Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 7.. Sony Vaio.. Randomly Zooming in and out & Clicking things


  • This topic is locked This topic is locked
12 replies to this topic

#1 MistyC

MistyC

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Riceboro, GA
  • Local time:04:56 PM

Posted 20 April 2015 - 04:19 PM

ok I was sent over here by "Am I infected" Here is the link to my thread...
 
http://www.bleepingcomputer.com/forums/t/573722/random-clicking-zooming-and-moving/#entry3685955
 
My computer will randomly click things.. zooms in and out by itself. I do not have to be touching anything and it will do it. I have turned off my touch pad and can unplug the mouse. it still does it... 
Thank you in advance for your help!
 
My PC is currently backing up using Cobian.
 
I am attaching my logs from Farbar
 
Thanks

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-04-2015
Ran by ST0114 (administrator) on MOMMA on 20-04-2015 17:13:41
Running from C:\Users\ST0114\Downloads
Loaded Profiles: ST0114 (Available profiles: ST0114 & Mcx1-MOMMA)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\Apoint.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Logitech, Inc.) C:\Program Files\Logitech\FlowScroll\KhalScroll.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Logitech, Inc.) C:\Program Files\Common Files\Logishrd\KHAL3\KHALMNPR.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
(RealNetworks, Inc.) C:\Program Files (x86)\real\realplayer\RPDS\Bin64\rpsystray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Sony Corporation) C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
(Google Inc.) C:\Users\ST0114\AppData\Local\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Google Inc.) C:\Users\ST0114\AppData\Local\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe
(Nero AG) C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
(PasswordBox, Inc.) C:\Program Files (x86)\PasswordBox\pbbtnService.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
(RealNetworks, Inc.) C:\Program Files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Sony Corporation) C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApMsgFwd.exe
(Alps Electric Co., Ltd.) C:\Program Files\Apoint\ApntEx.exe
(ALPS) C:\Program Files\Apoint\Apvfb.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VAIOUpdt.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Update\VUAgent.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files\Sony\VAIO Care\VCPerfService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCSystemTray.exe
() C:\Program Files\Sony\VAIO Care\listener.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCService.exe
(Sony Corporation) C:\Program Files\Sony\VAIO Care\VCAgent.exe
(Sony Corporation) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
(Google Inc.) C:\Users\ST0114\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\ST0114\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\ST0114\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\ST0114\AppData\Local\Google\Chrome\Application\chrome.exe
(CobianSoft, Luis Cobian) C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\Cobian.exe
(Luis Cobian, CobianSoft) C:\Program Files (x86)\Cobian Backup 11\cbInterface.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Sony Corporation) C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
(Sony Corporation) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Apoint] => C:\Program Files\Apoint\Apoint.exe [226672 2011-02-16] (Alps Electric Co., Ltd.)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2011-01-05] (Intel® Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [LogiScrollApp] => C:\Program Files\Logitech\FlowScroll\KhalScroll.exe [166680 2012-02-08] (Logitech, Inc.)
HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM\...\Run: [Zemana AntiMalware] => C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [11800944 2015-04-08] (Zemana Ltd.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2010-09-13] (Intel Corporation)
HKLM-x32\...\Run: [ISBMgr.exe] => C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe [2757312 2011-02-15] (Sony Corporation)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [651832 2011-08-24] (Sony Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [LTCM Client] => C:\Program Files (x86)\LTCM Client\ltcmClient.exe [2756864 2011-04-07] (Leader Technologies Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-2749176277-1097856338-3472885861-1005\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [6482200 2014-09-26] (Piriform Ltd)
HKU\S-1-5-21-2749176277-1097856338-3472885861-1005\...\Run: [Google Update] => C:\Users\ST0114\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-17] (Google Inc.)
HKU\S-1-5-21-2749176277-1097856338-3472885861-1005\...\RunOnce: [Uninstall C:\Users\ST0114\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211_1\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\ST0114\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211_1\amd64"
HKU\S-1-5-21-2749176277-1097856338-3472885861-1005\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-2749176277-1097856338-3472885861-1005\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
HKU\S-1-5-21-2749176277-1097856338-3472885861-1005\...\MountPoints2: {12302627-493b-11e4-931e-78843ce61924} - D:\N8000_ZTE.exe
HKU\S-1-5-21-2749176277-1097856338-3472885861-1005\...\MountPoints2: {905a16ff-f66b-11e3-93d6-005056c00008} - D:\VerizonSWUpgradeAssistantLauncher.exe
HKU\S-1-5-21-2749176277-1097856338-3472885861-1005\...\MountPoints2: {fdf1e547-0794-11e4-93ca-005056c00008} - D:\iLinker.exe
HKU\S-1-5-18\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-18\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealPlayer Cloud Service UI.lnk [2014-04-06]
ShortcutTarget: RealPlayer Cloud Service UI.lnk -> C:\Program Files (x86)\real\realplayer\RPDS\Bin64\rpsystray.exe (RealNetworks, Inc.)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
BootExecute: autocheck autochk * ;ȵautocheck autochk * ;ҰB VALUES (:RETURN_ID, :"USER_SID", :"DESCRIPTION", 'now');

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =
HKU\S-1-5-21-2749176277-1097856338-3472885861-1005\Software\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\.DEFAULT -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: No Name -> {0877c1fc-19c6-4fe2-8e3d-699d8edb2964} -> No File
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO: Logitech Flow Scroll -> {E11DB59D-5008-42ff-9069-535843BC0BE1} -> C:\Program Files\Logitech\FlowScroll\LogiSmooth.dll [2012-02-08] (Logitech, Inc.)
BHO-x32: No Name -> {0877c1fc-19c6-4fe2-8e3d-699d8edb2964} -> No File
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2013-02-28] (SEIKO EPSON CORPORATION)
BHO-x32: PasswordBox Helper -> {5DB69B97-934B-451D-94DB-32EF802A01CD} -> C:\Program Files (x86)\PasswordBox\Application\pbbtn.dll [2014-11-28] (PasswordBox, Inc.)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-07-25] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-07-25] (Oracle Corporation)
BHO-x32: Logitech Flow Scroll -> {E11DB59D-5008-42ff-9069-535843BC0BE1} -> C:\Program Files\Logitech\FlowScroll\32-bit\LogiSmooth.dll [2012-02-08] (Logitech, Inc.)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2013-02-28] (SEIKO EPSON CORPORATION)
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.26

FireFox:
========
FF ProfilePath: C:\Users\ST0114\AppData\Roaming\Mozilla\Firefox\Profiles\t6lojzkz.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1205146.dll [2013-10-25] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-03] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\.DEFAULT: gingersoftware.com/gingerPlugin -> C:\Program Files (x86)\Ginger\GingerServices\GingerServicesProxy.dll No File
FF Plugin HKU\S-1-5-21-2749176277-1097856338-3472885861-1005: @soe.sony.com/installer,version=1.0.3 -> C:\Users\ST0114\AppData\Roaming\Mozilla\Firefox\Profiles\t6lojzkz.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll No File
FF Plugin HKU\S-1-5-21-2749176277-1097856338-3472885861-1005: @tools.google.com/Google Update;version=3 -> C:\Users\ST0114\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-2749176277-1097856338-3472885861-1005: @tools.google.com/Google Update;version=9 -> C:\Users\ST0114\AppData\Local\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-02-04] (Google Inc.)
FF Plugin HKU\S-1-5-21-2749176277-1097856338-3472885861-1005: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\ST0114\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-03-03] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-2749176277-1097856338-3472885861-1005: intel.com/AppUp -> C:\Program Files (x86)\Intel\IntelAppStore\bin\npAppUp.dll [2012-01-10] (Intel)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll [2007-04-10] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll [2012-11-14] (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppl3260.dll [2014-10-17] (RealNetworks, Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2014-11-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2014-11-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2014-11-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2014-11-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2014-11-20] (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll [2014-10-17] (RealPlayer Cloud)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2015-02-26] (Coupons, Inc.)
FF Extension: No Name - C:\Users\ST0114\AppData\Roaming\Mozilla\Firefox\Profiles\t6lojzkz.default\Extensions\netvideohunter@netvideohunter.com [2015-04-17]
FF Extension: No Name - C:\Users\ST0114\AppData\Roaming\Mozilla\Firefox\Profiles\t6lojzkz.default\Extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A} [2012-07-09]
FF Extension: Garmin Communicator - C:\Users\ST0114\AppData\Roaming\Mozilla\Firefox\Profiles\t6lojzkz.default\Extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E} [2013-11-20]
FF Extension: No Name - C:\Users\ST0114\AppData\Roaming\Mozilla\Firefox\Profiles\t6lojzkz.default\Extensions\{52a3500f-fc3e-4253-8d2f-fa6303d5f7e2}.oldbackup [2012-11-16]
FF Extension: Amazon Price Tracker - Keepa.com - C:\Users\ST0114\AppData\Roaming\Mozilla\Firefox\Profiles\t6lojzkz.default\Extensions\amptra@keepa.com.xpi [2013-07-09]
FF Extension: 網頁截圖 - C:\Users\ST0114\AppData\Roaming\Mozilla\Firefox\Profiles\t6lojzkz.default\Extensions\easyscreenshot@mozillaonline.com.xpi [2013-05-23]
FF Extension: No Name - C:\Users\ST0114\AppData\Roaming\Mozilla\Firefox\Profiles\t6lojzkz.default\Extensions\jsterm@paulrouget.com.xpi [2013-06-24]
FF Extension: Print Edit - C:\Users\ST0114\AppData\Roaming\Mozilla\Firefox\Profiles\t6lojzkz.default\Extensions\printedit@DW-dev.xpi [2012-04-26]
FF Extension: PDF Viewer - C:\Users\ST0114\AppData\Roaming\Mozilla\Firefox\Profiles\t6lojzkz.default\Extensions\uriloader@pdf.js.xpi [2013-10-29]
FF Extension: CacheViewer - C:\Users\ST0114\AppData\Roaming\Mozilla\Firefox\Profiles\t6lojzkz.default\Extensions\{71328583-3CA7-4809-B4BA-570A85818FBB}.xpi [2014-04-29]
FF Extension: Video DownloadHelper - C:\Users\ST0114\AppData\Roaming\Mozilla\Firefox\Profiles\t6lojzkz.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}.xpi [2015-03-31]
FF Extension: No Name - C:\Program Files (x86)\Mozilla Firefox\extensions\adapter@gingersoftware.com [2015-03-30]
FF Extension: Ginger - Grammar and Spell Checker - C:\Program Files (x86)\Mozilla Firefox\extensions\firefox@gingersoftware.2.0.0.74.com [2015-03-30]
FF Extension: DownloadTerms - C:\Program Files (x86)\Mozilla Firefox\extensions\kgcngo@xmmomglptujvwxntife.org [2015-03-30]
FF Extension: Motive Extension - C:\Program Files (x86)\Mozilla Firefox\extensions\mcciwbch@motive.com.xpi [2015-03-30]
FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext
FF HKLM-x32\...\Firefox\Extensions: [firefox@passwordbox.com] - C:\Program Files (x86)\PasswordBox\Firefox
FF Extension: PasswordBox - C:\Program Files (x86)\PasswordBox\Firefox [2013-11-21]
FF HKLM-x32\...\Firefox\Extensions: [firefox@gingersoftware.2.0.0.74.com] - C:\Program Files (x86)\Ginger\Mozilla\firefox@gingersoftware.2.0.0.74.com
FF Extension: Ginger - Grammar and Spell Checker - C:\Program Files (x86)\Ginger\Mozilla\firefox@gingersoftware.2.0.0.74.com [2014-05-10]
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: E-Web Print - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2014-06-23]
FF HKLM-x32\...\Firefox\Extensions: [{5D3F3872-91E9-4d59-AD9F-AA174A3145DD}] - C:\Program Files\Logitech\FlowScroll\LogiSmoothFirefoxExt
FF Extension: Logitech Flow Scroll - C:\Program Files\Logitech\FlowScroll\LogiSmoothFirefoxExt [2014-11-15]
FF HKU\S-1-5-21-2749176277-1097856338-3472885861-1005\...\Firefox\Extensions: [{56254F5C-FC7A-11E1-8270-B8AC6F996F26}] - C:\Users\ST0114\AppData\Local\{56254F5C-FC7A-11E1-8270-B8AC6F996F26}
FF Extension: Mozilla Safe Browsing - C:\Users\ST0114\AppData\Local\{56254F5C-FC7A-11E1-8270-B8AC6F996F26} [2012-09-11]
FF Extension: No Name - C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack [Not Found]

Chrome:
=======
CHR Profile: C:\Users\ST0114\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Logitech Flow Scroll) - C:\Users\ST0114\AppData\Local\Google\Chrome\User Data\Default\Extensions\geooogfhpjdpeiphckpbgkhpbeobcaoi [2014-10-15]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\ST0114\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-24]
CHR Extension: (Google Wallet) - C:\Users\ST0114\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-07]
CHR HKLM-x32\...\Chrome\Extension: [aaaanfggifmbbmaffeaneceafnkmihli] - C:\Users\ST0114\AppData\Local\APN\GoogleCRXs\aaaanfggifmbbmaffeaneceafnkmihli_7.14.1.0.crx [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [geooogfhpjdpeiphckpbgkhpbeobcaoi] - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx [2014-11-15]
StartMenuInternet: Google Chrome.MUNAP54JSLCWOVNMRSKP2ZQPD4 - C:\Users\ST0114\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
S3 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) [File not signed]
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2011-01-05] ()
S3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 PasswordBox; C:\Program Files (x86)\PasswordBox\pbbtnService.exe [67584 2014-05-14] (PasswordBox, Inc.) [File not signed]
R2 RealPlayer Cloud Service; c:\program files (x86)\real\realplayer\RPDS\Bin\rpdsvc.exe [1141848 2014-10-17] (RealNetworks, Inc.)
R2 SampleCollector; C:\Program Files\Sony\VAIO Care\VCPerfService.exe [266168 2013-11-01] (Intel Corporation)
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [105024 2011-02-23] (ArcSoft, Inc.)
S3 USER_ESRV_SVC; C:\Program Files\Sony\VAIO Care\ESRV\esrv_svc.exe [377768 2013-11-01] (Intel Corporation)
S2 VCFw; C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [887000 2011-01-20] (Sony Corporation)
R3 VUAgent; C:\Program Files\Sony\VAIO Update\vuagent.exe [1642544 2014-02-28] (Sony Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZAMSvc; C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe [11800944 2015-04-08] (Zemana Ltd.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
S3 Generalusbserialser20675; C:\Windows\System32\DRIVERS\CT_U_USBSER.sys [128328 2012-04-20] (Incorporated)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-03-17] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R3 msvad_simple; C:\Windows\System32\drivers\povrtdev.sys [28528 2010-04-29] (MediaMall Technologies, Inc.)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R3 semav6thermal64ro; C:\Windows\system32\drivers\semav6thermal64ro.sys [13792 2014-12-24] ()
S3 trufos; C:\Windows\System32\drivers\trufos.sys [350160 2015-04-20] (BitDefender S.R.L.)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2014-07-28] (Apple, Inc.) [File not signed]
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [103752 2015-04-20] (Zemana Ltd.)

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-20 17:13 - 2015-04-20 17:15 - 00026959 _____ () C:\Users\ST0114\Downloads\FRST.txt
2015-04-20 17:13 - 2015-04-20 17:13 - 02099712 _____ (Farbar) C:\Users\ST0114\Downloads\FRST64.exe
2015-04-20 17:12 - 2015-04-20 17:12 - 00000000 ____D () C:\Users\ST0114\backup
2015-04-20 17:04 - 2015-04-20 17:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2015-04-20 17:04 - 2015-04-20 17:04 - 00000000 ____D () C:\Program Files (x86)\Cobian Backup 11
2015-04-20 17:01 - 2015-04-20 17:02 - 19709440 _____ (Luis Cobian, CobianSoft) C:\Users\ST0114\Downloads\cbSetup.exe
2015-04-20 16:31 - 2015-04-20 16:31 - 00000185 _____ () C:\Users\ST0114\Desktop\bleeping PC - Rusty.url
2015-04-20 15:37 - 2015-04-20 15:38 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-04-20 15:37 - 2015-04-20 15:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-20 15:37 - 2015-04-20 15:37 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-20 15:37 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-20 15:37 - 2015-03-17 06:15 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-20 15:37 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-20 15:36 - 2015-04-20 15:37 - 21540440 _____ (Malwarebytes Corporation ) C:\Users\ST0114\Downloads\mbam-setup-2.1.4.1018.exe
2015-04-20 15:15 - 2015-04-20 15:18 - 00000000 ____D () C:\AdwCleaner
2015-04-20 15:10 - 2015-04-20 15:10 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-MOMMA-Windows-7-Home-Premium-(64-bit).dat
2015-04-20 15:10 - 2015-04-20 15:10 - 00000000 ____D () C:\RegBackup
2015-04-20 14:00 - 2015-04-20 14:00 - 00103752 _____ (Zemana Ltd.) C:\Windows\system32\Drivers\zam64.sys
2015-04-20 14:00 - 2015-04-20 14:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Zemana AntiMalware
2015-04-20 14:00 - 2015-04-20 14:00 - 00000000 ____D () C:\Program Files (x86)\Zemana AntiMalware
2015-04-20 13:59 - 2015-04-20 13:59 - 00000000 ____D () C:\Users\ST0114\AppData\Local\Zemana
2015-04-20 12:30 - 2015-04-20 12:31 - 18724670 _____ () C:\Windows\REGBK00.ZIP
2015-04-20 12:29 - 2015-04-20 12:29 - 00000504 _____ () C:\Windows\UPDLL.LOG
2015-04-20 12:29 - 2015-04-20 12:29 - 00000000 ____D () C:\Windows\VDLL.DLL
2015-04-20 12:29 - 2015-04-20 12:29 - 00000000 ____D () C:\Windows\SysWOW64\runouce.exe
2015-04-20 12:29 - 2015-04-20 12:29 - 00000000 ____D () C:\Windows\rundll16.exe
2015-04-20 12:29 - 2015-04-20 12:29 - 00000000 ____D () C:\Windows\RUNDL132.EXE
2015-04-20 12:29 - 2015-04-20 12:29 - 00000000 ____D () C:\Windows\logo1_.exe
2015-04-20 12:29 - 2015-04-20 12:29 - 00000000 ____D () C:\Windows\logo_1.exe
2015-04-20 12:24 - 2015-04-20 12:24 - 00001233 _____ () C:\Windows\ESCAN.LOG
2015-04-20 12:23 - 2015-04-20 12:29 - 00000056 _____ () C:\Windows\Lic.xxx
2015-04-20 12:23 - 2015-04-20 12:28 - 00000182 _____ () C:\Windows\general.log
2015-04-20 12:23 - 2015-04-20 12:23 - 00350160 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\trufos.sys
2015-04-20 12:22 - 2015-04-20 12:22 - 00554240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp80.dll
2015-04-20 12:22 - 2015-04-20 12:22 - 00156392 _____ (MicroWorld Technologies Inc.) C:\Windows\SysWOW64\eEmpty.exe
2015-04-20 12:22 - 2015-04-20 12:22 - 00000000 ____D () C:\ProgramData\MicroWorld
2015-04-20 11:56 - 2015-04-20 16:34 - 00001754 _____ () C:\Windows\PFRO.log
2015-04-20 11:51 - 2015-04-20 11:51 - 00000000 ____D () C:\Users\ST0114\AppData\Roaming\TuneUp Software
2015-04-20 07:14 - 2015-04-20 07:14 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-04-20 06:52 - 2015-04-20 06:59 - 00000000 ____D () C:\Users\ST0114\AppData\Roaming\ZHP
2015-04-20 06:37 - 2015-04-20 06:37 - 00290304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\subinacl.exe
2015-04-20 06:37 - 2015-04-20 06:37 - 00000000 ____D () C:\Program Files\Adware-Removal-Tool
2015-04-19 16:50 - 2015-04-19 16:50 - 00000843 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VUDUToGo.lnk
2015-04-19 16:50 - 2015-04-19 16:50 - 00000831 _____ () C:\Users\Public\Desktop\VUDUToGo.lnk
2015-04-19 16:50 - 2015-04-19 16:50 - 00000000 ____D () C:\Program Files (x86)\VUDUToGo
2015-04-19 16:47 - 2015-04-19 16:47 - 03535136 _____ () C:\Users\ST0114\Downloads\VUDUToGo.exe
2015-04-19 11:34 - 2015-04-20 17:15 - 00000211 _____ () C:\Users\ST0114\Desktop\Bleeping PC.url
2015-04-19 10:21 - 2015-04-20 16:27 - 00000000 ____D () C:\Users\ST0114\AppData\Roaming\Jarte
2015-04-19 10:21 - 2015-04-19 10:21 - 00000939 _____ () C:\Users\Public\Desktop\Jarte.lnk
2015-04-19 10:21 - 2015-04-19 10:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jarte
2015-04-19 10:21 - 2015-04-19 10:21 - 00000000 ____D () C:\Program Files (x86)\Jarte
2015-04-19 10:20 - 2015-04-19 10:20 - 03178928 _____ (Carolina Road Software ) C:\Users\ST0114\Downloads\jarte_53_setup.exe
2015-04-19 00:14 - 2015-04-19 00:14 - 02811464 _____ (Coupons.com Incorporated) C:\Users\ST0114\Downloads\CouponPrinter.exe
2015-04-18 19:52 - 2015-04-19 12:12 - 00000000 ____D () C:\Users\ST0114\Desktop\ricky
2015-04-18 17:53 - 2015-04-18 17:53 - 00002117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-04-18 17:53 - 2015-04-18 17:53 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-04-18 17:53 - 2015-04-18 17:53 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-04-18 17:52 - 2015-04-18 17:53 - 14160536 _____ (Microsoft Corporation) C:\Users\ST0114\Downloads\mseinstall.exe
2015-04-18 12:31 - 2015-04-18 12:31 - 45142720 _____ (Microsoft Corporation) C:\Users\ST0114\Downloads\Windows-KB890830-x64-V5.23.exe
2015-04-18 10:56 - 2015-04-18 10:56 - 00074703 _____ () C:\Windows\SysWOW64\mfc45.dll
2015-04-17 15:43 - 2015-04-17 15:43 - 00000548 _____ () C:\Windows\LkmdfCoInst.log
2015-04-16 18:18 - 2015-04-16 18:18 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-15 07:19 - 2015-03-24 23:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-15 07:19 - 2015-03-24 23:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-15 07:19 - 2015-03-24 23:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-15 07:19 - 2015-03-24 23:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-15 07:19 - 2015-03-24 23:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-15 07:19 - 2015-03-24 23:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-15 07:19 - 2015-03-24 23:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-15 07:19 - 2015-03-24 23:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-15 07:19 - 2015-03-24 23:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-15 07:19 - 2015-03-24 23:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-15 07:19 - 2015-03-24 23:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-15 07:19 - 2015-03-24 23:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-15 07:19 - 2015-03-24 23:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-15 07:19 - 2015-03-24 23:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-15 07:19 - 2015-03-24 23:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-15 07:19 - 2015-03-24 23:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-15 07:19 - 2015-03-22 23:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-15 07:19 - 2015-03-22 23:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-15 07:19 - 2015-03-22 23:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-15 07:19 - 2015-03-22 23:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-15 07:19 - 2015-03-22 23:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-15 07:19 - 2015-03-22 23:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-15 07:19 - 2015-03-22 23:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-15 07:19 - 2015-03-22 23:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-15 07:19 - 2015-03-17 01:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-15 07:19 - 2015-03-17 01:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-15 07:19 - 2015-03-17 01:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-15 07:19 - 2015-03-17 01:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-15 07:19 - 2015-03-17 01:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-15 07:19 - 2015-03-17 01:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-15 07:19 - 2015-03-17 01:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-15 07:19 - 2015-03-17 01:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-15 07:19 - 2015-03-17 01:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-15 07:19 - 2015-03-17 01:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-15 07:19 - 2015-03-17 01:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-15 07:19 - 2015-03-17 01:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-15 07:19 - 2015-03-17 01:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-15 07:19 - 2015-03-17 01:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-15 07:19 - 2015-03-17 01:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-15 07:19 - 2015-03-17 01:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-15 07:19 - 2015-03-17 01:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-15 07:19 - 2015-03-17 01:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-15 07:19 - 2015-03-17 01:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-15 07:19 - 2015-03-17 01:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-15 07:19 - 2015-03-17 01:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-15 07:19 - 2015-03-17 01:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-15 07:19 - 2015-03-17 01:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-15 07:19 - 2015-03-17 01:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-15 07:19 - 2015-03-17 01:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-15 07:19 - 2015-03-17 01:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-15 07:19 - 2015-03-17 01:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-15 07:19 - 2015-03-17 01:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-15 07:19 - 2015-03-17 01:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-15 07:19 - 2015-03-17 01:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-15 07:19 - 2015-03-17 01:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-15 07:19 - 2015-03-17 01:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-15 07:19 - 2015-03-17 01:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-15 07:19 - 2015-03-17 01:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-15 07:19 - 2015-03-17 01:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-15 07:19 - 2015-03-17 01:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-15 07:19 - 2015-03-17 01:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 07:19 - 2015-03-17 01:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 07:19 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 07:19 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 07:19 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 07:19 - 2015-03-17 01:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 07:19 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 07:19 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 07:19 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 07:19 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 07:19 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 07:19 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 07:19 - 2015-03-17 01:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 07:19 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 07:19 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-15 07:19 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-15 07:19 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 07:19 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-15 07:19 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 07:19 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 07:19 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 07:19 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 07:19 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 07:19 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 07:19 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 07:19 - 2015-03-17 01:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-15 07:19 - 2015-03-17 01:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-15 07:19 - 2015-03-17 01:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-15 07:19 - 2015-03-17 00:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-15 07:19 - 2015-03-17 00:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-15 07:19 - 2015-03-17 00:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-15 07:19 - 2015-03-17 00:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-15 07:19 - 2015-03-17 00:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-15 07:19 - 2015-03-17 00:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-15 07:19 - 2015-03-17 00:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-15 07:19 - 2015-03-17 00:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-15 07:19 - 2015-03-17 00:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-15 07:19 - 2015-03-17 00:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-15 07:19 - 2015-03-17 00:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-15 07:19 - 2015-03-17 00:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-15 07:19 - 2015-03-17 00:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-15 07:19 - 2015-03-17 00:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-15 07:19 - 2015-03-17 00:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-15 07:19 - 2015-03-17 00:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-15 07:19 - 2015-03-17 00:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-15 07:19 - 2015-03-17 00:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-15 07:19 - 2015-03-17 00:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-15 07:19 - 2015-03-17 00:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-15 07:19 - 2015-03-17 00:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-15 07:19 - 2015-03-17 00:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-15 07:19 - 2015-03-17 00:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-15 07:19 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-15 07:19 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-15 07:19 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-15 07:19 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-15 07:19 - 2015-03-17 00:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-15 07:19 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-15 07:19 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-15 07:19 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-15 07:19 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-15 07:19 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-15 07:19 - 2015-03-17 00:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-15 07:19 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-15 07:19 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-15 07:19 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-15 07:19 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-15 07:19 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-15 07:19 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-15 07:19 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-15 07:19 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-15 07:19 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-15 07:19 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-15 07:19 - 2015-03-17 00:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-15 07:19 - 2015-03-16 23:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-15 07:19 - 2015-03-16 23:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-15 07:19 - 2015-03-16 23:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-15 07:19 - 2015-03-16 23:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-15 07:19 - 2015-03-16 23:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-15 07:19 - 2015-03-16 23:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-15 07:19 - 2015-03-09 23:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-15 07:19 - 2015-03-09 23:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-15 07:19 - 2015-03-09 23:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-15 07:19 - 2015-03-09 23:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-15 07:19 - 2015-03-05 01:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-15 07:19 - 2015-03-05 00:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-15 07:19 - 2015-01-27 19:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-04-15 07:18 - 2015-04-01 20:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-15 07:18 - 2015-04-01 19:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-15 07:18 - 2015-03-13 00:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-15 07:18 - 2015-03-13 00:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-15 07:18 - 2015-03-13 00:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-15 07:18 - 2015-03-13 00:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-15 07:18 - 2015-03-13 00:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-15 07:18 - 2015-03-13 00:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-15 07:18 - 2015-03-13 00:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-15 07:18 - 2015-03-13 00:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-15 07:18 - 2015-03-13 00:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-15 07:18 - 2015-03-13 00:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-15 07:18 - 2015-03-12 23:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-15 07:18 - 2015-03-12 23:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-15 07:18 - 2015-03-12 23:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-15 07:18 - 2015-03-12 23:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-15 07:18 - 2015-03-12 23:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-15 07:18 - 2015-03-12 23:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-15 07:18 - 2015-03-12 23:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-15 07:18 - 2015-03-12 23:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-15 07:18 - 2015-03-12 23:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-15 07:18 - 2015-03-12 23:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-15 07:18 - 2015-03-12 23:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-15 07:18 - 2015-03-12 23:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-15 07:18 - 2015-03-12 23:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-15 07:18 - 2015-03-12 23:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-15 07:18 - 2015-03-12 23:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-15 07:18 - 2015-03-12 23:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-15 07:18 - 2015-03-12 23:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-15 07:18 - 2015-03-12 23:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-15 07:18 - 2015-03-12 23:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-15 07:18 - 2015-03-12 23:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-15 07:18 - 2015-03-12 23:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-15 07:18 - 2015-03-12 23:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-15 07:18 - 2015-03-12 23:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-15 07:18 - 2015-03-12 23:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-15 07:18 - 2015-03-12 23:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-15 07:18 - 2015-03-12 23:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-15 07:18 - 2015-03-12 23:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-15 07:18 - 2015-03-12 23:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-15 07:18 - 2015-03-12 23:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-15 07:18 - 2015-03-12 23:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-15 07:18 - 2015-03-12 23:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-15 07:18 - 2015-03-12 23:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-15 07:18 - 2015-03-12 22:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-15 07:18 - 2015-03-12 22:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-15 07:18 - 2015-03-12 22:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-15 07:18 - 2015-03-12 22:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-15 07:18 - 2015-03-12 22:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-15 07:18 - 2015-03-12 22:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-15 07:18 - 2015-03-12 22:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-15 07:18 - 2015-03-12 22:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-15 07:18 - 2015-03-12 22:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-15 07:18 - 2015-03-12 22:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-15 07:18 - 2015-03-12 22:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-15 07:18 - 2015-03-12 22:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-15 07:18 - 2015-03-12 22:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-15 07:18 - 2015-03-12 22:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-15 07:18 - 2015-02-24 23:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-15 07:17 - 2015-03-04 00:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-15 07:17 - 2015-03-04 00:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-15 07:17 - 2015-03-04 00:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-12 22:29 - 2015-04-12 22:29 - 00000000 ____D () C:\Users\ST0114\Documents\Alawar
2015-04-12 16:55 - 2015-04-12 16:55 - 02143832 _____ () C:\Users\ST0114\Downloads\instsf449.exe
2015-04-12 16:55 - 2015-04-12 16:55 - 00000971 _____ () C:\Users\Mcx1-MOMMA\Desktop\SpeedFan.lnk
2015-04-12 16:55 - 2015-04-12 16:55 - 00000045 _____ () C:\Windows\SysWOW64\initdebug.nfo
2015-04-12 16:55 - 2015-04-12 16:55 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
2015-04-12 16:36 - 2015-04-20 16:34 - 00000706 _____ () C:\Windows\setupact.log
2015-04-12 16:36 - 2015-04-12 16:36 - 00000000 _____ () C:\Windows\setuperr.log
2015-04-07 16:59 - 2015-04-07 16:59 - 00001868 _____ () C:\Users\Public\Desktop\Play Next Stop.lnk
2015-04-07 16:59 - 2015-04-07 16:59 - 00000000 ____D () C:\Users\ST0114\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Next Stop
2015-04-07 16:59 - 2015-04-07 16:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Next Stop
2015-04-07 16:59 - 2015-04-07 16:59 - 00000000 ____D () C:\Program Files (x86)\Next Stop
2015-04-07 16:22 - 2015-04-07 16:22 - 00001891 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Manager.lnk
2015-04-07 16:22 - 2015-04-07 16:22 - 00001248 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\More Great Games.lnk
2015-04-07 16:22 - 2015-04-07 16:22 - 00000000 ____D () C:\Program Files (x86)\bfgclient
2015-04-07 15:28 - 2015-04-07 15:28 - 00237568 _____ (Big Fish Games) C:\Users\ST0114\Downloads\jigswpuzzle2_s1_l1_gF1355T1L1_d2451284631.exe
2015-04-06 20:06 - 2015-04-06 20:06 - 00250036 _____ () C:\Users\ST0114\Downloads\prop_hunt.zip
2015-04-04 03:00 - 2015-04-04 03:00 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-04 03:00 - 2015-04-04 03:00 - 00000000 ___SD () C:\Windows\system32\GWX
2015-04-03 06:44 - 2015-04-03 06:48 - 05007216 _____ (Adobe Systems Inc.) C:\Users\ST0114\Downloads\Shockwave_Installer_Slim (1).exe
2015-04-03 06:43 - 2015-04-03 06:48 - 05007216 _____ (Adobe Systems Inc.) C:\Users\ST0114\Downloads\Shockwave_Installer_Slim.exe
2015-04-02 12:00 - 2015-04-02 12:00 - 00000000 ____D () C:\Program Files (x86)\EaseUS
2015-04-02 11:58 - 2015-04-02 12:00 - 30391784 _____ (EaseUS ) C:\Users\ST0114\Downloads\epm.exe
2015-03-30 21:18 - 2015-03-30 21:18 - 00000000 ____D () C:\Users\ST0114\Documents\Audible
2015-03-30 20:26 - 2015-03-30 20:26 - 00000000 ____D () C:\Users\ST0114\Documents\DVDFab9
2015-03-30 16:18 - 2015-04-20 06:49 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-04-20 17:13 - 2011-11-17 19:40 - 00000000 ____D () C:\FRST
2015-04-20 17:12 - 2011-10-04 13:12 - 00000000 ____D () C:\Users\ST0114
2015-04-20 17:00 - 2014-09-25 07:00 - 00000302 _____ () C:\Windows\Tasks\7862C8D9-066E-4051-A850-CEFDAE4E2322{D1D17942-33FC-4EF1-957D-F529CAAF4279}.job
2015-04-20 16:52 - 2012-03-02 09:12 - 00000912 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2749176277-1097856338-3472885861-1005UA.job
2015-04-20 16:47 - 2014-10-17 07:42 - 01674302 _____ () C:\Windows\WindowsUpdate.log
2015-04-20 16:47 - 2009-07-14 00:45 - 00028896 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-04-20 16:47 - 2009-07-14 00:45 - 00028896 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-04-20 16:42 - 2009-07-14 01:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-20 16:34 - 2009-07-14 01:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-04-20 16:26 - 2012-04-04 13:10 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-04-20 12:24 - 2009-07-13 22:34 - 00000820 _____ () C:\Windows\win.ini
2015-04-20 12:22 - 2012-10-07 15:50 - 00655872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr90.dll
2015-04-20 12:22 - 2012-10-07 15:50 - 00572928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp90.dll
2015-04-20 11:56 - 2012-08-13 11:20 - 00000000 ____D () C:\ProgramData\AVG2012
2015-04-20 11:53 - 2012-08-13 11:16 - 00000000 ____D () C:\ProgramData\MFAData
2015-04-20 06:54 - 2013-03-19 23:23 - 00000000 ____D () C:\ProgramData\InstallMate
2015-04-20 06:54 - 2012-11-25 21:13 - 00000000 ____D () C:\ProgramData\iolo
2015-04-20 06:54 - 2011-11-19 22:47 - 00000000 ____D () C:\Program Files\Enigma Software Group
2015-04-20 06:49 - 2014-11-07 22:46 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak
2015-04-20 01:50 - 2015-02-04 02:45 - 00000860 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2749176277-1097856338-3472885861-1005Core.job
2015-04-19 13:40 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\rescache
2015-04-18 17:53 - 2012-01-12 05:02 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-04-17 15:43 - 2014-08-23 20:11 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2015-04-17 15:41 - 2015-02-09 11:24 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2015-04-17 06:39 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-16 18:37 - 2011-10-27 19:24 - 00000000 ____D () C:\Users\ST0114\AppData\Local\CrashDumps
2015-04-16 18:18 - 2014-05-06 07:43 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-16 18:18 - 2009-07-13 23:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-16 07:09 - 2011-02-10 19:03 - 00775954 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-16 07:03 - 2013-07-18 06:59 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-15 14:17 - 2012-04-04 13:10 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-15 14:17 - 2011-10-22 13:50 - 00000000 ____D () C:\Users\ST0114\AppData\Local\Adobe
2015-04-15 14:16 - 2012-04-04 13:10 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-15 14:16 - 2011-10-22 18:04 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-12 23:32 - 2011-10-15 22:03 - 00000000 ____D () C:\ProgramData\TEMP
2015-04-12 22:50 - 2009-07-14 01:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-04-11 12:49 - 2011-10-16 20:03 - 00000021 _____ () C:\Windows\Model.txt
2015-04-11 12:46 - 2011-10-16 20:02 - 00000000 ____D () C:\Update
2015-04-07 16:53 - 2012-04-28 22:35 - 00000000 ____D () C:\Users\ST0114\AppData\Roaming\Big Fish Games
2015-04-07 16:53 - 2011-10-15 21:51 - 00000000 ____D () C:\ProgramData\Big Fish Games
2015-04-07 16:30 - 2013-07-21 16:46 - 00000000 ____D () C:\BigFishCache
2015-04-07 16:22 - 2012-11-06 00:03 - 00000000 ____D () C:\ProgramData\Big Fish
2015-04-07 12:20 - 2009-07-14 01:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2015-04-04 09:16 - 2012-10-05 19:14 - 00000402 _____ () C:\Windows\Tasks\EasyShare Registration Task.job
2015-04-01 18:35 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\System
2015-04-01 14:10 - 2009-07-14 00:45 - 00021504 _____ () C:\Windows\system32\umstartup.etl
2015-04-01 11:16 - 2011-10-16 11:47 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-03-30 21:20 - 2013-04-30 20:34 - 00000000 ____D () C:\Program Files (x86)\CBE
2015-03-30 21:17 - 2011-04-23 05:21 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-03-30 21:14 - 2014-05-10 22:01 - 00048562 _____ () C:\GingerSetupHelper.log
2015-03-30 21:14 - 2014-05-10 22:01 - 00002408 _____ () C:\GingerSetup.log
2015-03-30 21:13 - 2014-05-10 22:53 - 00000000 ____D () C:\Program Files (x86)\Ginger
2015-03-30 21:03 - 2013-07-12 09:55 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-30 21:02 - 2013-03-17 08:44 - 00000000 ____D () C:\Program Files (x86)\VideoLAN
2015-03-30 20:52 - 2014-02-03 22:26 - 00000000 ____D () C:\Program Files (x86)\MarkAny
2015-03-30 20:45 - 2014-02-03 22:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2015-03-30 20:45 - 2014-02-03 22:17 - 00000000 ____D () C:\Program Files (x86)\Samsung
2015-03-30 20:43 - 2014-04-06 09:12 - 00000000 ____D () C:\Program Files (x86)\RealNetworks
2015-03-30 20:42 - 2013-10-06 15:31 - 00000000 ____D () C:\Program Files (x86)\SpeedBit Video Accelerator
2015-03-30 20:42 - 2013-03-10 02:35 - 00000000 ____D () C:\Program Files (x86)\real
2015-03-30 20:42 - 2012-12-14 08:22 - 00000000 ____D () C:\ProgramData\Real
2015-03-30 20:42 - 2012-02-02 22:18 - 00000000 ____D () C:\Users\ST0114\AppData\Roaming\Real
2015-03-30 20:41 - 2014-02-03 22:25 - 00000000 ____D () C:\Users\ST0114\AppData\Roaming\Samsung
2015-03-30 20:41 - 2014-02-03 22:25 - 00000000 ____D () C:\Users\ST0114\AppData\Local\Samsung
2015-03-30 20:40 - 2014-02-03 22:17 - 00000000 ____D () C:\ProgramData\Samsung
2015-03-30 20:37 - 2011-11-12 14:39 - 00000000 ____D () C:\Program Files (x86)\QuickTime
2015-03-30 20:35 - 2012-02-07 21:49 - 00000000 ____D () C:\ProgramData\Nero
2015-03-30 20:35 - 2012-02-07 21:49 - 00000000 ____D () C:\Program Files (x86)\Nero
2015-03-30 20:33 - 2011-04-23 05:40 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
2015-03-30 20:30 - 2009-07-13 23:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-03-30 20:27 - 2013-08-27 23:37 - 00000000 ____D () C:\Program Files (x86)\Flvto Youtube Downloader
2015-03-30 20:27 - 2013-06-11 17:52 - 00000000 ____D () C:\Program Files (x86)\Magellan
2015-03-30 20:26 - 2012-03-02 09:11 - 00000000 ____D () C:\Users\ST0114\AppData\Local\Deployment
2015-03-30 20:24 - 2011-10-15 13:22 - 00000000 ____D () C:\ProgramData\Apple
2015-03-30 20:21 - 2012-03-12 07:48 - 00000000 ____D () C:\Users\ST0114\AppData\Roaming\Amazon
2015-03-30 20:21 - 2012-03-06 18:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon
2015-03-30 20:21 - 2012-03-06 18:38 - 00000000 ____D () C:\Program Files (x86)\Amazon
2015-03-30 20:15 - 2015-02-16 17:48 - 00003204 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2749176277-1097856338-3472885861-1005
2015-03-30 20:14 - 2015-02-16 17:48 - 00003336 _____ () C:\Windows\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2749176277-1097856338-3472885861-1005
2015-03-30 20:09 - 2011-10-22 13:09 - 00000000 ____D () C:\ProgramData\Origin
2015-03-30 20:09 - 2011-10-22 13:08 - 00000000 ____D () C:\Program Files (x86)\Origin
2015-03-22 02:05 - 2011-10-15 12:15 - 00000000 ____D () C:\Windows\System32\Tasks\Games

==================== Files in the root of some directories =======

2013-05-29 19:44 - 2014-06-02 15:49 - 0003749 _____ () C:\Program Files (x86)\Mozilla Firefoxsafeguard-secure-search.xml
2014-08-05 10:58 - 2014-08-05 10:58 - 0000167 _____ () C:\Users\ST0114\AppData\Roaming\My Profile.xml
2011-11-19 23:15 - 2012-08-09 07:38 - 0061925 _____ () C:\Users\ST0114\AppData\Local\ars.cache
2011-11-19 23:15 - 2012-08-09 07:38 - 1124035 _____ () C:\Users\ST0114\AppData\Local\census.cache
2013-07-03 16:55 - 2013-07-03 16:55 - 0003584 _____ () C:\Users\ST0114\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-11-30 20:00 - 2012-11-30 20:00 - 0027520 _____ () C:\Users\ST0114\AppData\Local\dt.dat
2011-11-19 23:10 - 2011-11-19 23:10 - 0000036 _____ () C:\Users\ST0114\AppData\Local\housecall.guid.cache
2011-10-15 09:54 - 2011-10-15 09:54 - 0001544 _____ () C:\Users\ST0114\AppData\Local\PDLSetup.20111015.065417.txt
2011-10-15 13:22 - 2011-10-15 13:23 - 0001543 _____ () C:\Users\ST0114\AppData\Local\PDLSetup.20111015.132259.txt
2012-02-25 00:01 - 2012-02-25 00:01 - 0000017 _____ () C:\Users\ST0114\AppData\Local\resmon.resmoncfg
2014-03-04 15:09 - 2013-12-16 23:23 - 0010240 _____ () C:\Users\ST0114\AppData\Local\Z@!-03ab80fc-0821-45f6-ab8d-a929eb511fe2.tmp
2014-03-04 15:09 - 2013-12-16 23:23 - 0009216 _____ () C:\Users\ST0114\AppData\Local\Z@S!-c96dbd93-6fe2-4287-b8f7-78d9bd010450.tmp
2012-09-11 21:36 - 2012-09-14 05:40 - 0000000 _____ () C:\Users\ST0114\AppData\Local\¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ
2011-04-23 05:15 - 2011-10-17 01:36 - 0000333 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
2011-11-17 16:13 - 2011-11-21 17:04 - 0000448 _____ () C:\ProgramData\ONLN0ctZgxYtGs
2012-07-07 20:06 - 2012-07-07 20:07 - 0086016 _____ () C:\ProgramData\QYHEav0T.exe
2011-11-19 18:51 - 2011-11-19 18:59 - 0000448 _____ () C:\ProgramData\uLNO7Ug6PqnzW9
2012-08-11 22:28 - 2012-08-11 22:28 - 0000059 _____ () C:\ProgramData\user.ini
2014-03-04 15:11 - 2013-12-16 23:23 - 0010240 _____ () C:\ProgramData\Z@!-fe96b9fb-d5cc-4831-b8da-32db811cddfb.tmp
2014-03-04 15:11 - 2013-12-16 23:23 - 0009216 _____ () C:\ProgramData\Z@S!-eb0110d2-1633-4021-91f8-bcdcb71674bd.tmp

ZeroAccess:
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\{be589d9b-f04a-1e01-45ea-6f5580e284f9}

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$be589d9bf04a1e0145ea6f5580e284f9

Files to move or delete:
====================
C:\ProgramData\QYHEav0T.exe
C:\Users\ST0114\bkxuyfhtdmotdpzb.exe
C:\Users\ST0114\jadnlnphbcttgtci.exe
C:\Users\ST0114\kswzcpciazejrdylktoodbm.exe
C:\Users\ST0114\mmuensuijhbhxpvdohofk.exe
C:\Users\ST0114\vfbqdedysdufgx.exe


Some content of TEMP:
====================
C:\Users\ST0114\AppData\Local\Temp\avcuf32.dll
C:\Users\ST0114\AppData\Local\Temp\avcuf64.dll
C:\Users\ST0114\AppData\Local\Temp\avxdisk.dll
C:\Users\ST0114\AppData\Local\Temp\bdc.exe
C:\Users\ST0114\AppData\Local\Temp\bdcore.dll
C:\Users\ST0114\AppData\Local\Temp\bdfltlib2k.dll
C:\Users\ST0114\AppData\Local\Temp\bdnimbus32.dll
C:\Users\ST0114\AppData\Local\Temp\bdnimbus64.dll
C:\Users\ST0114\AppData\Local\Temp\bdupdateservice.dll
C:\Users\ST0114\AppData\Local\Temp\DEVCON.EXE
C:\Users\ST0114\AppData\Local\Temp\eEmpty.exe
C:\Users\ST0114\AppData\Local\Temp\encdec.dll
C:\Users\ST0114\AppData\Local\Temp\esupdate.exe
C:\Users\ST0114\AppData\Local\Temp\FSSync.dll
C:\Users\ST0114\AppData\Local\Temp\Getvlist.exe
C:\Users\ST0114\AppData\Local\Temp\ikave.dll
C:\Users\ST0114\AppData\Local\Temp\ipc.dll
C:\Users\ST0114\AppData\Local\Temp\kave.dll
C:\Users\ST0114\AppData\Local\Temp\kavvlg.dll
C:\Users\ST0114\AppData\Local\Temp\msvclnt.dll
C:\Users\ST0114\AppData\Local\Temp\msvcp80.dll
C:\Users\ST0114\AppData\Local\Temp\msvcp90.dll
C:\Users\ST0114\AppData\Local\Temp\msvcr80.dll
C:\Users\ST0114\AppData\Local\Temp\msvcr90.dll
C:\Users\ST0114\AppData\Local\Temp\msvl64.dll
C:\Users\ST0114\AppData\Local\Temp\msvlclnt.dll
C:\Users\ST0114\AppData\Local\Temp\mwavdwnl.exe
C:\Users\ST0114\AppData\Local\Temp\MWAVL.exe
C:\Users\ST0114\AppData\Local\Temp\mwavscan.exe
C:\Users\ST0114\AppData\Local\Temp\mwunzip.dll
C:\Users\ST0114\AppData\Local\Temp\prLoader.dll
C:\Users\ST0114\AppData\Local\Temp\Quarantine.exe
C:\Users\ST0114\AppData\Local\Temp\red32.dll
C:\Users\ST0114\AppData\Local\Temp\Reload.exe
C:\Users\ST0114\AppData\Local\Temp\scan.dll
C:\Users\ST0114\AppData\Local\Temp\ScanningProcess.exe
C:\Users\ST0114\AppData\Local\Temp\setpriv.exe
C:\Users\ST0114\AppData\Local\Temp\sqlite3.dll
C:\Users\ST0114\AppData\Local\Temp\test2.exe
C:\Users\ST0114\AppData\Local\Temp\trufos.dll
C:\Users\ST0114\AppData\Local\Temp\unregx.exe
C:\Users\ST0114\AppData\Local\Temp\UPDLL10.DLL
C:\Users\ST0114\AppData\Local\Temp\viewtcp.exe


Some zero byte size files/folders:
==========================
C:\Windows\logo1_.exe
C:\Windows\logo_1.exe
C:\Windows\RUNDL132.EXE
C:\Windows\rundll16.exe
C:\Windows\VDLL.DLL
C:\Windows\SysWOW64\runouce.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-04-14 00:32

==================== End Of Log ============================

Attached Files


Edited by nasdaq, 25 April 2015 - 08:48 AM.
FRST log posted.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:56 PM

Posted 25 April 2015 - 08:47 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===


Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

CreateRestorePoint:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
BHO: No Name -> {0877c1fc-19c6-4fe2-8e3d-699d8edb2964} ->  No File
BHO-x32: No Name -> {0877c1fc-19c6-4fe2-8e3d-699d8edb2964} ->  No File
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin HKU\.DEFAULT: gingersoftware.com/gingerPlugin -> C:\Program Files (x86)\Ginger\GingerServices\GingerServicesProxy.dll No File
FF Plugin HKU\S-1-5-21-2749176277-1097856338-3472885861-1005: @soe.sony.com/installer,version=1.0.3 -> C:\Users\ST0114\AppData\Roaming\Mozilla\Firefox\Profiles\t6lojzkz.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll [2012-11-14] (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2015-02-26] (Coupons, Inc.)
FF Extension: DownloadTerms - C:\Program Files (x86)\Mozilla Firefox\extensions\kgcngo@xmmomglptujvwxntife.org [2015-03-30]
FF HKU\S-1-5-21-2749176277-1097856338-3472885861-1005\...\Firefox\Extensions: [{56254F5C-FC7A-11E1-8270-B8AC6F996F26}] - C:\Users\ST0114\AppData\Local\{56254F5C-FC7A-11E1-8270-B8AC6F996F26}
FF Extension: No Name - C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [aaaanfggifmbbmaffeaneceafnkmihli] - C:\Users\ST0114\AppData\Local\APN\GoogleCRXs\aaaanfggifmbbmaffeaneceafnkmihli_7.14.1.0.crx [Not Found]
Task: {19C47E7D-C502-4CAA-8231-1C09A5544EA1} - System32\Tasks\7862C8D9-066E-4051-A850-CEFDAE4E2322{D1D17942-33FC-4EF1-957D-F529CAAF4279} => C:\Program Files\Shop For Rewards\PrefHelper.exe <==== ATTENTION
Task: {6FF66A21-74D6-49C0-9F88-11211944BFD4} - \BuzzSocialPoints_DNS_Checker No Task File <==== ATTENTION
Task: {C1051498-D54D-411E-97B2-A67BA1B28EE6} - \SMW_UpdateTask_Time_3334353631323937382d6c5b5a345b4132452d5a346c No Task File <==== ATTENTION
Task: C:\Windows\Tasks\7862C8D9-066E-4051-A850-CEFDAE4E2322{D1D17942-33FC-4EF1-957D-F529CAAF4279}.job => C:\Program Files\Shop For Rewards\PrefHelper.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:03D08225
AlternateDataStreams: C:\ProgramData\TEMP:04ADB7A6
AlternateDataStreams: C:\ProgramData\TEMP:063969F8
AlternateDataStreams: C:\ProgramData\TEMP:08801FDB
AlternateDataStreams: C:\ProgramData\TEMP:0ACF1AF5
AlternateDataStreams: C:\ProgramData\TEMP:0C2F9CC7
AlternateDataStreams: C:\ProgramData\TEMP:0CDF8C3D
AlternateDataStreams: C:\ProgramData\TEMP:0DFE2AE1
AlternateDataStreams: C:\ProgramData\TEMP:0E61938B
AlternateDataStreams: C:\ProgramData\TEMP:0F5DCBF5
AlternateDataStreams: C:\ProgramData\TEMP:0F6AC518
AlternateDataStreams: C:\ProgramData\TEMP:100E92DA
AlternateDataStreams: C:\ProgramData\TEMP:10D45FC3
AlternateDataStreams: C:\ProgramData\TEMP:10E0CEB1
AlternateDataStreams: C:\ProgramData\TEMP:11EF326F
AlternateDataStreams: C:\ProgramData\TEMP:11EFE63D
AlternateDataStreams: C:\ProgramData\TEMP:1379054C
AlternateDataStreams: C:\ProgramData\TEMP:14FA5E46
AlternateDataStreams: C:\ProgramData\TEMP:1585E7B2
AlternateDataStreams: C:\ProgramData\TEMP:15E76ABF
AlternateDataStreams: C:\ProgramData\TEMP:1663E41B
AlternateDataStreams: C:\ProgramData\TEMP:16B49C20
AlternateDataStreams: C:\ProgramData\TEMP:19C3BC3A
AlternateDataStreams: C:\ProgramData\TEMP:19C541B5
AlternateDataStreams: C:\ProgramData\TEMP:19F494DE
AlternateDataStreams: C:\ProgramData\TEMP:1F96ED45
AlternateDataStreams: C:\ProgramData\TEMP:206470A5
AlternateDataStreams: C:\ProgramData\TEMP:217A2A36
AlternateDataStreams: C:\ProgramData\TEMP:21B987C4
AlternateDataStreams: C:\ProgramData\TEMP:2640C43F
AlternateDataStreams: C:\ProgramData\TEMP:2A66F1C3
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
AlternateDataStreams: C:\ProgramData\TEMP:2CED8825
AlternateDataStreams: C:\ProgramData\TEMP:2EB79F01
AlternateDataStreams: C:\ProgramData\TEMP:2F93516B
AlternateDataStreams: C:\ProgramData\TEMP:30DA8392
AlternateDataStreams: C:\ProgramData\TEMP:33C6377A
AlternateDataStreams: C:\ProgramData\TEMP:34FDB459
AlternateDataStreams: C:\ProgramData\TEMP:35110824
AlternateDataStreams: C:\ProgramData\TEMP:3571475C
AlternateDataStreams: C:\ProgramData\TEMP:36608448
AlternateDataStreams: C:\ProgramData\TEMP:395F6776
AlternateDataStreams: C:\ProgramData\TEMP:3A0561F3
AlternateDataStreams: C:\ProgramData\TEMP:3A4676D7
AlternateDataStreams: C:\ProgramData\TEMP:3A4C8FE7
AlternateDataStreams: C:\ProgramData\TEMP:3B07E6F4
AlternateDataStreams: C:\ProgramData\TEMP:3C9B05C4
AlternateDataStreams: C:\ProgramData\TEMP:41884BBE
AlternateDataStreams: C:\ProgramData\TEMP:4290D685
AlternateDataStreams: C:\ProgramData\TEMP:431A72AA
AlternateDataStreams: C:\ProgramData\TEMP:4440A77E
AlternateDataStreams: C:\ProgramData\TEMP:44E16D4A
AlternateDataStreams: C:\ProgramData\TEMP:46E1D1B1
AlternateDataStreams: C:\ProgramData\TEMP:47E35D9B
AlternateDataStreams: C:\ProgramData\TEMP:48D2ED03
AlternateDataStreams: C:\ProgramData\TEMP:490BCC52
AlternateDataStreams: C:\ProgramData\TEMP:49EB0FDC
AlternateDataStreams: C:\ProgramData\TEMP:4AD2C54D
AlternateDataStreams: C:\ProgramData\TEMP:4B70A9FA
AlternateDataStreams: C:\ProgramData\TEMP:4C16B46B
AlternateDataStreams: C:\ProgramData\TEMP:52329B88
AlternateDataStreams: C:\ProgramData\TEMP:52E3B819
AlternateDataStreams: C:\ProgramData\TEMP:56C66609
AlternateDataStreams: C:\ProgramData\TEMP:57173DB4
AlternateDataStreams: C:\ProgramData\TEMP:57EE48CA
AlternateDataStreams: C:\ProgramData\TEMP:592D7272
AlternateDataStreams: C:\ProgramData\TEMP:5B09C4D9
AlternateDataStreams: C:\ProgramData\TEMP:5C0940F1
AlternateDataStreams: C:\ProgramData\TEMP:5C4A588B
AlternateDataStreams: C:\ProgramData\TEMP:5C92988B
AlternateDataStreams: C:\ProgramData\TEMP:5DABFF83
AlternateDataStreams: C:\ProgramData\TEMP:61C6B926
AlternateDataStreams: C:\ProgramData\TEMP:6301CE40
AlternateDataStreams: C:\ProgramData\TEMP:67518200
AlternateDataStreams: C:\ProgramData\TEMP:6764D965
AlternateDataStreams: C:\ProgramData\TEMP:67842DB7
AlternateDataStreams: C:\ProgramData\TEMP:699BDADB
AlternateDataStreams: C:\ProgramData\TEMP:6A9EDD31
AlternateDataStreams: C:\ProgramData\TEMP:6C049F97
AlternateDataStreams: C:\ProgramData\TEMP:701B92FB
AlternateDataStreams: C:\ProgramData\TEMP:7222DA29
AlternateDataStreams: C:\ProgramData\TEMP:73B78E79
AlternateDataStreams: C:\ProgramData\TEMP:751D6870
AlternateDataStreams: C:\ProgramData\TEMP:76466F4C
AlternateDataStreams: C:\ProgramData\TEMP:7B15F8C8
AlternateDataStreams: C:\ProgramData\TEMP:7D288858
AlternateDataStreams: C:\ProgramData\TEMP:80114837
AlternateDataStreams: C:\ProgramData\TEMP:87452B14
AlternateDataStreams: C:\ProgramData\TEMP:8C1A17F5
AlternateDataStreams: C:\ProgramData\TEMP:8F4E260C
AlternateDataStreams: C:\ProgramData\TEMP:9026EFD0
AlternateDataStreams: C:\ProgramData\TEMP:908A1B53
AlternateDataStreams: C:\ProgramData\TEMP:9110335E
AlternateDataStreams: C:\ProgramData\TEMP:91FF95D8
AlternateDataStreams: C:\ProgramData\TEMP:93877B62
AlternateDataStreams: C:\ProgramData\TEMP:93F3E4C9
AlternateDataStreams: C:\ProgramData\TEMP:953FDC1A
AlternateDataStreams: C:\ProgramData\TEMP:9D2DE4B4
AlternateDataStreams: C:\ProgramData\TEMP:9D5BB34A
AlternateDataStreams: C:\ProgramData\TEMP:9E50C1C9
AlternateDataStreams: C:\ProgramData\TEMP:A039EDF9
AlternateDataStreams: C:\ProgramData\TEMP:A1023D41
AlternateDataStreams: C:\ProgramData\TEMP:A2B3764A
AlternateDataStreams: C:\ProgramData\TEMP:A43B789A
AlternateDataStreams: C:\ProgramData\TEMP:A468A21E
AlternateDataStreams: C:\ProgramData\TEMP:A5264343
AlternateDataStreams: C:\ProgramData\TEMP:A652BC99
AlternateDataStreams: C:\ProgramData\TEMP:A851461E
AlternateDataStreams: C:\ProgramData\TEMP:AA004D25
AlternateDataStreams: C:\ProgramData\TEMP:AE531EFF
AlternateDataStreams: C:\ProgramData\TEMP:AED4FFF5
AlternateDataStreams: C:\ProgramData\TEMP:B059B88E
AlternateDataStreams: C:\ProgramData\TEMP:B1E64E47
AlternateDataStreams: C:\ProgramData\TEMP:B1FBBD09
AlternateDataStreams: C:\ProgramData\TEMP:B3B7A337
AlternateDataStreams: C:\ProgramData\TEMP:B5988350
AlternateDataStreams: C:\ProgramData\TEMP:B790962B
AlternateDataStreams: C:\ProgramData\TEMP:B8D00D30
AlternateDataStreams: C:\ProgramData\TEMP:BA24E689
AlternateDataStreams: C:\ProgramData\TEMP:BA5EEDA7
AlternateDataStreams: C:\ProgramData\TEMP:BBF60A29
AlternateDataStreams: C:\ProgramData\TEMP:BDCD0530
AlternateDataStreams: C:\ProgramData\TEMP:C0A2E219
AlternateDataStreams: C:\ProgramData\TEMP:C43C957E
AlternateDataStreams: C:\ProgramData\TEMP:C458CC0A
AlternateDataStreams: C:\ProgramData\TEMP:C67CB31A
AlternateDataStreams: C:\ProgramData\TEMP:C695B256
AlternateDataStreams: C:\ProgramData\TEMP:C69BA1D0
AlternateDataStreams: C:\ProgramData\TEMP:C6CD88E9
AlternateDataStreams: C:\ProgramData\TEMP:C7B98566
AlternateDataStreams: C:\ProgramData\TEMP:CB0FEE2B
AlternateDataStreams: C:\ProgramData\TEMP:CB959782
AlternateDataStreams: C:\ProgramData\TEMP:CC386FD2
AlternateDataStreams: C:\ProgramData\TEMP:CC45913B
AlternateDataStreams: C:\ProgramData\TEMP:D01ACC06
AlternateDataStreams: C:\ProgramData\TEMP:D1787194
AlternateDataStreams: C:\ProgramData\TEMP:D47B19A6
AlternateDataStreams: C:\ProgramData\TEMP:D770A15D
AlternateDataStreams: C:\ProgramData\TEMP:D8DB81DC
AlternateDataStreams: C:\ProgramData\TEMP:DCB27118
AlternateDataStreams: C:\ProgramData\TEMP:DD95E6D9
AlternateDataStreams: C:\ProgramData\TEMP:E0848D16
AlternateDataStreams: C:\ProgramData\TEMP:E21D3CA0
AlternateDataStreams: C:\ProgramData\TEMP:E41267F2
AlternateDataStreams: C:\ProgramData\TEMP:E6537A16
AlternateDataStreams: C:\ProgramData\TEMP:E6C6EB3B
AlternateDataStreams: C:\ProgramData\TEMP:E6D027BB
AlternateDataStreams: C:\ProgramData\TEMP:E6D91F2F
AlternateDataStreams: C:\ProgramData\TEMP:E70FD81B
AlternateDataStreams: C:\ProgramData\TEMP:E84CA8F2
AlternateDataStreams: C:\ProgramData\TEMP:EB5BDBB0
AlternateDataStreams: C:\ProgramData\TEMP:EC3A9923
AlternateDataStreams: C:\ProgramData\TEMP:F2327E82
AlternateDataStreams: C:\ProgramData\TEMP:F422F8F1
AlternateDataStreams: C:\ProgramData\TEMP:F65A2273
AlternateDataStreams: C:\ProgramData\TEMP:F67947AF
AlternateDataStreams: C:\ProgramData\TEMP:F7370879
AlternateDataStreams: C:\ProgramData\TEMP:FE578C5D

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

How is the computer running now?

#3 MistyC

MistyC
  • Topic Starter

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Riceboro, GA
  • Local time:04:56 PM

Posted 25 April 2015 - 03:13 PM

ok so the zooming seems to have stopped but it is randomly clicking on things still.. 

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 20-04-2015
Ran by ST0114 at 2015-04-25 15:57:56 Run:1
Running from C:\Users\ST0114\Downloads
Loaded Profiles: ST0114 (Available profiles: ST0114 & Mcx1-MOMMA)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
 
start
 
CreateRestorePoint:
CloseProcesses:
 
HKLM-x32\...\Run: [] => [X]
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
BHO: No Name -> {0877c1fc-19c6-4fe2-8e3d-699d8edb2964} ->  No File
BHO-x32: No Name -> {0877c1fc-19c6-4fe2-8e3d-699d8edb2964} ->  No File
Winsock: Catalog5 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog5-x64 01 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5-x64 05 mswsock.dll File Not found () ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.0.7 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin HKU\.DEFAULT: gingersoftware.com/gingerPlugin -> C:\Program Files (x86)\Ginger\GingerServices\GingerServicesProxy.dll No File
FF Plugin HKU\S-1-5-21-2749176277-1097856338-3472885861-1005: @soe.sony.com/installer,version=1.0.3 -> C:\Users\ST0114\AppData\Roaming\Mozilla\Firefox\Profiles\t6lojzkz.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll No File
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll [2012-11-14] (Catalina Marketing Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll [2015-02-26] (Coupons, Inc.)
FF Extension: DownloadTerms - C:\Program Files (x86)\Mozilla Firefox\extensions\kgcngo@xmmomglptujvwxntife.org [2015-03-30]
FF HKU\S-1-5-21-2749176277-1097856338-3472885861-1005\...\Firefox\Extensions: [{56254F5C-FC7A-11E1-8270-B8AC6F996F26}] - C:\Users\ST0114\AppData\Local\{56254F5C-FC7A-11E1-8270-B8AC6F996F26}
FF Extension: No Name - C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack [Not Found]
CHR HKLM-x32\...\Chrome\Extension: [aaaanfggifmbbmaffeaneceafnkmihli] - C:\Users\ST0114\AppData\Local\APN\GoogleCRXs\aaaanfggifmbbmaffeaneceafnkmihli_7.14.1.0.crx [Not Found]
Task: {19C47E7D-C502-4CAA-8231-1C09A5544EA1} - System32\Tasks\7862C8D9-066E-4051-A850-CEFDAE4E2322{D1D17942-33FC-4EF1-957D-F529CAAF4279} => C:\Program Files\Shop For Rewards\PrefHelper.exe <==== ATTENTION
Task: {6FF66A21-74D6-49C0-9F88-11211944BFD4} - \BuzzSocialPoints_DNS_Checker No Task File <==== ATTENTION
Task: {C1051498-D54D-411E-97B2-A67BA1B28EE6} - \SMW_UpdateTask_Time_3334353631323937382d6c5b5a345b4132452d5a346c No Task File <==== ATTENTION
Task: C:\Windows\Tasks\7862C8D9-066E-4051-A850-CEFDAE4E2322{D1D17942-33FC-4EF1-957D-F529CAAF4279}.job => C:\Program Files\Shop For Rewards\PrefHelper.exe <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:03D08225
AlternateDataStreams: C:\ProgramData\TEMP:04ADB7A6
AlternateDataStreams: C:\ProgramData\TEMP:063969F8
AlternateDataStreams: C:\ProgramData\TEMP:08801FDB
AlternateDataStreams: C:\ProgramData\TEMP:0ACF1AF5
AlternateDataStreams: C:\ProgramData\TEMP:0C2F9CC7
AlternateDataStreams: C:\ProgramData\TEMP:0CDF8C3D
AlternateDataStreams: C:\ProgramData\TEMP:0DFE2AE1
AlternateDataStreams: C:\ProgramData\TEMP:0E61938B
AlternateDataStreams: C:\ProgramData\TEMP:0F5DCBF5
AlternateDataStreams: C:\ProgramData\TEMP:0F6AC518
AlternateDataStreams: C:\ProgramData\TEMP:100E92DA
AlternateDataStreams: C:\ProgramData\TEMP:10D45FC3
AlternateDataStreams: C:\ProgramData\TEMP:10E0CEB1
AlternateDataStreams: C:\ProgramData\TEMP:11EF326F
AlternateDataStreams: C:\ProgramData\TEMP:11EFE63D
AlternateDataStreams: C:\ProgramData\TEMP:1379054C
AlternateDataStreams: C:\ProgramData\TEMP:14FA5E46
AlternateDataStreams: C:\ProgramData\TEMP:1585E7B2
AlternateDataStreams: C:\ProgramData\TEMP:15E76ABF
AlternateDataStreams: C:\ProgramData\TEMP:1663E41B
AlternateDataStreams: C:\ProgramData\TEMP:16B49C20
AlternateDataStreams: C:\ProgramData\TEMP:19C3BC3A
AlternateDataStreams: C:\ProgramData\TEMP:19C541B5
AlternateDataStreams: C:\ProgramData\TEMP:19F494DE
AlternateDataStreams: C:\ProgramData\TEMP:1F96ED45
AlternateDataStreams: C:\ProgramData\TEMP:206470A5
AlternateDataStreams: C:\ProgramData\TEMP:217A2A36
AlternateDataStreams: C:\ProgramData\TEMP:21B987C4
AlternateDataStreams: C:\ProgramData\TEMP:2640C43F
AlternateDataStreams: C:\ProgramData\TEMP:2A66F1C3
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F
AlternateDataStreams: C:\ProgramData\TEMP:2CED8825
AlternateDataStreams: C:\ProgramData\TEMP:2EB79F01
AlternateDataStreams: C:\ProgramData\TEMP:2F93516B
AlternateDataStreams: C:\ProgramData\TEMP:30DA8392
AlternateDataStreams: C:\ProgramData\TEMP:33C6377A
AlternateDataStreams: C:\ProgramData\TEMP:34FDB459
AlternateDataStreams: C:\ProgramData\TEMP:35110824
AlternateDataStreams: C:\ProgramData\TEMP:3571475C
AlternateDataStreams: C:\ProgramData\TEMP:36608448
AlternateDataStreams: C:\ProgramData\TEMP:395F6776
AlternateDataStreams: C:\ProgramData\TEMP:3A0561F3
AlternateDataStreams: C:\ProgramData\TEMP:3A4676D7
AlternateDataStreams: C:\ProgramData\TEMP:3A4C8FE7
AlternateDataStreams: C:\ProgramData\TEMP:3B07E6F4
AlternateDataStreams: C:\ProgramData\TEMP:3C9B05C4
AlternateDataStreams: C:\ProgramData\TEMP:41884BBE
AlternateDataStreams: C:\ProgramData\TEMP:4290D685
AlternateDataStreams: C:\ProgramData\TEMP:431A72AA
AlternateDataStreams: C:\ProgramData\TEMP:4440A77E
AlternateDataStreams: C:\ProgramData\TEMP:44E16D4A
AlternateDataStreams: C:\ProgramData\TEMP:46E1D1B1
AlternateDataStreams: C:\ProgramData\TEMP:47E35D9B
AlternateDataStreams: C:\ProgramData\TEMP:48D2ED03
AlternateDataStreams: C:\ProgramData\TEMP:490BCC52
AlternateDataStreams: C:\ProgramData\TEMP:49EB0FDC
AlternateDataStreams: C:\ProgramData\TEMP:4AD2C54D
AlternateDataStreams: C:\ProgramData\TEMP:4B70A9FA
AlternateDataStreams: C:\ProgramData\TEMP:4C16B46B
AlternateDataStreams: C:\ProgramData\TEMP:52329B88
AlternateDataStreams: C:\ProgramData\TEMP:52E3B819
AlternateDataStreams: C:\ProgramData\TEMP:56C66609
AlternateDataStreams: C:\ProgramData\TEMP:57173DB4
AlternateDataStreams: C:\ProgramData\TEMP:57EE48CA
AlternateDataStreams: C:\ProgramData\TEMP:592D7272
AlternateDataStreams: C:\ProgramData\TEMP:5B09C4D9
AlternateDataStreams: C:\ProgramData\TEMP:5C0940F1
AlternateDataStreams: C:\ProgramData\TEMP:5C4A588B
AlternateDataStreams: C:\ProgramData\TEMP:5C92988B
AlternateDataStreams: C:\ProgramData\TEMP:5DABFF83
AlternateDataStreams: C:\ProgramData\TEMP:61C6B926
AlternateDataStreams: C:\ProgramData\TEMP:6301CE40
AlternateDataStreams: C:\ProgramData\TEMP:67518200
AlternateDataStreams: C:\ProgramData\TEMP:6764D965
AlternateDataStreams: C:\ProgramData\TEMP:67842DB7
AlternateDataStreams: C:\ProgramData\TEMP:699BDADB
AlternateDataStreams: C:\ProgramData\TEMP:6A9EDD31
AlternateDataStreams: C:\ProgramData\TEMP:6C049F97
AlternateDataStreams: C:\ProgramData\TEMP:701B92FB
AlternateDataStreams: C:\ProgramData\TEMP:7222DA29
AlternateDataStreams: C:\ProgramData\TEMP:73B78E79
AlternateDataStreams: C:\ProgramData\TEMP:751D6870
AlternateDataStreams: C:\ProgramData\TEMP:76466F4C
AlternateDataStreams: C:\ProgramData\TEMP:7B15F8C8
AlternateDataStreams: C:\ProgramData\TEMP:7D288858
AlternateDataStreams: C:\ProgramData\TEMP:80114837
AlternateDataStreams: C:\ProgramData\TEMP:87452B14
AlternateDataStreams: C:\ProgramData\TEMP:8C1A17F5
AlternateDataStreams: C:\ProgramData\TEMP:8F4E260C
AlternateDataStreams: C:\ProgramData\TEMP:9026EFD0
AlternateDataStreams: C:\ProgramData\TEMP:908A1B53
AlternateDataStreams: C:\ProgramData\TEMP:9110335E
AlternateDataStreams: C:\ProgramData\TEMP:91FF95D8
AlternateDataStreams: C:\ProgramData\TEMP:93877B62
AlternateDataStreams: C:\ProgramData\TEMP:93F3E4C9
AlternateDataStreams: C:\ProgramData\TEMP:953FDC1A
AlternateDataStreams: C:\ProgramData\TEMP:9D2DE4B4
AlternateDataStreams: C:\ProgramData\TEMP:9D5BB34A
AlternateDataStreams: C:\ProgramData\TEMP:9E50C1C9
AlternateDataStreams: C:\ProgramData\TEMP:A039EDF9
AlternateDataStreams: C:\ProgramData\TEMP:A1023D41
AlternateDataStreams: C:\ProgramData\TEMP:A2B3764A
AlternateDataStreams: C:\ProgramData\TEMP:A43B789A
AlternateDataStreams: C:\ProgramData\TEMP:A468A21E
AlternateDataStreams: C:\ProgramData\TEMP:A5264343
AlternateDataStreams: C:\ProgramData\TEMP:A652BC99
AlternateDataStreams: C:\ProgramData\TEMP:A851461E
AlternateDataStreams: C:\ProgramData\TEMP:AA004D25
AlternateDataStreams: C:\ProgramData\TEMP:AE531EFF
AlternateDataStreams: C:\ProgramData\TEMP:AED4FFF5
AlternateDataStreams: C:\ProgramData\TEMP:B059B88E
AlternateDataStreams: C:\ProgramData\TEMP:B1E64E47
AlternateDataStreams: C:\ProgramData\TEMP:B1FBBD09
AlternateDataStreams: C:\ProgramData\TEMP:B3B7A337
AlternateDataStreams: C:\ProgramData\TEMP:B5988350
AlternateDataStreams: C:\ProgramData\TEMP:B790962B
AlternateDataStreams: C:\ProgramData\TEMP:B8D00D30
AlternateDataStreams: C:\ProgramData\TEMP:BA24E689
AlternateDataStreams: C:\ProgramData\TEMP:BA5EEDA7
AlternateDataStreams: C:\ProgramData\TEMP:BBF60A29
AlternateDataStreams: C:\ProgramData\TEMP:BDCD0530
AlternateDataStreams: C:\ProgramData\TEMP:C0A2E219
AlternateDataStreams: C:\ProgramData\TEMP:C43C957E
AlternateDataStreams: C:\ProgramData\TEMP:C458CC0A
AlternateDataStreams: C:\ProgramData\TEMP:C67CB31A
AlternateDataStreams: C:\ProgramData\TEMP:C695B256
AlternateDataStreams: C:\ProgramData\TEMP:C69BA1D0
AlternateDataStreams: C:\ProgramData\TEMP:C6CD88E9
AlternateDataStreams: C:\ProgramData\TEMP:C7B98566
AlternateDataStreams: C:\ProgramData\TEMP:CB0FEE2B
AlternateDataStreams: C:\ProgramData\TEMP:CB959782
AlternateDataStreams: C:\ProgramData\TEMP:CC386FD2
AlternateDataStreams: C:\ProgramData\TEMP:CC45913B
AlternateDataStreams: C:\ProgramData\TEMP:D01ACC06
AlternateDataStreams: C:\ProgramData\TEMP:D1787194
AlternateDataStreams: C:\ProgramData\TEMP:D47B19A6
AlternateDataStreams: C:\ProgramData\TEMP:D770A15D
AlternateDataStreams: C:\ProgramData\TEMP:D8DB81DC
AlternateDataStreams: C:\ProgramData\TEMP:DCB27118
AlternateDataStreams: C:\ProgramData\TEMP:DD95E6D9
AlternateDataStreams: C:\ProgramData\TEMP:E0848D16
AlternateDataStreams: C:\ProgramData\TEMP:E21D3CA0
AlternateDataStreams: C:\ProgramData\TEMP:E41267F2
AlternateDataStreams: C:\ProgramData\TEMP:E6537A16
AlternateDataStreams: C:\ProgramData\TEMP:E6C6EB3B
AlternateDataStreams: C:\ProgramData\TEMP:E6D027BB
AlternateDataStreams: C:\ProgramData\TEMP:E6D91F2F
AlternateDataStreams: C:\ProgramData\TEMP:E70FD81B
AlternateDataStreams: C:\ProgramData\TEMP:E84CA8F2
AlternateDataStreams: C:\ProgramData\TEMP:EB5BDBB0
AlternateDataStreams: C:\ProgramData\TEMP:EC3A9923
AlternateDataStreams: C:\ProgramData\TEMP:F2327E82
AlternateDataStreams: C:\ProgramData\TEMP:F422F8F1
AlternateDataStreams: C:\ProgramData\TEMP:F65A2273
AlternateDataStreams: C:\ProgramData\TEMP:F67947AF
AlternateDataStreams: C:\ProgramData\TEMP:F7370879
AlternateDataStreams: C:\ProgramData\TEMP:FE578C5D
 
End
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value deleted successfully.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => Key deleted successfully.
HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => Key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => Key deleted successfully.
HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => Key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => Key deleted successfully.
HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => Key not found. 
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4" => Key deleted successfully.
HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => Key not found. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0877c1fc-19c6-4fe2-8e3d-699d8edb2964}" => Key deleted successfully.
HKCR\CLSID\{0877c1fc-19c6-4fe2-8e3d-699d8edb2964} => Key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0877c1fc-19c6-4fe2-8e3d-699d8edb2964}" => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0877c1fc-19c6-4fe2-8e3d-699d8edb2964} => Key not found. 
Winsock: Catalog5 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5 entry 000000000005\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
Winsock: Catalog5-x64 entry 000000000001\\LibraryPath  was set successfully to %SystemRoot%\system32\NLAapi.dll
Winsock: Catalog5-x64 entry 000000000005\\LibraryPath  was set successfully to %SystemRoot%\System32\mswsock.dll
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@oberon-media.com/ONCAdapter" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.7" => Key deleted successfully.
"HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.3" => Key deleted successfully.
"HKU\.DEFAULT\Software\MozillaPlugins\gingersoftware.com/gingerPlugin" => Key deleted successfully.
C:\Program Files (x86)\Ginger\GingerServices\GingerServicesProxy.dll not found.
"HKU\S-1-5-21-2749176277-1097856338-3472885861-1005\Software\MozillaPlugins\@soe.sony.com/installer,version=1.0.3" => Key deleted successfully.
C:\Users\ST0114\AppData\Roaming\Mozilla\Firefox\Profiles\t6lojzkz.default\extensions\{000F1EA4-5E08-4564-A29B-29076F63A37A}\plugins\npsoe.dll not found.
C:\Program Files (x86)\mozilla firefox\plugins\NPcol400.dll => Moved successfully.
C:\Program Files (x86)\mozilla firefox\browser\plugins\npMozCouponPrinter.dll => Moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\kgcngo@xmmomglptujvwxntife.org => Moved successfully.
HKU\S-1-5-21-2749176277-1097856338-3472885861-1005\Software\Mozilla\Firefox\Extensions\\{56254F5C-FC7A-11E1-8270-B8AC6F996F26} => value deleted successfully.
C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\aaaanfggifmbbmaffeaneceafnkmihli" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{19C47E7D-C502-4CAA-8231-1C09A5544EA1}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{19C47E7D-C502-4CAA-8231-1C09A5544EA1}" => Key deleted successfully.
C:\Windows\System32\Tasks\7862C8D9-066E-4051-A850-CEFDAE4E2322{D1D17942-33FC-4EF1-957D-F529CAAF4279} => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\7862C8D9-066E-4051-A850-CEFDAE4E2322{D1D17942-33FC-4EF1-957D-F529CAAF4279}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6FF66A21-74D6-49C0-9F88-11211944BFD4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6FF66A21-74D6-49C0-9F88-11211944BFD4}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\BuzzSocialPoints_DNS_Checker" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C1051498-D54D-411E-97B2-A67BA1B28EE6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C1051498-D54D-411E-97B2-A67BA1B28EE6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SMW_UpdateTask_Time_3334353631323937382d6c5b5a345b4132452d5a346c" => Key deleted successfully.
C:\Windows\Tasks\7862C8D9-066E-4051-A850-CEFDAE4E2322{D1D17942-33FC-4EF1-957D-F529CAAF4279}.job => Moved successfully.
C:\ProgramData\TEMP => ":03D08225" ADS removed successfully.
C:\ProgramData\TEMP => ":04ADB7A6" ADS removed successfully.
C:\ProgramData\TEMP => ":063969F8" ADS removed successfully.
C:\ProgramData\TEMP => ":08801FDB" ADS removed successfully.
C:\ProgramData\TEMP => ":0ACF1AF5" ADS removed successfully.
C:\ProgramData\TEMP => ":0C2F9CC7" ADS removed successfully.
C:\ProgramData\TEMP => ":0CDF8C3D" ADS removed successfully.
C:\ProgramData\TEMP => ":0DFE2AE1" ADS removed successfully.
C:\ProgramData\TEMP => ":0E61938B" ADS removed successfully.
C:\ProgramData\TEMP => ":0F5DCBF5" ADS removed successfully.
C:\ProgramData\TEMP => ":0F6AC518" ADS removed successfully.
C:\ProgramData\TEMP => ":100E92DA" ADS removed successfully.
C:\ProgramData\TEMP => ":10D45FC3" ADS removed successfully.
C:\ProgramData\TEMP => ":10E0CEB1" ADS removed successfully.
C:\ProgramData\TEMP => ":11EF326F" ADS removed successfully.
C:\ProgramData\TEMP => ":11EFE63D" ADS removed successfully.
C:\ProgramData\TEMP => ":1379054C" ADS removed successfully.
C:\ProgramData\TEMP => ":14FA5E46" ADS removed successfully.
C:\ProgramData\TEMP => ":1585E7B2" ADS removed successfully.
C:\ProgramData\TEMP => ":15E76ABF" ADS removed successfully.
C:\ProgramData\TEMP => ":1663E41B" ADS removed successfully.
C:\ProgramData\TEMP => ":16B49C20" ADS removed successfully.
C:\ProgramData\TEMP => ":19C3BC3A" ADS removed successfully.
C:\ProgramData\TEMP => ":19C541B5" ADS removed successfully.
C:\ProgramData\TEMP => ":19F494DE" ADS removed successfully.
C:\ProgramData\TEMP => ":1F96ED45" ADS removed successfully.
C:\ProgramData\TEMP => ":206470A5" ADS removed successfully.
C:\ProgramData\TEMP => ":217A2A36" ADS removed successfully.
C:\ProgramData\TEMP => ":21B987C4" ADS removed successfully.
C:\ProgramData\TEMP => ":2640C43F" ADS removed successfully.
C:\ProgramData\TEMP => ":2A66F1C3" ADS removed successfully.
C:\ProgramData\TEMP => ":2CB9631F" ADS removed successfully.
C:\ProgramData\TEMP => ":2CED8825" ADS removed successfully.
C:\ProgramData\TEMP => ":2EB79F01" ADS removed successfully.
C:\ProgramData\TEMP => ":2F93516B" ADS removed successfully.
C:\ProgramData\TEMP => ":30DA8392" ADS removed successfully.
C:\ProgramData\TEMP => ":33C6377A" ADS removed successfully.
C:\ProgramData\TEMP => ":34FDB459" ADS removed successfully.
C:\ProgramData\TEMP => ":35110824" ADS removed successfully.
C:\ProgramData\TEMP => ":3571475C" ADS removed successfully.
C:\ProgramData\TEMP => ":36608448" ADS removed successfully.
C:\ProgramData\TEMP => ":395F6776" ADS removed successfully.
C:\ProgramData\TEMP => ":3A0561F3" ADS removed successfully.
C:\ProgramData\TEMP => ":3A4676D7" ADS removed successfully.
C:\ProgramData\TEMP => ":3A4C8FE7" ADS removed successfully.
C:\ProgramData\TEMP => ":3B07E6F4" ADS removed successfully.
C:\ProgramData\TEMP => ":3C9B05C4" ADS removed successfully.
C:\ProgramData\TEMP => ":41884BBE" ADS removed successfully.
C:\ProgramData\TEMP => ":4290D685" ADS removed successfully.
C:\ProgramData\TEMP => ":431A72AA" ADS removed successfully.
C:\ProgramData\TEMP => ":4440A77E" ADS removed successfully.
C:\ProgramData\TEMP => ":44E16D4A" ADS removed successfully.
C:\ProgramData\TEMP => ":46E1D1B1" ADS removed successfully.
C:\ProgramData\TEMP => ":47E35D9B" ADS removed successfully.
C:\ProgramData\TEMP => ":48D2ED03" ADS removed successfully.
C:\ProgramData\TEMP => ":490BCC52" ADS removed successfully.
C:\ProgramData\TEMP => ":49EB0FDC" ADS removed successfully.
C:\ProgramData\TEMP => ":4AD2C54D" ADS removed successfully.
C:\ProgramData\TEMP => ":4B70A9FA" ADS removed successfully.
C:\ProgramData\TEMP => ":4C16B46B" ADS removed successfully.
C:\ProgramData\TEMP => ":52329B88" ADS removed successfully.
C:\ProgramData\TEMP => ":52E3B819" ADS removed successfully.
C:\ProgramData\TEMP => ":56C66609" ADS removed successfully.
C:\ProgramData\TEMP => ":57173DB4" ADS removed successfully.
C:\ProgramData\TEMP => ":57EE48CA" ADS removed successfully.
C:\ProgramData\TEMP => ":592D7272" ADS removed successfully.
C:\ProgramData\TEMP => ":5B09C4D9" ADS removed successfully.
C:\ProgramData\TEMP => ":5C0940F1" ADS removed successfully.
C:\ProgramData\TEMP => ":5C4A588B" ADS removed successfully.
C:\ProgramData\TEMP => ":5C92988B" ADS removed successfully.
C:\ProgramData\TEMP => ":5DABFF83" ADS removed successfully.
C:\ProgramData\TEMP => ":61C6B926" ADS removed successfully.
C:\ProgramData\TEMP => ":6301CE40" ADS removed successfully.
C:\ProgramData\TEMP => ":67518200" ADS removed successfully.
C:\ProgramData\TEMP => ":6764D965" ADS removed successfully.
C:\ProgramData\TEMP => ":67842DB7" ADS removed successfully.
C:\ProgramData\TEMP => ":699BDADB" ADS removed successfully.
C:\ProgramData\TEMP => ":6A9EDD31" ADS removed successfully.
C:\ProgramData\TEMP => ":6C049F97" ADS removed successfully.
C:\ProgramData\TEMP => ":701B92FB" ADS removed successfully.
C:\ProgramData\TEMP => ":7222DA29" ADS removed successfully.
C:\ProgramData\TEMP => ":73B78E79" ADS removed successfully.
C:\ProgramData\TEMP => ":751D6870" ADS removed successfully.
C:\ProgramData\TEMP => ":76466F4C" ADS removed successfully.
C:\ProgramData\TEMP => ":7B15F8C8" ADS removed successfully.
C:\ProgramData\TEMP => ":7D288858" ADS removed successfully.
C:\ProgramData\TEMP => ":80114837" ADS removed successfully.
C:\ProgramData\TEMP => ":87452B14" ADS removed successfully.
C:\ProgramData\TEMP => ":8C1A17F5" ADS removed successfully.
C:\ProgramData\TEMP => ":8F4E260C" ADS removed successfully.
C:\ProgramData\TEMP => ":9026EFD0" ADS removed successfully.
C:\ProgramData\TEMP => ":908A1B53" ADS removed successfully.
C:\ProgramData\TEMP => ":9110335E" ADS removed successfully.
C:\ProgramData\TEMP => ":91FF95D8" ADS removed successfully.
C:\ProgramData\TEMP => ":93877B62" ADS removed successfully.
C:\ProgramData\TEMP => ":93F3E4C9" ADS removed successfully.
C:\ProgramData\TEMP => ":953FDC1A" ADS removed successfully.
C:\ProgramData\TEMP => ":9D2DE4B4" ADS removed successfully.
C:\ProgramData\TEMP => ":9D5BB34A" ADS removed successfully.
C:\ProgramData\TEMP => ":9E50C1C9" ADS removed successfully.
C:\ProgramData\TEMP => ":A039EDF9" ADS removed successfully.
C:\ProgramData\TEMP => ":A1023D41" ADS removed successfully.
C:\ProgramData\TEMP => ":A2B3764A" ADS removed successfully.
C:\ProgramData\TEMP => ":A43B789A" ADS removed successfully.
C:\ProgramData\TEMP => ":A468A21E" ADS removed successfully.
C:\ProgramData\TEMP => ":A5264343" ADS removed successfully.
C:\ProgramData\TEMP => ":A652BC99" ADS removed successfully.
C:\ProgramData\TEMP => ":A851461E" ADS removed successfully.
C:\ProgramData\TEMP => ":AA004D25" ADS removed successfully.
C:\ProgramData\TEMP => ":AE531EFF" ADS removed successfully.
C:\ProgramData\TEMP => ":AED4FFF5" ADS removed successfully.
C:\ProgramData\TEMP => ":B059B88E" ADS removed successfully.
C:\ProgramData\TEMP => ":B1E64E47" ADS removed successfully.
C:\ProgramData\TEMP => ":B1FBBD09" ADS removed successfully.
C:\ProgramData\TEMP => ":B3B7A337" ADS removed successfully.
C:\ProgramData\TEMP => ":B5988350" ADS removed successfully.
C:\ProgramData\TEMP => ":B790962B" ADS removed successfully.
C:\ProgramData\TEMP => ":B8D00D30" ADS removed successfully.
C:\ProgramData\TEMP => ":BA24E689" ADS removed successfully.
C:\ProgramData\TEMP => ":BA5EEDA7" ADS removed successfully.
C:\ProgramData\TEMP => ":BBF60A29" ADS removed successfully.
C:\ProgramData\TEMP => ":BDCD0530" ADS removed successfully.
C:\ProgramData\TEMP => ":C0A2E219" ADS removed successfully.
C:\ProgramData\TEMP => ":C43C957E" ADS removed successfully.
C:\ProgramData\TEMP => ":C458CC0A" ADS removed successfully.
C:\ProgramData\TEMP => ":C67CB31A" ADS removed successfully.
C:\ProgramData\TEMP => ":C695B256" ADS removed successfully.
C:\ProgramData\TEMP => ":C69BA1D0" ADS removed successfully.
C:\ProgramData\TEMP => ":C6CD88E9" ADS removed successfully.
C:\ProgramData\TEMP => ":C7B98566" ADS removed successfully.
C:\ProgramData\TEMP => ":CB0FEE2B" ADS removed successfully.
C:\ProgramData\TEMP => ":CB959782" ADS removed successfully.
C:\ProgramData\TEMP => ":CC386FD2" ADS removed successfully.
C:\ProgramData\TEMP => ":CC45913B" ADS removed successfully.
C:\ProgramData\TEMP => ":D01ACC06" ADS removed successfully.
C:\ProgramData\TEMP => ":D1787194" ADS removed successfully.
C:\ProgramData\TEMP => ":D47B19A6" ADS removed successfully.
C:\ProgramData\TEMP => ":D770A15D" ADS removed successfully.
C:\ProgramData\TEMP => ":D8DB81DC" ADS removed successfully.
C:\ProgramData\TEMP => ":DCB27118" ADS removed successfully.
C:\ProgramData\TEMP => ":DD95E6D9" ADS removed successfully.
C:\ProgramData\TEMP => ":E0848D16" ADS removed successfully.
C:\ProgramData\TEMP => ":E21D3CA0" ADS removed successfully.
C:\ProgramData\TEMP => ":E41267F2" ADS removed successfully.
C:\ProgramData\TEMP => ":E6537A16" ADS removed successfully.
C:\ProgramData\TEMP => ":E6C6EB3B" ADS removed successfully.
C:\ProgramData\TEMP => ":E6D027BB" ADS removed successfully.
C:\ProgramData\TEMP => ":E6D91F2F" ADS removed successfully.
C:\ProgramData\TEMP => ":E70FD81B" ADS removed successfully.
C:\ProgramData\TEMP => ":E84CA8F2" ADS removed successfully.
C:\ProgramData\TEMP => ":EB5BDBB0" ADS removed successfully.
C:\ProgramData\TEMP => ":EC3A9923" ADS removed successfully.
C:\ProgramData\TEMP => ":F2327E82" ADS removed successfully.
C:\ProgramData\TEMP => ":F422F8F1" ADS removed successfully.
C:\ProgramData\TEMP => ":F65A2273" ADS removed successfully.
C:\ProgramData\TEMP => ":F67947AF" ADS removed successfully.
C:\ProgramData\TEMP => ":F7370879" ADS removed successfully.
C:\ProgramData\TEMP => ":FE578C5D" ADS removed successfully.
 
 
The system needed a reboot. 
 
==== End of Fixlog 15:59:52 ====


#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:56 PM

Posted 26 April 2015 - 07:15 AM

Please run this tool.

--RogueKiller--
  • Download & SAVE to your Desktop Download RogueKiller
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+
=======

p.s.
I suspect that your mouse is going bad.
Do you have an other one you can use?

#5 MistyC

MistyC
  • Topic Starter

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Riceboro, GA
  • Local time:04:56 PM

Posted 26 April 2015 - 03:20 PM

I am doing your instructions right now. But I have totally unhooked my mouse & turned off the touch pad.. and it will still be clicking. Also tried another mouse as I thought the same thing but it made no difference. 



#6 MistyC

MistyC
  • Topic Starter

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Riceboro, GA
  • Local time:04:56 PM

Posted 26 April 2015 - 05:02 PM

RogueKiller V10.6.0.0 (x64) [Apr 17 2015] by Adlice Software
 
Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : ST0114 [Administrator]
Started from : C:\Program Files\RogueKiller\RogueKiller.exe
Mode : Delete -- Date : 04/26/2015  18:03:23
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 72 ¤¤¤
[Suspicious.Path] (X64) HKEY_USERS\S-1-5-21-2749176277-1097856338-3472885861-1005\Software\Microsoft\Windows\CurrentVersion\RunOnce | Uninstall C:\Users\ST0114\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211_1\amd64 : C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\ST0114\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211_1\amd64" [7][x][x][x][x][x][x] -> Deleted
[Suspicious.Path] (X86) HKEY_USERS\S-1-5-21-2749176277-1097856338-3472885861-1005\Software\Microsoft\Windows\CurrentVersion\RunOnce | Uninstall C:\Users\ST0114\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211_1\amd64 : C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\ST0114\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211_1\amd64"  -> ERROR [2]
[PUM.StartMenu] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0  -> Not selected
[PUM.StartMenu] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 0  -> Not selected
[PUM.StartMenu] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowControlPanel : 0  -> Not selected
[PUM.StartMenu] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowHelp : 0  -> Not selected
[PUM.StartMenu] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyDocs : 0  -> Not selected
[PUM.StartMenu] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 0  -> Not selected
[PUM.StartMenu] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Not selected
[PUM.StartMenu] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 0  -> Not selected
[PUM.StartMenu] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0  -> Not selected
[PUM.StartMenu] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 0  -> Not selected
[PUM.StartMenu] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0  -> Not selected
[PUM.StartMenu] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0  -> Not selected
[PUM.StartMenu] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0  -> Not selected
[PUM.StartMenu] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 0  -> Not selected
[PUM.StartMenu] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowControlPanel : 0  -> Not selected
[PUM.StartMenu] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowHelp : 0  -> Not selected
[PUM.StartMenu] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyDocs : 0  -> Not selected
[PUM.StartMenu] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 0  -> Not selected
[PUM.StartMenu] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Not selected
[PUM.StartMenu] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 0  -> Not selected
[PUM.StartMenu] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0  -> Not selected
[PUM.StartMenu] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 0  -> Not selected
[PUM.StartMenu] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0  -> Not selected
[PUM.StartMenu] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0  -> Not selected
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0  -> Not selected
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 0  -> Not selected
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowControlPanel : 0  -> Not selected
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowHelp : 0  -> Not selected
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyDocs : 0  -> Not selected
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 0  -> Not selected
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Not selected
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 0  -> Not selected
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0  -> Not selected
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 0  -> Not selected
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0  -> Not selected
[PUM.StartMenu] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0  -> Not selected
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_TrackProgs : 0  -> Not selected
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowUser : 0  -> Not selected
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowControlPanel : 0  -> Not selected
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowHelp : 0  -> Not selected
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyDocs : 0  -> Not selected
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyMusic : 0  -> Not selected
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyGames : 0  -> Not selected
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowMyPics : 0  -> Not selected
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowPrinters : 0  -> Not selected
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRecentDocs : 0  -> Not selected
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowRun : 0  -> Not selected
[PUM.StartMenu] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced | Start_ShowSetProgramAccessAndDefaults : 0  -> Not selected
[PUM.DesktopIcons] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected
[PUM.DesktopIcons] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Not selected
[PUM.DesktopIcons] (X64) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1  -> Not selected
[PUM.DesktopIcons] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected
[PUM.DesktopIcons] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Not selected
[PUM.DesktopIcons] (X86) HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1  -> Not selected
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2749176277-1097856338-3472885861-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2749176277-1097856338-3472885861-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Not selected
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2749176277-1097856338-3472885861-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2749176277-1097856338-3472885861-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Not selected
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Not selected
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1  -> Not selected
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Not selected
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\ClassicStartMenu | {645FF040-5081-101B-9F08-00AA002F954E} : 1  -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected
[PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1  -> Not selected
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2749176277-1097856338-3472885861-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected
[PUM.DesktopIcons] (X64) HKEY_USERS\S-1-5-21-2749176277-1097856338-3472885861-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> Not selected
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2749176277-1097856338-3472885861-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Not selected
[PUM.DesktopIcons] (X86) HKEY_USERS\S-1-5-21-2749176277-1097856338-3472885861-1005\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031A47-3F72-44A7-89C5-5595FE6B30EE} : 1  -> Not selected
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 1 ¤¤¤
[C:\Windows\System32\drivers\etc\hosts] 127.0.0.1       localhost
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 1 ¤¤¤
[PUP][FIREFX:Addon] t6lojzkz.default : Yahoo Toolbar [{635abd67-4fe9-1b23-4f01-e679fa7484c1}] -> Not selected
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST9500325AS +++++
--- User ---
[MBR] 8cf4c7684d0ac0aaa71c2752f00b7dba
[BSP] 36022cbf236e156842d3a7bf614c8d12 : Windows Vista/7/8|VT.Unknown MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 10757 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 22034432 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 22239232 | Size: 466080 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK
 
 
============================================
RKreport_SCN_04262015_180136.log

Edited by MistyC, 26 April 2015 - 05:04 PM.


#7 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:56 PM

Posted 27 April 2015 - 07:00 AM

Start the computer in Safe mode. Is the problem persisting?

http://windows.microsoft.com/en-ca/windows/start-computer-safe-mode#start-computer-safe-mode=windows-7
===

When a link is clicked is the mouse pointer over the link?

#8 MistyC

MistyC
  • Topic Starter

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Riceboro, GA
  • Local time:04:56 PM

Posted 27 April 2015 - 11:43 AM

ok put it in safe mode  and opened a file so I could see if it does it. I left it sitting with my picture file open. It kept trying to click on different pictures and of course it was erroring out. As far as the pointer goes.. from what I can see, the pointer moves around. when I am playing a game or on the internet it will randomly move my cursor to other places. Very frustrating! When I am not on the PC.. even when I have the mouse turned off.. we will come back and random files will be open or we can watch a picture open and close multiple times. Thank you for your help. I have about given up on my PC. Once I am done in this forum I Am going to head over to hardware help.. or who ever would be able to help with videos stuttering and freezing....



#9 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:56 PM

Posted 28 April 2015 - 07:35 AM

I think you should try the Hardware forum.

I do not think that this is caused by malware.

#10 MistyC

MistyC
  • Topic Starter

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Riceboro, GA
  • Local time:04:56 PM

Posted 28 April 2015 - 11:43 AM

Alrighty Ty. Can someone move me or do I need to create a new post?



#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:56 PM

Posted 29 April 2015 - 06:54 AM

Start a new topic in this Internal Hardware forum.

http://www.bleepingcomputer.com/forums/f/7/internal-hardware/

Explain your mouse clicking issue.

#12 MistyC

MistyC
  • Topic Starter

  • Members
  • 145 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Riceboro, GA
  • Local time:04:56 PM

Posted 29 April 2015 - 05:21 PM

ok Ty



#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,559 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:04:56 PM

Posted 05 May 2015 - 08:16 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users