Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Frustrating Little Pest w/Logs


  • This topic is locked This topic is locked
11 replies to this topic

#1 KCMCR

KCMCR

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 03 April 2015 - 11:34 AM

Bleeping Computer

Recently I've been tackling this unknown entity which is blocking me from updating antimalware and antivirus software.

I'm no stranger to this stuff and I've tried almost everything to find and eradicate this little menace.

I've used a clean computer to download and install (updated) software to a USB drive, which has then been used to run said programs on the infected computer.

I have tried Malwarebytes, SpyBot, AVG, SuperAntiSpyware, Windows Defender/Malware Removal Tool and yet nothing has solved this problem. I even used RKill to temporarily disable the malware before trying to access updates.

A few malware files (mainly Trojans) have been identified and deleted. However I am still unable to update Avast and Comodo Firewall which was the primary line of defence before this little pest came about.

I believe that the virus has been present for at least a few weeks, I am only using this laptop to complete university work and it is originally my mothers laptop (who doesn't care to update and scan regularly).

I've tried safemode scans, avast boot scan, safemode with networking (to try and update software, this failed).

The malware is preventing me from accessing computer security sites such as Microsoft, Malwarebytes and Avast. It is blocking this over 3 browsers, Chrome, Firefox and Explorer.

To be honest I'm just getting frustrated with it now, even though it's an underlying problem, I would rather it be gone. Any professional help would be greatly appreciated.

------------------
FRST:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Wendy (administrator) on WENDY-PC on 03-04-2015 17:26:42
Running from C:\Users\Wendy\Downloads
Loaded Profiles: Wendy (Available profiles: Wendy)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe
(IDT, Inc.) C:\WINDOWS\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\stacsv64.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Andrea Electronics Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft) C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(SoftThinks) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel Corporation) C:\WINDOWS\System32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\System32\igfxpers.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel Corporation) C:\WINDOWS\System32\igfxsrvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Dell) C:\Users\Wendy\AppData\Local\Apps\2.0\XT6E4LTY.N4D\EBHWLT2J.W1W\dell..tion_0f612f649c4a10af_0005.0008_a4204ff54ae5d3ac\DellSystemDetect.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Comodo Security Solutions, Inc.) C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe
(Microsoft Corporation) C:\WINDOWS\System32\vds.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [384296 2010-04-05] (Alps Electric Co., Ltd.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3180624 2009-07-02] (Dell Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-02-26] (IDT, Inc.)
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-25] (CyberLink Corp.)
HKLM-x32\...\Run: [DellSupportCenter] => C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (SupportSoft, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-04-02] (Avast Software s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [453736 2013-02-19] (CANON INC.)
HKLM-x32\...\Run: [tvncontrol] => C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-09-17] (Comodo Security Solutions, Inc.)
HKLM-x32\...\RunOnce: [Launcher] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe [165104 2009-09-17] (Softthinks)
HKLM-x32\...\RunOnce: [STToasterLauncher] => C:\program files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe [120048 2009-09-17] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3466866309-563164021-1857629891-1000\...\Run: [BluetoothS] => rundll32.exe "%appdata%\BtvStack.dll",BTHF_Register
HKU\S-1-5-21-3466866309-563164021-1857629891-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-3466866309-563164021-1857629891-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7806744 2015-03-23] (SUPERAntiSpyware)
HKU\S-1-5-21-3466866309-563164021-1857629891-1000\...\Run: [DellSystemDetect] => C:\Users\Wendy\AppData\Local\Apps\2.0\XT6E4LTY.N4D\EBHWLT2J.W1W\dell..tion_0f612f649c4a10af_0005.0008_a4204ff54ae5d3ac\DellSystemDetect.exe [262720 2014-06-13] (Dell)
HKU\S-1-5-21-3466866309-563164021-1857629891-1000\...\MountPoints2: {b5a5ecf9-c199-11e4-9856-a4badb9a343c} - E:\autorun.exe
HKU\S-1-5-21-3466866309-563164021-1857629891-1000\...\MountPoints2: {fda523ed-c0d8-11e4-ac52-a4badb9a343c} - E:\SETUP.EXE
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-06-13] (Microsoft Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [0WinSecurityProvider] -> {F76FA5C2-3B6A-451E-8CA5-34C8D0AE0637} => No File
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local: [ActivePolicy] SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecPolicy{17901de0-5cdc-4878-ae45-e8d40666e6e1} <======= ATTENTION (Policy Restriction on IP)
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-3466866309-563164021-1857629891-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> {DA317819-8479-4E90-91C9-0D1294396876} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {70689E1B-FCA0-44EC-AF32-F4F2E1159E74} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3466866309-563164021-1857629891-1000 -> {DA317819-8479-4E90-91C9-0D1294396876} URL =
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll [2014-01-24] (CANON INC.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-02] (Avast Software s.r.o.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-01-24] (CANON INC.)
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-07-30] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-02] (Avast Software s.r.o.)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-07-30] (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll [2014-01-24] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-01-24] (CANON INC.)
Toolbar: HKU\S-1-5-21-3466866309-563164021-1857629891-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{4F488E74-73BD-43D1-B98A-5A00ED9CBD18}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{ED638BC7-4B6A-4562-9061-3159CCC5C122}: [NameServer] 8.8.8.8,8.8.8.8
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-06-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-06-14] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1212152.dll [2014-05-30] (Adobe Systems, Inc.)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-30] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-27] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-13]

Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.co.uk/
CHR StartupUrls: Default -> "hxxp://www.google.co.uk/"
CHR Profile: C:\Users\Wendy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-27]
CHR Extension: (Facebook Video Downloader) - C:\Users\Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\amjcoehkcacocffpmhnefgoeanepjfkf [2015-03-27]
CHR Extension: (Google Docs) - C:\Users\Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-27]
CHR Extension: (Google Drive) - C:\Users\Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-27]
CHR Extension: (YouTube) - C:\Users\Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-27]
CHR Extension: (Google Search) - C:\Users\Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-27]
CHR Extension: (Google Sheets) - C:\Users\Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-27]
CHR Extension: (Avast Online Security) - C:\Users\Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-03-27]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-31]
CHR Extension: (Google Wallet) - C:\Users\Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-27]
CHR Extension: (Gmail) - C:\Users\Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-27]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-02]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-02] (Avast Software s.r.o.)
R2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70864 2014-09-17] (Comodo Security Solutions, Inc.)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-02-27] (Disc Soft Ltd)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
R2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2327248 2014-09-17] (Comodo Security Solutions, Inc.)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140936 2013-05-14] ()
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 NovaPdfServer; C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe [35616 2014-11-21] (Microsoft)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\STacSV64.exe [244736 2010-02-26] (IDT, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-02] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-04-02] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-02] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-02] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-02] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-04-02] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-04-02] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [271200 2015-04-02] ()
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30352 2015-03-02] (Disc Soft Ltd)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-03] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-03 17:26 - 2015-04-03 17:27 - 00021673 _____ () C:\Users\Wendy\Downloads\FRST.txt
2015-04-03 17:26 - 2015-04-03 17:26 - 02095616 _____ (Farbar) C:\Users\Wendy\Downloads\FRST64.exe
2015-04-03 17:26 - 2015-04-03 17:26 - 00000000 ____D () C:\FRST
2015-04-03 13:59 - 2015-04-03 13:59 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2015-04-03 00:22 - 2015-04-03 17:12 - 00000168 _____ () C:\Windows\setupact.log
2015-04-03 00:22 - 2015-04-03 00:22 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-02 20:45 - 2015-04-02 20:45 - 00000000 ____D () C:\Users\Wendy\AppData\Roaming\SUPERAntiSpyware.com
2015-04-02 20:44 - 2015-04-02 20:45 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-04-02 20:44 - 2015-04-02 20:44 - 00001810 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2015-04-02 20:44 - 2015-04-02 20:44 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2015-04-02 20:44 - 2015-04-02 20:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-04-02 20:43 - 2015-04-02 20:43 - 21516696 _____ (SUPERAntiSpyware) C:\Users\Wendy\Downloads\SUPERAntiSpyware.exe
2015-04-02 20:24 - 2015-04-02 20:24 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Wendy\Downloads\tdsskiller.exe
2015-04-02 19:36 - 2015-04-02 19:36 - 00000824 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-04-02 19:35 - 2015-04-02 19:36 - 05344528 _____ (Piriform Ltd) C:\Users\Wendy\Downloads\ccsetup504.exe
2015-04-02 19:28 - 2015-04-02 19:28 - 00001071 _____ () C:\Users\Wendy\Desktop\JRT.txt
2015-04-02 19:14 - 2015-04-02 19:14 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-WENDY-PC-Windows-7-Home-Premium-(64-bit).dat
2015-04-02 19:14 - 2015-04-02 19:14 - 00000000 ____D () C:\RegBackup
2015-04-02 19:12 - 2015-04-02 19:13 - 02690981 _____ (Thisisu) C:\Users\Wendy\Downloads\JRT.exe
2015-04-02 18:43 - 2015-04-02 19:10 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-04-02 18:42 - 2015-04-02 19:10 - 00000000 ____D () C:\Users\Wendy\Desktop\mbar
2015-04-02 18:41 - 2015-04-02 18:41 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Wendy\Downloads\mbar-1.09.1.1004.exe
2015-04-02 18:26 - 2015-04-02 18:26 - 02208768 _____ () C:\Users\Wendy\Downloads\adwcleaner_4.200.exe
2015-04-02 18:08 - 2015-04-03 13:58 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-02 18:07 - 2015-04-02 19:58 - 00001064 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-02 18:07 - 2015-04-02 18:42 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-02 18:07 - 2015-04-02 18:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-02 18:07 - 2015-04-02 18:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-02 18:07 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-02 18:07 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-02 18:06 - 2015-04-02 18:06 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Wendy\Downloads\mbam-setup-2.1.4.1018 (2).exe
2015-04-02 18:06 - 2015-04-02 18:06 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Wendy\Desktop\explorer.exe.exe
2015-04-02 17:51 - 2015-04-02 17:51 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Wendy\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-02 17:28 - 2015-04-02 17:28 - 00000000 ____D () C:\Users\Wendy\AppData\Roaming\VSRevoGroup
2015-04-02 17:15 - 2015-04-02 17:15 - 00001266 _____ () C:\Users\Wendy\Desktop\Revo Uninstaller.lnk
2015-04-02 17:15 - 2015-04-02 17:15 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-04-02 17:14 - 2015-04-02 17:15 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Wendy\Downloads\revosetup.exe
2015-04-02 15:35 - 2015-04-02 15:35 - 00000000 ____D () C:\Users\Wendy\Downloads\mbam-rules-2015.03.26
2015-04-02 15:34 - 2015-04-02 15:35 - 23928158 _____ () C:\Users\Wendy\Downloads\mbam-rules-2015.03.26.zip
2015-04-02 14:52 - 2015-04-02 15:33 - 00003412 _____ () C:\Users\Wendy\Desktop\Rkill.txt
2015-04-02 14:51 - 2015-04-02 14:52 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Wendy\Downloads\rkill (1).exe
2015-04-02 14:33 - 2015-04-02 14:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-04-02 14:25 - 2015-04-02 14:25 - 71724104 _____ (AVAST Software) C:\Users\Wendy\Downloads\vpsupd.exe
2015-04-02 14:04 - 2015-04-02 14:04 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-04-02 14:04 - 2015-04-02 14:04 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-04-02 01:48 - 2015-04-02 17:35 - 00000000 ____D () C:\Program Files\COMODO
2015-04-02 01:48 - 2015-04-02 17:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2015-04-02 01:47 - 2015-04-02 17:22 - 00000000 ____D () C:\Program Files (x86)\Comodo
2015-04-02 01:45 - 2015-04-02 17:35 - 00000000 ____D () C:\ProgramData\Comodo
2015-04-02 01:40 - 2015-04-02 01:41 - 229979832 _____ (COMODO) C:\Users\Wendy\Downloads\cfw_installer.exe
2015-04-01 22:56 - 2015-04-01 22:56 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Wendy\Downloads\kioskea.exe
2015-04-01 22:54 - 2015-04-01 22:54 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Wendy\Downloads\rkill.exe
2015-04-01 22:40 - 2015-04-01 22:54 - 00000000 ____D () C:\Users\Wendy\Desktop\rkill
2015-04-01 22:32 - 2015-04-01 22:32 - 00000000 ____D () C:\ProgramData\IObit
2015-04-01 22:00 - 2015-04-01 22:47 - 00000000 ____D () C:\ProgramData\MFAData
2015-04-01 22:00 - 2015-04-01 22:00 - 00000000 ____D () C:\Users\Wendy\AppData\Local\MFAData
2015-04-01 22:00 - 2015-04-01 22:00 - 00000000 ____D () C:\Users\Wendy\AppData\Local\Avg2015
2015-04-01 16:47 - 2015-04-01 16:47 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2015-04-01 16:46 - 2015-04-01 16:46 - 07747104 _____ (Malwarebytes Corporation ) C:\Users\Wendy\Downloads\mbam-rules.exe
2015-03-31 19:44 - 2015-04-02 12:23 - 00000000 ____D () C:\Users\Wendy\AppData\Local\inyqu
2015-03-27 19:11 - 2015-03-27 19:11 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\109D1695.sys
2015-03-27 19:07 - 2015-03-27 19:08 - 00000000 ____D () C:\KVRT_Data
2015-03-27 19:05 - 2015-03-27 19:05 - 00000000 ____D () C:\Users\Wendy\Documents\ProcAlyzer Dumps
2015-03-27 00:03 - 2015-04-03 12:43 - 00002145 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-27 00:03 - 2015-03-27 00:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-03-27 00:02 - 2015-03-27 00:02 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d06818e12cad9c.job
2015-03-27 00:02 - 2015-03-27 00:02 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-26 21:27 - 2015-04-02 18:33 - 00000000 ____D () C:\AdwCleaner
2015-03-26 21:25 - 2015-03-26 21:26 - 02168320 _____ () C:\Users\Wendy\Downloads\adwcleaner_4.113.exe
2015-03-25 17:20 - 2015-03-27 03:16 - 00000000 ____D () C:\Users\Wendy\AppData\Local\xozo
2015-03-24 04:36 - 2015-04-03 17:17 - 00614392 _____ () C:\Windows\WindowsUpdate.log
2015-03-24 03:41 - 2015-04-02 01:22 - 00000000 ____D () C:\Windows\pss
2015-03-24 03:39 - 2015-03-24 03:39 - 00126446 _____ () C:\Users\Wendy\Documents\cc_20150324_023858.reg
2015-03-23 15:26 - 2015-03-23 15:27 - 00000000 ____D () C:\ProgramData\Sophos
2015-03-23 15:21 - 2015-03-23 15:22 - 82537128 _____ (Sophos Limited) C:\Users\Wendy\Downloads\Sophos_Virus_Removal_Tool.exe
2015-03-23 14:25 - 2015-03-23 22:43 - 00000000 ____D () C:\Users\Wendy\AppData\Local\ycaj
2015-03-16 14:32 - 2015-03-16 14:32 - 00017426 _____ () C:\Users\Wendy\Downloads\[kickass.to]kendrick.lamar.to.pimp.a.butterfly.2015.mp3.320.kbps.vbuc.torrent
2015-03-16 14:22 - 2015-03-16 14:23 - 00000000 ____D () C:\Users\Wendy\AppData\Roaming\Local Store
2015-03-12 13:03 - 2015-03-12 18:58 - 00003628 _____ () C:\Windows\System32\Tasks\icardagt
2015-03-11 12:26 - 2015-02-20 05:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-11 12:26 - 2015-02-20 05:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-11 12:26 - 2015-02-20 05:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 12:26 - 2015-02-20 05:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-11 12:26 - 2015-02-20 05:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-11 12:26 - 2015-02-20 05:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-11 12:26 - 2015-02-20 05:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-11 12:26 - 2015-02-20 05:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-11 12:26 - 2015-02-20 04:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 12:26 - 2015-02-20 04:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-11 12:26 - 2015-02-03 04:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 12:26 - 2015-02-03 04:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-11 12:26 - 2015-02-03 04:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-11 12:26 - 2015-02-03 04:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-11 12:26 - 2015-02-03 04:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-11 12:26 - 2015-02-03 04:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-11 12:26 - 2015-01-17 03:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 12:26 - 2015-01-17 03:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-11 12:25 - 2015-02-03 04:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-11 12:25 - 2015-02-03 04:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-11 12:25 - 2015-02-03 04:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-11 12:25 - 2015-02-03 04:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-11 12:25 - 2015-02-03 04:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-11 12:25 - 2015-02-03 04:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-11 12:25 - 2015-02-03 04:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-11 12:25 - 2015-02-03 04:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-11 12:25 - 2015-02-03 04:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-11 12:25 - 2015-02-03 04:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-11 12:25 - 2015-02-03 04:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-11 12:25 - 2015-02-03 04:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-11 12:25 - 2015-02-03 04:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-11 12:25 - 2015-02-03 04:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-11 12:25 - 2015-02-03 04:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-11 12:25 - 2015-02-03 04:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-11 12:25 - 2015-02-03 04:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-11 12:25 - 2015-02-03 04:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-11 12:25 - 2015-02-03 04:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-11 12:25 - 2015-02-03 04:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-11 12:25 - 2015-02-03 04:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-11 12:25 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-11 12:25 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-11 12:25 - 2015-02-03 04:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-11 12:25 - 2015-02-03 04:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-11 12:25 - 2015-02-03 04:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-11 12:25 - 2015-02-03 04:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-11 12:25 - 2015-02-03 04:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-11 12:25 - 2015-02-03 04:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-11 12:25 - 2015-02-03 04:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-11 12:25 - 2015-02-03 04:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-11 12:25 - 2015-02-03 04:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-11 12:25 - 2015-02-03 04:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-11 12:25 - 2015-02-03 04:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-11 12:25 - 2015-02-03 04:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-11 12:25 - 2015-02-03 04:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 12:25 - 2015-02-03 04:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-11 12:25 - 2015-02-03 04:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-11 12:25 - 2015-02-03 04:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 12:25 - 2015-02-03 04:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-11 12:25 - 2015-02-03 04:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-11 12:25 - 2015-02-03 04:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-11 12:25 - 2015-02-03 04:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 12:25 - 2015-02-03 04:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-11 12:25 - 2015-02-03 04:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-11 12:25 - 2015-02-03 04:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 12:25 - 2015-02-03 04:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-11 12:25 - 2015-02-03 04:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-11 12:25 - 2015-02-03 04:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-11 12:25 - 2015-02-03 04:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-11 12:25 - 2015-02-03 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-11 12:25 - 2015-02-03 04:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-11 12:25 - 2015-02-03 04:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-11 12:25 - 2015-02-03 04:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-11 12:25 - 2015-02-03 04:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-11 12:25 - 2015-02-03 04:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-11 12:25 - 2015-02-03 04:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-11 12:25 - 2015-02-03 04:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-11 12:25 - 2015-02-03 04:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-11 12:25 - 2015-02-03 04:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-11 12:25 - 2015-02-03 04:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-11 12:25 - 2015-02-03 04:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-11 12:25 - 2015-02-03 04:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-11 12:25 - 2015-02-03 04:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-11 12:25 - 2015-02-03 04:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-11 12:25 - 2015-02-03 04:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-11 12:25 - 2015-02-03 04:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-11 12:25 - 2015-02-03 04:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-11 12:25 - 2015-02-03 04:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-11 12:25 - 2015-02-03 04:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-11 12:25 - 2015-02-03 04:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-11 12:25 - 2015-02-03 04:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-11 12:25 - 2015-02-03 04:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-11 12:25 - 2015-02-03 04:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-11 12:25 - 2015-02-03 04:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-11 12:25 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-11 12:25 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-11 12:25 - 2015-02-03 04:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-11 12:25 - 2015-02-03 04:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-11 12:25 - 2015-02-03 04:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-11 12:25 - 2015-02-03 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-11 12:25 - 2015-02-03 04:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-11 12:25 - 2015-02-03 03:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-11 12:25 - 2015-01-31 04:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-11 12:25 - 2015-01-31 04:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-03-11 12:25 - 2015-01-31 00:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-11 12:25 - 2014-10-31 23:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-11 12:24 - 2015-02-13 06:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-11 12:24 - 2015-02-13 06:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 12:24 - 2015-02-03 04:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 12:24 - 2015-02-03 04:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-11 12:23 - 2015-03-06 06:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-11 12:23 - 2015-03-06 06:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-11 12:23 - 2015-03-06 06:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 12:23 - 2015-03-06 06:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 12:23 - 2015-03-06 06:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 12:23 - 2015-03-06 06:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 12:23 - 2015-03-06 06:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 12:23 - 2015-03-06 06:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 12:23 - 2015-03-06 06:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 12:23 - 2015-03-06 06:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 12:23 - 2015-03-06 06:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 12:23 - 2015-03-06 06:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 12:23 - 2015-03-06 06:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 12:23 - 2015-03-06 06:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-11 12:23 - 2015-03-06 06:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 12:23 - 2015-03-06 06:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-11 12:23 - 2015-03-06 06:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-11 12:23 - 2015-03-06 06:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-11 12:23 - 2015-03-06 06:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-11 12:23 - 2015-03-06 06:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-11 12:23 - 2015-03-06 06:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-11 12:23 - 2015-03-06 06:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-11 12:23 - 2015-03-06 06:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-11 12:23 - 2015-03-06 06:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-11 12:23 - 2015-03-06 06:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-11 12:23 - 2015-03-06 06:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-11 12:23 - 2015-03-06 06:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-11 12:23 - 2015-03-06 06:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-11 12:23 - 2015-03-06 06:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-11 12:23 - 2015-03-06 06:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-11 12:23 - 2015-03-06 06:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-11 12:23 - 2015-02-26 04:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 12:23 - 2015-02-03 04:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 12:23 - 2015-02-03 04:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-11 12:23 - 2015-01-31 00:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 12:22 - 2015-02-24 04:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 12:22 - 2015-02-24 03:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-11 12:22 - 2015-02-21 02:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 12:22 - 2015-02-21 01:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-11 12:22 - 2015-02-21 01:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-11 12:22 - 2015-02-21 01:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-11 12:22 - 2015-02-21 01:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-11 12:22 - 2015-02-21 00:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 12:22 - 2015-02-21 00:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-11 12:22 - 2015-02-20 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 12:22 - 2015-02-20 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-11 12:22 - 2015-02-20 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-11 12:22 - 2015-02-20 03:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 12:22 - 2015-02-20 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-11 12:22 - 2015-02-20 03:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 12:22 - 2015-02-20 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 12:22 - 2015-02-20 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 12:22 - 2015-02-20 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-11 12:22 - 2015-02-20 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 12:22 - 2015-02-20 03:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 12:22 - 2015-02-20 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-11 12:22 - 2015-02-20 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 12:22 - 2015-02-20 03:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 12:22 - 2015-02-20 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-11 12:22 - 2015-02-20 03:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-11 12:22 - 2015-02-20 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 12:22 - 2015-02-20 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 12:22 - 2015-02-20 03:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-11 12:22 - 2015-02-20 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-11 12:22 - 2015-02-20 03:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-11 12:22 - 2015-02-20 03:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-11 12:22 - 2015-02-20 03:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-11 12:22 - 2015-02-20 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 12:22 - 2015-02-20 03:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-11 12:22 - 2015-02-20 03:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-11 12:22 - 2015-02-20 03:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-11 12:22 - 2015-02-20 02:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-11 12:22 - 2015-02-20 02:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-11 12:22 - 2015-02-20 02:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-11 12:22 - 2015-02-20 02:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 12:22 - 2015-02-20 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 12:22 - 2015-02-20 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-11 12:22 - 2015-02-20 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 12:22 - 2015-02-20 02:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 12:22 - 2015-02-20 02:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-11 12:22 - 2015-02-20 02:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-11 12:22 - 2015-02-20 02:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-11 12:22 - 2015-02-20 02:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 12:22 - 2015-02-20 02:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-11 12:22 - 2015-02-20 02:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-11 12:22 - 2015-02-20 02:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-11 12:22 - 2015-02-20 02:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 12:22 - 2015-02-20 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 12:22 - 2015-02-20 02:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-11 12:22 - 2015-02-20 01:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-11 12:22 - 2015-02-20 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-11 12:21 - 2015-02-04 04:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 12:21 - 2015-02-04 03:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-05 15:15 - 2015-03-05 15:15 - 00129536 _____ () C:\Users\Wendy\Downloads\Floor-Layout11x17.vst
2015-03-05 15:09 - 2015-03-05 15:09 - 00000000 ____D () C:\Users\Wendy\Downloads\EVS_Shapes2015
2015-03-05 15:08 - 2015-03-05 15:08 - 05594604 _____ () C:\Users\Wendy\Downloads\EVS_Shapes2015.zip

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-03 17:21 - 2009-07-14 05:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-03 17:21 - 2009-07-14 05:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-03 17:19 - 2009-07-14 06:13 - 00890440 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-03 17:15 - 2014-06-13 18:55 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-04-03 17:15 - 2010-01-17 05:53 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2015-04-03 17:14 - 2014-06-13 17:27 - 00000071 _____ () C:\Windows\SysWOW64\ToasterLauncherLog.log
2015-04-03 17:14 - 2014-06-13 17:25 - 00000000 ____D () C:\Users\Wendy\AppData\Local\SoftThinks
2015-04-03 17:13 - 2015-03-03 16:45 - 00000292 _____ () C:\Windows\Tasks\AutoKMS.job
2015-04-03 17:13 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-03 13:10 - 2014-06-14 20:23 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-03 12:31 - 2015-03-03 14:22 - 00000000 ____D () C:\Users\Wendy\AppData\Local\Obvics
2015-04-03 12:31 - 2015-03-03 14:21 - 00000000 ____D () C:\Users\Wendy\AppData\Local\Unfdmedia
2015-04-02 19:36 - 2014-06-14 19:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-04-02 19:36 - 2014-06-14 19:47 - 00000000 ____D () C:\Program Files\CCleaner
2015-04-02 17:52 - 2014-06-14 19:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-02 17:47 - 2010-01-17 05:48 - 00000000 ____D () C:\Program Files (x86)\WildTangent
2015-04-02 17:47 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-04-02 17:44 - 2010-01-17 05:48 - 00000000 ____D () C:\ProgramData\WildTangent
2015-04-02 17:26 - 2015-03-02 15:08 - 00000000 ____D () C:\Users\Wendy\Downloads\Microsoft Visio Professional 2013 SP1 (32Bit Windows) English Version
2015-04-02 17:26 - 2014-06-14 18:54 - 00000000 ____D () C:\Users\Wendy\Documents\KEIRANS STUFF
2015-04-02 14:04 - 2014-06-13 18:55 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-04-02 14:04 - 2014-06-13 18:55 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-04-02 14:04 - 2014-06-13 18:55 - 00271200 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-04-02 14:04 - 2014-06-13 18:55 - 00136752 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-04-02 14:04 - 2014-06-13 18:55 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-04-02 14:04 - 2014-06-13 18:55 - 00088408 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-04-02 14:04 - 2014-06-13 18:55 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-04-02 14:04 - 2014-06-13 18:55 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-04-01 13:41 - 2014-06-14 19:49 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-04-01 12:55 - 2014-06-14 18:50 - 00000000 ____D () C:\Users\Wendy\Documents\KC UNI WORK
2015-04-01 02:30 - 2015-03-03 16:05 - 00000000 ____D () C:\Users\Wendy\Downloads\TEU_OFFICE_2010_SP1
2015-03-27 00:03 - 2014-06-13 18:31 - 00000000 ____D () C:\Users\Wendy\AppData\Local\Google
2015-03-27 00:03 - 2014-06-13 18:31 - 00000000 ____D () C:\Program Files (x86)\Google
2015-03-27 00:02 - 2014-06-13 18:05 - 00000000 ____D () C:\Users\Wendy\AppData\Local\Deployment
2015-03-24 03:36 - 2015-03-02 14:49 - 00000000 ____D () C:\Users\Wendy\AppData\Roaming\DAEMON Tools Lite
2015-03-24 03:36 - 2015-02-09 15:14 - 00000000 ____D () C:\Users\Wendy\AppData\Roaming\uTorrent
2015-03-23 15:59 - 2014-06-14 19:49 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-03-12 13:01 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-12 06:55 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-03-12 06:03 - 2009-07-14 05:45 - 00332200 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-12 05:59 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-12 05:59 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-12 05:40 - 2010-01-17 05:45 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-12 05:16 - 2015-03-03 14:36 - 00000039 _____ () C:\Windows\vbaddin.ini
2015-03-12 04:39 - 2014-06-13 20:10 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-11 18:48 - 2014-06-13 20:10 - 122905856 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-10 17:54 - 2015-03-03 16:34 - 00000000 ____D () C:\Windows\AutoKMS
2015-03-10 17:50 - 2015-03-03 16:45 - 00002982 _____ () C:\Windows\System32\Tasks\AutoKMS
2015-03-09 13:25 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Resources
2015-03-04 20:15 - 2014-06-14 20:23 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-04 20:15 - 2014-06-14 20:23 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-04 20:15 - 2014-06-14 20:23 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-03-04 18:34 - 2014-06-19 17:55 - 00000000 ____D () C:\ProgramData\CanonIJPLM

==================== Files in the root of some directories =======

2015-02-27 00:22 - 2015-02-27 00:22 - 0000780 _____ () C:\Users\Wendy\AppData\Local\recently-used.xbel
2014-10-20 20:08 - 2014-10-20 20:08 - 0000000 _____ () C:\Users\Wendy\AppData\Local\{CC6C43C8-8320-4FF8-A260-89FC5D98842A}

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-03-25 01:51

==================== End Of Log ============================

ADDITION:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Wendy at 2015-04-03 17:28:11
Running from C:\Users\Wendy\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-3466866309-563164021-1857629891-1000\...\uTorrent) (Version: 3.4.2.38913 - BitTorrent Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.2.152 - Adobe Systems, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2215 - AVAST Software)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.4.1.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.3.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.1.0 - Canon Inc.)
Canon MG3500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3500_series) (Version: 1.01 - Canon Inc.)
Canon MG3500 series On-screen Manual (HKLM-x32\...\Canon MG3500 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon MG3500 series User Registration (HKLM-x32\...\Canon MG3500 series User Registration) (Version: - ‭Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.1.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.1.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.3.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 5.0.1.0406 - Disc Soft Ltd)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 2.31 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.3.44 - Dell)
Dell DataSafe Online (HKLM-x32\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.1.0031 - Dell, Inc.)
Dell Dock (HKLM\...\{E60B7350-EA5F-41E0-9D6F-E508781E36D2}) (Version: 2.0.0 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (Support Software) (HKLM-x32\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.5.09100 - Dell)
Dell System Detect (HKU\S-1-5-21-3466866309-563164021-1857629891-1000\...\9204f5692a8faf3b) (Version: 5.8.1.1 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1107.115.102 - ALPS ELECTRIC CO., LTD.)
Dell Wireless 1515 Driver Installation (HKLM-x32\...\{451517F1-7E41-400B-AA36-FB7E2563526D}) (Version: 7.0 - Dell)
doPDF (Version: 8.1.920 - Softland) Hidden
doPDF 8 (HKLM-x32\...\{7ced5c6b-4b09-4bd7-8707-b3cce8eead22}) (Version: 8.1.920 - Softland)
GeekBuddy (HKLM\...\{8EE6F031-FD37-45A2-95CE-696777FC4EC6}) (Version: 4.13.120 - Comodo Security Solutions Inc)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6272.0 - IDT)
Inkscape 0.91 (HKLM\...\{81922150-317E-4BB0-A31D-FF1C14F707C5}) (Version: 0.91 - inkscape.org)
Intel® Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1029 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
Java 7 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417060FF}) (Version: 7.0.600 - Oracle)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Marvell Miniport Driver (HKLM-x32\...\Marvell Miniport Driver) (Version: 11.10.5.3 - Marvell)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visio Premium 2010 (HKLM-x32\...\Office14.VISIO) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visio Premium 2010 (HKLM-x32\...\Office14.VISIOR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
novaPDF 8 add-in for Microsoft Office (x64) (HKLM\...\{17BD99A4-9C11-47D4-91AF-8814DD3FFCC2}) (Version: 8.1.920 - Softland)
novaPDF 8 add-in for Microsoft Office (x86) (HKLM-x32\...\{B6E0BB99-B532-4EC1-9D84-ACC8CED590B3}) (Version: 8.1.920 - Softland)
novaPDF 8 Printer Driver (HKLM\...\{3A1637B5-233D-47B1-B89F-EBF718C04CFD}) (Version: 8.1.920 - Softland)
PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.5424 - CyberLink Corp.)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 9.6.6 - Dell Inc.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0057-0000-0000-0000000FF1CE}_Office14.VISIO_{359ADBEC-068A-4CC9-9174-77AB8EDB867A}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{359ADBEC-068A-4CC9-9174-77AB8EDB867A}) (Version: - Microsoft)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.3.39 - Safer-Networking Ltd.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1186 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TurboCAD Professional 19 64-bit (HKLM\...\{C0C6CC1E-F2E1-4E75-A316-9E590987B4D1}) (Version: 19.1.323 - IMSIDesign)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-3466866309-563164021-1857629891-1000_Classes\CLSID\{056ADF40-C1D0-4CEB-94D2-4B82CB2C25F4}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP19\Program\Ties\SolidBodyTie.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3466866309-563164021-1857629891-1000_Classes\CLSID\{130E8ABC-A163-43b5-B9E5-A31C1B1CB7B4}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP19\Program\Draggers\BPMngr.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3466866309-563164021-1857629891-1000_Classes\CLSID\{15544F60-D775-4962-BEB4-E580346B1591}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP19\Program\Ties\ScetchTie.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3466866309-563164021-1857629891-1000_Classes\CLSID\{2017F29F-68F4-11D5-B9BF-00C0DF0625A5}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP19\Program\Draggers\SpiralTool.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3466866309-563164021-1857629891-1000_Classes\CLSID\{28696026-B7E6-11D0-9B3B-444553540000}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP19\Program\Filters\Jpeg.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3466866309-563164021-1857629891-1000_Classes\CLSID\{28A80F2D-0869-4E55-B0B3-0E44E64DC4C6}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP19\Program\Draggers\ExtRefManager.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3466866309-563164021-1857629891-1000_Classes\CLSID\{2C10CA50-05D0-11D2-8697-0000B46B691D}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP19\Program\Ties\ObjectTie.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3466866309-563164021-1857629891-1000_Classes\CLSID\{2F015029-FB7C-11D1-B8AC-000021452DB6}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP19\Program\Draggers\InsSmObj.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3466866309-563164021-1857629891-1000_Classes\CLSID\{45232FA2-65A2-11D2-8C4A-00403338C504}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP19\Program\Regens\RRectA.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3466866309-563164021-1857629891-1000_Classes\CLSID\{49E39851-1FC0-11D2-8698-0000B46B691D}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP19\Program\Ties\SmartHatch.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3466866309-563164021-1857629891-1000_Classes\CLSID\{554EDBD6-7585-40C5-9713-180E76DAC4FC}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP19\Program\Regens\TCImage.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3466866309-563164021-1857629891-1000_Classes\CLSID\{5B60CCED-F564-43BA-802B-01183FAA0A84}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP19\Program\Draggers\TCImageTool.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3466866309-563164021-1857629891-1000_Classes\CLSID\{6A3A61A2-D373-4B31-8164-263601C79016}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP19\Program\Draggers\TCRougness.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3466866309-563164021-1857629891-1000_Classes\CLSID\{6A481001-E531-11CF-A115-00A024158DAF}\localserver32 -> C:\Program Files\IMSIDesign\TCWP19\Program\tcw19.exe (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3466866309-563164021-1857629891-1000_Classes\CLSID\{6A481002-E531-11CF-A115-00A024158DAF}\localserver32 -> C:\Program Files\IMSIDesign\TCWP19\Program\tcw19.exe (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3466866309-563164021-1857629891-1000_Classes\CLSID\{6A481003-E531-11CF-A115-00A024158DAF}\localserver32 -> C:\Program Files\IMSIDesign\TCWP19\Program\tcw19.exe (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3466866309-563164021-1857629891-1000_Classes\CLSID\{6A481004-E531-11CF-A115-00A024158DAF}\localserver32 -> C:\Program Files\IMSIDesign\TCWP19\Program\tcw19.exe (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3466866309-563164021-1857629891-1000_Classes\CLSID\{6A481005-E531-11CF-A115-00A024158DAF}\localserver32 -> C:\Program Files\IMSIDesign\TCWP19\Program\tcw19.exe (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3466866309-563164021-1857629891-1000_Classes\CLSID\{6A481100-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP19\Program\ImsigxPS19.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3466866309-563164021-1857629891-1000_Classes\CLSID\{6A481801-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP19\Program\IMSIGX19.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3466866309-563164021-1857629891-1000_Classes\CLSID\{6A481802-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP19\Program\IMSIGX19.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3466866309-563164021-1857629891-1000_Classes\CLSID\{6A481803-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP19\Program\IMSIGX19.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3466866309-563164021-1857629891-1000_Classes\CLSID\{6A481804-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP19\Program\IMSIGX19.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3466866309-563164021-1857629891-1000_Classes\CLSID\{6A481805-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP19\Program\IMSIGX19.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3466866309-563164021-1857629891-1000_Classes\CLSID\{6A482001-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP19\Program\imsigxext\gxext19.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3466866309-563164021-1857629891-1000_Classes\CLSID\{6A482002-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP19\Program\imsigxext\gxext19.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3466866309-563164021-1857629891-1000_Classes\CLSID\{6A482003-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP19\Program\imsigxext\gxext19.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3466866309-563164021-1857629891-1000_Classes\CLSID\{6E1099B5-A2D4-11D5-BA2B-00C0DF0625A5}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP19\Program\Draggers\RevisionCloud.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3466866309-563164021-1857629891-1000_Classes\CLSID\{71E21C97-83FB-4242-8997-A52627FFEFF9}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP19\Program\Draggers\TCWeldSm.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3466866309-563164021-1857629891-1000_Classes\CLSID\{7657D07B-63D1-480B-B9E5-839E458E659E}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP19\Program\Ties\DimensionTie.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3466866309-563164021-1857629891-1000_Classes\CLSID\{7724BB36-B671-11D0-9B3B-444553540000}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP19\Program\Regens\Rrect.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3466866309-563164021-1857629891-1000_Classes\CLSID\{7724BB46-B671-11D0-9B3B-444553540000}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP19\Program\Regens\MfcSplin.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3466866309-563164021-1857629891-1000_Classes\CLSID\{8188189D-6F33-48f2-B54B-936205216521}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP19\Program\Ties\DCMMarkTie.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3466866309-563164021-1857629891-1000_Classes\CLSID\{90E611F0-DE07-11D2-ABC3-0000B46B691D}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP19\Program\Ties\ViewportTie.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3466866309-563164021-1857629891-1000_Classes\CLSID\{AFF6A5F1-41F6-4979-9D44-F1232D471F39}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP19\Program\TcTools\DOCCompareLaunchTool.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3466866309-563164021-1857629891-1000_Classes\CLSID\{BDA1344C-D91F-4557-BBB1-59C5B1AD1645}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP19\Program\Draggers\TCPssWiz.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3466866309-563164021-1857629891-1000_Classes\CLSID\{BF0BBC85-A311-11D3-A82D-00C0DF246524}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP19\Program\TcTools\PalTool.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3466866309-563164021-1857629891-1000_Classes\CLSID\{C9ACD2AA-AB9F-40DE-AFBE-1350D6BCB291}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP19\Program\Draggers\TCTrnTools.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3466866309-563164021-1857629891-1000_Classes\CLSID\{D732323E-7207-465d-9924-BCBAFE352435}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP19\Program\Ties\CompoundProfileTie.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3466866309-563164021-1857629891-1000_Classes\CLSID\{EFFDB231-8367-11D2-82F5-006052012837}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP19\Program\Draggers\InsTool.dll (IMSIDesign, LLC)

==================== Restore Points =========================

02-04-2015 01:26:53 Removed Sophos Virus Removal Tool.
02-04-2015 01:28:13 Removed Sophos Virus Removal Tool.
02-04-2015 01:50:19 Installing COMODO Firewall
02-04-2015 01:53:51 Device Driver Package Install: COMODO Network Service
02-04-2015 14:02:41 avast! antivirus system restore point
02-04-2015 17:16:42 Revo Uninstaller's restore point - Malwarebytes Anti-Malware version 2.1.4.1018
02-04-2015 17:20:35 Revo Uninstaller's restore point - Chromodo
02-04-2015 17:32:02 Removing COMODO Firewall
02-04-2015 17:39:25 Revo Uninstaller's restore point - Spybot - Search & Destroy
02-04-2015 17:42:49 Revo Uninstaller's restore point - WildTangent Games

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-14 03:34 - 2015-04-02 17:42 - 00451438 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
89.163.213.141 www.google-analytics.com.
89.163.213.141 google-analytics.com.
89.163.213.141 connect.facebook.net.
162.247.13.77 www.google-analytics.com.
162.247.13.77 google-analytics.com.
162.247.13.77 connect.facebook.net.
85.25.107.102 www.google-analytics.com.
85.25.107.102 google-analytics.com.
85.25.107.102 connect.facebook.net.
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {1BAE4023-9A4A-4C48-8936-BB5C78367F0E} - System32\Tasks\doPDF Update => C:\Program Files\Softland\novaPDF 8\Driver\UpdateApplication.exe [2014-11-21] ()
Task: {33D7E915-1453-4DF8-8019-19D3C5BEC4BA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
Task: {405DB347-F73F-4237-B0E9-257D80BEDD43} - System32\Tasks\{0BDD336B-3203-460F-BD2A-0C5B4885988F} => pcalua.exe -a "C:\Users\Wendy\Downloads\Win_seven64_Intel® Graphics Media Accelerator Driver 15.17.15.64.2281.exe" -d C:\Users\Wendy\Downloads
Task: {4F4AC3B2-E9E1-4E7A-BC12-CC5A3A5897B2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-27] (Google Inc.)
Task: {68ED0220-5206-461A-AEEE-9B9643C71E9F} - System32\Tasks\{99D6DCDB-398D-450D-8FB9-2846431E58B7} => pcalua.exe -a C:\Users\Wendy\AppData\Roaming\mystartsearch\UninstallManager.exe -c -ptid=smt
Task: {73662A0E-515F-46E2-B801-E3A38A910466} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-04] (Adobe Systems Incorporated)
Task: {9EE78EE3-D1BD-434A-B371-322C076597B2} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {B34A2C32-A987-4BD5-B6CD-C7A3FBB87850} - System32\Tasks\AutoKMS => C:\windows\AutoKMS\AutoKMS.exe
Task: {BA8F59B7-BD67-42D2-82DB-50FAD2FF8103} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {C8B4925D-1541-4378-90AF-86B9295BEA9F} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-04-02] (Avast Software s.r.o.)
Task: {CA7A6651-DC87-4250-98AC-534AD84C3955} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {CB394D29-D2CB-420A-9EAB-DB66024A4056} - System32\Tasks\icardagt => C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\IEUpdate\icardagt.exe
Task: {E974750A-39F0-46A0-9F1F-164B0ACE7FF7} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {ECE8102A-C04D-4B95-805F-AE5983F80BC8} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\windows\AutoKMS\AutoKMS.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d06818e12cad9c.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) ==============

2014-06-19 17:55 - 2013-05-14 18:50 - 00140936 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2014-11-21 21:06 - 2014-11-21 21:06 - 00137368 _____ () C:\Program Files\Softland\novaPDF 8\Server\AgileDotNetRT64.dll
2014-11-21 21:06 - 2014-11-21 21:06 - 00032032 _____ () C:\Program Files\Softland\novaPDF 8\Server\CryptUtil.dll
2014-11-21 21:06 - 2014-11-21 21:06 - 00026912 _____ () C:\Program Files\Softland\novaPDF 8\Server\WAFServicePlugin.dll
2010-01-17 05:54 - 2009-09-17 20:06 - 00410864 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
2015-04-02 14:04 - 2015-04-02 14:04 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-04-02 14:04 - 2015-04-02 14:04 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-04-02 18:47 - 2015-04-02 18:47 - 02923520 _____ () C:\Program Files\AVAST Software\Avast\defs\15040202\algo.dll
2015-04-03 17:19 - 2015-04-03 17:19 - 02923520 _____ () C:\Program Files\AVAST Software\Avast\defs\15040300\algo.dll
2014-06-14 19:49 - 2014-04-25 14:11 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-06-14 19:49 - 2014-04-25 14:11 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-06-14 19:49 - 2014-04-25 14:11 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2010-01-17 05:53 - 2009-09-17 20:04 - 00115952 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\PSTVdsDisk.dll
2010-01-17 05:53 - 2009-09-17 20:05 - 00128240 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
2014-06-14 19:49 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2010-01-17 05:53 - 2009-09-17 20:04 - 01123568 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\LibXml2.dll
2010-01-17 05:53 - 2009-09-17 20:05 - 00079088 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
2010-01-17 05:53 - 2009-09-17 20:05 - 00234736 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
2010-01-17 05:53 - 2009-09-17 20:05 - 00074992 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
2010-01-17 05:53 - 2009-09-17 20:05 - 00111856 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
2010-01-17 05:53 - 2009-09-17 20:05 - 00121072 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
2010-01-17 05:53 - 2009-09-17 20:05 - 00025840 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\SftBRCC.dll
2010-01-17 05:53 - 2009-09-17 20:05 - 00025840 _____ () C:\program files (x86)\Dell DataSafe Local Backup\SftBRCCPiped.dll
2010-01-17 05:53 - 2009-09-17 20:05 - 00025840 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STBRCCServCLR.dll
2015-04-02 14:04 - 2015-04-02 14:04 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-04-03 12:38 - 2015-03-30 22:07 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libglesv2.dll
2015-04-03 12:36 - 2015-03-30 22:07 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libegl.dll
2015-04-03 12:40 - 2015-03-30 22:07 - 09279304 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\pdf.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

AlternateDataStreams: C:\Windows\avastSS.scr:$CmdTcID
AlternateDataStreams: C:\ProgramData\TEMP:73D40B90
AlternateDataStreams: C:\Users\Wendy\Downloads\CHECK LIST FOR SPLIT CONTRACTS (1).eml:OECustomProperty
AlternateDataStreams: C:\Users\Wendy\Downloads\CHECK LIST FOR SPLIT CONTRACTS (2).eml:OECustomProperty
AlternateDataStreams: C:\Users\Wendy\Downloads\CHECK LIST FOR SPLIT CONTRACTS.eml:OECustomProperty
AlternateDataStreams: C:\Users\Wendy\Downloads\FW YOUR HOLIDAY AT ESTUARY COTTAGE Confirmation of Booking.eml:OECustomProperty
AlternateDataStreams: C:\Users\Wendy\Downloads\mbam-rules-2015.03.26.zip:$CmdZnID
AlternateDataStreams: C:\Users\Wendy\Downloads\Returns not being picked up. (1).eml:OECustomProperty
AlternateDataStreams: C:\Users\Wendy\Downloads\Returns not being picked up..eml:OECustomProperty
AlternateDataStreams: C:\Users\Wendy\Downloads\revosetup.exe:$CmdTcID
AlternateDataStreams: C:\Users\Wendy\Downloads\revosetup.exe:$CmdZnID
AlternateDataStreams: C:\Users\Wendy\Downloads\rkill (1).exe:$CmdTcID
AlternateDataStreams: C:\Users\Wendy\Downloads\rkill (1).exe:$CmdZnID
AlternateDataStreams: C:\Users\Wendy\Downloads\vpsupd.exe:$CmdTcID
AlternateDataStreams: C:\Users\Wendy\Downloads\vpsupd.exe:$CmdZnID

==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMSwissArmy => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3466866309-563164021-1857629891-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Wendy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk => C:\Windows\pss\Dell Dock.lnk.Startup
MSCONFIG\startupreg: BluetoothS => rundll32.exe "%appdata%\BtvStack.dll",BTHF_Register
MSCONFIG\startupreg: CanonQuickMenu => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
MSCONFIG\startupreg: Dell DataSafe Online => "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m

==================== Accounts: =============================

Administrator (S-1-5-21-3466866309-563164021-1857629891-500 - Administrator - Disabled)
Guest (S-1-5-21-3466866309-563164021-1857629891-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3466866309-563164021-1857629891-1002 - Limited - Enabled)
Wendy (S-1-5-21-3466866309-563164021-1857629891-1000 - Administrator - Enabled) => C:\Users\Wendy

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/03/2015 05:12:11 PM) (Source: PerfNet) (EventID: 2002) (User: )
Description:

Error: (04/03/2015 05:12:11 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description:

Error: (04/03/2015 01:35:12 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.


System errors:
=============
Error: (04/03/2015 05:14:48 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: D@01010004

Error: (04/03/2015 05:14:48 PM) (Source: VDS Basic Provider) (EventID: 1) (User: )
Description: Unexpected failure. Error code: D@01010004

Error: (04/03/2015 05:14:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053

Error: (04/03/2015 05:14:09 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (04/03/2015 01:57:48 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (04/03/2015 01:57:48 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (04/03/2015 01:57:48 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (04/03/2015 01:57:48 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (04/03/2015 01:57:48 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068

Error: (04/03/2015 01:57:48 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Processor: Celeron® Dual-Core CPU T3000 @ 1.80GHz
Percentage of memory in use: 50%
Total physical RAM: 3032.36 MB
Available physical RAM: 1511.95 MB
Total Pagefile: 6062.91 MB
Available Pagefile: 4067.41 MB
Total Virtual: 8192 MB
Available Virtual: 8191.81 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:283.4 GB) (Free:147.28 GB) NTFS
Drive e: (KC USB) (Removable) (Total:3.73 GB) (Free:2.5 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 983F7C98)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=283.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 3.7 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================

BC AdBot (Login to Remove)

 


m

#2 KCMCR

KCMCR
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 03 April 2015 - 12:13 PM

Also if it's any relevance I am seeing this error when starting up the laptop:

There was a problem starting C:\Users\Wendy\AppData\Roaming\BtvStack.dll

The specified module could not be found.

Also, I noticed an error message (in a normal windows message) saying that something could not be started because it contains a virus. Before I could take note, I already dismissed it & it has yet to pop up again regardless of 2 reboots.

#3 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:44 PM

Posted 03 April 2015 - 12:25 PM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
How is the computer running after the following fix:

Step 1

frst.pngfrstfix.png

Press thew7.png + R on your keyboard at the same time. Type notepad and click OK.
  • Copy the entire content of the codebox below and paste into the notepad document:
    CloseProcesses:
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    ShellIconOverlayIdentifiers: [0WinSecurityProvider] -> {F76FA5C2-3B6A-451E-8CA5-34C8D0AE0637} => No File
    HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local: [ActivePolicy] SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecPolicy{17901de0-5cdc-4878-ae45-e8d40666e6e1} 
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-3466866309-563164021-1857629891-1000 -> {DA317819-8479-4E90-91C9-0D1294396876} URL =
    BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
    Toolbar: HKU\S-1-5-21-3466866309-563164021-1857629891-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
    Task: {68ED0220-5206-461A-AEEE-9B9643C71E9F} - System32\Tasks\{99D6DCDB-398D-450D-8FB9-2846431E58B7} => pcalua.exe -a C:\Users\Wendy\AppData\Roaming\mystartsearch\UninstallManager.exe 
    Task: {B34A2C32-A987-4BD5-B6CD-C7A3FBB87850} - System32\Tasks\AutoKMS => C:\windows\AutoKMS\AutoKMS.exe
    Task: {CB394D29-D2CB-420A-9EAB-DB66024A4056} - System32\Tasks\icardagt => C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\IEUpdate\icardagt.exe
    Task: C:\Windows\Tasks\AutoKMS.job => C:\windows\AutoKMS\AutoKMS.exe
    AlternateDataStreams: C:\ProgramData\TEMP:73D40B90
    C:\windows\AutoKMS\
    C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\IEUpdate
    C:\Users\Wendy\AppData\Roaming\mystartsearch
    HKU\S-1-5-21-3466866309-563164021-1857629891-1000\...\Run: [BluetoothS] => rundll32.exe "%appdata%\BtvStack.dll",BTHF_Register
    
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please post it to your reply.

Edited by deeprybka, 03 April 2015 - 12:26 PM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#4 KCMCR

KCMCR
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 03 April 2015 - 01:22 PM

Good evening Jurgen & thank you for assisting me!

Having followed your instructions, here is the results copied from Fixlog.txt:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Wendy at 2015-04-03 19:16:47 Run:1
Running from C:\Users\Wendy\Desktop\frst
Loaded Profiles: Wendy (Available profiles: Wendy)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
CloseProcesses:
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
ShellIconOverlayIdentifiers: [0WinSecurityProvider] ->
{F76FA5C2-3B6A-451E-8CA5-34C8D0AE0637} => No File
HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local: [ActivePolicy] SOFTWARE\Policies\Microsoft\Windows\IPSEC\Policy\Local\ipsecPolicy{17901de0-5cdc-4878-ae45-e8d40666e6e1}
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3466866309-563164021-1857629891-1000 -> {DA317819-8479-4E90-91C9-0D1294396876} URL =
BHO-x32: No Name -> {5C255C8A-E604-49b4-9D64-90988571CECB} -> No File
Toolbar: HKU\S-1-5-21-3466866309-563164021-1857629891-1000 -> No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
Task: {68ED0220-5206-461A-AEEE-9B9643C71E9F} - System32\Tasks\{99D6DCDB-398D-450D-8FB9-2846431E58B7} => pcalua.exe -a
C:\Users\Wendy\AppData\Roaming\mystartsearch\UninstallManager.exe
Task: {B34A2C32-A987-4BD5-B6CD-C7A3FBB87850} - System32\Tasks\AutoKMS => C:\windows\AutoKMS\AutoKMS.exe
Task: {CB394D29-D2CB-420A-9EAB-DB66024A4056} - System32\Tasks\icardagt => C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\IEUpdate\icardagt.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\windows\AutoKMS\AutoKMS.exe
AlternateDataStreams: C:\ProgramData\TEMP:73D40B90
C:\windows\AutoKMS\
C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\IEUpdate
C:\Users\Wendy\AppData\Roaming\mystartsearch
*****************

Processes closed successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => Key deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ShellIconOverlayIdentifiers: [0WinSecurityProvider] -> => Key not found.
HKCR\CLSID\ShellIconOverlayIdentifiers: [0WinSecurityProvider] -> => Key not found.
{F76FA5C2-3B6A-451E-8CA5-34C8D0AE0637} => No File => Error: No automatic fix found for this entry.
HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local\\ActivePolicy => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
"HKU\S-1-5-21-3466866309-563164021-1857629891-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DA317819-8479-4E90-91C9-0D1294396876}" => Key deleted successfully.
HKCR\CLSID\{DA317819-8479-4E90-91C9-0D1294396876} => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB} => Key not found.
HKU\S-1-5-21-3466866309-563164021-1857629891-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => value deleted successfully.
HKCR\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068} => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{68ED0220-5206-461A-AEEE-9B9643C71E9F}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{68ED0220-5206-461A-AEEE-9B9643C71E9F}" => Key deleted successfully.
C:\Windows\System32\Tasks\{99D6DCDB-398D-450D-8FB9-2846431E58B7} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{99D6DCDB-398D-450D-8FB9-2846431E58B7}" => Key deleted successfully.
"C:\Users\Wendy\AppData\Roaming\mystartsearch\UninstallManager.exe" => File/Directory not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{B34A2C32-A987-4BD5-B6CD-C7A3FBB87850}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B34A2C32-A987-4BD5-B6CD-C7A3FBB87850}" => Key deleted successfully.
C:\Windows\System32\Tasks\AutoKMS => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\AutoKMS" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CB394D29-D2CB-420A-9EAB-DB66024A4056}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CB394D29-D2CB-420A-9EAB-DB66024A4056}" => Key deleted successfully.
C:\Windows\System32\Tasks\icardagt => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\icardagt" => Key deleted successfully.
C:\Windows\Tasks\AutoKMS.job => Moved successfully.
C:\ProgramData\TEMP => ":73D40B90" ADS removed successfully.
C:\windows\AutoKMS => Moved successfully.
C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\IEUpdate => Moved successfully.
"C:\Users\Wendy\AppData\Roaming\mystartsearch" => File/Directory not found.


The system needed a reboot.

==== End of Fixlog 19:17:34 ====

#5 KCMCR

KCMCR
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 03 April 2015 - 01:25 PM

Jurgen, I have just checked my access to PC security sites and I am good!

Also, I can update Makwarebytes successfully!

Do I need to do anything else?

& what software do you recommend I use to protect this laptop?

Keiran.

#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:44 PM

Posted 03 April 2015 - 01:32 PM

Hi,

Step 1

frst.pngfrstfix.png

Press thew7.png + R on your keyboard at the same time. Type notepad and click OK.
  • Copy the entire content of the codebox below and paste into the notepad document:
    HKU\S-1-5-21-3466866309-563164021-1857629891-1000\...\Run: [BluetoothS] => rundll32.exe "%appdata%\BtvStack.dll",BTHF_Register
    DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BluetoothS
    
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please post it to your reply.

Step 2

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed, click on Finish
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
esetlog.png

Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif

Step 3

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 KCMCR

KCMCR
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 03 April 2015 - 03:01 PM

Hi.

STEP ONE FRST LOG:
 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Wendy at 2015-04-03 19:35:50 Run:2
Running from C:\Users\Wendy\Desktop\Security & Antivirus
Loaded Profiles: Wendy (Available profiles: Wendy)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
HKU\S-1-5-21-3466866309-563164021-1857629891-1000\...\Run: [BluetoothS] => rundll32.exe "%appdata%\BtvStack.dll",BTHF_Register
DeleteKey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BluetoothS
*****************
 
HKU\S-1-5-21-3466866309-563164021-1857629891-1000\Software\Microsoft\Windows\CurrentVersion\Run\\BluetoothS => value deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\BluetoothS => Key Deleted successfully.
 
==== End of Fixlog 19:35:50 ====

-------------------------------------------------------------------------------------------
 
STEP TWO ESET LOG:

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=b27e0b2603325f4a895673fad01d96f5
# engine=23226
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-04-03 07:50:59
# local_time=2015-04-03 08:50:59 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 71 91 107526 25408574 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 4864 180555709 0 0
# scanned=167593
# found=2
# cleaned=1
# scan_time=4303
sh=1D75E76DC1D31020AE53C6F01F2B59B2DB0CC6E4 ft=1 fh=12f1a43d2b86298f vn="a variant of Win32/Kryptik.DCRZ trojan" ac=I fn="C:\Users\All Users\Microsoft\Security\Client\temp\tmp695C.exe"
sh=1D75E76DC1D31020AE53C6F01F2B59B2DB0CC6E4 ft=1 fh=12f1a43d2b86298f vn="a variant of Win32/Kryptik.DCRZ trojan (cleaned by deleting - quarantined)" ac=C fn="C:\ProgramData\Microsoft\Security\Client\temp\tmp695C.exe"

***I THEN DELETED (CLEANED) THE REMAINING TROJAN WHICH WAS LEFT IN QUARANTINE.***

--------------------------------------------------------------------------------------------

 

STEP THREE FRST LOGS:

FRST LOG:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-03-2015
Ran by Wendy (administrator) on WENDY-PC on 03-04-2015 20:58:05
Running from C:\Users\Wendy\Desktop\Security & Antivirus
Loaded Profiles: Wendy (Available profiles: Wendy)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IDT, Inc.) C:\WINDOWS\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\stacsv64.exe
(Stardock Corporation) C:\Program Files\Dell\DellDock\DockLogin.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Andrea Electronics Corporation) C:\WINDOWS\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Microsoft) C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(SoftThinks) C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
() C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
(SoftThinks - Dell) C:\Program Files (x86)\Dell DataSafe Local Backup\Toaster.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
(Intel Corporation) C:\WINDOWS\System32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\System32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\System32\igfxpers.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Intel Corporation) C:\WINDOWS\System32\igfxsrvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(CANON INC.) C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
(Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
(Microsoft Corporation) C:\WINDOWS\System32\vds.exe
(SupportSoft, Inc.) C:\Program Files (x86)\Dell Support Center\bin\sprtsvc.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\WINDOWS\System32\vdsldr.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [384296 2010-04-05] (Alps Electric Co., Ltd.)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [3180624 2009-07-02] (Dell Inc.)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-02-26] (IDT, Inc.)
HKLM-x32\...\Run: [PDVDDXSrv] => C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe [140520 2009-06-25] (CyberLink Corp.)
HKLM-x32\...\Run: [DellSupportCenter] => C:\Program Files (x86)\Dell Support Center\bin\sprtcmd.exe [206064 2009-05-21] (SupportSoft, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5512912 2015-04-02] (Avast Software s.r.o.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [453736 2013-02-19] (CANON INC.)
HKLM-x32\...\RunOnce: [Launcher] => C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe [165104 2009-09-17] (Softthinks)
HKLM-x32\...\RunOnce: [STToasterLauncher] => C:\program files (x86)\Dell DataSafe Local Backup\toasterLauncher.exe [120048 2009-09-17] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3466866309-563164021-1857629891-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7451928 2015-03-13] (Piriform Ltd)
HKU\S-1-5-21-3466866309-563164021-1857629891-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7806744 2015-03-23] (SUPERAntiSpyware)
HKU\S-1-5-21-3466866309-563164021-1857629891-1000\...\Run: [DellSystemDetect] => C:\Users\Wendy\AppData\Local\Apps\2.0\XT6E4LTY.N4D\EBHWLT2J.W1W\dell..tion_0f612f649c4a10af_0005.0008_a4204ff54ae5d3ac\DellSystemDetect.exe [262720 2014-06-13] (Dell)
HKU\S-1-5-21-3466866309-563164021-1857629891-1000\...\MountPoints2: {b5a5ecf9-c199-11e4-9856-a4badb9a343c} - E:\autorun.exe
HKU\S-1-5-21-3466866309-563164021-1857629891-1000\...\MountPoints2: {fda523ed-c0d8-11e4-ac52-a4badb9a343c} - E:\SETUP.EXE
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2014-06-13] (Microsoft Corporation)
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [0WinSecurityProvider] -> {F76FA5C2-3B6A-451E-8CA5-34C8D0AE0637} =>  No File
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = www.google.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = www.google.com
HKU\S-1-5-21-3466866309-563164021-1857629891-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM -> {DA317819-8479-4E90-91C9-0D1294396876} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {70689E1B-FCA0-44EC-AF32-F4F2E1159E74} URL = http://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexbho.dll [2014-01-24] (CANON INC.)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-02] (Avast Software s.r.o.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-01-24] (CANON INC.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-07-30] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-02] (Avast Software s.r.o.)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-07-30] (Oracle Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\addon64\ewpexhlp.dll [2014-01-24] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-01-24] (CANON INC.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{4F488E74-73BD-43D1-B98A-5A00ED9CBD18}: [NameServer] 8.8.8.8,8.8.8.8
Tcpip\..\Interfaces\{ED638BC7-4B6A-4562-9061-3159CCC5C122}: [NameServer] 8.8.8.8,8.8.8.8
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_16_0_0_305.dll [2015-02-05] ()
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-06-14] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-06-14] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_16_0_0_305.dll [2015-02-05] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1212152.dll [2014-05-30] (Adobe Systems, Inc.)
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-30] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-27] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-03-27] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-06-13]
 
Chrome: 
=======
CHR HomePage: Default -> hxxp://www.google.co.uk/
CHR StartupUrls: Default -> "hxxp://www.google.co.uk/"
CHR Profile: C:\Users\Wendy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-27]
CHR Extension: (Facebook Video Downloader) - C:\Users\Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\amjcoehkcacocffpmhnefgoeanepjfkf [2015-03-27]
CHR Extension: (Google Docs) - C:\Users\Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-27]
CHR Extension: (Google Drive) - C:\Users\Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-03-27]
CHR Extension: (YouTube) - C:\Users\Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-03-27]
CHR Extension: (Google Search) - C:\Users\Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-03-27]
CHR Extension: (Google Sheets) - C:\Users\Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-27]
CHR Extension: (Avast Online Security) - C:\Users\Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-03-27]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-31]
CHR Extension: (Google Wallet) - C:\Users\Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-03-27]
CHR Extension: (Gmail) - C:\Users\Wendy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-27]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-04-02]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
R2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\AESTSr64.exe [89600 2009-03-03] (Andrea Electronics Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-02] (Avast Software s.r.o.)
S3 Disc Soft Lite Bus Service; C:\Program Files\DAEMON Tools Lite\DiscSoftBusService.exe [1272592 2015-02-27] (Disc Soft Ltd)
R2 DockLoginService; C:\Program Files\Dell\DellDock\DockLogin.exe [155648 2009-06-09] (Stardock Corporation) [File not signed]
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140936 2013-05-14] ()
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 NovaPdfServer; C:\Program Files\Softland\novaPDF 8\Server\novapdfs.exe [35616 2014-11-21] (Microsoft)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738200 2014-04-25] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2081752 2014-04-25] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_7f58c91b65c73836\STacSV64.exe [244736 2010-02-26] (IDT, Inc.)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-02] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [88408 2015-04-02] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-02] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-02] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-02] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-04-02] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [136752 2015-04-02] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [271200 2015-04-02] ()
R3 dtlitescsibus; C:\Windows\System32\DRIVERS\dtlitescsibus.sys [30352 2015-03-02] (Disc Soft Ltd)
S3 HtcVCom32; C:\Windows\System32\DRIVERS\HtcVComV64.sys [121800 2010-03-08] (QUALCOMM Incorporated)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-04-03] (REALiX™)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x64.sys [395264 2009-09-28] ()
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-03 19:37 - 2015-04-03 19:37 - 02347384 _____ (ESET) C:\Users\Wendy\Downloads\esetsmartinstaller_enu.exe
2015-04-03 19:37 - 2015-04-03 19:37 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-04-03 19:14 - 2015-04-03 20:58 - 00000000 ____D () C:\Users\Wendy\Desktop\Security & Antivirus
2015-04-03 18:37 - 2015-04-03 18:37 - 15969544 _____ (SUPERAdBlocker.com and SUPERAntiSpyware.com) C:\Users\Wendy\Downloads\SASDEFINITIONS.EXE
2015-04-03 18:24 - 2015-04-03 18:24 - 00000000 ____D () C:\ProgramData\ProductData
2015-04-03 18:23 - 2015-04-03 19:19 - 00002874 _____ () C:\Windows\System32\Tasks\Driver Booster SkipUAC (Wendy)
2015-04-03 18:23 - 2015-04-03 18:23 - 00003232 _____ () C:\Windows\System32\Tasks\Driver Booster Scan
2015-04-03 18:22 - 2015-04-03 18:23 - 00000000 ____D () C:\Users\Wendy\AppData\Roaming\IObit
2015-04-03 18:22 - 2015-04-03 18:22 - 00026528 _____ (REALiX™) C:\Windows\SysWOW64\Drivers\HWiNFO64A.SYS
2015-04-03 18:22 - 2015-04-03 18:22 - 00003176 _____ () C:\Windows\System32\Tasks\Driver Booster Update
2015-04-03 18:22 - 2015-04-03 18:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Booster 2
2015-04-03 18:22 - 2015-04-03 18:22 - 00000000 ____D () C:\Program Files (x86)\IObit
2015-04-03 18:21 - 2015-04-03 18:22 - 11673848 _____ (IObit ) C:\Users\Wendy\Downloads\driver_booster_setup.exe
2015-04-03 17:28 - 2015-04-03 17:29 - 00035645 _____ () C:\Users\Wendy\Downloads\Addition.txt
2015-04-03 17:26 - 2015-04-03 20:58 - 00000000 ____D () C:\FRST
2015-04-03 13:59 - 2015-04-03 13:59 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2015-04-03 00:22 - 2015-04-03 19:18 - 00000336 _____ () C:\Windows\setupact.log
2015-04-03 00:22 - 2015-04-03 00:22 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-02 20:45 - 2015-04-02 20:45 - 00000000 ____D () C:\Users\Wendy\AppData\Roaming\SUPERAntiSpyware.com
2015-04-02 20:44 - 2015-04-03 19:20 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-04-02 20:44 - 2015-04-02 20:44 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2015-04-02 20:44 - 2015-04-02 20:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-04-02 20:43 - 2015-04-02 20:43 - 21516696 _____ (SUPERAntiSpyware) C:\Users\Wendy\Downloads\SUPERAntiSpyware.exe
2015-04-02 20:24 - 2015-04-02 20:24 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Wendy\Downloads\tdsskiller.exe
2015-04-02 19:35 - 2015-04-02 19:36 - 05344528 _____ (Piriform Ltd) C:\Users\Wendy\Downloads\ccsetup504.exe
2015-04-02 19:28 - 2015-04-02 19:28 - 00001071 _____ () C:\Users\Wendy\Desktop\JRT.txt
2015-04-02 19:14 - 2015-04-02 19:14 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-WENDY-PC-Windows-7-Home-Premium-(64-bit).dat
2015-04-02 19:14 - 2015-04-02 19:14 - 00000000 ____D () C:\RegBackup
2015-04-02 19:12 - 2015-04-02 19:13 - 02690981 _____ (Thisisu) C:\Users\Wendy\Downloads\JRT.exe
2015-04-02 18:43 - 2015-04-02 19:10 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-04-02 18:42 - 2015-04-02 19:10 - 00000000 ____D () C:\Users\Wendy\Desktop\mbar
2015-04-02 18:41 - 2015-04-02 18:41 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Wendy\Downloads\mbar-1.09.1.1004.exe
2015-04-02 18:26 - 2015-04-02 18:26 - 02208768 _____ () C:\Users\Wendy\Downloads\adwcleaner_4.200.exe
2015-04-02 18:08 - 2015-04-03 19:24 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-02 18:07 - 2015-04-02 18:42 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-02 18:07 - 2015-04-02 18:08 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-02 18:07 - 2015-04-02 18:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-02 18:07 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-02 18:07 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-02 18:06 - 2015-04-02 18:06 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Wendy\Downloads\mbam-setup-2.1.4.1018 (2).exe
2015-04-02 17:51 - 2015-04-02 17:51 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Wendy\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-02 17:28 - 2015-04-02 17:28 - 00000000 ____D () C:\Users\Wendy\AppData\Roaming\VSRevoGroup
2015-04-02 17:15 - 2015-04-02 17:15 - 00001266 _____ () C:\Users\Wendy\Desktop\Revo Uninstaller.lnk
2015-04-02 17:15 - 2015-04-02 17:15 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-04-02 17:14 - 2015-04-02 17:15 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Wendy\Downloads\revosetup.exe
2015-04-02 15:35 - 2015-04-02 15:35 - 00000000 ____D () C:\Users\Wendy\Downloads\mbam-rules-2015.03.26
2015-04-02 15:34 - 2015-04-02 15:35 - 23928158 _____ () C:\Users\Wendy\Downloads\mbam-rules-2015.03.26.zip
2015-04-02 14:52 - 2015-04-02 15:33 - 00003412 _____ () C:\Users\Wendy\Desktop\Rkill.txt
2015-04-02 14:51 - 2015-04-02 14:52 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Wendy\Downloads\rkill (1).exe
2015-04-02 14:33 - 2015-04-02 14:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-04-02 14:25 - 2015-04-02 14:25 - 71724104 _____ (AVAST Software) C:\Users\Wendy\Downloads\vpsupd.exe
2015-04-02 14:04 - 2015-04-02 14:04 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-04-02 14:04 - 2015-04-02 14:04 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-04-02 01:49 - 2015-04-02 01:49 - 00002037 _____ () C:\Users\Wendy\Desktop\GeekBuddy.lnk
2015-04-02 01:48 - 2015-04-03 19:33 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
2015-04-02 01:48 - 2015-04-02 17:35 - 00000000 ____D () C:\Program Files\COMODO
2015-04-02 01:47 - 2015-04-02 17:22 - 00000000 ____D () C:\Program Files (x86)\Comodo
2015-04-02 01:45 - 2015-04-02 17:35 - 00000000 ____D () C:\ProgramData\Comodo
2015-04-02 01:40 - 2015-04-02 01:41 - 229979832 _____ (COMODO) C:\Users\Wendy\Downloads\cfw_installer.exe
2015-04-01 22:56 - 2015-04-01 22:56 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\Wendy\Downloads\kioskea.exe
2015-04-01 22:54 - 2015-04-01 22:54 - 01943800 _____ (Bleeping Computer, LLC) C:\Users\Wendy\Downloads\rkill.exe
2015-04-01 22:40 - 2015-04-01 22:54 - 00000000 ____D () C:\Users\Wendy\Desktop\rkill
2015-04-01 22:32 - 2015-04-03 18:23 - 00000000 ____D () C:\ProgramData\IObit
2015-04-01 22:00 - 2015-04-01 22:47 - 00000000 ____D () C:\ProgramData\MFAData
2015-04-01 22:00 - 2015-04-01 22:00 - 00000000 ____D () C:\Users\Wendy\AppData\Local\MFAData
2015-04-01 22:00 - 2015-04-01 22:00 - 00000000 ____D () C:\Users\Wendy\AppData\Local\Avg2015
2015-04-01 16:47 - 2015-04-01 16:47 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2015-04-01 16:46 - 2015-04-01 16:46 - 07747104 _____ (Malwarebytes Corporation ) C:\Users\Wendy\Downloads\mbam-rules.exe
2015-03-31 19:44 - 2015-04-02 12:23 - 00000000 ____D () C:\Users\Wendy\AppData\Local\inyqu
2015-03-27 19:11 - 2015-03-27 19:11 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\109D1695.sys
2015-03-27 19:07 - 2015-03-27 19:08 - 00000000 ____D () C:\KVRT_Data
2015-03-27 19:05 - 2015-03-27 19:05 - 00000000 ____D () C:\Users\Wendy\Documents\ProcAlyzer Dumps
2015-03-27 00:03 - 2015-04-03 12:43 - 00002145 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-03-27 00:03 - 2015-03-27 00:03 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-03-27 00:02 - 2015-03-27 00:02 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d06818e12cad9c.job
2015-03-27 00:02 - 2015-03-27 00:02 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-03-26 21:27 - 2015-04-02 18:33 - 00000000 ____D () C:\AdwCleaner
2015-03-26 21:25 - 2015-03-26 21:26 - 02168320 _____ () C:\Users\Wendy\Downloads\adwcleaner_4.113.exe
2015-03-25 17:20 - 2015-03-27 03:16 - 00000000 ____D () C:\Users\Wendy\AppData\Local\xozo
2015-03-24 04:36 - 2015-04-03 20:52 - 00691220 _____ () C:\Windows\WindowsUpdate.log
2015-03-24 03:41 - 2015-04-02 01:22 - 00000000 ____D () C:\Windows\pss
2015-03-24 03:39 - 2015-03-24 03:39 - 00126446 _____ () C:\Users\Wendy\Documents\cc_20150324_023858.reg
2015-03-23 15:26 - 2015-03-23 15:27 - 00000000 ____D () C:\ProgramData\Sophos
2015-03-23 15:21 - 2015-03-23 15:22 - 82537128 _____ (Sophos Limited) C:\Users\Wendy\Downloads\Sophos_Virus_Removal_Tool.exe
2015-03-23 14:25 - 2015-03-23 22:43 - 00000000 ____D () C:\Users\Wendy\AppData\Local\ycaj
2015-03-16 14:32 - 2015-03-16 14:32 - 00017426 _____ () C:\Users\Wendy\Downloads\[kickass.to]kendrick.lamar.to.pimp.a.butterfly.2015.mp3.320.kbps.vbuc.torrent
2015-03-16 14:22 - 2015-03-16 14:23 - 00000000 ____D () C:\Users\Wendy\AppData\Roaming\Local Store
2015-03-11 12:26 - 2015-02-20 05:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-03-11 12:26 - 2015-02-20 05:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-03-11 12:26 - 2015-02-20 05:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-03-11 12:26 - 2015-02-20 05:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-03-11 12:26 - 2015-02-20 05:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-03-11 12:26 - 2015-02-20 05:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-03-11 12:26 - 2015-02-20 05:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-03-11 12:26 - 2015-02-20 05:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-03-11 12:26 - 2015-02-20 04:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-03-11 12:26 - 2015-02-20 04:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-03-11 12:26 - 2015-02-03 04:34 - 05554104 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-03-11 12:26 - 2015-02-03 04:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-03-11 12:26 - 2015-02-03 04:16 - 03973048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-03-11 12:26 - 2015-02-03 04:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-03-11 12:26 - 2015-02-03 04:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-03-11 12:26 - 2015-02-03 04:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-03-11 12:26 - 2015-01-17 03:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-03-11 12:26 - 2015-01-17 03:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-03-11 12:25 - 2015-02-03 04:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-03-11 12:25 - 2015-02-03 04:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-03-11 12:25 - 2015-02-03 04:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-03-11 12:25 - 2015-02-03 04:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-03-11 12:25 - 2015-02-03 04:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-03-11 12:25 - 2015-02-03 04:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-03-11 12:25 - 2015-02-03 04:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-03-11 12:25 - 2015-02-03 04:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-03-11 12:25 - 2015-02-03 04:31 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-03-11 12:25 - 2015-02-03 04:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-03-11 12:25 - 2015-02-03 04:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-03-11 12:25 - 2015-02-03 04:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-03-11 12:25 - 2015-02-03 04:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-03-11 12:25 - 2015-02-03 04:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-03-11 12:25 - 2015-02-03 04:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-03-11 12:25 - 2015-02-03 04:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-03-11 12:25 - 2015-02-03 04:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-03-11 12:25 - 2015-02-03 04:31 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-03-11 12:25 - 2015-02-03 04:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-03-11 12:25 - 2015-02-03 04:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-03-11 12:25 - 2015-02-03 04:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-03-11 12:25 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-03-11 12:25 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-03-11 12:25 - 2015-02-03 04:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-03-11 12:25 - 2015-02-03 04:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-03-11 12:25 - 2015-02-03 04:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-03-11 12:25 - 2015-02-03 04:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-03-11 12:25 - 2015-02-03 04:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-03-11 12:25 - 2015-02-03 04:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-03-11 12:25 - 2015-02-03 04:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-03-11 12:25 - 2015-02-03 04:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-03-11 12:25 - 2015-02-03 04:30 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-03-11 12:25 - 2015-02-03 04:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-03-11 12:25 - 2015-02-03 04:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-03-11 12:25 - 2015-02-03 04:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-03-11 12:25 - 2015-02-03 04:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-03-11 12:25 - 2015-02-03 04:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-03-11 12:25 - 2015-02-03 04:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-03-11 12:25 - 2015-02-03 04:30 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-03-11 12:25 - 2015-02-03 04:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-03-11 12:25 - 2015-02-03 04:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-03-11 12:25 - 2015-02-03 04:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-03-11 12:25 - 2015-02-03 04:30 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-03-11 12:25 - 2015-02-03 04:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-03-11 12:25 - 2015-02-03 04:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-03-11 12:25 - 2015-02-03 04:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-03-11 12:25 - 2015-02-03 04:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-03-11 12:25 - 2015-02-03 04:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-03-11 12:25 - 2015-02-03 04:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-03-11 12:25 - 2015-02-03 04:28 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-03-11 12:25 - 2015-02-03 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-03-11 12:25 - 2015-02-03 04:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-03-11 12:25 - 2015-02-03 04:16 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-03-11 12:25 - 2015-02-03 04:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-03-11 12:25 - 2015-02-03 04:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-03-11 12:25 - 2015-02-03 04:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-03-11 12:25 - 2015-02-03 04:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-03-11 12:25 - 2015-02-03 04:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-03-11 12:25 - 2015-02-03 04:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-03-11 12:25 - 2015-02-03 04:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-03-11 12:25 - 2015-02-03 04:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-03-11 12:25 - 2015-02-03 04:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-03-11 12:25 - 2015-02-03 04:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-03-11 12:25 - 2015-02-03 04:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-03-11 12:25 - 2015-02-03 04:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-03-11 12:25 - 2015-02-03 04:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-03-11 12:25 - 2015-02-03 04:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-03-11 12:25 - 2015-02-03 04:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-03-11 12:25 - 2015-02-03 04:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-03-11 12:25 - 2015-02-03 04:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-03-11 12:25 - 2015-02-03 04:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-03-11 12:25 - 2015-02-03 04:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-03-11 12:25 - 2015-02-03 04:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-03-11 12:25 - 2015-02-03 04:12 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-03-11 12:25 - 2015-02-03 04:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-03-11 12:25 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-03-11 12:25 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-03-11 12:25 - 2015-02-03 04:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-03-11 12:25 - 2015-02-03 04:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-03-11 12:25 - 2015-02-03 04:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-03-11 12:25 - 2015-02-03 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-03-11 12:25 - 2015-02-03 04:08 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-03-11 12:25 - 2015-02-03 03:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-03-11 12:25 - 2015-01-31 04:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-03-11 12:25 - 2015-01-31 04:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-03-11 12:25 - 2015-01-31 00:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-03-11 12:25 - 2014-10-31 23:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-03-11 12:24 - 2015-02-13 06:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-03-11 12:24 - 2015-02-13 06:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-03-11 12:24 - 2015-02-03 04:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-03-11 12:24 - 2015-02-03 04:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-03-11 12:23 - 2015-03-06 06:56 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-03-11 12:23 - 2015-03-06 06:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-03-11 12:23 - 2015-03-06 06:42 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-03-11 12:23 - 2015-03-06 06:42 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-03-11 12:23 - 2015-03-06 06:42 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-03-11 12:23 - 2015-03-06 06:42 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-03-11 12:23 - 2015-03-06 06:42 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-03-11 12:23 - 2015-03-06 06:42 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-03-11 12:23 - 2015-03-06 06:42 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-03-11 12:23 - 2015-03-06 06:42 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-03-11 12:23 - 2015-03-06 06:42 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-03-11 12:23 - 2015-03-06 06:42 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-03-11 12:23 - 2015-03-06 06:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-03-11 12:23 - 2015-03-06 06:41 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-03-11 12:23 - 2015-03-06 06:41 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-03-11 12:23 - 2015-03-06 06:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-03-11 12:23 - 2015-03-06 06:38 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-03-11 12:23 - 2015-03-06 06:36 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-03-11 12:23 - 2015-03-06 06:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-03-11 12:23 - 2015-03-06 06:10 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-03-11 12:23 - 2015-03-06 06:10 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-03-11 12:23 - 2015-03-06 06:10 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-03-11 12:23 - 2015-03-06 06:10 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-03-11 12:23 - 2015-03-06 06:10 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-03-11 12:23 - 2015-03-06 06:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-03-11 12:23 - 2015-03-06 06:10 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-03-11 12:23 - 2015-03-06 06:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-03-11 12:23 - 2015-03-06 06:09 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-03-11 12:23 - 2015-03-06 06:07 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-03-11 12:23 - 2015-03-06 06:07 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-03-11 12:23 - 2015-03-06 06:06 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-03-11 12:23 - 2015-02-26 04:25 - 03204096 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-03-11 12:23 - 2015-02-03 04:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-03-11 12:23 - 2015-02-03 04:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-03-11 12:23 - 2015-01-31 00:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-03-11 12:22 - 2015-02-24 04:15 - 00389800 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-03-11 12:22 - 2015-02-24 03:32 - 00342696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-03-11 12:22 - 2015-02-21 02:16 - 25021440 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-03-11 12:22 - 2015-02-21 01:41 - 12827648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-03-11 12:22 - 2015-02-21 01:27 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-03-11 12:22 - 2015-02-21 01:27 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-03-11 12:22 - 2015-02-21 01:25 - 19720192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-03-11 12:22 - 2015-02-21 00:58 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-03-11 12:22 - 2015-02-21 00:32 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-03-11 12:22 - 2015-02-20 04:06 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-03-11 12:22 - 2015-02-20 04:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-03-11 12:22 - 2015-02-20 03:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-03-11 12:22 - 2015-02-20 03:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-03-11 12:22 - 2015-02-20 03:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-03-11 12:22 - 2015-02-20 03:48 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-03-11 12:22 - 2015-02-20 03:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-03-11 12:22 - 2015-02-20 03:41 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-03-11 12:22 - 2015-02-20 03:40 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-03-11 12:22 - 2015-02-20 03:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-03-11 12:22 - 2015-02-20 03:35 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-03-11 12:22 - 2015-02-20 03:35 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-03-11 12:22 - 2015-02-20 03:34 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-03-11 12:22 - 2015-02-20 03:32 - 06035456 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-03-11 12:22 - 2015-02-20 03:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-03-11 12:22 - 2015-02-20 03:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-03-11 12:22 - 2015-02-20 03:22 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-03-11 12:22 - 2015-02-20 03:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-03-11 12:22 - 2015-02-20 03:09 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-03-11 12:22 - 2015-02-20 03:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-03-11 12:22 - 2015-02-20 03:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-03-11 12:22 - 2015-02-20 03:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-03-11 12:22 - 2015-02-20 03:06 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-03-11 12:22 - 2015-02-20 03:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-03-11 12:22 - 2015-02-20 03:03 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-03-11 12:22 - 2015-02-20 03:01 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-03-11 12:22 - 2015-02-20 03:00 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-03-11 12:22 - 2015-02-20 02:58 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-03-11 12:22 - 2015-02-20 02:56 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-03-11 12:22 - 2015-02-20 02:56 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-03-11 12:22 - 2015-02-20 02:49 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-03-11 12:22 - 2015-02-20 02:49 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-03-11 12:22 - 2015-02-20 02:47 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-03-11 12:22 - 2015-02-20 02:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-03-11 12:22 - 2015-02-20 02:43 - 14398976 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-03-11 12:22 - 2015-02-20 02:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-03-11 12:22 - 2015-02-20 02:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-03-11 12:22 - 2015-02-20 02:30 - 04300288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-03-11 12:22 - 2015-02-20 02:28 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-03-11 12:22 - 2015-02-20 02:24 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-03-11 12:22 - 2015-02-20 02:24 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-03-11 12:22 - 2015-02-20 02:23 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-03-11 12:22 - 2015-02-20 02:16 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-03-11 12:22 - 2015-02-20 02:03 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-03-11 12:22 - 2015-02-20 02:01 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-03-11 12:22 - 2015-02-20 01:57 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-03-11 12:22 - 2015-02-20 01:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-03-11 12:21 - 2015-02-04 04:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-03-11 12:21 - 2015-02-04 03:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-03-05 15:15 - 2015-03-05 15:15 - 00129536 _____ () C:\Users\Wendy\Downloads\Floor-Layout11x17.vst
2015-03-05 15:09 - 2015-03-05 15:09 - 00000000 ____D () C:\Users\Wendy\Downloads\EVS_Shapes2015
2015-03-05 15:08 - 2015-03-05 15:08 - 05594604 _____ () C:\Users\Wendy\Downloads\EVS_Shapes2015.zip
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-04-03 20:10 - 2014-06-14 20:23 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-03 19:27 - 2009-07-14 05:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-03 19:27 - 2009-07-14 05:45 - 00022464 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-03 19:25 - 2009-07-14 06:13 - 00890440 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-03 19:20 - 2014-06-13 17:27 - 00000071 _____ () C:\Windows\SysWOW64\ToasterLauncherLog.log
2015-04-03 19:20 - 2014-06-13 17:25 - 00000000 ____D () C:\Users\Wendy\AppData\Local\SoftThinks
2015-04-03 19:20 - 2010-01-17 05:53 - 00000000 ____D () C:\Program Files (x86)\Dell DataSafe Local Backup
2015-04-03 19:18 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-03 18:47 - 2014-06-13 18:55 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-04-03 12:31 - 2015-03-03 14:22 - 00000000 ____D () C:\Users\Wendy\AppData\Local\Obvics
2015-04-03 12:31 - 2015-03-03 14:21 - 00000000 ____D () C:\Users\Wendy\AppData\Local\Unfdmedia
2015-04-02 19:36 - 2014-06-14 19:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-04-02 19:36 - 2014-06-14 19:47 - 00000000 ____D () C:\Program Files\CCleaner
2015-04-02 17:52 - 2014-06-14 19:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
2015-04-02 17:47 - 2010-01-17 05:48 - 00000000 ____D () C:\Program Files (x86)\WildTangent
2015-04-02 17:47 - 2009-07-14 06:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-04-02 17:44 - 2010-01-17 05:48 - 00000000 ____D () C:\ProgramData\WildTangent
2015-04-02 17:26 - 2015-03-02 15:08 - 00000000 ____D () C:\Users\Wendy\Downloads\Microsoft Visio Professional 2013 SP1 (32Bit Windows) English Version
2015-04-02 17:26 - 2014-06-14 18:54 - 00000000 ____D () C:\Users\Wendy\Documents\KEIRANS STUFF
2015-04-02 14:04 - 2014-06-13 18:55 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-04-02 14:04 - 2014-06-13 18:55 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-04-02 14:04 - 2014-06-13 18:55 - 00271200 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-04-02 14:04 - 2014-06-13 18:55 - 00136752 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-04-02 14:04 - 2014-06-13 18:55 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-04-02 14:04 - 2014-06-13 18:55 - 00088408 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-04-02 14:04 - 2014-06-13 18:55 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-04-02 14:04 - 2014-06-13 18:55 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-04-01 13:41 - 2014-06-14 19:49 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-04-01 12:55 - 2014-06-14 18:50 - 00000000 ____D () C:\Users\Wendy\Documents\KC UNI WORK
2015-04-01 02:30 - 2015-03-03 16:05 - 00000000 ____D () C:\Users\Wendy\Downloads\TEU_OFFICE_2010_SP1
2015-03-27 00:03 - 2014-06-13 18:31 - 00000000 ____D () C:\Users\Wendy\AppData\Local\Google
2015-03-27 00:03 - 2014-06-13 18:31 - 00000000 ____D () C:\Program Files (x86)\Google
2015-03-27 00:02 - 2014-06-13 18:05 - 00000000 ____D () C:\Users\Wendy\AppData\Local\Deployment
2015-03-24 03:36 - 2015-03-02 14:49 - 00000000 ____D () C:\Users\Wendy\AppData\Roaming\DAEMON Tools Lite
2015-03-24 03:36 - 2015-02-09 15:14 - 00000000 ____D () C:\Users\Wendy\AppData\Roaming\uTorrent
2015-03-23 15:59 - 2014-06-14 19:49 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-03-12 13:01 - 2009-07-14 06:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2015-03-12 06:55 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-03-12 06:03 - 2009-07-14 05:45 - 00332200 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-12 05:59 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-03-12 05:59 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-03-12 05:40 - 2010-01-17 05:45 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-03-12 05:16 - 2015-03-03 14:36 - 00000039 _____ () C:\Windows\vbaddin.ini
2015-03-12 04:39 - 2014-06-13 20:10 - 00000000 ____D () C:\Windows\system32\MRT
2015-03-11 18:48 - 2014-06-13 20:10 - 122905856 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-09 13:25 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\Resources
2015-03-04 20:15 - 2014-06-14 20:23 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-03-04 20:15 - 2014-06-14 20:23 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-03-04 20:15 - 2014-06-14 20:23 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-03-04 18:34 - 2014-06-19 17:55 - 00000000 ____D () C:\ProgramData\CanonIJPLM
 
==================== Files in the root of some directories =======
 
2015-02-27 00:22 - 2015-02-27 00:22 - 0000780 _____ () C:\Users\Wendy\AppData\Local\recently-used.xbel
2014-10-20 20:08 - 2014-10-20 20:08 - 0000000 _____ () C:\Users\Wendy\AppData\Local\{CC6C43C8-8320-4FF8-A260-89FC5D98842A}
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-03-25 01:51
 
==================== End Of Log ============================


ADDITION LOG:

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-03-2015
Ran by Wendy at 2015-04-03 20:59:20
Running from C:\Users\Wendy\Desktop\Security & Antivirus
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
 
==================== Installed Programs ======================
 
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-3466866309-563164021-1857629891-1000\...\uTorrent) (Version: 3.4.2.38913 - BitTorrent Inc.)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe Flash Player 16 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.305 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.2.152 - Adobe Systems, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.2.2215 - AVAST Software)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.4.1.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version:  - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.3.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.1.0 - Canon Inc.)
Canon MG3500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3500_series) (Version: 1.01 - Canon Inc.)
Canon MG3500 series On-screen Manual (HKLM-x32\...\Canon MG3500 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon MG3500 series User Registration (HKLM-x32\...\Canon MG3500 series User Registration) (Version:  - ‭Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.1.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.1.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.2.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.3.0 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.04 - Piriform)
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 5.0.1.0406 - Disc Soft Ltd)
Dell DataSafe Local Backup - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 2.31 - Dell)
Dell DataSafe Local Backup (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 9.3.44 - Dell)
Dell DataSafe Online (HKLM-x32\...\{13766F76-6C8C-4E57-A9F3-3212D1C6E0D1}) (Version: 1.1.0031 - Dell, Inc.)
Dell Dock (HKLM\...\{E60B7350-EA5F-41E0-9D6F-E508781E36D2}) (Version: 2.0.0 - Dell)
Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Support Center (Support Software) (HKLM-x32\...\{E3BFEE55-39E2-4BE0-B966-89FE583822C1}) (Version: 2.5.09100 - Dell)
Dell System Detect (HKU\S-1-5-21-3466866309-563164021-1857629891-1000\...\9204f5692a8faf3b) (Version: 5.8.1.1 - Dell)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1107.115.102 - ALPS ELECTRIC CO., LTD.)
Dell Wireless 1515 Driver Installation (HKLM-x32\...\{451517F1-7E41-400B-AA36-FB7E2563526D}) (Version: 7.0 - Dell)
doPDF (Version: 8.1.920 - Softland) Hidden
doPDF 8 (HKLM-x32\...\{7ced5c6b-4b09-4bd7-8707-b3cce8eead22}) (Version: 8.1.920 - Softland)
Driver Booster 2.2 (HKLM-x32\...\Driver Booster_is1) (Version: 2.2 - IObit)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 41.0.2272.118 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6272.0 - IDT)
Inkscape 0.91 (HKLM\...\{81922150-317E-4BB0-A31D-FF1C14F707C5}) (Version: 0.91 - inkscape.org)
Intel® Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden
Intel® Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1029 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Java 7 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417060FF}) (Version: 7.0.600 - Oracle)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
Junk Mail filter update (x32 Version: 14.0.8089.726 - Microsoft Corporation) Hidden
Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
Marvell Miniport Driver (HKLM-x32\...\Marvell Miniport Driver) (Version: 11.10.5.3 - Marvell)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version:  - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Sync Framework Runtime Native v1.0 (x86) (HKLM-x32\...\{8A74E887-8F0F-4017-AF53-CBA42211AAA5}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Sync Framework Services Native v1.0 (x86) (HKLM-x32\...\{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}) (Version: 1.0.1215.0 - Microsoft Corporation)
Microsoft Visio Premium 2010 (HKLM-x32\...\Office14.VISIO) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visio Premium 2010 (HKLM-x32\...\Office14.VISIOR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
novaPDF 8 add-in for Microsoft Office (x64) (HKLM\...\{17BD99A4-9C11-47D4-91AF-8814DD3FFCC2}) (Version: 8.1.920 - Softland)
novaPDF 8 add-in for Microsoft Office (x86) (HKLM-x32\...\{B6E0BB99-B532-4EC1-9D84-ACC8CED590B3}) (Version: 8.1.920 - Softland)
novaPDF 8 Printer Driver (HKLM\...\{3A1637B5-233D-47B1-B89F-EBF718C04CFD}) (Version: 8.1.920 - Softland)
PowerDVD DX (HKLM-x32\...\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}) (Version: 8.3.5424 - CyberLink Corp.)
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 9.6.6 - Dell Inc.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0057-0000-0000-0000000FF1CE}_Office14.VISIO_{359ADBEC-068A-4CC9-9174-77AB8EDB867A}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{359ADBEC-068A-4CC9-9174-77AB8EDB867A}) (Version:  - Microsoft)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.3.39 - Safer-Networking Ltd.)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1186 - SUPERAntiSpyware.com)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
TurboCAD Professional 19 64-bit (HKLM\...\{C0C6CC1E-F2E1-4E75-A316-9E590987B4D1}) (Version: 19.1.323 - IMSIDesign)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version:  - Microsoft)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite_Wave3) (Version: 14.0.8089.0726 - Microsoft Corporation)
Windows Live Sign-in Assistant (HKLM-x32\...\{45338B07-A236-4270-9A77-EBB4115517B5}) (Version: 5.000.818.5 - Microsoft Corporation)
Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)
Windows Live Upload Tool (HKLM-x32\...\{205C6BDD-7B73-42DE-8505-9A093F35A238}) (Version: 14.0.8014.1029 - Microsoft Corporation)
 
==================== Custom CLSID (selected items): ==========================
 
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
 
CustomCLSID: HKU\S-1-5-21-3466866309-563164021-1857629891-1000_Classes\CLSID\{056ADF40-C1D0-4CEB-94D2-4B82CB2C25F4}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP19\Program\Ties\SolidBodyTie.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3466866309-563164021-1857629891-1000_Classes\CLSID\{130E8ABC-A163-43b5-B9E5-A31C1B1CB7B4}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP19\Program\Draggers\BPMngr.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3466866309-563164021-1857629891-1000_Classes\CLSID\{15544F60-D775-4962-BEB4-E580346B1591}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP19\Program\Ties\ScetchTie.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3466866309-563164021-1857629891-1000_Classes\CLSID\{2017F29F-68F4-11D5-B9BF-00C0DF0625A5}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP19\Program\Draggers\SpiralTool.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3466866309-563164021-1857629891-1000_Classes\CLSID\{28696026-B7E6-11D0-9B3B-444553540000}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP19\Program\Filters\Jpeg.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3466866309-563164021-1857629891-1000_Classes\CLSID\{28A80F2D-0869-4E55-B0B3-0E44E64DC4C6}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP19\Program\Draggers\ExtRefManager.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3466866309-563164021-1857629891-1000_Classes\CLSID\{2C10CA50-05D0-11D2-8697-0000B46B691D}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP19\Program\Ties\ObjectTie.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3466866309-563164021-1857629891-1000_Classes\CLSID\{2F015029-FB7C-11D1-B8AC-000021452DB6}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP19\Program\Draggers\InsSmObj.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3466866309-563164021-1857629891-1000_Classes\CLSID\{45232FA2-65A2-11D2-8C4A-00403338C504}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP19\Program\Regens\RRectA.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3466866309-563164021-1857629891-1000_Classes\CLSID\{49E39851-1FC0-11D2-8698-0000B46B691D}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP19\Program\Ties\SmartHatch.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3466866309-563164021-1857629891-1000_Classes\CLSID\{554EDBD6-7585-40C5-9713-180E76DAC4FC}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP19\Program\Regens\TCImage.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3466866309-563164021-1857629891-1000_Classes\CLSID\{5B60CCED-F564-43BA-802B-01183FAA0A84}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP19\Program\Draggers\TCImageTool.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3466866309-563164021-1857629891-1000_Classes\CLSID\{6A3A61A2-D373-4B31-8164-263601C79016}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP19\Program\Draggers\TCRougness.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3466866309-563164021-1857629891-1000_Classes\CLSID\{6A481001-E531-11CF-A115-00A024158DAF}\localserver32 -> C:\Program Files\IMSIDesign\TCWP19\Program\tcw19.exe (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3466866309-563164021-1857629891-1000_Classes\CLSID\{6A481002-E531-11CF-A115-00A024158DAF}\localserver32 -> C:\Program Files\IMSIDesign\TCWP19\Program\tcw19.exe (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3466866309-563164021-1857629891-1000_Classes\CLSID\{6A481003-E531-11CF-A115-00A024158DAF}\localserver32 -> C:\Program Files\IMSIDesign\TCWP19\Program\tcw19.exe (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3466866309-563164021-1857629891-1000_Classes\CLSID\{6A481004-E531-11CF-A115-00A024158DAF}\localserver32 -> C:\Program Files\IMSIDesign\TCWP19\Program\tcw19.exe (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3466866309-563164021-1857629891-1000_Classes\CLSID\{6A481005-E531-11CF-A115-00A024158DAF}\localserver32 -> C:\Program Files\IMSIDesign\TCWP19\Program\tcw19.exe (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3466866309-563164021-1857629891-1000_Classes\CLSID\{6A481100-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP19\Program\ImsigxPS19.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3466866309-563164021-1857629891-1000_Classes\CLSID\{6A481801-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP19\Program\IMSIGX19.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3466866309-563164021-1857629891-1000_Classes\CLSID\{6A481802-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP19\Program\IMSIGX19.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3466866309-563164021-1857629891-1000_Classes\CLSID\{6A481803-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP19\Program\IMSIGX19.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3466866309-563164021-1857629891-1000_Classes\CLSID\{6A481804-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP19\Program\IMSIGX19.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3466866309-563164021-1857629891-1000_Classes\CLSID\{6A481805-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP19\Program\IMSIGX19.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3466866309-563164021-1857629891-1000_Classes\CLSID\{6A482001-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP19\Program\imsigxext\gxext19.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3466866309-563164021-1857629891-1000_Classes\CLSID\{6A482002-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP19\Program\imsigxext\gxext19.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3466866309-563164021-1857629891-1000_Classes\CLSID\{6A482003-E531-11CF-A115-00A024158DAF}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP19\Program\imsigxext\gxext19.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3466866309-563164021-1857629891-1000_Classes\CLSID\{6E1099B5-A2D4-11D5-BA2B-00C0DF0625A5}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP19\Program\Draggers\RevisionCloud.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3466866309-563164021-1857629891-1000_Classes\CLSID\{71E21C97-83FB-4242-8997-A52627FFEFF9}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP19\Program\Draggers\TCWeldSm.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3466866309-563164021-1857629891-1000_Classes\CLSID\{7657D07B-63D1-480B-B9E5-839E458E659E}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP19\Program\Ties\DimensionTie.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3466866309-563164021-1857629891-1000_Classes\CLSID\{7724BB36-B671-11D0-9B3B-444553540000}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP19\Program\Regens\Rrect.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3466866309-563164021-1857629891-1000_Classes\CLSID\{7724BB46-B671-11D0-9B3B-444553540000}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP19\Program\Regens\MfcSplin.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3466866309-563164021-1857629891-1000_Classes\CLSID\{8188189D-6F33-48f2-B54B-936205216521}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP19\Program\Ties\DCMMarkTie.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3466866309-563164021-1857629891-1000_Classes\CLSID\{90E611F0-DE07-11D2-ABC3-0000B46B691D}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP19\Program\Ties\ViewportTie.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3466866309-563164021-1857629891-1000_Classes\CLSID\{AFF6A5F1-41F6-4979-9D44-F1232D471F39}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP19\Program\TcTools\DOCCompareLaunchTool.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3466866309-563164021-1857629891-1000_Classes\CLSID\{BDA1344C-D91F-4557-BBB1-59C5B1AD1645}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP19\Program\Draggers\TCPssWiz.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3466866309-563164021-1857629891-1000_Classes\CLSID\{BF0BBC85-A311-11D3-A82D-00C0DF246524}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP19\Program\TcTools\PalTool.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3466866309-563164021-1857629891-1000_Classes\CLSID\{C9ACD2AA-AB9F-40DE-AFBE-1350D6BCB291}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP19\Program\Draggers\TCTrnTools.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3466866309-563164021-1857629891-1000_Classes\CLSID\{D732323E-7207-465d-9924-BCBAFE352435}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP19\Program\Ties\CompoundProfileTie.dll (IMSIDesign, LLC)
CustomCLSID: HKU\S-1-5-21-3466866309-563164021-1857629891-1000_Classes\CLSID\{EFFDB231-8367-11D2-82F5-006052012837}\InprocServer32 -> C:\Program Files\IMSIDesign\TCWP19\Program\Draggers\InsTool.dll (IMSIDesign, LLC)
 
==================== Restore Points  =========================
 
02-04-2015 01:26:53 Removed Sophos Virus Removal Tool.
02-04-2015 01:28:13 Removed Sophos Virus Removal Tool.
02-04-2015 01:50:19 Installing COMODO Firewall
02-04-2015 01:53:51 Device Driver Package Install: COMODO Network Service
02-04-2015 14:02:41 avast! antivirus system restore point
02-04-2015 17:16:42 Revo Uninstaller's restore point - Malwarebytes Anti-Malware version 2.1.4.1018
02-04-2015 17:20:35 Revo Uninstaller's restore point - Chromodo
02-04-2015 17:32:02 Removing COMODO Firewall
02-04-2015 17:39:25 Revo Uninstaller's restore point - Spybot - Search & Destroy
02-04-2015 17:42:49 Revo Uninstaller's restore point - WildTangent Games
03-04-2015 19:32:13 Removed GeekBuddy.
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-14 03:34 - 2015-04-02 17:42 - 00451438 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
89.163.213.141 www.google-analytics.com.
89.163.213.141 google-analytics.com.
89.163.213.141 connect.facebook.net.
162.247.13.77 www.google-analytics.com.
162.247.13.77 google-analytics.com.
162.247.13.77 connect.facebook.net.
85.25.107.102 www.google-analytics.com.
85.25.107.102 google-analytics.com.
85.25.107.102 connect.facebook.net.
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
 
There are 1000 more lines.
 
 
==================== Scheduled Tasks (whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
 
Task: {156479B2-66C8-470C-93F1-9F5B479C5EBC} - System32\Tasks\Driver Booster Update => C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe [2015-02-05] (IObit)
Task: {1BAE4023-9A4A-4C48-8936-BB5C78367F0E} - System32\Tasks\doPDF Update => C:\Program Files\Softland\novaPDF 8\Driver\UpdateApplication.exe [2014-11-21] ()
Task: {33D7E915-1453-4DF8-8019-19D3C5BEC4BA} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-03-13] (Piriform Ltd)
Task: {405DB347-F73F-4237-B0E9-257D80BEDD43} - System32\Tasks\{0BDD336B-3203-460F-BD2A-0C5B4885988F} => pcalua.exe -a "C:\Users\Wendy\Downloads\Win_seven64_Intel® Graphics Media Accelerator Driver 15.17.15.64.2281.exe" -d C:\Users\Wendy\Downloads
Task: {4F4AC3B2-E9E1-4E7A-BC12-CC5A3A5897B2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-27] (Google Inc.)
Task: {6B760229-942A-4C09-ACB2-646A96E088FC} - System32\Tasks\Driver Booster SkipUAC (Wendy) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe [2015-03-20] (IObit)
Task: {73662A0E-515F-46E2-B801-E3A38A910466} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-03-04] (Adobe Systems Incorporated)
Task: {9EE78EE3-D1BD-434A-B371-322C076597B2} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {BA8F59B7-BD67-42D2-82DB-50FAD2FF8103} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {C8B4925D-1541-4378-90AF-86B9295BEA9F} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-04-02] (Avast Software s.r.o.)
Task: {CA7A6651-DC87-4250-98AC-534AD84C3955} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {D57330AE-F22A-448A-8F92-4B7FCB11A4A5} - System32\Tasks\Driver Booster Scan => C:\Program Files (x86)\IObit\Driver Booster\Scheduler.exe [2015-02-13] (IObit)
Task: {E974750A-39F0-46A0-9F1F-164B0ACE7FF7} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {ECE8102A-C04D-4B95-805F-AE5983F80BC8} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore1d06818e12cad9c.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (whitelisted) ==============
 
2014-06-19 17:55 - 2013-05-14 18:50 - 00140936 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2014-11-21 21:06 - 2014-11-21 21:06 - 00137368 _____ () C:\Program Files\Softland\novaPDF 8\Server\AgileDotNetRT64.dll
2014-11-21 21:06 - 2014-11-21 21:06 - 00032032 _____ () C:\Program Files\Softland\novaPDF 8\Server\CryptUtil.dll
2014-11-21 21:06 - 2014-11-21 21:06 - 00026912 _____ () C:\Program Files\Softland\novaPDF 8\Server\WAFServicePlugin.dll
2010-01-17 05:54 - 2009-09-17 20:06 - 00410864 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\STService.exe
2015-04-02 14:04 - 2015-04-02 14:04 - 00104400 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-04-02 14:04 - 2015-04-02 14:04 - 00081728 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-04-03 19:19 - 2015-04-03 19:19 - 02923520 _____ () C:\Program Files\AVAST Software\Avast\defs\15040303\algo.dll
2014-06-14 19:49 - 2014-04-25 14:11 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-06-14 19:49 - 2014-04-25 14:11 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-06-14 19:49 - 2014-04-25 14:11 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-06-14 19:49 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2010-01-17 05:53 - 2009-09-17 20:04 - 00115952 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\PSTVdsDisk.dll
2010-01-17 05:53 - 2009-09-17 20:05 - 00128240 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STLog.dll
2010-01-17 05:53 - 2009-09-17 20:04 - 01123568 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\LibXml2.dll
2010-01-17 05:53 - 2009-09-17 20:05 - 00079088 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\zlib1.dll
2010-01-17 05:53 - 2009-09-17 20:05 - 00234736 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STFiles.dll
2010-01-17 05:53 - 2009-09-17 20:05 - 00074992 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STRegistry.dll
2010-01-17 05:53 - 2009-09-17 20:05 - 00111856 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STPE.dll
2010-01-17 05:53 - 2009-09-17 20:05 - 00121072 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STNLS.dll
2010-01-17 05:53 - 2009-09-17 20:05 - 00025840 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\SftBRCC.dll
2010-01-17 05:53 - 2009-09-17 20:05 - 00025840 _____ () C:\program files (x86)\Dell DataSafe Local Backup\SftBRCCPiped.dll
2010-01-17 05:53 - 2009-09-17 20:05 - 00025840 _____ () C:\Program Files (x86)\Dell DataSafe Local Backup\STBRCCServCLR.dll
2015-04-02 14:04 - 2015-04-02 14:04 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-04-03 12:38 - 2015-03-30 22:07 - 01174856 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libglesv2.dll
2015-04-03 12:36 - 2015-03-30 22:07 - 00080200 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\libegl.dll
2015-04-03 12:40 - 2015-03-30 22:07 - 09279304 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\pdf.dll
2015-04-03 12:42 - 2015-03-30 22:07 - 14974280 _____ () C:\Program Files (x86)\Google\Chrome\Application\41.0.2272.118\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
 
AlternateDataStreams: C:\Windows\avastSS.scr:$CmdTcID
AlternateDataStreams: C:\Users\Wendy\Downloads\CHECK LIST FOR SPLIT CONTRACTS (1).eml:OECustomProperty
AlternateDataStreams: C:\Users\Wendy\Downloads\CHECK LIST FOR SPLIT CONTRACTS (2).eml:OECustomProperty
AlternateDataStreams: C:\Users\Wendy\Downloads\CHECK LIST FOR SPLIT CONTRACTS.eml:OECustomProperty
AlternateDataStreams: C:\Users\Wendy\Downloads\FW YOUR HOLIDAY AT ESTUARY COTTAGE – Confirmation of Booking.eml:OECustomProperty
AlternateDataStreams: C:\Users\Wendy\Downloads\mbam-rules-2015.03.26.zip:$CmdZnID
AlternateDataStreams: C:\Users\Wendy\Downloads\Returns not being picked up. (1).eml:OECustomProperty
AlternateDataStreams: C:\Users\Wendy\Downloads\Returns not being picked up..eml:OECustomProperty
AlternateDataStreams: C:\Users\Wendy\Downloads\revosetup.exe:$CmdTcID
AlternateDataStreams: C:\Users\Wendy\Downloads\revosetup.exe:$CmdZnID
AlternateDataStreams: C:\Users\Wendy\Downloads\rkill (1).exe:$CmdTcID
AlternateDataStreams: C:\Users\Wendy\Downloads\rkill (1).exe:$CmdZnID
AlternateDataStreams: C:\Users\Wendy\Downloads\vpsupd.exe:$CmdTcID
AlternateDataStreams: C:\Users\Wendy\Downloads\vpsupd.exe:$CmdZnID
 
==================== Safe Mode (whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcmscsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MpfService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
 
==================== EXE Association (whitelisted) ===============
 
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3466866309-563164021-1857629891-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Wendy\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\startupfolder: C:^Users^Wendy^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dell Dock.lnk => C:\Windows\pss\Dell Dock.lnk.Startup
MSCONFIG\startupreg: CanonQuickMenu => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
MSCONFIG\startupreg: Dell DataSafe Online => "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3466866309-563164021-1857629891-500 - Administrator - Disabled)
Guest (S-1-5-21-3466866309-563164021-1857629891-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3466866309-563164021-1857629891-1002 - Limited - Enabled)
Wendy (S-1-5-21-3466866309-563164021-1857629891-1000 - Administrator - Enabled) => C:\Users\Wendy
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (04/03/2015 08:54:02 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (04/03/2015 07:37:55 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (04/03/2015 07:37:52 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error: (04/03/2015 07:16:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program FRST64.exe version 11.3.2015.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
 
Process ID: 5dc
 
Start Time: 01d06e3a13dda9a9
 
Termination Time: 6
 
Application Path: C:\Users\Wendy\Desktop\frst\FRST64.exe
 
Report Id:
 
Error: (04/03/2015 05:12:11 PM) (Source: PerfNet) (EventID: 2002) (User: )
Description: 
 
Error: (04/03/2015 05:12:11 PM) (Source: PerfNet) (EventID: 2004) (User: )
Description: 
 
Error: (04/03/2015 01:35:12 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"1".Error in manifest or policy file "WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"2" on line WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition is WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".
Please use sxstrace.exe for detailed diagnosis.
 
 
System errors:
=============
Error: (04/03/2015 07:17:48 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Virtual Disk service depends on the Plug and Play service which failed to start because of the following error: 
%%1115
 
Error: (04/03/2015 07:17:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Plug and Play service failed to start due to the following error: 
%%1115
 
Error: (04/03/2015 07:17:48 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Spybot-S&D 2 Security Center Service service depends on the Security Center service which failed to start because of the following error: 
%%1062
 
Error: (04/03/2015 07:17:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Print Spooler service failed to start due to the following error: 
%%1069
 
Error: (04/03/2015 07:17:48 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The Spooler service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: 
%%50
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (04/03/2015 07:17:19 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
%%1056
 
Error: (04/03/2015 07:16:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The SupportSoft Sprocket Service (DellSupportCenter) service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (04/03/2015 07:16:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (04/03/2015 07:16:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Matrix Storage Event Monitor service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (04/03/2015 07:16:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Spybot-S&D 2 Scanner Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
 
 
Microsoft Office Sessions:
=========================
 
==================== Memory info =========================== 
 
Processor: Celeron® Dual-Core CPU T3000 @ 1.80GHz
Percentage of memory in use: 64%
Total physical RAM: 3032.36 MB
Available physical RAM: 1080.59 MB
Total Pagefile: 6062.91 MB
Available Pagefile: 3863.96 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:283.4 GB) (Free:146.62 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 298.1 GB) (Disk ID: 983F7C98)
Partition 1: (Not Active) - (Size=39 MB) - (Type=DE)
Partition 2: (Active) - (Size=14.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=283.4 GB) - (Type=07 NTFS)
 
==================== End Of Log ============================


#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:44 PM

Posted 03 April 2015 - 03:14 PM

Please make sure that the fixlist is correct - the first one wasn't.


Step 1

frst.pngfrstfix.png

Press thew7.png + R on your keyboard at the same time. Type notepad and click OK.
  • Copy the entire content of the codebox below and paste into the notepad document:
    ShellIconOverlayIdentifiers: [0WinSecurityProvider] -> {F76FA5C2-3B6A-451E-8CA5-34C8D0AE0637} =>  No File
    2015-04-03 12:31 - 2015-03-03 14:22 - 00000000 ____D () C:\Users\Wendy\AppData\Local\Obvics
    2015-04-03 12:31 - 2015-03-03 14:21 - 00000000 ____D () C:\Users\Wendy\AppData\Local\Unfdmedia
    C:\ProgramData\Microsoft\Security\
    EmptyTemp:
    
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please post it to your reply.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 KCMCR

KCMCR
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 03 April 2015 - 03:24 PM

You're quick on the draw Jurgen!

Here is the Fixlog after the correct fix was applied:
 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 11-03-2015
Ran by Wendy at 2015-04-03 21:18:24 Run:3
Running from C:\Users\Wendy\Desktop\Security & Antivirus
Loaded Profiles: Wendy (Available profiles: Wendy)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
ShellIconOverlayIdentifiers: [0WinSecurityProvider] -> {F76FA5C2-3B6A-451E-8CA5-34C8D0AE0637} =>  No File
2015-04-03 12:31 - 2015-03-03 14:22 - 00000000 ____D () C:\Users\Wendy\AppData\Local\Obvics
2015-04-03 12:31 - 2015-03-03 14:21 - 00000000 ____D () C:\Users\Wendy\AppData\Local\Unfdmedia
C:\ProgramData\Microsoft\Security\
EmptyTemp:
*****************
 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\0WinSecurityProvider" => Key deleted successfully.
HKCR\CLSID\{F76FA5C2-3B6A-451E-8CA5-34C8D0AE0637} => Key not found. 
C:\Users\Wendy\AppData\Local\Obvics => Moved successfully.
C:\Users\Wendy\AppData\Local\Unfdmedia => Moved successfully.
C:\ProgramData\Microsoft\Security => Moved successfully.
EmptyTemp: => Removed 92.9 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 21:18:33 ====


#10 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:44 PM

Posted 03 April 2015 - 03:32 PM

:thumbup2:

warning.gif Malware Warning

If your computer was used for online banking, has credit card information or other sensitive data, you should change all account information (including those used for banking, Email, eBay, Paypal, online forums, etc).


That's it! abklatsch.gif
Your logs look clean to me at the moment. :thumbup2:
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody.
If you want to support me fighting against malware or appreciate the assistance you received, then you can consider a donation: btn_donate_SM.gif
Thank you!


Clean Upcleanupm.PNG

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:

  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download delfix.pngDelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.

Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefore it's very important to always keep your software up-to-date.
The following software is outdated. Make sure you remove all old versions and install the current one instead if you need the program:

 

Adobe Flash Player 16 ActiveX
Adobe Flash Player 16 NPAPI
Java 7 Update 60 (64-bit)
Java 7 Update 65

 

Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.


Edited by deeprybka, 03 April 2015 - 03:32 PM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#11 KCMCR

KCMCR
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:05:44 PM

Posted 03 April 2015 - 03:51 PM

Thankyou Jurgen, you are a life saver! :)



#12 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:44 PM

Posted 04 April 2015 - 03:11 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users