:01 - 00000000 ____D () C:\Users\Benjamin\AppData\Local\Google
2015-03-02 10:22 - 2015-03-14 12:01 - 00000000 ____D () C:\Program Files (x86)\Google
2015-03-02 10:22 - 2015-03-13 12:39 - 00002203 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-02 10:22 - 2015-03-02 10:28 - 00003902 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-03-02 10:22 - 2015-03-02 10:28 - 00003666 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-03-02 10:22 - 2015-03-02 10:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-03-02 10:21 - 2015-03-03 21:35 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-03-02 10:20 - 2015-03-03 21:30 - 00000000 ____D () C:\ProgramData\Adobe
2015-03-02 10:19 - 2015-03-04 09:50 - 00000000 ____D () C:\Users\Benjamin\AppData\Local\Adobe
2015-03-02 10:17 - 2015-03-02 10:17 - 00060601 _____ () C:\Windows\SysWOW64\CCCInstall_201503020917399073.log
2015-03-02 10:17 - 2015-03-02 10:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-03-02 10:17 - 2015-03-02 10:17 - 00000000 ____D () C:\Program Files\ATI Technologies
2015-03-02 10:16 - 2015-03-02 10:17 - 00000000 ____D () C:\Program Files (x86)\ATI Technologies
2015-03-02 10:15 - 2015-03-02 10:16 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-02 08:30 - 2014-12-08 23:45 - 00393728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-03-02 08:30 - 2014-12-08 21:56 - 00538624 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-03-02 08:29 - 2015-01-11 22:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-02 08:29 - 2015-01-11 21:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-02 08:29 - 2015-01-11 21:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-02 08:29 - 2015-01-11 21:23 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-02 08:29 - 2014-11-21 22:49 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-03-02 08:29 - 2014-11-21 22:06 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-03-02 08:24 - 2015-01-15 18:43 - 00563504 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-02 08:24 - 2015-01-15 18:43 - 00177984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-02 08:24 - 2015-01-14 00:22 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-03-02 08:24 - 2015-01-13 23:53 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-03-02 08:23 - 2014-12-08 21:50 - 00225280 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-03-02 08:23 - 2014-11-09 22:29 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\DeviceSetupStatusProvider.dll
2015-03-02 08:23 - 2014-11-09 21:51 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DeviceSetupStatusProvider.dll
2015-03-02 08:21 - 2014-12-19 02:26 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-03-02 08:21 - 2014-12-13 17:28 - 00513488 _____ () C:\Windows\SysWOW64\locale.nls
2015-03-02 08:21 - 2014-12-13 17:28 - 00513488 _____ () C:\Windows\system32\locale.nls
2015-03-02 08:21 - 2014-12-11 22:04 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-03-02 08:21 - 2014-12-11 20:51 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ahcache.sys
2015-03-02 08:20 - 2014-12-19 04:57 - 00788680 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-03-02 08:20 - 2014-12-19 04:25 - 00602776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-03-02 08:18 - 2015-03-02 08:18 - 00000385 _____ () C:\Windows\system32\user_gensett.xml
2015-03-02 01:03 - 2015-03-04 12:43 - 00000000 __SHD () C:\Recovery
2015-03-02 00:52 - 2015-03-03 16:33 - 00000000 ____D () C:\Windows\Panther
2015-03-01 23:31 - 2015-01-19 14:42 - 01487976 _____ (Microsoft Corporation) C:\Windows\system32\sppobjs.dll
2015-03-01 23:31 - 2014-12-08 15:42 - 00535640 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-03-01 23:31 - 2014-12-08 15:42 - 00531616 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-03-01 23:31 - 2014-12-08 15:42 - 00448792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-03-01 23:31 - 2014-12-08 15:42 - 00413248 _____ (Microsoft Corporation) C:\Windows\system32\Faultrep.dll
2015-03-01 23:31 - 2014-12-08 15:42 - 00372408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Faultrep.dll
2015-03-01 23:31 - 2014-12-08 15:42 - 00108944 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-01 23:31 - 2014-12-08 15:42 - 00038264 _____ (Microsoft Corporation) C:\Windows\system32\WerFaultSecure.exe
2015-03-01 23:31 - 2014-12-08 15:42 - 00033584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WerFaultSecure.exe
2015-03-01 23:31 - 2014-12-05 23:17 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-03-01 23:31 - 2014-12-05 21:41 - 00391680 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-03-01 23:31 - 2014-12-05 21:35 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2015-03-01 23:31 - 2014-11-09 19:19 - 00991232 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-01 23:31 - 2014-11-09 19:19 - 00806400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-01 23:31 - 2014-11-09 19:18 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-03-01 23:31 - 2014-11-09 19:18 - 00208896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2015-03-01 23:30 - 2015-02-03 19:38 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-03-01 23:30 - 2015-02-03 19:08 - 00761856 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-03-01 23:30 - 2015-02-03 19:08 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-03-01 23:30 - 2015-02-02 19:11 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-03-01 23:30 - 2015-02-02 19:11 - 00894464 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-03-01 23:30 - 2015-02-02 19:11 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-03-01 23:30 - 2014-12-02 19:09 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-03-01 23:30 - 2014-10-30 18:37 - 00129536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-03-01 23:30 - 2014-10-30 18:34 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-03-01 23:29 - 2014-07-23 23:20 - 00875688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2015-03-01 23:29 - 2014-07-23 23:20 - 00869544 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2015-03-01 23:14 - 2015-03-01 23:14 - 00262544 _____ (BitDefender) C:\Windows\system32\Drivers\avchv.sys
2015-03-01 23:14 - 2015-03-01 23:14 - 00074000 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin32.dll
2015-03-01 23:02 - 2015-03-11 10:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-03-01 23:01 - 2015-03-01 23:01 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2015-03-01 23:01 - 2015-03-01 23:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server
2015-03-01 23:00 - 2015-03-01 23:01 - 00000000 ____D () C:\Program Files\Microsoft SQL Server
2015-03-01 23:00 - 2015-03-01 23:00 - 00000000 ____D () C:\Windows\PCHEALTH
2015-03-01 22:55 - 2015-03-01 22:55 - 00000000 ____D () C:\Program Files\Microsoft Analysis Services
2015-03-01 22:55 - 2015-03-01 22:55 - 00000000 ____D () C:\Program Files (x86)\Microsoft Analysis Services
2015-03-01 22:54 - 2015-03-11 10:11 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-01 22:54 - 2015-03-01 23:00 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-03-01 22:54 - 2015-03-01 22:54 - 00000000 __RHD () C:\MSOCache
2015-03-01 22:54 - 2015-03-01 22:54 - 00000000 ____D () C:\Users\Benjamin\AppData\Local\Microsoft Help
2015-03-01 22:54 - 2015-03-01 22:54 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-03-01 22:47 - 2015-03-01 22:50 - 00000000 ____D () C:\Users\Benjamin\AppData\Local\WinZip
2015-03-01 22:47 - 2015-03-01 22:49 - 00000000 ____D () C:\ProgramData\WinZip
2015-03-01 22:47 - 2015-03-01 22:47 - 00002299 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\WinZip.lnk
2015-03-01 22:47 - 2015-03-01 22:47 - 00002293 _____ () C:\Users\Public\Desktop\WinZip.lnk
2015-03-01 22:47 - 2015-03-01 22:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
2015-03-01 22:47 - 2015-03-01 22:47 - 00000000 ____D () C:\Program Files\WinZip
2015-03-01 22:44 - 2015-03-01 22:44 - 00694684 _____ () C:\ProgramData\1425263792.bdinstall.bin
2015-03-01 22:42 - 2015-03-01 23:13 - 00082824 _____ (BitDefender SRL) C:\Windows\system32\Drivers\bdsandbox.sys
2015-03-01 22:42 - 2015-03-01 22:42 - 00002217 _____ () C:\Users\Public\Desktop\Bitdefender Total Security 2015.lnk
2015-03-01 22:42 - 2015-03-01 22:42 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2015-03-01 22:42 - 2015-03-01 22:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2015
2015-03-01 22:42 - 2015-03-01 22:42 - 00000000 ____D () C:\ProgramData\BDLogging
2015-03-01 22:42 - 2014-12-02 17:37 - 00074000 _____ (BitDefender SRL) C:\Windows\SysWOW64\bdsandboxuiskin32.dll
2015-03-01 22:42 - 2013-11-19 15:44 - 00098768 _____ (BitDefender LLC) C:\Windows\system32\Drivers\bdfndisf6.sys
2015-03-01 22:42 - 2013-09-08 21:04 - 00023568 _____ (Bitdefender) C:\Windows\system32\Drivers\bdelam.sys
2015-03-01 22:42 - 2013-07-30 19:41 - 00079192 _____ (BitDefender) C:\Windows\system32\Drivers\bdvedisk.sys
2015-03-01 22:42 - 2009-07-14 15:21 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2015-03-01 22:42 - 2007-04-11 12:11 - 00511328 _____ (Microsoft Corporation) C:\Windows\capicom.dll
2015-03-01 22:41 - 2015-03-01 23:13 - 01306464 _____ (BitDefender) C:\Windows\system32\Drivers\avc3.sys
2015-03-01 22:41 - 2015-03-01 23:13 - 00677104 _____ (BitDefender) C:\Windows\system32\Drivers\avckf.sys
2015-03-01 22:39 - 2015-03-01 22:48 - 00000000 ____D () C:\Users\Benjamin\AppData\Roaming\Bitdefender
2015-03-01 22:36 - 2015-03-01 23:13 - 00084848 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuiskin.dll
2015-03-01 22:36 - 2015-03-01 23:13 - 00033360 _____ (BitDefender SRL) C:\Windows\system32\bdsandboxuh.dll
2015-03-01 22:36 - 2015-03-01 22:43 - 00000000 ____D () C:\ProgramData\Bitdefender
2015-03-01 22:36 - 2015-03-01 22:39 - 00000000 ____D () C:\Program Files\Bitdefender
2015-03-01 22:36 - 2015-03-01 22:36 - 00000000 ____D () C:\Users\Benjamin\AppData\Roaming\QuickScan
2015-03-01 22:36 - 2015-03-01 22:36 - 00000000 ____D () C:\Program Files\Common Files\Bitdefender
2015-03-01 22:36 - 2014-10-22 10:29 - 00155912 _____ (BitDefender LLC) C:\Windows\system32\Drivers\gzflt.sys
2015-03-01 22:36 - 2014-10-15 17:14 - 00452040 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2015-03-01 22:33 - 2015-03-01 22:33 - 00000000 ____D () C:\Users\Benjamin\AppData\Roaming\Macromedia
2015-03-01 22:30 - 2015-03-16 08:28 - 00003950 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{ACDDB56B-C698-4004-8142-49EDAC83058A}
2015-03-01 22:30 - 2015-03-01 22:30 - 00000000 __SHD () C:\Users\Benjamin\AppData\Local\EmieUserList
2015-03-01 22:30 - 2015-03-01 22:30 - 00000000 __SHD () C:\Users\Benjamin\AppData\Local\EmieSiteList
2015-03-01 22:30 - 2015-03-01 22:30 - 00000000 __SHD () C:\Users\Benjamin\AppData\Local\EmieBrowserModeList
2015-03-01 22:29 - 2015-03-01 22:29 - 00000000 ____D () C:\AMD
2015-03-01 22:29 - 2015-03-01 22:29 - 00000000 _____ () C:\Windows\ativpsrm.bin
2015-03-01 22:28 - 2015-03-01 22:28 - 00000000 ____D () C:\Program Files\AMD
2015-03-01 22:25 - 2015-03-16 08:53 - 00003598 _____ () C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2135493077-3049852841-3259435936-1001
2015-03-01 22:24 - 2015-03-01 22:24 - 00004608 _____ () C:\Windows\SECOH-QAD.exe
2015-03-01 22:24 - 2015-03-01 22:24 - 00003584 _____ () C:\Windows\SECOH-QAD.dll
2015-03-01 22:24 - 2015-03-01 22:24 - 00003370 _____ () C:\Windows\System32\Tasks\AutoPico Daily Restart
2015-03-01 22:24 - 2015-03-01 22:24 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_LocationProvider_01_11_00.Wdf
2015-03-01 22:24 - 2015-03-01 22:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KMSpico
2015-03-01 22:24 - 2010-12-05 22:16 - 00090112 _____ (Vestris Inc.) C:\Windows\system32\Vestris.ResourceLib.dll
2015-03-01 22:23 - 2015-03-01 22:24 - 00000000 ____D () C:\Program Files\KMSpico
2015-03-01 22:23 - 2015-03-01 22:23 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2015-03-01 22:21 - 2015-03-16 08:24 - 00000000 ____D () C:\Users\Benjamin\OneDrive
2015-03-01 22:14 - 2015-03-03 21:31 - 00000000 ____D () C:\Users\Benjamin\AppData\Roaming\Adobe
2015-03-01 22:14 - 2015-03-01 22:31 - 00000000 ____D () C:\Users\Benjamin\AppData\Local\PackageStaging
2015-03-01 22:14 - 2015-03-01 22:14 - 00001446 _____ () C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-03-01 22:14 - 2015-03-01 22:14 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-01 22:13 - 2015-03-14 15:41 - 00000000 ____D () C:\Users\Benjamin\AppData\Local\Packages
2015-03-01 22:13 - 2015-03-14 12:02 - 00000000 ____D () C:\Users\Benjamin
2015-03-01 22:13 - 2015-03-03 17:25 - 00000000 ____D () C:\Users\Benjamin\AppData\Local\VirtualStore
2015-03-01 22:13 - 2015-03-01 22:13 - 00000020 ___SH () C:\Users\Benjamin\ntuser.ini
2015-03-01 22:13 - 2014-11-21 12:17 - 00000000 ___RD () C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-01 22:13 - 2014-11-21 12:17 - 00000000 ___RD () C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-01 22:13 - 2014-11-21 12:17 - 00000000 ___RD () C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-03-01 22:13 - 2014-11-21 04:53 - 00000369 _____ () C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
2015-03-01 22:13 - 2014-11-21 04:53 - 00000369 _____ () C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
2015-03-01 22:13 - 2013-08-22 11:36 - 00000000 ____D () C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-03-01 22:11 - 2015-03-01 22:11 - 00000000 ____D () C:\Windows\CSC
2015-03-01 22:09 - 2015-03-16 08:56 - 01305533 _____ () C:\Windows\WindowsUpdate.log
2015-02-17 15:30 - 2015-02-17 15:30 - 01691808 _____ (Microsoft Corporation) C:\Windows\system32\FM20.DLL
2015-02-06 18:39 - 2015-02-06 18:39 - 00081088 _____ (VMware, Inc.) C:\Windows\system32\vmnetbridge.dll
2015-02-06 18:39 - 2015-02-06 18:39 - 00049856 _____ (VMware, Inc.) C:\Windows\system32\vnetinst.dll
2015-02-06 18:39 - 2015-02-06 18:39 - 00048832 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetbridge.sys
2015-02-06 18:39 - 2015-02-06 18:39 - 00028864 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnetadapter.sys
2015-02-06 18:39 - 2015-02-06 18:39 - 00027328 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmnet.sys
2015-01-07 15:55 - 2015-01-07 15:55 - 00085584 _____ (VMware, Inc.) C:\Windows\system32\Drivers\vmci.sys

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-16 09:00 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\sru
2015-03-16 08:21 - 2013-08-22 10:45 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-16 08:20 - 2013-08-22 10:46 - 00002837 _____ () C:\Windows\setupact.log
2015-03-16 08:20 - 2013-08-22 10:44 - 00483920 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-16 08:19 - 2014-11-21 04:34 - 00014638 _____ () C:\Windows\PFRO.log
2015-03-15 22:09 - 2013-08-22 09:25 - 00262144 ___SH () C:\Windows\system32\config\BBI
2015-03-15 20:37 - 2014-11-21 04:43 - 00867740 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-15 16:47 - 2013-08-22 09:25 - 00262144 ___SH () C:\Windows\system32\config\ELAM
2015-03-14 11:39 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\AppReadiness
2015-03-12 21:05 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\rescache
2015-03-12 15:43 - 2013-08-22 10:46 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-12 15:28 - 2013-08-22 11:36 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-03-12 15:28 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\SysWOW64\GroupPolicy
2015-03-12 10:07 - 2013-08-22 11:36 - 00000000 __RSD () C:\Windows\Media
2015-03-11 22:38 - 2013-08-22 11:36 - 00000000 ___RD () C:\Windows\ToastData
2015-03-11 22:38 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-11 22:38 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-03-11 22:38 - 2013-08-22 11:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-03-11 22:38 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\WinStore
2015-03-11 22:38 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-03-11 22:38 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Windows Defender
2015-03-11 22:38 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-03-11 10:11 - 2013-08-22 11:20 - 00000000 ____D () C:\Windows\CbsTemp
2015-03-11 09:36 - 2013-08-22 09:25 - 00000167 _____ () C:\Windows\win.ini
2015-03-04 17:24 - 2014-11-21 12:23 - 00792032 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-04 17:24 - 2014-11-21 12:23 - 00178144 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-04 14:30 - 2012-02-21 06:48 - 01511280 _____ (Microsoft Corporation) C:\Windows\system32\WudfUpdate_01011.dll
2015-03-04 13:23 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-RS
2015-03-04 13:23 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\sr-Latn-CS
2015-03-04 11:27 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2015-03-03 22:16 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-03-03 19:45 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\System
2015-03-02 16:53 - 2014-11-21 12:17 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-03-02 16:53 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\SysWOW64\setup
2015-03-02 16:53 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\setup
2015-03-02 16:46 - 2013-08-22 11:36 - 00000000 ___RD () C:\Windows\ImmersiveControlPanel
2015-03-02 16:14 - 2010-10-25 20:44 - 00029792 _____ (Lenovo Corporation) C:\Windows\system32\Drivers\AcpiVpc.sys
2015-03-02 01:03 - 2013-08-22 11:37 - 00002988 _____ () C:\Windows\DtcInstall.log
2015-03-02 01:03 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\Recovery
2015-03-02 00:59 - 2013-08-22 09:36 - 00000000 __RHD () C:\Users\Default
2015-03-02 00:51 - 2013-08-22 11:36 - 00262144 _____ () C:\Windows\system32\config\BCD-Template
2015-03-01 23:01 - 2014-11-21 04:25 - 00000000 ____D () C:\Windows\ShellNew
2015-03-01 22:56 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Common Files\System
2015-03-01 22:53 - 2013-08-22 11:36 - 00000000 ____D () C:\Windows\system32\restore

==================== Files in the root of some directories =======

2015-03-01 22:44 - 2015-03-01 22:44 - 0694684 _____ () C:\ProgramData\1425263792.bdinstall.bin
2015-03-02 17:07 - 2015-03-02 17:07 - 0000016 _____ () C:\ProgramData\mntemp

Files to move or delete:
====================
C:\Users\Benjamin\SBExtnBack.exe


Some content of TEMP:
====================
C:\Users\Benjamin\AppData\Local\Temp\bassmod.dll
C:\Users\Benjamin\AppData\Local\Temp\bitool.dll
C:\Users\Benjamin\AppData\Local\Temp\pyl5B73.tmp.exe
C:\Users\Benjamin\AppData\Local\Temp\pyl6CE7.tmp.exe
C:\Users\Benjamin\AppData\Local\Temp\pyl93D4.tmp.exe
C:\Users\Benjamin\AppData\Local\Temp\Uninstall.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=\Device\HarddiskVolume1
description Windows Boot Manager
locale en-US
inherit {globalsettings}
integrityservices Enable
default {current}
resumeobject {9f106e56-c4f9-11e4-92d0-b7236405d3f7}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30

Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \Windows\system32\winload.exe
description Windows 8.1
locale en-US
inherit {bootloadersettings}
recoverysequence {9f106e58-c4f9-11e4-92d0-b7236405d3f7}
integrityservices Enable
recoveryenabled Yes
allowedinmemorysettings 0x15000075
osdevice partition=C:
systemroot \Windows
resumeobject {9f106e56-c4f9-11e4-92d0-b7236405d3f7}
nx OptIn
bootmenupolicy Standard

Windows Boot Loader
-------------------
identifier {9f106e58-c4f9-11e4-92d0-b7236405d3f7}
device ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{9f106e59-c4f9-11e4-92d0-b7236405d3f7}
path \windows\system32\winload.exe
description Windows Recovery Environment
locale en-US
inherit {bootloadersettings}
displaymessage Recovery
osdevice ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{9f106e59-c4f9-11e4-92d0-b7236405d3f7}
systemroot \windows
nx OptIn
bootmenupolicy Standard
winpe Yes

Resume from Hibernate
---------------------
identifier {9f106e56-c4f9-11e4-92d0-b7236405d3f7}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale en-US
inherit {resumeloadersettings}
recoverysequence {9f106e58-c4f9-11e4-92d0-b7236405d3f7}
recoveryenabled Yes
allowedinmemorysettings 0x15000075
filedevice partition=C:
filepath \hiberfil.sys
bootmenupolicy Standard
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=\Device\HarddiskVolume1
path \boot\memtest.exe
description Windows Memory Diagnostic
locale en-US
inherit {globalsettings}
badmemoryaccess Yes

EMS Settings
------------
identifier {emssettings}
bootems No

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Device options
--------------
identifier {9f106e59-c4f9-11e4-92d0-b7236405d3f7}
description Windows Recovery
ramdisksdidevice partition=\Device\HarddiskVolume1
ramdisksdipath \Recovery\WindowsRE\boot.sdi



LastRegBack: 2015-03-12 11:03

==================== End Of Log ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Benjamin at 2015-03-16 09:55:48
Running from C:\Users\Benjamin\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Bitdefender Antivirus (Enabled - Up to date) {9A0813D8-CED6-F86B-072E-28D2AF25A83D}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Bitdefender Antispyware (Enabled - Up to date) {2169F23C-E8EC-F7E5-3D9E-13A0D4A2E280}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Enabled) {A23392FD-84B9-F933-2C71-81E751F6EF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.38 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0938-000001000000}) (Version: 9.38.00.0 - Igor Pavlov)
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{77588F59-3C58-4675-8EEE-998E5BC33CF4}) (Version: 1.4 - Eyeo GmbH)
Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.10 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 16.0.0.273 - Adobe Systems Incorporated)
Adobe Customization Wizard XI (HKLM-x32\...\{AC76BA86-1033-0000-0000-000000000063}) (Version: 11.0.03 - Adobe Systems, Inc.)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.9 - Adobe Systems Incorporated)
Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.0.45.2 - Adobe Systems Incorporated)
AOMEI Backupper 2.5 Beta (HKLM-x32\...\{A83692E5-3E9B-4E95-9E7E-B5DF5556C09F}_is1) (Version: - AOMEI Technology Co., Ltd.)
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bing Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.470.0 - Microsoft Corporation)
Bitdefender Total Security 2015 (HKLM\...\Bitdefender) (Version: 18.20.0.1429 - Bitdefender)
BitTorrent PRO (HKLM-x32\...\BitTorrent PRO) (Version: 5.9.0.0 - IntelPeers LLC)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon IJ Network Scan Utility (HKLM-x32\...\Canon_IJ_Network_Scan_UTILITY) (Version: - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: - )
Canon MX700 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX700_series) (Version: - )
Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
CyberLink LabelPrint 2.5 (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.0.6603 - CyberLink Corp.)
CyberLink Power2Go 9 (HKLM-x32\...\InstallShield_{57D68FAE-CB5E-4fd6-AE3B-A0B43375AF18}) (Version: 9.0.1002.0 - CyberLink Corp.)
CyberLink WaveEditor 2 (HKLM-x32\...\InstallShield_{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 2.0.0.4203 - CyberLink Corp.)
CyberLink YouCam 6 (HKLM-x32\...\{A9CEDD6E-4792-493e-BB35-D86D2E188A5A}) (Version: 6.0.3805.0 - CyberLink Corp.)
Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 6.0.1.6 - Lenovo)
Energy Management (x32 Version: 6.0.1.6 - Lenovo) Hidden
Geometry Teaching Textbook (HKLM-x32\...\Geometry Teaching Textbook) (Version: - Teaching Textbooks Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.89 - Google Inc.)
Google Drive (HKLM-x32\...\{6C36881B-0E51-4231-9D02-BF2149664D34}) (Version: 1.20.8672.3137 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
iCloud (HKU\S-1-5-21-2135493077-3049852841-3259435936-1001\...\69326e9364ca2485) (Version: 1.0.0.12 - iCloud)
ITbrain Agent (HKLM-x32\...\ITbrain Agent) (Version: 1.0.0 - TeamViewer)
ITbrain Agent (x32 Version: 1.0 - InstallAware Software Corporation) Hidden
ITbrain Agent (x32 Version: 1.0.0 - TeamViewer) Hidden
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Java 8 Update 40 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218040F0}) (Version: 8.0.400 - Oracle Corporation)
KMSpico (HKLM\...\{8B29D47F-92E2-4C20-9EE0-F710991F5D7C}_is1) (Version: - )
LEGO Digital Designer (HKLM-x32\...\New LEGO Digital Designer) (Version: - LEGO A/S)
LEGO MINDSTORMS NXT - English Language Pack (HKLM-x32\...\{D70FB770-BE91-4A1C-942B-F2F7C3BFB2C7}) (Version: 2.0.100.0 - The LEGO Group)
LEGO MINDSTORMS NXT Driver for x64 (HKLM\...\{74E85F31-573F-45BF-8939-4D2BCDCC2083}) (Version: 1.17.770 - LEGO)
LEGO MINDSTORMS NXT Migration Package (HKLM-x32\...\{6C1D47CC-682C-4673-8CA8-DEE659628599}) (Version: 1.2.8.0 - LEGO)
LEGO MINDSTORMS NXT Software v2.0 (HKLM-x32\...\{5B7EDCF8-E6AD-4E99-972C-34BF1F07B349}) (Version: 2.0.114.0 - LEGO)
Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.1219 - CyberLink Corp.)
Lenovo OneKey Recovery (Version: 8.0.0.1219 - CyberLink Corp.) Hidden
MEGAsync (HKLM-x32\...\MEGAsync) (Version: - Mega Limited)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUSR) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39029 - Realtek Semiconductor Corp.)
Rosetta Stone Version 3 (HKLM-x32\...\{80F7CA44-F3A5-4853-8BA6-DDF57CD4F078}) (Version: 3.4.7.0 - Rosetta Stone Ltd.)
Sandboxie 4.16 (64-bit) (HKLM\...\Sandboxie) (Version: 4.16 - Sandboxie Holdings, LLC)
Sansa Updater (HKU\S-1-5-21-2135493077-3049852841-3259435936-1001\...\Sansa Updater) (Version: 1.407 - SanDisk Corporation)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{91150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUSR_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
SwagButton (HKLM-x32\...\{6188133D-5A55-437C-BEB7-7B0113BDE0FD}) (Version: 161.0.99 - Prodege)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.39052 - TeamViewer)
Total Uninstall 6.12.0 (HKLM\...\Total Uninstall 6_is1) (Version: 6.12.0 - Gavrila Martau)
VMware Workstation (HKLM-x32\...\VMware_Workstation) (Version: 11.1.0 - VMware, Inc)
VMware Workstation (Version: 11.1.0 - VMware, Inc.) Hidden
Windows Driver Package - Lenovo (ACPIVPC) System (12/02/2010 6.1.0.1) (HKLM\...\EA12B1FB53CE4E387C31A85236C41EF559B5E392) (Version: 12/02/2010 6.1.0.1 - Lenovo)
WinZip 19.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E7}) (Version: 19.0.11294 - WinZip Computing, S.L. )

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points =========================


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {2A95E90A-5B9D-4275-9221-F05675E916AE} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {2B1D48FD-481E-445E-B3F4-FE1EB0DA3B41} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2014-10-26] (@ByELDI)
Task: {3F940D7C-76F2-4F8E-92A8-E6517B578056} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-03-11] (Microsoft Corporation)
Task: {4AC634AF-BC6C-4E8A-A1CF-111C7865DD53} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {5BD7AAF5-F2C3-4E1D-BEEC-F8B27FD4DEE0} - System32\Tasks\Apple Diagnostics => C:\Program Files (x86)\Common Files\Apple\Internet Services\EReporter.exe [2014-12-01] (Apple Inc.)
Task: {77480325-51CA-4E9F-AD7F-4AF6439A9796} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-02] (Google Inc.)
Task: {93522187-C3BC-4BA7-98F9-1F1CCF38ED0F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {9C0ED3C5-549B-4E39-AB80-0256E7E35C23} - System32\Tasks\Microsoft Office 15 Sync Maintenance for BENJAMINSPC-Benjamin BenjaminsPC => C:\Program Files\Microsoft Office\Office15\MsoSync.exe [2015-02-10] (Microsoft Corporation)
Task: {A0795BA3-C221-4229-92F4-C04674F5C592} - System32\Tasks\{D5953DCC-AC87-43A8-995E-C0E7CC25D0D2} => Iexplore.exe http://ui.skype.com/ui/0/7.2.0.103/en/go/help.faq.installer?source=lightinstaller&LastError=1618
Task: {C63B55D1-7DE9-47B6-8D97-D8033264AC99} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {F5FD15A6-CC06-40F0-8F0B-851895049F68} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {FC2510F2-641D-4814-B7C3-973123CF7F93} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-02] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2015-03-01 22:42 - 2014-08-27 17:31 - 00265080 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\txmlutil.dll
2015-03-01 22:41 - 2013-09-03 15:29 - 00101328 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdmetrics.dll
2015-03-01 22:42 - 2014-12-17 15:34 - 00003072 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\UI\accessl.ui
2015-03-01 22:42 - 2012-10-29 15:22 - 00152816 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\bdfwcore.dll
2015-03-01 22:49 - 2015-03-01 22:49 - 00784712 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00050_002\ashttpbr.mdl
2015-03-01 22:49 - 2015-03-01 22:49 - 00573544 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00050_002\ashttpdsp.mdl
2015-03-01 22:49 - 2015-03-01 22:49 - 02657264 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00050_002\ashttpph.mdl
2015-03-01 22:49 - 2015-03-01 22:49 - 01331648 _____ () C:\Program Files\Bitdefender\Bitdefender 2015\otengines_00050_002\ashttprbl.mdl
2015-03-15 16:13 - 2015-01-20 05:45 - 00020240 _____ () C:\Windows\system32\spool\PRTPROCS\x64\TeamViewer_PrintProcessor.dll
2014-07-04 22:33 - 2014-07-04 22:33 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2015-02-13 05:20 - 2015-02-13 05:20 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-02-13 05:20 - 2015-02-13 05:20 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-01-21 16:01 - 2015-01-21 16:01 - 08898728 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-05-01 10:13 - 2014-05-01 10:13 - 00470016 _____ () C:\Users\Benjamin\AppData\Local\MEGAsync\ShellExtX64.dll
2015-02-06 18:14 - 2015-02-06 18:14 - 12730048 _____ () C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
2008-12-20 04:20 - 2015-03-07 15:07 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\HookLib.dll
2008-12-20 04:20 - 2015-03-07 15:07 - 00054088 _____ () C:\Program Files (x86)\Lenovo\Energy Management\kbdhook.dll
2014-07-04 22:33 - 2014-07-04 22:33 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2015-03-02 08:33 - 2015-03-02 08:34 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20689_x64__8wekyb3d8bbwe\ErrorReporting.dll
2015-03-05 12:36 - 2015-02-11 14:24 - 00282328 _____ () C:\Program Files (x86)\AOMEI Backupper\UiLogic.dll
2015-03-05 12:36 - 2015-02-11 14:24 - 00224984 _____ () C:\Program Files (x86)\AOMEI Backupper\diskmgr.dll
2015-03-05 12:36 - 2015-02-11 14:24 - 00290520 _____ () C:\Program Files (x86)\AOMEI Backupper\Comn.dll
2015-03-05 12:36 - 2015-02-11 14:24 - 00122584 _____ () C:\Program Files (x86)\AOMEI Backupper\FuncLogic.dll
2015-03-05 12:36 - 2015-02-11 14:24 - 00347864 _____ () C:\Program Files (x86)\AOMEI Backupper\ImgFile.dll
2015-03-05 12:36 - 2015-02-11 14:24 - 00028376 _____ () C:\Program Files (x86)\AOMEI Backupper\Encrypt.dll
2015-03-05 12:36 - 2015-02-11 14:24 - 00483032 _____ () C:\Program Files (x86)\AOMEI Backupper\EnumFolder.dll
2015-03-05 12:36 - 2015-02-11 14:24 - 00069336 _____ () C:\Program Files (x86)\AOMEI Backupper\Compress.dll
2015-03-05 12:36 - 2015-02-11 14:24 - 00102104 _____ () C:\Program Files (x86)\AOMEI Backupper\BrLog.dll
2015-03-05 12:36 - 2015-02-11 14:24 - 00077528 _____ () C:\Program Files (x86)\AOMEI Backupper\Ldm.dll
2015-03-05 12:36 - 2015-02-11 14:24 - 00061144 _____ () C:\Program Files (x86)\AOMEI Backupper\Device.dll
2015-03-05 12:36 - 2015-02-11 14:24 - 00265944 _____ () C:\Program Files (x86)\AOMEI Backupper\BrFat.dll
2015-03-05 12:36 - 2015-02-11 14:24 - 00384728 _____ () C:\Program Files (x86)\AOMEI Backupper\BrNtfs.dll
2015-03-05 12:36 - 2015-02-11 14:24 - 00253656 _____ () C:\Program Files (x86)\AOMEI Backupper\Clone.dll
2015-03-05 12:36 - 2015-02-11 14:24 - 00110296 _____ () C:\Program Files (x86)\AOMEI Backupper\Backup.dll
2015-03-05 12:36 - 2015-02-11 14:24 - 00155352 _____ () C:\Program Files (x86)\AOMEI Backupper\FlBackup.dll
2015-03-05 12:36 - 2015-02-11 14:24 - 00671448 _____ () C:\Program Files (x86)\AOMEI Backupper\Sync.dll
2015-03-05 12:36 - 2013-11-26 18:09 - 02403504 _____ () C:\Program Files (x86)\AOMEI Backupper\QtCore4.dll
2015-03-05 12:36 - 2015-02-11 14:24 - 00102104 _____ () C:\Program Files (x86)\AOMEI Backupper\BrVol.dll
2015-03-05 12:36 - 2015-02-11 14:24 - 00253656 _____ () C:\Program Files (x86)\AOMEI Backupper\GptBcd.dll
2015-03-05 12:36 - 2015-02-11 14:24 - 00175832 _____ () C:\Program Files (x86)\AOMEI Backupper\DeviceMgr.dll
2015-02-06 18:40 - 2015-02-06 18:40 - 01301696 _____ () C:\Program Files (x86)\VMware\VMware Workstation\libxml2.dll
2015-02-06 18:14 - 2015-02-06 18:14 - 00194752 _____ () C:\Program Files (x86)\VMware\VMware Workstation\nfc-types.dll
2015-02-06 18:14 - 2015-02-06 18:14 - 00191680 _____ () C:\Program Files (x86)\VMware\VMware Workstation\LIBEXPAT.dll
2015-02-06 18:14 - 2015-02-06 18:14 - 00388288 _____ () C:\Program Files (x86)\VMware\VMware Workstation\ssoClient.dll
2015-03-02 12:40 - 2013-11-07 22:25 - 00862472 _____ () C:\Program Files (x86)\CyberLink\Power2Go9\UNO.dll
2015-03-02 12:40 - 2013-08-04 22:31 - 09450968 _____ () C:\Program Files (x86)\CyberLink\Power2Go9\Language\ENU\P2GRC.dll
2015-03-02 12:39 - 2013-11-07 22:25 - 01693960 _____ () C:\Program Files (x86)\CyberLink\Power2Go9\runtime\authoring\AuroraU.dll
2015-03-02 12:40 - 2011-12-19 23:30 - 00249344 _____ () C:\Program Files (x86)\CyberLink\Power2Go9\runtime\mediacache\libebml.dll
2015-03-02 12:40 - 2011-12-19 23:30 - 00548352 _____ () C:\Program Files (x86)\CyberLink\Power2Go9\runtime\mediacache\libmatroska.dll
2015-02-13 05:20 - 2015-02-13 05:20 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-03-02 12:39 - 2013-11-07 22:25 - 00175880 _____ () C:\Program Files (x86)\CyberLink\Power2Go9\CLVistaAudioMixer.dll
2015-03-02 12:39 - 2013-11-07 22:26 - 00302344 _____ () C:\Program Files (x86)\CyberLink\Power2Go9\runtime\authoring\EditingMgrWrapperU.dll
2015-03-02 12:39 - 2013-05-19 23:01 - 00627672 _____ () C:\Program Files (x86)\CyberLink\Power2Go9\CLMediaLibrary.dll
2013-05-20 12:02 - 2013-05-20 12:02 - 00016856 _____ () C:\Program Files (x86)\CyberLink\Power2Go9\CLMLSvcPS.dll
2015-03-12 15:27 - 2014-09-05 11:55 - 00132808 _____ () C:\Users\Benjamin\AppData\Local\Microsoft\BingDesktop\en-US\Apps\Wallpaper_5386c77076d04cf9a8b5d619b4cba48e\1.4.82\wallpaper.dll
2015-03-16 09:01 - 2015-03-16 09:01 - 01998848 _____ () C:\Users\Benjamin\AppData\Local\Temp\wrd-da8-18fc-260c6a.~lk\0.mdd
2015-03-16 09:01 - 2015-03-16 09:01 - 00135168 _____ () C:\Users\Benjamin\AppData\Local\Temp\wrd-da8-18fc-260c6a.~lk\1.mdd
2015-03-16 09:01 - 2015-03-16 09:01 - 00196608 _____ () C:\Users\Benjamin\AppData\Local\Temp\wrd-da8-18fc-260c6a.~lk\3.mdd
2015-03-16 09:01 - 2015-03-16 09:01 - 00253952 _____ () C:\Users\Benjamin\AppData\Local\Temp\wrd-da8-18fc-260c6a.~lk\4.mdd

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Users\Benjamin\OneDrive:ms-properties

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2135493077-3049852841-3259435936-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Benjamin\AppData\Local\Microsoft\BingDesktop\en-US\Apps\Wallpaper_5386c77076d04cf9a8b5d619b4cba48e\VersionIndependent\images\36197.jpg
DNS Servers: 209.18.47.61 - 209.18.47.62

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== Accounts: =============================

Administrator (S-1-5-21-2135493077-3049852841-3259435936-500 - Administrator - Disabled)
Benjamin (S-1-5-21-2135493077-3049852841-3259435936-1001 - Administrator - Enabled) => C:\Users\Benjamin
Guest (S-1-5-21-2135493077-3049852841-3259435936-501 - Limited - Disabled)

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/16/2015 08:36:54 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program wwahost.exe version 6.3.9600.17415 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1808

Start Time: 01d05fe52b213273

Termination Time: 4294967295

Application Path: C:\Windows\system32\wwahost.exe

Report Id: 1ebbc4c4-cbd9-11e4-8277-f0def166c2df

Faulting package full name: 19120CensoredUser.HyperforYouTube_2.2.5.4_x64__c0tqyanwsgfn6

Faulting package-relative application ID: App

Error: (03/15/2015 09:40:52 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\svchost.exe -k netsvcs; Description = Windows Update; Error = 0x80070422).

Error: (03/15/2015 08:33:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3867110

Error: (03/15/2015 08:33:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3867110

Error: (03/15/2015 08:33:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/15/2015 08:33:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3865469

Error: (03/15/2015 08:33:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3865469

Error: (03/15/2015 08:33:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/15/2015 08:33:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3863516

Error: (03/15/2015 08:33:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3863516


System errors:
=============
Error: (03/15/2015 10:08:51 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The VMware Workstation Server service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (03/15/2015 10:08:04 PM) (Source: DCOM) (EventID: 10010) (User: BENJAMINSPC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (03/15/2015 10:08:04 PM) (Source: DCOM) (EventID: 10010) (User: BENJAMINSPC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}

Error: (03/15/2015 09:13:54 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (03/15/2015 07:29:18 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (03/15/2015 06:32:17 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.

Error: (03/15/2015 05:11:31 PM) (Source: Schannel) (EventID: 4119) (User: NT AUTHORITY)
Description: A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.

Error: (03/15/2015 03:12:52 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4

Error: (03/15/2015 02:43:26 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Bitdefender Virus Shield service hung on starting.

Error: (03/14/2015 10:31:11 PM) (Source: DCOM) (EventID: 10010) (User: BENJAMINSPC)
Description: {4545DEA0-2DFC-4906-A728-6D986BA399A9}


Microsoft Office Sessions:
=========================
Error: (03/16/2015 08:36:54 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: wwahost.exe6.3.9600.17415180801d05fe52b2132734294967295C:\Windows\system32\wwahost.exe1ebbc4c4-cbd9-11e4-8277-f0def166c2df19120CensoredUser.HyperforYouTube_2.2.5.4_x64__c0tqyanwsgfn6App

Error: (03/15/2015 09:40:52 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: C:\Windows\system32\svchost.exe -k netsvcsWindows Update0x80070422

Error: (03/15/2015 08:33:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3867110

Error: (03/15/2015 08:33:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3867110

Error: (03/15/2015 08:33:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/15/2015 08:33:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3865469

Error: (03/15/2015 08:33:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3865469

Error: (03/15/2015 08:33:33 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (03/15/2015 08:33:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3863516

Error: (03/15/2015 08:33:31 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3863516


==================== Memory info ===========================

Processor: AMD E-350 Processor
Percentage of memory in use: 61%
Total physical RAM: 3686.11 MB
Available physical RAM: 1436.62 MB
Total Pagefile: 4326.11 MB
Available Pagefile: 1305.74 MB
Total Virtual: 131072 MB
Available Virtual: 131071.73 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:195.31 GB) (Free:153.59 GB) NTFS
Drive d: (Geom-5) (CDROM) (Total:2.67 GB) (Free:0 GB) CDFS
Drive f: (System Image) (Fixed) (Total:39.89 GB) (Free:10.13 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 22092602)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=195.3 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=88.7 GB) - (Type=OF Extended)
Partition 4: (Not Active) - (Size=13.7 GB) - (Type=02)

==================== End Of Log ============================

Edited by Oh My!, 20 March 2015 - 10:45 AM.
Posted logs


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,572 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:25 PM

Posted 20 March 2015 - 09:11 AM

Greetings Benjamin and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Unfortunately there is evidence of the presence of pirated software on your computer. Typically this evidence is related to the activation of Windows itself but it can involve other Microsoft products. Whereas secondary Microsoft products can be uninstalled, if your Windows 8.1 Operating System has been activated via these means I will not be able to assist you. If you do have a valid Windows Product Key then I will ask you to remove any secondary products activated without a valid Product Key.

Please let me know if this issue can be resolved or if you would prefer I close this Topic.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 BenjaminGordonT

BenjaminGordonT
  • Topic Starter

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:25 PM

Posted 20 March 2015 - 09:28 AM

Hi Gary,

 

Thanks for your help. Just for you to know, I am working on a friend's computer. He got his computer preinstalled with Windows 8.1 so I know that is legit. As for other Office products, I only know of one other on his computer and that is Office. I am not sure how he activated Office, whether it was legit or otherwise so I will uninstall that for your sake. Can we proceed with the cleanup however because I need to get this computer back to him very soon, he has an exam coming up. :)

 

-Benjamin



#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,572 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:25 PM

Posted 20 March 2015 - 09:30 AM

No problem Benjamin, thanks for your understanding and effort. Please allow me just a bit to review everything. I will be posting back shortly.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 BenjaminGordonT

BenjaminGordonT
  • Topic Starter

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:25 PM

Posted 20 March 2015 - 09:34 AM

Got it, thanks for your help...

 

By the way... Love your signature... It takes boldness to do that... John 6:68-69

 

Oh I almost forgot, I am leaving for a trip later today (1-2 PM) and won't be online until Sunday afternoon. Please note that if you don't hear from me over the weekend that is where I will be. I hope that won't cause any problems but I didn't want the topic to be closed over the weekend due to lack of response.

 

Thanks,

 

-Benjamin


Edited by BenjaminsiPod, 20 March 2015 - 11:07 AM.


#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,572 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:25 PM

Posted 20 March 2015 - 11:15 AM

Greetings Benjamin,

Thanks for the note of encouragement and for your patience while I reviewed everything. And thanks for the heads up you are going to be away.

Since it appears there may have been some risky internet behavior resulting in the increased risk of infection we are going to be a bit aggressive in our approach.

Please consider and do this.

===================================================

P2P Warning

--------------------

Going over your logs I noticed that you have Bit Torrent installed. It is pretty much certain that if you continue to use P2P programs, you will get infected again.
  • Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  • They are a security risk which can make your computer susceptible to a smörgåsbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  • Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  • The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
I would recommend that you uninstall Bit Torrent, however that choice is up to you. If you choose to remove the program, you can do so via Start > Control Panel > Add/Remove Programs.

If you are still leaning toward using this program, please take a look at this information about Ransomware which can be delivered via P2P file transfers. The newest variation of Ransomware can make it impossible to recover the files this malicious software encrypts. In other words, you will probably lose most if not all of your valuable information, including pictures. In addition it has recently been reported that P2P downloads may be tracked resulting in your IP address being monitored by copyright authorities. .

If you wish to keep it, please do not use it until we are completely done and your machine is determined to be clean and updated.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
HKU\S-1-5-21-2135493077-3049852841-3259435936-1001\...\MountPoints2: {c8d41c57-c098-11e4-824e-806e6f6e6963} - "D:\Autorun.exe"
HKU\S-1-5-21-2135493077-3049852841-3259435936-1001\...\MountPoints2: {c8d41c58-c098-11e4-824e-806e6f6e6963} - "H:\setup.exe"
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: SwagButton -> {5CE831FC-884E-4773-B203-BB76561EDB98} -> C:\Program Files (x86)\Prodege\SwagButton\SBExtension.dll [2015-02-27] (Prodege)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [965776 2014-10-26] (@ByELDI) [File not signed]
2015-03-11 10:24 - 2015-03-11 10:24 - 00000000 ___DL () C:\Users\Public\SwagButton.1426069486
2015-03-11 10:24 - 2015-03-11 10:24 - 00000000 ___DL () C:\Users\Public\SwagButton
2015-03-11 10:24 - 2015-03-11 10:24 - 00000000 ____D () C:\Users\Public\SBExtension
2015-03-11 10:24 - 2015-03-11 10:24 - 00000000 ____D () C:\Users\Benjamin\js
2015-03-11 10:24 - 2015-03-11 10:24 - 00000000 ____D () C:\Program Files (x86)\Prodege
2015-03-11 10:24 - 2015-02-27 16:58 - 00540808 _____ (Prodege) C:\Users\Benjamin\SBExtnBack.exe
2015-03-11 09:36 - 2015-03-11 09:36 - 00000000 ____D () C:\Users\Benjamin\AppData\Roaming\BingSearchBot
2015-03-11 09:36 - 2015-03-11 09:36 - 00000000 ____D () C:\ProgramData\OriginData
2015-03-02 17:07 - 2015-03-02 17:07 - 0000016 _____ () C:\ProgramData\mntemp
C:\Users\Benjamin\AppData\Local\Temp\bassmod.dll
C:\Users\Benjamin\AppData\Local\Temp\bitool.dll
C:\Users\Benjamin\AppData\Local\Temp\pyl5B73.tmp.exe
C:\Users\Benjamin\AppData\Local\Temp\pyl6CE7.tmp.exe
C:\Users\Benjamin\AppData\Local\Temp\pyl93D4.tmp.exe
C:\Users\Benjamin\AppData\Local\Temp\Uninstall.exe
2015-03-01 22:24 - 2015-03-01 22:24 - 00003370 _____ () C:\Windows\System32\Tasks\AutoPico Daily Restart
Task: {2B1D48FD-481E-445E-B3F4-FE1EB0DA3B41} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2014-10-26] (@ByELDI)
2015-03-16 09:01 - 2015-03-16 09:01 - 01998848 _____ () C:\Users\Benjamin\AppData\Local\Temp\wrd-da8-18fc-260c6a.~lk\0.mdd
2015-03-16 09:01 - 2015-03-16 09:01 - 00135168 _____ () C:\Users\Benjamin\AppData\Local\Temp\wrd-da8-18fc-260c6a.~lk\1.mdd
2015-03-16 09:01 - 2015-03-16 09:01 - 00196608 _____ () C:\Users\Benjamin\AppData\Local\Temp\wrd-da8-18fc-260c6a.~lk\3.mdd
2015-03-16 09:01 - 2015-03-16 09:01 - 00253952 _____ () C:\Users\Benjamin\AppData\Local\Temp\wrd-da8-18fc-260c6a.~lk\4.mdd
C:\Program Files\KMSpico
C:\Users\Public\SBExtension
emptytemp:
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Farbar's Service Scanner

--------------------
  • Please download Farbar Service Scanner, save it to your desktop, and run it.
  • Make sure the following options are checked:

Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender
Other Services

  • Press Scan
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Fixlog
  • FSS.txt

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 BenjaminGordonT

BenjaminGordonT
  • Topic Starter

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:25 PM

Posted 23 March 2015 - 08:01 AM

Hey Gary,

 

Here are the logs you requested. Also regarding Bittorrent: I downloaded it only because I needed to download a Lenovo Onekey Recovery 7.0 Engineering ISO that was only available via torrent. I have not used it since and I do not download illegal cracks, hacks, or anything of that sort. Since I no longer need it, I would be more than happy to uninstall it, but just know that whatever infection is (or was) currently on this computer did not come about because of illegal downloads of any kind.

 

Just thought I should make that clear, :)

 

-Benjamin

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Benjamin at 2015-03-20 12:42:55 Run:1
Running from C:\Users\Benjamin\Desktop
Loaded Profiles: Benjamin (Available profiles: Benjamin)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-2135493077-3049852841-3259435936-1001\...\MountPoints2: {c8d41c57-c098-11e4-824e-806e6f6e6963} - "D:\Autorun.exe"
HKU\S-1-5-21-2135493077-3049852841-3259435936-1001\...\MountPoints2: {c8d41c58-c098-11e4-824e-806e6f6e6963} - "H:\setup.exe"
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: SwagButton -> {5CE831FC-884E-4773-B203-BB76561EDB98} -> C:\Program Files (x86)\Prodege\SwagButton\SBExtension.dll [2015-02-27] (Prodege)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
R2 Service KMSELDI; C:\Program Files\KMSpico\Service_KMS.exe [965776 2014-10-26] (@ByELDI) [File not signed]
2015-03-11 10:24 - 2015-03-11 10:24 - 00000000 ___DL () C:\Users\Public\SwagButton.1426069486
2015-03-11 10:24 - 2015-03-11 10:24 - 00000000 ___DL () C:\Users\Public\SwagButton
2015-03-11 10:24 - 2015-03-11 10:24 - 00000000 ____D () C:\Users\Public\SBExtension
2015-03-11 10:24 - 2015-03-11 10:24 - 00000000 ____D () C:\Users\Benjamin\js
2015-03-11 10:24 - 2015-03-11 10:24 - 00000000 ____D () C:\Program Files (x86)\Prodege
2015-03-11 10:24 - 2015-02-27 16:58 - 00540808 _____ (Prodege) C:\Users\Benjamin\SBExtnBack.exe
2015-03-11 09:36 - 2015-03-11 09:36 - 00000000 ____D () C:\Users\Benjamin\AppData\Roaming\BingSearchBot
2015-03-11 09:36 - 2015-03-11 09:36 - 00000000 ____D () C:\ProgramData\OriginData
2015-03-02 17:07 - 2015-03-02 17:07 - 0000016 _____ () C:\ProgramData\mntemp
C:\Users\Benjamin\AppData\Local\Temp\bassmod.dll
C:\Users\Benjamin\AppData\Local\Temp\bitool.dll
C:\Users\Benjamin\AppData\Local\Temp\pyl5B73.tmp.exe
C:\Users\Benjamin\AppData\Local\Temp\pyl6CE7.tmp.exe
C:\Users\Benjamin\AppData\Local\Temp\pyl93D4.tmp.exe
C:\Users\Benjamin\AppData\Local\Temp\Uninstall.exe
2015-03-01 22:24 - 2015-03-01 22:24 - 00003370 _____ () C:\Windows\System32\Tasks\AutoPico Daily Restart
Task: {2B1D48FD-481E-445E-B3F4-FE1EB0DA3B41} - System32\Tasks\AutoPico Daily Restart => C:\Program Files\KMSpico\AutoPico.exe [2014-10-26] (@ByELDI)
2015-03-16 09:01 - 2015-03-16 09:01 - 01998848 _____ () C:\Users\Benjamin\AppData\Local\Temp\wrd-da8-18fc-260c6a.~lk\0.mdd
2015-03-16 09:01 - 2015-03-16 09:01 - 00135168 _____ () C:\Users\Benjamin\AppData\Local\Temp\wrd-da8-18fc-260c6a.~lk\1.mdd
2015-03-16 09:01 - 2015-03-16 09:01 - 00196608 _____ () C:\Users\Benjamin\AppData\Local\Temp\wrd-da8-18fc-260c6a.~lk\3.mdd
2015-03-16 09:01 - 2015-03-16 09:01 - 00253952 _____ () C:\Users\Benjamin\AppData\Local\Temp\wrd-da8-18fc-260c6a.~lk\4.mdd
C:\Program Files\KMSpico
C:\Users\Public\SBExtension
emptytemp:
*****************

"HKU\S-1-5-21-2135493077-3049852841-3259435936-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c8d41c57-c098-11e4-824e-806e6f6e6963}" => Key deleted successfully.
HKCR\CLSID\{c8d41c57-c098-11e4-824e-806e6f6e6963} => Key not found.
"HKU\S-1-5-21-2135493077-3049852841-3259435936-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c8d41c58-c098-11e4-824e-806e6f6e6963}" => Key deleted successfully.
HKCR\CLSID\{c8d41c58-c098-11e4-824e-806e6f6e6963} => Key not found.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5CE831FC-884E-4773-B203-BB76561EDB98}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{5CE831FC-884E-4773-B203-BB76561EDB98}" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer" => Key deleted successfully.
Service KMSELDI => Unable to stop service
Service KMSELDI => Service deleted successfully.
Symbolic link found: "C:\Users\Public\SwagButton.1426069486" => "C:\Users\Public\SwagButton"
"C:\Users\Public\SwagButton.1426069486" => Symbolic link deleted successfully.
C:\Users\Public\SwagButton.1426069486 => Moved successfully.
Symbolic link found: "C:\Users\Public\SwagButton" => "C:\Users\Public\SBExtension"
"C:\Users\Public\SwagButton" => Symbolic link deleted successfully.
C:\Users\Public\SwagButton => Moved successfully.
C:\Users\Public\SBExtension => Moved successfully.
"C:\Users\Benjamin\js" => File/Directory not found.
C:\Program Files (x86)\Prodege => Moved successfully.
C:\Users\Benjamin\SBExtnBack.exe => Moved successfully.
C:\Users\Benjamin\AppData\Roaming\BingSearchBot => Moved successfully.
C:\ProgramData\OriginData => Moved successfully.
C:\ProgramData\mntemp => Moved successfully.
C:\Users\Benjamin\AppData\Local\Temp\bassmod.dll => Moved successfully.
C:\Users\Benjamin\AppData\Local\Temp\bitool.dll => Moved successfully.
C:\Users\Benjamin\AppData\Local\Temp\pyl5B73.tmp.exe => Moved successfully.
C:\Users\Benjamin\AppData\Local\Temp\pyl6CE7.tmp.exe => Moved successfully.
C:\Users\Benjamin\AppData\Local\Temp\pyl93D4.tmp.exe => Moved successfully.
C:\Users\Benjamin\AppData\Local\Temp\Uninstall.exe => Moved successfully.
C:\Windows\System32\Tasks\AutoPico Daily Restart => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2B1D48FD-481E-445E-B3F4-FE1EB0DA3B41}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2B1D48FD-481E-445E-B3F4-FE1EB0DA3B41}" => Key deleted successfully.
C:\Windows\System32\Tasks\AutoPico Daily Restart not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoPico Daily Restart" => Key deleted successfully.
"C:\Users\Benjamin\AppData\Local\Temp\wrd-da8-18fc-260c6a.~lk\0.mdd" => File/Directory not found.
"C:\Users\Benjamin\AppData\Local\Temp\wrd-da8-18fc-260c6a.~lk\1.mdd" => File/Directory not found.
"C:\Users\Benjamin\AppData\Local\Temp\wrd-da8-18fc-260c6a.~lk\3.mdd" => File/Directory not found.
"C:\Users\Benjamin\AppData\Local\Temp\wrd-da8-18fc-260c6a.~lk\4.mdd" => File/Directory not found.
C:\Program Files\KMSpico => Moved successfully.
"C:\Users\Public\SBExtension" => File/Directory not found.
EmptyTemp: => Removed 1.4 GB temporary data.

The system needed a reboot.

==== End of Fixlog 12:44:39 ====

 

Farbar Service Scanner Version: 17-01-2015
Ran by Benjamin (administrator) on 23-03-2015 at 07:55:43
Running from "C:\Users\Benjamin\Desktop"
Microsoft Windows 8.1 Pro  (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is unreachable
Google.com is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".

Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed

**** End of log ****



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,572 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:25 PM

Posted 23 March 2015 - 10:31 AM

Hi Benjamin,

No problem on the Peer 2 Peer software, I just want to make sure you are aware of the risks.

Can you provide an update regarding your computer behavior?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 BenjaminGordonT

BenjaminGordonT
  • Topic Starter

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:25 PM

Posted 23 March 2015 - 02:01 PM

Well it seems to be running smoothly, the thing is, the problems (the homepage being reset and the Windows Update getting turned off) happened at random so I don't know for sure whether the problem is resolved. I will give it about a week and if I don't see the problem again I will assume that it is fixed and that the topic can be closed. I'll keep you posted.

 

Thanks for your help,

 

-Benjamin



#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,572 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:25 PM

Posted 23 March 2015 - 02:09 PM

Hi Benjamin,

Let's give it a maximum of 2 days. If things are fine we can close the Topic. If it returns then you simply send me a Personal Message and I will re-open. Does that sound OK? The results are the same and that lets me manage my workload (take an additional Topic).
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 BenjaminGordonT

BenjaminGordonT
  • Topic Starter

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:25 PM

Posted 23 March 2015 - 04:51 PM

Got it. Sounds good. I'll post an update in 2 days.

 

Thanks,

 

-Benjamin



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,572 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:25 PM

Posted 23 March 2015 - 05:57 PM

:thumbsup2:
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 BenjaminGordonT

BenjaminGordonT
  • Topic Starter

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:25 PM

Posted 24 March 2015 - 08:19 AM

So I thought I was in the green till this morning. I was renaming some files in Explorer, opened up IE, and the homepage was set as about:blank. However I went into Internet Options and changed it to google.com, and it worked. Before I had to reboot my computer before I could change my homepage from about:blank. I have not seen Windows Update being disabled but that could happen at any time. Please let me know what I should do next.

 

Thanks,

-Benjamin



#14 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,572 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:03:25 PM

Posted 24 March 2015 - 09:33 AM

Greetings Benjamin,

Please do these things.

===================================================

RogueKiller by Tigzy

--------------------
  • Download RogueKiller and save it to your desktop
  • Close all running programs
  • For Windows 8/7/Vista users right click on the icon and select Run as Administrator
  • For Windows XP simply double click on the icon
  • The program will conduct a prescan and when finished you wlll see Prescan Finished. Please hit the scan button
  • Click Scan
  • A report should open and a copy of the report will be placed on your desktop. If not, hit the Report button.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If it really won't run, rename it winlogon.exe (or winlogon.com) and try again
  • Copy and paste the contents of the report in your reply
===================================================

Farbar's MiniToolBox

--------------------
  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure only the following options are checked:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries

  • Click Go and once the scan is completed a Result.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • RogueKiller log
  • Result log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#15 BenjaminGordonT

BenjaminGordonT
  • Topic Starter

  • Members
  • 202 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:25 PM

Posted 24 March 2015 - 09:04 PM

RogueKiller V10.5.7.0 [Mar 22 2015] by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
Started in : Normal mode
User : Benjamin [Administrator]
Started from : C:\Users\Benjamin\Desktop\RogueKiller.exe
Mode : Scan -- Date : 03/24/2015  21:46:57

¤¤¤ Processes : 2 ¤¤¤
[Suspicious.Path] SansaDispatch.exe(1816) -- C:\Users\Benjamin\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe[7] -> Killed [TermProc]
[Suspicious.Path] MEGAsync.exe(4644) -- C:\Users\Benjamin\AppData\Local\MEGAsync\MEGAsync.exe[7] -> Killed [TermProc]

¤¤¤ Registry : 16 ¤¤¤
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending | (default) : {056D528D-CE28-4194-9BA3-BA2E9197FF8C}  -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced | (default) : {05B38830-F4E9-4329-978B-1DD28605D202}  -> Found
[Suspicious.Path] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing | (default) : {0596C850-7BDD-4C9D-AFDF-873BE6890637}  -> Found
[Suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtPending | (default) : {056D528D-CE28-4194-9BA3-BA2E9197FF8C}  -> Found
[Suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSynced | (default) : {05B38830-F4E9-4329-978B-1DD28605D202}  -> Found
[Suspicious.Path] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\###MegaShellExtSyncing | (default) : {0596C850-7BDD-4C9D-AFDF-873BE6890637}  -> Found
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2135493077-3049852841-3259435936-1001\Software\Microsoft\Windows\CurrentVersion\Run | SansaDispatch : C:\Users\Benjamin\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe  -> Found
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-2135493077-3049852841-3259435936-1001\Software\Microsoft\Windows\CurrentVersion\Run | SansaDispatch : C:\Users\Benjamin\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62 [UNITED STATES (US)][UNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62 [UNITED STATES (US)][UNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{F80AE78B-7382-49C1-9F55-BF5ABE42D89C} | DhcpNameServer : 209.18.47.61 209.18.47.62 [UNITED STATES (US)][UNITED STATES (US)]  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{F80AE78B-7382-49C1-9F55-BF5ABE42D89C} | DhcpNameServer : 209.18.47.61 209.18.47.62 [UNITED STATES (US)][UNITED STATES (US)]  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Found

¤¤¤ Tasks : 1 ¤¤¤
[Suspicious.Path] \\Microsoft OneDrive Auto Update Task-S-1-5-21-2135493077-3049852841-3259435936-1001 -- %localappdata%\Microsoft\OneDrive\OneDrive.exe -> Found

¤¤¤ Files : 1 ¤¤¤
[Suspicious.Path][File] MEGAsync.lnk -- C:\Users\Benjamin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MEGAsync.lnk [LNK@] C:\Users\Benjamin\AppData\Local\MEGAsync\MEGAsync.exe -> Found

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD3200BPVT-24ZEST0 +++++
--- User ---
[MBR] adf6edef4a9a55c38775b700c988d3da
[BSP] 39698c2337db193e53f544cd4350bcd9 : Linux MBR Code
Partition table:
User = LL1 ... OK
User = LL2 ... OK

 

MiniToolBox by Farbar  Version: 09-03-2015
Ran by Benjamin (administrator) on 24-03-2015 at 22:03:06
Running from "C:\Users\Benjamin\Desktop"
Microsoft Windows 8.1 Pro  (X64)
Model: 1450A5U Manufacturer: LENOVO
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================

127.0.0.1 localhost

========================= IP Configuration: ================================

Ralink RT3090 802.11n WiFi Adapter = Wi-Fi (Connected)
VMware Virtual Ethernet Adapter for VMnet1 = VMware Network Adapter VMnet1 (Connected)
VMware Virtual Ethernet Adapter for VMnet8 = VMware Network Adapter VMnet8 (Connected)
Realtek PCIe GBE Family Controller = Ethernet (Media disconnected)
TeamViewer VPN Adapter = Local Area Connection (Media disconnected)

# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global icmpredirects=enabled
add route prefix=169.254.0.0/16 interface="iftype0_0" nexthop=192.168.1.3 metric=1 publish=Yes
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 3" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 5" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="VMware Network Adapter VMnet1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="VMware Network Adapter VMnet8" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Bluetooth Network Connection" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
add address name="VMware Network Adapter VMnet1" address=192.168.52.1 mask=255.255.255.0
add address name="VMware Network Adapter VMnet8" address=192.168.121.1 mask=255.255.255.0

popd
# End of IPv4 configuration

 

Windows IP Configuration

   Host Name . . . . . . . . . . . . : BenjaminsPC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : triad.rr.com

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : TeamViewer VPN Adapter
   Physical Address. . . . . . . . . : 00-FF-FB-EE-A1-54
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Wi-Fi Direct Virtual Adapter
   Physical Address. . . . . . . . . : CC-AF-78-56-63-96
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . : triad.rr.com
   Description . . . . . . . . . . . : Ralink RT3090 802.11n WiFi Adapter
   Physical Address. . . . . . . . . : CC-AF-78-56-63-94
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::9ce9:c2bd:e109:3721%4(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.1.146(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, March 24, 2015 7:44:31 AM
   Lease Expires . . . . . . . . . . : Wednesday, March 25, 2015 3:47:47 PM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 80523128
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1C-85-A8-E5-F0-DE-F1-66-C2-DF
   DNS Servers . . . . . . . . . . . : 209.18.47.61
                                       209.18.47.62
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Ethernet:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : F0-DE-F1-66-C2-DF
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter VMware Network Adapter VMnet1:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet1
   Physical Address. . . . . . . . . : 00-50-56-C0-00-01
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::5402:7106:5b24:7090%12(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.52.1(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : 520114262
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1C-85-A8-E5-F0-DE-F1-66-C2-DF
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter VMware Network Adapter VMnet8:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : VMware Virtual Ethernet Adapter for VMnet8
   Physical Address. . . . . . . . . : 00-50-56-C0-00-08
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::1cc:d818:96e2:39d0%13(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.121.1(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . :
   DHCPv6 IAID . . . . . . . . . . . : 536891478
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1C-85-A8-E5-F0-DE-F1-66-C2-DF
   DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
                                       fec0:0:0:ffff::2%1
                                       fec0:0:0:ffff::3%1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Tunnel adapter isatap.triad.rr.com:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : triad.rr.com
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Local Area Connection* 4:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{AF570577-3E09-465F-8D00-1DD86430E7DC}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.{F6F6571F-8989-45EE-9B57-31D649AD2BEA}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  209.18.47.61

Name:    google.com
Addresses:  2607:f8b0:4002:c03::71
   173.194.219.139
   173.194.219.113
   173.194.219.102
   173.194.219.100
   173.194.219.101
   173.194.219.138

Pinging google.com [74.125.196.139] with 32 bytes of data:
Reply from 74.125.196.139: bytes=32 time=29ms TTL=41
Reply from 74.125.196.139: bytes=32 time=29ms TTL=41

Ping statistics for 74.125.196.139:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 29ms, Maximum = 29ms, Average = 29ms
Server:  dns-cac-lb-01.rr.com
Address:  209.18.47.61

Name:    yahoo.com
Addresses:  98.139.183.24
   98.138.253.109
   206.190.36.45

Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=95ms TTL=43
Reply from 206.190.36.45: bytes=32 time=99ms TTL=43

Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 95ms, Maximum = 99ms, Average = 97ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 11...00 ff fb ee a1 54 ......TeamViewer VPN Adapter
  5...cc af 78 56 63 96 ......Microsoft Wi-Fi Direct Virtual Adapter
  4...cc af 78 56 63 94 ......Ralink RT3090 802.11n WiFi Adapter
  3...f0 de f1 66 c2 df ......Realtek PCIe GBE Family Controller
 12...00 50 56 c0 00 01 ......VMware Virtual Ethernet Adapter for VMnet1
 13...00 50 56 c0 00 08 ......VMware Virtual Ethernet Adapter for VMnet8
  1...........................Software Loopback Interface 1
  6...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
  7...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
  9...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 10...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.146     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      169.254.0.0      255.255.0.0      192.168.1.3    192.168.1.146     26
      192.168.1.0    255.255.255.0         On-link     192.168.1.146    281
    192.168.1.146  255.255.255.255         On-link     192.168.1.146    281
    192.168.1.255  255.255.255.255         On-link     192.168.1.146    281
     192.168.52.0    255.255.255.0         On-link      192.168.52.1    276
     192.168.52.1  255.255.255.255         On-link      192.168.52.1    276
   192.168.52.255  255.255.255.255         On-link      192.168.52.1    276
    192.168.121.0    255.255.255.0         On-link     192.168.121.1    276
    192.168.121.1  255.255.255.255         On-link     192.168.121.1    276
  192.168.121.255  255.255.255.255         On-link     192.168.121.1    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.146    281
        224.0.0.0        240.0.0.0         On-link      192.168.52.1    276
        224.0.0.0        240.0.0.0         On-link     192.168.121.1    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.146    281
  255.255.255.255  255.255.255.255         On-link      192.168.52.1    276
  255.255.255.255  255.255.255.255         On-link     192.168.121.1    276
===========================================================================
Persistent Routes:
  Network Address          Netmask  Gateway Address  Metric
      169.254.0.0      255.255.0.0      192.168.1.3       1
===========================================================================

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  1    306 ::1/128                  On-link
  4    281 fe80::/64                On-link
 12    276 fe80::/64                On-link
 13    276 fe80::/64                On-link
 13    276 fe80::1cc:d818:96e2:39d0/128
                                    On-link
 12    276 fe80::5402:7106:5b24:7090/128
                                    On-link
  4    281 fe80::9ce9:c2bd:e109:3721/128
                                    On-link
  1    306 ff00::/8                 On-link
  4    281 ff00::/8                 On-link
 12    276 ff00::/8                 On-link
 13    276 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\napinsp.dll [55296] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\NLAapi.dll [65536] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [23040] (Microsoft Corporation)
Catalog5 07 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog5 08 C:\Windows\SysWOW64\wshbth.dll [50688] (Microsoft Corporation)
Catalog5 09 %SystemRoot%\\SysWOW64\wlidNSP.dll [] ()
Catalog5 10 %SystemRoot%\\SysWOW64\wlidNSP.dll [] ()
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\vsocklib.dll [64192] (VMware, Inc.)
Catalog9 12 C:\Windows\SysWOW64\vsocklib.dll [64192] (VMware, Inc.)
Catalog9 13 C:\Windows\SysWOW64\mswsock.dll [286208] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [69120] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [88576] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [86016] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [30720] (Microsoft Corporation)
x64-Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.)
x64-Catalog5 08 C:\Windows\System32\wshbth.dll [63488] (Microsoft Corporation)
x64-Catalog5 09 C:\Windows\System32\wlidnsp.dll [74240] (Microsoft Corporation)
x64-Catalog5 10 C:\Windows\System32\wlidnsp.dll [74240] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\vsocklib.dll [68288] (VMware, Inc.)
x64-Catalog9 12 C:\Windows\System32\vsocklib.dll [68288] (VMware, Inc.)
x64-Catalog9 13 C:\Windows\System32\mswsock.dll [339456] (Microsoft Corporation)

**** End of log ****






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users