Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Host of problems, IE11 unworkable, slow surfing, mouse hang, slow shut down etc.


  • Please log in to reply
46 replies to this topic

#1 TCKW

TCKW

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:01 PM

Posted 06 May 2015 - 01:59 AM

Please help me folks. I am running into quite an insane situation now.

 

Hi folks,

 

Its me again after couple of years of peace, recently headaches returned. Began some weeks ago, IE11 my main browser began to slow down. Slow down gradually increase in frequencies in terms of pages loading and closing of tabs (the X on the top right for example), shutting down of IE11. 

 

Thought IE11 was the culprit, switched to Firefox and Chrome - though the problems not as surfing with IE11, but similar problems happening.

 

Initially some plenty of weeks ago (2-4 months), when IE11 hangs began, I thought it was my laptop's mouse faulty. Changed 3 of them to use, changed batteries,  initally seemed to resolve IE 11 hang problems. Subsequently, doesn't seem changing mouse was the way. 

 

Now I am writing this page using Chrome Browser. The IE11 appears to be istalled, but cannot find the browser ICON to launch. Strangely there is a Internet Options dialog bix which can be clicked, launched to set up the various IE options. But the browser no where to be found for launch.

 

Oer the last 20 days or so, I have been surfing many websites, and doing downloads of many Android OS ROMS. The last some days of which, my ESET and Malwarebytes anti malware programs both of which displayed few 'malicious' warnings which I kind of awared that they were letting me know they were doing their jobs, but specifically I didn't read thoroughly what they said via their dialog prompts.

 

In addition I find it strange that under the dialog of my computer, indicated the presence of  F Drive. There is really NO physical drive attached at all as per dialog picture. This F Drive is my external Buffalo drive. Please see attached screen shot (oops to big, how?)

 

Thank you and appreciate.

 

 

Please help me folks. I am running into quite an insane situation now. 



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,629 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:01 AM

Posted 11 May 2015 - 07:40 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/575360 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,629 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:01 AM

Posted 16 May 2015 - 07:45 AM

Hello again!

I haven't heard from you in 5 days. Therefore, I am going to assume that you no longer need our help, and close this topic.

If you do still need help, please send a Private Message to any Moderator within the next five days. Be sure to include a link to your topic in your Private Message.

Thank you for using Bleeping Computer, and have a great day!

#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:01 AM

Posted 23 May 2015 - 08:17 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

#5 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,257 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:02:01 AM

Posted 25 May 2015 - 10:32 AM

This topic has been re-opened at the request of the person who originally posted.

#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:01 AM

Posted 25 May 2015 - 12:22 PM

TCKW

I'm listening.

Refer to post No. 2, run the tools and post the logs for my review.

Let me know what problem persists.

#7 TCKW

TCKW
  • Topic Starter

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:01 PM

Posted 25 May 2015 - 11:16 PM

Thank you good Samaritan. There are or were too many (bad) things has had happened before I came here, and after my first call for help. I did also try to do some things to see if I can resolved (those that I had written in my first call for help), but seems unsuccessful. Primarily now the internet is thoroughly problematic, include slow, pages refused to open, and at times when slow to open, and it gets stucked at attempting to load pages.

 

The other main problem is there is a 'ghost' drive appearing on the screen at 'My computer'. The icon is there, and upon right click on this icon, it shows the usual information, blah blah. Funny strange thing is, physically there is no drive physically attached. The only drives exist inside my lap top is the C and Recovery Drives (partition), that's all there is.

The ghost drive is my Buffalo drive which does work normally when I attached via USB. But when the drive is detached, the icon and all its related info is there as though the drive is still physically attached. Please look into these 2 items and the rest of course

Thank you.

 

Friend, here is the FRST log:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 24-05-2015 01
Ran by Terence CKW (administrator) on HPENVYBEATS1104 on 25-05-2015 12:40:32
Running from C:\Users\Terence CKW\Desktop
Loaded Profiles: Terence CKW (Available Profiles: Terence CKW & Administrator)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Stardock Corporation) C:\Program Files (x86)\Stardock\MyColors\VistaSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
() C:\Program Files (x86)\Stardock\MyColors\wbvista.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(BUFFALO INC.) C:\Program Files (x86)\BUFFALO\Backup_Utility\BUService.exe
(BUFFALO INC.) C:\Program Files (x86)\BUFFALO\Backup_Utility\BUVSSService64.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
() C:\Program Files (x86)\Synology Data Replicator  3\SynoDrServicex64.exe
() C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.27.5\GoogleCrashHandler64.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(BillP Studios) C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Gadwin Systems, Inc) C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(BUFFALO INC.) C:\Program Files\BUFFALO\BFRD4G\BRDUtilTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\hpdocstart.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Creative Technology Ltd) C:\Program Files (x86)\Creative\Sound Blaster X-Fi Go Pro\Volume Panel\VolPanlu.exe
(Hewlett Packard) C:\Program Files (x86)\Hewlett-Packard\HP Wireless Audio\HPWA.exe
(BUFFALO INC.) C:\Program Files (x86)\BUFFALO\Backup_Utility\BUTray.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Dropbox, Inc.) C:\Users\Terence CKW\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(CyberLink) C:\Program Files (x86)\Hewlett-Packard\Media\Webcam\YCMMirage.exe
(BUFFALO INC.) C:\Program Files (x86)\BUFFALO\BuffaloTools\BuffaloTools.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_17_0_0_188_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated)
HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [324096 2010-06-26] (Alcor Micro Corp.)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-07-03] (IDT, Inc.)
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-06-19] (Hewlett-Packard Company)
HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET Smart Security\egui.exe [5595848 2015-01-28] (ESET)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2010-03-25] (Intel Corporation)
HKLM-x32\...\Run: [HP Envy Guides AutoPlay] => C:\Program Files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\hpdocstart.exe [76584 2010-03-25] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [574008 2011-07-11] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [VolPanel] => C:\Program Files (x86)\Creative\Sound Blaster X-Fi Go Pro\Volume Panel\VolPanlu.exe [241757 2010-12-08] (Creative Technology Ltd)
HKLM-x32\...\Run: [UpdReg] => C:\Windows\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM-x32\...\Run: [Backup Utility TaskTray Tool] => C:\Program Files (x86)\BUFFALO\Backup_Utility\BUTray.exe [1824120 2010-04-28] (BUFFALO INC.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [BuffaloTools] => C:\Program Files (x86)\BUFFALO\BuffaloTools\BuffaloTools.exe [169336 2010-03-05] (BUFFALO INC.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn:  [X]
Winlogon\Notify\WB:  [X]
HKU\S-1-5-21-2799878227-2956951909-133465866-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe [429120 2014-01-24] (BillP Studios)
HKU\S-1-5-21-2799878227-2956951909-133465866-1000\...\Run: [Gadwin PrintScreen] => C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe [1842384 2012-05-30] (Gadwin Systems, Inc)
HKU\S-1-5-21-2799878227-2956951909-133465866-1000\...\MountPoints2: H - H:\Windows\CHECK\DriveNavigator.exe
HKU\S-1-5-21-2799878227-2956951909-133465866-1000\...\MountPoints2: {971b756a-c63d-11e2-9e17-70f39593bade} - F:\Windows\CHECK\DriveNavigator.exe
HKU\S-1-5-21-2799878227-2956951909-133465866-1000\...\MountPoints2: {c5714e2c-c0a5-11e3-9672-70f39593bade} - G:\MotoCastSetup.exe -a
HKU\S-1-5-21-2799878227-2956951909-133465866-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\Mystify.scr [242688 2010-11-20] (Microsoft Corporation)
HKU\S-1-5-18\...\RunOnce: [SPReview] => C:\Windows\System32\SPReview\SPReview.exe [301568 2013-05-26] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2013-05-27]
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Buffalo RAMDISK Tray Utility.lnk [2015-04-26]
ShortcutTarget: Buffalo RAMDISK Tray Utility.lnk -> C:\Program Files\BUFFALO\BFRD4G\BRDUtilTray.exe (BUFFALO INC.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Buffalo RAMDISK Utility.lnk [2015-04-26]
ShortcutTarget: Buffalo RAMDISK Utility.lnk -> C:\Program Files\BUFFALO\BFRD4G\BRDUtil.exe (BUFFALO INC.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Wireless Audio Manager.lnk [2013-05-27]
ShortcutTarget: HP Wireless Audio Manager.lnk -> C:\Program Files (x86)\Hewlett-Packard\HP Wireless Audio\HPWA.exe (Hewlett Packard)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Stardock MyColors.lnk [2013-05-27]
ShortcutTarget: Stardock MyColors.lnk -> C:\Program Files (x86)\Stardock\MyColors\SDDelayedLaunch.exe ()
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IconPackager.lnk [2015-05-09]
ShortcutTarget: IconPackager.lnk -> C:\Program Files (x86)\Stardock\MyColors\IconPackager.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\IconPackager.lnk [2015-05-09]
ShortcutTarget: IconPackager.lnk -> C:\Program Files (x86)\Stardock\MyColors\IconPackager.exe (Stardock Corporation)
Startup: C:\Users\Terence CKW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-05-01]
ShortcutTarget: Dropbox.lnk -> C:\Users\Terence CKW\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Terence CKW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PandaUSBVaccine.lnk [2013-06-02]
ShortcutTarget: PandaUSBVaccine.lnk -> C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe (Panda Security)
ShellIconOverlayIdentifiers: [0000BoxSyncFileLocked] -> {1b9c95e1-ce36-3737-81c8-1ec9807f03c1} => C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [0000BoxSyncNotSynced] -> {e22ccf16-2db6-3de8-9a2c-acb66b571b69} => C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [0000BoxSyncProblem] -> {84878798-e5c4-3e6b-b7c4-b51c4ac4e7dc} => C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [0000BoxSyncSynced] -> {01fcd170-7f0a-3b6a-b992-66a7a20289b5} => C:\Windows\system32\mscoree.dll [2010-11-05] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Terence CKW\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Terence CKW\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Terence CKW\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Terence CKW\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File
ShellIconOverlayIdentifiers-x32: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Terence CKW\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-05-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Terence CKW\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-05-23] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Terence CKW\AppData\Roaming\Dropbox\bin\DropboxExt.26.dll [2015-05-23] (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page =
HKU\S-1-5-21-2799878227-2956951909-133465866-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://xin.msn.com/en-sg/?ocid=iehp
HKU\S-1-5-21-2799878227-2956951909-133465866-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.google.com/
HKU\S-1-5-21-2799878227-2956951909-133465866-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.reuters.com/
http://www.wsj.com/asia
http://www.poems.com.sg/p2/
SearchScopes: HKLM -> {401A4E8E-5931-4B3E-B888-14954AF1F16C} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {6AD9B08E-8C9A-4B9E-8E48-F90E61A9983E} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM -> {C8ADB47F-5CE1-47F7-85FF-FAAF0327B828} URL = http://sg.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKLM-x32 -> {401A4E8E-5931-4B3E-B888-14954AF1F16C} URL = http://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {6AD9B08E-8C9A-4B9E-8E48-F90E61A9983E} URL = http://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {C8ADB47F-5CE1-47F7-85FF-FAAF0327B828} URL = http://sg.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-2799878227-2956951909-133465866-1000 -> {401A4E8E-5931-4B3E-B888-14954AF1F16C} URL =
SearchScopes: HKU\S-1-5-21-2799878227-2956951909-133465866-1000 -> {6AD9B08E-8C9A-4B9E-8E48-F90E61A9983E} URL =
SearchScopes: HKU\S-1-5-21-2799878227-2956951909-133465866-1000 -> {C8ADB47F-5CE1-47F7-85FF-FAAF0327B828} URL =
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-19] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-02-28] (Google Inc.)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
BHO: No Name -> {AF949550-9094-4807-95EC-D1C317803333} ->  No File
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-19] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-19] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2015-02-28] (Google Inc.)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-19] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-02-28] (Google Inc.)
Toolbar: HKU\S-1-5-21-2799878227-2956951909-133465866-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2015-02-28] (Google Inc.)
DPF: HKLM-x32 {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab
DPF: HKLM-x32 {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} http://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect1261.cab
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553750000} http://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/130321/CTPID.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-17] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll [2010-04-17] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2014-07-14] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-07-14] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Terence CKW\AppData\Roaming\Mozilla\Firefox\Profiles\802sfubc.default
FF DefaultSearchEngine: Bing
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Bing
FF Homepage: user_pref("browser.startup.homepage", "about:home"about:home);
FF Keyword.URL: hxxp://www.bing.com/search?FORM=U159DF&PC=U159&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_169.dll [2015-04-15] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-09-23] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_169.dll [2015-04-15] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll [2013-04-03] (Adobe Systems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-19] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-04-17] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-02] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2799878227-2956951909-133465866-1000: @client.dropbox.com/Dropbox Update;version=3 -> C:\Users\Terence CKW\AppData\Local\Dropbox\Update\1.3.27.15\npDropboxUpdate3.dll [2015-05-16] (Dropbox, Inc.)
FF Plugin HKU\S-1-5-21-2799878227-2956951909-133465866-1000: @client.dropbox.com/Dropbox Update;version=9 -> C:\Users\Terence CKW\AppData\Local\Dropbox\Update\1.3.27.15\npDropboxUpdate3.dll [2015-05-16] (Dropbox, Inc.)
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-07-14]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET Smart Security\Mozilla Thunderbird
FF Extension: No Name - C:\Users\Terence CKW\AppData\Roaming\Mozilla\Firefox\Profiles\802sfubc.default\extensions\artur.dubovoy@gmail.com [not found]

Chrome:
=======
CHR HomePage: Default ->
CHR StartupUrls: Default -> "hxxp://news.google.com/?ar=1394348907", "hxxp://www.reuters.com/", "hxxp://asia.wsj.com/home-page/", "hxxp://sg.finance.yahoo.com/", "hxxp://www.poems.com.sg/", "hxxp://www.photoextract.com/", "hxxp://www.cbn.com/", "https://app.box.com/", "hxxp://forum.xda-developers.com/galaxy-note-2/development-n7105", "hxxp://true-android.blogspot.sg/", "hxxp://therealsingapore.com/", "https://download.cyanogenmod.org/?device=t0lte", "hxxp://www.fivestarsandamoon.com/", "hxxp://globalvoicesonline.org/", "hxxp://fortune.com/", "hxxp://asia.nikkei.com/Politics-Economy/", "hxxp://www.bbc.co.uk/programmes/p002vsyy", "hxxp://forum.xda-developers.com/showthread.php?t=622666", "hxxp://www.androidcentral.com/fine-tuning-minfree-settings-improving-androids-multi-tasking", "hxxp://torrentfreak.com/which-vpn-services-take-your-anonymity-seriously-2014-edition-140315/"
CHR Profile: C:\Users\Terence CKW\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Terence CKW\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-03-22]
CHR Extension: (Google Drive) - C:\Users\Terence CKW\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-03-22]
CHR Extension: (MEGA) - C:\Users\Terence CKW\AppData\Local\Google\Chrome\User Data\Default\Extensions\bigefpfhnfcobdlfbedofhhaibnlghod [2014-05-13]
CHR Extension: (YouTube) - C:\Users\Terence CKW\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-03-22]
CHR Extension: (Google Search) - C:\Users\Terence CKW\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-03-22]
CHR Extension: (Bookmark Manager) - C:\Users\Terence CKW\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-25]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Terence CKW\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-14]
CHR Extension: (Google Wallet) - C:\Users\Terence CKW\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-03-22]
CHR Extension: (Gmail) - C:\Users\Terence CKW\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-03-22]
CHR HKU\S-1-5-21-2799878227-2956951909-133465866-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nfedoihopcjdfjihhhojdclnfdgomdho] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - No Path Or update_url value

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2255064 2013-10-28] (Broadcom Corporation.)
R2 BFBackupUtilityService; C:\Program Files (x86)\BUFFALO\Backup_Utility\BUService.exe [320888 2010-04-28] (BUFFALO INC.)
R2 BFBackupUtilityVSSService; C:\Program Files (x86)\BUFFALO\Backup_Utility\BUVSSService64.exe [359288 2010-04-28] (BUFFALO INC.)
R2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173792 2014-06-03] (Microsoft Corp.)
S4 BoxSyncUpdateService; C:\Program Files\Box\Box Sync\SyncUpdaterService.exe [28768 2014-03-10] (Box Inc.)
S4 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390176 2014-07-14] (Microsoft Corporation)
S4 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1767520 2014-07-14] (Microsoft Corporation)
S4 cbVSCService11; C:\Program Files (x86)\Cobian Backup 11\cbVSCService11.exe [67584 2013-03-07] (CobianSoft, Luis Cobian) []
S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2013-06-18] (Creative Labs) []
S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-06-18] (Creative Labs) []
R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [286720 2010-02-12] (Creative Technology Ltd) []
R2 DiagTrack; C:\Windows\system32\diagtrack.dll [1254400 2015-04-28] (Microsoft Corporation)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1349576 2015-01-28] (ESET)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) []
S3 hpdoccardsvc; C:\Program Files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\doccardsvc.exe [83240 2010-03-25] (Hewlett-Packard Developement Company, L.P.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-04-14] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) []
R2 SynoDrService; C:\Program Files (x86)\Synology Data Replicator  3\SynoDrServicex64.exe [381312 2012-06-28] () []
R2 UsbClientService; C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe [248736 2015-02-05] ()
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S4 LBTServ; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe [X]
S4 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R0 amdkmpfd; C:\Windows\System32\DRIVERS\amdkmpfd.sys [62152 2014-10-28] (Advanced Micro Devices, Inc.)
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [170712 2013-10-28] (Broadcom Corporation.)
R0 BFRD4G; C:\Windows\System32\DRIVERS\BFRD4G.sys [47232 2010-03-10] (BUFFALO INC.)
R0 bftpdskc64; C:\Windows\System32\drivers\bftpdskc64.sys [67712 2010-01-12] (BUFFALO INC.)
S3 bftpusbx64; C:\Windows\System32\drivers\bftpusbx64.sys [20608 2010-01-18] (BUFFALO INC.)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [246000 2015-01-30] (ESET)
U5 edevmon; C:\Windows\System32\Drivers\edevmon.sys [241880 2015-01-30] (ESET)
R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [169792 2015-01-30] (ESET)
R2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [222280 2015-01-30] (ESET)
R1 EpfwLWF; C:\Windows\System32\DRIVERS\EpfwLWF.sys [44632 2015-01-30] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [64208 2015-01-30] (ESET)
R1 FNETURPX; C:\Windows\System32\drivers\FNETURPX.SYS [16648 2014-01-29] (FNet Co., Ltd.)
R1 FNETVDDA; C:\Windows\System32\drivers\FNETVDDA.SYS [37128 2014-01-29] (FNet Co., Ltd.)
S3 ksaud; C:\Windows\System32\drivers\ksaud.sys [1587968 2010-08-11] (Creative Technology Ltd.)
R1 mbamchameleon; C:\Windows\system32\drivers\mbamchameleon.sys [107736 2015-04-14] (Malwarebytes Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-25] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19152 2013-09-30] ()
S3 pwdspio; C:\Windows\system32\pwdspio.sys [12504 2013-09-30] ()
S3 RZMAELSTROMVADService; C:\Windows\System32\drivers\RzMaelstromVAD.sys [40696 2013-09-04] (Windows ® Win 7 DDK provider)
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 motandroidusb; System32\Drivers\motoandroid.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-25 12:40 - 2015-05-25 12:40 - 00033024 _____ () C:\Users\Terence CKW\Desktop\FRST.txt
2015-05-25 12:39 - 2015-05-25 12:40 - 02108416 _____ (Farbar) C:\Users\Terence CKW\Desktop\FRST64.exe
2015-05-24 12:13 - 2015-05-24 12:13 - 00000000 ____D () C:\Users\Terence CKW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-05-23 20:26 - 2015-05-23 20:26 - 00003036 _____ () C:\Windows\System32\Tasks\{F9AE31E4-1471-4951-9040-E205AAB13070}
2015-05-23 19:53 - 2015-05-23 19:53 - 00002916 _____ () C:\Windows\System32\Tasks\{A31DAB42-CA84-4A9E-AE7E-AE780A40D141}
2015-05-23 19:43 - 2015-05-23 19:43 - 00000971 _____ () C:\Windows\Ä
2015-05-23 19:42 - 2015-05-23 19:42 - 00002916 _____ () C:\Windows\System32\Tasks\{3BD55638-C4A0-45C7-9C2E-3ADA9C78E6C2}
2015-05-23 19:04 - 2015-05-23 19:04 - 00002916 _____ () C:\Windows\System32\Tasks\{5969F460-E343-44CA-A922-83745EEDC640}
2015-05-23 15:59 - 2015-05-23 19:06 - 00001653 _____ () C:\Users\Public\Desktop\Creative NOMAD Jukebox Zen Xtra.lnk
2015-05-23 15:56 - 2015-05-23 15:56 - 00000000 ____D () C:\Users\Terence CKW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2015-05-22 15:24 - 2015-05-22 15:24 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Hewlett-Packard
2015-05-21 11:42 - 2015-05-21 11:42 - 04196406 _____ () C:\Users\Terence CKW\Desktop\ScreenShot001.bmp
2015-05-19 23:37 - 2015-05-19 23:37 - 00000848 _____ () C:\Users\Public\Desktop\RogueKiller.lnk
2015-05-18 22:57 - 2015-05-18 22:58 - 00602112 _____ (OldTimer Tools) C:\Users\Administrator\Downloads\otl-oldtimers-list-it (1)
2015-05-18 22:44 - 2015-05-18 22:45 - 00602112 _____ (OldTimer Tools) C:\Users\Administrator\Downloads\otl-oldtimers-list-it
2015-05-18 11:05 - 2015-05-18 11:05 - 00000000 ____D () C:\ProgramData\Recovery
2015-05-17 21:14 - 2015-05-22 10:35 - 00000000 ____D () C:\Users\Administrator\AppData\Local\CrashDumps
2015-05-17 21:14 - 2015-05-17 21:14 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\BUFFALO
2015-05-17 19:10 - 2015-05-17 19:10 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Eraser 6
2015-05-17 16:14 - 2015-05-17 16:14 - 00001147 _____ () C:\Users\Administrator\Desktop\OLYMPUS Viewer 2.lnk
2015-05-17 14:38 - 2015-05-18 11:12 - 00000000 ____D () C:\Users\Administrator\Downloads\Android Stuffss
2015-05-17 14:15 - 2015-05-17 14:16 - 00000000 ____D () C:\Users\Administrator\Documents\USA Stocks N Economy
2015-05-17 14:06 - 2015-05-17 14:06 - 00000000 ____D () C:\Users\Administrator\Documents\World Religious
2015-05-17 13:06 - 2015-05-17 14:21 - 00000000 ____D () C:\Users\Administrator\Downloads\Note II  Firmware Starhub
2015-05-17 12:17 - 2015-05-17 12:17 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Real
2015-05-17 12:11 - 2015-05-17 12:11 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\WinPatrol
2015-05-16 23:30 - 2015-05-16 23:30 - 00001413 _____ () C:\Users\Terence CKW\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-16 22:44 - 2015-05-16 22:44 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ATI
2015-05-16 22:44 - 2015-05-16 22:44 - 00000000 ____D () C:\Users\Administrator\AppData\Local\ATI
2015-05-16 22:42 - 2015-05-16 22:42 - 00001413 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-16 22:30 - 2015-05-16 22:30 - 19291136 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-16 22:30 - 2015-05-16 22:30 - 15414784 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-16 22:30 - 2015-05-16 22:30 - 14374400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-16 22:30 - 2015-05-16 22:30 - 13771776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-16 22:30 - 2015-05-16 22:30 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-16 22:30 - 2015-05-16 22:30 - 02864640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-16 22:30 - 2015-05-16 22:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-16 22:30 - 2015-05-16 22:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-16 22:30 - 2015-05-16 22:30 - 02656768 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-16 22:30 - 2015-05-16 22:30 - 02237440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-16 22:30 - 2015-05-16 22:30 - 02055680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-16 22:30 - 2015-05-16 22:30 - 01763328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-16 22:30 - 2015-05-16 22:30 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-16 22:30 - 2015-05-16 22:30 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-16 22:30 - 2015-05-16 22:30 - 01409536 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-16 22:30 - 2015-05-16 22:30 - 01400416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2015-05-16 22:30 - 2015-05-16 22:30 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2015-05-16 22:30 - 2015-05-16 22:30 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-16 22:30 - 2015-05-16 22:30 - 01054720 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-16 22:30 - 2015-05-16 22:30 - 00905728 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-16 22:30 - 2015-05-16 22:30 - 00856064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-16 22:30 - 2015-05-16 22:30 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-16 22:30 - 2015-05-16 22:30 - 00719360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-16 22:30 - 2015-05-16 22:30 - 00690176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-16 22:30 - 2015-05-16 22:30 - 00629248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-16 22:30 - 2015-05-16 22:30 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-16 22:30 - 2015-05-16 22:30 - 00601600 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-16 22:30 - 2015-05-16 22:30 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-16 22:30 - 2015-05-16 22:30 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-16 22:30 - 2015-05-16 22:30 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-16 22:30 - 2015-05-16 22:30 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-16 22:30 - 2015-05-16 22:30 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-16 22:30 - 2015-05-16 22:30 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-16 22:30 - 2015-05-16 22:30 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-16 22:30 - 2015-05-16 22:30 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-16 22:30 - 2015-05-16 22:30 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-16 22:30 - 2015-05-16 22:30 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-16 22:30 - 2015-05-16 22:30 - 00247296 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-05-16 22:30 - 2015-05-16 22:30 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-05-16 22:30 - 2015-05-16 22:30 - 00232960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-05-16 22:30 - 2015-05-16 22:30 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-16 22:30 - 2015-05-16 22:30 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-16 22:30 - 2015-05-16 22:30 - 00226304 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2015-05-16 22:30 - 2015-05-16 22:30 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2015-05-16 22:30 - 2015-05-16 22:30 - 00204800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-05-16 22:30 - 2015-05-16 22:30 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-16 22:30 - 2015-05-16 22:30 - 00185344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2015-05-16 22:30 - 2015-05-16 22:30 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-05-16 22:30 - 2015-05-16 22:30 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2015-05-16 22:30 - 2015-05-16 22:30 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-16 22:30 - 2015-05-16 22:30 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2015-05-16 22:30 - 2015-05-16 22:30 - 00150528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2015-05-16 22:30 - 2015-05-16 22:30 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-05-16 22:30 - 2015-05-16 22:30 - 00144896 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2015-05-16 22:30 - 2015-05-16 22:30 - 00138752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2015-05-16 22:30 - 2015-05-16 22:30 - 00137216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-16 22:30 - 2015-05-16 22:30 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-05-16 22:30 - 2015-05-16 22:30 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-05-16 22:30 - 2015-05-16 22:30 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2015-05-16 22:30 - 2015-05-16 22:30 - 00125440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-05-16 22:30 - 2015-05-16 22:30 - 00117248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-05-16 22:30 - 2015-05-16 22:30 - 00110592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2015-05-16 22:30 - 2015-05-16 22:30 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2015-05-16 22:30 - 2015-05-16 22:30 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-05-16 22:30 - 2015-05-16 22:30 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-16 22:30 - 2015-05-16 22:30 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2015-05-16 22:30 - 2015-05-16 22:30 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-05-16 22:30 - 2015-05-16 22:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2015-05-16 22:30 - 2015-05-16 22:30 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2015-05-16 22:30 - 2015-05-16 22:30 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-16 22:30 - 2015-05-16 22:30 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2015-05-16 22:30 - 2015-05-16 22:30 - 00073728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2015-05-16 22:30 - 2015-05-16 22:30 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2015-05-16 22:30 - 2015-05-16 22:30 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2015-05-16 22:30 - 2015-05-16 22:30 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-16 22:30 - 2015-05-16 22:30 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2015-05-16 22:30 - 2015-05-16 22:30 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2015-05-16 22:30 - 2015-05-16 22:30 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-16 22:30 - 2015-05-16 22:30 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2015-05-16 22:30 - 2015-05-16 22:30 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-16 22:30 - 2015-05-16 22:30 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-05-16 22:30 - 2015-05-16 22:30 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-16 22:30 - 2015-05-16 22:30 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2015-05-16 22:30 - 2015-05-16 22:30 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2015-05-16 22:30 - 2015-05-16 22:30 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2015-05-16 22:30 - 2015-05-16 22:30 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-05-16 22:30 - 2015-05-16 22:30 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-16 22:30 - 2015-05-16 22:30 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-16 22:30 - 2015-05-16 22:30 - 00038400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2015-05-16 22:30 - 2015-05-16 22:30 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-16 22:30 - 2015-05-16 22:30 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2015-05-16 22:30 - 2015-05-16 22:30 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2015-05-16 22:30 - 2015-05-16 22:30 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-05-16 22:30 - 2015-05-16 22:30 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-05-16 22:30 - 2015-05-16 22:30 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-05-16 22:30 - 2015-05-16 22:30 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-05-16 19:41 - 2015-05-16 19:41 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-05-16 19:39 - 2015-05-18 21:32 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Adobe
2015-05-16 10:57 - 2015-05-16 10:57 - 00000000 ____D () C:\Users\Terence CKW\AppData\Local\Dropbox
2015-05-16 10:57 - 2015-05-16 10:57 - 00000000 ____D () C:\ProgramData\Dropbox
2015-05-15 13:51 - 2015-05-15 13:51 - 00001401 _____ () C:\Users\Terence CKW\Documents\Fake Degrees Fraud.txt
2015-05-14 01:40 - 2015-05-01 21:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 01:40 - 2015-05-01 21:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-14 01:33 - 2015-05-05 09:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-14 01:33 - 2015-05-05 09:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-14 01:33 - 2015-04-18 11:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-14 01:33 - 2015-04-18 10:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-14 01:33 - 2015-04-08 11:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-14 01:33 - 2015-04-08 11:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-14 01:32 - 2015-04-28 03:28 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-14 01:32 - 2015-04-28 03:28 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-14 01:32 - 2015-04-28 03:28 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-14 01:32 - 2015-04-28 03:26 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-14 01:32 - 2015-04-28 03:23 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-14 01:32 - 2015-04-28 03:23 - 01254400 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-05-14 01:32 - 2015-04-28 03:23 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-14 01:32 - 2015-04-28 03:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-14 01:32 - 2015-04-28 03:23 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-14 01:32 - 2015-04-28 03:23 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-14 01:32 - 2015-04-28 03:23 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-14 01:32 - 2015-04-28 03:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-14 01:32 - 2015-04-28 03:23 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-14 01:32 - 2015-04-28 03:23 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-14 01:32 - 2015-04-28 03:23 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-14 01:32 - 2015-04-28 03:23 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-14 01:32 - 2015-04-28 03:23 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-14 01:32 - 2015-04-28 03:23 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-14 01:32 - 2015-04-28 03:23 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-14 01:32 - 2015-04-28 03:23 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-05-14 01:32 - 2015-04-28 03:23 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-14 01:32 - 2015-04-28 03:23 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-14 01:32 - 2015-04-28 03:23 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-14 01:32 - 2015-04-28 03:23 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-14 01:32 - 2015-04-28 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-14 01:32 - 2015-04-28 03:23 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-14 01:32 - 2015-04-28 03:23 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-14 01:32 - 2015-04-28 03:23 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-14 01:32 - 2015-04-28 03:22 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-05-14 01:32 - 2015-04-28 03:22 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-14 01:32 - 2015-04-28 03:22 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-14 01:32 - 2015-04-28 03:22 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-14 01:32 - 2015-04-28 03:22 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-05-14 01:32 - 2015-04-28 03:22 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-05-14 01:32 - 2015-04-28 03:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-05-14 01:32 - 2015-04-28 03:22 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-14 01:32 - 2015-04-28 03:22 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-05-14 01:32 - 2015-04-28 03:21 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-14 01:32 - 2015-04-28 03:18 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-14 01:32 - 2015-04-28 03:18 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-14 01:32 - 2015-04-28 03:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-14 01:32 - 2015-04-28 03:16 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-14 01:32 - 2015-04-28 03:16 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-14 01:32 - 2015-04-28 03:16 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-14 01:32 - 2015-04-28 03:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-14 01:32 - 2015-04-28 03:16 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-14 01:32 - 2015-04-28 03:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-14 01:32 - 2015-04-28 03:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-14 01:32 - 2015-04-28 03:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-14 01:32 - 2015-04-28 03:16 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-14 01:32 - 2015-04-28 03:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-14 01:32 - 2015-04-28 03:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-14 01:32 - 2015-04-28 03:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-14 01:32 - 2015-04-28 03:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-14 01:32 - 2015-04-28 03:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-14 01:32 - 2015-04-28 03:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-14 01:32 - 2015-04-28 03:16 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-14 01:32 - 2015-04-28 03:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-14 01:32 - 2015-04-28 03:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-14 01:32 - 2015-04-28 03:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-14 01:32 - 2015-04-28 03:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-14 01:32 - 2015-04-28 03:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-14 01:32 - 2015-04-28 03:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-14 01:32 - 2015-04-28 03:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-14 01:32 - 2015-04-28 03:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-14 01:32 - 2015-04-28 03:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-14 01:32 - 2015-04-28 03:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-14 01:32 - 2015-04-28 03:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-14 01:32 - 2015-04-28 03:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-14 01:32 - 2015-04-28 03:16 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-14 01:32 - 2015-04-28 03:11 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-14 01:32 - 2015-04-28 03:11 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-14 01:32 - 2015-04-28 03:08 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-14 01:32 - 2015-04-28 03:05 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-14 01:32 - 2015-04-28 03:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-14 01:32 - 2015-04-28 03:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-14 01:32 - 2015-04-28 03:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-14 01:32 - 2015-04-28 03:05 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-05-14 01:32 - 2015-04-28 03:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-14 01:32 - 2015-04-28 03:05 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-14 01:32 - 2015-04-28 03:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-14 01:32 - 2015-04-28 03:05 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-14 01:32 - 2015-04-28 03:04 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-14 01:32 - 2015-04-28 03:04 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-14 01:32 - 2015-04-28 03:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-05-14 01:32 - 2015-04-28 03:04 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-05-14 01:32 - 2015-04-28 03:04 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-05-14 01:32 - 2015-04-28 03:04 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-05-14 01:32 - 2015-04-28 03:04 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-14 01:32 - 2015-04-28 03:04 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-14 01:32 - 2015-04-28 03:03 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-14 01:32 - 2015-04-28 03:03 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-14 01:32 - 2015-04-28 03:03 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-14 01:32 - 2015-04-28 03:03 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-14 01:32 - 2015-04-28 03:03 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-05-14 01:32 - 2015-04-28 03:03 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-14 01:32 - 2015-04-28 03:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-14 01:32 - 2015-04-28 03:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-14 01:32 - 2015-04-28 02:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-14 01:32 - 2015-04-28 02:59 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-14 01:32 - 2015-04-28 02:59 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-14 01:32 - 2015-04-28 02:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-14 01:32 - 2015-04-28 02:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-14 01:32 - 2015-04-28 02:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-14 01:32 - 2015-04-28 02:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-14 01:32 - 2015-04-28 02:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-14 01:32 - 2015-04-28 02:59 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-14 01:32 - 2015-04-28 02:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-14 01:32 - 2015-04-28 02:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-14 01:32 - 2015-04-28 02:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-14 01:32 - 2015-04-28 02:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-14 01:32 - 2015-04-28 02:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-14 01:32 - 2015-04-28 02:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-14 01:32 - 2015-04-28 02:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-14 01:32 - 2015-04-28 02:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-14 01:32 - 2015-04-28 02:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-14 01:32 - 2015-04-28 02:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-14 01:32 - 2015-04-28 02:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-14 01:32 - 2015-04-28 02:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-14 01:32 - 2015-04-28 02:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-14 01:32 - 2015-04-28 02:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-14 01:32 - 2015-04-28 02:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-14 01:32 - 2015-04-28 02:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-14 01:32 - 2015-04-28 02:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-14 01:32 - 2015-04-28 02:06 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-05-14 01:32 - 2015-04-28 01:57 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-14 01:32 - 2015-04-28 01:57 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-14 01:32 - 2015-04-28 01:55 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-14 01:32 - 2015-04-28 01:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-14 01:32 - 2015-04-28 01:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-14 01:32 - 2015-04-28 01:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-14 01:32 - 2015-04-20 11:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-14 01:32 - 2015-04-20 11:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-14 01:32 - 2015-04-20 10:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-14 01:32 - 2015-04-20 10:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-14 01:32 - 2015-04-13 11:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-14 01:26 - 2015-02-18 15:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-14 01:26 - 2015-02-18 15:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-11 13:50 - 2015-05-16 19:46 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Google
2015-05-09 22:17 - 2015-05-16 22:33 - 00015880 _____ () C:\Windows\IE10_main.log
2015-05-09 21:28 - 2015-05-09 21:28 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Box Sync
2015-05-09 15:03 - 2015-05-09 15:03 - 00003130 _____ () C:\Users\Administrator\Desktop\HP Power Manager.lnk
2015-05-09 15:03 - 2015-05-09 15:03 - 00003055 _____ () C:\Users\Administrator\Desktop\Welcome to Fences.lnk
2015-05-09 15:03 - 2015-05-09 15:03 - 00003005 _____ () C:\Users\Administrator\Desktop\HP User Guide.lnk
2015-05-09 15:03 - 2015-05-09 15:03 - 00002975 _____ () C:\Users\Administrator\Desktop\Recovery Manager.lnk
2015-05-09 15:03 - 2015-05-09 15:03 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\hpqlog
2015-05-09 15:01 - 2015-05-17 14:05 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
2015-05-09 15:01 - 2015-05-11 13:50 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2015-05-09 15:01 - 2015-05-09 15:01 - 00112416 _____ () C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
2015-05-09 15:01 - 2015-05-09 15:01 - 00002255 _____ () C:\Users\Administrator\Desktop\Google Chrome.lnk
2015-05-09 15:01 - 2015-05-09 15:01 - 00000000 ____D () C:\Users\Administrator\Documents\Bluetooth Exchange Folder
2015-05-09 15:01 - 2015-05-09 15:01 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Stardock
2015-05-09 15:01 - 2015-05-09 15:01 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Intel Corporation
2015-05-09 15:01 - 2015-05-09 15:01 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ESET
2015-05-09 15:01 - 2015-05-09 15:01 - 00000000 ____D () C:\Users\Administrator\AppData\Local\ESET
2015-05-09 15:01 - 2015-05-09 15:01 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Broadcom
2015-05-09 15:00 - 2015-05-18 23:21 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-05-09 15:00 - 2015-05-18 23:21 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-09 15:00 - 2015-05-18 23:21 - 00000000 ____D () C:\Users\Administrator
2015-05-09 15:00 - 2015-05-09 15:00 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
2015-05-09 15:00 - 2013-06-01 17:03 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Macromedia
2015-05-09 15:00 - 2013-05-27 02:25 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Microsoft Help
2015-05-07 14:34 - 2015-05-07 14:37 - 00003249 _____ () C:\Windows\IE9_main.log
2015-05-07 02:48 - 2015-05-07 02:48 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-05-07 02:48 - 2015-05-07 02:48 - 00000000 ____D () C:\Windows\system32\appraiser
2015-05-07 02:47 - 2015-05-18 23:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-05-06 18:41 - 2012-06-01 13:39 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\wamregps.dll
2015-05-06 18:41 - 2012-06-01 13:36 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\iisRtl.dll
2015-05-06 18:41 - 2012-06-01 13:36 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\iisrstap.dll
2015-05-06 18:41 - 2012-06-01 13:35 - 00060928 _____ (Microsoft Corporation) C:\Windows\system32\ahadmin.dll
2015-05-06 18:41 - 2012-06-01 13:34 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\admwprox.dll
2015-05-06 18:41 - 2012-06-01 13:33 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\iisreset.exe
2015-05-06 18:41 - 2012-06-01 12:40 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wamregps.dll
2015-05-06 18:41 - 2012-06-01 12:37 - 00154624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisRtl.dll
2015-05-06 18:41 - 2012-06-01 12:37 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisrstap.dll
2015-05-06 18:41 - 2012-06-01 12:35 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\admwprox.dll
2015-05-06 18:41 - 2012-06-01 12:35 - 00026624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ahadmin.dll
2015-05-06 18:41 - 2012-06-01 12:34 - 00015360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iisreset.exe
2015-05-06 15:16 - 2015-05-06 15:16 - 00067109 _____ () C:\Users\Terence CKW\Desktop\Addition.txt
2015-05-06 15:11 - 2015-05-06 15:11 - 00067110 _____ () C:\Users\Terence CKW\Desktop\Addition -90.txt
2015-05-06 15:09 - 2015-05-06 15:13 - 00067109 _____ () C:\Users\Terence CKW\Downloads\Addition.txt
2015-05-06 15:08 - 2015-05-06 15:13 - 00119885 _____ () C:\Users\Terence CKW\Downloads\FRST.txt
2015-05-06 14:27 - 2015-05-06 14:27 - 02101248 _____ (Farbar) C:\Users\Terence CKW\Downloads\FRST64.exe
2015-05-06 13:31 - 2015-03-23 11:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-05-06 13:31 - 2015-03-23 11:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-05-06 13:31 - 2015-03-23 11:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-05-06 13:31 - 2015-03-23 11:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-05-06 13:31 - 2015-03-23 11:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-05-06 13:31 - 2015-03-23 11:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-05-06 13:31 - 2015-03-23 11:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-05-06 13:31 - 2015-03-23 11:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-05-06 13:31 - 2015-01-28 07:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-05-06 13:08 - 2015-05-06 13:09 - 55915216 _____ (Microsoft Corporation) C:\Users\Terence CKW\Downloads\IE11-Windows6.1-x64-en-us.exe
2015-05-06 13:04 - 2015-05-06 13:04 - 00000000 ____D () C:\98f87704b4e82fbd8d
2015-05-06 12:25 - 2015-05-07 08:42 - 00044948 _____ () C:\Windows\iis7.log
2015-05-06 12:25 - 2015-05-06 12:25 - 00000000 ____D () C:\Windows\SysWOW64\BestPractices
2015-05-06 12:25 - 2015-05-06 12:25 - 00000000 ____D () C:\Windows\system32\BestPractices
2015-05-06 12:25 - 2015-05-06 12:25 - 00000000 ____D () C:\inetpub
2015-05-06 11:59 - 2015-05-06 11:59 - 00347816 _____ (Microsoft Corporation) C:\Users\Terence CKW\Downloads\MicrosoftFixit.wu.LB.16835433981015480.2.1.Run.exe
2015-05-06 11:59 - 2015-05-06 11:59 - 00302011 _____ () C:\Users\Terence CKW\Downloads\WindowsUpdateDiagnostic.diagcab
2015-05-05 23:02 - 2015-05-05 23:02 - 15701965 _____ () C:\Users\Terence CKW\Downloads\IE10-Windows6.1-KB2859903-x86.msu
2015-05-05 22:10 - 2015-01-29 11:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-05 22:10 - 2015-01-29 11:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-05 19:01 - 2015-05-05 19:01 - 00000967 _____ () C:\Users\Terence CKW\AppData\Roaming\Microsoft\Windows\Start Menu\Ditto Note 3 (N7105) 4.3- 4.4.2 with Note … - Pg. 153  Samsung Galaxy Note II GT-N7100, N7105  XDA Forums.website
2015-05-05 18:29 - 2015-05-05 19:03 - 00000535 _____ () C:\Users\Terence CKW\AppData\Roaming\Microsoft\Windows\Start Menu\[4.4.2 & 4.4.4] DN4 (Ditto 3 & 4) for SGH-I317, I317M, T889, N7105 from the (E-team) - xda-developers DevDB#downloads.website
2015-05-05 17:35 - 2015-05-05 17:40 - 00000521 _____ () C:\Users\Terence CKW\AppData\Roaming\Microsoft\Windows\Start Menu\Samsung Galaxy Note 2 ROMs & Community Links.website
2015-05-04 23:18 - 2015-05-05 01:17 - 00000652 _____ () C:\Users\Terence CKW\AppData\Roaming\Microsoft\Windows\Start Menu\Install Ditto Note 4(DN4) ROM on Galaxy Note 2 and get all Note 4 features  Techbeasts.website
2015-05-04 14:46 - 2015-05-04 20:38 - 00000457 _____ () C:\Users\Terence CKW\AppData\Roaming\Microsoft\Windows\Start Menu\Android File Host - Free file hosting for Android developers.website
2015-05-04 13:03 - 2015-05-04 20:38 - 00000557 _____ () C:\Users\Terence CKW\AppData\Roaming\Microsoft\Windows\Start Menu\AGNi Kernel - xda-developers DevDB#downloads.website
2015-05-04 10:22 - 2015-05-04 10:55 - 00000000 ____D () C:\Users\Terence CKW\AppData\Roaming\Google
2015-05-03 22:26 - 2015-05-03 22:29 - 00000534 _____ () C:\Users\Terence CKW\AppData\Roaming\Microsoft\Windows\Start Menu\PSA - Ditto Note 4 for LTE (N7105, i317, etc.) now available  GalaxyNote2.website
2015-05-03 22:15 - 2015-05-03 22:27 - 00000444 _____ () C:\Users\Terence CKW\AppData\Roaming\Microsoft\Windows\Start Menu\Ditto Note 4 Rom (DN4) Review.website
2015-05-03 22:06 - 2015-05-05 18:32 - 00000828 _____ () C:\Users\Terence CKW\AppData\Roaming\Microsoft\Windows\Start Menu\[ROM][4.4.4]DN4_2.2(Ditto Note 4) for SGH-i3…  AT&T Samsung Galaxy Note II  XDA Forums.website
2015-05-03 19:49 - 2015-05-03 19:50 - 00000548 _____ () C:\Users\Terence CKW\AppData\Roaming\Microsoft\Windows\Start Menu\Install Ditto Note 4 (DN4) ROM On Galaxy Note 2 N7105 [Galaxy Note 4 Features]  Techbeasts.website
2015-05-03 12:24 - 2015-05-03 12:25 - 00278656 _____ () C:\Windows\Minidump\050315-38501-01.dmp
2015-05-03 12:24 - 2015-05-03 12:24 - 400302949 _____ () C:\Windows\MEMORY.DMP
2015-05-01 23:44 - 2015-03-14 11:21 - 01632768 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-05-01 23:44 - 2015-03-14 11:21 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-05-01 23:44 - 2015-03-14 11:04 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-05-01 23:44 - 2015-03-14 11:04 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2015-05-01 23:44 - 2015-03-04 12:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-01 23:44 - 2015-03-04 12:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-01 23:44 - 2015-03-04 12:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-01 23:44 - 2015-03-04 12:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-01 23:44 - 2015-03-04 12:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-01 23:44 - 2015-03-04 12:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-01 23:44 - 2015-03-04 12:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-01 00:04 - 2015-05-11 05:42 - 00000000 ____D () C:\Users\Terence CKW\Downloads\To save Brick GTN7105
2015-04-30 22:35 - 2015-05-01 16:41 - 00000575 _____ () C:\Users\Terence CKW\AppData\Roaming\Microsoft\Windows\Start Menu\Galaxy Note II N7105 Android Development - XDA Forums.website
2015-04-30 22:27 - 2015-04-30 22:49 - 00000992 _____ () C:\Users\Terence CKW\AppData\Roaming\Microsoft\Windows\Start Menu\[ROM][5.1.1 r1][OFFICIAL]Team UB ROM for T0L…  Samsung Galaxy Note II GT-N7100, N7105  XDA Forums.website
2015-04-30 13:09 - 2015-04-30 13:11 - 00000557 _____ () C:\Users\Terence CKW\AppData\Roaming\Microsoft\Windows\Start Menu\[OFFICIAL] Xposed for Lollipop - XDA Forums.website
2015-04-30 12:31 - 2015-04-30 12:36 - 00000605 _____ () C:\Users\Terence CKW\AppData\Roaming\Microsoft\Windows\Start Menu\[GAPPS][CM11][CM12.x][4.4.4][5.0.2][5.1.x] Delta Gapps With Modular Addons (All DPI) - Post #1 - XDA Forums.website
2015-04-30 12:26 - 2015-04-30 12:36 - 00000576 _____ () C:\Users\Terence CKW\AppData\Roaming\Microsoft\Windows\Start Menu\[DISCUSSION] Xposed for Lollipop - XDA Forums.website
2015-04-29 12:55 - 2015-04-29 12:55 - 00000999 _____ () C:\Users\Terence CKW\AppData\Roaming\Microsoft\Windows\Start Menu\[ROM][t0lte][5.0.2][OFFICIAL] Mokee 50.2 Nig…  Samsung Galaxy Note II GT-N7100, N7105  XDA Forums.website
2015-04-29 12:49 - 2015-04-29 12:50 - 00001043 _____ () C:\Users\Terence CKW\AppData\Roaming\Microsoft\Windows\Start Menu\[ROM][5.1.1] 27.04.2015 [Beta] Cyanogenmod 1… - Pg. 472  Samsung Galaxy Note II GT-N7100, N7105  XDA Forums.website
2015-04-29 12:47 - 2015-04-29 12:48 - 00001045 _____ () C:\Users\Terence CKW\AppData\Roaming\Microsoft\Windows\Start Menu\[ROM][5.0.2][CM12][20150419][SaberMod] CM12+… - Pg. 72  Samsung Galaxy Note II GT-N7100, N7105  XDA Forums.website
2015-04-29 12:44 - 2015-04-29 12:45 - 00001033 _____ () C:\Users\Terence CKW\AppData\Roaming\Microsoft\Windows\Start Menu\[ROM][5.1.1][CM12.1][SABER][20150427] Unoffi… - Pg. 6  Samsung Galaxy Note II GT-N7100, N7105  XDA Forums.website
2015-04-26 17:56 - 2015-05-18 23:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2015-04-26 17:56 - 2015-04-26 17:56 - 00000000 ____D () C:\ProgramData\ESET
2015-04-26 14:45 - 2015-05-25 10:18 - 536870912 ____H () C:\BFRD_000.dat
2015-04-26 14:39 - 2015-04-26 14:39 - 00000000 ____D () C:\Program Files\BUFFALO
2015-04-26 14:39 - 2010-03-10 10:30 - 00047232 _____ (BUFFALO INC.) C:\Windows\system32\Drivers\BFRD4G.sys
2015-04-25 22:35 - 2015-04-25 22:36 - 01179648 _____ () C:\Users\Terence CKW\Downloads\Bon Jovi - Bed Of Roses.mp4

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-25 12:40 - 2014-04-20 16:06 - 00000000 ____D () C:\FRST
2015-05-25 12:30 - 2014-10-20 10:19 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cfec0c38ca237b.job
2015-05-25 12:24 - 2014-02-11 16:55 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA1cf2707131e45d3.job
2015-05-25 11:50 - 2014-12-18 10:01 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-25 11:11 - 2014-07-08 11:02 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-25 11:01 - 2014-03-23 15:50 - 00000000 ___RD () C:\Users\Terence CKW\Dropbox
2015-05-25 09:54 - 2014-03-23 15:49 - 00000000 ____D () C:\Users\Terence CKW\AppData\Roaming\Dropbox
2015-05-25 09:54 - 2009-07-14 12:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-25 09:54 - 2009-07-14 12:45 - 00023248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-25 09:53 - 2013-12-03 19:50 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore1cef01dcc9d845d.job
2015-05-25 09:50 - 2013-05-27 08:15 - 01111743 _____ () C:\Windows\WindowsUpdate.log
2015-05-25 09:47 - 2013-06-06 09:53 - 00286356 _____ () C:\Windows\setupact.log
2015-05-25 09:47 - 2009-07-14 13:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-24 18:38 - 2015-01-13 12:46 - 00003978 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{0F20EFAF-E010-4D4A-BC91-E17FB97EFB09}
2015-05-23 21:19 - 2015-02-06 15:32 - 00000000 ___RD () C:\Users\Terence CKW\Downloads\android stuffs
2015-05-23 20:40 - 2013-05-27 22:39 - 00000000 ____D () C:\Program Files (x86)\Creative
2015-05-23 20:27 - 2010-07-22 10:18 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-05-23 19:50 - 2013-05-26 18:42 - 00000000 ____D () C:\Users\Terence CKW
2015-05-23 19:43 - 2013-10-29 17:45 - 00000000 ____D () C:\Users\Terence CKW\AppData\Local\CrashDumps
2015-05-22 15:25 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-05-21 13:07 - 2015-04-12 22:42 - 00000749 _____ () C:\Users\Terence CKW\AppData\Roaming\Microsoft\Windows\Start Menu\▶ Misty Mundae 04 - vidéo dailymotion.website
2015-05-20 16:03 - 2013-11-24 16:06 - 00006565 _____ () C:\Users\Terence CKW\Documents\aswMBR.txt
2015-05-20 16:03 - 2013-11-24 16:06 - 00000512 _____ () C:\Users\Terence CKW\Documents\MBR.dat
2015-05-20 13:05 - 2015-04-21 13:28 - 00000501 _____ () C:\Users\Terence CKW\AppData\Roaming\Microsoft\Windows\Start Menu\Adult Diaper Fetish Annie and Kelly 0 9 Tube Videos.website
2015-05-20 13:02 - 2015-04-21 02:20 - 00000444 _____ () C:\Users\Terence CKW\AppData\Roaming\Microsoft\Windows\Start Menu\Diaper Fetish Videos Page 1.website
2015-05-20 10:43 - 2015-04-21 00:55 - 00000796 _____ () C:\Users\Terence CKW\AppData\Roaming\Microsoft\Windows\Start Menu\▶ Two diaper blondies sleeping - Video Dailymotion.website
2015-05-20 10:24 - 2015-04-13 01:59 - 00000912 _____ () C:\Users\Terence CKW\AppData\Roaming\Microsoft\Windows\Start Menu\▶ Co-Ed Confidential 03 French Style - Vìdeo Dailymotion.website
2015-05-19 23:37 - 2015-04-21 15:40 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2015-05-19 23:37 - 2015-04-21 15:40 - 00000000 ____D () C:\Program Files\RogueKiller
2015-05-19 23:37 - 2014-07-24 13:48 - 00037624 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-05-19 23:20 - 2013-11-24 16:46 - 00000000 ____D () C:\AdwCleaner
2015-05-19 21:18 - 2013-05-27 01:13 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2015-05-18 23:21 - 2015-04-12 11:07 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-18 23:21 - 2015-03-06 11:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
2015-05-18 23:21 - 2015-02-08 15:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-05-18 23:21 - 2015-01-05 17:57 - 00000000 ____D () C:\Users\Terence CKW\AppData\Roaming\vlc
2015-05-18 23:21 - 2015-01-05 17:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2015-05-18 23:21 - 2015-01-04 23:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Gaming Evolved
2015-05-18 23:21 - 2015-01-04 23:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2015-05-18 23:21 - 2014-10-21 22:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OLYMPUS Digital Camera Updater
2015-05-18 23:21 - 2014-04-12 17:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cobian Backup 11
2015-05-18 23:21 - 2014-03-22 15:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-05-18 23:21 - 2014-01-29 15:04 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\External Hard Drive Utilities
2015-05-18 23:21 - 2013-12-29 13:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiniTool Partition Wizard Home Edition 8.1.1
2015-05-18 23:21 - 2013-12-07 18:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OLYMPUS Camera
2015-05-18 23:21 - 2013-11-16 23:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
2015-05-18 23:21 - 2013-09-17 10:44 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Box Sync
2015-05-18 23:21 - 2013-08-20 01:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gadwin Systems
2015-05-18 23:21 - 2013-07-12 22:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BUFFALO
2015-05-18 23:21 - 2013-06-09 02:16 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FUJIFILM
2015-05-18 23:21 - 2013-06-09 02:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-05-18 23:21 - 2013-06-05 17:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-05-18 23:21 - 2013-06-02 01:49 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2015-05-18 23:21 - 2013-06-02 00:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OLYMPUS Viewer 2
2015-05-18 23:21 - 2013-06-01 22:18 - 00000000 ____D () C:\Users\Terence CKW\AppData\Roaming\IrfanView
2015-05-18 23:21 - 2013-06-01 17:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2015-05-18 23:21 - 2013-05-27 22:37 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Creative
2015-05-18 23:21 - 2013-05-27 16:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Synology
2015-05-18 23:21 - 2013-05-27 14:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2015-05-18 23:21 - 2013-05-27 14:09 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Design Premium CS5
2015-05-18 23:21 - 2013-05-27 14:01 - 00000000 ____D () C:\ProgramData\FLEXnet
2015-05-18 23:21 - 2013-05-27 08:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Energy Star
2015-05-18 23:21 - 2013-05-27 03:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock
2015-05-18 23:21 - 2013-05-27 03:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2015-05-18 23:21 - 2013-05-27 01:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2015-05-18 23:21 - 2013-05-27 01:56 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-05-18 23:21 - 2013-05-27 00:48 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
2015-05-18 23:21 - 2013-05-26 22:36 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-05-18 23:21 - 2013-05-26 22:35 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2015-05-18 23:21 - 2013-05-26 22:35 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2015-05-18 23:21 - 2010-07-22 12:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-05-18 23:21 - 2010-07-22 12:34 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink DVD Suite
2015-05-18 23:21 - 2010-07-22 11:56 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services
2015-05-18 23:21 - 2010-07-22 11:36 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recovery Manager
2015-05-18 23:21 - 2010-07-22 10:54 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-05-18 23:21 - 2010-07-22 10:43 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2015-05-18 23:21 - 2010-07-22 10:20 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2015-05-18 23:21 - 2009-07-14 13:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-05-18 23:21 - 2009-07-14 13:32 - 00000000 ____D () C:\Windows\Offline Web Pages
2015-05-18 23:21 - 2009-07-14 11:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-05-18 23:21 - 2009-07-14 11:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-05-18 23:21 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\system32\Msdtc
2015-05-18 23:21 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-18 23:21 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\servicing
2015-05-18 23:21 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\rescache
2015-05-18 23:21 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-05-18 23:21 - 2009-07-14 11:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-05-18 23:20 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\registration
2015-05-18 21:32 - 2014-12-18 10:01 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-05-18 21:32 - 2013-07-07 15:11 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-18 21:32 - 2013-07-07 15:11 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-17 18:34 - 2015-04-20 13:39 - 00000731 _____ () C:\Users\Terence CKW\AppData\Roaming\Microsoft\Windows\Start Menu\▶ Adult Diaper Change - Video Dailymotion.website
2015-05-17 12:13 - 2014-12-12 15:30 - 00024598 _____ () C:\HijackPatrol.log
2015-05-16 19:41 - 2013-10-19 18:30 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-05-16 16:25 - 2014-10-20 10:19 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA1cfec0c38ca237b
2015-05-16 16:25 - 2013-12-03 19:50 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore1cef01dcc9d845d
2015-05-14 10:05 - 2009-07-14 13:13 - 00826426 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-14 09:58 - 2009-07-14 12:45 - 04974448 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-14 02:09 - 2013-05-27 01:53 - 00000000 ____D () C:\ProgramData\Microsoft Help
2015-05-14 02:04 - 2013-08-06 17:00 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-14 01:47 - 2013-05-26 20:17 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-05-09 15:02 - 2013-05-27 04:06 - 46795264 _____ (Microsoft Corporation) C:\Windows\system32\imageres.dll
2015-05-09 15:01 - 2009-07-14 12:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-05-07 10:15 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\AppCompat
2015-05-07 08:41 - 2013-06-09 12:20 - 00239746 _____ () C:\Windows\PFRO.log
2015-05-07 02:48 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\SysWOW64\inetsrv
2015-05-07 02:48 - 2009-07-14 11:20 - 00000000 ____D () C:\Windows\system32\inetsrv
2015-05-07 02:47 - 2014-08-01 11:22 - 00000000 ___RD () C:\Program Files (x86)\Skype
2015-05-07 02:47 - 2014-08-01 11:22 - 00000000 ____D () C:\ProgramData\Skype
2015-05-07 01:12 - 2014-12-05 11:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-07 01:12 - 2014-07-08 11:02 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-05-07 01:12 - 2014-07-08 11:02 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-06 14:43 - 2013-08-20 01:48 - 00000000 ____D () C:\Users\Terence CKW\Documents\PrintScreen Files
2015-05-06 13:10 - 2013-11-22 10:39 - 00021396 _____ () C:\Windows\IE11_main.log
2015-05-06 10:05 - 2014-03-25 23:50 - 00001042 _____ () C:\Users\Terence CKW\Desktop\Dropbox.lnk
2015-05-05 15:38 - 2013-06-05 17:24 - 00000000 ____D () C:\Users\Terence CKW\AppData\Local\Google
2015-05-03 12:24 - 2013-10-03 17:52 - 00000000 ____D () C:\Windows\Minidump
2015-05-03 12:24 - 2009-07-14 13:08 - 00032568 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-25 22:21 - 2015-02-20 00:46 - 00000717 _____ () C:\Users\Terence CKW\AppData\Roaming\Microsoft\Windows\Start Menu\▶ Bon Jovi - Bed Of Roses - YouTube.website
2015-04-25 17:11 - 2015-02-06 09:58 - 00000536 _____ () C:\Users\Terence CKW\AppData\Roaming\Microsoft\Windows\Start Menu\Google News.website

==================== Files in the root of some directories =======

2014-05-06 11:07 - 2014-05-06 11:07 - 6103040 _____ () C:\Program Files (x86)\GUTD846.tmp
2013-09-15 19:14 - 2013-09-15 19:15 - 0008905 _____ () C:\Users\Terence CKW\AppData\Local\CleanupUninstall.txt
2013-06-30 22:48 - 2013-06-30 22:48 - 0003584 _____ () C:\Users\Terence CKW\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-05-09 15:14 - 2014-05-09 15:14 - 0000017 _____ () C:\Users\Terence CKW\AppData\Local\resmon.resmoncfg
2015-03-26 16:22 - 2015-03-26 16:22 - 0000057 _____ () C:\ProgramData\Ament.ini
2013-06-18 11:45 - 2010-06-23 14:54 - 0003077 _____ () C:\ProgramData\cfSB1290.ini
2013-05-27 08:39 - 2013-05-27 08:39 - 0000032 _____ () C:\ProgramData\{051B9612-4D82-42AC-8C63-CD2DCEDC1CB3}.log
2010-07-22 12:34 - 2010-07-22 12:34 - 0000109 _____ () C:\ProgramData\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}.log
2013-05-27 08:39 - 2013-05-27 08:39 - 0000032 _____ () C:\ProgramData\{23F3DA62-2D9E-4A69-B8D5-BE8E9E148092}.log
2010-07-22 12:33 - 2010-07-22 12:34 - 0000105 _____ () C:\ProgramData\{40BF1E83-20EB-11D8-97C5-0009C5020658}.log

Some files in TEMP:
====================
C:\Users\Terence CKW\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpsx1wtz.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-05-24 17:46

==================== End of log ============================



#8 TCKW

TCKW
  • Topic Starter

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:01 PM

Posted 25 May 2015 - 11:22 PM

Here are 2 screen shots of the ghost buffalo drive:

 

 

 

Attached Files



#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:01 AM

Posted 26 May 2015 - 08:21 AM


The ghost drive is my Buffalo drive which does work normally when I attached via USB. But when the drive is detached, the icon and all its related info is there as though the drive is still physically attached. Please look into these 2 items and the rest of course
Thank you.

I think this is normal. I have the same situation here for my external hard drive, attached or not.
===


Run this tool to clean your Temporary files/Folders.

Download TFC to your desktop
  • Close any open windows.
  • Double click the TFC icon to run the program.
  • TFC will close all open programs itself in order to run.
  • Click the Start button to begin the process.
  • Allow TFC to run uninterrupted, it should not take long to finish.
  • Once it's finished, click OK to reboot.
  • If it does not reboot, reboot your system manually.
===

Open notepad (Start =>All Programs => Accessories => Notepad). Please copy the entire contents of the code box below.


start

CreateRestorePoint:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\LBTWlgn:  [X]
Winlogon\Notify\WB:  [X]
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Terence CKW\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Terence CKW\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Terence CKW\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Terence CKW\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File
BHO: No Name -> {AF949550-9094-4807-95EC-D1C317803333} ->  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Extension: No Name - C:\Users\Terence CKW\AppData\Roaming\Mozilla\Firefox\Profiles\802sfubc.default\extensions\artur.dubovoy@gmail.com [not found]
CHR HKU\S-1-5-21-2799878227-2956951909-133465866-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nfedoihopcjdfjihhhojdclnfdgomdho] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - No Path Or update_url value
S4 LBTServ; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe [X]
S4 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [X]
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 motandroidusb; System32\Drivers\motoandroid.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]

End
Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===



Reset the browsers that have been compromised.

Reset Chrome...
Open Google Chrome, click on menu icon google-chrome-setting-icon.png which is located right side top of the google chrome.
 
Click "Settings" then "Show advanced settings" at the bottom of the screen.
 
Click "Reset browser settings" button.
 
Restart Chrome.
====

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F
===

Reset Internet Explorer:
Menu > Tools > Internet Options > Advanced Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.

===

Let me know what issues persists.

#10 TCKW

TCKW
  • Topic Starter

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:01 PM

Posted 26 May 2015 - 11:00 PM

Hi there. Before I proceed to do per your instructions, please let me highlight, looking at the 2 drive fotos, why is it that the empty spaces gets filled up, when I didn't do anything - this is my concern as to why nothing is done and, yet it appears to me, as though 'someone has control over it, remotely'

Many a times, whenever I take notice, the take-up space increases, and once I noticed, the drive icon turned red. Could be possible happened on many other occassions too, just that I didn't notice.

 

I will post the scan results next reply. Please wait.



#11 TCKW

TCKW
  • Topic Starter

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:01 PM

Posted 27 May 2015 - 12:57 AM

Hello Sir.

 

I was about to begin, but I have one doubt, one question. That is:

 

You asked me to open the Note pad program and copy 'the entire contents...' - do I also include the words, "start" and "end"

 

Please clarify.

 

Next, then,

 

quote "Save the files as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted." unquote.

 

Sorry I don't quite know how to execute this, sir.

The Farbar tool is located/saved on my desktop, so are the other scan results file.
 



#12 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:01 AM

Posted 27 May 2015 - 06:59 AM

Yes include the Start and end instructions.

Correct you are running from the the Desktop
Running from C:\Users\Terence CKW\Desktop
Save the file on your desktop before running the fix.

#13 TCKW

TCKW
  • Topic Starter

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:01 PM

Posted 27 May 2015 - 11:21 PM

Hello again.

 

I ran the TFC program. Only thing was it did not reboot by itself after it ended, but it brought up a small dialog screen which showed the My Libraries folder containing the pictures, video, docs folder, FYI. 

I did a manual reboot. And did the FRST run.

 

Hope below is the results you needed, as I saw another icon on the desktop called the 'FRST older version' which I did not touch.

 

And I will do all the browsers resettings later after this reply to you. 

Fix result of Farbar Recovery Scan Tool (x64) Version: 27-05-2015 01
Ran by Terence CKW at 2015-05-28 12:07:23 Run:1
Running from C:\Users\Terence CKW\Desktop
Loaded Profiles: Terence CKW (Available Profiles: Terence CKW & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\LBTWlgn:  [X]
Winlogon\Notify\WB:  [X]
ShellIconOverlayIdentifiers: [DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Terence CKW\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File
ShellIconOverlayIdentifiers: [DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Terence CKW\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File
ShellIconOverlayIdentifiers: [DropboxExt3] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Terence CKW\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File
ShellIconOverlayIdentifiers: [DropboxExt4] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Terence CKW\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll No File
BHO: No Name -> {AF949550-9094-4807-95EC-D1C317803333} ->  No File
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll No File
FF Extension: No Name - C:\Users\Terence CKW\AppData\Roaming\Mozilla\Firefox\Profiles\802sfubc.default\extensions\artur.dubovoy@gmail.com [not found]
CHR HKU\S-1-5-21-2799878227-2956951909-133465866-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [nfedoihopcjdfjihhhojdclnfdgomdho] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [edaibbiobngpbmeonadpbfafbkimjbdd] - No Path Or update_url value
S4 LBTServ; C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe [X]
S4 Motorola Device Manager; C:\Program Files (x86)\Motorola Mobility\Motorola Device Manager\MotoHelperService.exe [X]
S3 BTCFilterService; system32\DRIVERS\motfilt.sys [X]
S3 motandroidusb; System32\Drivers\motoandroid.sys [X]
S3 motccgp; system32\DRIVERS\motccgp.sys [X]
S3 motccgpfl; system32\DRIVERS\motccgpfl.sys [X]
S3 MotoSwitchService; system32\DRIVERS\motswch.sys [X]
S3 Motousbnet; system32\DRIVERS\Motousbnet.sys [X]
S3 motusbdevice; system32\DRIVERS\motusbdevice.sys [X]

End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value Removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn" => key Removed successfully
"HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WB" => key Removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt1" => key Removed successfully
"HKCR\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" => key Removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt2" => key Removed successfully
"HKCR\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" => key Removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt3" => key Removed successfully
"HKCR\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" => key Removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\DropboxExt4" => key Removed successfully
"HKCR\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF949550-9094-4807-95EC-D1C317803333}" => key Removed successfully
"HKCR\CLSID\{AF949550-9094-4807-95EC-D1C317803333}" => key Removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key Removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key Removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.3" => key Removed successfully
C:\Users\Terence CKW\AppData\Roaming\Mozilla\Firefox\Profiles\802sfubc.default\extensions\artur.dubovoy@gmail.com not found.
"HKU\S-1-5-21-2799878227-2956951909-133465866-1000\SOFTWARE\Google\Chrome\Extensions\nfedoihopcjdfjihhhojdclnfdgomdho" => key Removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\edaibbiobngpbmeonadpbfafbkimjbdd" => key Removed successfully
LBTServ => Service Removed successfully
Motorola Device Manager => Service Removed successfully
BTCFilterService => Service Removed successfully
motandroidusb => Service Removed successfully
motccgp => Service Removed successfully
motccgpfl => Service Removed successfully
MotoSwitchService => Service Removed successfully
Motousbnet => Service Removed successfully
motusbdevice => Service Removed successfully

The system needed a reboot.

==== End of Fixlog 12:08:21 ====



#14 nasdaq

nasdaq

  • Malware Response Team
  • 38,950 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:05:01 AM

Posted 28 May 2015 - 06:27 AM

How is the computer running now?

#15 TCKW

TCKW
  • Topic Starter

  • Members
  • 127 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:01 PM

Posted 28 May 2015 - 11:43 AM

Today using IE10 appears to be quite different from previous. Faster indeed, less hang on page loadings. And shutting down times has shortened somewhat. I believe need to monitor further to see if it maintained this way.

 

Has not use Chrome or FFox yet since I was focussing on IE 10 usage today.

 

Somehow I still feel uneasy amid wondering why the Buffalo drive is shown to be 'active' when there is no physical connection. Besides, the space in that drive keep on increasing till once it hit red, magically it reverts to full space available again. U think it isn't strange, logical? How?

 

Thanks mate. Can we have a couple of more days to monitor a little more?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users