Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rootkit? IE11 proxy server; ieframe.dll/acr_error crashes; can't login Outlook.c


  • This topic is locked This topic is locked
16 replies to this topic

#1 Disceli

Disceli

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 06 May 2015 - 08:15 PM

I'd be really grateful for some help.
 
I have so many problems with IE11 and a horrible feeling the cause(s) may have been on my laptop for up to a year.
 
1. HitmanPro has identified a proxy server is used to connect me to the internet, when using IE11.  No matter how many times I 'repair' the error, it returns.  Is there something in the Restore Points?  I've only recently discovered HitmanPro.
 
2. Webpages containing video cause IE to crash, no matter what the site.  After re-opening the tab 3 or 4 times, the site crashes the browser or vice versa.  This is the error when I visit Youtube:
  
res://ieframe.dll/acr_error.htm#youtube.com,https://www.youtube.com/watch?v=CieuGZ7TthE
 
3. I get these types of errors, when I visit some sites.  If they don't immediately appear on the homepages, they appear when I click a link.  The links don't open, no matter what option I choose.
 
These are from news.sky.com and I have about a dozen more, if they might reveal something:
 
2015-05-05_224030%20Sky%20News.jpg
 
2015-05-05_223832%20Sky%20News.jpg
 
2015-05-03_220301.jpg
 
2015-05-02_184220.jpg
 
2015-05-02_183712.jpg
 
5. I can't login to my Outlook account, though it is fine in Chrome.
 
2015-05-05_224346%20Outlook.com_900.jpg
 
I'm constantly told to enter the password.
 
I can't log-in to quite a few sites in IE; sites I used to regularly access with IE.  Could this be a separate problem, owing to the sites having been added to some sort of HOSTS file, if IE has such a thing?
 
Looking over the FRST log with my novice eye, I've highlighted in bold some entries that seem suspicious, to me at least.
 
///////////////////////////////////////////////////////////////////////////////////////////
 
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 02-05-2015
Ran by Dad (administrator) on DAD-PC on 06-05-2015 19:24:47
Running from C:\Users\Dad\Desktop
Loaded Profiles: Dad (Available profiles: Dad & CCleaner-Test & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
() C:\Program Files (x86)\Zentimo\ZentimoService.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Alcatel-Lucent) C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\MAHostService.exe
(Joyent, Inc) C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\node.exe
() C:\Program Files\COMODO\COMODO Programs Manager\CPMservice.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EASEUS\Todo Backup\bin\Agent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Windows\PLFSetI.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(The Eraser Project) C:\Program Files\Eraser\Eraser.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(AnVir Software) C:\Program Files (x86)\AnVir Task Manager\AnVir.exe
(NTeWORKS) C:\Program Files (x86)\PicPick\picpick.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(DonationCoder) C:\Program Files (x86)\ScreenshotCaptor\ScreenshotCaptor.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
() C:\Program Files (x86)\WizMouse\WizMouse.exe
(DuckLink Software) C:\Program Files (x86)\DuckLink\DuckCapture\DuckCapture.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Subhra Das Gupta) C:\Users\Dad\AppData\Local\XDM\xdm.exe
(EagleGet.com) C:\Program Files (x86)\EagleGet\EagleGet.exe
() C:\Program Files (x86)\FastStone Capture\FSCapture.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EASEUS\Todo Backup\bin\EuWatch.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EASEUS\Todo Backup\bin\TrayNotify.exe
(Applian Technologies, Inc.) C:\Program Files (x86)\Freecorder\FLVSrvc.exe
(SSC Localization Group) C:\Program Files (x86)\SSC Service Utility\ssc_serv.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Zemana Ltd.) C:\Program Files (x86)\AntiLogger\AntiLogger.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Joyent, Inc) C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\node.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9913376 2009-12-29] (Realtek Semiconductor)
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-04-17] (Egis Technology Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [206208 2010-01-13] ()
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860704 2010-03-17] (Acer Incorporated)
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [980368 2011-11-05] (The Eraser Project)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-12-24] (Intel Corporation)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-04-17] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [260608 2010-03-09] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [908368 2010-04-08] (Dritek System Inc.)
HKLM-x32\...\Run: [EaseUs Watch] => C:\Program Files (x86)\EASEUS\Todo Backup\bin\EuWatch.exe [69000 2011-04-22] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [EaseUs Tray] => C:\Program Files (x86)\EASEUS\Todo Backup\bin\TrayNotify.exe [733576 2011-04-25] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [Freecorder FLV Service] => C:\Program Files (x86)\Freecorder\FLVSrvc.exe [167936 2011-03-24] (Applian Technologies, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [SSC Service Utility] => C:\Program Files (x86)\SSC Service Utility\ssc_serv.exe [665600 2007-10-09] (SSC Localization Group)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-04-28] (Avast Software s.r.o.)
HKLM-x32\...\Run: [AntiLogger] => C:\Program Files (x86)\AntiLogger\AntiLogger.exe [19362728 2014-03-26] (Zemana Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2618680 2015-04-08] (Malwarebytes Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\...\Run: [AnVir Task Manager] => C:\Program Files (x86)\AnVir Task Manager\anvir.exe [6071480 2012-02-22] (AnVir Software)
HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\...\Run: [Digiarty_Software_AirPlayit] => "C:\Program Files (x86)\Digiarty\WinX_DVD_Ripper_Platinum_Streamer_Edition\Air_Playit_Server\airplayit.exe" -min
HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\...\Run: [Mosaico] => C:\Program Files (x86)\Mosaico\mosaico.exe
HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\...\Run: [PicPick Start] => C:\Program Files (x86)\PicPick\picpick.exe [13165400 2014-03-11] (NTeWORKS)
HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\...\Run: [Screenshot Captor] => C:\Program Files (x86)\ScreenshotCaptor\ScreenshotCaptor.exe [7944888 2013-12-03] (DonationCoder)
HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\...\Run: [DuckCapture] => C:\Program Files (x86)\DuckLink\DuckCapture\DuckCapture.exe [436736 2011-11-03] (DuckLink Software)
HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\...\Run: [SnapDraw-Free\CrossGL-SnapDraw] => "C:\Program Files (x86)\SnapDraw-Free\CrossGL-SnapDraw.exe"
HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8202008 2015-04-08] (Piriform Ltd)
HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7806232 2015-03-25] (SUPERAntiSpyware)
HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\...\Run: [xdm] => C:\Users\Dad\AppData\Local\XDM\xdm.exe [782848 2014-11-15] (Subhra Das Gupta)
HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\...\Run: [EagleGet] => C:\Program Files (x86)\EagleGet\EagleGet.exe [1239552 2014-04-24] (EagleGet.com)
HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\...\Run: [NetRecovery] => C:\Users\Dad\AppData\Local\XDM\NetRecovery.exe [13312 2014-07-30] ()
HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\...\RunOnce: [Adobe Speed Launcher] => 1430846370
HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\...\Policies\Explorer: [NoViewContextMenu] 0
Startup: C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\FastStone Capture.lnk [2014-05-14]
ShortcutTarget: FastStone Capture.lnk -> C:\Program Files (x86)\FastStone Capture\FSCapture.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-04-28] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll [2010-04-17] (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll [2010-04-17] (Egis Technology Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [S-1-5-21-1050699504-4118538850-2090742069-1001] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-1050699504-4118538850-2090742069-1001] => http=127.0.0.1:9614
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.sky.com/
URLSearchHook: HKLM-x32 - (No Name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-1050699504-4118538850-2090742069-1001 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_enGB411
SearchScopes: HKU\S-1-5-21-1050699504-4118538850-2090742069-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_enGB411
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-04-16] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-03] (Avast Software s.r.o.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-04-16] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-16] (Oracle Corporation)
BHO-x32: EGet Class -> {824F251E-D74A-4d56-B998-CA05CF369A13} -> C:\Program Files (x86)\EagleGet\eagleSniffer.dll [2014-04-24] (EagleGet.com)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-03] (Avast Software s.r.o.)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-16] (Oracle Corporation)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF ProfilePath: C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\e50b4zms.default
FF Plugin: @java.com/DTPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-04-16] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-04-16] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2012-08-15] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-16] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll [2012-10-05] (Alcatel-Lucent)
FF Plugin-x32: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll [2011-12-06] (Alcatel-Lucent)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1050699504-4118538850-2090742069-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll [2013-03-12] (Amazon.com, Inc.)
FF Plugin HKU\S-1-5-21-1050699504-4118538850-2090742069-1001: eagleget.com/EagleGet -> C:\Program Files (x86)\EagleGet\npEagleget.dll [2014-04-24] (www.eagleget.com)
FF Plugin HKU\S-1-5-21-1050699504-4118538850-2090742069-1001: egtcps.com/captures -> C:\Program Files (x86)\EagleGet\captures.dll [2014-04-24] (www.eagleget.com)
FF Extension: EagleGet - C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\e50b4zms.default\Extensions\eagleget_ffext@eagleget.com.xpi [2015-05-02]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-06-26]
 
Chrome: 
=======
CHR Profile: C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-29]
CHR Extension: (Google Docs) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-29]
CHR Extension: (Google Drive) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-29]
CHR Extension: (YouTube) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-29]
CHR Extension: (Google Search) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-29]
CHR Extension: (Full Page Screen Capture) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl [2015-04-29]
CHR Extension: (Google Sheets) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-29]
CHR Extension: (Print this page with CleanPrint) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\fklmmmdcofimkjmfjdnobmmgmefbapkf [2015-04-29]
CHR Extension: (Bookmark Manager) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-29]
CHR Extension: (Avast Online Security) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-04-29]
CHR Extension: (Flubit Extension) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\imfdokopehhkecohfljakjagcgohinnc [2015-04-29]
CHR Extension: (Search the current site) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\jliolpcnkmolaaecncdfeofombdekjcp [2015-04-29]
CHR Extension: (EagleGet Free Downloader) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\kaebhgioafceeldhgjmendlfhbfjefmo [2015-05-02]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-29]
CHR Extension: (Google Wallet) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-29]
CHR Extension: (Print Friendly & PDF) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohlencieiipommannpdfcmfdpjjmeolj [2015-04-29]
CHR Extension: (Gmail) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-29]
CHR Extension: (History Trends Unlimited) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnmchffiealhkdloeffcdnbgdnedheme [2015-04-29]
CHR HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kaebhgioafceeldhgjmendlfhbfjefmo] - C:\Program Files (x86)\EagleGet\addon\eagleget_cext@eagleget.com.crx [2015-05-02]
CHR HKLM-x32\...\Chrome\Extension: [kaebhgioafceeldhgjmendlfhbfjefmo] - C:\Program Files (x86)\EagleGet\addon\eagleget_cext@eagleget.com.crx [2015-05-02]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-28] (Avast Software s.r.o.)
R2 BT Help Wizard; C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\MAHostService.exe [321024 2014-04-09] (Alcatel-Lucent) [File not signed]
R2 CPMService; C:\Program Files\COMODO\COMODO Programs Manager\CPMService.exe [116032 2011-09-05] ()
R2 EASEUS Agent; C:\Program Files (x86)\EASEUS\Todo Backup\bin\Agent.exe [56200 2011-04-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed]
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-04-26] (SurfRight B.V.)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [656184 2015-04-08] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-04-17] (Egis Technology Inc.)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [250368 2010-03-09] (NewTech Infosystems, Inc.) [File not signed]
R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [467256 2013-11-11] (Alcatel-Lucent)
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [994360 2011-10-14] (Secunia)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZentimoService; C:\Program Files (x86)\Zentimo\ZentimoService.exe [555844 2011-12-09] () [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 A2DDA; C:\EEK\bin\a2ddax64.sys [26176 2015-04-09] (Emsisoft GmbH)
R1 AntiLog32; C:\Windows\system32\drivers\AntiLog64.sys [49752 2014-06-20] (Zemana Ltd.)
S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2013-06-02] (Wondershare)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-28] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-04-28] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-28] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-28] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-28] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-04-28] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-04-28] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-04-28] ()
R3 bbcap; C:\Windows\System32\DRIVERS\bbcap.sys [4608 2011-05-26] (Windows ® Codename Longhorn DDK provider)
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2015-04-09] (Emsisoft GmbH)
R0 cumon; C:\Windows\System32\drivers\cumon.sys [205512 2011-09-05] (Windows ® Win 7 DDK provider)
S3 DigiartyVirtualCDBus; C:\Windows\System32\drivers\DigiartyVirtualCDBus.sys [276256 2015-01-07] (Digiarty Software, Inc.)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [16776 2011-07-29] () [File not signed]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14216 2011-07-29] () [File not signed]
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-04-08] ()
R0 EUBAKUP; C:\Windows\System32\drivers\eubakup.sys [36232 2011-04-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [42888 2011-04-22] () [File not signed]
R3 EUDISK; C:\Windows\system32\drivers\eudisk.sys [193928 2011-04-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R1 EUDSKACS; C:\Windows\system32\drivers\eudskacs.sys [17800 2011-04-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R0 EUFS; C:\Windows\System32\drivers\eufs.sys [26504 2011-04-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9096 2011-07-29] () [File not signed]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [8456 2011-07-29] () [File not signed]
R0 Evdd; C:\Windows\System32\drivers\evdd.sys [19568 2011-09-05] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
R2 NPF; C:\Windows\SysWow64\drivers\aztech_npf64.sys [40208 2009-05-04] (CACE Technologies)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 eagleGet; System32\Drivers\eagleGet.sys [X]
S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 WISOVD; \??\C:\Program Files (x86)\WinISO Computing\WinISO\bin\driver\WISOVD_win7_x64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-06 19:24 - 2015-05-06 19:25 - 00031866 _____ () C:\Users\Dad\Desktop\FRST.txt
2015-05-05 18:19 - 2015-05-05 18:19 - 00000017 _____ () C:\Users\Dad\AppData\Roaming\net_rec.dat
2015-05-04 21:34 - 2015-05-06 19:24 - 00000000 ____D () C:\FRST
2015-05-04 21:33 - 2015-05-04 21:33 - 02101248 _____ (Farbar) C:\Users\Dad\Desktop\FRST64.exe
2015-05-02 18:41 - 2015-05-02 18:41 - 00000975 _____ () C:\Users\Public\Desktop\EagleGet.lnk
2015-05-02 18:41 - 2015-05-02 18:41 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\EagleGet
2015-05-02 18:41 - 2015-05-02 18:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EagleGet
2015-05-02 18:41 - 2015-05-02 18:41 - 00000000 ____D () C:\ProgramData\EagleGet
2015-05-02 18:41 - 2015-05-02 18:41 - 00000000 ____D () C:\Program Files (x86)\EagleGet
2015-05-02 16:14 - 2015-05-02 16:15 - 12023239 _____ () C:\Windows\EventSys.txt
2015-05-02 16:14 - 2015-05-02 16:14 - 00000000 ____D () C:\Users\Dad\Desktop\SF_02-05-2015
2015-05-02 03:00 - 2015-05-02 03:00 - 00000598 _____ () C:\Users\Dad\Desktop\JRT.txt
2015-05-02 02:51 - 2015-04-30 08:30 - 02716306 _____ (Thisisu) C:\Users\Dad\Desktop\JRT_NEW.exe
2015-05-01 20:08 - 2015-05-01 20:08 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\Subhra Das Gupta
2015-05-01 20:07 - 2015-05-01 20:07 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Xtreme Download Manager
2015-05-01 20:07 - 2015-05-01 20:07 - 00000000 ____D () C:\Users\Dad\AppData\Local\XDM
2015-05-01 20:02 - 2015-05-01 20:02 - 00502730 _____ () C:\Users\Dad\Downloads\xdm_4.7.exe
2015-04-30 22:14 - 2015-04-30 22:14 - 05194974 _____ (EagleGet ) C:\Users\Dad\Downloads\eagleget_1.1.7.8.exe
2015-04-30 22:13 - 2015-04-30 22:13 - 05192937 _____ (EagleGet ) C:\Users\Dad\Downloads\eagleget_1.1.7.9.exe
2015-04-30 22:12 - 2015-04-30 22:12 - 05193287 _____ (EagleGet ) C:\Users\Dad\Downloads\eagleget_1.1.8.0.exe
2015-04-30 22:11 - 2015-04-30 22:11 - 05194228 _____ (EagleGet ) C:\Users\Dad\Downloads\eagleget_1.1.8.2.exe
2015-04-30 22:11 - 2015-04-30 22:11 - 05192411 _____ (EagleGet ) C:\Users\Dad\Downloads\eagleget_1.1.8.3.exe
2015-04-30 21:58 - 2015-04-30 21:58 - 00076288 _____ (Malwarebytes Corporation) C:\Users\Dad\Downloads\mbae-support.exe
2015-04-29 16:45 - 2015-04-29 16:45 - 00007605 _____ () C:\Users\Dad\AppData\Local\Resmon.ResmonCfg
2015-04-29 00:54 - 2015-04-29 00:54 - 00002223 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-29 00:54 - 2015-04-29 00:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-04-29 00:53 - 2015-05-06 18:58 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-29 00:53 - 2015-05-06 00:58 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-29 00:53 - 2015-04-29 00:53 - 00003888 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-04-29 00:53 - 2015-04-29 00:53 - 00003636 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-04-29 00:46 - 2015-04-29 00:46 - 00880208 _____ (Google Inc.) C:\Users\Dad\Downloads\ChromeSetup.exe
2015-04-29 00:33 - 2015-04-29 00:33 - 06114448 _____ () C:\Users\Dad\Desktop\bookmarks_29_04_2015.html
2015-04-28 14:39 - 2015-04-28 14:39 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-04-28 14:39 - 2015-04-28 14:39 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-04-26 22:46 - 2015-04-26 22:46 - 00001861 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2015-04-26 22:46 - 2015-04-26 22:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-04-26 22:46 - 2015-04-26 22:46 - 00000000 ____D () C:\Program Files\HitmanPro
2015-04-26 22:45 - 2015-05-04 23:10 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-04-26 21:40 - 2015-04-26 21:40 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-DAD-PC-Windows-7-Home-Premium-(64-bit).dat
2015-04-26 21:40 - 2015-04-26 21:40 - 00000000 ____D () C:\RegBackup
2015-04-25 17:26 - 2015-05-06 13:15 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-04-25 17:26 - 2015-04-25 17:26 - 00001772 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2015-04-25 17:26 - 2015-04-25 17:26 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\SUPERAntiSpyware.com
2015-04-25 17:26 - 2015-04-25 17:26 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2015-04-25 17:26 - 2015-04-25 17:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-04-25 00:15 - 2015-04-26 21:23 - 00000000 ____D () C:\AdwCleaner
2015-04-23 17:16 - 2013-06-01 17:34 - 00310272 _____ () C:\Users\Dad\Downloads\SF_Diagnostic_Tool.exe
2015-04-23 14:24 - 2015-04-23 14:25 - 00000000 ____D () C:\Program Files\CCleaner
2015-04-23 14:24 - 2015-04-23 14:24 - 00002782 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-04-23 14:24 - 2015-04-23 14:24 - 00000786 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-04-23 14:24 - 2015-04-23 14:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-04-21 22:01 - 2015-04-21 22:02 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\Mozilla
2015-04-21 22:01 - 2015-04-21 22:02 - 00000000 ____D () C:\Users\Dad\AppData\Local\Mozilla
2015-04-21 22:01 - 2015-04-21 22:01 - 00001127 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-21 22:01 - 2015-04-21 22:01 - 00001115 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-04-21 22:01 - 2015-04-21 22:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-21 21:59 - 2015-04-21 21:59 - 00243240 _____ () C:\Users\Dad\Downloads\Firefox Setup Stub 37.0.2.exe
2015-04-21 20:37 - 2015-04-21 20:38 - 05747294 _____ (EagleGet ) C:\Users\Dad\Downloads\eagleget_setup.exe
2015-04-21 18:59 - 2015-04-21 19:06 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-19 20:12 - 2015-04-19 20:12 - 00000000 ____D () C:\Users\CCleaner-Test\AppData\Local\Eraser 6
2015-04-19 20:04 - 2015-04-19 20:04 - 00000000 ____D () C:\Users\CCleaner-Test\AppData\Roaming\FastStone
2015-04-19 19:54 - 2015-04-20 16:44 - 00000000 ____D () C:\Users\CCleaner-Test\AppData\Local\CrashDumps
2015-04-19 19:49 - 2015-04-19 19:49 - 00128912 _____ () C:\Users\CCleaner-Test\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-19 19:49 - 2015-04-19 19:49 - 00000000 ____D () C:\Users\CCleaner-Test\Documents\Freecorder
2015-04-19 19:49 - 2015-04-19 19:49 - 00000000 ____D () C:\Users\CCleaner-Test\AppData\Roaming\Intel Corporation
2015-04-19 19:49 - 2015-04-19 19:49 - 00000000 ____D () C:\Users\CCleaner-Test\AppData\Roaming\AVAST Software
2015-04-19 19:49 - 2015-04-19 19:49 - 00000000 ____D () C:\Users\CCleaner-Test\AppData\Roaming\Apple Computer
2015-04-19 19:49 - 2015-04-19 19:49 - 00000000 ____D () C:\Users\CCleaner-Test\AppData\Local\Zemana
2015-04-19 19:49 - 2015-04-19 19:49 - 00000000 ____D () C:\Users\CCleaner-Test\AppData\Local\FLVService
2015-04-19 19:49 - 2015-04-19 19:49 - 00000000 ____D () C:\Users\CCleaner-Test\AppData\Local\EgisTec IPS
2015-04-19 19:47 - 2015-04-19 19:55 - 00002223 _____ () C:\Users\CCleaner-Test\Desktop\Google Chrome.lnk
2015-04-19 19:47 - 2015-04-19 19:47 - 00001381 _____ () C:\Users\CCleaner-Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-19 19:47 - 2015-04-19 19:47 - 00000000 ____D () C:\Users\CCleaner-Test\AppData\Roaming\Adobe
2015-04-19 19:47 - 2015-04-19 19:47 - 00000000 ____D () C:\Users\CCleaner-Test\AppData\Local\Google
2015-04-19 19:45 - 2015-04-19 19:45 - 00000000 ____D () C:\Users\CCleaner-Test\AppData\Roaming\EagleGet
2015-04-19 19:45 - 2015-04-19 19:45 - 00000000 ____D () C:\Users\CCleaner-Test\AppData\Local\VirtualStore
2015-04-19 19:44 - 2015-04-19 19:46 - 00000000 ____D () C:\Users\CCleaner-Test
2015-04-19 19:44 - 2015-04-19 19:44 - 00000020 ___SH () C:\Users\CCleaner-Test\ntuser.ini
2015-04-19 19:44 - 2015-03-27 18:08 - 00000000 ____D () C:\Users\CCleaner-Test\AppData\Roaming\Macromedia
2015-04-19 19:44 - 2011-02-20 20:01 - 00000000 ____D () C:\Users\CCleaner-Test\AppData\Local\Microsoft Help
2015-04-19 19:44 - 2009-07-14 05:54 - 00000000 ___RD () C:\Users\CCleaner-Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-19 19:44 - 2009-07-14 05:49 - 00000000 ___RD () C:\Users\CCleaner-Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-04-17 20:53 - 2015-04-17 20:53 - 00000423 _____ () C:\Users\Dad\Desktop\repair script.uvk
2015-04-17 19:28 - 2015-04-21 19:06 - 00000000 ____D () C:\Program Files\UVK - Ultra Virus Killer
2015-04-17 19:28 - 2015-04-17 19:28 - 00001770 _____ () C:\Users\Public\Desktop\UVK - Ultra Virus Killer.lnk
2015-04-17 19:28 - 2015-04-17 19:28 - 00000000 ____D () C:\ProgramData\UVK
2015-04-17 19:28 - 2015-04-17 19:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UVK - Ultra Virus Killer
2015-04-17 16:29 - 2015-04-17 16:29 - 00001213 _____ () C:\Users\Dad\Desktop\Command Prompt.lnk
2015-04-17 02:36 - 2008-08-20 22:16 - 00000689 _____ () C:\Users\Dad\Desktop\Elevated Command Prompt.lnk
2015-04-16 20:26 - 2015-04-16 20:26 - 00000250 _____ () C:\Users\Dad\Downloads\redir
2015-04-16 17:50 - 2015-04-16 17:48 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-04-16 17:48 - 2015-04-16 17:48 - 00000000 ____D () C:\Program Files (x86)\Java
2015-04-16 17:47 - 2015-04-16 17:47 - 00000000 _____ () C:\Windows\SysWOW64\RENDEEC.tmp
2015-04-16 17:17 - 2015-04-16 17:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-04-16 17:17 - 2015-04-16 17:16 - 00320424 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2015-04-16 16:51 - 2015-04-16 17:16 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2015-04-16 16:51 - 2015-04-16 17:16 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2015-04-16 16:51 - 2015-04-16 17:16 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-04-16 16:50 - 2015-04-16 16:50 - 00000000 ____D () C:\Program Files\Java
2015-04-16 14:32 - 2015-03-25 04:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-16 14:32 - 2015-03-25 04:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-16 14:32 - 2015-03-25 04:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-16 14:32 - 2015-03-25 04:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-16 14:32 - 2015-03-25 04:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-16 14:32 - 2015-03-25 04:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-16 14:32 - 2015-03-25 04:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-16 14:32 - 2015-03-25 04:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-16 14:32 - 2015-03-25 04:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-16 14:32 - 2015-03-25 04:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-16 14:32 - 2015-03-25 04:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-16 14:32 - 2015-03-25 04:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-16 14:32 - 2015-03-25 04:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-16 14:32 - 2015-03-25 04:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-16 14:32 - 2015-03-25 04:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-16 14:32 - 2015-03-25 04:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-16 14:32 - 2015-03-23 04:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-16 14:32 - 2015-03-23 04:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-16 14:32 - 2015-03-23 04:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-16 14:32 - 2015-03-23 04:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-16 14:32 - 2015-03-23 04:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-16 14:32 - 2015-03-23 04:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-16 14:32 - 2015-03-23 04:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-16 14:32 - 2015-03-23 04:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-16 14:32 - 2015-03-17 06:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-16 14:32 - 2015-03-17 06:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-16 14:32 - 2015-03-17 06:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-16 14:32 - 2015-03-17 06:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-16 14:32 - 2015-03-17 06:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-16 14:32 - 2015-03-17 06:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-16 14:32 - 2015-03-17 06:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-16 14:32 - 2015-03-17 06:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-16 14:32 - 2015-03-17 06:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-16 14:32 - 2015-03-17 06:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-16 14:32 - 2015-03-17 06:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-16 14:32 - 2015-03-17 06:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-16 14:32 - 2015-03-17 06:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-16 14:32 - 2015-03-17 06:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-16 14:32 - 2015-03-17 06:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-16 14:32 - 2015-03-17 06:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-16 14:32 - 2015-03-17 06:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-16 14:32 - 2015-03-17 06:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-16 14:32 - 2015-03-17 06:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-16 14:32 - 2015-03-17 06:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-16 14:32 - 2015-03-17 06:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-16 14:32 - 2015-03-17 06:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-16 14:32 - 2015-03-17 06:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-16 14:32 - 2015-03-17 06:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-16 14:32 - 2015-03-17 06:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-16 14:32 - 2015-03-17 06:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-16 14:32 - 2015-03-17 06:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-16 14:32 - 2015-03-17 06:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-16 14:32 - 2015-03-17 06:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-16 14:32 - 2015-03-17 06:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-16 14:32 - 2015-03-17 06:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-16 14:32 - 2015-03-17 06:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-16 14:32 - 2015-03-17 06:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-16 14:32 - 2015-03-17 05:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-16 14:32 - 2015-03-17 05:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-16 14:32 - 2015-03-17 05:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-16 14:32 - 2015-03-17 05:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-16 14:32 - 2015-03-17 05:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-16 14:32 - 2015-03-17 05:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-16 14:32 - 2015-03-17 05:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-16 14:32 - 2015-03-17 05:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-16 14:32 - 2015-03-17 05:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-16 14:32 - 2015-03-17 05:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-16 14:32 - 2015-03-17 05:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-16 14:32 - 2015-03-17 05:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-16 14:32 - 2015-03-17 05:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-16 14:32 - 2015-03-17 05:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-16 14:32 - 2015-03-17 05:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-16 14:32 - 2015-03-17 05:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-16 14:32 - 2015-03-17 05:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-16 14:32 - 2015-03-17 05:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-16 14:32 - 2015-03-17 05:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 04:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-16 14:32 - 2015-03-17 04:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-16 14:32 - 2015-03-17 04:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 04:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 04:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 04:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-16 14:32 - 2015-03-10 04:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-16 14:32 - 2015-03-10 04:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-16 14:32 - 2015-03-10 04:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-16 14:32 - 2015-03-10 04:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-16 14:32 - 2015-03-05 06:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-16 14:32 - 2015-03-05 05:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-16 14:32 - 2015-02-25 04:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-16 14:29 - 2015-04-02 01:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-16 14:29 - 2015-04-02 00:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-16 14:29 - 2015-03-13 05:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-16 14:29 - 2015-03-13 05:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-16 14:29 - 2015-03-13 05:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-16 14:29 - 2015-03-13 05:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-16 14:29 - 2015-03-13 05:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-16 14:29 - 2015-03-13 05:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-16 14:29 - 2015-03-13 05:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-16 14:29 - 2015-03-13 05:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-16 14:29 - 2015-03-13 05:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-16 14:29 - 2015-03-13 05:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-16 14:29 - 2015-03-13 04:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-16 14:29 - 2015-03-13 04:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-16 14:29 - 2015-03-13 04:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-16 14:29 - 2015-03-13 04:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-16 14:29 - 2015-03-13 04:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-16 14:29 - 2015-03-13 04:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-16 14:29 - 2015-03-13 04:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-16 14:29 - 2015-03-13 04:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-16 14:29 - 2015-03-13 04:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-16 14:29 - 2015-03-13 04:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-16 14:29 - 2015-03-13 04:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-16 14:29 - 2015-03-13 04:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-16 14:29 - 2015-03-13 04:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-16 14:29 - 2015-03-13 04:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-16 14:29 - 2015-03-13 04:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-16 14:29 - 2015-03-13 04:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-16 14:29 - 2015-03-13 04:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-16 14:29 - 2015-03-13 04:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-16 14:29 - 2015-03-13 04:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-16 14:29 - 2015-03-13 04:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-16 14:29 - 2015-03-13 04:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-16 14:29 - 2015-03-13 04:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-16 14:29 - 2015-03-13 04:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-16 14:29 - 2015-03-13 04:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-16 14:29 - 2015-03-13 04:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-16 14:29 - 2015-03-13 04:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-16 14:29 - 2015-03-13 04:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-16 14:29 - 2015-03-13 04:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-16 14:29 - 2015-03-13 04:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-16 14:29 - 2015-03-13 04:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-16 14:29 - 2015-03-13 04:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-16 14:29 - 2015-03-13 04:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-16 14:29 - 2015-03-13 03:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-16 14:29 - 2015-03-13 03:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-16 14:29 - 2015-03-13 03:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-16 14:29 - 2015-03-13 03:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-16 14:29 - 2015-03-13 03:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-16 14:29 - 2015-03-13 03:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-16 14:29 - 2015-03-13 03:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-16 14:29 - 2015-03-13 03:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-16 14:29 - 2015-03-13 03:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-16 14:29 - 2015-03-13 03:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-16 14:29 - 2015-03-13 03:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-16 14:29 - 2015-03-13 03:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-16 14:29 - 2015-03-13 03:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-16 14:29 - 2015-03-13 03:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-16 14:28 - 2015-03-04 05:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-16 14:28 - 2015-03-04 05:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-16 14:28 - 2015-03-04 05:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-16 02:49 - 2015-04-16 02:49 - 00001037 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2015-04-16 02:49 - 2015-04-16 02:49 - 00000000 ____D () C:\Users\Dad\AppData\Local\Secunia PSI
2015-04-16 02:49 - 2015-04-16 02:49 - 00000000 ____D () C:\Program Files (x86)\Secunia
2015-04-13 17:51 - 2015-05-05 01:20 - 00011374 _____ () C:\Windows\CUAppUsage.Dat
2015-04-13 00:29 - 2011-09-05 16:14 - 00205512 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\cumon.sys
2015-04-13 00:28 - 2015-04-13 00:28 - 629145600 ____H () C:\fileimage.dat
2015-04-13 00:27 - 2011-09-05 16:14 - 00019568 _____ () C:\Windows\system32\Drivers\evdd.sys
2015-04-13 00:21 - 2015-04-13 00:21 - 00000965 _____ () C:\Users\Public\Desktop\COMODO Programs Manager.lnk
2015-04-13 00:21 - 2015-04-13 00:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
2015-04-13 00:21 - 2015-04-13 00:21 - 00000000 ____D () C:\Program Files\COMODO
2015-04-13 00:20 - 2015-04-13 00:20 - 01700352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll
2015-04-13 00:20 - 2015-04-13 00:20 - 01060864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll
2015-04-12 20:21 - 2015-04-02 17:59 - 06337032 _____ (Geek Uninstaller) C:\Users\Dad\Desktop\geek.exe
2015-04-10 13:18 - 2015-04-10 13:18 - 00004596 _____ () C:\Users\Dad\Downloads\EEK a2scan_150409-161408.txt
2015-04-09 16:10 - 2015-05-02 18:54 - 00000000 ____D () C:\EEK
2015-04-09 16:10 - 2015-04-09 16:10 - 00000747 _____ () C:\Users\Dad\Desktop\Start Emsisoft Emergency Kit.lnk
2015-04-09 02:05 - 2013-06-01 17:34 - 00310272 _____ () C:\Users\Dad\Desktop\SF_Diagnostic_Tool.exe
2015-04-07 15:05 - 2015-04-07 15:05 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-04-07 15:05 - 2015-04-07 15:05 - 00000000 ___SD () C:\Windows\system32\GWX
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-06 19:26 - 2014-03-31 21:45 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\NetSpeedMonitor
2015-05-06 18:46 - 2015-03-27 18:23 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\vlc
2015-05-06 18:42 - 2015-02-14 19:44 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-06 17:59 - 2011-02-20 23:02 - 00000000 ____D () C:\FILES
2015-05-06 15:07 - 2012-08-19 23:41 - 02062493 _____ () C:\Windows\WindowsUpdate.log
2015-05-06 03:06 - 2014-06-07 06:05 - 00000000 ____D () C:\Users\Dad\AppData\Local\CrashDumps
2015-05-06 01:49 - 2012-09-08 22:44 - 00003910 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{1C613D74-CEEC-477F-BF08-7A7D5DD8C6CC}
2015-05-05 22:51 - 2012-08-20 01:53 - 00000000 ____D () C:\Users\Dad\AppData\Local\FLVService
2015-05-05 18:28 - 2009-07-14 05:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-05 18:28 - 2009-07-14 05:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-05 18:19 - 2011-07-20 14:36 - 00003296 _____ () C:\Windows\System32\Tasks\WizMouse
2015-05-05 18:17 - 2012-01-26 07:15 - 00000320 _____ () C:\Windows\Tasks\GlaryInitialize.job
2015-05-05 18:16 - 2011-06-01 19:57 - 00000031 _____ () C:\Windows\system32\bbcap.err
2015-05-05 18:16 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-05 00:18 - 2012-08-16 23:10 - 00000000 ____D () C:\ERRORS
2015-05-04 18:53 - 2012-08-06 17:03 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-05-04 18:47 - 2015-02-23 23:22 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2015-05-03 20:42 - 2014-07-14 15:52 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-02 20:21 - 2012-07-26 03:13 - 00000000 ____D () C:\Windows\Minidump
2015-05-02 02:49 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-29 13:14 - 2015-02-23 23:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2015-04-29 13:14 - 2015-02-23 23:22 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit
2015-04-29 00:54 - 2010-12-25 14:50 - 00000000 ____D () C:\Users\Dad\AppData\Local\Google
2015-04-29 00:54 - 2010-04-21 11:59 - 00000000 ____D () C:\Program Files (x86)\Google
2015-04-28 14:39 - 2014-04-24 04:24 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-04-28 14:39 - 2013-12-29 02:33 - 00137288 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-04-28 14:39 - 2013-03-05 20:29 - 00272248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-04-28 14:39 - 2013-03-05 20:29 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-04-28 14:39 - 2012-06-26 06:32 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-04-28 14:39 - 2012-06-26 06:32 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-04-28 14:39 - 2012-06-26 06:32 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-04-28 14:39 - 2012-06-26 06:32 - 00089944 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-04-26 21:55 - 2014-07-14 15:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-26 21:55 - 2014-07-14 15:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-26 21:55 - 2012-11-27 02:35 - 00001070 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-24 19:10 - 2009-07-14 06:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-19 19:48 - 2009-07-14 05:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-04-17 21:09 - 2010-12-25 14:39 - 00128912 _____ () C:\Users\Dad\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-17 21:07 - 2009-07-14 05:45 - 00461184 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-17 21:01 - 2009-07-14 03:34 - 00000439 _____ () C:\Windows\win.ini
2015-04-17 20:58 - 2010-05-17 20:34 - 00000000 ____D () C:\ProgramData\Temp
2015-04-17 06:27 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-17 06:19 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-04-16 16:45 - 2015-02-14 19:44 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-16 16:45 - 2014-04-16 18:01 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-16 16:45 - 2014-04-16 18:01 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-16 15:00 - 2014-12-15 14:04 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-16 15:00 - 2014-04-24 01:59 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-16 15:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-16 14:54 - 2013-11-30 22:18 - 00766820 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-16 14:51 - 2013-07-22 19:43 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-16 14:38 - 2011-03-09 04:19 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-14 09:37 - 2014-07-14 15:51 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-14 09:37 - 2014-07-14 15:51 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-14 09:37 - 2012-11-27 02:35 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-12 20:17 - 2011-03-09 00:29 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-04-11 18:50 - 2009-07-14 06:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-10 00:10 - 2007-07-12 02:49 - 00000000 ____D () C:\Windows\Panther
2015-04-06 16:37 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
 
==================== Files in the root of some directories =======
 
2015-05-05 18:19 - 2015-05-05 18:19 - 0000017 _____ () C:\Users\Dad\AppData\Roaming\net_rec.dat
2011-03-09 04:44 - 2013-09-13 02:23 - 0001342 _____ () C:\Users\Dad\AppData\Roaming\wklnhst.dat
2015-01-04 04:07 - 2015-01-04 04:07 - 0211620 _____ () C:\Users\Dad\AppData\Local\ars.cache
2015-01-04 04:07 - 2015-01-04 04:07 - 0260404 _____ () C:\Users\Dad\AppData\Local\census.cache
2012-09-30 20:22 - 2012-09-30 20:22 - 0003584 _____ () C:\Users\Dad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-19 02:38 - 2014-01-19 02:38 - 0000058 _____ () C:\Users\Dad\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2014-06-17 06:01 - 2014-06-17 06:01 - 0000036 _____ () C:\Users\Dad\AppData\Local\housecall.guid.cache
2013-02-12 07:17 - 2013-02-12 07:17 - 0005020 _____ () C:\Users\Dad\AppData\Local\HWVendorDetection.log
2015-04-29 16:45 - 2015-04-29 16:45 - 0007605 _____ () C:\Users\Dad\AppData\Local\Resmon.ResmonCfg
2014-12-30 03:13 - 2014-12-30 03:13 - 0000010 _____ () C:\Users\Dad\AppData\Local\sponge.last.runtime.cache
2013-01-06 05:29 - 2013-01-17 05:43 - 0000040 ___SH () C:\ProgramData\.zreglib
2010-04-21 11:41 - 2010-01-27 15:40 - 0131472 _____ () C:\ProgramData\FullRemove.exe
 
Some content of TEMP:
====================
C:\Users\CCleaner-Test\AppData\Local\Temp\ZAL3350.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-05-04 16:22
 
==================== End Of Log ============================

 

Attached Files



BC AdBot (Login to Remove)

 


m

#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,550 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:46 PM

Posted 11 May 2015 - 08:20 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/575427 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Disceli

Disceli
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 12 May 2015 - 03:07 PM

My laptop's infection has also blocked my access to the bulk of the features and sections of bleepingcomputer.com and the forum.  I've had to post this from another laptop.

 

This is what I see on BleepingComputer.com.

 

New FRST scan:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-05-2015
Ran by Dad (administrator) on DAD-PC on 12-05-2015 16:58:31
Running from C:\Users\Dad\Desktop
Loaded Profiles: Dad (Available profiles: Dad & CCleaner-Test & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files (x86)\Zentimo\ZentimoService.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Alcatel-Lucent) C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\MAHostService.exe
() C:\Program Files\COMODO\COMODO Programs Manager\CPMservice.exe
(Joyent, Inc) C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\node.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EASEUS\Todo Backup\bin\Agent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Windows\PLFSetI.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(The Eraser Project) C:\Program Files\Eraser\Eraser.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(AnVir Software) C:\Program Files (x86)\AnVir Task Manager\AnVir.exe
() C:\Program Files (x86)\WizMouse\WizMouse.exe
(NTeWORKS) C:\Program Files (x86)\PicPick\picpick.exe
(DonationCoder) C:\Program Files (x86)\ScreenshotCaptor\ScreenshotCaptor.exe
(DuckLink Software) C:\Program Files (x86)\DuckLink\DuckCapture\DuckCapture.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Subhra Das Gupta) C:\Users\Dad\AppData\Local\XDM\xdm.exe
(EagleGet.com) C:\Program Files (x86)\EagleGet\EagleGet.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
() C:\Program Files (x86)\FastStone Capture\FSCapture.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EASEUS\Todo Backup\bin\EuWatch.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EASEUS\Todo Backup\bin\TrayNotify.exe
(Applian Technologies, Inc.) C:\Program Files (x86)\Freecorder\FLVSrvc.exe
(SSC Localization Group) C:\Program Files (x86)\SSC Service Utility\ssc_serv.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Zemana Ltd.) C:\Program Files (x86)\AntiLogger\AntiLogger.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9913376 2009-12-29] (Realtek Semiconductor)
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-04-17] (Egis Technology Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [206208 2010-01-13] ()
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860704 2010-03-17] (Acer Incorporated)
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [980368 2011-11-05] (The Eraser Project)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-12-24] (Intel Corporation)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-04-17] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [260608 2010-03-09] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [908368 2010-04-08] (Dritek System Inc.)
HKLM-x32\...\Run: [EaseUs Watch] => C:\Program Files (x86)\EASEUS\Todo Backup\bin\EuWatch.exe [69000 2011-04-22] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [EaseUs Tray] => C:\Program Files (x86)\EASEUS\Todo Backup\bin\TrayNotify.exe [733576 2011-04-25] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [Freecorder FLV Service] => C:\Program Files (x86)\Freecorder\FLVSrvc.exe [167936 2011-03-24] (Applian Technologies, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [SSC Service Utility] => C:\Program Files (x86)\SSC Service Utility\ssc_serv.exe [665600 2007-10-09] (SSC Localization Group)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-04-28] (Avast Software s.r.o.)
HKLM-x32\...\Run: [AntiLogger] => C:\Program Files (x86)\AntiLogger\AntiLogger.exe [19362728 2014-03-26] (Zemana Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2618680 2015-04-08] (Malwarebytes Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\...\Run: [AnVir Task Manager] => C:\Program Files (x86)\AnVir Task Manager\anvir.exe [6071480 2012-02-22] (AnVir Software)
HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\...\Run: [Digiarty_Software_AirPlayit] => "C:\Program Files (x86)\Digiarty\WinX_DVD_Ripper_Platinum_Streamer_Edition\Air_Playit_Server\airplayit.exe" -min
HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\...\Run: [Mosaico] => C:\Program Files (x86)\Mosaico\mosaico.exe
HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\...\Run: [PicPick Start] => C:\Program Files (x86)\PicPick\picpick.exe [13165400 2014-03-11] (NTeWORKS)
HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\...\Run: [Screenshot Captor] => C:\Program Files (x86)\ScreenshotCaptor\ScreenshotCaptor.exe [7944888 2013-12-03] (DonationCoder)
HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\...\Run: [DuckCapture] => C:\Program Files (x86)\DuckLink\DuckCapture\DuckCapture.exe [436736 2011-11-03] (DuckLink Software)
HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\...\Run: [SnapDraw-Free\CrossGL-SnapDraw] => "C:\Program Files (x86)\SnapDraw-Free\CrossGL-SnapDraw.exe"
HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8202008 2015-04-08] (Piriform Ltd)
HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7806232 2015-03-25] (SUPERAntiSpyware)
HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\...\Run: [xdm] => C:\Users\Dad\AppData\Local\XDM\xdm.exe [782848 2014-11-15] (Subhra Das Gupta)
HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\...\Run: [EagleGet] => C:\Program Files (x86)\EagleGet\EagleGet.exe [1239552 2014-04-24] (EagleGet.com)
HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\...\Run: [NetRecovery] => C:\Users\Dad\AppData\Local\XDM\NetRecovery.exe [13312 2014-07-30] ()
HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\...\RunOnce: [Adobe Speed Launcher] => 1431441553
HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\...\Policies\Explorer: [NoViewContextMenu] 0
Startup: C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\FastStone Capture.lnk [2014-05-14]
ShortcutTarget: FastStone Capture.lnk -> C:\Program Files (x86)\FastStone Capture\FSCapture.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-04-28] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll [2010-04-17] (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll [2010-04-17] (Egis Technology Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [S-1-5-21-1050699504-4118538850-2090742069-1001] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-1050699504-4118538850-2090742069-1001] => http=127.0.0.1:9614
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.sky.com/
URLSearchHook: HKLM-x32 - (No Name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No File
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1050699504-4118538850-2090742069-1001 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_enGB411
SearchScopes: HKU\S-1-5-21-1050699504-4118538850-2090742069-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_enGB411
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-04-16] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-03] (Avast Software s.r.o.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-04-16] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-16] (Oracle Corporation)
BHO-x32: EGet Class -> {824F251E-D74A-4d56-B998-CA05CF369A13} -> C:\Program Files (x86)\EagleGet\eagleSniffer.dll [2014-04-24] (EagleGet.com)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-03] (Avast Software s.r.o.)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-16] (Oracle Corporation)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\e50b4zms.default
FF Plugin: @java.com/DTPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-04-16] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-04-16] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2012-08-15] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-16] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll [2012-10-05] (Alcatel-Lucent)
FF Plugin-x32: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll [2011-12-06] (Alcatel-Lucent)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1050699504-4118538850-2090742069-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll [2013-03-12] (Amazon.com, Inc.)
FF Plugin HKU\S-1-5-21-1050699504-4118538850-2090742069-1001: eagleget.com/EagleGet -> C:\Program Files (x86)\EagleGet\npEagleget.dll [2014-04-24] (www.eagleget.com)
FF Plugin HKU\S-1-5-21-1050699504-4118538850-2090742069-1001: egtcps.com/captures -> C:\Program Files (x86)\EagleGet\captures.dll [2014-04-24] (www.eagleget.com)
FF Extension: EagleGet - C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\e50b4zms.default\Extensions\eagleget_ffext@eagleget.com.xpi [2015-05-02]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-06-26]

Chrome:
=======
CHR Profile: C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-29]
CHR Extension: (Google Docs) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-29]
CHR Extension: (Google Drive) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-29]
CHR Extension: (YouTube) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-29]
CHR Extension: (Google Search) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-29]
CHR Extension: (Full Page Screen Capture) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl [2015-04-29]
CHR Extension: (Google Sheets) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-29]
CHR Extension: (Print this page with CleanPrint) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\fklmmmdcofimkjmfjdnobmmgmefbapkf [2015-04-29]
CHR Extension: (Bookmark Manager) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-29]
CHR Extension: (Avast Online Security) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-04-29]
CHR Extension: (Flubit Extension) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\imfdokopehhkecohfljakjagcgohinnc [2015-04-29]
CHR Extension: (Search the current site) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\jliolpcnkmolaaecncdfeofombdekjcp [2015-04-29]
CHR Extension: (EagleGet Free Downloader) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\kaebhgioafceeldhgjmendlfhbfjefmo [2015-05-02]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-29]
CHR Extension: (Google Wallet) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-29]
CHR Extension: (Print Friendly & PDF) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohlencieiipommannpdfcmfdpjjmeolj [2015-04-29]
CHR Extension: (Gmail) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-29]
CHR Extension: (History Trends Unlimited) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnmchffiealhkdloeffcdnbgdnedheme [2015-04-29]
CHR HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kaebhgioafceeldhgjmendlfhbfjefmo] - C:\Program Files (x86)\EagleGet\addon\eagleget_cext@eagleget.com.crx [2015-05-02]
CHR HKLM-x32\...\Chrome\Extension: [kaebhgioafceeldhgjmendlfhbfjefmo] - C:\Program Files (x86)\EagleGet\addon\eagleget_cext@eagleget.com.crx [2015-05-02]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-28] (Avast Software s.r.o.)
R2 BT Help Wizard; C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\MAHostService.exe [321024 2014-04-09] (Alcatel-Lucent) [File not signed]
R2 CPMService; C:\Program Files\COMODO\COMODO Programs Manager\CPMService.exe [116032 2011-09-05] ()
R2 EASEUS Agent; C:\Program Files (x86)\EASEUS\Todo Backup\bin\Agent.exe [56200 2011-04-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed]
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-04-26] (SurfRight B.V.)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [656184 2015-04-08] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-04-17] (Egis Technology Inc.)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [250368 2010-03-09] (NewTech Infosystems, Inc.) [File not signed]
R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [467256 2013-11-11] (Alcatel-Lucent)
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [994360 2011-10-14] (Secunia)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZentimoService; C:\Program Files (x86)\Zentimo\ZentimoService.exe [555844 2011-12-09] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 A2DDA; C:\EEK\bin\a2ddax64.sys [26176 2015-04-09] (Emsisoft GmbH)
R1 AntiLog32; C:\Windows\system32\drivers\AntiLog64.sys [49752 2014-06-20] (Zemana Ltd.)
S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2013-06-02] (Wondershare)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-28] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-04-28] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-28] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-28] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-28] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-04-28] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-04-28] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-04-28] ()
R3 bbcap; C:\Windows\System32\DRIVERS\bbcap.sys [4608 2011-05-26] (Windows ® Codename Longhorn DDK provider)
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2015-04-09] (Emsisoft GmbH)
R0 cumon; C:\Windows\System32\drivers\cumon.sys [205512 2011-09-05] (Windows ® Win 7 DDK provider)
S3 DigiartyVirtualCDBus; C:\Windows\System32\drivers\DigiartyVirtualCDBus.sys [276256 2015-01-07] (Digiarty Software, Inc.)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [16776 2011-07-29] () [File not signed]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14216 2011-07-29] () [File not signed]
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-04-08] ()
R0 EUBAKUP; C:\Windows\System32\drivers\eubakup.sys [36232 2011-04-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [42888 2011-04-22] () [File not signed]
R3 EUDISK; C:\Windows\system32\drivers\eudisk.sys [193928 2011-04-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R1 EUDSKACS; C:\Windows\system32\drivers\eudskacs.sys [17800 2011-04-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R0 EUFS; C:\Windows\System32\drivers\eufs.sys [26504 2011-04-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9096 2011-07-29] () [File not signed]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [8456 2011-07-29] () [File not signed]
R0 Evdd; C:\Windows\System32\drivers\evdd.sys [19568 2011-09-05] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
R2 NPF; C:\Windows\SysWow64\drivers\aztech_npf64.sys [40208 2009-05-04] (CACE Technologies)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 eagleGet; System32\Drivers\eagleGet.sys [X]
S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 WISOVD; \??\C:\Program Files (x86)\WinISO Computing\WinISO\bin\driver\WISOVD_win7_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-12 16:58 - 2015-05-12 16:59 - 00030564 _____ () C:\Users\Dad\Desktop\FRST.txt
2015-05-12 16:57 - 2015-05-12 16:57 - 02102784 _____ (Farbar) C:\Users\Dad\Desktop\FRST64.exe
2015-05-12 15:40 - 2015-05-12 15:40 - 00000017 _____ () C:\Users\Dad\AppData\Roaming\net_rec.dat
2015-05-08 16:30 - 2015-05-12 15:36 - 00000336 _____ () C:\Windows\setupact.log
2015-05-08 16:30 - 2015-05-08 16:30 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-08 16:29 - 2015-05-08 16:29 - 00000592 _____ () C:\Windows\PFRO.log
2015-05-07 22:08 - 2015-05-07 22:08 - 00001140 _____ () C:\Users\Public\Desktop\Kvisoft PDF Splitter.lnk
2015-05-07 22:08 - 2015-05-07 22:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kvisoft
2015-05-07 22:08 - 2015-05-07 22:08 - 00000000 ____D () C:\Program Files (x86)\Kvisoft
2015-05-07 21:59 - 2015-05-07 21:59 - 00001222 _____ () C:\Users\Dad\Desktop\PDFMate Free PDF Merger.lnk
2015-05-07 21:59 - 2015-05-07 21:59 - 00000000 ____D () C:\Users\Dad\Documents\Anvsoft
2015-05-07 21:59 - 2015-05-07 21:59 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\Anvsoft
2015-05-07 21:59 - 2015-05-07 21:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnvSoft
2015-05-07 21:59 - 2015-05-07 21:59 - 00000000 ____D () C:\Program Files (x86)\AnvSoft
2015-05-07 21:42 - 2015-05-07 21:42 - 00000000 ____D () C:\ProgramData\A-PDF
2015-05-07 21:41 - 2015-05-07 21:41 - 00000922 _____ () C:\Users\Dad\Desktop\A-PDF Page Cut.lnk
2015-05-07 21:41 - 2015-05-07 21:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\A-PDF Page Cut
2015-05-07 21:41 - 2015-05-07 21:41 - 00000000 ____D () C:\Program Files (x86)\A-PDF Page Cut
2015-05-04 21:34 - 2015-05-12 16:58 - 00000000 ____D () C:\FRST
2015-05-02 18:41 - 2015-05-02 18:41 - 00000975 _____ () C:\Users\Public\Desktop\EagleGet.lnk
2015-05-02 18:41 - 2015-05-02 18:41 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\EagleGet
2015-05-02 18:41 - 2015-05-02 18:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EagleGet
2015-05-02 18:41 - 2015-05-02 18:41 - 00000000 ____D () C:\ProgramData\EagleGet
2015-05-02 18:41 - 2015-05-02 18:41 - 00000000 ____D () C:\Program Files (x86)\EagleGet
2015-05-02 16:14 - 2015-05-02 16:15 - 12023239 _____ () C:\Windows\EventSys.txt
2015-05-02 16:14 - 2015-05-02 16:14 - 00000000 ____D () C:\Users\Dad\Desktop\SF_02-05-2015
2015-05-02 03:00 - 2015-05-02 03:00 - 00000598 _____ () C:\Users\Dad\Desktop\JRT.txt
2015-05-02 02:51 - 2015-04-30 08:30 - 02716306 _____ (Thisisu) C:\Users\Dad\Desktop\JRT_NEW.exe
2015-05-01 20:08 - 2015-05-01 20:08 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\Subhra Das Gupta
2015-05-01 20:07 - 2015-05-01 20:07 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Xtreme Download Manager
2015-05-01 20:07 - 2015-05-01 20:07 - 00000000 ____D () C:\Users\Dad\AppData\Local\XDM
2015-05-01 20:02 - 2015-05-01 20:02 - 00502730 _____ () C:\Users\Dad\Downloads\xdm_4.7.exe
2015-04-30 22:14 - 2015-04-30 22:14 - 05194974 _____ (EagleGet ) C:\Users\Dad\Downloads\eagleget_1.1.7.8.exe
2015-04-30 22:13 - 2015-04-30 22:13 - 05192937 _____ (EagleGet ) C:\Users\Dad\Downloads\eagleget_1.1.7.9.exe
2015-04-30 22:12 - 2015-04-30 22:12 - 05193287 _____ (EagleGet ) C:\Users\Dad\Downloads\eagleget_1.1.8.0.exe
2015-04-30 22:11 - 2015-04-30 22:11 - 05194228 _____ (EagleGet ) C:\Users\Dad\Downloads\eagleget_1.1.8.2.exe
2015-04-30 22:11 - 2015-04-30 22:11 - 05192411 _____ (EagleGet ) C:\Users\Dad\Downloads\eagleget_1.1.8.3.exe
2015-04-30 21:58 - 2015-04-30 21:58 - 00076288 _____ (Malwarebytes Corporation) C:\Users\Dad\Downloads\mbae-support.exe
2015-04-29 16:45 - 2015-04-29 16:45 - 00007605 _____ () C:\Users\Dad\AppData\Local\Resmon.ResmonCfg
2015-04-29 00:54 - 2015-04-29 00:54 - 00002223 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-29 00:54 - 2015-04-29 00:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-04-29 00:53 - 2015-05-12 16:58 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-29 00:53 - 2015-05-12 15:38 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-29 00:53 - 2015-04-29 00:53 - 00003888 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-04-29 00:53 - 2015-04-29 00:53 - 00003636 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-04-29 00:46 - 2015-04-29 00:46 - 00880208 _____ (Google Inc.) C:\Users\Dad\Downloads\ChromeSetup.exe
2015-04-29 00:33 - 2015-04-29 00:33 - 06114448 _____ () C:\Users\Dad\Desktop\bookmarks_29_04_2015.html
2015-04-28 14:39 - 2015-04-28 14:39 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-04-28 14:39 - 2015-04-28 14:39 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-04-26 22:46 - 2015-04-26 22:46 - 00001861 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2015-04-26 22:46 - 2015-04-26 22:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-04-26 22:46 - 2015-04-26 22:46 - 00000000 ____D () C:\Program Files\HitmanPro
2015-04-26 22:45 - 2015-05-04 23:10 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-04-26 21:40 - 2015-04-26 21:40 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-DAD-PC-Windows-7-Home-Premium-(64-bit).dat
2015-04-26 21:40 - 2015-04-26 21:40 - 00000000 ____D () C:\RegBackup
2015-04-25 17:26 - 2015-05-12 01:03 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-04-25 17:26 - 2015-04-25 17:26 - 00001772 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2015-04-25 17:26 - 2015-04-25 17:26 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\SUPERAntiSpyware.com
2015-04-25 17:26 - 2015-04-25 17:26 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2015-04-25 17:26 - 2015-04-25 17:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-04-25 00:15 - 2015-04-26 21:23 - 00000000 ____D () C:\AdwCleaner
2015-04-23 17:16 - 2013-06-01 17:34 - 00310272 _____ () C:\Users\Dad\Downloads\SF_Diagnostic_Tool.exe
2015-04-23 14:24 - 2015-04-23 14:25 - 00000000 ____D () C:\Program Files\CCleaner
2015-04-23 14:24 - 2015-04-23 14:24 - 00002782 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-04-23 14:24 - 2015-04-23 14:24 - 00000786 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-04-23 14:24 - 2015-04-23 14:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-04-21 22:01 - 2015-04-21 22:02 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\Mozilla
2015-04-21 22:01 - 2015-04-21 22:02 - 00000000 ____D () C:\Users\Dad\AppData\Local\Mozilla
2015-04-21 22:01 - 2015-04-21 22:01 - 00001127 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-21 22:01 - 2015-04-21 22:01 - 00001115 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-04-21 22:01 - 2015-04-21 22:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-21 21:59 - 2015-04-21 21:59 - 00243240 _____ () C:\Users\Dad\Downloads\Firefox Setup Stub 37.0.2.exe
2015-04-21 20:37 - 2015-04-21 20:38 - 05747294 _____ (EagleGet ) C:\Users\Dad\Downloads\eagleget_setup.exe
2015-04-21 18:59 - 2015-04-21 19:06 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-19 20:12 - 2015-04-19 20:12 - 00000000 ____D () C:\Users\CCleaner-Test\AppData\Local\Eraser 6
2015-04-19 20:04 - 2015-04-19 20:04 - 00000000 ____D () C:\Users\CCleaner-Test\AppData\Roaming\FastStone
2015-04-19 19:54 - 2015-04-20 16:44 - 00000000 ____D () C:\Users\CCleaner-Test\AppData\Local\CrashDumps
2015-04-19 19:49 - 2015-04-19 19:49 - 00128912 _____ () C:\Users\CCleaner-Test\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-19 19:49 - 2015-04-19 19:49 - 00000000 ____D () C:\Users\CCleaner-Test\Documents\Freecorder
2015-04-19 19:49 - 2015-04-19 19:49 - 00000000 ____D () C:\Users\CCleaner-Test\AppData\Roaming\Intel Corporation
2015-04-19 19:49 - 2015-04-19 19:49 - 00000000 ____D () C:\Users\CCleaner-Test\AppData\Roaming\AVAST Software
2015-04-19 19:49 - 2015-04-19 19:49 - 00000000 ____D () C:\Users\CCleaner-Test\AppData\Roaming\Apple Computer
2015-04-19 19:49 - 2015-04-19 19:49 - 00000000 ____D () C:\Users\CCleaner-Test\AppData\Local\Zemana
2015-04-19 19:49 - 2015-04-19 19:49 - 00000000 ____D () C:\Users\CCleaner-Test\AppData\Local\FLVService
2015-04-19 19:49 - 2015-04-19 19:49 - 00000000 ____D () C:\Users\CCleaner-Test\AppData\Local\EgisTec IPS
2015-04-19 19:47 - 2015-04-19 19:55 - 00002223 _____ () C:\Users\CCleaner-Test\Desktop\Google Chrome.lnk
2015-04-19 19:47 - 2015-04-19 19:47 - 00001381 _____ () C:\Users\CCleaner-Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-19 19:47 - 2015-04-19 19:47 - 00000000 ____D () C:\Users\CCleaner-Test\AppData\Roaming\Adobe
2015-04-19 19:47 - 2015-04-19 19:47 - 00000000 ____D () C:\Users\CCleaner-Test\AppData\Local\Google
2015-04-19 19:45 - 2015-04-19 19:45 - 00000000 ____D () C:\Users\CCleaner-Test\AppData\Roaming\EagleGet
2015-04-19 19:45 - 2015-04-19 19:45 - 00000000 ____D () C:\Users\CCleaner-Test\AppData\Local\VirtualStore
2015-04-19 19:44 - 2015-04-19 19:46 - 00000000 ____D () C:\Users\CCleaner-Test
2015-04-19 19:44 - 2015-04-19 19:44 - 00000020 ___SH () C:\Users\CCleaner-Test\ntuser.ini
2015-04-19 19:44 - 2015-03-27 18:08 - 00000000 ____D () C:\Users\CCleaner-Test\AppData\Roaming\Macromedia
2015-04-19 19:44 - 2011-02-20 20:01 - 00000000 ____D () C:\Users\CCleaner-Test\AppData\Local\Microsoft Help
2015-04-19 19:44 - 2009-07-14 05:54 - 00000000 ___RD () C:\Users\CCleaner-Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-19 19:44 - 2009-07-14 05:49 - 00000000 ___RD () C:\Users\CCleaner-Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-04-17 20:53 - 2015-04-17 20:53 - 00000423 _____ () C:\Users\Dad\Desktop\repair script.uvk
2015-04-17 19:28 - 2015-04-21 19:06 - 00000000 ____D () C:\Program Files\UVK - Ultra Virus Killer
2015-04-17 19:28 - 2015-04-17 19:28 - 00001770 _____ () C:\Users\Public\Desktop\UVK - Ultra Virus Killer.lnk
2015-04-17 19:28 - 2015-04-17 19:28 - 00000000 ____D () C:\ProgramData\UVK
2015-04-17 19:28 - 2015-04-17 19:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UVK - Ultra Virus Killer
2015-04-17 16:29 - 2015-04-17 16:29 - 00001213 _____ () C:\Users\Dad\Desktop\Command Prompt.lnk
2015-04-17 02:36 - 2008-08-20 22:16 - 00000689 _____ () C:\Users\Dad\Desktop\Elevated Command Prompt.lnk
2015-04-16 20:26 - 2015-04-16 20:26 - 00000250 _____ () C:\Users\Dad\Downloads\redir
2015-04-16 17:50 - 2015-04-16 17:48 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-04-16 17:48 - 2015-04-16 17:48 - 00000000 ____D () C:\Program Files (x86)\Java
2015-04-16 17:47 - 2015-04-16 17:47 - 00000000 _____ () C:\Windows\SysWOW64\RENDEEC.tmp
2015-04-16 17:17 - 2015-04-16 17:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-04-16 17:17 - 2015-04-16 17:16 - 00320424 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2015-04-16 16:51 - 2015-04-16 17:16 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2015-04-16 16:51 - 2015-04-16 17:16 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2015-04-16 16:51 - 2015-04-16 17:16 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-04-16 16:50 - 2015-04-16 16:50 - 00000000 ____D () C:\Program Files\Java
2015-04-16 14:32 - 2015-03-25 04:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-16 14:32 - 2015-03-25 04:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-16 14:32 - 2015-03-25 04:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-16 14:32 - 2015-03-25 04:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-16 14:32 - 2015-03-25 04:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-16 14:32 - 2015-03-25 04:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-16 14:32 - 2015-03-25 04:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-16 14:32 - 2015-03-25 04:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-16 14:32 - 2015-03-25 04:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-16 14:32 - 2015-03-25 04:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-16 14:32 - 2015-03-25 04:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-16 14:32 - 2015-03-25 04:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-16 14:32 - 2015-03-25 04:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-16 14:32 - 2015-03-25 04:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-16 14:32 - 2015-03-25 04:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-16 14:32 - 2015-03-25 04:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-16 14:32 - 2015-03-23 04:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-16 14:32 - 2015-03-23 04:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-16 14:32 - 2015-03-23 04:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-16 14:32 - 2015-03-23 04:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-16 14:32 - 2015-03-23 04:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-16 14:32 - 2015-03-23 04:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-16 14:32 - 2015-03-23 04:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-16 14:32 - 2015-03-23 04:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-16 14:32 - 2015-03-17 06:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-16 14:32 - 2015-03-17 06:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-16 14:32 - 2015-03-17 06:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-16 14:32 - 2015-03-17 06:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-16 14:32 - 2015-03-17 06:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-16 14:32 - 2015-03-17 06:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-16 14:32 - 2015-03-17 06:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-16 14:32 - 2015-03-17 06:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-16 14:32 - 2015-03-17 06:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-16 14:32 - 2015-03-17 06:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-16 14:32 - 2015-03-17 06:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-16 14:32 - 2015-03-17 06:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-16 14:32 - 2015-03-17 06:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-16 14:32 - 2015-03-17 06:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-16 14:32 - 2015-03-17 06:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-16 14:32 - 2015-03-17 06:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-16 14:32 - 2015-03-17 06:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-16 14:32 - 2015-03-17 06:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-16 14:32 - 2015-03-17 06:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-16 14:32 - 2015-03-17 06:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-16 14:32 - 2015-03-17 06:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-16 14:32 - 2015-03-17 06:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-16 14:32 - 2015-03-17 06:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-16 14:32 - 2015-03-17 06:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-16 14:32 - 2015-03-17 06:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-16 14:32 - 2015-03-17 06:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-16 14:32 - 2015-03-17 06:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-16 14:32 - 2015-03-17 06:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-16 14:32 - 2015-03-17 06:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-16 14:32 - 2015-03-17 06:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-16 14:32 - 2015-03-17 06:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-16 14:32 - 2015-03-17 06:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-16 14:32 - 2015-03-17 06:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-16 14:32 - 2015-03-17 05:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-16 14:32 - 2015-03-17 05:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-16 14:32 - 2015-03-17 05:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-16 14:32 - 2015-03-17 05:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-16 14:32 - 2015-03-17 05:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-16 14:32 - 2015-03-17 05:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-16 14:32 - 2015-03-17 05:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-16 14:32 - 2015-03-17 05:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-16 14:32 - 2015-03-17 05:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-16 14:32 - 2015-03-17 05:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-16 14:32 - 2015-03-17 05:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-16 14:32 - 2015-03-17 05:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-16 14:32 - 2015-03-17 05:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-16 14:32 - 2015-03-17 05:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-16 14:32 - 2015-03-17 05:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-16 14:32 - 2015-03-17 05:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-16 14:32 - 2015-03-17 05:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-16 14:32 - 2015-03-17 05:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-16 14:32 - 2015-03-17 05:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 04:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-16 14:32 - 2015-03-17 04:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-16 14:32 - 2015-03-17 04:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 04:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 04:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 04:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-16 14:32 - 2015-03-10 04:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-16 14:32 - 2015-03-10 04:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-16 14:32 - 2015-03-10 04:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-16 14:32 - 2015-03-10 04:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-16 14:32 - 2015-03-05 06:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-16 14:32 - 2015-03-05 05:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-16 14:32 - 2015-02-25 04:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-16 14:29 - 2015-04-02 01:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-16 14:29 - 2015-04-02 00:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-16 14:29 - 2015-03-13 05:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-16 14:29 - 2015-03-13 05:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-16 14:29 - 2015-03-13 05:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-16 14:29 - 2015-03-13 05:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-16 14:29 - 2015-03-13 05:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-16 14:29 - 2015-03-13 05:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-16 14:29 - 2015-03-13 05:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-16 14:29 - 2015-03-13 05:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-16 14:29 - 2015-03-13 05:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-16 14:29 - 2015-03-13 05:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-16 14:29 - 2015-03-13 04:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-16 14:29 - 2015-03-13 04:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-16 14:29 - 2015-03-13 04:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-16 14:29 - 2015-03-13 04:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-16 14:29 - 2015-03-13 04:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-16 14:29 - 2015-03-13 04:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-16 14:29 - 2015-03-13 04:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-16 14:29 - 2015-03-13 04:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-16 14:29 - 2015-03-13 04:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-16 14:29 - 2015-03-13 04:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-16 14:29 - 2015-03-13 04:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-16 14:29 - 2015-03-13 04:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-16 14:29 - 2015-03-13 04:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-16 14:29 - 2015-03-13 04:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-16 14:29 - 2015-03-13 04:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-16 14:29 - 2015-03-13 04:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-16 14:29 - 2015-03-13 04:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-16 14:29 - 2015-03-13 04:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-16 14:29 - 2015-03-13 04:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-16 14:29 - 2015-03-13 04:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-16 14:29 - 2015-03-13 04:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-16 14:29 - 2015-03-13 04:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-16 14:29 - 2015-03-13 04:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-16 14:29 - 2015-03-13 04:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-16 14:29 - 2015-03-13 04:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-16 14:29 - 2015-03-13 04:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-16 14:29 - 2015-03-13 04:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-16 14:29 - 2015-03-13 04:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-16 14:29 - 2015-03-13 04:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-16 14:29 - 2015-03-13 04:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-16 14:29 - 2015-03-13 04:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-16 14:29 - 2015-03-13 04:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-16 14:29 - 2015-03-13 03:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-16 14:29 - 2015-03-13 03:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-16 14:29 - 2015-03-13 03:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-16 14:29 - 2015-03-13 03:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-16 14:29 - 2015-03-13 03:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-16 14:29 - 2015-03-13 03:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-16 14:29 - 2015-03-13 03:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-16 14:29 - 2015-03-13 03:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-16 14:29 - 2015-03-13 03:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-16 14:29 - 2015-03-13 03:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-16 14:29 - 2015-03-13 03:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-16 14:29 - 2015-03-13 03:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-16 14:29 - 2015-03-13 03:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-16 14:29 - 2015-03-13 03:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-16 14:28 - 2015-03-04 05:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-16 14:28 - 2015-03-04 05:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-16 14:28 - 2015-03-04 05:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-16 02:49 - 2015-04-16 02:49 - 00001037 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2015-04-16 02:49 - 2015-04-16 02:49 - 00000000 ____D () C:\Users\Dad\AppData\Local\Secunia PSI
2015-04-16 02:49 - 2015-04-16 02:49 - 00000000 ____D () C:\Program Files (x86)\Secunia
2015-04-13 17:51 - 2015-05-12 02:22 - 00011972 _____ () C:\Windows\CUAppUsage.Dat
2015-04-13 00:29 - 2011-09-05 16:14 - 00205512 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\cumon.sys
2015-04-13 00:28 - 2015-04-13 00:28 - 629145600 ____H () C:\fileimage.dat
2015-04-13 00:27 - 2011-09-05 16:14 - 00019568 _____ () C:\Windows\system32\Drivers\evdd.sys
2015-04-13 00:21 - 2015-04-13 00:21 - 00000965 _____ () C:\Users\Public\Desktop\COMODO Programs Manager.lnk
2015-04-13 00:21 - 2015-04-13 00:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMODO
2015-04-13 00:21 - 2015-04-13 00:21 - 00000000 ____D () C:\Program Files\COMODO
2015-04-13 00:20 - 2015-04-13 00:20 - 01700352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdiplus.dll
2015-04-13 00:20 - 2015-04-13 00:20 - 01060864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc71.dll
2015-04-12 20:21 - 2015-04-02 17:59 - 06337032 _____ (Geek Uninstaller) C:\Users\Dad\Desktop\geek.exe

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-12 16:59 - 2014-03-31 21:45 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\NetSpeedMonitor
2015-05-12 16:47 - 2014-06-07 06:05 - 00000000 ____D () C:\Users\Dad\AppData\Local\CrashDumps
2015-05-12 16:42 - 2015-02-14 19:44 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-12 16:12 - 2012-08-19 23:41 - 01209383 _____ () C:\Windows\WindowsUpdate.log
2015-05-12 15:48 - 2009-07-14 05:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-12 15:48 - 2009-07-14 05:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-12 15:41 - 2012-08-06 17:03 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-05-12 15:39 - 2011-07-20 14:36 - 00003296 _____ () C:\Windows\System32\Tasks\WizMouse
2015-05-12 15:37 - 2012-01-26 07:15 - 00000320 _____ () C:\Windows\Tasks\GlaryInitialize.job
2015-05-12 15:36 - 2011-06-01 19:57 - 00000031 _____ () C:\Windows\system32\bbcap.err
2015-05-12 15:36 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-12 02:21 - 2015-03-27 18:23 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\vlc
2015-05-12 01:11 - 2015-02-23 23:22 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2015-05-11 23:34 - 2012-09-08 22:44 - 00003910 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{1C613D74-CEEC-477F-BF08-7A7D5DD8C6CC}
2015-05-10 17:51 - 2011-02-20 23:02 - 00000000 ____D () C:\FILES
2015-05-05 22:51 - 2012-08-20 01:53 - 00000000 ____D () C:\Users\Dad\AppData\Local\FLVService
2015-05-05 00:18 - 2012-08-16 23:10 - 00000000 ____D () C:\ERRORS
2015-05-03 20:42 - 2014-07-14 15:52 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-02 20:21 - 2012-07-26 03:13 - 00000000 ____D () C:\Windows\Minidump
2015-05-02 18:54 - 2015-04-09 16:10 - 00000000 ____D () C:\EEK
2015-05-02 02:49 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-29 13:14 - 2015-02-23 23:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2015-04-29 13:14 - 2015-02-23 23:22 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit
2015-04-29 00:54 - 2010-12-25 14:50 - 00000000 ____D () C:\Users\Dad\AppData\Local\Google
2015-04-29 00:54 - 2010-04-21 11:59 - 00000000 ____D () C:\Program Files (x86)\Google
2015-04-28 14:39 - 2014-04-24 04:24 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-04-28 14:39 - 2013-12-29 02:33 - 00137288 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-04-28 14:39 - 2013-03-05 20:29 - 00272248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-04-28 14:39 - 2013-03-05 20:29 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-04-28 14:39 - 2012-06-26 06:32 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-04-28 14:39 - 2012-06-26 06:32 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-04-28 14:39 - 2012-06-26 06:32 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-04-28 14:39 - 2012-06-26 06:32 - 00089944 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-04-26 21:55 - 2014-07-14 15:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-26 21:55 - 2014-07-14 15:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-26 21:55 - 2012-11-27 02:35 - 00001070 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-24 19:10 - 2009-07-14 06:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-19 19:48 - 2009-07-14 05:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-04-17 21:09 - 2010-12-25 14:39 - 00128912 _____ () C:\Users\Dad\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-17 21:07 - 2009-07-14 05:45 - 00461184 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-17 21:01 - 2009-07-14 03:34 - 00000439 _____ () C:\Windows\win.ini
2015-04-17 20:58 - 2010-05-17 20:34 - 00000000 ____D () C:\ProgramData\Temp
2015-04-17 06:27 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-17 06:19 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-04-16 16:45 - 2015-02-14 19:44 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-16 16:45 - 2014-04-16 18:01 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-16 16:45 - 2014-04-16 18:01 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-16 15:00 - 2014-12-15 14:04 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-16 15:00 - 2014-04-24 01:59 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-16 15:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-16 14:54 - 2013-11-30 22:18 - 00766820 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-16 14:51 - 2013-07-22 19:43 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-16 14:38 - 2011-03-09 04:19 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-14 09:37 - 2014-07-14 15:51 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-14 09:37 - 2014-07-14 15:51 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-14 09:37 - 2012-11-27 02:35 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2015-04-12 20:17 - 2011-03-09 00:29 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group

==================== Files in the root of some directories =======

2015-05-12 15:40 - 2015-05-12 15:40 - 0000017 _____ () C:\Users\Dad\AppData\Roaming\net_rec.dat
2011-03-09 04:44 - 2013-09-13 02:23 - 0001342 _____ () C:\Users\Dad\AppData\Roaming\wklnhst.dat
2015-01-04 04:07 - 2015-01-04 04:07 - 0211620 _____ () C:\Users\Dad\AppData\Local\ars.cache
2015-01-04 04:07 - 2015-01-04 04:07 - 0260404 _____ () C:\Users\Dad\AppData\Local\census.cache
2012-09-30 20:22 - 2012-09-30 20:22 - 0003584 _____ () C:\Users\Dad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-19 02:38 - 2014-01-19 02:38 - 0000058 _____ () C:\Users\Dad\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2014-06-17 06:01 - 2014-06-17 06:01 - 0000036 _____ () C:\Users\Dad\AppData\Local\housecall.guid.cache
2013-02-12 07:17 - 2013-02-12 07:17 - 0005020 _____ () C:\Users\Dad\AppData\Local\HWVendorDetection.log
2015-04-29 16:45 - 2015-04-29 16:45 - 0007605 _____ () C:\Users\Dad\AppData\Local\Resmon.ResmonCfg
2014-12-30 03:13 - 2014-12-30 03:13 - 0000010 _____ () C:\Users\Dad\AppData\Local\sponge.last.runtime.cache
2013-01-06 05:29 - 2013-01-17 05:43 - 0000040 ___SH () C:\ProgramData\.zreglib
2010-04-21 11:41 - 2010-01-27 15:40 - 0131472 _____ () C:\ProgramData\FullRemove.exe

Some content of TEMP:
====================
C:\Users\CCleaner-Test\AppData\Local\Temp\ZAL3350.exe
C:\Users\Dad\AppData\Local\Temp\ZAL61FD.exe
C:\Users\Dad\AppData\Local\Temp\ZAL81CD.exe
C:\Users\Dad\AppData\Local\Temp\ZALD884.exe
C:\Users\Dad\AppData\Local\Temp\ZALDC6.exe
C:\Users\Dad\AppData\Local\Temp\ZALE9C3.exe
C:\Users\Dad\AppData\Local\Temp\ZALEDC8.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-05-04 16:22

==================== End Of Log ============================

Attached Files



#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:46 AM

Posted 14 May 2015 - 07:44 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:

  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.

Step 1

  • Please download and install revouninstaller.pngRevo Uninstaller Free
    note: there is no need to click anything on that page, the download will start automatically
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s) to remove it:
    Freecorder Toolbar
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish

Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

Step 2

Please download combofix.pngCombofix (by sUBs) and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start Combofix.exe and follow its instructions.
  • Do not use the computer while the scan is running. This may cause the program to stall.
  • When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).
    Please copy and paste the contents of this file into your next post.

Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.
(You can find more detailed instructions in this guide on using Combofix.)


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 Disceli

Disceli
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 14 May 2015 - 10:47 AM

After Combofix had finished, I received these errors:

 

"Unable to create backup of the current registry file

C:\Windows\System32\config\SOFTWARE!

Continue restoration of this file?"

 

I clicked "Yes".

 

"Error restoring C:\Windows\erdnt\subs\SOFTWARE

to C:\Windows\system32\config\SOFTWARE

Continue with the next file?

[RegReplaceKey: 5 - Access denied]

 

I clicked "Yes".

 

I went round in circles, until I selected "No" and Combofix finished and rebooted the laptop.

 

I hope nothing has gone wrong.

 

...........................................................................................................

 

 

 

ComboFix 15-05-13.01 - Dad 14/05/2015  15:48:07.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.2807.783 [GMT 1:00]
Running from: c:\users\Dad\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
-------\Service_pcCMService
.
.
(((((((((((((((((((((((((   Files Created from 2015-04-14 to 2015-05-14  )))))))))))))))))))))))))))))))
.
.
2015-05-07 21:08 . 2015-05-07 21:08 -------- d-----w- c:\program files (x86)\Kvisoft
2015-05-07 20:59 . 2015-05-07 20:59 -------- d-----w- c:\users\Dad\AppData\Roaming\Anvsoft
2015-05-07 20:59 . 2015-05-07 20:59 -------- d-----w- c:\program files (x86)\AnvSoft
2015-05-07 20:42 . 2015-05-07 20:42 -------- d-----w- c:\programdata\A-PDF
2015-05-07 20:41 . 2015-05-07 20:41 -------- d-----w- c:\program files (x86)\A-PDF Page Cut
2015-05-04 20:34 . 2015-05-12 16:01 -------- d-----w- C:\FRST
2015-05-02 17:41 . 2015-05-02 17:41 -------- d-----w- c:\program files (x86)\EagleGet
2015-05-02 17:41 . 2015-05-02 17:41 -------- d-----w- c:\programdata\EagleGet
2015-05-02 17:41 . 2015-05-02 17:41 -------- d-----w- c:\users\Dad\AppData\Roaming\EagleGet
2015-05-02 01:49 . 2015-05-02 01:49 -------- d-----w- c:\users\Dad\AppData\Local\ElevatedDiagnostics
2015-05-01 19:08 . 2015-05-01 19:08 -------- d-----w- c:\users\Dad\AppData\Roaming\Subhra Das Gupta
2015-05-01 19:07 . 2015-05-01 19:07 -------- d-----w- c:\users\Dad\AppData\Local\XDM
2015-04-28 13:39 . 2015-04-28 13:39 364472 ----a-w- c:\windows\system32\aswBoot.exe
2015-04-28 13:39 . 2015-04-28 13:39 43112 ----a-w- c:\windows\avastSS.scr
2015-04-26 21:46 . 2015-04-26 21:46 -------- d-----w- c:\program files\HitmanPro
2015-04-26 21:45 . 2015-05-04 22:10 -------- d-----w- c:\programdata\HitmanPro
2015-04-26 20:40 . 2015-04-26 20:40 -------- d-----w- C:\RegBackup
2015-04-25 16:26 . 2015-04-25 16:26 -------- d-----w- c:\users\Dad\AppData\Roaming\SUPERAntiSpyware.com
2015-04-25 16:26 . 2015-05-14 12:58 -------- d-----w- c:\program files\SUPERAntiSpyware
2015-04-25 16:26 . 2015-04-25 16:26 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2015-04-24 23:15 . 2015-04-26 20:23 -------- d-----w- C:\AdwCleaner
2015-04-23 13:24 . 2015-04-23 13:25 -------- d-----w- c:\program files\CCleaner
2015-04-21 21:01 . 2015-04-21 21:02 -------- d-----w- c:\users\Dad\AppData\Local\Mozilla
2015-04-21 17:59 . 2015-04-21 18:06 -------- d-----w- c:\programdata\Package Cache
2015-04-19 18:44 . 2015-04-19 18:46 -------- d-----w- c:\users\CCleaner-Test
2015-04-17 18:28 . 2015-04-17 18:28 -------- d-----w- c:\programdata\UVK
2015-04-17 18:28 . 2015-04-21 18:06 -------- d-----w- c:\program files\UVK - Ultra Virus Killer
2015-04-16 16:50 . 2015-04-16 16:48 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2015-04-16 16:48 . 2015-04-16 16:48 -------- d-----w- c:\program files (x86)\Java
2015-04-16 16:47 . 2015-04-16 16:47 0 ----a-w- c:\windows\SysWow64\RENDEEC.tmp
2015-04-16 16:17 . 2015-04-16 16:16 320424 ----a-w- c:\windows\system32\javaws.exe
2015-04-16 15:51 . 2015-04-16 16:16 189352 ----a-w- c:\windows\system32\javaw.exe
2015-04-16 15:51 . 2015-04-16 16:16 189352 ----a-w- c:\windows\system32\java.exe
2015-04-16 15:51 . 2015-04-16 16:16 111016 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2015-04-16 15:50 . 2015-04-16 15:50 -------- d-----w- c:\program files\Java
2015-04-16 13:29 . 2015-03-13 03:27 47616 ----a-w- c:\windows\SysWow64\ieetwproxystub.dll
2015-04-16 13:28 . 2015-03-04 04:55 367552 ----a-w- c:\windows\system32\clfs.sys
2015-04-16 13:28 . 2015-03-04 04:41 79360 ----a-w- c:\windows\system32\clfsw32.dll
2015-04-16 13:28 . 2015-03-04 04:10 58880 ----a-w- c:\windows\SysWow64\clfsw32.dll
2015-04-16 01:49 . 2015-04-16 01:49 -------- d-----w- c:\users\Dad\AppData\Local\Secunia PSI
2015-04-16 01:49 . 2015-04-16 01:49 -------- d-----w- c:\program files (x86)\Secunia
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-05-14 13:02 . 2014-07-14 14:52 136408 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2015-04-28 13:39 . 2014-04-24 03:24 29168 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2015-04-28 13:39 . 2013-12-29 01:33 137288 ----a-w- c:\windows\system32\drivers\aswStm.sys
2015-04-28 13:39 . 2013-03-05 19:29 65736 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2015-04-28 13:39 . 2013-03-05 19:29 272248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2015-04-28 13:39 . 2012-06-26 05:32 442264 ----a-w- c:\windows\system32\drivers\aswSP.sys
2015-04-28 13:39 . 2012-06-26 05:32 89944 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2015-04-28 13:39 . 2012-06-26 05:32 93528 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2015-04-28 13:39 . 2012-06-26 05:32 1047320 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2015-04-16 15:45 . 2014-04-16 17:01 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-04-16 15:45 . 2014-04-16 17:01 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-04-16 13:38 . 2011-03-09 03:19 128913832 ----a-w- c:\windows\system32\MRT.exe
2015-04-14 08:37 . 2014-07-14 14:51 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2015-04-14 08:37 . 2014-07-14 14:51 107736 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2015-04-14 08:37 . 2012-11-27 01:35 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-04-12 23:20 . 2015-04-12 23:20 1700352 ----a-w- c:\windows\SysWow64\gdiplus.dll
2015-04-12 23:20 . 2015-04-12 23:20 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll
2015-04-04 06:25 . 2015-05-12 15:08 12032440 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3B709C16-1468-46E7-B0E6-ED84A2C9A803}\mpengine.dll
2015-03-17 04:56 . 2015-04-16 13:32 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-02-26 03:25 . 2015-03-12 03:03 3204096 ----a-w- c:\windows\system32\win32k.sys
2015-02-24 03:17 . 2011-03-08 23:51 295552 ------w- c:\windows\system32\MpSigStub.exe
2015-02-22 17:16 . 2015-02-22 17:16 194048 ----a-w- c:\windows\SysWow64\elshyph.dll
2015-02-22 17:16 . 2015-02-22 17:16 235008 ----a-w- c:\windows\system32\elshyph.dll
2015-02-22 17:16 . 2015-02-22 17:16 71680 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2015-02-22 17:16 . 2015-02-22 17:16 645120 ----a-w- c:\windows\SysWow64\jsIntl.dll
2015-02-22 17:16 . 2015-02-22 17:16 182272 ----a-w- c:\windows\SysWow64\msls31.dll
2015-02-22 17:16 . 2015-02-22 17:16 62464 ----a-w- c:\windows\SysWow64\tdc.ocx
2015-02-22 17:16 . 2015-02-22 17:16 24576 ----a-w- c:\windows\SysWow64\licmgr10.dll
2015-02-22 17:16 . 2015-02-22 17:16 151552 ----a-w- c:\windows\SysWow64\iexpress.exe
2015-02-22 17:16 . 2015-02-22 17:16 139264 ----a-w- c:\windows\SysWow64\wextract.exe
2015-02-22 17:16 . 2015-02-22 17:16 36352 ----a-w- c:\windows\SysWow64\imgutil.dll
2015-02-22 17:16 . 2015-02-22 17:16 13312 ----a-w- c:\windows\SysWow64\mshta.exe
2015-02-22 17:16 . 2015-02-22 17:16 74240 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2015-02-22 17:16 . 2015-02-22 17:16 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2015-02-22 17:16 . 2015-02-22 17:16 111616 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2015-02-22 17:16 . 2015-02-22 17:16 86016 ----a-w- c:\windows\SysWow64\iesysprep.dll
2015-02-22 17:16 . 2015-02-22 17:16 942592 ----a-w- c:\windows\system32\jsIntl.dll
2015-02-22 17:16 . 2015-02-22 17:16 86016 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2015-02-22 17:16 . 2015-02-22 17:16 247808 ----a-w- c:\windows\system32\msls31.dll
2015-02-22 17:16 . 2015-02-22 17:16 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2015-02-22 17:16 . 2015-02-22 17:16 13312 ----a-w- c:\windows\system32\msfeedssync.exe
2015-02-22 17:16 . 2015-02-22 17:16 131072 ----a-w- c:\windows\system32\IEAdvpack.dll
2015-02-22 17:16 . 2015-02-22 17:16 90112 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2015-02-22 17:16 . 2015-02-22 17:16 48640 ----a-w- c:\windows\system32\mshtmler.dll
2015-02-22 17:16 . 2015-02-22 17:16 105984 ----a-w- c:\windows\system32\iesysprep.dll
2015-02-22 17:16 . 2015-02-22 17:16 77312 ----a-w- c:\windows\system32\tdc.ocx
2015-02-22 17:16 . 2015-02-22 17:16 81408 ----a-w- c:\windows\system32\icardie.dll
2015-02-22 17:16 . 2015-02-22 17:16 616104 ----a-w- c:\windows\system32\ieapfltr.dat
2015-02-22 17:16 . 2015-02-22 17:16 235520 ----a-w- c:\windows\system32\url.dll
2015-02-22 17:16 . 2015-02-22 17:16 30208 ----a-w- c:\windows\system32\licmgr10.dll
2015-02-22 17:16 . 2015-02-22 17:16 243200 ----a-w- c:\windows\system32\webcheck.dll
2015-02-22 17:16 . 2015-02-22 17:16 143872 ----a-w- c:\windows\system32\wextract.exe
2015-02-22 17:16 . 2015-02-22 17:16 101376 ----a-w- c:\windows\system32\inseng.dll
2015-02-22 17:16 . 2015-02-22 17:16 167424 ----a-w- c:\windows\system32\iexpress.exe
2015-02-22 17:16 . 2015-02-22 17:16 62464 ----a-w- c:\windows\system32\pngfilt.dll
2015-02-22 17:16 . 2015-02-22 17:16 147968 ----a-w- c:\windows\system32\occache.dll
2015-02-22 17:16 . 2015-02-22 17:16 13824 ----a-w- c:\windows\system32\mshta.exe
2015-02-22 17:16 . 2015-02-22 17:16 774144 ----a-w- c:\windows\system32\jscript.dll
2015-02-22 17:16 . 2015-02-22 17:16 48128 ----a-w- c:\windows\system32\imgutil.dll
2015-02-22 17:16 . 2015-02-22 17:16 135680 ----a-w- c:\windows\system32\iepeers.dll
2015-02-20 04:41 . 2015-03-12 03:07 41984 ----a-w- c:\windows\system32\lpk.dll
2015-02-20 04:40 . 2015-03-12 03:07 100864 ----a-w- c:\windows\system32\fontsub.dll
2015-02-20 04:40 . 2015-03-12 03:07 14336 ----a-w- c:\windows\system32\dciman32.dll
2015-02-20 04:40 . 2015-03-12 03:07 46080 ----a-w- c:\windows\system32\atmlib.dll
2015-02-20 04:13 . 2015-03-12 03:07 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2015-02-20 04:13 . 2015-03-12 03:07 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2015-02-20 04:13 . 2015-03-12 03:07 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2015-02-20 04:12 . 2015-03-12 03:07 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2015-02-20 03:29 . 2015-03-12 03:07 372224 ----a-w- c:\windows\system32\atmfd.dll
2015-02-20 03:09 . 2015-03-12 03:07 299008 ----a-w- c:\windows\SysWow64\atmfd.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-04-17 05:55 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AnVir Task Manager"="c:\program files (x86)\AnVir Task Manager\anvir.exe" [2012-02-22 6071480]
"PicPick Start"="c:\program files (x86)\PicPick\picpick.exe" [2014-03-11 13165400]
"Screenshot Captor"="c:\program files (x86)\ScreenshotCaptor\ScreenshotCaptor.exe" [2013-12-03 7944888]
"DuckCapture"="c:\program files (x86)\DuckLink\DuckCapture\DuckCapture.exe" [2011-11-03 436736]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-04-08 8202008]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2015-03-25 7806232]
"xdm"="c:\users\Dad\AppData\Local\XDM\xdm.exe" [2014-11-15 782848]
"EagleGet"="c:\program files (x86)\EagleGet\EagleGet.exe" [2014-04-24 1239552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-12-24 284696]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-04-17 337264]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-03-08 260608]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-04-08 908368]
"EaseUs Watch"="c:\program files (x86)\EASEUS\Todo Backup\bin\EuWatch.exe" [2011-04-22 69000]
"EaseUs Tray"="c:\program files (x86)\EASEUS\Todo Backup\bin\TrayNotify.exe" [2011-04-25 733576]
"Freecorder FLV Service"="c:\program files (x86)\Freecorder\FLVSrvc.exe" [2011-03-24 167936]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2015-02-13 60712]
"SSC Service Utility"="c:\program files (x86)\SSC Service Utility\ssc_serv.exe" [2007-10-09 665600]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2015-05-12 5515496]
"AntiLogger"="c:\program files (x86)\AntiLogger\AntiLogger.exe" [2014-03-26 19362728]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-03 1021128]
"Malwarebytes Anti-Exploit"="c:\program files (x86)\Malwarebytes Anti-Exploit\mbae.exe" [2015-04-08 2618680]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2014-10-02 421888]
.
c:\users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
FastStone Capture.lnk - c:\program files (x86)\FastStone Capture\FSCapture.exe -Silent [2007-2-13 1111552]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"SoftwareSASGeneration"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys;c:\windows\SYSNATIVE\drivers\Apowersoft_AudioDevice.sys [x]
R3 cleanhlp;cleanhlp;c:\eek\bin\cleanhlp64.sys;c:\eek\bin\cleanhlp64.sys [x]
R3 DigiartyVirtualCDBus;Digiarty Virtual Driver;c:\windows\system32\drivers\DigiartyVirtualCDBus.sys;c:\windows\SYSNATIVE\drivers\DigiartyVirtualCDBus.sys [x]
R3 eagleGet;eagleGet;c:\windows\system32\Drivers\eagleGet.sys;c:\windows\SYSNATIVE\Drivers\eagleGet.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys;c:\windows\SYSNATIVE\epmntdrv.sys [x]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys;c:\windows\SYSNATIVE\EuGdiDrv.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [x]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys;c:\windows\SYSNATIVE\DRIVERS\psi_mf.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys;c:\windows\SYSNATIVE\Drivers\RtsUStor.sys [x]
R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe;c:\program files (x86)\Secunia\PSI\PSIA.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WISOVD;WISOVD;c:\program files (x86)\WinISO Computing\WinISO\bin\driver\WISOVD_win7_x64.sys;c:\program files (x86)\WinISO Computing\WinISO\bin\driver\WISOVD_win7_x64.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S0 cumon;cumon;c:\windows\system32\drivers\cumon.sys;c:\windows\SYSNATIVE\drivers\cumon.sys [x]
S0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys;c:\windows\SYSNATIVE\drivers\eubakup.sys [x]
S0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys;c:\windows\SYSNATIVE\drivers\EUBKMON.sys [x]
S0 EUFS;EUFS;c:\windows\system32\drivers\eufs.sys;c:\windows\SYSNATIVE\drivers\eufs.sys [x]
S0 Evdd;Evdd;c:\windows\system32\drivers\evdd.sys;c:\windows\SYSNATIVE\drivers\evdd.sys [x]
S1 A2DDA;A2 Direct Disk Access Support Driver;c:\eek\bin\a2ddax64.sys;c:\eek\bin\a2ddax64.sys [x]
S1 AntiLog32;AntiLog32;c:\windows\system32\drivers\AntiLog64.sys;c:\windows\SYSNATIVE\drivers\AntiLog64.sys [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 ESProtectionDriver;Malwarebytes Anti-Exploit;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae64.sys;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [x]
S1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys;c:\windows\SYSNATIVE\drivers\eudskacs.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys;c:\windows\SYSNATIVE\DRIVERS\mwlPSDVDisk.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [x]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 BT Help Wizard;BT Help Wizard;c:\program files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\MAHostService.exe;c:\program files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\MAHostService.exe [x]
S2 CPMService;COMODO Programs Manager Service;c:\program files\COMODO\COMODO Programs Manager\CPMService.exe;c:\program files\COMODO\COMODO Programs Manager\CPMService.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe;c:\program files (x86)\Launch Manager\dsiwmis.exe [x]
S2 EASEUS Agent;EASEUS Agent;c:\program files (x86)\EASEUS\Todo Backup\bin\Agent.exe;c:\program files (x86)\EASEUS\Todo Backup\bin\Agent.exe [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe;c:\program files (x86)\Acer\Registration\GREGsvc.exe [x]
S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe;c:\program files\HitmanPro\hmpsched.exe [x]
S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 MbaeSvc;Malwarebytes Anti-Exploit Service;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe;c:\program files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [x]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [x]
S2 pcCMService64;pcCMService64;c:\program files\Common Files\Motive\pcCMService.exe;c:\program files\Common Files\Motive\pcCMService.exe [x]
S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe;c:\program files\Acer\Acer Updater\UpdaterService.exe [x]
S2 ZentimoService;Zentimo Assistant;c:\program files (x86)\Zentimo\ZentimoService.exe;c:\program files (x86)\Zentimo\ZentimoService.exe [x]
S3 bbcap;bb_capture_driver;c:\windows\system32\DRIVERS\bbcap.sys;c:\windows\SYSNATIVE\DRIVERS\bbcap.sys [x]
S3 EUDISK;EASEUS Disk Enumerator;c:\windows\system32\drivers\eudisk.sys;c:\windows\SYSNATIVE\drivers\eudisk.sys [x]
S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys;c:\windows\SYSNATIVE\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-05-13 16:02 988488 ----a-w- c:\program files (x86)\Google\Chrome\Application\42.0.2311.152\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-05-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-04-16 15:45]
.
2015-05-14 c:\windows\Tasks\GlaryInitialize.job
- c:\program files (x86)\Glary Utilities\initialize.exe [2012-01-26 09:50]
.
2015-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-04-28 23:53]
.
2015-05-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-04-28 23:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2015-04-28 13:39 722400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-04-17 05:58 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-29 9913376]
"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-04-17 349552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-03-04 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-03-04 391192]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-03-04 410648]
"PLFSetI"="c:\windows\PLFSetI.exe" [2010-01-13 206208]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-03-17 860704]
"Eraser"="c:\progra~1\Eraser\Eraser.exe" [2011-11-05 980368]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-02-13 169768]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://news.sky.com/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:9614
IE: Download all links with EagleGet - c:\program files (x86)\EagleGet\IEGraberBHO.dll/202
IE: Download with EagleGet - c:\program files (x86)\EagleGet\IEGraberBHO.dll/201
TCP: DhcpNameServer = 192.168.1.254
FF - ProfilePath - c:\users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\e50b4zms.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Digiarty_Software_AirPlayit - c:\program files (x86)\Digiarty\WinX_DVD_Ripper_Platinum_Streamer_Edition\Air_Playit_Server\airplayit.exe
Wow6432Node-HKCU-Run-Mosaico - c:\program files (x86)\Mosaico\mosaico.exe
Wow6432Node-HKCU-Run-SnapDraw-Free\CrossGL-SnapDraw - c:\program files (x86)\SnapDraw-Free\CrossGL-SnapDraw.exe
SafeBoot-CleanHlp
SafeBoot-CleanHlp.sys
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.alb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="PhotoManager10Deluxe.8.alb"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_17_0_0_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.17"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_17_0_0_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\node.exe
c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
c:\program files (x86)\WizMouse\wizmouse.exe
.
**************************************************************************
.
Completion time: 2015-05-14  16:18:10 - machine was rebooted
ComboFix-quarantined-files.txt  2015-05-14 15:18
.
Pre-Run: 156,477,976,576 bytes free
Post-Run: 157,101,707,264 bytes free
.
- - End Of File - - 2E1F09F7593547C862F5B9FA51E85DC0
 



#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:46 AM

Posted 14 May 2015 - 11:11 AM

Step 1

Scan with adwcleaner.png AdwCleaner (by Xplode).
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a log file (that is saved in C:\AdwCleaner[S#].txt) will open automatically.
    Copy and paste the contents of that logfile in your next reply.
Step 2

v21logo.PNG

Scan with Malwarebytes Anti-Malware.
  • Please open Malwarebytes Anti-Malware and update the database.
  • Click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt:
    m21p.png
  • Click on "Remove Selected" [5].
  • Then click "Save Results" [6] and select
    m21p4.png
  • Return to our forum. Paste your log into your next reply and then click Finish [7].
mbamv21.gif

Step 3

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste the log in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 Disceli

Disceli
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 14 May 2015 - 01:54 PM

# AdwCleaner v4.204 - Logfile created 14/05/2015 at 18:55:02
# Updated 12/05/2015 by Xplode
# Database : 2015-05-12.2 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Dad - DAD-PC
# Running from : C:\PROGRAMS\AdwCleaner 4.204\adwcleaner_4.204.exe
# Option : Cleaning

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FLV Player
Folder Deleted : C:\Program Files (x86)\FLV Player
Folder Deleted : C:\Windows\FLV Player
Folder Deleted : C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\jliolpcnkmolaaecncdfeofombdekjcp

***** [ Scheduled tasks ] *****

***** [ Shortcuts ] *****

***** [ Registry ] *****

Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - hxxp=127.0.0.1:9614

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17728

-\\ Mozilla Firefox v37.0.2 (x86 en-GB)

-\\ Google Chrome v42.0.2311.152

[C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : jliolpcnkmolaaecncdfeofombdekjcp

-\\ Chromium v

*************************

AdwCleaner[R0].txt - [3652 bytes] - [25/04/2015 00:16:10]
AdwCleaner[R1].txt - [3711 bytes] - [26/04/2015 20:40:59]
AdwCleaner[R2].txt - [1164 bytes] - [26/04/2015 21:21:48]
AdwCleaner[R3].txt - [1805 bytes] - [14/05/2015 18:03:56]
AdwCleaner[S0].txt - [3714 bytes] - [26/04/2015 20:47:22]
AdwCleaner[S1].txt - [1532 bytes] - [14/05/2015 18:55:02]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1591  bytes] ##########

 

 

..................................................................................................................................

 

 

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 14/05/2015
Scan Time: 19:10:26
Logfile: MBAM 2015-05-14 19.29.txt
Administrator: Yes

Version: 2.01.6.1022
Malware Database: v2015.05.14.04
Rootkit Database: v2015.04.21.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Dad

Scan Type: Custom Scan
Result: Completed
Objects Scanned: 446358
Time Elapsed: 18 min, 49 sec

Memory: Enabled
Startup: Enabled
Filesystem: Disabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

 

 

.............................................................................................................................

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-05-2015 01
Ran by Dad (administrator) on DAD-PC on 14-05-2015 19:31:13
Running from C:\PROGRAMS\FRST64 - 2015-05-14
Loaded Profiles: Dad (Available profiles: Dad & CCleaner-Test & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files (x86)\Zentimo\ZentimoService.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Windows\PLFSetI.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(The Eraser Project) C:\Program Files\Eraser\Eraser.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AnVir Software) C:\Program Files (x86)\AnVir Task Manager\AnVir.exe
(NTeWORKS) C:\Program Files (x86)\PicPick\picpick.exe
(DonationCoder) C:\Program Files (x86)\ScreenshotCaptor\ScreenshotCaptor.exe
(DuckLink Software) C:\Program Files (x86)\DuckLink\DuckCapture\DuckCapture.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Subhra Das Gupta) C:\Users\Dad\AppData\Local\XDM\xdm.exe
(EagleGet.com) C:\Program Files (x86)\EagleGet\EagleGet.exe
() C:\Program Files (x86)\FastStone Capture\FSCapture.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Alcatel-Lucent) C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\MAHostService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files\COMODO\COMODO Programs Manager\CPMservice.exe
(Joyent, Inc) C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\node.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EASEUS\Todo Backup\bin\Agent.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EASEUS\Todo Backup\bin\EuWatch.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EASEUS\Todo Backup\bin\TrayNotify.exe
() C:\Program Files (x86)\WizMouse\WizMouse.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(Applian Technologies, Inc.) C:\Program Files (x86)\Freecorder\FLVSrvc.exe
(SSC Localization Group) C:\Program Files (x86)\SSC Service Utility\ssc_serv.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Zemana Ltd.) C:\Program Files (x86)\AntiLogger\AntiLogger.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9913376 2009-12-29] (Realtek Semiconductor)
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-04-17] (Egis Technology Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [206208 2010-01-13] ()
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860704 2010-03-17] (Acer Incorporated)
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [980368 2011-11-05] (The Eraser Project)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-12-24] (Intel Corporation)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-04-17] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [260608 2010-03-09] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [908368 2010-04-08] (Dritek System Inc.)
HKLM-x32\...\Run: [EaseUs Watch] => C:\Program Files (x86)\EASEUS\Todo Backup\bin\EuWatch.exe [69000 2011-04-22] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [EaseUs Tray] => C:\Program Files (x86)\EASEUS\Todo Backup\bin\TrayNotify.exe [733576 2011-04-25] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [Freecorder FLV Service] => C:\Program Files (x86)\Freecorder\FLVSrvc.exe [167936 2011-03-24] (Applian Technologies, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [SSC Service Utility] => C:\Program Files (x86)\SSC Service Utility\ssc_serv.exe [665600 2007-10-09] (SSC Localization Group)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-12] (Avast Software s.r.o.)
HKLM-x32\...\Run: [AntiLogger] => C:\Program Files (x86)\AntiLogger\AntiLogger.exe [19362728 2014-03-26] (Zemana Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2618680 2015-04-08] (Malwarebytes Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\...\Run: [AnVir Task Manager] => C:\Program Files (x86)\AnVir Task Manager\anvir.exe [6071480 2012-02-22] (AnVir Software)
HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\...\Run: [PicPick Start] => C:\Program Files (x86)\PicPick\picpick.exe [13165400 2014-03-11] (NTeWORKS)
HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\...\Run: [Screenshot Captor] => C:\Program Files (x86)\ScreenshotCaptor\ScreenshotCaptor.exe [7944888 2013-12-03] (DonationCoder)
HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\...\Run: [DuckCapture] => C:\Program Files (x86)\DuckLink\DuckCapture\DuckCapture.exe [436736 2011-11-03] (DuckLink Software)
HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8202008 2015-04-08] (Piriform Ltd)
HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7806232 2015-03-25] (SUPERAntiSpyware)
HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\...\Run: [xdm] => C:\Users\Dad\AppData\Local\XDM\xdm.exe [782848 2014-11-15] (Subhra Das Gupta)
HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\...\Run: [EagleGet] => C:\Program Files (x86)\EagleGet\EagleGet.exe [1239552 2014-04-24] (EagleGet.com)
HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\...\Run: [NetRecovery] => C:\Users\Dad\AppData\Local\XDM\NetRecovery.exe [13312 2014-07-30] ()
HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\...\RunOnce: [Adobe Speed Launcher] => 1431626379
Startup: C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\FastStone Capture.lnk [2014-05-14]
ShortcutTarget: FastStone Capture.lnk -> C:\Program Files (x86)\FastStone Capture\FSCapture.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-04-28] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll [2010-04-17] (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll [2010-04-17] (Egis Technology Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
ProxyEnable: [S-1-5-21-1050699504-4118538850-2090742069-1001] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-1050699504-4118538850-2090742069-1001] => http=127.0.0.1:9614
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.sky.com/
HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
URLSearchHook: HKLM-x32 - (No Name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No File
SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1050699504-4118538850-2090742069-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_enGB411
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-04-16] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-03] (Avast Software s.r.o.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-04-16] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-16] (Oracle Corporation)
BHO-x32: EGet Class -> {824F251E-D74A-4d56-B998-CA05CF369A13} -> C:\Program Files (x86)\EagleGet\eagleSniffer.dll [2014-04-24] (EagleGet.com)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-03] (Avast Software s.r.o.)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-16] (Oracle Corporation)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {C345E174-3E87-4F41-A01C-B066A90A49B4} http://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\e50b4zms.default
FF Plugin: @java.com/DTPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-04-16] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-04-16] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2012-08-15] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-16] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll [2012-10-05] (Alcatel-Lucent)
FF Plugin-x32: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll [2011-12-06] (Alcatel-Lucent)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1050699504-4118538850-2090742069-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll [2013-03-12] (Amazon.com, Inc.)
FF Plugin HKU\S-1-5-21-1050699504-4118538850-2090742069-1001: eagleget.com/EagleGet -> C:\Program Files (x86)\EagleGet\npEagleget.dll [2014-04-24] (www.eagleget.com)
FF Plugin HKU\S-1-5-21-1050699504-4118538850-2090742069-1001: egtcps.com/captures -> C:\Program Files (x86)\EagleGet\captures.dll [2014-04-24] (www.eagleget.com)
FF Extension: EagleGet - C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\e50b4zms.default\Extensions\eagleget_ffext@eagleget.com.xpi [2015-05-02]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-06-26]

Chrome:
=======
CHR Profile: C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-29]
CHR Extension: (Google Docs) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-29]
CHR Extension: (Google Drive) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-29]
CHR Extension: (YouTube) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-29]
CHR Extension: (Google Search) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-29]
CHR Extension: (Full Page Screen Capture) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl [2015-04-29]
CHR Extension: (Google Sheets) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-29]
CHR Extension: (Print this page with CleanPrint) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\fklmmmdcofimkjmfjdnobmmgmefbapkf [2015-04-29]
CHR Extension: (Bookmark Manager) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-29]
CHR Extension: (Avast Online Security) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-04-29]
CHR Extension: (Flubit Extension) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\imfdokopehhkecohfljakjagcgohinnc [2015-04-29]
CHR Extension: (EagleGet Free Downloader) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\kaebhgioafceeldhgjmendlfhbfjefmo [2015-05-02]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-29]
CHR Extension: (Google Wallet) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-29]
CHR Extension: (Print Friendly & PDF) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohlencieiipommannpdfcmfdpjjmeolj [2015-04-29]
CHR Extension: (Gmail) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-29]
CHR Extension: (History Trends Unlimited) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnmchffiealhkdloeffcdnbgdnedheme [2015-04-29]
CHR HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kaebhgioafceeldhgjmendlfhbfjefmo] - C:\Program Files (x86)\EagleGet\addon\eagleget_cext@eagleget.com.crx [2015-05-02]
CHR HKLM-x32\...\Chrome\Extension: [kaebhgioafceeldhgjmendlfhbfjefmo] - C:\Program Files (x86)\EagleGet\addon\eagleget_cext@eagleget.com.crx [2015-05-02]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
S2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-28] (Avast Software s.r.o.)
R2 BT Help Wizard; C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\MAHostService.exe [321024 2014-04-09] (Alcatel-Lucent) [File not signed]
R2 CPMService; C:\Program Files\COMODO\COMODO Programs Manager\CPMService.exe [116032 2011-09-05] ()
R2 EASEUS Agent; C:\Program Files (x86)\EASEUS\Todo Backup\bin\Agent.exe [56200 2011-04-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed]
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-04-26] (SurfRight B.V.)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [656184 2015-04-08] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-04-17] (Egis Technology Inc.)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [250368 2010-03-09] (NewTech Infosystems, Inc.) [File not signed]
R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [467256 2013-11-11] (Alcatel-Lucent)
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [994360 2011-10-14] (Secunia)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZentimoService; C:\Program Files (x86)\Zentimo\ZentimoService.exe [555844 2011-12-09] () [File not signed]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R1 A2DDA; C:\EEK\bin\a2ddax64.sys [26176 2015-04-09] (Emsisoft GmbH)
R1 AntiLog32; C:\Windows\system32\drivers\AntiLog64.sys [49752 2014-06-20] (Zemana Ltd.)
S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2013-06-02] (Wondershare)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-28] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-04-28] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-28] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-28] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-28] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-04-28] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-04-28] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-04-28] ()
R3 bbcap; C:\Windows\System32\DRIVERS\bbcap.sys [4608 2011-05-26] (Windows ® Codename Longhorn DDK provider)
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2015-04-09] (Emsisoft GmbH)
R0 cumon; C:\Windows\System32\drivers\cumon.sys [205512 2011-09-05] (Windows ® Win 7 DDK provider)
S3 DigiartyVirtualCDBus; C:\Windows\System32\drivers\DigiartyVirtualCDBus.sys [276256 2015-01-07] (Digiarty Software, Inc.)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [16776 2011-07-29] () [File not signed]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14216 2011-07-29] () [File not signed]
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-04-08] ()
R0 EUBAKUP; C:\Windows\System32\drivers\eubakup.sys [36232 2011-04-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [42888 2011-04-22] () [File not signed]
R3 EUDISK; C:\Windows\system32\drivers\eudisk.sys [193928 2011-04-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R1 EUDSKACS; C:\Windows\system32\drivers\eudskacs.sys [17800 2011-04-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R0 EUFS; C:\Windows\System32\drivers\eufs.sys [26504 2011-04-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9096 2011-07-29] () [File not signed]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [8456 2011-07-29] () [File not signed]
R0 Evdd; C:\Windows\System32\drivers\evdd.sys [19568 2011-09-05] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 eagleGet; System32\Drivers\eagleGet.sys [X]
S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 WISOVD; \??\C:\Program Files (x86)\WinISO Computing\WinISO\bin\driver\WISOVD_win7_x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)

==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-14 19:01 - 2015-05-14 19:01 - 00000017 _____ () C:\Users\Dad\AppData\Roaming\net_rec.dat
2015-05-14 16:18 - 2015-05-14 16:18 - 00033820 _____ () C:\ComboFix.txt
2015-05-14 16:02 - 2015-05-14 16:02 - 00000546 _____ () C:\Windows\PFRO.log
2015-05-14 15:45 - 2015-05-14 16:19 - 00000000 ____D () C:\ComboFix
2015-05-14 15:45 - 2015-05-14 16:18 - 00000000 ____D () C:\Qoobox
2015-05-14 15:45 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-05-14 15:45 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-05-14 15:45 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-05-14 15:45 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-05-14 15:45 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-05-14 15:45 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-05-14 15:45 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-05-14 15:45 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-05-14 15:44 - 2015-05-14 16:13 - 00000000 ____D () C:\Windows\erdnt
2015-05-14 15:18 - 2015-05-14 15:18 - 05623645 ____R (Swearware) C:\Users\Dad\Desktop\ComboFix.exe
2015-05-14 14:59 - 2015-05-14 14:59 - 00001232 _____ () C:\Users\Dad\Desktop\Revo Uninstaller.lnk
2015-05-14 13:37 - 2015-05-14 18:57 - 00000168 _____ () C:\Windows\setupact.log
2015-05-14 13:37 - 2015-05-14 13:37 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-07 22:08 - 2015-05-07 22:08 - 00001140 _____ () C:\Users\Public\Desktop\Kvisoft PDF Splitter.lnk
2015-05-07 22:08 - 2015-05-07 22:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kvisoft
2015-05-07 22:08 - 2015-05-07 22:08 - 00000000 ____D () C:\Program Files (x86)\Kvisoft
2015-05-07 21:59 - 2015-05-07 21:59 - 00001222 _____ () C:\Users\Dad\Desktop\PDFMate Free PDF Merger.lnk
2015-05-07 21:59 - 2015-05-07 21:59 - 00000000 ____D () C:\Users\Dad\Documents\Anvsoft
2015-05-07 21:59 - 2015-05-07 21:59 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\Anvsoft
2015-05-07 21:59 - 2015-05-07 21:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnvSoft
2015-05-07 21:59 - 2015-05-07 21:59 - 00000000 ____D () C:\Program Files (x86)\AnvSoft
2015-05-07 21:42 - 2015-05-07 21:42 - 00000000 ____D () C:\ProgramData\A-PDF
2015-05-07 21:41 - 2015-05-07 21:41 - 00000922 _____ () C:\Users\Dad\Desktop\A-PDF Page Cut.lnk
2015-05-07 21:41 - 2015-05-07 21:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\A-PDF Page Cut
2015-05-07 21:41 - 2015-05-07 21:41 - 00000000 ____D () C:\Program Files (x86)\A-PDF Page Cut
2015-05-04 21:34 - 2015-05-14 19:31 - 00000000 ____D () C:\FRST
2015-05-02 18:41 - 2015-05-02 18:41 - 00000975 _____ () C:\Users\Public\Desktop\EagleGet.lnk
2015-05-02 18:41 - 2015-05-02 18:41 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\EagleGet
2015-05-02 18:41 - 2015-05-02 18:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EagleGet
2015-05-02 18:41 - 2015-05-02 18:41 - 00000000 ____D () C:\ProgramData\EagleGet
2015-05-02 18:41 - 2015-05-02 18:41 - 00000000 ____D () C:\Program Files (x86)\EagleGet
2015-05-02 16:14 - 2015-05-02 16:15 - 12023239 _____ () C:\Windows\EventSys.txt
2015-05-02 16:14 - 2015-05-02 16:14 - 00000000 ____D () C:\Users\Dad\Desktop\SF_02-05-2015
2015-05-02 03:00 - 2015-05-02 03:00 - 00000598 _____ () C:\Users\Dad\Desktop\JRT.txt
2015-05-02 02:51 - 2015-04-30 08:30 - 02716306 _____ (Thisisu) C:\Users\Dad\Desktop\JRT_NEW.exe
2015-05-01 20:08 - 2015-05-01 20:08 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\Subhra Das Gupta
2015-05-01 20:07 - 2015-05-01 20:07 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Xtreme Download Manager
2015-05-01 20:07 - 2015-05-01 20:07 - 00000000 ____D () C:\Users\Dad\AppData\Local\XDM
2015-05-01 20:02 - 2015-05-01 20:02 - 00502730 _____ () C:\Users\Dad\Downloads\xdm_4.7.exe
2015-04-30 22:14 - 2015-04-30 22:14 - 05194974 _____ (EagleGet ) C:\Users\Dad\Downloads\eagleget_1.1.7.8.exe
2015-04-30 22:13 - 2015-04-30 22:13 - 05192937 _____ (EagleGet ) C:\Users\Dad\Downloads\eagleget_1.1.7.9.exe
2015-04-30 22:12 - 2015-04-30 22:12 - 05193287 _____ (EagleGet ) C:\Users\Dad\Downloads\eagleget_1.1.8.0.exe
2015-04-30 22:11 - 2015-04-30 22:11 - 05194228 _____ (EagleGet ) C:\Users\Dad\Downloads\eagleget_1.1.8.2.exe
2015-04-30 22:11 - 2015-04-30 22:11 - 05192411 _____ (EagleGet ) C:\Users\Dad\Downloads\eagleget_1.1.8.3.exe
2015-04-30 21:58 - 2015-04-30 21:58 - 00076288 _____ (Malwarebytes Corporation) C:\Users\Dad\Downloads\mbae-support.exe
2015-04-29 16:45 - 2015-04-29 16:45 - 00007605 _____ () C:\Users\Dad\AppData\Local\Resmon.ResmonCfg
2015-04-29 00:54 - 2015-05-13 17:07 - 00002147 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-29 00:54 - 2015-04-29 00:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-04-29 00:53 - 2015-05-14 18:59 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-29 00:53 - 2015-05-14 17:58 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-29 00:53 - 2015-04-29 00:53 - 00003888 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-04-29 00:53 - 2015-04-29 00:53 - 00003636 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-04-29 00:46 - 2015-04-29 00:46 - 00880208 _____ (Google Inc.) C:\Users\Dad\Downloads\ChromeSetup.exe
2015-04-29 00:33 - 2015-04-29 00:33 - 06114448 _____ () C:\Users\Dad\Desktop\bookmarks_29_04_2015.html
2015-04-28 14:39 - 2015-04-28 14:39 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-04-28 14:39 - 2015-04-28 14:39 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-04-26 22:46 - 2015-04-26 22:46 - 00001861 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2015-04-26 22:46 - 2015-04-26 22:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-04-26 22:46 - 2015-04-26 22:46 - 00000000 ____D () C:\Program Files\HitmanPro
2015-04-26 22:45 - 2015-05-04 23:10 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-04-26 21:40 - 2015-04-26 21:40 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-DAD-PC-Windows-7-Home-Premium-(64-bit).dat
2015-04-26 21:40 - 2015-04-26 21:40 - 00000000 ____D () C:\RegBackup
2015-04-25 17:26 - 2015-05-14 19:01 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-04-25 17:26 - 2015-04-25 17:26 - 00001772 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2015-04-25 17:26 - 2015-04-25 17:26 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\SUPERAntiSpyware.com
2015-04-25 17:26 - 2015-04-25 17:26 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2015-04-25 17:26 - 2015-04-25 17:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-04-25 00:15 - 2015-05-14 18:55 - 00000000 ____D () C:\AdwCleaner
2015-04-23 17:16 - 2013-06-01 17:34 - 00310272 _____ () C:\Users\Dad\Downloads\SF_Diagnostic_Tool.exe
2015-04-23 14:24 - 2015-04-23 14:25 - 00000000 ____D () C:\Program Files\CCleaner
2015-04-23 14:24 - 2015-04-23 14:24 - 00002782 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-04-23 14:24 - 2015-04-23 14:24 - 00000786 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-04-23 14:24 - 2015-04-23 14:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-04-21 22:01 - 2015-04-21 22:02 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\Mozilla
2015-04-21 22:01 - 2015-04-21 22:02 - 00000000 ____D () C:\Users\Dad\AppData\Local\Mozilla
2015-04-21 22:01 - 2015-04-21 22:01 - 00001127 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-21 22:01 - 2015-04-21 22:01 - 00001115 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-04-21 22:01 - 2015-04-21 22:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-21 21:59 - 2015-04-21 21:59 - 00243240 _____ () C:\Users\Dad\Downloads\Firefox Setup Stub 37.0.2.exe
2015-04-21 20:37 - 2015-04-21 20:38 - 05747294 _____ (EagleGet ) C:\Users\Dad\Downloads\eagleget_setup.exe
2015-04-21 18:59 - 2015-04-21 19:06 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-19 20:12 - 2015-04-19 20:12 - 00000000 ____D () C:\Users\CCleaner-Test\AppData\Local\Eraser 6
2015-04-19 20:04 - 2015-04-19 20:04 - 00000000 ____D () C:\Users\CCleaner-Test\AppData\Roaming\FastStone
2015-04-19 19:54 - 2015-04-20 16:44 - 00000000 ____D () C:\Users\CCleaner-Test\AppData\Local\CrashDumps
2015-04-19 19:49 - 2015-04-19 19:49 - 00128912 _____ () C:\Users\CCleaner-Test\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-19 19:49 - 2015-04-19 19:49 - 00000000 ____D () C:\Users\CCleaner-Test\Documents\Freecorder
2015-04-19 19:49 - 2015-04-19 19:49 - 00000000 ____D () C:\Users\CCleaner-Test\AppData\Roaming\Intel Corporation
2015-04-19 19:49 - 2015-04-19 19:49 - 00000000 ____D () C:\Users\CCleaner-Test\AppData\Roaming\AVAST Software
2015-04-19 19:49 - 2015-04-19 19:49 - 00000000 ____D () C:\Users\CCleaner-Test\AppData\Roaming\Apple Computer
2015-04-19 19:49 - 2015-04-19 19:49 - 00000000 ____D () C:\Users\CCleaner-Test\AppData\Local\Zemana
2015-04-19 19:49 - 2015-04-19 19:49 - 00000000 ____D () C:\Users\CCleaner-Test\AppData\Local\FLVService
2015-04-19 19:49 - 2015-04-19 19:49 - 00000000 ____D () C:\Users\CCleaner-Test\AppData\Local\EgisTec IPS
2015-04-19 19:47 - 2015-04-19 19:55 - 00002223 _____ () C:\Users\CCleaner-Test\Desktop\Google Chrome.lnk
2015-04-19 19:47 - 2015-04-19 19:47 - 00001381 _____ () C:\Users\CCleaner-Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-19 19:47 - 2015-04-19 19:47 - 00000000 ____D () C:\Users\CCleaner-Test\AppData\Roaming\Adobe
2015-04-19 19:47 - 2015-04-19 19:47 - 00000000 ____D () C:\Users\CCleaner-Test\AppData\Local\Google
2015-04-19 19:45 - 2015-04-19 19:45 - 00000000 ____D () C:\Users\CCleaner-Test\AppData\Roaming\EagleGet
2015-04-19 19:45 - 2015-04-19 19:45 - 00000000 ____D () C:\Users\CCleaner-Test\AppData\Local\VirtualStore
2015-04-19 19:44 - 2015-04-19 19:46 - 00000000 ____D () C:\Users\CCleaner-Test
2015-04-19 19:44 - 2015-04-19 19:44 - 00000020 ___SH () C:\Users\CCleaner-Test\ntuser.ini
2015-04-19 19:44 - 2015-03-27 18:08 - 00000000 ____D () C:\Users\CCleaner-Test\AppData\Roaming\Macromedia
2015-04-19 19:44 - 2011-02-20 20:01 - 00000000 ____D () C:\Users\CCleaner-Test\AppData\Local\Microsoft Help
2015-04-19 19:44 - 2009-07-14 05:54 - 00000000 ___RD () C:\Users\CCleaner-Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-19 19:44 - 2009-07-14 05:49 - 00000000 ___RD () C:\Users\CCleaner-Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-04-17 20:53 - 2015-04-17 20:53 - 00000423 _____ () C:\Users\Dad\Desktop\repair script.uvk
2015-04-17 19:28 - 2015-04-21 19:06 - 00000000 ____D () C:\Program Files\UVK - Ultra Virus Killer
2015-04-17 19:28 - 2015-04-17 19:28 - 00001770 _____ () C:\Users\Public\Desktop\UVK - Ultra Virus Killer.lnk
2015-04-17 19:28 - 2015-04-17 19:28 - 00000000 ____D () C:\ProgramData\UVK
2015-04-17 19:28 - 2015-04-17 19:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UVK - Ultra Virus Killer
2015-04-17 16:29 - 2015-04-17 16:29 - 00001213 _____ () C:\Users\Dad\Desktop\Command Prompt.lnk
2015-04-17 02:36 - 2008-08-20 22:16 - 00000689 _____ () C:\Users\Dad\Desktop\Elevated Command Prompt.lnk
2015-04-16 20:26 - 2015-04-16 20:26 - 00000250 _____ () C:\Users\Dad\Downloads\redir
2015-04-16 17:50 - 2015-04-16 17:48 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-04-16 17:48 - 2015-04-16 17:48 - 00000000 ____D () C:\Program Files (x86)\Java
2015-04-16 17:47 - 2015-04-16 17:47 - 00000000 _____ () C:\Windows\SysWOW64\RENDEEC.tmp
2015-04-16 17:17 - 2015-04-16 17:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-04-16 17:17 - 2015-04-16 17:16 - 00320424 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2015-04-16 16:51 - 2015-04-16 17:16 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2015-04-16 16:51 - 2015-04-16 17:16 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2015-04-16 16:51 - 2015-04-16 17:16 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-04-16 16:50 - 2015-04-16 16:50 - 00000000 ____D () C:\Program Files\Java
2015-04-16 14:32 - 2015-03-25 04:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-16 14:32 - 2015-03-25 04:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-16 14:32 - 2015-03-25 04:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-16 14:32 - 2015-03-25 04:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-16 14:32 - 2015-03-25 04:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-16 14:32 - 2015-03-25 04:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-16 14:32 - 2015-03-25 04:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-16 14:32 - 2015-03-25 04:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-16 14:32 - 2015-03-25 04:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-16 14:32 - 2015-03-25 04:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-16 14:32 - 2015-03-25 04:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-16 14:32 - 2015-03-25 04:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-16 14:32 - 2015-03-25 04:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-16 14:32 - 2015-03-25 04:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-16 14:32 - 2015-03-25 04:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-16 14:32 - 2015-03-25 04:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-16 14:32 - 2015-03-23 04:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-16 14:32 - 2015-03-23 04:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-16 14:32 - 2015-03-23 04:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-16 14:32 - 2015-03-23 04:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-16 14:32 - 2015-03-23 04:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-16 14:32 - 2015-03-23 04:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-16 14:32 - 2015-03-23 04:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-16 14:32 - 2015-03-23 04:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-16 14:32 - 2015-03-17 06:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-16 14:32 - 2015-03-17 06:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-16 14:32 - 2015-03-17 06:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-16 14:32 - 2015-03-17 06:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-16 14:32 - 2015-03-17 06:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-16 14:32 - 2015-03-17 06:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-16 14:32 - 2015-03-17 06:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-16 14:32 - 2015-03-17 06:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-16 14:32 - 2015-03-17 06:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-16 14:32 - 2015-03-17 06:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-16 14:32 - 2015-03-17 06:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-16 14:32 - 2015-03-17 06:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-16 14:32 - 2015-03-17 06:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-16 14:32 - 2015-03-17 06:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-16 14:32 - 2015-03-17 06:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-16 14:32 - 2015-03-17 06:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-16 14:32 - 2015-03-17 06:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-16 14:32 - 2015-03-17 06:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-16 14:32 - 2015-03-17 06:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-16 14:32 - 2015-03-17 06:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-16 14:32 - 2015-03-17 06:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-16 14:32 - 2015-03-17 06:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-16 14:32 - 2015-03-17 06:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-16 14:32 - 2015-03-17 06:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-16 14:32 - 2015-03-17 06:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-16 14:32 - 2015-03-17 06:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-16 14:32 - 2015-03-17 06:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-16 14:32 - 2015-03-17 06:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-16 14:32 - 2015-03-17 06:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-16 14:32 - 2015-03-17 06:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-16 14:32 - 2015-03-17 06:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-16 14:32 - 2015-03-17 06:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-16 14:32 - 2015-03-17 06:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-16 14:32 - 2015-03-17 05:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-16 14:32 - 2015-03-17 05:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-16 14:32 - 2015-03-17 05:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-16 14:32 - 2015-03-17 05:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-16 14:32 - 2015-03-17 05:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-16 14:32 - 2015-03-17 05:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-16 14:32 - 2015-03-17 05:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-16 14:32 - 2015-03-17 05:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-16 14:32 - 2015-03-17 05:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-16 14:32 - 2015-03-17 05:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-16 14:32 - 2015-03-17 05:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-16 14:32 - 2015-03-17 05:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-16 14:32 - 2015-03-17 05:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-16 14:32 - 2015-03-17 05:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-16 14:32 - 2015-03-17 05:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-16 14:32 - 2015-03-17 05:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-16 14:32 - 2015-03-17 05:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-16 14:32 - 2015-03-17 05:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-16 14:32 - 2015-03-17 05:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 04:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-16 14:32 - 2015-03-17 04:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-16 14:32 - 2015-03-17 04:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 04:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 04:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 04:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-16 14:32 - 2015-03-10 04:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-16 14:32 - 2015-03-10 04:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-16 14:32 - 2015-03-10 04:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-16 14:32 - 2015-03-10 04:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-16 14:32 - 2015-03-05 06:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-16 14:32 - 2015-03-05 05:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-16 14:32 - 2015-02-25 04:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-16 14:29 - 2015-04-02 01:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-16 14:29 - 2015-04-02 00:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-16 14:29 - 2015-03-13 05:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-16 14:29 - 2015-03-13 05:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-16 14:29 - 2015-03-13 05:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-16 14:29 - 2015-03-13 05:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-16 14:29 - 2015-03-13 05:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-16 14:29 - 2015-03-13 05:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-16 14:29 - 2015-03-13 05:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-16 14:29 - 2015-03-13 05:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-16 14:29 - 2015-03-13 05:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-16 14:29 - 2015-03-13 05:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-16 14:29 - 2015-03-13 04:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-16 14:29 - 2015-03-13 04:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-16 14:29 - 2015-03-13 04:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-16 14:29 - 2015-03-13 04:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-16 14:29 - 2015-03-13 04:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-16 14:29 - 2015-03-13 04:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-16 14:29 - 2015-03-13 04:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-16 14:29 - 2015-03-13 04:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-16 14:29 - 2015-03-13 04:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-16 14:29 - 2015-03-13 04:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-16 14:29 - 2015-03-13 04:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-16 14:29 - 2015-03-13 04:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-16 14:29 - 2015-03-13 04:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-16 14:29 - 2015-03-13 04:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-16 14:29 - 2015-03-13 04:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-16 14:29 - 2015-03-13 04:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-16 14:29 - 2015-03-13 04:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-16 14:29 - 2015-03-13 04:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-16 14:29 - 2015-03-13 04:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-16 14:29 - 2015-03-13 04:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-16 14:29 - 2015-03-13 04:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-16 14:29 - 2015-03-13 04:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-16 14:29 - 2015-03-13 04:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-16 14:29 - 2015-03-13 04:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-16 14:29 - 2015-03-13 04:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-16 14:29 - 2015-03-13 04:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-16 14:29 - 2015-03-13 04:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-16 14:29 - 2015-03-13 04:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-16 14:29 - 2015-03-13 04:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-16 14:29 - 2015-03-13 04:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-16 14:29 - 2015-03-13 04:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-16 14:29 - 2015-03-13 04:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-16 14:29 - 2015-03-13 03:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-16 14:29 - 2015-03-13 03:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-16 14:29 - 2015-03-13 03:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-16 14:29 - 2015-03-13 03:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-16 14:29 - 2015-03-13 03:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-16 14:29 - 2015-03-13 03:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-16 14:29 - 2015-03-13 03:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-16 14:29 - 2015-03-13 03:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-16 14:29 - 2015-03-13 03:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-16 14:29 - 2015-03-13 03:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-16 14:29 - 2015-03-13 03:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-16 14:29 - 2015-03-13 03:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-16 14:29 - 2015-03-13 03:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-16 14:29 - 2015-03-13 03:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-16 14:28 - 2015-03-04 05:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-16 14:28 - 2015-03-04 05:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-16 14:28 - 2015-03-04 05:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-16 02:49 - 2015-04-16 02:49 - 00001037 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2015-04-16 02:49 - 2015-04-16 02:49 - 00000000 ____D () C:\Users\Dad\AppData\Local\Secunia PSI
2015-04-16 02:49 - 2015-04-16 02:49 - 00000000 ____D () C:\Program Files (x86)\Secunia

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-05-14 19:31 - 2014-03-31 21:45 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\NetSpeedMonitor
2015-05-14 19:12 - 2009-07-14 05:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-14 19:12 - 2009-07-14 05:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-14 19:09 - 2014-07-14 15:52 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-14 19:07 - 2012-08-19 23:41 - 01274856 _____ () C:\Windows\WindowsUpdate.log
2015-05-14 19:03 - 2014-06-07 06:05 - 00000000 ____D () C:\Users\Dad\AppData\Local\CrashDumps
2015-05-14 19:00 - 2011-07-20 14:36 - 00003296 _____ () C:\Windows\System32\Tasks\WizMouse
2015-05-14 18:59 - 2012-01-26 07:15 - 00000320 _____ () C:\Windows\Tasks\GlaryInitialize.job
2015-05-14 18:58 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-14 18:56 - 2011-06-01 19:57 - 00000031 _____ () C:\Windows\system32\bbcap.err
2015-05-14 18:55 - 2015-04-13 17:51 - 00011994 _____ () C:\Windows\CUAppUsage.Dat
2015-05-14 18:42 - 2015-02-14 19:44 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-14 16:18 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-05-14 16:07 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-05-14 15:45 - 2009-07-14 06:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-14 15:17 - 2011-02-20 23:02 - 00000000 ____D () C:\FILES
2015-05-14 14:59 - 2011-03-09 00:29 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-05-14 13:44 - 2012-09-08 22:44 - 00003910 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{1C613D74-CEEC-477F-BF08-7A7D5DD8C6CC}
2015-05-14 01:50 - 2015-03-27 18:23 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\vlc
2015-05-12 19:11 - 2015-04-09 16:10 - 00000000 ____D () C:\EEK
2015-05-12 15:41 - 2012-08-06 17:03 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-05-12 01:11 - 2015-02-23 23:22 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2015-05-05 22:51 - 2012-08-20 01:53 - 00000000 ____D () C:\Users\Dad\AppData\Local\FLVService
2015-05-05 00:18 - 2012-08-16 23:10 - 00000000 ____D () C:\ERRORS
2015-05-02 20:21 - 2012-07-26 03:13 - 00000000 ____D () C:\Windows\Minidump
2015-05-02 02:49 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-29 13:14 - 2015-02-23 23:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2015-04-29 13:14 - 2015-02-23 23:22 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit
2015-04-29 00:54 - 2010-12-25 14:50 - 00000000 ____D () C:\Users\Dad\AppData\Local\Google
2015-04-29 00:54 - 2010-04-21 11:59 - 00000000 ____D () C:\Program Files (x86)\Google
2015-04-28 14:39 - 2014-04-24 04:24 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-04-28 14:39 - 2013-12-29 02:33 - 00137288 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-04-28 14:39 - 2013-03-05 20:29 - 00272248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-04-28 14:39 - 2013-03-05 20:29 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-04-28 14:39 - 2012-06-26 06:32 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-04-28 14:39 - 2012-06-26 06:32 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-04-28 14:39 - 2012-06-26 06:32 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-04-28 14:39 - 2012-06-26 06:32 - 00089944 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-04-26 21:55 - 2014-07-14 15:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-26 21:55 - 2014-07-14 15:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-26 21:55 - 2012-11-27 02:35 - 00001070 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-24 19:10 - 2009-07-14 06:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-19 19:48 - 2009-07-14 05:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-04-17 21:09 - 2010-12-25 14:39 - 00128912 _____ () C:\Users\Dad\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-17 21:07 - 2009-07-14 05:45 - 00461184 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-17 21:01 - 2009-07-14 03:34 - 00000439 _____ () C:\Windows\win.ini
2015-04-17 20:58 - 2010-05-17 20:34 - 00000000 ____D () C:\ProgramData\Temp
2015-04-17 06:27 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-17 06:19 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-04-16 16:45 - 2015-02-14 19:44 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-16 16:45 - 2014-04-16 18:01 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-16 16:45 - 2014-04-16 18:01 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-16 15:00 - 2014-12-15 14:04 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-16 15:00 - 2014-04-24 01:59 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-16 15:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-16 14:54 - 2013-11-30 22:18 - 00766820 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-16 14:51 - 2013-07-22 19:43 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-16 14:38 - 2011-03-09 04:19 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-04-14 09:37 - 2014-07-14 15:51 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-04-14 09:37 - 2014-07-14 15:51 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-04-14 09:37 - 2012-11-27 02:35 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

==================== Files in the root of some directories =======

2015-05-14 19:01 - 2015-05-14 19:01 - 0000017 _____ () C:\Users\Dad\AppData\Roaming\net_rec.dat
2011-03-09 04:44 - 2013-09-13 02:23 - 0001342 _____ () C:\Users\Dad\AppData\Roaming\wklnhst.dat
2015-01-04 04:07 - 2015-01-04 04:07 - 0211620 _____ () C:\Users\Dad\AppData\Local\ars.cache
2015-01-04 04:07 - 2015-01-04 04:07 - 0260404 _____ () C:\Users\Dad\AppData\Local\census.cache
2012-09-30 20:22 - 2012-09-30 20:22 - 0003584 _____ () C:\Users\Dad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-19 02:38 - 2014-01-19 02:38 - 0000058 _____ () C:\Users\Dad\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2014-06-17 06:01 - 2014-06-17 06:01 - 0000036 _____ () C:\Users\Dad\AppData\Local\housecall.guid.cache
2013-02-12 07:17 - 2013-02-12 07:17 - 0005020 _____ () C:\Users\Dad\AppData\Local\HWVendorDetection.log
2015-04-29 16:45 - 2015-04-29 16:45 - 0007605 _____ () C:\Users\Dad\AppData\Local\Resmon.ResmonCfg
2014-12-30 03:13 - 2014-12-30 03:13 - 0000010 _____ () C:\Users\Dad\AppData\Local\sponge.last.runtime.cache
2013-01-06 05:29 - 2013-01-17 05:43 - 0000040 ___SH () C:\ProgramData\.zreglib
2010-04-21 11:41 - 2010-01-27 15:40 - 0131472 _____ () C:\ProgramData\FullRemove.exe

Some content of TEMP:
====================
C:\Users\Dad\AppData\Local\Temp\Quarantine.exe
C:\Users\Dad\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-05-14 15:37

==================== End Of Log ============================

 

Attached File  Addition.txt   39.92KB   1 downloads



#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:46 AM

Posted 15 May 2015 - 02:23 AM

Hi,

Step 1

frst.pngfrstfix.png

Press thew7.png + R on your keyboard at the same time. Type notepad and click OK.
  • Copy the entire content of the codebox below and paste into the notepad document:
    CloseProcesses:
    AlternateDataStreams: C:\ProgramData\Temp:0B9176C0
    AlternateDataStreams: C:\ProgramData\Temp:E36F5B57
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction 
    HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction 
    RemoveProxy:
    URLSearchHook: HKLM-x32 - (No Name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No File
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
    EmptyTemp:
    
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please post it to your reply.


Step 2

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed, click on Finish.
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
esetlog.png

Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 Disceli

Disceli
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 15 May 2015 - 01:33 PM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 14-05-2015 01
Ran by Dad at 2015-05-15 13:15:06 Run:1
Running from C:\PROGRAMS\FRST64 - 2015-05-14
Loaded Profiles: Dad (Available profiles: Dad & CCleaner-Test & Guest)
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
CloseProcesses:
AlternateDataStreams: C:\ProgramData\Temp:0B9176C0
AlternateDataStreams: C:\ProgramData\Temp:E36F5B57
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction 
HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction 
RemoveProxy:
URLSearchHook: HKLM-x32 - (No Name) - {1392b8d2-5c05-419f-a8f6-b9f15a596612} - No File
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
EmptyTemp:
*****************
 
Processes closed successfully.
C:\ProgramData\Temp => ":0B9176C0" ADS removed successfully.
C:\ProgramData\Temp => ":E36F5B57" ADS removed successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
"HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => Key deleted successfully.
 
========= RemoveProxy: =========
 
HKLM\SYSTEM\CurrentControlSet\services\NlaSvc\Parameters\Internet\ManualProxies\\ => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value deleted successfully.
HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value deleted successfully.
 
 
========= End of RemoveProxy: =========
 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\URLSearchHooks\\{1392b8d2-5c05-419f-a8f6-b9f15a596612} => value deleted successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value deleted successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value deleted successfully.
HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => Key not found. 
"HKCR\PROTOCOLS\Handler\dssrequest" => Key deleted successfully.
HKCR\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5} => Key not found. 
"HKCR\PROTOCOLS\Handler\sacore" => Key deleted successfully.
HKCR\CLSID\{5513F07E-936B-4E52-9B00-067394E91CC5} => Key not found. 
EmptyTemp: => Removed 463.3 MB temporary data.
 
 
The system needed a reboot. 
 
==== End of Fixlog 13:15:27 ====
 
 
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
Can not open internetCan not open internetESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=ccd7da468b3c8c45af507a04fecd1149
# engine=23864
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-05-15 06:18:25
# local_time=2015-05-15 07:18:25 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Internet Security'
# compatibility_mode=779 16777213 85 72 106915 196134395 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 22492 184178955 0 0
# scanned=1130847
# found=26
# cleaned=0
# scan_time=15963
sh=1E1583CA6E3D477142B27F57F79F2604E79CA16E ft=1 fh=e95c77fdceed0cfc vn="Win32/SmartFileAdvisor.A potentially unwanted application" ac=I fn="C:\Program Files (x86)\Smart File Advisor\sfa_inst.exe"
sh=BAE2605DA99804FD83D1D4979F7D99DEE0E13B4A ft=1 fh=6171cbe7b013ec4a vn="a variant of Win32/InstallIQ.A potentially unwanted application" ac=I fn="C:\PROGRAMS\Applian FLV Player 2.0.25\applianflv.exe"
sh=90F9645263D996CAB4EDAA82ED704CBA9A1790E6 ft=1 fh=2afc1484783fed81 vn="Win32/Toolbar.Conduit potentially unwanted application" ac=I fn="C:\PROGRAMS\Ashampoo Burning Studio 2012\ashampoo_burning_studio_2012_10.0.15_9751.exe"
sh=73015CF7A92047C909187CA2463ED2D4CA391DE1 ft=1 fh=81fae6a0ae917d5c vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\PROGRAMS\Auslogics Disk Defrag 3.2.1.10\disk-defrag-setup.exe"
sh=B289C53DBB01232884364F964E8A5BCCDFBCE00A ft=1 fh=20604ce9407285e3 vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application" ac=I fn="C:\PROGRAMS\CCleaner\ccsetup310.exe"
sh=B876F5F15137EF8A1680C2AC04DC786D2A191DC9 ft=1 fh=850ac12ce80cbbb1 vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application" ac=I fn="C:\PROGRAMS\CCleaner 3.22.1800\ccsetup322.exe"
sh=2FEC2BB06C11B711B37E7D1BAC0004F8F25A4C7B ft=1 fh=9586b0754c97a9e0 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\PROGRAMS\CCleaner 4.0.1\ccsetup401.exe"
sh=ADF2AD3B94EB35DC371AB7A1A49B004B7C76BFA5 ft=1 fh=f95766f30bc4ebc6 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\PROGRAMS\CCleaner 4.0.6\ccsetup406.exe"
sh=DD6E088E22874B283348A15DB5159C7B20CC6D22 ft=1 fh=fe9dda6ca79832a6 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\PROGRAMS\CCleaner 4.07\ccsetup407.exe"
sh=6585F3BCD797EFC2F81599CDE50115668B677D52 ft=1 fh=c4c5afd1d69feff3 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\PROGRAMS\CCleaner 4.08.4428\ccsetup408.exe"
sh=0F97FB08E6FC4500F86E64D3285C171C6462BD61 ft=1 fh=acbbffe185c36761 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\PROGRAMS\CCleaner 4.10\ccsetup410.exe"
sh=C133DB147FA578119F34B675D45B477E110761B2 ft=1 fh=9272027fde077ca7 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\PROGRAMS\CCleaner 4.12\ccsetup412.exe"
sh=D12F2B7B95F3EB52E57E5E034F4315F4716670FF ft=1 fh=fa0e3acfd523f7f9 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\PROGRAMS\CCleaner 4.15.4725\ccsetup415.exe"
sh=5A4ADCA5CEFDEACCC9C4D2D197213E606014FDB4 ft=1 fh=63ae2f886e7f5dcc vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\PROGRAMS\CCleaner 4.19\ccsetup419.exe"
sh=B6B12E4F8E59C61EC67A5E17DEDA7EA5B2FEF364 ft=1 fh=65d7fe9609cd6c74 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\PROGRAMS\CCleaner 5.00.5\ccsetup500.exe"
sh=205EA3A873C765FF2E0F78FB1834D6EB44C21BF3 ft=1 fh=a409751ddc77dac3 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\PROGRAMS\CCleaner 5.01.5075\ccsetup501.exe"
sh=976D24D060C8F9B655B5EC01472194B9DA6C190C ft=1 fh=1966d8d77ea974eb vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\PROGRAMS\CCleaner 5.03.5128\ccsetup503.exe"
sh=95515E5CD54F8D3B375FAFB34E53C0C1D2E7C344 ft=1 fh=00a7bfbc17a0357b vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\PROGRAMS\CCleaner 5.04.5151\ccsetup504.exe"
sh=328B0F49B27F0038AB09739112AFFDFA74BB2E5E ft=1 fh=5320e58612031249 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\PROGRAMS\Clicky Gone\CDBurnerXP 4.4.0\cdbxp_setup_4.4.0.2905.exe"
sh=32DDA4E225454C9E905835218991FF292B8BB188 ft=1 fh=9ff1f133724729e0 vn="Win32/Toolbar.Conduit potentially unwanted application" ac=I fn="C:\PROGRAMS\IsoBuster 4.0\isobuster_all_lang.exe"
sh=2DD5D5F0DE55BF4E5C7F614D51C117C493007A16 ft=1 fh=b4dc6cc396eaecd0 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\PROGRAMS\PDF - PDFMate PDF Merger\setup_free_pdf_merger.exe"
sh=D5C6A637D1BF0D61F60BBF293FFF5133307DB528 ft=1 fh=f46e862e906b9486 vn="Win32/InstallMonetizer.AN potentially unwanted application" ac=I fn="C:\PROGRAMS\PicPick 3.3.0\picpick_inst.exe"
sh=F6A2FFF6E12DDA10C85E740D9E9A5F83102F1D51 ft=1 fh=3489e83bfbbdf76a vn="Win32/InstallMonetizer.AN potentially unwanted application" ac=I fn="C:\PROGRAMS\PicPick 3.3.1\picpick_inst.exe"
sh=18B8A0281FF6939067B7EC17822D66E0E1BEB1E8 ft=1 fh=6bf31751ff120e6e vn="Win32/InstallMonetizer.AN potentially unwanted application" ac=I fn="C:\PROGRAMS\PicPick 3.3.2\picpick_inst.exe"
sh=3ADA6E6FC7B02C8C0A57B27A45BC54CA3E50C0CF ft=1 fh=f12fab6de038a762 vn="a variant of Win32/SoftPulse.AE potentially unwanted application" ac=I fn="C:\Users\Dad\Documents\EGDownloads\Java.exe"
sh=5DD2CA5FCB2B027F53928D38CF77F095AEDC9747 ft=1 fh=21651be2fe378002 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="C:\Users\Dad\Documents\MAGIX Downloads\Installationsmanager\Xtreme_Photo_Graphic_Designer_5_Silver_en-GB_110318_12-38_5_1_2_14745.exe"
 

 



#10 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:46 AM

Posted 15 May 2015 - 01:41 PM


lesestoff.png

Can you please tell me which problems still persist now?

Step 1

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste the log in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#11 Disceli

Disceli
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 15 May 2015 - 05:58 PM

I can now access all of bleepingcomputer.com and all the sections of the forum.  Thanks.

 

Unfortunately, most of the problems with IE11 remain.

 

1.  The proxy server has gone. :)

 

2, 3, 4, 5. No change.  :(

 

IE11 still crashes every time I use it, particularly when the page contains video.  I can't login to Outlook.com or log-in to other sites.

 

2015-05-15_232628.jpg

 

These sites won't open at all:

 

2015-05-15_232448.jpg

 

2015-05-15_232551.jpg

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 14-05-2015 02
Ran by Dad (administrator) on DAD-PC on 15-05-2015 23:49:20
Running from C:\PROGRAMS\FRST64 - 2015-05-14
Loaded Profiles: Dad & CCleaner-Test & Guest (Available profiles: Dad & CCleaner-Test & Guest)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
() C:\Program Files (x86)\Zentimo\ZentimoService.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Alcatel-Lucent) C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\MAHostService.exe
() C:\Program Files\COMODO\COMODO Programs Manager\CPMservice.exe
(Joyent, Inc) C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\node.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EASEUS\Todo Backup\bin\Agent.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\pcCMService.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
() C:\Windows\PLFSetI.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(The Eraser Project) C:\Program Files\Eraser\Eraser.exe
() C:\Program Files (x86)\WizMouse\WizMouse.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AnVir Software) C:\Program Files (x86)\AnVir Task Manager\AnVir.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(NTeWORKS) C:\Program Files (x86)\PicPick\picpick.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(DonationCoder) C:\Program Files (x86)\ScreenshotCaptor\ScreenshotCaptor.exe
(DuckLink Software) C:\Program Files (x86)\DuckLink\DuckCapture\DuckCapture.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Crystal Rich Ltd) C:\Program Files (x86)\Zentimo\Zentimo.exe
() C:\Program Files (x86)\FastStone Capture\FSCapture.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EASEUS\Todo Backup\bin\EuWatch.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EASEUS\Todo Backup\bin\TrayNotify.exe
(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
(Applian Technologies, Inc.) C:\Program Files (x86)\Freecorder\FLVSrvc.exe
(SSC Localization Group) C:\Program Files (x86)\SSC Service Utility\ssc_serv.exe
(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\avastui.exe
(Zemana Ltd.) C:\Program Files (x86)\AntiLogger\AntiLogger.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9913376 2009-12-29] (Realtek Semiconductor)
HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-04-17] (Egis Technology Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1890088 2009-12-10] (Synaptics Incorporated)
HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [206208 2010-01-13] ()
HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860704 2010-03-17] (Acer Incorporated)
HKLM\...\Run: [Eraser] => C:\Program Files\Eraser\Eraser.exe [980368 2011-11-05] (The Eraser Project)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-12-24] (Intel Corporation)
HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-04-17] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201584 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [407920 2010-03-11] (Egis Technology Inc.)
HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [260608 2010-03-09] (NewTech Infosystems, Inc.)
HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [908368 2010-04-08] (Dritek System Inc.)
HKLM-x32\...\Run: [EaseUs Watch] => C:\Program Files (x86)\EASEUS\Todo Backup\bin\EuWatch.exe [69000 2011-04-22] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [EaseUs Tray] => C:\Program Files (x86)\EASEUS\Todo Backup\bin\TrayNotify.exe [733576 2011-04-25] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [Freecorder FLV Service] => C:\Program Files (x86)\Freecorder\FLVSrvc.exe [167936 2011-03-24] (Applian Technologies, Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-02-13] (Apple Inc.)
HKLM-x32\...\Run: [SSC Service Utility] => C:\Program Files (x86)\SSC Service Utility\ssc_serv.exe [665600 2007-10-09] (SSC Localization Group)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-12] (Avast Software s.r.o.)
HKLM-x32\...\Run: [AntiLogger] => C:\Program Files (x86)\AntiLogger\AntiLogger.exe [19362728 2014-03-26] (Zemana Ltd.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1021128 2014-12-03] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2618680 2015-04-08] (Malwarebytes Corporation)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\...\Run: [AnVir Task Manager] => C:\Program Files (x86)\AnVir Task Manager\anvir.exe [6071480 2012-02-22] (AnVir Software)
HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\...\Run: [PicPick Start] => C:\Program Files (x86)\PicPick\picpick.exe [13165400 2014-03-11] (NTeWORKS)
HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\...\Run: [Screenshot Captor] => C:\Program Files (x86)\ScreenshotCaptor\ScreenshotCaptor.exe [7944888 2013-12-03] (DonationCoder)
HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\...\Run: [DuckCapture] => C:\Program Files (x86)\DuckLink\DuckCapture\DuckCapture.exe [436736 2011-11-03] (DuckLink Software)
HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8202008 2015-04-08] (Piriform Ltd)
HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7799576 2015-05-15] (SUPERAntiSpyware)
HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\...\Run: [EagleGet] => C:\Program Files (x86)\EagleGet\EagleGet.exe [1239552 2014-04-24] (EagleGet.com)
HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\...\Run: [Zentimo xStorage Manager] => C:\Program Files (x86)\Zentimo\Zentimo.exe [2068480 2011-12-09] (Crystal Rich Ltd)
HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\...\RunOnce: [Adobe Speed Launcher] => 1431697305
HKU\S-1-5-21-1050699504-4118538850-2090742069-1034\...\Run: [EagleGet] => C:\Program Files (x86)\EagleGet\EagleGet.exe [1239552 2014-04-24] (EagleGet.com)
HKU\S-1-5-21-1050699504-4118538850-2090742069-1034\...\RunOnce: [Adobe Speed Launcher] => 1429544641
HKU\S-1-5-21-1050699504-4118538850-2090742069-1034\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Acer.scr [453152 2009-12-24] ()
HKU\S-1-5-21-1050699504-4118538850-2090742069-501\...\RunOnce: [Adobe Speed Launcher] => 1426543752
HKU\S-1-5-21-1050699504-4118538850-2090742069-501\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\Acer.scr [453152 2009-12-24] ()
Startup: C:\Users\Dad\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\FastStone Capture.lnk [2014-05-14]
ShortcutTarget: FastStone Capture.lnk -> C:\Program Files (x86)\FastStone Capture\FSCapture.exe ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-04-28] (Avast Software s.r.o.)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll [2010-04-17] (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll [2010-04-17] (Egis Technology Inc.)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://news.sky.com/
HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-21-1050699504-4118538850-2090742069-1001 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_enGB411
SearchScopes: HKU\S-1-5-21-1050699504-4118538850-2090742069-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_enGB411
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2015-04-16] (Oracle Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-04-03] (Avast Software s.r.o.)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2015-04-16] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-04-16] (Oracle Corporation)
BHO-x32: EGet Class -> {824F251E-D74A-4d56-B998-CA05CF369A13} -> C:\Program Files (x86)\EagleGet\eagleSniffer.dll [2014-04-24] (EagleGet.com)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-04-03] (Avast Software s.r.o.)
BHO-x32: Windows Live Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-04-16] (Oracle Corporation)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll [2009-07-26] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
 
FireFox:
========
FF ProfilePath: C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\e50b4zms.default
FF Plugin: @java.com/DTPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2015-04-16] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.79.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2015-04-16] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2012-08-15] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-04-16] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-04-16] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8081.0709 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2009-07-10] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll [2012-10-05] (Alcatel-Lucent)
FF Plugin-x32: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll [2011-12-06] (Alcatel-Lucent)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-29] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-02-27] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1050699504-4118538850-2090742069-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll [2013-03-12] (Amazon.com, Inc.)
FF Plugin HKU\S-1-5-21-1050699504-4118538850-2090742069-1001: eagleget.com/EagleGet -> C:\Program Files (x86)\EagleGet\npEagleget.dll [2014-04-24] (www.eagleget.com)
FF Plugin HKU\S-1-5-21-1050699504-4118538850-2090742069-1001: egtcps.com/captures -> C:\Program Files (x86)\EagleGet\captures.dll [2014-04-24] (www.eagleget.com)
FF Extension: EagleGet - C:\Users\Dad\AppData\Roaming\Mozilla\Firefox\Profiles\e50b4zms.default\Extensions\eagleget_ffext@eagleget.com.xpi [2015-05-02]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-06-26]
 
Chrome: 
=======
CHR Profile: C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-29]
CHR Extension: (Google Docs) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-29]
CHR Extension: (Google Drive) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-29]
CHR Extension: (YouTube) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-29]
CHR Extension: (Google Search) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-29]
CHR Extension: (Full Page Screen Capture) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdpohaocaechififmbbbbbknoalclacl [2015-04-29]
CHR Extension: (Google Sheets) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-29]
CHR Extension: (Print this page with CleanPrint) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\fklmmmdcofimkjmfjdnobmmgmefbapkf [2015-04-29]
CHR Extension: (Bookmark Manager) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-29]
CHR Extension: (Avast Online Security) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-04-29]
CHR Extension: (Flubit Extension) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\imfdokopehhkecohfljakjagcgohinnc [2015-04-29]
CHR Extension: (EagleGet Free Downloader) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\kaebhgioafceeldhgjmendlfhbfjefmo [2015-05-02]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-29]
CHR Extension: (Google Wallet) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-29]
CHR Extension: (Print Friendly & PDF) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohlencieiipommannpdfcmfdpjjmeolj [2015-04-29]
CHR Extension: (Gmail) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-29]
CHR Extension: (History Trends Unlimited) - C:\Users\Dad\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnmchffiealhkdloeffcdnbgdnedheme [2015-04-29]
CHR HKU\S-1-5-21-1050699504-4118538850-2090742069-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [kaebhgioafceeldhgjmendlfhbfjefmo] - C:\Program Files (x86)\EagleGet\addon\eagleget_cext@eagleget.com.crx [2015-05-02]
CHR HKLM-x32\...\Chrome\Extension: [kaebhgioafceeldhgjmendlfhbfjefmo] - C:\Program Files (x86)\EagleGet\addon\eagleget_cext@eagleget.com.crx [2015-05-02]
 
==================== Services (Whitelisted) =================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-04-28] (Avast Software s.r.o.)
R2 BT Help Wizard; C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\MAHostService.exe [321024 2014-04-09] (Alcatel-Lucent) [File not signed]
R2 CPMService; C:\Program Files\COMODO\COMODO Programs Manager\CPMService.exe [116032 2011-09-05] ()
R2 EASEUS Agent; C:\Program Files (x86)\EASEUS\Todo Backup\bin\Agent.exe [56200 2011-04-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG) [File not signed]
S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®) [File not signed]
S2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2015-05-15] (SurfRight B.V.)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [656184 2015-04-08] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-04-17] (Egis Technology Inc.)
R2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [250368 2010-03-09] (NewTech Infosystems, Inc.) [File not signed]
R2 pcCMService64; C:\Program Files\Common Files\Motive\pcCMService.exe [467256 2013-11-11] (Alcatel-Lucent)
S3 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [994360 2011-10-14] (Secunia)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 ZentimoService; C:\Program Files (x86)\Zentimo\ZentimoService.exe [555844 2011-12-09] () [File not signed]
 
==================== Drivers (Whitelisted) ====================
 
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 A2DDA; C:\EEK\bin\a2ddax64.sys [26176 2015-04-09] (Emsisoft GmbH)
R1 AntiLog32; C:\Windows\system32\drivers\AntiLog64.sys [49752 2014-06-20] (Zemana Ltd.)
S3 Apowersoft_AudioDevice; C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [31920 2013-06-02] (Wondershare)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-04-28] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-04-28] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-04-28] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-04-28] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-04-28] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-04-28] (Avast Software s.r.o.)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-04-28] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-04-28] ()
R3 bbcap; C:\Windows\System32\DRIVERS\bbcap.sys [4608 2011-05-26] (Windows ® Codename Longhorn DDK provider)
S3 cleanhlp; C:\EEK\bin\cleanhlp64.sys [57024 2015-04-09] (Emsisoft GmbH)
R0 cumon; C:\Windows\System32\drivers\cumon.sys [205512 2011-09-05] (Windows ® Win 7 DDK provider)
S3 DigiartyVirtualCDBus; C:\Windows\System32\drivers\DigiartyVirtualCDBus.sys [276256 2015-01-07] (Digiarty Software, Inc.)
S3 epmntdrv; C:\Windows\system32\epmntdrv.sys [16776 2011-07-29] () [File not signed]
S3 epmntdrv; C:\Windows\SysWOW64\epmntdrv.sys [14216 2011-07-29] () [File not signed]
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [63064 2015-04-08] ()
R0 EUBAKUP; C:\Windows\System32\drivers\eubakup.sys [36232 2011-04-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [42888 2011-04-22] () [File not signed]
R3 EUDISK; C:\Windows\system32\drivers\eudisk.sys [193928 2011-04-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R1 EUDSKACS; C:\Windows\system32\drivers\eudskacs.sys [17800 2011-04-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
R0 EUFS; C:\Windows\System32\drivers\eufs.sys [26504 2011-04-22] (CHENGDU YIWO Tech Development Co., Ltd) [File not signed]
S3 EuGdiDrv; C:\Windows\system32\EuGdiDrv.sys [9096 2011-07-29] () [File not signed]
S3 EuGdiDrv; C:\Windows\SysWOW64\EuGdiDrv.sys [8456 2011-07-29] () [File not signed]
R0 Evdd; C:\Windows\System32\drivers\evdd.sys [19568 2011-09-05] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]
S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 eagleGet; System32\Drivers\eagleGet.sys [X]
S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 WISOVD; \??\C:\Program Files (x86)\WinISO Computing\WinISO\bin\driver\WISOVD_win7_x64.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
 
 
==================== One Month Created Files and Folders ========
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-15 14:13 - 2015-05-15 14:13 - 00000000 ____D () C:\Program Files (x86)\ESET
2015-05-15 14:10 - 2015-05-15 14:10 - 02347384 _____ (ESET) C:\Users\Dad\Desktop\esetsmartinstaller_enu.exe
2015-05-14 16:18 - 2015-05-14 16:18 - 00033820 _____ () C:\ComboFix.txt
2015-05-14 16:02 - 2015-05-14 16:02 - 00000546 _____ () C:\Windows\PFRO.log
2015-05-14 15:45 - 2015-05-14 16:19 - 00000000 ____D () C:\ComboFix
2015-05-14 15:45 - 2015-05-14 16:18 - 00000000 ____D () C:\Qoobox
2015-05-14 15:45 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2015-05-14 15:45 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2015-05-14 15:45 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-05-14 15:45 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-05-14 15:45 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-05-14 15:45 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2015-05-14 15:45 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2015-05-14 15:45 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2015-05-14 15:44 - 2015-05-14 16:13 - 00000000 ____D () C:\Windows\erdnt
2015-05-14 15:18 - 2015-05-14 15:18 - 05623645 ____R (Swearware) C:\Users\Dad\Desktop\ComboFix.exe
2015-05-14 14:59 - 2015-05-14 14:59 - 00001232 _____ () C:\Users\Dad\Desktop\Revo Uninstaller.lnk
2015-05-14 13:37 - 2015-05-15 14:18 - 00000336 _____ () C:\Windows\setupact.log
2015-05-14 13:37 - 2015-05-14 13:37 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-07 22:08 - 2015-05-07 22:08 - 00001140 _____ () C:\Users\Public\Desktop\Kvisoft PDF Splitter.lnk
2015-05-07 22:08 - 2015-05-07 22:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kvisoft
2015-05-07 22:08 - 2015-05-07 22:08 - 00000000 ____D () C:\Program Files (x86)\Kvisoft
2015-05-07 21:59 - 2015-05-07 21:59 - 00001222 _____ () C:\Users\Dad\Desktop\PDFMate Free PDF Merger.lnk
2015-05-07 21:59 - 2015-05-07 21:59 - 00000000 ____D () C:\Users\Dad\Documents\Anvsoft
2015-05-07 21:59 - 2015-05-07 21:59 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\Anvsoft
2015-05-07 21:59 - 2015-05-07 21:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnvSoft
2015-05-07 21:59 - 2015-05-07 21:59 - 00000000 ____D () C:\Program Files (x86)\AnvSoft
2015-05-07 21:42 - 2015-05-07 21:42 - 00000000 ____D () C:\ProgramData\A-PDF
2015-05-07 21:41 - 2015-05-07 21:41 - 00000922 _____ () C:\Users\Dad\Desktop\A-PDF Page Cut.lnk
2015-05-07 21:41 - 2015-05-07 21:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\A-PDF Page Cut
2015-05-07 21:41 - 2015-05-07 21:41 - 00000000 ____D () C:\Program Files (x86)\A-PDF Page Cut
2015-05-04 21:34 - 2015-05-15 23:49 - 00000000 ____D () C:\FRST
2015-05-02 18:41 - 2015-05-02 18:41 - 00000975 _____ () C:\Users\Public\Desktop\EagleGet.lnk
2015-05-02 18:41 - 2015-05-02 18:41 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\EagleGet
2015-05-02 18:41 - 2015-05-02 18:41 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EagleGet
2015-05-02 18:41 - 2015-05-02 18:41 - 00000000 ____D () C:\ProgramData\EagleGet
2015-05-02 18:41 - 2015-05-02 18:41 - 00000000 ____D () C:\Program Files (x86)\EagleGet
2015-05-02 16:14 - 2015-05-02 16:15 - 12023239 _____ () C:\Windows\EventSys.txt
2015-05-02 16:14 - 2015-05-02 16:14 - 00000000 ____D () C:\Users\Dad\Desktop\SF_02-05-2015
2015-05-02 03:00 - 2015-05-02 03:00 - 00000598 _____ () C:\Users\Dad\Desktop\JRT.txt
2015-05-02 02:51 - 2015-04-30 08:30 - 02716306 _____ (Thisisu) C:\Users\Dad\Desktop\JRT_NEW.exe
2015-05-01 20:08 - 2015-05-01 20:08 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\Subhra Das Gupta
2015-05-01 20:02 - 2015-05-01 20:02 - 00502730 _____ () C:\Users\Dad\Downloads\xdm_4.7.exe
2015-04-30 22:14 - 2015-04-30 22:14 - 05194974 _____ (EagleGet ) C:\Users\Dad\Downloads\eagleget_1.1.7.8.exe
2015-04-30 22:13 - 2015-04-30 22:13 - 05192937 _____ (EagleGet ) C:\Users\Dad\Downloads\eagleget_1.1.7.9.exe
2015-04-30 22:12 - 2015-04-30 22:12 - 05193287 _____ (EagleGet ) C:\Users\Dad\Downloads\eagleget_1.1.8.0.exe
2015-04-30 22:11 - 2015-04-30 22:11 - 05194228 _____ (EagleGet ) C:\Users\Dad\Downloads\eagleget_1.1.8.2.exe
2015-04-30 22:11 - 2015-04-30 22:11 - 05192411 _____ (EagleGet ) C:\Users\Dad\Downloads\eagleget_1.1.8.3.exe
2015-04-30 21:58 - 2015-04-30 21:58 - 00076288 _____ (Malwarebytes Corporation) C:\Users\Dad\Downloads\mbae-support.exe
2015-04-29 16:45 - 2015-04-29 16:45 - 00007605 _____ () C:\Users\Dad\AppData\Local\Resmon.ResmonCfg
2015-04-29 00:54 - 2015-05-13 17:07 - 00002147 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-04-29 00:54 - 2015-04-29 00:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-04-29 00:53 - 2015-05-15 22:58 - 00000892 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-04-29 00:53 - 2015-05-15 14:41 - 00000888 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-04-29 00:53 - 2015-04-29 00:53 - 00003888 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-04-29 00:53 - 2015-04-29 00:53 - 00003636 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-04-29 00:46 - 2015-04-29 00:46 - 00880208 _____ (Google Inc.) C:\Users\Dad\Downloads\ChromeSetup.exe
2015-04-29 00:33 - 2015-04-29 00:33 - 06114448 _____ () C:\Users\Dad\Desktop\bookmarks_29_04_2015.html
2015-04-28 14:39 - 2015-04-28 14:39 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-04-28 14:39 - 2015-04-28 14:39 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-04-26 22:46 - 2015-04-26 22:46 - 00001861 _____ () C:\Users\Public\Desktop\HitmanPro.lnk
2015-04-26 22:46 - 2015-04-26 22:46 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2015-04-26 22:46 - 2015-04-26 22:46 - 00000000 ____D () C:\Program Files\HitmanPro
2015-04-26 22:45 - 2015-05-04 23:10 - 00000000 ____D () C:\ProgramData\HitmanPro
2015-04-26 21:40 - 2015-04-26 21:40 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-DAD-PC-Windows-7-Home-Premium-(64-bit).dat
2015-04-26 21:40 - 2015-04-26 21:40 - 00000000 ____D () C:\RegBackup
2015-04-25 17:26 - 2015-05-15 14:41 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2015-04-25 17:26 - 2015-04-25 17:26 - 00001772 _____ () C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2015-04-25 17:26 - 2015-04-25 17:26 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\SUPERAntiSpyware.com
2015-04-25 17:26 - 2015-04-25 17:26 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2015-04-25 17:26 - 2015-04-25 17:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-04-25 00:15 - 2015-05-14 18:55 - 00000000 ____D () C:\AdwCleaner
2015-04-23 17:16 - 2013-06-01 17:34 - 00310272 _____ () C:\Users\Dad\Downloads\SF_Diagnostic_Tool.exe
2015-04-23 14:24 - 2015-04-23 14:25 - 00000000 ____D () C:\Program Files\CCleaner
2015-04-23 14:24 - 2015-04-23 14:24 - 00002782 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-04-23 14:24 - 2015-04-23 14:24 - 00000786 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2015-04-23 14:24 - 2015-04-23 14:24 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-04-21 22:01 - 2015-04-21 22:02 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\Mozilla
2015-04-21 22:01 - 2015-04-21 22:02 - 00000000 ____D () C:\Users\Dad\AppData\Local\Mozilla
2015-04-21 22:01 - 2015-04-21 22:01 - 00001127 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-04-21 22:01 - 2015-04-21 22:01 - 00001115 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2015-04-21 22:01 - 2015-04-21 22:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-04-21 21:59 - 2015-04-21 21:59 - 00243240 _____ () C:\Users\Dad\Downloads\Firefox Setup Stub 37.0.2.exe
2015-04-21 20:37 - 2015-04-21 20:38 - 05747294 _____ (EagleGet ) C:\Users\Dad\Downloads\eagleget_setup.exe
2015-04-21 18:59 - 2015-04-21 19:06 - 00000000 ____D () C:\ProgramData\Package Cache
2015-04-19 20:12 - 2015-04-19 20:12 - 00000000 ____D () C:\Users\CCleaner-Test\AppData\Local\Eraser 6
2015-04-19 20:04 - 2015-04-19 20:04 - 00000000 ____D () C:\Users\CCleaner-Test\AppData\Roaming\FastStone
2015-04-19 19:54 - 2015-04-20 16:44 - 00000000 ____D () C:\Users\CCleaner-Test\AppData\Local\CrashDumps
2015-04-19 19:49 - 2015-04-19 19:49 - 00128912 _____ () C:\Users\CCleaner-Test\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-19 19:49 - 2015-04-19 19:49 - 00000000 ____D () C:\Users\CCleaner-Test\Documents\Freecorder
2015-04-19 19:49 - 2015-04-19 19:49 - 00000000 ____D () C:\Users\CCleaner-Test\AppData\Roaming\Intel Corporation
2015-04-19 19:49 - 2015-04-19 19:49 - 00000000 ____D () C:\Users\CCleaner-Test\AppData\Roaming\AVAST Software
2015-04-19 19:49 - 2015-04-19 19:49 - 00000000 ____D () C:\Users\CCleaner-Test\AppData\Roaming\Apple Computer
2015-04-19 19:49 - 2015-04-19 19:49 - 00000000 ____D () C:\Users\CCleaner-Test\AppData\Local\Zemana
2015-04-19 19:49 - 2015-04-19 19:49 - 00000000 ____D () C:\Users\CCleaner-Test\AppData\Local\FLVService
2015-04-19 19:49 - 2015-04-19 19:49 - 00000000 ____D () C:\Users\CCleaner-Test\AppData\Local\EgisTec IPS
2015-04-19 19:47 - 2015-04-19 19:55 - 00002223 _____ () C:\Users\CCleaner-Test\Desktop\Google Chrome.lnk
2015-04-19 19:47 - 2015-04-19 19:47 - 00001381 _____ () C:\Users\CCleaner-Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-04-19 19:47 - 2015-04-19 19:47 - 00000000 ____D () C:\Users\CCleaner-Test\AppData\Roaming\Adobe
2015-04-19 19:47 - 2015-04-19 19:47 - 00000000 ____D () C:\Users\CCleaner-Test\AppData\Local\Google
2015-04-19 19:45 - 2015-04-19 19:45 - 00000000 ____D () C:\Users\CCleaner-Test\AppData\Roaming\EagleGet
2015-04-19 19:45 - 2015-04-19 19:45 - 00000000 ____D () C:\Users\CCleaner-Test\AppData\Local\VirtualStore
2015-04-19 19:44 - 2015-04-19 19:46 - 00000000 ____D () C:\Users\CCleaner-Test
2015-04-19 19:44 - 2015-04-19 19:44 - 00000020 ___SH () C:\Users\CCleaner-Test\ntuser.ini
2015-04-19 19:44 - 2015-03-27 18:08 - 00000000 ____D () C:\Users\CCleaner-Test\AppData\Roaming\Macromedia
2015-04-19 19:44 - 2011-02-20 20:01 - 00000000 ____D () C:\Users\CCleaner-Test\AppData\Local\Microsoft Help
2015-04-19 19:44 - 2009-07-14 05:54 - 00000000 ___RD () C:\Users\CCleaner-Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-04-19 19:44 - 2009-07-14 05:49 - 00000000 ___RD () C:\Users\CCleaner-Test\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-04-17 20:53 - 2015-04-17 20:53 - 00000423 _____ () C:\Users\Dad\Desktop\repair script.uvk
2015-04-17 19:28 - 2015-04-21 19:06 - 00000000 ____D () C:\Program Files\UVK - Ultra Virus Killer
2015-04-17 19:28 - 2015-04-17 19:28 - 00001770 _____ () C:\Users\Public\Desktop\UVK - Ultra Virus Killer.lnk
2015-04-17 19:28 - 2015-04-17 19:28 - 00000000 ____D () C:\ProgramData\UVK
2015-04-17 19:28 - 2015-04-17 19:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UVK - Ultra Virus Killer
2015-04-17 16:29 - 2015-04-17 16:29 - 00001213 _____ () C:\Users\Dad\Desktop\Command Prompt.lnk
2015-04-17 02:36 - 2008-08-20 22:16 - 00000689 _____ () C:\Users\Dad\Desktop\Elevated Command Prompt.lnk
2015-04-16 20:26 - 2015-04-16 20:26 - 00000250 _____ () C:\Users\Dad\Downloads\redir
2015-04-16 17:50 - 2015-04-16 17:48 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-04-16 17:48 - 2015-04-16 17:48 - 00000000 ____D () C:\Program Files (x86)\Java
2015-04-16 17:47 - 2015-04-16 17:47 - 00000000 _____ () C:\Windows\SysWOW64\RENDEEC.tmp
2015-04-16 17:17 - 2015-04-16 17:17 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-04-16 17:17 - 2015-04-16 17:16 - 00320424 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2015-04-16 16:51 - 2015-04-16 17:16 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2015-04-16 16:51 - 2015-04-16 17:16 - 00189352 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2015-04-16 16:51 - 2015-04-16 17:16 - 00111016 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-04-16 16:50 - 2015-04-16 16:50 - 00000000 ____D () C:\Program Files\Java
2015-04-16 14:32 - 2015-03-25 04:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-04-16 14:32 - 2015-03-25 04:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-04-16 14:32 - 2015-03-25 04:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-04-16 14:32 - 2015-03-25 04:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-04-16 14:32 - 2015-03-25 04:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-04-16 14:32 - 2015-03-25 04:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-04-16 14:32 - 2015-03-25 04:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-04-16 14:32 - 2015-03-25 04:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-04-16 14:32 - 2015-03-25 04:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-04-16 14:32 - 2015-03-25 04:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-04-16 14:32 - 2015-03-25 04:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-04-16 14:32 - 2015-03-25 04:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-04-16 14:32 - 2015-03-25 04:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-04-16 14:32 - 2015-03-25 04:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-04-16 14:32 - 2015-03-25 04:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-04-16 14:32 - 2015-03-25 04:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-04-16 14:32 - 2015-03-23 04:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-04-16 14:32 - 2015-03-23 04:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-04-16 14:32 - 2015-03-23 04:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-04-16 14:32 - 2015-03-23 04:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-04-16 14:32 - 2015-03-23 04:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-04-16 14:32 - 2015-03-23 04:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-04-16 14:32 - 2015-03-23 04:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-04-16 14:32 - 2015-03-23 04:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-04-16 14:32 - 2015-03-17 06:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-04-16 14:32 - 2015-03-17 06:22 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-04-16 14:32 - 2015-03-17 06:22 - 00095672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-04-16 14:32 - 2015-03-17 06:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-04-16 14:32 - 2015-03-17 06:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-04-16 14:32 - 2015-03-17 06:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-04-16 14:32 - 2015-03-17 06:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-04-16 14:32 - 2015-03-17 06:16 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-04-16 14:32 - 2015-03-17 06:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-04-16 14:32 - 2015-03-17 06:16 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-04-16 14:32 - 2015-03-17 06:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-04-16 14:32 - 2015-03-17 06:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-04-16 14:32 - 2015-03-17 06:16 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-04-16 14:32 - 2015-03-17 06:16 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-04-16 14:32 - 2015-03-17 06:16 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-04-16 14:32 - 2015-03-17 06:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-04-16 14:32 - 2015-03-17 06:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-04-16 14:32 - 2015-03-17 06:16 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-04-16 14:32 - 2015-03-17 06:16 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-04-16 14:32 - 2015-03-17 06:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-04-16 14:32 - 2015-03-17 06:16 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-04-16 14:32 - 2015-03-17 06:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-04-16 14:32 - 2015-03-17 06:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-04-16 14:32 - 2015-03-17 06:16 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-04-16 14:32 - 2015-03-17 06:16 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-04-16 14:32 - 2015-03-17 06:16 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-04-16 14:32 - 2015-03-17 06:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-04-16 14:32 - 2015-03-17 06:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-04-16 14:32 - 2015-03-17 06:15 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-04-16 14:32 - 2015-03-17 06:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-04-16 14:32 - 2015-03-17 06:13 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-04-16 14:32 - 2015-03-17 06:13 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 06:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-04-16 14:32 - 2015-03-17 06:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-04-16 14:32 - 2015-03-17 05:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-04-16 14:32 - 2015-03-17 05:57 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-04-16 14:32 - 2015-03-17 05:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-04-16 14:32 - 2015-03-17 05:57 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-04-16 14:32 - 2015-03-17 05:57 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-04-16 14:32 - 2015-03-17 05:57 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-04-16 14:32 - 2015-03-17 05:57 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-04-16 14:32 - 2015-03-17 05:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-04-16 14:32 - 2015-03-17 05:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-04-16 14:32 - 2015-03-17 05:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-04-16 14:32 - 2015-03-17 05:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-04-16 14:32 - 2015-03-17 05:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-04-16 14:32 - 2015-03-17 05:56 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-04-16 14:32 - 2015-03-17 05:56 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-04-16 14:32 - 2015-03-17 05:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-04-16 14:32 - 2015-03-17 05:56 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-04-16 14:32 - 2015-03-17 05:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-04-16 14:32 - 2015-03-17 05:53 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-04-16 14:32 - 2015-03-17 05:53 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 04:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-04-16 14:32 - 2015-03-17 04:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-04-16 14:32 - 2015-03-17 04:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 04:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 04:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-04-16 14:32 - 2015-03-17 04:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-04-16 14:32 - 2015-03-10 04:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-04-16 14:32 - 2015-03-10 04:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-04-16 14:32 - 2015-03-10 04:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-04-16 14:32 - 2015-03-10 04:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-04-16 14:32 - 2015-03-05 06:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-04-16 14:32 - 2015-03-05 05:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-04-16 14:32 - 2015-02-25 04:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-04-16 14:29 - 2015-04-02 01:17 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-04-16 14:29 - 2015-04-02 00:49 - 00342704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-04-16 14:29 - 2015-03-13 05:32 - 24980480 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-04-16 14:29 - 2015-03-13 05:25 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-04-16 14:29 - 2015-03-13 05:25 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-04-16 14:29 - 2015-03-13 05:09 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-04-16 14:29 - 2015-03-13 05:08 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-04-16 14:29 - 2015-03-13 05:08 - 00417280 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-04-16 14:29 - 2015-03-13 05:08 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-04-16 14:29 - 2015-03-13 05:07 - 02886144 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-04-16 14:29 - 2015-03-13 05:06 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-04-16 14:29 - 2015-03-13 05:00 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-04-16 14:29 - 2015-03-13 04:59 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-04-16 14:29 - 2015-03-13 04:55 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-04-16 14:29 - 2015-03-13 04:54 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-04-16 14:29 - 2015-03-13 04:54 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-04-16 14:29 - 2015-03-13 04:53 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-04-16 14:29 - 2015-03-13 04:50 - 06025216 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-04-16 14:29 - 2015-03-13 04:44 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-04-16 14:29 - 2015-03-13 04:42 - 19695616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-04-16 14:29 - 2015-03-13 04:42 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-04-16 14:29 - 2015-03-13 04:40 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-04-16 14:29 - 2015-03-13 04:32 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-04-16 14:29 - 2015-03-13 04:28 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-04-16 14:29 - 2015-03-13 04:28 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-04-16 14:29 - 2015-03-13 04:27 - 00340992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-04-16 14:29 - 2015-03-13 04:27 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-04-16 14:29 - 2015-03-13 04:27 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-04-16 14:29 - 2015-03-13 04:26 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-04-16 14:29 - 2015-03-13 04:26 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-04-16 14:29 - 2015-03-13 04:23 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-04-16 14:29 - 2015-03-13 04:22 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-04-16 14:29 - 2015-03-13 04:20 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-04-16 14:29 - 2015-03-13 04:20 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-04-16 14:29 - 2015-03-13 04:17 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-04-16 14:29 - 2015-03-13 04:16 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-04-16 14:29 - 2015-03-13 04:15 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-04-16 14:29 - 2015-03-13 04:08 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-04-16 14:29 - 2015-03-13 04:07 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-04-16 14:29 - 2015-03-13 04:06 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-04-16 14:29 - 2015-03-13 04:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-04-16 14:29 - 2015-03-13 04:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-04-16 14:29 - 2015-03-13 04:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-04-16 14:29 - 2015-03-13 04:00 - 14397440 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-04-16 14:29 - 2015-03-13 03:57 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-04-16 14:29 - 2015-03-13 03:56 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-04-16 14:29 - 2015-03-13 03:54 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-04-16 14:29 - 2015-03-13 03:49 - 04305408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-04-16 14:29 - 2015-03-13 03:45 - 02358784 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-04-16 14:29 - 2015-03-13 03:44 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-04-16 14:29 - 2015-03-13 03:43 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-04-16 14:29 - 2015-03-13 03:42 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-04-16 14:29 - 2015-03-13 03:34 - 12825600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-04-16 14:29 - 2015-03-13 03:33 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-04-16 14:29 - 2015-03-13 03:22 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-04-16 14:29 - 2015-03-13 03:20 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-04-16 14:29 - 2015-03-13 03:16 - 01311232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-04-16 14:29 - 2015-03-13 03:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-04-16 14:28 - 2015-03-04 05:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-04-16 14:28 - 2015-03-04 05:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-04-16 14:28 - 2015-03-04 05:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-04-16 02:49 - 2015-04-16 02:49 - 00001037 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
2015-04-16 02:49 - 2015-04-16 02:49 - 00000000 ____D () C:\Users\Dad\AppData\Local\Secunia PSI
2015-04-16 02:49 - 2015-04-16 02:49 - 00000000 ____D () C:\Program Files (x86)\Secunia
 
==================== One Month Modified Files and Folders =======
 
(If an entry is included in the fixlist, the file\folder will be moved.)
 
2015-05-15 23:51 - 2014-03-31 21:45 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\NetSpeedMonitor
2015-05-15 23:42 - 2015-02-14 19:44 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-15 23:42 - 2012-09-08 22:44 - 00003910 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{1C613D74-CEEC-477F-BF08-7A7D5DD8C6CC}
2015-05-15 23:26 - 2014-06-07 06:05 - 00000000 ____D () C:\Users\Dad\AppData\Local\CrashDumps
2015-05-15 21:40 - 2012-08-19 23:41 - 01313806 _____ () C:\Windows\WindowsUpdate.log
2015-05-15 19:38 - 2012-08-20 01:53 - 00000000 ____D () C:\Users\Dad\AppData\Local\FLVService
2015-05-15 14:41 - 2012-01-26 07:15 - 00000320 _____ () C:\Windows\Tasks\GlaryInitialize.job
2015-05-15 14:41 - 2011-07-20 14:36 - 00003296 _____ () C:\Windows\System32\Tasks\WizMouse
2015-05-15 14:27 - 2009-07-14 05:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-15 14:27 - 2009-07-14 05:45 - 00018736 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-15 14:18 - 2011-06-01 19:57 - 00000031 _____ () C:\Windows\system32\bbcap.err
2015-05-15 14:18 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-15 14:16 - 2015-04-13 17:51 - 00011994 _____ () C:\Windows\CUAppUsage.Dat
2015-05-15 13:22 - 2012-08-06 17:03 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-05-14 19:09 - 2014-07-14 15:52 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-14 16:18 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-05-14 16:07 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-05-14 15:45 - 2009-07-14 06:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-05-14 15:17 - 2011-02-20 23:02 - 00000000 ____D () C:\FILES
2015-05-14 14:59 - 2011-03-09 00:29 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2015-05-14 01:50 - 2015-03-27 18:23 - 00000000 ____D () C:\Users\Dad\AppData\Roaming\vlc
2015-05-12 19:11 - 2015-04-09 16:10 - 00000000 ____D () C:\EEK
2015-05-12 01:11 - 2015-02-23 23:22 - 00000000 ____D () C:\ProgramData\Malwarebytes Anti-Exploit
2015-05-05 00:18 - 2012-08-16 23:10 - 00000000 ____D () C:\ERRORS
2015-05-02 20:21 - 2012-07-26 03:13 - 00000000 ____D () C:\Windows\Minidump
2015-05-02 02:49 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-04-29 13:14 - 2015-02-23 23:22 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2015-04-29 13:14 - 2015-02-23 23:22 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Exploit
2015-04-29 00:54 - 2010-12-25 14:50 - 00000000 ____D () C:\Users\Dad\AppData\Local\Google
2015-04-29 00:54 - 2010-04-21 11:59 - 00000000 ____D () C:\Program Files (x86)\Google
2015-04-28 14:39 - 2014-04-24 04:24 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-04-28 14:39 - 2013-12-29 02:33 - 00137288 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-04-28 14:39 - 2013-03-05 20:29 - 00272248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-04-28 14:39 - 2013-03-05 20:29 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-04-28 14:39 - 2012-06-26 06:32 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-04-28 14:39 - 2012-06-26 06:32 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-04-28 14:39 - 2012-06-26 06:32 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-04-28 14:39 - 2012-06-26 06:32 - 00089944 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-04-26 21:55 - 2014-07-14 15:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-04-26 21:55 - 2014-07-14 15:51 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-04-26 21:55 - 2012-11-27 02:35 - 00001070 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-04-24 19:10 - 2009-07-14 06:13 - 00782510 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-04-19 19:48 - 2009-07-14 05:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-04-17 21:09 - 2010-12-25 14:39 - 00128912 _____ () C:\Users\Dad\AppData\Local\GDIPFONTCACHEV1.DAT
2015-04-17 21:07 - 2009-07-14 05:45 - 00461184 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-04-17 21:01 - 2009-07-14 03:34 - 00000439 _____ () C:\Windows\win.ini
2015-04-17 20:58 - 2010-05-17 20:34 - 00000000 ____D () C:\ProgramData\Temp
2015-04-17 06:27 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2015-04-17 06:19 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-04-16 16:45 - 2015-02-14 19:44 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-04-16 16:45 - 2014-04-16 18:01 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-04-16 16:45 - 2014-04-16 18:01 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-04-16 15:00 - 2014-12-15 14:04 - 00000000 ____D () C:\Windows\system32\appraiser
2015-04-16 15:00 - 2014-04-24 01:59 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-04-16 15:00 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-04-16 14:54 - 2013-11-30 22:18 - 00766820 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-04-16 14:51 - 2013-07-22 19:43 - 00000000 ____D () C:\Windows\system32\MRT
2015-04-16 14:38 - 2011-03-09 04:19 - 128913832 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
 
==================== Files in the root of some directories =======
 
2011-03-09 04:44 - 2013-09-13 02:23 - 0001342 _____ () C:\Users\Dad\AppData\Roaming\wklnhst.dat
2015-01-04 04:07 - 2015-01-04 04:07 - 0211620 _____ () C:\Users\Dad\AppData\Local\ars.cache
2015-01-04 04:07 - 2015-01-04 04:07 - 0260404 _____ () C:\Users\Dad\AppData\Local\census.cache
2012-09-30 20:22 - 2012-09-30 20:22 - 0003584 _____ () C:\Users\Dad\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-19 02:38 - 2014-01-19 02:38 - 0000058 _____ () C:\Users\Dad\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
2014-06-17 06:01 - 2014-06-17 06:01 - 0000036 _____ () C:\Users\Dad\AppData\Local\housecall.guid.cache
2013-02-12 07:17 - 2013-02-12 07:17 - 0005020 _____ () C:\Users\Dad\AppData\Local\HWVendorDetection.log
2015-04-29 16:45 - 2015-04-29 16:45 - 0007605 _____ () C:\Users\Dad\AppData\Local\Resmon.ResmonCfg
2014-12-30 03:13 - 2014-12-30 03:13 - 0000010 _____ () C:\Users\Dad\AppData\Local\sponge.last.runtime.cache
2013-01-06 05:29 - 2013-01-17 05:43 - 0000040 ___SH () C:\ProgramData\.zreglib
2010-04-21 11:41 - 2010-01-27 15:40 - 0131472 _____ () C:\ProgramData\FullRemove.exe
 
Some content of TEMP:
====================
C:\Users\Dad\AppData\Local\Temp\ZAL6326.exe
C:\Users\Dad\AppData\Local\Temp\ZALF72B.exe
 
 
==================== Bamital & volsnap Check =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-05-14 15:37
 
==================== End Of Log ============================
 

 

 



#12 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:46 AM

Posted 16 May 2015 - 05:25 AM

Please try this:

https://support.microsoft.com/en-us/kb/318378


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#13 Disceli

Disceli
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 17 May 2015 - 07:31 PM

I've reset IE11 - Internet Options > Advanced > Reset > reboot - and it seems to have worked.  Thanks.

 

I also re-enabled each add-on and found that Eagleget might be a problem, so I've disabled it.

 

Everything now seems fine, touch wood!



#14 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:02:46 AM

Posted 18 May 2015 - 02:48 AM

It's good to hear that your problems appear to be solved. :)

combofix.pngUninstall Combofix:
Type "combofix /uninstall" in the run box (w7.png+R) and hit enter.
3w7i5uxa.png

That's it! abklatsch.gif
Your logs look clean to me at the moment. :thumbup2:
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody, however...
If I have helped you fix your PC, then please consider donating to continue the fight against malware: btn_donate_SM.gif
Thank you!


Clean Upcleanupm.PNG

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:

  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download delfix.pngDelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.

Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefore it's very important to always keep your software up-to-date.
The following software is outdated:

 

Java 7 Update 79

 

Tips

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#15 Disceli

Disceli
  • Topic Starter

  • Members
  • 33 posts
  • OFFLINE
  •  
  • Local time:12:46 AM

Posted 18 May 2015 - 05:33 PM

I've uninstalled everything and donated something as a thank-you.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users