Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Potential Bot infection - Windows 7 can't boot

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Re: Potential Bot infection - Windows 7 can't boot

Unread postby Davvy » August 3rd, 2015, 8:32 pm

First Log for i3 PC:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:02-08-2015 01
Ran by Mailan (administrator) on MAILAN-PC (03-08-2015 17:06:17)
Running from C:\Users\Mailan\Desktop\Malware Scan - FRST64
Loaded Profiles: Mailan (Available Profiles: Mailan)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Program Files (x86)\Cyberlink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
(CyberLink) C:\Program Files (x86)\Cyberlink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe
(CyberLink) C:\Program Files (x86)\Cyberlink\PowerDVD11\Common\MediaServer\CLMSServer.exe
(Cloud Engines) C:\Program Files\Pogoplug\dokanmnt.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
(Cloud Engines, Inc.) C:\Program Files\Pogoplug\HBPLUG\hbadmin.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\VS7DEBUG\mdm.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe
() C:\OEM\USBDECTION\USBS3S4Detection.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Silicondust USA Inc) C:\Program Files\Silicondust\HDHomeRun\hdhomerun_service.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
() C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9642528 2010-02-24] (Realtek Semiconductor)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2352072 2014-05-29] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-06-29] (Apple Inc.)
HKLM-x32\...\Run: [Hotkey Utility] => C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe [611872 2010-08-04] ()
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4377120 2015-06-19] (Fitbit, Inc.)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-587955097-2177950641-2578035670-1001\...\Run: [Google Update] => C:\Users\Mailan\AppData\Local\Google\Update\GoogleUpdate.exe [107912 2014-10-20] (Google Inc.)
HKU\S-1-5-21-587955097-2177950641-2578035670-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4377120 2015-06-19] (Fitbit, Inc.)
ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll [2010-05-26] (Egis Technology Inc.)
ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll [2010-05-26] (Egis Technology Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-587955097-2177950641-2578035670-1001\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.yahoo.com/
HKU\S-1-5-21-587955097-2177950641-2578035670-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-587955097-2177950641-2578035670-1001 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKU\S-1-5-21-587955097-2177950641-2578035670-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2013-05-08] (Adobe Systems Incorporated)
BHO-x32: Perk Prize Panel -> {47F3EB15-C230-4A0B-BE4B-D527FF483B48} -> C:\Program Files (x86)\Perk Prize Panel\pp.dll [2014-02-13] ()
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: inSite -> {74F6C5A9-0EAD-4a71-891E-376A838DF1F0} -> c:\program files (x86)\american express insite\inSiteIE.dll [2011-09-24] (American Express)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-07-21] (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21] (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-07-21] (Oracle Corporation)
Toolbar: HKLM-x32 - inSite - {E8558D71-5E4E-4217-B608-D2F5D3623AE3} - c:\program files (x86)\american express insite\inSiteIE.dll [2011-09-24] (American Express)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\Parameters: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{4AF60516-FC77-4154-BF02-3D0F383AF27D}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{599431E3-6E50-425A-A601-909AB51530C2}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{BED13585-3B87-4477-970E-E0906958B5EA}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{BED13585-3B87-4477-970E-E0906958B5EA}: [DhcpNameServer] 192.168.1.1 10.1.10.1
Tcpip\..\Interfaces\{F8A811CB-95E5-476B-B66F-09C6BE52FCE3}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{F8A811CB-95E5-476B-B66F-09C6BE52FCE3}: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Mailan\AppData\Roaming\Mozilla\Firefox\Profiles\pczd9vrv.default
FF Homepage: hxxp://www.outfox.tv/?referid=
hxxp://my.yahoo.com/
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll [2011-09-24] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-07-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-07-21] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-09-23] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-11-03] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-11-03] (NVIDIA Corporation)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll [2013-05-08] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-587955097-2177950641-2578035670-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Mailan\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin HKU\S-1-5-21-587955097-2177950641-2578035670-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Mailan\AppData\Local\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF user.js: detected! => C:\Users\Mailan\AppData\Roaming\Mozilla\Firefox\Profiles\pczd9vrv.default\user.js [2014-02-16]
FF Extension: inSite(SM) from American Express(R) - C:\Users\Mailan\AppData\Roaming\Mozilla\Firefox\Profiles\pczd9vrv.default\Extensions\{8ae7fdbb-2d67-40da-a8ab-b8fbbda9c9d5} [2011-09-24]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011-08-09]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} [2012-05-25]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-08-08]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-22]
FF HKU\S-1-5-21-587955097-2177950641-2578035670-1001\...\Firefox\Extensions: [pp@perk.com] - C:\Program Files (x86)\Perk Prize Panel\FF

Chrome:
=======
CHR Profile: C:\Users\Mailan\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Facebook Secret Emoticons) - C:\Users\Mailan\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpgpffljkgjmijjdmjbdppndoojdgboe [2014-12-19]
CHR Extension: (inSite(sm) from American Express®) - C:\Users\Mailan\AppData\Local\Google\Chrome\User Data\Default\Extensions\igdalklcikcagbhnhoedgmccojikcdkn [2011-09-24]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Mailan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Mailan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-22]
CHR HKLM-x32\...\Chrome\Extension: [igdalklcikcagbhnhoedgmccojikcdkn] - c:\program files (x86)\american express insite\amex-insite.crx [2011-05-27]
StartMenuInternet: Google Chrome.N64GSM4MPLOJKUYFHPHBP6SW6I - C:\Users\Mailan\AppData\Local\Google\Chrome\Application\chrome.exe

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 CLHNServiceForPowerDVD; C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe [83240 2011-04-19] ()
R2 CyberLink PowerDVD 11.0 Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe [70952 2011-03-31] (CyberLink)
R2 CyberLink PowerDVD 11.0 Service; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe [312616 2011-03-31] (CyberLink)
R2 DokanCEMounter; C:\Program Files\Pogoplug\dokanmnt.exe [134464 2011-06-21] (Cloud Engines)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5750816 2015-06-19] (Fitbit, Inc.)
R2 HBAdmin; C:\Program Files\Pogoplug\HBPLUG\HBADMIN.exe [875840 2011-06-21] (Cloud Engines, Inc.)
R2 HDHomeRun Service; C:\Program Files\Silicondust\HDHomeRun\hdhomerun_service.exe [18432 2013-03-28] (Silicondust USA Inc) [File not signed]
R2 MDM; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-05-26] (Egis Technology Inc.)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-29] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21055432 2014-05-29] (NVIDIA Corporation)
R2 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [244904 2010-05-12] () [File not signed]
R2 USBS3S4Detection; C:\OEM\USBDECTION\USBS3S4Detection.exe [76320 2009-12-09] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
S2 OutfoxTvService; C:\Program Files\OutfoxTV\OutfoxTvService.exe [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138872 2011-07-28] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [138872 2011-07-28] (SlySoft, Inc.)
R2 DokanCEDriver; C:\Program Files\Pogoplug\dokance.sys [66880 2011-06-21] (Cloud Engines)
R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [40648 2007-02-15] (SlySoft, Inc.)
R3 ElbyCDFL; C:\Windows\SysWOW64\Drivers\ElbyCDFL.sys [40648 2007-02-15] (SlySoft, Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-05-29] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
R3 xcetap0; C:\Windows\System32\DRIVERS\xcetap0.sys [39232 2011-05-27] (Cloud Engines, Inc.)
R2 {329F96B6-DF1E-4328-BFDA-39EA953C1312}; C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl [148976 2011-04-12] (CyberLink Corp.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-03 16:57 - 2015-08-03 17:06 - 00000000 ____D C:\FRST
2015-08-03 16:56 - 2015-08-03 16:56 - 00000000 ____D C:\Users\Mailan\Desktop\HDD Diagnostics- CrystalDiskInfo
2015-08-03 16:55 - 2015-08-03 17:06 - 00000000 ____D C:\Users\Mailan\Desktop\Malware Scan - FRST64
2015-08-03 12:22 - 2015-08-03 12:22 - 00000000 ____D C:\Windows\system32\appraiser
2015-08-03 12:13 - 2015-01-08 16:44 - 00419936 _____ C:\Windows\SysWOW64\locale.nls
2015-08-03 12:13 - 2015-01-08 16:43 - 00419936 _____ C:\Windows\system32\locale.nls
2015-08-03 11:56 - 2015-08-03 11:56 - 00011382 _____ C:\Users\Mailan\Desktop\attach.txt
2015-08-03 11:56 - 2015-08-03 11:55 - 00016079 _____ C:\Users\Mailan\Desktop\dds.txt
2015-08-03 11:51 - 2015-08-02 11:52 - 00688992 ____R (Swearware) C:\Users\Mailan\Desktop\dds.scr
2015-08-03 11:50 - 2015-05-01 06:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-03 11:50 - 2015-05-01 06:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-03 11:35 - 2015-06-25 11:09 - 00389832 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-08-03 11:35 - 2015-06-25 10:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-08-03 11:35 - 2015-06-20 13:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-08-03 11:35 - 2015-06-20 12:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-08-03 11:35 - 2015-06-20 12:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-08-03 11:35 - 2015-06-20 12:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-08-03 11:35 - 2015-06-20 12:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-08-03 11:35 - 2015-06-20 12:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-08-03 11:35 - 2015-06-20 12:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-08-03 11:35 - 2015-06-20 11:48 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-08-03 11:35 - 2015-06-19 11:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-08-03 11:35 - 2015-06-19 11:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-08-03 11:35 - 2015-06-19 11:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-08-03 11:35 - 2015-06-19 11:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-08-03 11:35 - 2015-06-19 11:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-08-03 11:35 - 2015-06-19 11:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-08-03 11:35 - 2015-06-19 11:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-08-03 11:35 - 2015-06-19 11:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-08-03 11:35 - 2015-06-19 11:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-08-03 11:35 - 2015-06-19 10:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-08-03 11:35 - 2015-06-19 10:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-08-03 11:35 - 2015-06-19 10:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-08-03 11:35 - 2015-06-19 10:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-08-03 11:35 - 2015-06-19 10:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-08-03 11:35 - 2015-06-19 10:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-08-03 11:34 - 2015-07-02 14:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-08-03 11:34 - 2015-07-02 14:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-08-03 11:34 - 2015-07-02 13:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-08-03 11:34 - 2015-07-02 13:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-08-03 11:34 - 2015-07-02 13:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-08-03 11:34 - 2015-07-02 13:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-08-03 11:34 - 2015-07-02 13:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-08-03 11:34 - 2015-07-02 13:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-08-03 11:34 - 2015-07-02 13:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-08-03 11:34 - 2015-07-02 12:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-08-03 11:34 - 2015-07-02 12:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-08-03 11:34 - 2015-07-02 11:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-08-03 11:34 - 2015-06-26 19:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-08-03 11:34 - 2015-06-26 19:43 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-08-03 11:34 - 2015-06-26 18:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-08-03 11:34 - 2015-06-26 18:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-08-03 11:34 - 2015-06-20 12:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-08-03 11:34 - 2015-06-20 12:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-08-03 11:34 - 2015-06-20 12:49 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-08-03 11:34 - 2015-06-20 12:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-08-03 11:34 - 2015-06-20 12:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-08-03 11:34 - 2015-06-20 12:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-08-03 11:34 - 2015-06-20 12:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-08-03 11:34 - 2015-06-20 12:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-08-03 11:34 - 2015-06-20 12:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-08-03 11:34 - 2015-06-20 12:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-08-03 11:34 - 2015-06-20 11:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-08-03 11:34 - 2015-06-20 11:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-08-03 11:34 - 2015-06-20 11:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-08-03 11:34 - 2015-06-20 11:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-08-03 11:34 - 2015-06-20 11:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-08-03 11:34 - 2015-06-19 11:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-08-03 11:34 - 2015-06-19 10:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-08-03 11:34 - 2015-06-19 10:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-08-03 11:34 - 2015-06-19 10:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-08-03 11:34 - 2015-05-25 11:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-08-03 11:34 - 2015-05-25 11:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-08-03 11:34 - 2015-05-25 11:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-08-03 11:34 - 2015-05-25 11:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-08-03 11:34 - 2015-05-25 11:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-08-03 11:34 - 2015-05-25 11:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-08-03 11:34 - 2015-05-25 11:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-08-03 11:34 - 2015-05-25 11:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-08-03 11:34 - 2015-05-25 11:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-08-03 11:34 - 2015-05-25 11:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-08-03 11:34 - 2015-05-25 11:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-08-03 11:34 - 2015-05-25 11:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-08-03 11:34 - 2015-05-25 11:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-08-03 11:34 - 2015-05-25 11:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-08-03 11:34 - 2015-05-25 11:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-08-03 11:34 - 2015-05-25 11:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-08-03 11:34 - 2015-05-25 11:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-08-03 11:34 - 2015-05-25 11:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-08-03 11:34 - 2015-05-25 11:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-08-03 11:34 - 2015-05-25 11:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-08-03 11:34 - 2015-05-25 11:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-08-03 11:34 - 2015-05-25 11:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-08-03 11:34 - 2015-05-25 11:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-08-03 11:34 - 2015-05-25 11:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-08-03 11:34 - 2015-05-25 11:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-08-03 11:34 - 2015-05-25 11:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-08-03 11:34 - 2015-05-25 11:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-08-03 11:34 - 2015-05-25 11:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-03 11:34 - 2015-05-25 11:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-03 11:34 - 2015-05-25 11:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-03 11:34 - 2015-05-25 11:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-08-03 11:34 - 2015-05-25 11:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-03 11:34 - 2015-05-25 11:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-08-03 11:34 - 2015-05-25 11:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-03 11:34 - 2015-05-25 11:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-03 11:34 - 2015-05-25 11:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-03 11:34 - 2015-05-25 11:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-08-03 11:34 - 2015-05-25 11:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-08-03 11:34 - 2015-05-25 11:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-03 11:34 - 2015-05-25 11:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-08-03 11:34 - 2015-05-25 11:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-08-03 11:34 - 2015-05-25 11:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-08-03 11:34 - 2015-05-25 11:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-08-03 11:34 - 2015-05-25 11:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-08-03 11:34 - 2015-05-25 11:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-08-03 11:34 - 2015-05-25 11:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-03 11:34 - 2015-05-25 11:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-08-03 11:34 - 2015-05-25 11:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-08-03 11:34 - 2015-05-25 11:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-03 11:34 - 2015-05-25 11:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-08-03 11:34 - 2015-05-25 11:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-08-03 11:34 - 2015-05-25 11:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-08-03 11:34 - 2015-05-25 11:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-08-03 11:34 - 2015-05-25 11:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-08-03 11:34 - 2015-05-25 11:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-08-03 11:34 - 2015-05-25 11:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-08-03 11:34 - 2015-05-25 11:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-08-03 11:34 - 2015-05-25 11:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-08-03 11:34 - 2015-05-25 11:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-08-03 11:34 - 2015-05-25 11:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-08-03 11:34 - 2015-05-25 11:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-08-03 11:34 - 2015-05-25 11:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-08-03 11:34 - 2015-05-25 11:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-08-03 11:34 - 2015-05-25 11:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-08-03 11:34 - 2015-05-25 11:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-08-03 11:34 - 2015-05-25 11:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-08-03 11:34 - 2015-05-25 11:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-08-03 11:34 - 2015-05-25 10:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-08-03 11:34 - 2015-05-25 10:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-08-03 11:34 - 2015-05-25 10:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-08-03 11:34 - 2015-05-25 10:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-08-03 11:34 - 2015-05-25 10:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-08-03 11:34 - 2015-05-25 10:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-03 11:34 - 2015-05-25 10:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-03 11:34 - 2015-05-25 10:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-08-03 11:34 - 2015-05-25 10:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-08-03 11:34 - 2015-05-25 10:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-03 11:34 - 2015-05-25 10:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-08-03 11:34 - 2015-05-25 10:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-03 11:34 - 2015-05-25 10:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-03 11:34 - 2015-05-25 10:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-08-03 11:34 - 2015-05-25 10:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-03 11:34 - 2015-05-25 10:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-03 11:34 - 2015-05-25 10:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-08-03 11:34 - 2015-05-25 10:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-08-03 11:34 - 2015-05-25 10:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-03 11:34 - 2015-05-25 10:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-08-03 11:34 - 2015-05-25 10:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-08-03 11:34 - 2015-05-25 10:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-08-03 11:34 - 2015-05-25 10:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-08-03 11:34 - 2015-05-25 10:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-03 11:34 - 2015-05-25 10:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-08-03 11:34 - 2015-05-25 10:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-08-03 11:34 - 2015-05-25 10:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-08-03 11:34 - 2015-05-25 10:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-08-03 11:34 - 2015-05-25 10:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-08-03 11:34 - 2015-05-25 09:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-08-03 11:34 - 2015-05-25 09:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-08-03 11:34 - 2015-05-25 09:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-08-03 11:34 - 2015-05-25 09:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-03 11:34 - 2015-05-25 09:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-08-03 11:34 - 2015-05-25 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-08-03 11:33 - 2015-07-09 10:58 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-08-03 11:33 - 2015-07-09 10:58 - 02603008 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-08-03 11:33 - 2015-07-09 10:58 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-08-03 11:33 - 2015-07-09 10:58 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-08-03 11:33 - 2015-07-09 10:58 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-08-03 11:33 - 2015-07-09 10:58 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-08-03 11:33 - 2015-07-09 10:58 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-08-03 11:33 - 2015-07-09 10:58 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-08-03 11:33 - 2015-07-09 10:58 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-08-03 11:33 - 2015-07-09 10:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-08-03 11:33 - 2015-07-09 10:58 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-08-03 11:33 - 2015-07-09 10:43 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-08-03 11:33 - 2015-07-09 10:43 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-08-03 11:33 - 2015-07-09 10:43 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-08-03 11:33 - 2015-07-09 10:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-08-03 11:33 - 2015-07-09 10:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-08-03 11:33 - 2015-07-01 13:56 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-08-03 11:33 - 2015-07-01 13:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-08-03 11:33 - 2015-07-01 13:49 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-08-03 11:33 - 2015-07-01 13:49 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-08-03 11:33 - 2015-07-01 13:49 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-08-03 11:33 - 2015-07-01 13:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-08-03 11:33 - 2015-07-01 13:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-08-03 11:33 - 2015-07-01 13:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-08-03 11:33 - 2015-07-01 13:49 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-08-03 11:33 - 2015-07-01 13:49 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-08-03 11:33 - 2015-07-01 13:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-08-03 11:33 - 2015-07-01 13:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-08-03 11:33 - 2015-07-01 13:47 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-08-03 11:33 - 2015-07-01 13:47 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-08-03 11:33 - 2015-07-01 13:39 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-08-03 11:33 - 2015-07-01 13:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-08-03 11:33 - 2015-07-01 13:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-08-03 11:33 - 2015-07-01 13:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-08-03 11:33 - 2015-07-01 13:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-08-03 11:33 - 2015-07-01 13:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-08-03 11:33 - 2015-07-01 13:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-08-03 11:33 - 2015-07-01 13:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-08-03 11:33 - 2015-07-01 13:29 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-08-03 11:33 - 2015-07-01 13:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-08-03 11:33 - 2015-07-01 13:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-08-03 11:33 - 2015-07-01 12:27 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-08-03 11:33 - 2015-07-01 12:26 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-08-03 11:33 - 2015-07-01 12:26 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-08-03 11:33 - 2015-06-11 10:57 - 06131200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-08-03 11:33 - 2015-06-11 10:57 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-08-03 11:33 - 2015-06-11 10:57 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-08-03 11:33 - 2015-06-11 10:56 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-08-03 11:33 - 2015-06-11 10:56 - 01057792 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-08-03 11:33 - 2015-06-11 10:56 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-08-03 11:33 - 2015-06-11 06:15 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-08-03 11:33 - 2015-06-09 11:03 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-08-03 11:33 - 2015-06-09 11:03 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-08-03 11:33 - 2015-06-03 13:17 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-08-03 11:33 - 2015-06-03 13:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-08-03 11:33 - 2015-04-29 11:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-08-03 11:33 - 2015-04-29 11:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-08-03 11:33 - 2015-04-29 11:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-08-03 11:33 - 2015-04-29 11:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-08-03 11:33 - 2015-04-29 11:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-08-03 11:33 - 2015-04-29 11:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-08-03 11:33 - 2015-04-29 11:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-08-03 11:33 - 2015-04-29 11:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-08-03 11:33 - 2015-04-29 11:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-08-03 11:33 - 2015-04-29 11:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-08-03 11:33 - 2015-04-17 20:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-08-03 11:33 - 2015-04-17 19:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-08-03 11:33 - 2015-02-02 20:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-08-03 11:33 - 2015-02-02 20:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-08-03 11:33 - 2015-02-02 20:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-08-03 11:33 - 2015-02-02 20:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-08-03 11:33 - 2015-02-02 20:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-08-03 11:33 - 2015-02-02 20:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-08-03 11:33 - 2015-02-02 20:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-08-03 11:33 - 2015-02-02 20:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-08-03 11:33 - 2015-02-02 20:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-08-03 11:33 - 2015-02-02 20:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-08-03 11:33 - 2015-02-02 20:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-08-03 11:33 - 2015-02-02 20:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-08-03 11:33 - 2015-02-02 20:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-08-03 11:33 - 2015-02-02 20:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-08-03 11:33 - 2015-02-02 20:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-08-03 11:33 - 2015-02-02 20:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-08-03 11:33 - 2015-02-02 20:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-08-03 11:33 - 2015-02-02 20:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-08-03 11:33 - 2015-02-02 20:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-08-03 11:33 - 2015-02-02 20:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-08-03 11:33 - 2015-02-02 20:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-08-03 11:33 - 2015-02-02 20:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-08-03 11:33 - 2015-02-02 20:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-08-03 11:33 - 2015-02-02 20:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-08-03 11:33 - 2015-02-02 20:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-08-03 11:33 - 2015-02-02 20:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-08-03 11:33 - 2015-02-02 20:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-08-03 11:33 - 2015-02-02 20:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-08-03 11:33 - 2015-02-02 20:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-08-03 11:33 - 2015-02-02 20:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-08-03 11:33 - 2015-02-02 20:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-08-03 11:33 - 2015-02-02 20:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-08-03 11:33 - 2015-02-02 20:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-08-03 11:33 - 2015-02-02 20:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-08-03 11:33 - 2015-02-02 20:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-08-03 11:33 - 2015-02-02 20:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-08-03 11:33 - 2015-02-02 20:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-08-03 11:33 - 2015-02-02 20:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-08-03 11:33 - 2015-02-02 20:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-08-03 11:33 - 2015-02-02 20:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-08-03 11:33 - 2015-02-02 20:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-08-03 11:33 - 2015-02-02 20:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-08-03 11:33 - 2015-02-02 20:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-08-03 11:33 - 2015-02-02 20:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-08-03 11:33 - 2015-02-02 20:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-08-03 11:33 - 2015-02-02 20:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-08-03 11:33 - 2015-02-02 20:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-08-03 11:33 - 2015-02-02 20:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-08-03 11:33 - 2015-02-02 20:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-08-03 11:33 - 2015-02-02 20:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-08-03 11:33 - 2015-02-02 20:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-08-03 11:33 - 2015-02-02 20:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-08-03 11:33 - 2015-02-02 20:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-08-03 11:33 - 2015-02-02 20:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-08-03 11:33 - 2015-02-02 20:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-08-03 11:33 - 2015-02-02 20:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-08-03 11:33 - 2015-02-02 20:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-08-03 11:33 - 2015-02-02 20:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-08-03 11:33 - 2015-02-02 20:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-08-03 11:33 - 2015-02-02 19:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-08-03 11:33 - 2014-10-31 15:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-08-03 11:33 - 2014-06-27 17:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-08-03 11:33 - 2014-06-27 17:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-08-03 11:32 - 2015-07-01 13:49 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-08-03 11:32 - 2015-07-01 13:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-08-03 11:32 - 2015-07-01 13:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-08-03 11:32 - 2015-07-01 13:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-08-03 11:32 - 2015-07-01 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-08-03 11:32 - 2015-07-01 13:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-08-03 11:32 - 2015-07-01 13:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-08-03 11:32 - 2015-07-01 13:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-08-03 11:32 - 2015-07-01 13:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-08-03 11:32 - 2015-07-01 13:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-08-03 11:32 - 2015-06-15 14:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-08-03 11:32 - 2015-06-15 14:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-08-03 11:32 - 2015-06-15 14:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-08-03 11:32 - 2015-06-15 14:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-08-03 11:32 - 2015-06-15 14:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-08-03 11:32 - 2015-06-15 14:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-08-03 11:32 - 2015-06-15 14:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-08-03 11:32 - 2015-06-15 14:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-08-03 11:32 - 2015-06-15 14:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-08-03 11:32 - 2015-06-15 14:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-08-03 11:32 - 2015-06-15 14:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-08-03 11:32 - 2015-06-15 14:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2015-08-03 11:32 - 2015-04-27 12:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-08-03 11:32 - 2015-04-27 12:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-08-03 11:32 - 2015-04-27 12:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-08-03 11:32 - 2015-04-27 12:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-08-03 11:32 - 2015-04-27 12:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-08-03 11:32 - 2015-04-27 12:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-08-03 11:32 - 2015-04-27 12:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-08-03 11:32 - 2015-04-27 12:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-08-03 11:32 - 2015-04-19 20:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-08-03 11:32 - 2015-04-19 20:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-08-03 11:32 - 2015-04-19 19:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-08-03 11:32 - 2015-04-07 20:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-08-03 11:32 - 2015-04-07 20:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-08-03 11:32 - 2015-04-07 20:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-08-03 11:32 - 2015-02-18 00:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-08-03 11:32 - 2015-02-18 00:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-08-03 11:32 - 2014-11-10 20:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-08-03 11:32 - 2014-11-10 19:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2015-08-03 11:32 - 2014-11-07 20:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-08-03 11:32 - 2014-11-07 19:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-08-03 11:31 - 2015-07-25 11:07 - 00017856 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-08-03 11:31 - 2015-07-25 11:04 - 00765440 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-08-03 11:31 - 2015-07-25 11:04 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-08-03 11:31 - 2015-07-25 11:03 - 01085440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-08-03 11:31 - 2015-07-25 11:03 - 00433664 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-08-03 11:31 - 2015-07-25 11:03 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-08-03 11:31 - 2015-07-25 11:03 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-08-03 11:31 - 2015-07-25 10:55 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-08-03 11:31 - 2015-07-14 20:19 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-08-03 11:31 - 2015-07-14 20:19 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-08-03 11:31 - 2015-07-14 20:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-08-03 11:31 - 2015-07-14 20:19 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-08-03 11:31 - 2015-07-14 19:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-08-03 11:31 - 2015-07-14 19:55 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-08-03 11:31 - 2015-07-14 19:55 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-08-03 11:31 - 2015-07-14 19:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-08-03 11:31 - 2015-07-14 18:59 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-08-03 11:31 - 2015-07-14 18:52 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-08-03 11:31 - 2015-07-04 11:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-08-03 11:31 - 2015-07-04 10:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-08-03 11:31 - 2015-06-25 01:57 - 03207168 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-08-03 11:31 - 2015-06-17 10:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-08-03 11:31 - 2015-06-17 10:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-08-03 11:31 - 2015-06-03 13:16 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-08-03 11:31 - 2015-06-03 13:16 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-08-03 11:31 - 2015-06-01 17:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-08-03 11:31 - 2015-06-01 16:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-08-03 11:31 - 2015-04-24 11:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-08-03 11:31 - 2015-04-24 10:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-08-03 11:31 - 2015-04-12 20:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-08-03 11:31 - 2015-04-10 20:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-08-03 11:31 - 2015-03-09 20:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-08-03 11:31 - 2015-03-09 20:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-08-03 11:31 - 2015-03-09 20:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-08-03 11:31 - 2015-03-09 20:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-08-03 11:31 - 2015-03-03 21:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-08-03 11:31 - 2015-03-03 21:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-08-03 11:31 - 2015-03-03 21:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-08-03 11:31 - 2015-03-03 21:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-08-03 11:31 - 2015-03-03 21:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-08-03 11:31 - 2015-03-03 21:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-08-03 11:31 - 2015-03-03 21:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-08-03 11:31 - 2015-03-03 21:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-08-03 11:31 - 2015-03-03 21:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-08-03 11:31 - 2015-03-03 21:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-08-03 11:31 - 2015-02-24 20:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-08-03 11:31 - 2015-02-12 22:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-08-03 11:31 - 2015-02-12 22:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-08-03 11:31 - 2015-02-03 20:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-08-03 11:31 - 2015-02-03 19:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-08-03 11:31 - 2015-02-02 20:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-08-03 11:31 - 2015-02-02 20:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-08-03 11:31 - 2015-02-02 20:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-08-03 11:31 - 2015-02-02 20:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-08-03 11:31 - 2015-01-28 20:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-08-03 11:31 - 2015-01-28 20:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-08-03 11:31 - 2015-01-16 19:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-08-03 11:31 - 2015-01-16 19:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-08-03 11:31 - 2014-12-18 20:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-08-03 11:31 - 2014-12-18 18:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-08-03 11:31 - 2014-12-11 10:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-08-03 11:31 - 2014-12-07 20:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-08-03 11:31 - 2014-12-07 19:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-08-03 11:31 - 2014-12-05 21:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-08-03 11:31 - 2014-12-05 20:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-08-03 11:31 - 2014-12-05 20:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-08-03 11:31 - 2014-11-25 20:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-08-03 11:31 - 2014-11-25 20:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-08-03 11:31 - 2014-11-10 18:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-08-03 11:31 - 2014-10-02 19:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2015-08-03 11:31 - 2014-10-02 19:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2015-08-03 11:31 - 2014-10-02 19:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2015-08-03 11:31 - 2014-10-02 19:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2015-08-03 11:31 - 2014-10-02 19:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2015-08-03 11:31 - 2014-10-02 18:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2015-08-03 11:31 - 2014-10-02 18:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2015-08-03 11:31 - 2014-10-02 18:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2015-08-03 11:31 - 2014-10-02 18:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2015-08-03 11:31 - 2014-10-02 18:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2015-08-03 11:30 - 2014-10-29 19:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2015-08-03 11:30 - 2014-10-29 18:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2015-07-29 08:55 - 2015-07-29 08:55 - 02169856 _____ (Farbar) C:\Users\Mailan\Downloads\FRST64.exe
2015-07-12 16:50 - 2015-07-12 16:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-07-12 16:50 - 2015-07-12 16:50 - 00000000 ____D C:\Program Files\iTunes
2015-07-12 16:50 - 2015-07-12 16:50 - 00000000 ____D C:\Program Files\iPod
2015-07-12 16:50 - 2015-07-12 16:50 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-07-09 18:13 - 2015-07-09 18:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fitbit Connect
2015-07-09 18:13 - 2015-07-09 18:13 - 00000000 ____D C:\ProgramData\FitbitConnect
2015-07-09 18:13 - 2015-07-09 18:13 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-07-09 18:13 - 2015-07-09 18:13 - 00000000 ____D C:\Program Files (x86)\Fitbit Connect
2015-07-09 18:08 - 2015-07-09 18:08 - 00000000 ____D C:\Users\Mailan\Documents\Fitbit

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-03 17:05 - 2011-05-30 11:40 - 00000000 ____D C:\Program Files (x86)\Winamp
2015-08-03 17:00 - 2009-07-13 21:45 - 00014752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-03 17:00 - 2009-07-13 21:45 - 00014752 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-03 16:58 - 2009-07-13 22:13 - 00782510 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-03 16:54 - 2010-12-01 08:34 - 01542719 _____ C:\Windows\WindowsUpdate.log
2015-08-03 16:46 - 2009-07-13 22:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2015-08-03 16:43 - 2011-05-28 11:17 - 00000000 ____D C:\ProgramData\NVIDIA
2015-08-03 16:43 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-03 16:43 - 2009-07-13 21:51 - 00232911 _____ C:\Windows\setupact.log
2015-08-03 12:26 - 2009-07-13 21:45 - 00484536 _____ C:\Windows\system32\FNTCACHE.DAT
2015-08-03 12:23 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2015-08-03 12:23 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-08-03 12:22 - 2014-04-27 17:23 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-08-03 12:22 - 2009-07-14 00:45 - 00000000 ____D C:\Program Files\Windows Journal
2015-08-03 12:22 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\Dism
2015-08-03 12:22 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-08-03 12:22 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\AppCompat
2015-08-03 12:09 - 2011-09-23 23:25 - 00002155 _____ C:\Windows\epplauncher.mif
2015-08-03 12:09 - 2011-09-23 23:25 - 00002121 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-08-03 12:08 - 2012-05-04 09:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2015-08-03 12:08 - 2011-09-23 23:25 - 00000000 ____D C:\Program Files\Microsoft Security Client
2015-08-03 12:07 - 2011-05-21 11:06 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-03 12:04 - 2011-09-23 23:25 - 00774632 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-08-03 11:49 - 2013-04-12 19:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-03 11:48 - 2013-04-12 19:19 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-03 11:48 - 2013-04-12 19:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-03 11:45 - 2013-07-21 14:10 - 00000000 ____D C:\Windows\system32\MRT
2015-08-03 11:43 - 2011-09-24 00:14 - 00000912 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-587955097-2177950641-2578035670-1001UA.job
2015-08-03 02:03 - 2012-07-09 01:02 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{E28A01C2-5E91-4329-90E3-AC76DEB20486}
2015-07-31 18:43 - 2011-09-24 00:14 - 00000860 _____ C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-587955097-2177950641-2578035670-1001Core.job
2015-07-29 06:44 - 2013-06-20 19:52 - 00002335 _____ C:\Users\Mailan\Desktop\Google Chrome.lnk
2015-07-28 13:39 - 2011-05-21 13:48 - 00000000 ____D C:\UTILITIES
2015-07-15 18:38 - 2011-09-24 00:14 - 00003884 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-587955097-2177950641-2578035670-1001UA
2015-07-15 18:38 - 2011-09-24 00:14 - 00003488 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-587955097-2177950641-2578035670-1001Core
2015-07-12 16:50 - 2014-10-13 22:50 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-07-12 16:50 - 2014-06-28 11:34 - 00001757 _____ C:\Users\Public\Desktop\iTunes.lnk
2015-07-12 16:50 - 2013-04-29 13:44 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-07-05 03:08 - 2011-08-21 20:08 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2011-07-31 22:16 - 2011-09-01 23:00 - 0000083 ___SH () C:\ProgramData\.zreglib
2010-12-01 08:49 - 2010-12-01 08:52 - 0015545 _____ () C:\ProgramData\ArcadeDeluxe4.log

Some files in TEMP:
====================
C:\Users\Mailan\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\Mailan\AppData\Local\Temp\nvStInst.exe
C:\Users\Mailan\AppData\Local\Temp\ose00000.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-08-03 01:04

==================== End of log ============================
Davvy
Regular Member
 
Posts: 22
Joined: June 6th, 2012, 11:59 pm
Advertisement
Register to Remove

Re: Potential Bot infection - Windows 7 can't boot

Unread postby Davvy » August 3rd, 2015, 8:34 pm

Second log for i3 PC:

Additional scan result of Farbar Recovery Scan Tool (x64) Version:02-08-2015 01
Ran by Mailan (2015-08-03 17:06:35)
Running from C:\Users\Mailan\Desktop\Malware Scan - FRST64
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-587955097-2177950641-2578035670-500 - Administrator - Disabled)
Guest (S-1-5-21-587955097-2177950641-2578035670-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-587955097-2177950641-2578035670-1002 - Limited - Enabled)
Mailan (S-1-5-21-587955097-2177950641-2578035670-1001 - Administrator - Enabled) => C:\Users\Mailan

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

18 Wheels of Steel - American Long Haul (x32 Version: 2.2.0.95 - WildTangent) Hidden
Acer Arcade Deluxe (HKLM-x32\...\InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}) (Version: 4.5.7828 - CyberLink Corp.)
Acer Arcade Deluxe (x32 Version: 4.5.7828 - CyberLink Corp.) Hidden
Acer Arcade Movie (x32 Version: 9.0.6629 - CyberLink Corp.) Hidden
Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3013 - Acer Incorporated)
Acer Game Console (x32 Version: - WildTangent) Hidden
Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.1.3 - WildTangent)
Acer Registration (HKLM-x32\...\Acer Registration) (Version: 1.03.3003 - Acer Incorporated)
Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0825.2010 - Acer Incorporated)
Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Acer Incorporated)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.0.2.12610 - Adobe Systems Inc.)
Adobe Flash Player 10 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 10.3.183.10 - Adobe Systems Incorporated)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 11.7.700.169 - Adobe Systems Incorporated)
Adobe Reader 9.5.5 MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-A91000000001}) (Version: 9.5.5 - Adobe Systems Incorporated)
Advertising Center (x32 Version: 0.0.0.2 - Nero AG) Hidden
Aegisub 2.1.8 (HKLM-x32\...\{24BC8B57-716C-444F-B46B-A3349B9164C5}_is1) (Version: 2.1.8 - Aegisub Team)
Agatha Christie - Death on the Nile (x32 Version: 2.2.0.95 - WildTangent) Hidden
AnyDVD (HKLM-x32\...\AnyDVD) (Version: 6.8.5.0 - SlySoft)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS E-Green Uninstall (HKLM-x32\...\EGREEN) (Version: - )
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Blackhawk Striker 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
Call of Duty: Black Ops (HKLM-x32\...\Call of Duty: Black Ops_is1) (Version: - )
Chuzzle Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
CloneCD (HKLM-x32\...\CloneCD) (Version: - SlySoft)
CloneDVD2 (HKLM-x32\...\CloneDVD2) (Version: 2.9.3.0 - Elaborate Bytes)
Curse Client (HKU\S-1-5-21-587955097-2177950641-2578035670-1001\...\090215de958f1060) (Version: 4.0.1.112 - Curse)
CyberLink Power2Go (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.1.3602c - CyberLink Corp.)
CyberLink PowerDVD 11 (HKLM-x32\...\InstallShield_{F232C87C-6E92-4775-8210-DFE90B7777D9}) (Version: 11.0.1620.51 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Digital Cable Advisor (HKLM\...\{07ECF9FC-BB47-4325-8345-7BFEC708DDD7}) (Version: 1.0.0.0 - Microsoft Corporation)
Diner Dash 2 Restaurant Rescue (x32 Version: 2.2.0.95 - WildTangent) Hidden
Dora's Carnival Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
Duke Nukem Forever (HKLM-x32\...\Steam App 57900) (Version: - Gearbox Software)
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)
E-Hammer (HKLM-x32\...\E-Hammer1.0.0) (Version: 1.0.0 - Asus)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)
eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden
FATE (x32 Version: 2.2.0.95 - WildTangent) Hidden
Fitbit Connect (HKLM-x32\...\{252787DA-515C-44B6-896F-CB644D518EA1}) (Version: 2.0.0.6598 - Fitbit Inc.)
Google Chrome (HKU\S-1-5-21-587955097-2177950641-2578035670-1001\...\Google Chrome) (Version: 44.0.2403.125 - Google Inc.)
HDHomeRun (HKLM\...\{DBB4E17D-09D8-47A6-96B9-876093092284}) (Version: 1.0.12225.0 - Silicondust)
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3009 - Acer Incorporated)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)
ImagXpress (x32 Version: 7.0.74.0 - Nero AG) Hidden
inSite(SM) (HKLM-x32\...\inSite) (Version: 1.1.0.12 - American Express)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel(R) Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2104 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.6.0.1014 - Intel Corporation)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.27 - Irfan Skiljan)
iTunes (HKLM\...\{4046F74A-28F8-48C6-A5D3-2AFC472574C1}) (Version: 12.2.0.145 - Apple Inc.)
IZArc 4.1.6 (HKLM-x32\...\{97C82B44-D408-4F14-9252-47FC1636D23E}_is1) (Version: 4.1.6 - Ivan Zahariev)
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Jewel Quest - Heritage (x32 Version: 2.2.0.95 - WildTangent) Hidden
Jewel Quest Solitaire 2 (x32 Version: 2.2.0.95 - WildTangent) Hidden
John Deere Drive Green (x32 Version: 2.2.0.95 - WildTangent) Hidden
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Magic ISO Maker v5.5 (build 0265) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0265)) (Version: - )
MagicDisc 2.7.106 (HKLM-x32\...\MagicDisc 2.7.106) (Version: - )
Malwarebytes Anti-Malware version 2.0.3.1025 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.3.1025 - Malwarebytes Corporation)
MediaShow Espresso (x32 Version: 5.5.1713_26701 - CyberLink Corp.) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Outlook Personal Folders Backup (HKLM-x32\...\{C63E7C60-25EB-11D3-8EDA-00A0C911E8E5}) (Version: 1.10.0.0 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 6.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 6.0.2 (x86 en-US)) (Version: 6.0.2 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MyWinLocker (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden
MyWinLocker Suite (HKLM-x32\...\InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.212.0 - Egis Technology Inc.)
MyWinLocker Suite (x32 Version: 3.1.212.0 - Egis Technology Inc.) Hidden
Nero 9 Essentials (HKLM-x32\...\{e24c509d-40ae-4cc4-b682-462596667a1e}) (Version: - Nero AG)
NOOK for PC (HKLM-x32\...\BN_DesktopReader) (Version: 2.5.1.237 - Barnesandnoble.com)
NVIDIA 3D Vision Controller Driver 344.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 344.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.65 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1 - NVIDIA Corporation)
NVIDIA Graphics Driver 344.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.65 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Oblivion - BTmod 2.20 (HKLM-x32\...\BTmod) (Version: 2.20 - Beider & Tikigod)
Oblivion (HKLM-x32\...\{35CB6715-41F8-4F99-8881-6FC75BF054B0}) (Version: 1.00.0000 - Bethesda Softworks)
Oblivion mod manager 1.1.12 (HKLM-x32\...\Oblivion mod manager_is1) (Version: - Timeslip)
Penguins! (x32 Version: 2.2.0.95 - WildTangent) Hidden
Pinnacle Studio 15 (HKLM-x32\...\{1362E602-9625-42D3-B57F-CDA9D26F9DA8}) (Version: 15.0.0.7593 - Pinnacle Systems)
Pinnacle Video Driver (HKLM\...\{6DE721A5-5E89-4D74-994C-652BB3C0672E}) (Version: 12.1.0.030 - Pinnacle Systems)
Plants vs. Zombies (x32 Version: 2.2.0.95 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Pogoplug (HKLM\...\Pogoplug) (Version: 3.1.0 - Cloud Engines Inc.)
Polar Bowler (x32 Version: 2.2.0.95 - WildTangent) Hidden
Polar Golfer (x32 Version: 2.2.0.95 - WildTangent) Hidden
Portal (HKLM-x32\...\Steam App 400) (Version: - Valve)
Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve)
Realtek Ethernet Controller Driver For Windows 7 (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.17.304.2010 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5995 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 2.1.214 - NVIDIA Corporation) Hidden
Shredder (Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Shredder (x32 Version: 2.0.8.3 - Egis Technology Inc.) Hidden
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
Times Reader (HKLM-x32\...\com.nyt.timesreader.78C54164786ADE80CB31E1C5D95607D0938C987A.1) (Version: 2.055 - The New York Times Company)
Times Reader (x32 Version: 2.055 - The New York Times Company) Hidden
Unofficial Oblivion Patch v3.2.0 (HKLM-x32\...\Unofficial Oblivion Patch_is1) (Version: 3.2.0 - Quarn and Kivan)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Viber (HKU\S-1-5-21-587955097-2177950641-2578035670-1001\...\Viber) (Version: 3.0.0.132799 - Viber Media Inc)
Virtual Villagers 4 - The Tree of Life (x32 Version: 2.2.0.95 - WildTangent) Hidden
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.02.3005 - Acer Incorporated)
Winamp (HKLM-x32\...\Winamp) (Version: 5.56 - Nullsoft, Inc)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3502.0922 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )
Yahoo! Detect (HKLM-x32\...\YTdetect) (Version: - )
Zuma's Revenge (x32 Version: 2.2.0.95 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-587955097-2177950641-2578035670-1001_Classes\CLSID\{0F22A205-CFB0-4679-8499-A6F44A80A208}\InprocServer32 -> C:\Users\Mailan\AppData\Local\Google\Update\1.3.25.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-587955097-2177950641-2578035670-1001_Classes\CLSID\{1423F872-3F7F-4E57-B621-8B1A9D49B448}\InprocServer32 -> C:\Users\Mailan\AppData\Local\Google\Update\1.3.27.5\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-587955097-2177950641-2578035670-1001_Classes\CLSID\{355EC88A-02E2-4547-9DEE-F87426484BD1}\InprocServer32 -> C:\Users\Mailan\AppData\Local\Google\Update\1.3.23.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-587955097-2177950641-2578035670-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\Mailan\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-587955097-2177950641-2578035670-1001_Classes\CLSID\{90B3DFBF-AF6A-4EA0-8899-F332194690F8}\InprocServer32 -> C:\Users\Mailan\AppData\Local\Google\Update\1.3.24.15\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-587955097-2177950641-2578035670-1001_Classes\CLSID\{a3ebce53-2b0f-475a-bb8b-ab8c7a02acef}\InprocServer32 -> C:\Windows\system32\dfshim.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-587955097-2177950641-2578035670-1001_Classes\CLSID\{C3BC25C0-FCD3-4F01-AFDD-41373F017C9A}\InprocServer32 -> C:\Users\Mailan\AppData\Local\Google\Update\1.3.26.9\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-587955097-2177950641-2578035670-1001_Classes\CLSID\{D0336C0B-7919-4C04-8CCE-2EBAE2ECE8C9}\InprocServer32 -> C:\Users\Mailan\AppData\Local\Google\Update\1.3.25.11\psuser_64.dll No File
CustomCLSID: HKU\S-1-5-21-587955097-2177950641-2578035670-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Mailan\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-587955097-2177950641-2578035670-1001_Classes\CLSID\{FE498BAB-CB4C-4F88-AC3F-3641AAAF5E9E}\InprocServer32 -> C:\Users\Mailan\AppData\Local\Google\Update\1.3.24.7\psuser_64.dll No File

==================== Restore Points =========================

19-07-2015 22:04:40 Windows Update
24-07-2015 15:45:54 Windows Update
28-07-2015 22:05:28 Windows Update
01-08-2015 23:54:41 Windows Update
03-08-2015 11:36:09 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {47992CD1-377D-4DDB-8A2C-DF805D6B32C1} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {72F91202-775C-444F-BCCD-0755DCE12FEE} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-587955097-2177950641-2578035670-1001UA => C:\Users\Mailan\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {A76C7488-41AF-4504-B49D-EBD26AC18877} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-587955097-2177950641-2578035670-1001Core => C:\Users\Mailan\AppData\Local\Google\Update\GoogleUpdate.exe [2014-10-20] (Google Inc.)
Task: {F1A01D78-7D0A-4BA6-940D-2FA4B09D7F93} - System32\Tasks\{44F77E5D-963F-4A36-92DD-55B4129431C9} => pcalua.exe -a "C:\Utilities\MegaUpload Manager\megamanager.exe" -d "C:\Utilities\MegaUpload Manager"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-587955097-2177950641-2578035670-1001Core.job => C:\Users\Mailan\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-587955097-2177950641-2578035670-1001UA.job => C:\Users\Mailan\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2012-10-14 11:59 - 2014-11-03 15:02 - 00116880 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2011-08-09 16:20 - 2011-04-19 20:56 - 00083240 _____ () C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe
2010-12-01 08:50 - 2010-05-12 22:23 - 00244904 ____N () C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
2009-12-13 19:19 - 2009-12-09 02:24 - 00076320 _____ () C:\OEM\USBDECTION\USBS3S4Detection.exe
2011-07-03 11:29 - 2005-06-07 12:26 - 00043008 _____ () C:\Program Files (x86)\WinRAR\rarext64.dll
2010-08-04 05:40 - 2010-08-04 05:40 - 00611872 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
2014-10-20 13:31 - 2014-10-20 13:31 - 00170496 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\3d576cbc4ffc5ad06fd61510c5d8f326\IsdiInterop.ni.dll
2010-12-01 08:31 - 2010-03-03 21:08 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IsdiInterop.dll
2014-12-11 17:40 - 2014-12-11 17:40 - 40622592 ____R () C:\Program Files (x86)\Fitbit Connect\libcef.dll
2010-08-04 02:47 - 2010-08-04 02:47 - 00144896 _____ () C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-587955097-2177950641-2578035670-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Mailan\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk => C:\Windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Mailan^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk => C:\Windows\pss\MagicDisc.lnk.Startup
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: amd_dc_opt => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: ArcadeMovieService => "C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe"
MSCONFIG\startupreg: BrowserSafeguard => "C:\Program Files (x86)\Browsersafeguard\BrowserSafeguard.exe"
MSCONFIG\startupreg: CLMLServer => "C:\Program Files (x86)\Cyberlink\Power2Go\CLMLSvc.exe"
MSCONFIG\startupreg: CloneCDTray => "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s
MSCONFIG\startupreg: EgisTecPMMUpdate => "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
MSCONFIG\startupreg: EgisUpdate => "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
MSCONFIG\startupreg: Google Update => "C:\Users\Mailan\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Logitech Download Assistant => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
MSCONFIG\startupreg: MDS_Menu => "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Acer Arcade Deluxe\MediaShow Espresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.6"
MSCONFIG\startupreg: mwlDaemon => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
MSCONFIG\startupreg: Norton Online Backup => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
MSCONFIG\startupreg: Optimizer Pro => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe
MSCONFIG\startupreg: OutfoxTV => C:\Program Files\OutfoxTV\OutfoxTV\DesktopContainer.exe
MSCONFIG\startupreg: Pogoplug => "C:\Program Files\Pogoplug\PPDRIVE.EXE"
MSCONFIG\startupreg: RemoteControl11 => "C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe"
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SuiteTray => "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: Viber => "C:\Users\Mailan\AppData\Local\Viber\Viber.exe" StartMinimized
MSCONFIG\startupreg: WinampAgent => "C:\Program Files (x86)\Winamp\winampa.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{00B7DE56-9774-4310-BFC0-9A72046DB7A5}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{85EF3C56-459F-4D47-A42C-440D737218C3}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe
FirewallRules: [{C36B6470-53F9-4571-9B24-C98B53A1F0B8}] => (Allow) C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\Acer Arcade Deluxe.exe
FirewallRules: [{D30210D6-17FD-4848-BD3A-6870778DAEFC}] => (Allow) C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
FirewallRules: [{7C2B811D-E84B-434B-989C-A26EDD00E125}] => (Allow) C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\CLMLSvc.exe
FirewallRules: [{956A5455-D9B4-4006-A270-F2AC03E5B18A}] => (Allow) C:\Program Files (x86)\Acer Arcade Deluxe\HomeMedia\HomeMedia.exe
FirewallRules: [{397A6368-CEA1-427B-8968-E28B726C1588}] => (Allow) C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\TouchMovie.exe
FirewallRules: [{562AD949-AB98-4DE0-A0EE-3B9544CF13CA}] => (Allow) C:\Program Files (x86)\Acer Arcade Deluxe\Arcade Movie\TouchMovieService.exe
FirewallRules: [{6A5B8164-BD3F-4666-AF55-3876676C3DA9}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{C4458E79-9237-4C68-8060-E02BDCE3982B}] => (Allow) LPort=2869
FirewallRules: [{7A5F2E84-6D74-454C-A912-4C64885847C9}] => (Allow) LPort=1900
FirewallRules: [{E5064C0E-9527-42EB-B629-9CD0A77DFA21}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{927ECFBC-FF26-4BC3-B450-BD8ECB13A94C}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{ED4A827C-A19E-4132-8CE7-33B49E7C1DDC}] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [{F2F33939-2BC3-4A67-98D2-593352F806EB}] => (Allow) C:\Games\World of Warcraft\Launcher.exe
FirewallRules: [{715C0AEA-B8F5-4DD1-81B1-1DD48FF084DD}] => (Allow) C:\Games\World of Warcraft\Launcher.exe
FirewallRules: [{445BB6C8-47E7-4A7D-ADEC-5F066F5063D2}] => (Allow) C:\Games\World of Warcraft\Launcher.patch.exe
FirewallRules: [{26F6A96B-3BE8-4163-8F80-AA685B4F01C4}] => (Allow) C:\Games\World of Warcraft\Launcher.patch.exe
FirewallRules: [{EA509893-17A3-440A-A3DE-DC8C8178BD31}] => (Allow) C:\Program Files (x86)\uTorrent\utorrent.exe
FirewallRules: [{380D05BB-B6A5-4DD2-961C-F68E63AB85D0}] => (Allow) C:\Program Files (x86)\uTorrent\utorrent.exe
FirewallRules: [{7A8E1EEC-7DFA-4D28-A774-7913C21BCABD}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{6732D609-6701-4D84-B5A9-6C2092209500}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{72F85294-08D6-497A-9A34-8176155796B8}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B4259394-3A2F-43D7-A1A7-C4188407469C}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{5F696E27-95A5-43F1-81F3-3A0D193F5AD0}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{5F8A7E2A-52A0-411C-927A-50E2E9A0BFD8}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
FirewallRules: [{FC68776C-E283-47BB-BC35-C4521A304D47}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 15\Programs\RM.exe
FirewallRules: [{CDE061F3-F4DD-4A8E-A1DB-0EF53FD6AA7D}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 15\Programs\RM.exe
FirewallRules: [{88B45C2D-A371-4591-90BC-34A39A57768D}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 15\Programs\Studio.exe
FirewallRules: [{6599528D-3037-41C3-8AAF-9B0ACEB3BE40}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 15\Programs\Studio.exe
FirewallRules: [{B1BB40ED-3471-4D65-8D03-63B42AD92D08}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 15\Programs\umi.exe
FirewallRules: [{AF8EEE77-8A92-4552-AF78-900BC9394527}] => (Allow) C:\Program Files (x86)\Pinnacle\Studio 15\Programs\umi.exe
FirewallRules: [{E7F3095F-89D1-456D-BCED-AD4A423EBBC1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD11\PowerDVD11.exe
FirewallRules: [{5A458BD9-2EDA-4B74-A9EA-C0D8A8B6AC40}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe
FirewallRules: [{68298FDE-F3C3-402D-BD3F-E6455CF3CD14}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServer.exe
FirewallRules: [{B19B5983-5D81-45B5-BDB8-CB34274B546B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD11\Movie\MovieModule.exe
FirewallRules: [{A377A8D3-3F38-4F98-AFB2-D512F12D8E79}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD11\Movie\PowerDVD Cinema\PowerDVDCinema11.exe
FirewallRules: [{41268F47-A6F2-48E0-9D6D-F0C403DA3A4A}] => (Allow) C:\Program Files\Pogoplug\HBPLUG\HBPLUG.EXE
FirewallRules: [{9362E160-D5F7-4E66-ABC9-ACE0498426A1}] => (Allow) C:\Program Files\Pogoplug\HBPLUG\HBPLUG.EXE
FirewallRules: [TCP Query User{8D43BF20-FA22-4077-9727-6D0FB05FB25C}C:\games\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe] => (Allow) C:\games\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe
FirewallRules: [UDP Query User{42DE66F8-2C6E-4CE6-ADAA-A8E3B236F5F5}C:\games\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe] => (Allow) C:\games\world of warcraft\temp\wow-4.2.0.2552-enus-tools-downloader.exe
FirewallRules: [{4512372B-752F-4B9F-9FEF-D73AF6E22AE1}] => (Allow) C:\Program Files\Pogoplug\HBPLUG\HBPLUG.EXE
FirewallRules: [{647E8540-223B-47EA-9FE6-E00F4157AA79}] => (Allow) C:\Program Files\Pogoplug\HBPLUG\HBPLUG.EXE
FirewallRules: [{78371CD2-22AA-4720-887F-2FE9DB555E70}] => (Allow) C:\Games\SW-OldRepublic\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{5CDF14FC-D054-4542-A020-3A70A5DEB76C}] => (Allow) C:\Games\SW-OldRepublic\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{AF42303C-98CA-4DB4-BDB3-EF7468B40353}] => (Allow) C:\Games\SW-OldRepublic\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{3C3C0F3E-A14F-4BF1-8628-72A199A5C185}] => (Allow) C:\Games\SW-OldRepublic\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{E596A047-816B-4F51-A2A7-D295D35909A3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\duke nukem forever\System\DukeForever.exe
FirewallRules: [{906CBDB5-C5BA-40B7-8FAD-F13BBEA7ADA5}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\duke nukem forever\System\DukeForever.exe
FirewallRules: [{58B85D3C-D7ED-4904-8C7E-D3C955587014}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\portal 2\portal2.exe
FirewallRules: [{D0B4B211-DFFD-4501-93E7-11547AB47D6A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\portal 2\portal2.exe
FirewallRules: [{B365D2F1-C8DF-4B2E-82ED-F08BF7C2C7F0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\skyrim\SkyrimLauncher.exe
FirewallRules: [{C1122CB8-375B-4B9D-B897-E590FEDCD8D0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\skyrim\SkyrimLauncher.exe
FirewallRules: [TCP Query User{E663C35B-E5CD-4A3B-AF53-B14EA50DBBD9}C:\games\sw-oldrepublic\star wars-the old republic\betatest\retailclient\swtor.exe] => (Allow) C:\games\sw-oldrepublic\star wars-the old republic\betatest\retailclient\swtor.exe
FirewallRules: [UDP Query User{9EB4AE82-D70B-4FA4-9A58-EDDE582A500B}C:\games\sw-oldrepublic\star wars-the old republic\betatest\retailclient\swtor.exe] => (Allow) C:\games\sw-oldrepublic\star wars-the old republic\betatest\retailclient\swtor.exe
FirewallRules: [TCP Query User{AD3BD41E-375F-49B9-BDA7-F296C6551F76}C:\games\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe] => (Allow) C:\games\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe
FirewallRules: [UDP Query User{EE664F5B-AEEF-4BA5-ACB3-4CED7C19B92A}C:\games\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe] => (Allow) C:\games\world of warcraft\temp\wow-4.2.1.2617-enus-tools-downloader.exe
FirewallRules: [TCP Query User{7C4B1F66-4F16-45F4-AA3D-90F2F5691F7C}C:\games\world of warcraft\backgrounddownloader.exe] => (Allow) C:\games\world of warcraft\backgrounddownloader.exe
FirewallRules: [UDP Query User{F22E66AD-CEC3-453E-8D74-1249D0A6871C}C:\games\world of warcraft\backgrounddownloader.exe] => (Allow) C:\games\world of warcraft\backgrounddownloader.exe
FirewallRules: [{29C905B8-242A-470A-8EA6-09F90EE84D2A}] => (Allow) C:\Program Files\Silicondust\HDHomeRun\hdhomerun_quicktv.exe
FirewallRules: [{DBF885D5-EEF3-436A-9B74-04F0212E1E66}] => (Allow) C:\Program Files\Silicondust\HDHomeRun\hdhomerun_setup.exe
FirewallRules: [{63524F2A-5CD9-417E-8B2D-690A83F472F2}] => (Allow) C:\Program Files\Silicondust\HDHomeRun\hdhomerun_config_gui.exe
FirewallRules: [{078D48D7-B4BC-45EA-A880-108ADE548B6E}] => (Allow) C:\Program Files\Silicondust\HDHomeRun\hdhomerun_config.exe
FirewallRules: [{FF667DA1-8AFE-431C-9A33-4DD500D34A19}] => (Allow) C:\Windows\ehome\ehRecvr.exe
FirewallRules: [{58803DB7-39FE-425E-A4CF-64A53C363CC2}] => (Allow) C:\Users\Mailan\AppData\Local\Viber\Viber.exe
FirewallRules: [{CA8B0041-A71F-4CEB-A1F1-7DC578BD99D4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{709D9A5A-B702-4E67-8A13-7DAEEA2849F8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5074E841-978B-4180-A9F8-0E00CA426F11}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{DBBA867C-A31D-4F40-B2BD-3E7B2EA20C77}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{32B75622-5B6B-426F-B3E0-13AF674A1810}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{A3A1462C-CB06-41F7-87D0-A2A521CCC9EA}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{24613A36-8DCD-4267-A335-55DF6D2F910F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{4D6E16B0-1A6A-42C5-A442-71A7B97AEFCC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{46252F50-E20F-47C3-8E0D-B89EFDB50F87}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{DE33D48F-9E11-4D40-9C5B-B7A900216B4F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{5F3C2DF8-99CA-43A8-8EE3-B6FC7AD4AD20}] => (Allow) C:\Program Files\Pogoplug\HBPLUG\HBPLUG.EXE
FirewallRules: [{202EF719-DC4B-4E83-9086-946FA93CA222}] => (Allow) C:\Program Files\Pogoplug\HBPLUG\HBPLUG.EXE
FirewallRules: [{F11353DD-EC33-4206-B8D9-AB36A3ED0DA4}] => (Allow) C:\Program Files\iTunes\iTunes.exe

==================== Faulty Device Manager Devices =============

Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/03/2015 01:07:32 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/31/2015 01:25:27 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/30/2015 02:26:30 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/29/2015 07:40:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FlashUtil64_11_7_700_169_ActiveX.exe, version: 11.7.700.169, time stamp: 0x5155fbd9
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc000041d
Fault offset: 0x0000000000053290
Faulting process id: 0x134c
Faulting application start time: 0xFlashUtil64_11_7_700_169_ActiveX.exe0
Faulting application path: FlashUtil64_11_7_700_169_ActiveX.exe1
Faulting module path: FlashUtil64_11_7_700_169_ActiveX.exe2
Report Id: FlashUtil64_11_7_700_169_ActiveX.exe3

Error: (07/29/2015 07:39:55 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: FlashUtil64_11_7_700_169_ActiveX.exe, version: 11.7.700.169, time stamp: 0x5155fbd9
Faulting module name: ntdll.dll, version: 6.1.7601.18247, time stamp: 0x521eaf24
Exception code: 0xc0000005
Fault offset: 0x0000000000053290
Faulting process id: 0x134c
Faulting application start time: 0xFlashUtil64_11_7_700_169_ActiveX.exe0
Faulting application path: FlashUtil64_11_7_700_169_ActiveX.exe1
Faulting module path: FlashUtil64_11_7_700_169_ActiveX.exe2
Report Id: FlashUtil64_11_7_700_169_ActiveX.exe3

Error: (07/29/2015 07:36:36 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/27/2015 11:00:41 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/26/2015 03:26:51 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/25/2015 01:31:32 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.

Error: (07/24/2015 12:50:45 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.


System errors:
=============
Error: (08/03/2015 04:43:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The OutfoxTvService service failed to start due to the following error:
%%2

Error: (08/03/2015 12:30:06 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Windows Modules Installer service terminated with the following error:
%%16405

Error: (08/03/2015 12:29:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The OutfoxTvService service failed to start due to the following error:
%%2

Error: (08/03/2015 12:26:07 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The OutfoxTvService service failed to start due to the following error:
%%2

Error: (08/03/2015 12:07:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053

Error: (08/03/2015 12:07:21 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

Error: (08/03/2015 11:53:08 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053

Error: (08/03/2015 11:53:08 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.

Error: (08/03/2015 11:46:47 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
%%1053

Error: (08/03/2015 11:46:47 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Search service to connect.


Microsoft Office:
=========================
Error: (04/25/2014 03:01:57 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 8868 seconds with 780 seconds of active time. This session ended with a crash.

Error: (01/14/2014 12:05:31 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6680.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 17499 seconds with 780 seconds of active time. This session ended with a crash.

Error: (09/04/2013 03:43:12 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6668.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 20869 seconds with 3180 seconds of active time. This session ended with a crash.

Error: (04/07/2013 02:31:34 AM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 166 seconds with 120 seconds of active time. This session ended with a crash.

Error: (04/04/2013 12:31:48 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 2801 seconds with 480 seconds of active time. This session ended with a crash.

Error: (03/20/2013 06:20:26 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 29973 seconds with 1620 seconds of active time. This session ended with a crash.

Error: (03/14/2013 06:02:07 PM) (Source: Microsoft Office 12 Sessions) (EventID: 7001) (User: )
Description: ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6665.5003, Microsoft Office Version: 12.0.6612.1000. This session lasted 26806 seconds with 4260 seconds of active time. This session ended with a crash.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3 CPU 550 @ 3.20GHz
Percentage of memory in use: 28%
Total physical RAM: 6135.07 MB
Available physical RAM: 4382.26 MB
Total Virtual: 12268.36 MB
Available Virtual: 10029.71 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:914.41 GB) (Free:567 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 5BBF51C3)
Partition 1: (Not Active) - (Size=17 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=914.4 GB) - (Type=07 NTFS)

==================== End of log ============================
Davvy
Regular Member
 
Posts: 22
Joined: June 6th, 2012, 11:59 pm

Re: Potential Bot infection - Windows 7 can't boot

Unread postby Gary R » August 4th, 2015, 1:28 am

OK, there's a few things need attending to on that machine, but before we do I'd like you to run a further scan for me, which should reveal whether there's more to deal with than was revealed in the FRST log.

Please download AdwCleaner and save it to your desktop.

  • Double click AdwCleaner.exe to run it.
  • Click Scan.
  • A logfile will automatically open after the scan has finished.
  • Close the adwCleaner window, click ok to the prompt.
  • Please post the contents of that logfile with your next reply.
  • You can also find the logfile at C:\AdwCleaner[R1].txt.

AT THIS POINT, DO NOT ATTEMPT TO CLEAN ANYTHING THAT MAY BE FOUND
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Potential Bot infection - Windows 7 can't boot

Unread postby Davvy » August 4th, 2015, 12:20 pm

Hello again, Gary. I've got the ADWCleaner scan for this computer here:

# AdwCleaner v4.208 - Logfile created 04/08/2015 at 09:14:33
# Updated 09/07/2015 by Xplode
# Database : 2015-08-01.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Mailan - MAILAN-PC
# Running from : C:\Users\Mailan\Desktop\Malware Scan Software\ADWCleaner and Logs\adwcleaner_4.208.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo.xml
File Found : C:\Users\Mailan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_plarium.com_0.localstorage
File Found : C:\Users\Mailan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_plarium.com_0.localstorage-journal
File Found : C:\Users\Mailan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
File Found : C:\Users\Mailan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
File Found : C:\Users\Mailan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.illumask.com_0.localstorage
File Found : C:\Users\Mailan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.illumask.com_0.localstorage-journal
File Found : C:\Users\Mailan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_shop.illumask.com_0.localstorage
File Found : C:\Users\Mailan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_shop.illumask.com_0.localstorage-journal
File Found : C:\Users\Mailan\AppData\Roaming\Mozilla\Firefox\Profiles\pczd9vrv.default\user.js
Folder Found : C:\Program Files (x86)\Perk Prize Panel
Folder Found : C:\Windows\SysWOW64\SearchProtect

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\timesheraldonline.com
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : [x64] HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D0D64E3C-4B40-3020-B26E-0AB9B12B38A9}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17909


-\\ Mozilla Firefox v6.0.2 (en-US)


-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [2790 bytes] - [04/08/2015 09:14:33]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2849 bytes] ##########
Davvy
Regular Member
 
Posts: 22
Joined: June 6th, 2012, 11:59 pm

Re: Potential Bot infection - Windows 7 can't boot

Unread postby Gary R » August 4th, 2015, 4:41 pm

OK, there's a few things in your latest log that need attending to.

First ...

Please go to Control Panel > Programs > Uninstall a program and Uninstall the following:

Java 7 Update 25


Old versions of Java can be (and usually do get) compromised.

Reboot the computer afterwards

Next ...

  • Double click AdwCleaner.exe to run it.
  • Click Scan and allow the scan to finish.
  • Now click Clean to remove the items found.
  • Click OK to the prompt.
  • The tool will run & your computer will be rebooted automatically. A logfile will open after the restart.
  • Post the contents of the logfile with your next reply.
  • You can also find the logfile at C:\AdwCleaner[s1].txt.

Next ...

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy/Paste the contents of the code box below into Notepad (don't include Code: Select all).
Code: Select all
SearchScopes: HKU\S-1-5-21-587955097-2177950641-2578035670-1001 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKU\S-1-5-21-587955097-2177950641-2578035670-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Perk Prize Panel -> {47F3EB15-C230-4A0B-BE4B-D527FF483B48} -> C:\Program Files (x86)\Perk Prize Panel\pp.dll [2014-02-13] ()
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011-08-09]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} [2012-05-25]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-08-08]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-22]
FF HKU\S-1-5-21-587955097-2177950641-2578035670-1001\...\Firefox\Extensions: [pp@perk.com] - C:\Program Files (x86)\Perk Prize Panel\FF
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Mailan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-15]
S2 OutfoxTvService; C:\Program Files\OutfoxTV\OutfoxTvService.exe [X]
C:\Program Files\OutfoxTV
C:\Program Files (x86)\uTorrent
FF Homepage: hxxp://www.outfox.tv/?referid=
2011-07-31 22:16 - 2011-09-01 23:00 - 0000083 ___SH () C:\ProgramData\.zreglib
2010-12-01 08:49 - 2010-12-01 08:52 - 0015545 _____ () C:\ProgramData\ArcadeDeluxe4.log
Task: {F1A01D78-7D0A-4BA6-940D-2FA4B09D7F93} - System32\Tasks\{44F77E5D-963F-4A36-92DD-55B4129431C9} => pcalua.exe -a "C:\Utilities\MegaUpload Manager\megamanager.exe" -d "C:\Utilities\MegaUpload Manager"
FirewallRules: [{C4458E79-9237-4C68-8060-E02BDCE3982B}] => (Allow) LPort=2869
FirewallRules: [{EA509893-17A3-440A-A3DE-DC8C8178BD31}] => (Allow) C:\Program Files (x86)\uTorrent\utorrent.exe
FirewallRules: [{380D05BB-B6A5-4DD2-961C-F68E63AB85D0}] => (Allow) C:\Program Files (x86)\uTorrent\utorrent.exe
FirewallRules: [{7A8E1EEC-7DFA-4D28-A774-7913C21BCABD}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{6732D609-6701-4D84-B5A9-6C2092209500}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
Hosts:
EmptyTemp:
CMD: ipconfig /flushdns

    • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post me the log

Summary of the logs I need from you in your next post:
  • AdwCleaner[s1].txt
  • Fixlog.txt


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Potential Bot infection - Windows 7 can't boot

Unread postby Davvy » August 4th, 2015, 9:00 pm

Hi again Gary, afer doing all you instructed, here are the logs. The first one is actually saved as AdwCleaner[S0].txt:

# AdwCleaner v4.208 - Logfile created 04/08/2015 at 17:36:58
# Updated 09/07/2015 by Xplode
# Database : 2015-08-01.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Mailan - MAILAN-PC
# Running from : C:\Users\Mailan\Desktop\Malware Scan Software\ADWCleaner and Logs\adwcleaner_4.208.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files (x86)\Perk Prize Panel
Folder Deleted : C:\Windows\SysWOW64\SearchProtect
File Deleted : C:\Users\Mailan\AppData\Roaming\Mozilla\Firefox\Profiles\pczd9vrv.default\user.js
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\yahoo.xml
File Deleted : C:\Users\Mailan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_shop.illumask.com_0.localstorage
File Deleted : C:\Users\Mailan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_shop.illumask.com_0.localstorage-journal
File Deleted : C:\Users\Mailan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_plarium.com_0.localstorage
File Deleted : C:\Users\Mailan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_plarium.com_0.localstorage-journal
File Deleted : C:\Users\Mailan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
File Deleted : C:\Users\Mailan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal
File Deleted : C:\Users\Mailan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.illumask.com_0.localstorage
File Deleted : C:\Users\Mailan\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.illumask.com_0.localstorage-journal

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D0D64E3C-4B40-3020-B26E-0AB9B12B38A9}
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\timesheraldonline.com
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17909


-\\ Mozilla Firefox v6.0.2 (en-US)


-\\ Google Chrome v


*************************

AdwCleaner[R0].txt - [2932 bytes] - [04/08/2015 09:14:33]
AdwCleaner[R1].txt - [2991 bytes] - [04/08/2015 17:33:01]
AdwCleaner[S0].txt - [2905 bytes] - [04/08/2015 17:36:58]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2964 bytes] ##########
Davvy
Regular Member
 
Posts: 22
Joined: June 6th, 2012, 11:59 pm

Re: Potential Bot infection - Windows 7 can't boot

Unread postby Davvy » August 4th, 2015, 9:02 pm

And here is the second log file:

Fix result of Farbar Recovery Scan Tool (x64) Version:02-08-2015 01
Ran by Mailan (2015-08-04 17:44:57) Run:1
Running from C:\Users\Mailan\Desktop\Malware Scan Software\FRST 64 Bit and Logs
Loaded Profiles: Mailan (Available Profiles: Mailan)
Boot Mode: Normal
==============================================

fixlist content:
*****************
SearchScopes: HKU\S-1-5-21-587955097-2177950641-2578035670-1001 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKU\S-1-5-21-587955097-2177950641-2578035670-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO-x32: Perk Prize Panel -> {47F3EB15-C230-4A0B-BE4B-D527FF483B48} -> C:\Program Files (x86)\Perk Prize Panel\pp.dll [2014-02-13] ()
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2011-08-09]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} [2012-05-25]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012-08-08]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012-09-22]
FF HKU\S-1-5-21-587955097-2177950641-2578035670-1001\...\Firefox\Extensions: [pp@perk.com] - C:\Program Files (x86)\Perk Prize Panel\FF
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Mailan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-15]
S2 OutfoxTvService; C:\Program Files\OutfoxTV\OutfoxTvService.exe [X]
C:\Program Files\OutfoxTV
C:\Program Files (x86)\uTorrent
FF Homepage: hxxp://www.outfox.tv/?referid=
2011-07-31 22:16 - 2011-09-01 23:00 - 0000083 ___SH () C:\ProgramData\.zreglib
2010-12-01 08:49 - 2010-12-01 08:52 - 0015545 _____ () C:\ProgramData\ArcadeDeluxe4.log
Task: {F1A01D78-7D0A-4BA6-940D-2FA4B09D7F93} - System32\Tasks\{44F77E5D-963F-4A36-92DD-55B4129431C9} => pcalua.exe -a "C:\Utilities\MegaUpload Manager\megamanager.exe" -d "C:\Utilities\MegaUpload Manager"
FirewallRules: [{C4458E79-9237-4C68-8060-E02BDCE3982B}] => (Allow) LPort=2869
FirewallRules: [{EA509893-17A3-440A-A3DE-DC8C8178BD31}] => (Allow) C:\Program Files (x86)\uTorrent\utorrent.exe
FirewallRules: [{380D05BB-B6A5-4DD2-961C-F68E63AB85D0}] => (Allow) C:\Program Files (x86)\uTorrent\utorrent.exe
FirewallRules: [{7A8E1EEC-7DFA-4D28-A774-7913C21BCABD}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
FirewallRules: [{6732D609-6701-4D84-B5A9-6C2092209500}] => (Allow) C:\Program Files (x86)\uTorrent\uTorrent.exe
Hosts:
EmptyTemp:
CMD: ipconfig /flushdns
*****************

HKU\S-1-5-21-587955097-2177950641-2578035670-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-587955097-2177950641-2578035670-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{47F3EB15-C230-4A0B-BE4B-D527FF483B48}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{47F3EB15-C230-4A0B-BE4B-D527FF483B48}" => key removed successfully
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} => moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} => moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} => moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} => moved successfully.
HKU\S-1-5-21-587955097-2177950641-2578035670-1001\Software\Mozilla\Firefox\Extensions\\pp@perk.com => value removed successfully
C:\Users\Mailan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg => moved successfully.
OutfoxTvService => service removed successfully
"C:\Program Files\OutfoxTV" => File/Folder not found.
"C:\Program Files (x86)\uTorrent" => File/Folder not found.
Firefox homepage removed successfully
C:\ProgramData\.zreglib => moved successfully.
C:\ProgramData\ArcadeDeluxe4.log => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F1A01D78-7D0A-4BA6-940D-2FA4B09D7F93}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F1A01D78-7D0A-4BA6-940D-2FA4B09D7F93}" => key removed successfully
C:\Windows\System32\Tasks\{44F77E5D-963F-4A36-92DD-55B4129431C9} => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{44F77E5D-963F-4A36-92DD-55B4129431C9}" => key removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{C4458E79-9237-4C68-8060-E02BDCE3982B} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EA509893-17A3-440A-A3DE-DC8C8178BD31} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{380D05BB-B6A5-4DD2-961C-F68E63AB85D0} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7A8E1EEC-7DFA-4D28-A774-7913C21BCABD} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{6732D609-6701-4D84-B5A9-6C2092209500} => value removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully.
Hosts restored successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => 19.3 GB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 17:50:09 ====
Davvy
Regular Member
 
Posts: 22
Joined: June 6th, 2012, 11:59 pm

Re: Potential Bot infection - Windows 7 can't boot

Unread postby Gary R » August 5th, 2015, 12:48 am

OK, looks like everything was removed successfully, so let's move on to the next machine on your network (please let me know how many machines you have that we need to check).

Please run a FRST scan and an ADWCleaner scan on that machine (don't try to clean anything with ADWCleaner) and post me the new logs.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Potential Bot infection - Windows 7 can't boot

Unread postby Davvy » August 5th, 2015, 1:43 am

Woot, that's great news, for the "Mailan" machine you just helped me clean up. There's just one more Windows 7 PC, and I shall run the scans tomorrow morning on it and post them here right away.

Thanks Gary!
Davvy
Regular Member
 
Posts: 22
Joined: June 6th, 2012, 11:59 pm

Re: Potential Bot infection - Windows 7 can't boot

Unread postby Gary R » August 5th, 2015, 4:58 am

Talk to you then. :thumbleft:

What I want to do, is remove any "obvious" signs of "malware" (or anything closely resembling it) right across your network, and then if necessary we can look for things that aren't so obvious.

So far I haven't seen anything of any real concern in either of the two machines I've looked at, but ISPs like Comcast can sometimes get their knickers in a knot about the strangest of things, so we'll keep going till we find whatever it is that's bugging them.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Potential Bot infection - Windows 7 can't boot

Unread postby Davvy » August 5th, 2015, 1:51 pm

Good morning, Gary, here is the first log, FRST.txt, for the third machine:

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:02-08-2015 01
Ran by usa (administrator) on ALEX-I7PC (05-08-2015 10:28:35)
Running from C:\Users\usa\Desktop
Loaded Profiles: usa (Available Profiles: usa)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
() C:\Windows\SysWOW64\PnkBstrB.exe
(Silicondust USA Inc) C:\Program Files\Silicondust\HDHomeRun\hdhomerun_service.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Spotify Ltd) C:\Users\usa\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(MagicISO, Inc.) C:\Program Files (x86)\MagicDisc\MagicDisc.exe
(Corsair Components, Inc.) C:\Program Files (x86)\Corsair\Corsair Utility Engine\CorsairHID.exe
(SlySoft, Inc.) C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe
(NVIDIA Corporation) C:\Users\usa\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2462536 2014-10-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Corsair Utility Engine] => C:\Program Files (x86)\Corsair\Corsair Utility Engine\CorsairHID.exe [11753792 2015-05-22] (Corsair Components, Inc.)
HKLM-x32\...\Run: [CloneCDTray] => C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe [57344 2009-01-29] (SlySoft, Inc.)
HKU\S-1-5-19\...\Run: [ArmA 2] => rundll32 "C:\Users\usa\AppData\Local\Oblivion\ArmA 2\maoe.dll",DllRegisterServer <===== ATTENTION
HKU\S-1-5-20\...\Run: [ArmA 2] => rundll32 "C:\Users\usa\AppData\Local\Oblivion\ArmA 2\maoe.dll",DllRegisterServer <===== ATTENTION
HKU\S-1-5-21-3152413659-541220980-1918132639-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [2895552 2015-07-23] (Valve Corporation)
HKU\S-1-5-21-3152413659-541220980-1918132639-1000\...\Run: [ArmA 2] => rundll32 "C:\Users\usa\AppData\Local\Oblivion\ArmA 2\maoe.dll",DllRegisterServer <===== ATTENTION
HKU\S-1-5-21-3152413659-541220980-1918132639-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [53288576 2015-06-29] (Skype Technologies S.A.)
HKU\S-1-5-21-3152413659-541220980-1918132639-1000\...\Run: [Spotify Web Helper] => C:\Users\usa\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2008632 2015-07-16] (Spotify Ltd)
HKU\S-1-5-21-3152413659-541220980-1918132639-1000\...\Run: [GoogleChromeAutoLaunch_A068E1551D96D1EEAF8F1D2DD23B89FA] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [813896 2015-07-25] (Google Inc.)
HKU\S-1-5-18\...\Run: [ArmA 2] => rundll32 "C:\Users\usa\AppData\Local\Oblivion\ArmA 2\maoe.dll",DllRegisterServer <===== ATTENTION
Startup: C:\Users\usa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk [2014-07-02]
ShortcutTarget: MagicDisc.lnk -> C:\Program Files (x86)\MagicDisc\MagicDisc.exe (MagicISO, Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-3152413659-541220980-1918132639-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-06-25] (Oracle Corporation)
BHO-x32: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2010-10-27] (Atheros Commnucations)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-06-25] (Oracle Corporation)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/f ... wflash.cab
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{2F70CD45-EE1B-4519-9DA2-A9356C56889F}: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\usa\AppData\Roaming\Mozilla\Firefox\Profiles\2yexin1d.default
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-15] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-15] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-06-25] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2013-06-25] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-06-16] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-06-16] (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-3152413659-541220980-1918132639-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\usa\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-05-26] (Unity Technologies ApS)
FF Extension: ActiveGS - C:\Users\usa\AppData\Roaming\Mozilla\Firefox\Profiles\2yexin1d.default\Extensions\activegs@freetoolsassociation.com [2012-03-28]
FF Extension: Easy Screen Shot - C:\Users\usa\AppData\Roaming\Mozilla\Firefox\Profiles\2yexin1d.default\Extensions\xgjrhftcne@xgjrhftcne.org.xpi [1679-06-29]
FF Extension: tektek.org GaiaOnline Toolbar 2.1 - C:\Users\usa\AppData\Roaming\Mozilla\Firefox\Profiles\2yexin1d.default\Extensions\{0df7b3bb-9581-44bb-835f-061a29ec8a46}.xpi [2013-01-21]
FF Extension: PDFescape Extension - C:\Users\usa\AppData\Roaming\Mozilla\Firefox\Profiles\2yexin1d.default\Extensions\{2A1D5949-B519-4924-BF62-8522FE0D5274}.xpi [2012-02-28]
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2015-07-28]

Chrome:
=======
CHR Profile: C:\Users\usa\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Drive) - C:\Users\usa\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-04-14]
CHR Extension: (Tampermonkey) - C:\Users\usa\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2014-11-07]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\usa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Skype Click to Call) - C:\Users\usa\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2014-01-17]
CHR Extension: (Chrome Web Store Payments) - C:\Users\usa\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-17]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [52896 2010-10-27] (Atheros Commnucations) [File not signed]
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [814464 2015-02-06] ()
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S3 DAUpdaterSvc; C:\Program Files (x86)\Steam\steamapps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe [25832 2014-06-21] (BioWare)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-10-16] (NVIDIA Corporation)
R2 HDHomeRun Service; C:\Program Files\Silicondust\HDHomeRun\hdhomerun_service.exe [15360 2011-10-25] (Silicondust USA Inc) [File not signed]
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-10-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19439944 2014-10-16] (NVIDIA Corporation)
S3 Origin Client Service; C:\GAMES\Origin\OriginClientService.exe [1910640 2015-03-24] (Electronic Arts)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [75064 2013-08-17] ()
R2 PnkBstrB; C:\Windows\SysWOW64\PnkBstrB.exe [189248 2013-08-17] ()
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 CorsairVBusDriver; C:\Windows\System32\DRIVERS\CorsairVBusDriver.sys [47840 2015-05-18] (Corsair)
R3 CorsairVHidDriver; C:\Windows\System32\DRIVERS\CorsairVHidDriver.sys [21728 2015-05-18] (Corsair)
R3 ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [40872 2014-02-10] (SlySoft, Inc.)
R3 ElbyCDFL; C:\Windows\SysWOW64\Drivers\ElbyCDFL.sys [40872 2014-02-10] (SlySoft, Inc.)
S3 EvolveVirtualAdapter; C:\Windows\System32\DRIVERS\evolve.sys [21656 2014-07-23] (Echobit, LLC)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19272 2014-10-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38048 2014-10-16] (NVIDIA Corporation)
S3 skfiltv; C:\Windows\System32\drivers\skfiltv.sys [24064 2008-08-14] (Creative Technology Ltd.)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-05 10:28 - 2015-08-05 10:28 - 00015928 _____ C:\Users\usa\Desktop\FRST.txt
2015-08-05 10:28 - 2015-08-05 10:28 - 00000000 ____D C:\FRST
2015-08-05 10:27 - 2015-08-04 09:11 - 02248704 _____ C:\Users\usa\Desktop\adwcleaner_4.208.exe
2015-08-05 10:27 - 2015-08-03 16:50 - 02169856 _____ (Farbar) C:\Users\usa\Desktop\FRST64.exe
2015-08-05 01:26 - 2015-08-05 01:26 - 00000000 ____D C:\Users\usa\AppData\Roaming\Tera_Awesomium
2015-07-28 16:34 - 2015-07-28 16:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-28 15:41 - 2015-07-28 15:41 - 00000085 ___SH C:\ProgramData\.zreglib
2015-07-28 15:36 - 2015-07-28 15:36 - 00001113 _____ C:\Users\Public\Desktop\CloneCD.lnk
2015-07-28 15:36 - 2015-07-28 15:36 - 00000000 ____D C:\ProgramData\SlySoft
2015-07-28 15:36 - 2015-07-28 15:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlySoft
2015-07-28 15:36 - 2015-07-28 15:36 - 00000000 ____D C:\Program Files (x86)\SlySoft
2015-07-28 15:35 - 2015-07-28 15:41 - 00000000 ____D C:\ProgramData\Elaborate Bytes
2015-07-28 15:35 - 2015-07-28 15:35 - 00001199 _____ C:\Users\Public\Desktop\CloneDVD2.lnk
2015-07-28 15:35 - 2015-07-28 15:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
2015-07-28 15:35 - 2015-07-28 15:35 - 00000000 ____D C:\Program Files (x86)\Elaborate Bytes
2015-07-28 15:26 - 2015-07-28 15:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Active@ ISO Burner
2015-07-28 15:26 - 2015-07-28 15:26 - 00000000 ____D C:\Program Files (x86)\LSoft Technologies
2015-07-28 00:41 - 2015-06-16 23:03 - 00571024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-07-28 00:39 - 2015-06-17 02:10 - 42729104 _____ C:\Windows\system32\nvcompiler.dll
2015-07-28 00:39 - 2015-06-17 02:10 - 37748880 _____ C:\Windows\SysWOW64\nvcompiler.dll
2015-07-28 00:39 - 2015-06-17 02:10 - 30481552 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-07-28 00:39 - 2015-06-17 02:10 - 22947144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-07-28 00:39 - 2015-06-17 02:10 - 16145200 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-07-28 00:39 - 2015-06-17 02:10 - 15866992 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-07-28 00:39 - 2015-06-17 02:10 - 14497520 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-07-28 00:39 - 2015-06-17 02:10 - 13263056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-07-28 00:39 - 2015-06-17 02:10 - 11831856 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-07-28 00:39 - 2015-06-17 02:10 - 11011216 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-07-28 00:39 - 2015-06-17 02:10 - 02932368 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-07-28 00:39 - 2015-06-17 02:10 - 02599752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-07-28 00:39 - 2015-06-17 02:10 - 01898128 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6435330.dll
2015-07-28 00:39 - 2015-06-17 02:10 - 01557832 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6435330.dll
2015-07-28 00:39 - 2015-06-17 02:10 - 01099992 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-07-28 00:39 - 2015-06-17 02:10 - 01060168 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-07-28 00:39 - 2015-06-17 02:10 - 01050768 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-07-28 00:39 - 2015-06-17 02:10 - 00982672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-07-28 00:39 - 2015-06-17 02:10 - 00975176 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-07-28 00:39 - 2015-06-17 02:10 - 00938752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-07-28 00:39 - 2015-06-17 02:10 - 00204648 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-07-28 00:39 - 2015-06-17 02:10 - 00176904 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-07-28 00:39 - 2015-06-17 02:10 - 00155280 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-07-28 00:39 - 2015-06-17 02:10 - 00150832 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-07-28 00:39 - 2015-06-17 02:10 - 00128696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-07-28 00:39 - 2015-06-17 02:10 - 00040280 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-07-27 23:45 - 2015-07-27 23:45 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-07-27 23:45 - 2015-07-27 23:45 - 00000000 ____D C:\Windows\system32\appraiser
2015-07-27 23:44 - 2015-01-08 16:44 - 00419936 _____ C:\Windows\SysWOW64\locale.nls
2015-07-27 23:44 - 2015-01-08 16:43 - 00419936 _____ C:\Windows\system32\locale.nls
2015-07-27 23:20 - 2015-05-01 06:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-07-27 23:20 - 2015-05-01 06:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-07-27 23:02 - 2015-07-02 14:21 - 19877376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-27 23:02 - 2015-07-02 14:08 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-07-27 23:02 - 2015-07-02 13:50 - 02279424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-27 23:02 - 2015-07-02 13:49 - 25193984 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-27 23:02 - 2015-07-02 13:46 - 00479232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-27 23:02 - 2015-07-02 13:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-27 23:02 - 2015-07-02 13:23 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-27 23:02 - 2015-07-02 13:19 - 12855296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-27 23:02 - 2015-07-02 13:12 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-27 23:02 - 2015-07-02 12:55 - 01310720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-27 23:02 - 2015-07-02 12:20 - 14453248 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-27 23:02 - 2015-07-02 11:59 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-27 23:02 - 2015-06-25 11:09 - 00389832 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-27 23:02 - 2015-06-25 10:43 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-27 23:02 - 2015-06-20 13:06 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-27 23:02 - 2015-06-20 12:50 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-27 23:02 - 2015-06-20 12:49 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-27 23:02 - 2015-06-20 12:49 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-27 23:02 - 2015-06-20 12:49 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-27 23:02 - 2015-06-20 12:48 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-27 23:02 - 2015-06-20 12:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-27 23:02 - 2015-06-20 12:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-27 23:02 - 2015-06-20 12:34 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-27 23:02 - 2015-06-20 12:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-27 23:02 - 2015-06-20 12:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-27 23:02 - 2015-06-20 12:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-27 23:02 - 2015-06-20 12:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-27 23:02 - 2015-06-20 12:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-27 23:02 - 2015-06-20 12:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-27 23:02 - 2015-06-20 12:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-27 23:02 - 2015-06-20 12:05 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-27 23:02 - 2015-06-20 11:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-27 23:02 - 2015-06-20 11:48 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-27 23:02 - 2015-06-20 11:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-27 23:02 - 2015-06-20 11:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-27 23:02 - 2015-06-20 11:26 - 02427392 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-27 23:02 - 2015-06-20 11:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-27 23:02 - 2015-06-19 11:25 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-27 23:02 - 2015-06-19 11:25 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-07-27 23:02 - 2015-06-19 11:24 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-27 23:02 - 2015-06-19 11:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-07-27 23:02 - 2015-06-19 11:23 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-27 23:02 - 2015-06-19 11:17 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-27 23:02 - 2015-06-19 11:16 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-07-27 23:02 - 2015-06-19 11:13 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-27 23:02 - 2015-06-19 11:13 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-07-27 23:02 - 2015-06-19 11:03 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-27 23:02 - 2015-06-19 10:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-07-27 23:02 - 2015-06-19 10:53 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-27 23:02 - 2015-06-19 10:52 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-27 23:02 - 2015-06-19 10:51 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-27 23:02 - 2015-06-19 10:40 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-27 23:02 - 2015-06-19 10:40 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-27 23:02 - 2015-06-19 10:39 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-07-27 23:02 - 2015-06-19 10:15 - 01951232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-27 23:02 - 2015-06-19 10:11 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-27 23:01 - 2015-05-25 11:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-07-27 23:01 - 2015-05-25 11:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-07-27 23:01 - 2015-05-25 11:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-07-27 23:01 - 2015-05-25 11:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-07-27 23:01 - 2015-05-25 11:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-07-27 23:01 - 2015-05-25 11:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-07-27 23:01 - 2015-05-25 11:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-07-27 23:01 - 2015-05-25 11:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-07-27 23:01 - 2015-05-25 11:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-07-27 23:01 - 2015-05-25 11:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-07-27 23:01 - 2015-05-25 11:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-07-27 23:01 - 2015-05-25 11:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-07-27 23:01 - 2015-05-25 11:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-07-27 23:01 - 2015-05-25 11:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-07-27 23:01 - 2015-05-25 11:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-07-27 23:01 - 2015-05-25 11:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-07-27 23:01 - 2015-05-25 11:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-07-27 23:01 - 2015-05-25 11:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-07-27 23:01 - 2015-05-25 11:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-07-27 23:01 - 2015-05-25 11:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-07-27 23:01 - 2015-05-25 11:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-07-27 23:01 - 2015-05-25 11:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-07-27 23:01 - 2015-05-25 11:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-07-27 23:01 - 2015-05-25 11:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-07-27 23:01 - 2015-05-25 11:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-07-27 23:01 - 2015-05-25 11:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-07-27 23:01 - 2015-05-25 11:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-07-27 23:01 - 2015-05-25 11:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-07-27 23:01 - 2015-05-25 11:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-07-27 23:01 - 2015-05-25 11:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-07-27 23:01 - 2015-05-25 11:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-07-27 23:01 - 2015-05-25 11:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-07-27 23:01 - 2015-05-25 11:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-07-27 23:01 - 2015-05-25 11:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-07-27 23:01 - 2015-05-25 11:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-07-27 23:01 - 2015-05-25 11:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-07-27 23:01 - 2015-05-25 11:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-07-27 23:01 - 2015-05-25 11:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-07-27 23:01 - 2015-05-25 11:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-07-27 23:01 - 2015-05-25 11:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-07-27 23:01 - 2015-05-25 11:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-07-27 23:01 - 2015-05-25 11:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-07-27 23:01 - 2015-05-25 11:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-07-27 23:01 - 2015-05-25 11:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-07-27 23:01 - 2015-05-25 11:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-07-27 23:01 - 2015-05-25 11:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-07-27 23:01 - 2015-05-25 11:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-07-27 23:01 - 2015-05-25 11:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-07-27 23:01 - 2015-05-25 11:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-07-27 23:01 - 2015-05-25 11:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-07-27 23:01 - 2015-05-25 11:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-07-27 23:01 - 2015-05-25 11:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-07-27 23:01 - 2015-05-25 11:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-07-27 23:01 - 2015-05-25 11:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-07-27 23:01 - 2015-05-25 11:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-07-27 23:01 - 2015-05-25 11:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-07-27 23:01 - 2015-05-25 11:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-07-27 23:01 - 2015-05-25 11:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-07-27 23:01 - 2015-05-25 11:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-07-27 23:01 - 2015-05-25 11:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-07-27 23:01 - 2015-05-25 11:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-07-27 23:01 - 2015-05-25 11:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-07-27 23:01 - 2015-05-25 11:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-07-27 23:01 - 2015-05-25 11:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-07-27 23:01 - 2015-05-25 11:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-07-27 23:01 - 2015-05-25 11:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-07-27 23:01 - 2015-05-25 11:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-07-27 23:01 - 2015-05-25 10:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-07-27 23:01 - 2015-05-25 10:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-07-27 23:01 - 2015-05-25 10:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-07-27 23:01 - 2015-05-25 10:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-07-27 23:01 - 2015-05-25 10:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-07-27 23:01 - 2015-05-25 10:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-07-27 23:01 - 2015-05-25 10:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-07-27 23:01 - 2015-05-25 10:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-07-27 23:01 - 2015-05-25 10:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-07-27 23:01 - 2015-05-25 10:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-07-27 23:01 - 2015-05-25 10:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-07-27 23:01 - 2015-05-25 10:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-07-27 23:01 - 2015-05-25 10:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-07-27 23:01 - 2015-05-25 10:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-07-27 23:01 - 2015-05-25 10:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-07-27 23:01 - 2015-05-25 10:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-07-27 23:01 - 2015-05-25 10:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-07-27 23:01 - 2015-05-25 10:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-07-27 23:01 - 2015-05-25 10:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-07-27 23:01 - 2015-05-25 10:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-07-27 23:01 - 2015-05-25 10:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-07-27 23:01 - 2015-05-25 10:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-07-27 23:01 - 2015-05-25 10:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-07-27 23:01 - 2015-05-25 10:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-07-27 23:01 - 2015-05-25 10:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-07-27 23:01 - 2015-05-25 10:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-07-27 23:01 - 2015-05-25 10:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-07-27 23:01 - 2015-05-25 10:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-07-27 23:01 - 2015-05-25 10:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-07-27 23:01 - 2015-05-25 09:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-07-27 23:01 - 2015-05-25 09:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-07-27 23:01 - 2015-05-25 09:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-07-27 23:01 - 2015-05-25 09:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-07-27 23:01 - 2015-05-25 09:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-07-27 23:01 - 2015-05-25 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-07-27 23:01 - 2015-02-02 20:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-07-27 23:01 - 2015-02-02 20:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-07-27 23:01 - 2015-02-02 20:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-07-27 23:01 - 2015-02-02 20:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-07-27 23:01 - 2015-02-02 20:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-07-27 23:01 - 2015-02-02 20:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-07-27 23:01 - 2015-02-02 20:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-07-27 23:01 - 2015-02-02 20:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-07-27 23:01 - 2015-02-02 20:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-07-27 23:01 - 2015-02-02 20:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-07-27 23:01 - 2015-02-02 20:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-07-27 23:01 - 2015-02-02 20:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-07-27 23:01 - 2015-02-02 20:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-07-27 23:01 - 2015-02-02 20:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-07-27 23:01 - 2015-02-02 20:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-07-27 23:01 - 2015-02-02 20:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-07-27 23:01 - 2015-02-02 20:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-07-27 23:01 - 2015-02-02 20:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-07-27 23:01 - 2015-02-02 20:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-07-27 23:01 - 2015-02-02 20:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-07-27 23:01 - 2015-02-02 20:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-07-27 23:01 - 2015-02-02 20:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-07-27 23:01 - 2015-02-02 20:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-07-27 23:01 - 2015-02-02 20:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-07-27 23:01 - 2015-02-02 20:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-07-27 23:01 - 2015-02-02 20:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-07-27 23:01 - 2015-02-02 20:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-07-27 23:01 - 2015-02-02 20:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-07-27 23:01 - 2015-02-02 20:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-07-27 23:01 - 2015-02-02 20:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-07-27 23:01 - 2015-02-02 20:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-07-27 23:01 - 2015-02-02 20:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-07-27 23:01 - 2015-02-02 20:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-07-27 23:01 - 2015-02-02 20:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-07-27 23:01 - 2015-02-02 20:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-07-27 23:01 - 2015-02-02 20:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-07-27 23:01 - 2015-02-02 20:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-07-27 23:01 - 2015-02-02 20:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-07-27 23:01 - 2015-02-02 20:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-07-27 23:01 - 2015-02-02 20:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-07-27 23:01 - 2015-02-02 20:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-07-27 23:01 - 2015-02-02 20:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-07-27 23:01 - 2015-02-02 20:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-07-27 23:01 - 2015-02-02 20:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-07-27 23:01 - 2015-02-02 20:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-07-27 23:01 - 2015-02-02 20:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-07-27 23:01 - 2015-02-02 20:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-07-27 23:01 - 2015-02-02 20:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-07-27 23:01 - 2015-02-02 20:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-07-27 23:01 - 2015-02-02 20:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-07-27 23:01 - 2015-02-02 20:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-07-27 23:01 - 2015-02-02 20:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-07-27 23:01 - 2015-02-02 20:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-07-27 23:01 - 2015-02-02 20:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-07-27 23:01 - 2015-02-02 20:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-07-27 23:01 - 2015-02-02 20:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-07-27 23:01 - 2015-02-02 20:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-07-27 23:01 - 2015-02-02 20:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-07-27 23:01 - 2015-02-02 20:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-07-27 23:01 - 2015-02-02 19:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-07-27 23:01 - 2014-10-31 15:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-07-27 23:01 - 2014-06-27 17:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-07-27 23:01 - 2014-06-27 17:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-07-27 23:00 - 2015-07-09 10:58 - 03154944 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-27 23:00 - 2015-07-09 10:58 - 02603008 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-27 23:00 - 2015-07-09 10:58 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-27 23:00 - 2015-07-09 10:58 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-27 23:00 - 2015-07-09 10:58 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-27 23:00 - 2015-07-09 10:58 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-27 23:00 - 2015-07-09 10:58 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-27 23:00 - 2015-07-09 10:58 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-27 23:00 - 2015-07-09 10:58 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-27 23:00 - 2015-07-09 10:58 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-27 23:00 - 2015-07-09 10:58 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-07-27 23:00 - 2015-07-09 10:43 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-27 23:00 - 2015-07-09 10:43 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-27 23:00 - 2015-07-09 10:43 - 00093184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-27 23:00 - 2015-07-09 10:43 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-27 23:00 - 2015-07-09 10:42 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-27 23:00 - 2015-07-01 13:56 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-27 23:00 - 2015-07-01 13:56 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-27 23:00 - 2015-07-01 13:49 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-27 23:00 - 2015-07-01 13:49 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-27 23:00 - 2015-07-01 13:49 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-27 23:00 - 2015-07-01 13:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-27 23:00 - 2015-07-01 13:49 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-27 23:00 - 2015-07-01 13:49 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-27 23:00 - 2015-07-01 13:49 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-07-27 23:00 - 2015-07-01 13:49 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-27 23:00 - 2015-07-01 13:49 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-27 23:00 - 2015-07-01 13:49 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-27 23:00 - 2015-07-01 13:49 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-27 23:00 - 2015-07-01 13:48 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-07-27 23:00 - 2015-07-01 13:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-27 23:00 - 2015-07-01 13:47 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-27 23:00 - 2015-07-01 13:47 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-27 23:00 - 2015-07-01 13:43 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-27 23:00 - 2015-07-01 13:43 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-27 23:00 - 2015-07-01 13:39 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-27 23:00 - 2015-07-01 13:30 - 00552960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-27 23:00 - 2015-07-01 13:30 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-27 23:00 - 2015-07-01 13:30 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-07-27 23:00 - 2015-07-01 13:30 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-07-27 23:00 - 2015-07-01 13:30 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-07-27 23:00 - 2015-07-01 13:30 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-07-27 23:00 - 2015-07-01 13:30 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-07-27 23:00 - 2015-07-01 13:30 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-07-27 23:00 - 2015-07-01 13:30 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-07-27 23:00 - 2015-07-01 13:29 - 00665088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-27 23:00 - 2015-07-01 13:29 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-07-27 23:00 - 2015-07-01 13:29 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-07-27 23:00 - 2015-07-01 13:27 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-07-27 23:00 - 2015-07-01 13:26 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-07-27 23:00 - 2015-07-01 13:24 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-07-27 23:00 - 2015-07-01 12:27 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-07-27 23:00 - 2015-07-01 12:26 - 00290816 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-07-27 23:00 - 2015-07-01 12:26 - 00129024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-07-27 23:00 - 2015-06-03 13:17 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-07-27 23:00 - 2015-04-19 20:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-07-27 23:00 - 2015-04-19 20:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-07-27 23:00 - 2015-04-19 19:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-07-27 23:00 - 2015-04-17 20:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-07-27 23:00 - 2015-04-17 19:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-07-27 22:59 - 2015-07-14 20:19 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-27 22:59 - 2015-07-14 20:19 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-27 22:59 - 2015-07-14 20:19 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-27 22:59 - 2015-07-14 20:19 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-27 22:59 - 2015-07-14 19:55 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-07-27 22:59 - 2015-07-14 19:55 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-27 22:59 - 2015-07-14 19:55 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-07-27 22:59 - 2015-07-14 19:54 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-07-27 22:59 - 2015-07-14 18:59 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-27 22:59 - 2015-07-14 18:52 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-27 22:59 - 2015-07-04 11:07 - 02087424 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2015-07-27 22:59 - 2015-07-04 10:48 - 01414656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2015-07-27 22:59 - 2015-06-26 19:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-27 22:59 - 2015-06-26 19:43 - 05923840 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-27 22:59 - 2015-06-26 18:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-07-27 22:59 - 2015-06-26 18:39 - 04520448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-27 22:59 - 2015-06-25 01:57 - 03207168 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-27 22:59 - 2015-06-17 10:47 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-27 22:59 - 2015-06-17 10:37 - 00312320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-27 22:59 - 2015-06-15 14:50 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-27 22:59 - 2015-06-15 14:45 - 03242496 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-27 22:59 - 2015-06-15 14:45 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-27 22:59 - 2015-06-15 14:45 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-27 22:59 - 2015-06-15 14:45 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-07-27 22:59 - 2015-06-15 14:44 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\msiexec.exe
2015-07-27 22:59 - 2015-06-15 14:43 - 02364416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-27 22:59 - 2015-06-15 14:43 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-27 22:59 - 2015-06-15 14:43 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-07-27 22:59 - 2015-06-15 14:42 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
2015-07-27 22:59 - 2015-06-15 14:42 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\msimsg.dll
2015-07-27 22:59 - 2015-06-15 14:37 - 00025088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msimsg.dll
2015-07-27 22:59 - 2015-06-11 10:57 - 06131200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-07-27 22:59 - 2015-06-11 10:57 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-07-27 22:59 - 2015-06-11 10:57 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-07-27 22:59 - 2015-06-11 10:56 - 07077376 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-07-27 22:59 - 2015-06-11 10:56 - 01057792 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-07-27 22:59 - 2015-06-11 10:56 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-07-27 22:59 - 2015-06-11 06:15 - 00429568 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-07-27 22:59 - 2015-06-09 11:03 - 03180544 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-07-27 22:59 - 2015-06-09 11:03 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-07-27 22:59 - 2015-06-03 13:17 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-07-27 22:59 - 2015-04-29 11:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-07-27 22:59 - 2015-04-29 11:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-07-27 22:59 - 2015-04-29 11:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-07-27 22:59 - 2015-04-29 11:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-07-27 22:59 - 2015-04-29 11:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-07-27 22:59 - 2015-04-29 11:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-07-27 22:59 - 2015-04-29 11:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-07-27 22:59 - 2015-04-29 11:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-07-27 22:59 - 2015-04-29 11:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-07-27 22:59 - 2015-04-29 11:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-07-27 22:59 - 2015-04-27 12:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-07-27 22:59 - 2015-04-27 12:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-07-27 22:59 - 2015-04-27 12:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-07-27 22:59 - 2015-04-27 12:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-07-27 22:59 - 2015-04-27 12:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-07-27 22:59 - 2015-04-27 12:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-07-27 22:59 - 2015-04-27 12:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-07-27 22:59 - 2015-04-27 12:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-07-27 22:59 - 2015-04-24 11:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-07-27 22:59 - 2015-04-24 10:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-07-27 22:59 - 2015-04-10 20:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-07-27 22:59 - 2015-04-07 20:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-07-27 22:59 - 2015-04-07 20:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-07-27 22:59 - 2015-04-07 20:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-07-27 22:59 - 2015-03-13 20:21 - 01632768 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-07-27 22:59 - 2015-03-13 20:21 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-07-27 22:59 - 2015-03-13 20:04 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-07-27 22:59 - 2015-03-13 20:04 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2015-07-27 22:59 - 2015-03-09 20:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-07-27 22:59 - 2015-03-09 20:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-07-27 22:59 - 2015-03-09 20:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-07-27 22:59 - 2015-03-09 20:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-07-27 22:59 - 2015-03-03 21:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-07-27 22:59 - 2015-03-03 21:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-07-27 22:59 - 2015-03-03 21:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-07-27 22:59 - 2015-03-03 21:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-07-27 22:59 - 2015-03-03 21:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-07-27 22:59 - 2015-03-03 21:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-07-27 22:59 - 2015-03-03 21:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-07-27 22:59 - 2015-03-03 21:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-07-27 22:59 - 2015-03-03 21:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-07-27 22:59 - 2015-03-03 21:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-07-27 22:59 - 2015-02-24 20:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-07-27 22:59 - 2015-02-18 00:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-07-27 22:59 - 2015-02-18 00:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-07-27 22:59 - 2015-02-12 22:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-07-27 22:59 - 2015-02-12 22:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-07-27 22:59 - 2015-02-02 20:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-07-27 22:59 - 2015-02-02 20:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-07-27 22:59 - 2015-02-02 20:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-07-27 22:59 - 2015-02-02 20:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-07-27 22:59 - 2015-01-28 20:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-07-27 22:59 - 2015-01-28 20:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-07-27 22:59 - 2015-01-16 19:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-07-27 22:59 - 2015-01-16 19:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-07-27 22:59 - 2014-12-18 20:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-07-27 22:59 - 2014-12-18 18:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-07-27 22:59 - 2014-12-07 20:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-07-27 22:59 - 2014-12-07 19:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-07-27 22:59 - 2014-12-05 21:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-07-27 22:59 - 2014-12-05 20:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-07-27 22:59 - 2014-12-05 20:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-07-27 22:58 - 2015-06-01 17:07 - 00254976 _____ (Microsoft Corporation) C:\Windows\system32\cewmdm.dll
2015-07-27 22:58 - 2015-06-01 16:47 - 00210432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cewmdm.dll
2015-07-27 22:58 - 2015-04-12 20:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-07-27 22:58 - 2014-12-11 10:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-07-27 22:58 - 2014-11-25 20:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-07-27 22:58 - 2014-11-25 20:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-07-27 22:54 - 2015-07-25 11:07 - 00017856 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-07-27 22:54 - 2015-07-25 11:04 - 00765440 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-07-27 22:54 - 2015-07-25 11:04 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-07-27 22:54 - 2015-07-25 11:03 - 01085440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-07-27 22:54 - 2015-07-25 11:03 - 00433664 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-07-27 22:54 - 2015-07-25 11:03 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-07-27 22:54 - 2015-07-25 11:03 - 00067584 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-07-27 22:54 - 2015-07-25 10:55 - 01145856 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-07-27 22:54 - 2015-06-03 13:16 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-07-27 22:54 - 2015-06-03 13:16 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-07-27 22:54 - 2015-05-09 11:26 - 00493504 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-07-27 22:52 - 2015-02-03 20:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-07-27 22:52 - 2015-02-03 19:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-07-21 19:18 - 2015-07-21 19:18 - 00000000 ____D C:\Users\usa\AppData\Local\CEF
2015-07-20 00:13 - 2015-07-20 00:13 - 00293160 _____ C:\Windows\Minidump\072015-15709-01.dmp
2015-07-18 18:17 - 2015-07-18 18:23 - 00000000 ____D C:\Users\usa\AppData\Roaming\OBS
2015-07-18 18:17 - 2015-07-18 18:17 - 00000935 _____ C:\Users\usa\Desktop\Open Broadcaster Software.lnk
2015-07-18 18:17 - 2015-07-18 18:17 - 00000000 ____D C:\Users\usa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Open Broadcaster Software
2015-07-18 18:17 - 2015-07-18 18:17 - 00000000 ____D C:\Program Files\OBS
2015-07-18 18:17 - 2015-07-18 18:17 - 00000000 ____D C:\Program Files (x86)\OBS
2015-07-18 18:16 - 2015-07-18 18:17 - 07416552 _____ C:\Users\usa\Downloads\OBS_0_652b_Installer.exe
2015-07-18 15:18 - 2015-07-18 15:19 - 00293168 _____ C:\Windows\Minidump\071815-14008-01.dmp
2015-07-14 21:13 - 2015-07-14 21:13 - 00293168 _____ C:\Windows\Minidump\071415-24710-01.dmp
2015-07-13 02:57 - 2015-07-20 00:13 - 586249788 _____ C:\Windows\MEMORY.DMP
2015-07-13 02:57 - 2015-07-20 00:13 - 00000000 ____D C:\Windows\Minidump
2015-07-13 02:57 - 2015-07-13 02:57 - 00293152 _____ C:\Windows\Minidump\071315-15178-01.dmp
2015-07-11 18:39 - 2015-07-11 18:39 - 00002297 _____ C:\Users\usa\Desktop\Skyrim (SKSE).lnk
2015-07-11 18:36 - 2015-07-11 18:37 - 00335183 _____ C:\Users\usa\Downloads\skse_1_07_02_installer.exe
2015-07-09 00:46 - 2015-07-15 01:46 - 18524336 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2015-07-07 18:28 - 2015-07-07 18:28 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Corsair Utility Engine
2015-07-07 18:28 - 2015-07-07 18:28 - 00000000 ____D C:\Program Files (x86)\Corsair
2015-07-07 18:24 - 2015-07-07 18:25 - 53900082 _____ C:\Users\usa\Downloads\Corsair-Utility-Engine-v1.7.106.zip

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-05 10:28 - 2012-07-17 21:23 - 01273731 _____ C:\Windows\WindowsUpdate.log
2015-08-05 10:27 - 2013-01-25 17:54 - 00000000 ____D C:\Users\usa\AppData\Roaming\Skype
2015-08-05 10:26 - 2012-03-28 20:06 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-05 10:26 - 2011-11-16 22:31 - 00000000 ____D C:\Program Files (x86)\Steam
2015-08-05 10:26 - 2009-07-13 21:45 - 00025984 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-05 10:26 - 2009-07-13 21:45 - 00025984 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-05 10:18 - 2013-07-29 08:52 - 00108255 _____ C:\Windows\setupact.log
2015-08-05 10:18 - 2011-11-16 12:57 - 00000000 ____D C:\ProgramData\NVIDIA
2015-08-05 10:18 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-08-05 03:07 - 2012-03-28 20:06 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-05 02:46 - 2012-11-27 17:03 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-08-05 01:17 - 2013-01-12 22:47 - 00000000 ____D C:\Program Files (x86)\TERA
2015-08-05 01:12 - 2015-05-05 03:17 - 00000000 ____D C:\ProgramData\boost_interprocess
2015-08-01 22:04 - 2012-04-26 17:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-01 13:40 - 2009-07-13 22:13 - 00786662 _____ C:\Windows\system32\PerfStringBackup.INI
2015-08-01 13:35 - 2011-11-17 01:36 - 00000000 ____D C:\UTILITIES
2015-07-29 18:14 - 2011-11-21 12:49 - 00000000 ____D C:\GAMES
2015-07-29 18:08 - 2014-01-17 18:53 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-07-28 16:52 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2015-07-28 15:30 - 2011-11-16 22:53 - 00000000 ____D C:\Users\usa\AppData\Local\CrashDumps
2015-07-28 13:52 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\AppCompat
2015-07-28 00:42 - 2011-11-16 12:57 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-07-28 00:41 - 2014-10-22 19:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-07-28 00:40 - 2011-11-16 12:57 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-07-28 00:34 - 2014-10-22 18:54 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-27 23:52 - 2009-07-13 21:57 - 00001547 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-07-27 23:47 - 2009-07-13 21:45 - 00409744 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-27 23:45 - 2010-11-21 00:17 - 00000000 ____D C:\Program Files\Windows Journal
2015-07-27 23:45 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2015-07-27 23:45 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\Dism
2015-07-27 23:45 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-07-27 23:45 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-07-27 23:40 - 2011-11-17 10:07 - 00001945 _____ C:\Windows\epplauncher.mif
2015-07-27 23:40 - 2011-11-17 10:06 - 00002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-07-27 23:39 - 2012-07-17 14:20 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2015-07-27 23:39 - 2011-11-17 10:06 - 00000000 ____D C:\Program Files\Microsoft Security Client
2015-07-27 23:38 - 2011-11-26 16:25 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-27 23:35 - 2011-11-17 10:06 - 00778784 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-07-27 23:20 - 2013-04-12 12:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-07-27 23:19 - 2013-04-12 12:02 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-07-27 23:19 - 2013-04-12 12:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-07-27 23:16 - 2013-12-19 11:29 - 00000000 ____D C:\Windows\system32\MRT
2015-07-17 22:09 - 2014-06-02 22:27 - 00002042 _____ C:\Users\Public\Desktop\Google Slides.lnk
2015-07-17 22:09 - 2014-06-02 22:27 - 00002040 _____ C:\Users\Public\Desktop\Google Sheets.lnk
2015-07-17 22:09 - 2014-06-02 22:27 - 00002030 _____ C:\Users\Public\Desktop\Google Docs.lnk
2015-07-17 22:09 - 2014-06-02 22:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-07-17 03:09 - 2011-11-16 13:04 - 00000000 ____D C:\NVIDIA
2015-07-16 19:19 - 2015-04-30 21:30 - 00000000 ____D C:\Users\usa\AppData\Local\Spotify
2015-07-16 18:10 - 2015-04-30 21:29 - 00000000 ____D C:\Users\usa\AppData\Roaming\Spotify
2015-07-15 17:02 - 2012-03-28 20:06 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-15 17:02 - 2012-03-28 20:06 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-15 01:46 - 2012-11-27 17:03 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-15 01:46 - 2012-11-27 17:03 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-15 01:46 - 2011-11-16 13:04 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-14 15:41 - 2015-06-23 12:04 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-07-13 01:51 - 2013-05-29 16:32 - 00000000 ____D C:\Users\usa\AppData\Roaming\vlc
2015-07-12 14:51 - 2013-01-25 17:54 - 00000000 ____D C:\ProgramData\Skype
2015-07-12 14:50 - 2013-01-25 17:54 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-07-12 14:48 - 2009-07-13 22:08 - 00032578 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2015-07-11 22:40 - 2013-09-02 22:19 - 00000000 ____D C:\MOVIES
2015-07-08 16:04 - 2012-08-27 20:48 - 00000000 ____D C:\Program Files (x86)\Guild Wars 2

==================== Files in the root of some directories =======

2015-07-28 15:41 - 2015-07-28 15:41 - 0000085 ___SH () C:\ProgramData\.zreglib

Some files in TEMP:
====================
C:\Users\usa\AppData\Local\Temp\1871KrakenDevProps.dll
C:\Users\usa\AppData\Local\Temp\drm_dyndata_7390006.dll
C:\Users\usa\AppData\Local\Temp\DSETUP.dll
C:\Users\usa\AppData\Local\Temp\dsetup32.dll
C:\Users\usa\AppData\Local\Temp\DXSETUP.exe
C:\Users\usa\AppData\Local\Temp\jre-7u65-windows-i586-iftw.exe
C:\Users\usa\AppData\Local\Temp\nvSCPAPI.dll
C:\Users\usa\AppData\Local\Temp\nvStInst.exe
C:\Users\usa\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-08-03 01:03

==================== End of log ============================
Davvy
Regular Member
 
Posts: 22
Joined: June 6th, 2012, 11:59 pm

Re: Potential Bot infection - Windows 7 can't boot

Unread postby Davvy » August 5th, 2015, 1:53 pm

Here is the second FRST log, Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version:02-08-2015 01
Ran by usa (2015-08-05 10:29:21)
Running from C:\Users\usa\Desktop
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3152413659-541220980-1918132639-500 - Administrator - Disabled)
Guest (S-1-5-21-3152413659-541220980-1918132639-501 - Limited - Enabled)
usa (S-1-5-21-3152413659-541220980-1918132639-1000 - Administrator - Enabled) => C:\Users\usa

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.38 beta (HKLM-x32\...\7-Zip) (Version: - )
Active@ ISO Burner 3.0 (HKLM-x32\...\{3B756F35-2504-429A-B36C-EA0961B6A2C0}_is1) (Version: 3.0 - LSoft Technologies Inc)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Aion (HKLM-x32\...\{B9291CA2-6FA5-44EA-8EE0-923EB32ADAAB}) (Version: 4.0.0.3 - NC Interactive, LLC)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{6AF2AC2A-3532-43FD-9F4D-BDC9C0D724C7}) (Version: 7.1.2.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ARMA 2 (HKLM-x32\...\Steam App 33900) (Version: - Bohemia Interactive)
ARMA 2 Dedicated Server (HKLM-x32\...\Steam App 33905) (Version: - Bohemia Interactive)
ARMA 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version: - Bohemia Interactive)
ARMA 2: Operation Arrowhead Beta (HKLM-x32\...\Steam App 219540) (Version: - )
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.4.5.0 - Asmedia Technology)
Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version: - )
Bluetooth Win7 Suite (64) (HKLM\...\{230D1595-57DA-4933-8C4E-375797EBB7E1}) (Version: 7.2.0.40 - Atheros Communications)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Burnout™ Paradise: The Ultimate Box (HKLM-x32\...\{1CDC8E7D-CDFC-4C2B-A080-23D943354625}) (Version: 1.1.0.0 - Electronic Arts)
Call of Duty(R) 2 (HKLM-x32\...\InstallShield_{D0A05794-48C2-4424-A15A-9F20FCFDD374}) (Version: 1.00.0000 - Activision)
Call of Duty(R) 2 (x32 Version: 1.00.0000 - Activision) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 3.20 - Piriform)
Chivalry: Medieval Warfare (HKLM-x32\...\Steam App 219640) (Version: - Torn Banner Studios)
CloneCD (HKLM-x32\...\CloneCD) (Version: 5.3.2.0 - SlySoft)
CloneDVD2 (HKLM-x32\...\CloneDVD2) (Version: 2.9.3.3 - Elaborate Bytes)
CopyTrans Control Center Uninstall Only (HKU\S-1-5-21-3152413659-541220980-1918132639-1000\...\CopyTrans Suite) (Version: 3.003 - WindSolutions)
Corsair Utility Engine (HKLM-x32\...\{BCD00339-66CE-424C-8C17-B94C678368B9}) (Version: 1.7.106 - Corsair)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version: - Valve)
DayZ (HKLM-x32\...\Steam App 221100) (Version: - Bohemia Interactive)
DayZ Commander (HKLM-x32\...\{E91E51A3-57D2-411B-899F-5AB27E900FEF}) (Version: 0.9.108 - Dotjosh Studios)
Diablo III (HKLM-x32\...\Diablo III) (Version: - Blizzard Entertainment)
Digital Cable Advisor (HKLM\...\{07ECF9FC-BB47-4325-8345-7BFEC708DDD7}) (Version: 1.0.0.0 - Microsoft Corporation)
DiskAid 6.5.2.0 (HKLM\...\DiskAid_is1) (Version: 6.5.2.0 - DigiDNA)
Dragon Age: Origins - Ultimate Edition (HKLM-x32\...\Steam App 47810) (Version: - BioWare)
Dragon Age: Origins Character Creator (HKLM-x32\...\{D8B5B7C3-47B1-40FA-8251-59C74A543880}) (Version: 1.00 - Electronic Arts, Inc.)
Dragon Age™: Inquisition (HKLM-x32\...\{DC4C36DC-4E5B-4262-B0C7-157DF534B969}) (Version: 1.0.0.3 - Electronic Arts)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Fallout (HKLM-x32\...\Steam App 38400) (Version: - Interplay Inc.)
Fallout 2 (HKLM-x32\...\Steam App 38410) (Version: - Black Isle Studios)
Fallout 3 (HKLM-x32\...\{974C4B12-4D02-4879-85E0-61C95CC63E9E}) (Version: 1.00.0000 - Bethesda Softworks)
Fallout Mod Manager 0.13.21 (HKLM-x32\...\Generic Mod Manager_is1) (Version: - Q, Timeslip)
Fallout Tactics (HKLM-x32\...\Steam App 38420) (Version: - 14° East)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version: - Obsidian Entertainment)
FINAL FANTASY VII (HKLM-x32\...\Steam App 39140) (Version: - Square Enix)
FINAL FANTASY VIII (HKLM-x32\...\Steam App 39150) (Version: - SQUARE ENIX)
Five Nights at Freddy's DEMO (HKU\S-1-5-21-3152413659-541220980-1918132639-1000\...\Five Nights at Freddy's DEMO) (Version: - )
FTL: Faster Than Light (HKLM-x32\...\Steam App 212680) (Version: - Subset Games)
Game Dev Tycoon (HKLM-x32\...\Steam App 239820) (Version: - Greenheart Games)
Garry's Mod (HKLM-x32\...\Steam App 4000) (Version: - Facepunch Studios)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.125 - Google Inc.)
Google Drive (HKLM-x32\...\{6EA8B94E-D869-4D96-88DF-5E1ECE1D6876}) (Version: 1.23.9648.8824 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version: - NCsoft Corporation, Ltd.)
Half-Life (HKLM-x32\...\Half-Life_is1) (Version: Half-Life - Non Steam - KingSOFT DVD)
Half-Life 2 (HKU\S-1-5-21-3152413659-541220980-1918132639-1000\...\Half-Life 2) (Version: - )
HDHomeRun (HKLM\...\{B0F73914-8782-4E27-94F4-ED746659C92E}) (Version: 1.0.716.0 - Silicondust)
Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
InfiniteCrisis_EDBBEA93B51A (HKLM-x32\...\InfiniteCrisis_EDBBEA93B51A) (Version: - Turbine, Inc)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
iTunes (HKLM\...\{77DE5105-D05E-448C-96CB-7FA381903753}) (Version: 11.3.1.2 - Apple Inc.)
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
JavaFX 2.1.0 (HKLM-x32\...\{1111706F-666A-4037-7777-210328764D10}) (Version: 2.1.0 - Oracle Corporation)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version: - Valve)
Left 4 Dead 2 Beta (HKLM-x32\...\Steam App 223530) (Version: - )
Loadout (HKLM-x32\...\Steam App 208090) (Version: - Edge of Reality)
Magic ISO Maker v5.5 (build 0265) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0265)) (Version: - )
Malwarebytes Anti-Malware version 1.62.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.62.0.1300 - Malwarebytes Corporation)
Medal of Honor (TM) (HKLM-x32\...\{415030B8-3E8B-462A-8C03-41D95AA3AB3B}) (Version: 1.0.0.0 - Electronic Arts)
Metro 2033 (HKLM-x32\...\Steam App 43110) (Version: - 4A Games)
Metro: Last Light (HKLM-x32\...\Steam App 43160) (Version: - 4A Games)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}) (Version: 1.2.0241 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mount & Blade: Warband (HKLM-x32\...\Steam App 48700) (Version: - TaleWorlds Entertainment)
Mozilla Firefox 36.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0.4 (x86 en-US)) (Version: 36.0.4 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
Mumble 1.2.3 (HKLM-x32\...\{B4E343DD-BAAB-4D59-AD9C-DEA0AFE09DF1}) (Version: 1.2.3 - Thorvald Natvig)
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version: - NCSOFT)
Nexus Mod Manager (HKLM\...\6af12c54-643b-4752-87d0-8335503010de_is1) (Version: 0.45.4 - Black Tree Gaming)
NVIDIA 3D Vision Controller Driver 352.65 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 352.65 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 353.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.30 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.3 - NVIDIA Corporation)
NVIDIA Graphics Driver 353.30 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.30 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Open Broadcaster Software (HKLM-x32\...\Open Broadcaster Software) (Version: - )
Origin (HKLM-x32\...\Origin) (Version: 9.4.23.2817 - Electronic Arts, Inc.)
Papers, Please (HKLM-x32\...\Steam App 239030) (Version: - 3909)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.989 - Even Balance, Inc.)
QuickTime (HKLM-x32\...\{0E64B098-8018-4256-BA23-C316A43AD9B0}) (Version: 7.72.80.56 - Apple Inc.)
Ragnarok Online 2 (HKLM-x32\...\Steam App 231060) (Version: - )
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.15.20888 - Razer Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.37.1229.2010 - Realtek)
Rocksmith 2014 (HKLM-x32\...\Steam App 221680) (Version: - Ubisoft - San Francisco)
Saints Row IV (HKLM-x32\...\Steam App 206420) (Version: - Deep Silver Volition)
SHIELD Streaming (Version: 3.1.1000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.56 - NVIDIA Corporation) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
Sniper Elite V2 (HKLM-x32\...\Steam App 63380) (Version: - Rebellion)
Spotify (HKU\S-1-5-21-3152413659-541220980-1918132639-1000\...\Spotify) (Version: 1.0.9.133.gcedaee38 - Spotify AB)
Star Wars - Battlefront II (HKLM-x32\...\Steam App 6060) (Version: - Pandemic Studios)
Star Wars Jedi Knight: Jedi Academy (HKLM-x32\...\Steam App 6020) (Version: - Raven Software)
Star Wars Republic Commando (HKLM-x32\...\Steam App 6000) (Version: - LucasArts)
Star Wars: Knights of the Old Republic (HKLM-x32\...\Steam App 32370) (Version: - BioWare)
Star Wars: Knights of the Old Republic II (HKLM-x32\...\Steam App 208580) (Version: - Obsidian Entertainment)
Star Wars: The Old Republic (HKLM-x32\...\{3B11D799-48E0-48ED-BFD7-EA655676D8BB}) (Version: 1.00 - Electronic Arts, Inc.)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Surgeon Simulator 2013 (HKLM-x32\...\Steam App 233720) (Version: - Bossa Studios)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Team Fortress 2 (HKLM-x32\...\Steam App 440) (Version: - Valve)
TeamSpeak 3 Client (HKU\S-1-5-21-3152413659-541220980-1918132639-1000\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
TERA (HKLM-x32\...\{0FCDA0F8-F3E5-402E-B9B6-13CB2B01182B}) (Version: 1.38 - En Masse Entertainment)
Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
The Walking Dead (HKLM-x32\...\Steam App 207610) (Version: - )
The Walking Dead: Season Two (HKLM-x32\...\Steam App 261030) (Version: - Telltale Games)
The Witcher 2: Assassins of Kings Enhanced Edition (HKLM-x32\...\Steam App 20920) (Version: - CD Projekt RED)
Unity Web Player (HKU\S-1-5-21-3152413659-541220980-1918132639-1000\...\UnityWebPlayer) (Version: 4.5.0f6 - Unity Technologies ApS)
Unturned (HKLM-x32\...\Steam App 304930) (Version: - Nelson Sexton)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Ventrilo Client (HKLM-x32\...\{789289CA-F73A-4A16-A331-54D498CE069F}) (Version: 3.0.8 - Flagship Industries, Inc.)
Ventrilo Client for Windows x64 (HKLM\...\{EEB3F6BB-318D-4CE5-989F-8191FCBFB578}) (Version: 3.0.8.0 - Flagship Industries, Inc.)
WinRAR archiver (HKLM-x32\...\WinRAR archiver) (Version: - )
XCOM: Enemy Unknown (HKLM-x32\...\Steam App 200510) (Version: - )

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Restore Points =========================

31-07-2015 20:28:41 Windows Update
04-08-2015 14:51:55 Windows Update

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {20C33894-01DA-4E81-96DE-D1B08E63C091} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-15] (Adobe Systems Incorporated)
Task: {5357FA47-94C7-4CE9-851D-5B2EF2286FD2} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-30] (Google Inc.)
Task: {6C4C5B9D-6D49-4A33-9CCD-E729EA39E373} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {9527D1DC-5733-4878-B91C-3773D0575DA9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-10-30] (Google Inc.)
Task: {D8F1DCE9-9D5A-4828-B090-ADC4A8A2C40B} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2011-11-16 13:05 - 2015-06-16 23:48 - 00116368 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2013-08-17 01:02 - 2013-08-17 01:02 - 00075064 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-08-17 01:02 - 2013-08-17 01:02 - 00189248 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-06-12 02:41 - 2013-06-12 20:03 - 01771520 _____ () C:\Users\usa\AppData\Local\Oblivion\ArmA 2\maoe.dll
2013-03-25 14:23 - 2015-07-03 09:12 - 00778240 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-01-19 20:19 - 2015-07-03 09:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-01-19 20:19 - 2015-07-03 09:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-01-19 20:19 - 2015-07-03 09:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2014-05-31 01:16 - 2015-07-23 16:24 - 02410176 _____ () C:\Program Files (x86)\Steam\video.dll
2014-08-29 20:52 - 2014-12-01 14:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2014-08-29 20:52 - 2014-12-01 14:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2014-08-29 20:52 - 2014-12-01 14:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2014-08-29 20:52 - 2014-12-01 14:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2014-08-29 20:52 - 2014-12-01 14:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2011-11-16 22:32 - 2015-07-23 16:23 - 00703168 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-07-21 19:18 - 2015-07-07 13:41 - 00169984 _____ () C:\Program Files (x86)\Steam\bin\openvr_api.dll
2015-05-22 18:08 - 2015-05-22 18:08 - 00091136 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\LuaQtWrapperLibrary.dll
2015-05-22 18:06 - 2015-05-22 18:06 - 00200704 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\lua52.dll
2015-05-22 18:06 - 2015-05-22 18:06 - 00224256 _____ () C:\Program Files (x86)\Corsair\Corsair Utility Engine\quazip.dll
2015-07-29 18:08 - 2015-07-25 01:46 - 01405768 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.125\libglesv2.dll
2015-07-29 18:08 - 2015-07-25 01:46 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.125\libegl.dll
2011-11-16 22:32 - 2015-07-03 09:12 - 39553928 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3152413659-541220980-1918132639-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\usa\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 0)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: AthBtTray => "C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe"
MSCONFIG\startupreg: AtherosBtStack => "C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe"
MSCONFIG\startupreg: GoogleDriveSync => "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: KrakenLauncher => C:\Program Files (x86)\Razer\Razer_Kraken_Driver\Drivers\SysAudio\KrakenSysAudioLauncher.exe /start
MSCONFIG\startupreg: NCUpdateHelper => C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Razer Synapse => "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [WMP-In-UDP] => (Allow) C:\Program Files\Windows Media Player\wmplayer.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{202782D6-C642-439B-81EC-2B2987305D3A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{843A0A12-D6BC-4700-A77B-AFD2C89E3941}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{B18A2DD3-2D28-4724-A119-3BF201307571}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\skyrim\SkyrimLauncher.exe
FirewallRules: [{28AF8B35-7BD9-454B-B5A8-93C0B537B3BA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\skyrim\SkyrimLauncher.exe
FirewallRules: [{8631459B-8B58-47DA-B54D-E820963B7624}] => (Allow) C:\Program Files\Silicondust\HDHomeRun\hdhomerun_quicktv.exe
FirewallRules: [{861E6222-97D0-47F8-A4A1-BC240C4548C6}] => (Allow) C:\Program Files\Silicondust\HDHomeRun\hdhomerun_setup.exe
FirewallRules: [{565CECE7-BE1E-48D9-89ED-12E4C5238F84}] => (Allow) C:\Program Files\Silicondust\HDHomeRun\hdhomerun_config_gui.exe
FirewallRules: [{62D78B3A-F5C7-4FDA-9158-8B120F55CE56}] => (Allow) C:\Program Files\Silicondust\HDHomeRun\hdhomerun_config.exe
FirewallRules: [{14F8ACCC-0444-41C8-815C-1C263C8B56FF}] => (Allow) C:\Windows\ehome\ehRecvr.exe
FirewallRules: [{6B5BBC2F-3F50-4698-B885-7F2B66A7DE1C}] => (Allow) C:\GAMES\Star Wars-The Old Republic\swtor\retailclient\swtor.exe
FirewallRules: [{7038A182-5E6B-4DFA-B758-9DABC25B48D6}] => (Allow) C:\GAMES\Star Wars-The Old Republic\swtor\retailclient\swtor.exe
FirewallRules: [{D1DBF39E-06AF-4065-8151-A0415520F1B8}] => (Allow) C:\GAMES\Star Wars-The Old Republic\swtor\retailclient\swtor.exe
FirewallRules: [{9D1D7BC5-66D6-49B6-833F-58F5E2B16FE2}] => (Allow) C:\GAMES\Star Wars-The Old Republic\swtor\retailclient\swtor.exe
FirewallRules: [{6D6F58A4-0CE8-4A51-93B8-B705A5430644}] => (Allow) C:\GAMES\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{E4E5DD1D-D1CC-4D0E-9CDA-7E9BA5A6CA05}] => (Allow) C:\GAMES\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{3D9ACD53-59F9-48D4-B4F6-209AEECA5C8E}] => (Allow) C:\GAMES\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{18934D5D-6311-45B5-8D3D-F00EF6BF7668}] => (Allow) C:\GAMES\Star Wars-The Old Republic\launcher.exe
FirewallRules: [{4172BDFE-2B7E-4098-A5CD-FCAC1BCA2651}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{F57A6ADD-252E-4231-9D4A-C13D82154441}] => (Allow) C:\Program Files\Ventrilo\Ventrilo.exe
FirewallRules: [{7986472E-4B6F-4806-B9EB-A0019F748CAE}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.954\Agent.exe
FirewallRules: [{147E7DE9-FF05-40F3-993A-790CE6E6C2F0}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.954\Agent.exe
FirewallRules: [{7ED02755-A008-4312-8BCB-76152832C7F7}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{EA9677DB-4142-458E-B8F7-1147B429BB0C}] => (Allow) C:\Program Files (x86)\Diablo III\Diablo III.exe
FirewallRules: [{790D1D2C-E090-4B52-980C-77E89B732F11}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.976\Agent.exe
FirewallRules: [{061E7394-65E3-404C-AF90-CD1CB9A3460F}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.976\Agent.exe
FirewallRules: [TCP Query User{8997B487-A0E4-4F53-B1D1-F7724AAC7195}C:\program files (x86)\guild wars 2\gw2.exe] => (Allow) C:\program files (x86)\guild wars 2\gw2.exe
FirewallRules: [UDP Query User{EFB80FC6-ACE2-470F-8CF5-B699DE9F23BA}C:\program files (x86)\guild wars 2\gw2.exe] => (Allow) C:\program files (x86)\guild wars 2\gw2.exe
FirewallRules: [{76172816-6139-48EE-90D5-DFAA30618B11}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Arma 2\ArmA2Server.exe
FirewallRules: [{7B8E0AFF-B5CF-4ADF-ABBB-5BF48301D90F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Arma 2\ArmA2Server.exe
FirewallRules: [{83A7AA25-B9A9-4C11-85A9-987D43E93B52}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Arma 2\arma2.exe
FirewallRules: [{FD7BD579-2EB5-4EA9-95D9-DC44E28ADACE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Arma 2\arma2.exe
FirewallRules: [{2DBD6ED9-B549-4911-8262-EB81F0023709}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\arma 2 operation arrowhead\ArmA2OA.exe
FirewallRules: [{235CBC05-B1A6-4D6C-8A6F-CF34545B0332}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\arma 2 operation arrowhead\ArmA2OA.exe
FirewallRules: [{F7CA7FE5-09D2-4F91-96F6-669C68FCE1AD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\arma 2 operation arrowhead\BEsetup\Setup_BattlEyeARMA2OA.exe
FirewallRules: [{DE402E08-17C7-4B69-81DD-01930719EEF7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\arma 2 operation arrowhead\BEsetup\Setup_BattlEyeARMA2OA.exe
FirewallRules: [{FE3DC4E4-37E9-49DF-995A-256E54131C4D}] => (Allow) C:\Program Files (x86)\TERA\TERA-Launcher.exe
FirewallRules: [{87B4C992-D953-4039-99B6-C8101FB02241}] => (Allow) C:\Program Files (x86)\TERA\TERA-Launcher.exe
FirewallRules: [{0FBDF063-E5D0-4FA8-9819-D6747F6885A5}] => (Allow) C:\Program Files (x86)\TERA\TERA-Launcher.exe
FirewallRules: [{D0D907D7-20F0-4425-B406-8D36F0F8ABE7}] => (Allow) C:\Program Files (x86)\TERA\TERA-Launcher.exe
FirewallRules: [{63D843A5-0F27-4C11-8401-59E981BAE9F8}] => (Allow) C:\Program Files (x86)\TERA\Client\TL.exe
FirewallRules: [{5F160C98-52C3-4F56-BBE1-784F8DA030F3}] => (Allow) C:\Program Files (x86)\TERA\Client\TL.exe
FirewallRules: [{053D7679-221E-4DF4-9ECF-A6BA75B61B87}] => (Allow) C:\Program Files (x86)\TERA\Client\TL.exe
FirewallRules: [{9D211303-C637-4155-B642-D20EB5AE5998}] => (Allow) C:\Program Files (x86)\TERA\Client\TL.exe
FirewallRules: [{35B1B009-E7F6-4C82-B1CB-A34E688038CE}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{3D8FB87C-C4DC-485B-AA10-EC8AB92D9302}C:\program files (x86)\activision\call of duty 2\cod2mp_s.exe] => (Block) C:\program files (x86)\activision\call of duty 2\cod2mp_s.exe
FirewallRules: [UDP Query User{567A5F9C-0FA5-4351-AB45-F27829EBDD02}C:\program files (x86)\activision\call of duty 2\cod2mp_s.exe] => (Block) C:\program files (x86)\activision\call of duty 2\cod2mp_s.exe
FirewallRules: [{F8B4FC78-D94E-4F22-881B-0ED9E390E056}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\skyrim\SkyrimLauncher.exe
FirewallRules: [{A97E1876-796E-4B45-BDE2-25D8AB248B85}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\skyrim\SkyrimLauncher.exe
FirewallRules: [{3C9A65E8-4483-4BF3-AA01-BD0D72D09DE7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\arma 2 operation arrowhead\Expansion\beta\Arma2OA.exe
FirewallRules: [{4DA5F1B6-32BE-4E2A-8F57-F3D48A9AAF6D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\arma 2 operation arrowhead\Expansion\beta\Arma2OA.exe
FirewallRules: [{66F54F54-E0C7-403F-B8B7-D586BC19C7D4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [{248BF741-A656-4F43-9DF5-C4F70B62F37B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Portal 2\portal2.exe
FirewallRules: [TCP Query User{89B38D92-7A4E-4BF4-B190-D9B3EEE01CF5}C:\games\half-life game folder\half-life\hl.exe] => (Allow) C:\games\half-life game folder\half-life\hl.exe
FirewallRules: [UDP Query User{FBBB7B53-07C4-4028-B375-EF5917F51B8D}C:\games\half-life game folder\half-life\hl.exe] => (Allow) C:\games\half-life game folder\half-life\hl.exe
FirewallRules: [{7D268D06-5E5C-47EC-BAEF-7F5E78B7EC7E}] => (Allow) C:\Program Files (x86)\Ventrilo\Ventrilo.exe
FirewallRules: [{A10E86BB-353C-4A4D-A2F2-98C9EB0565D6}] => (Allow) C:\Program Files (x86)\Ventrilo\Ventrilo.exe
FirewallRules: [{44F4813E-C953-4D9F-B8CE-064F4E11B79E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Ragnarok Online 2\WPLauncher.exe
FirewallRules: [{B54DC95F-1C81-4512-9DFF-8BA72B2660CF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Ragnarok Online 2\WPLauncher.exe
FirewallRules: [{06113AD7-A33F-4450-9C69-749C412DDB46}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{E95448B9-2B88-44F6-BA5F-E9C170860B3B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{F8DA40B8-9830-4BD3-A51F-8ED29D5AFC42}] => (Allow) C:\Program Files (x86)\Origin Games\Burnout Paradise\BurnoutParadise.exe
FirewallRules: [{F9A5CDB6-9C7A-49D7-B72D-BD3703E5F2CF}] => (Allow) C:\Program Files (x86)\Origin Games\Burnout Paradise\BurnoutParadise.exe
FirewallRules: [{F3CD091A-4FFC-4FC4-921B-D17700135CF5}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{715C20C3-7D78-4C7E-8ABA-91C8B1C74F8F}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{D0F300C8-A7B9-41FC-A4D0-4AB39C40FB0C}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{8ACDA911-106E-42C1-887F-B247B60CA9EC}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{2AB696C0-77B3-4DC1-937B-C85E1FB7632B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win32\UDK.exe
FirewallRules: [{7A952244-4F12-4BCE-9B31-7B10CD7AA71F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win32\UDK.exe
FirewallRules: [TCP Query User{A9A69C72-4430-420F-A7D7-A155D85F6B31}C:\games\age of empires 2\age2_x1.exe] => (Allow) C:\games\age of empires 2\age2_x1.exe
FirewallRules: [UDP Query User{09EDCB17-28C2-4959-8A56-A6268AD0C4A8}C:\games\age of empires 2\age2_x1.exe] => (Allow) C:\games\age of empires 2\age2_x1.exe
FirewallRules: [{4100ABE4-749B-44BE-8F21-F7AB17A9F9E0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe
FirewallRules: [{393ED540-1D0D-4308-97DF-CED007EB4C60}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\XCom-Enemy-Unknown\Binaries\Win32\XComGame.exe
FirewallRules: [{EBAD0215-AB54-42A3-B42C-43748427FDF4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fallout Tactics\BOS.exe
FirewallRules: [{59E77D9C-1D4D-40D0-95CE-590304724E69}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fallout Tactics\BOS.exe
FirewallRules: [{820ED070-C6E7-4B61-8421-7D08C3A0620F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fallout Tactics\FT Tools.exe
FirewallRules: [{41448D57-9359-4230-88F7-7F84F510E7C7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fallout Tactics\FT Tools.exe
FirewallRules: [{221E1178-A66B-47A0-8804-D79999938A67}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fallout\falloutw.exe
FirewallRules: [{08F2F33C-1BB7-450C-A6BA-F666D955FE8B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fallout\falloutw.exe
FirewallRules: [{25B06907-F8DC-49EF-85AC-E3FCD43EA11D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fallout 2\FALLOUT2.exe
FirewallRules: [{7D7BD2C2-9D63-4B99-8A47-0676AC2D1E37}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fallout 2\FALLOUT2.exe
FirewallRules: [{55DC03CB-B4F5-4BF6-A401-20DAC1E6D664}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FINAL FANTASY VII\FF7_Launcher.exe
FirewallRules: [{32694443-B2E1-44FE-827F-B8793FE3F442}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FINAL FANTASY VII\FF7_Launcher.exe
FirewallRules: [{B97BD7A2-000C-4AB8-B5A7-ABEB5AAFCD8B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{4730B1F3-EC5D-4BBD-B64D-7F236BC4F392}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{A8A71666-2BD9-4413-9C68-873EC7B7F25E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2 Beta\left4dead2_beta.exe
FirewallRules: [{3B860D3F-72F3-4510-AEB2-8368C0445460}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2 Beta\left4dead2_beta.exe
FirewallRules: [{B7FAE6B7-F4C0-4B3C-843E-94323C41F1C0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{E81ED905-29B7-49EF-ADA6-021D9CC1A1C0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{C2AD581C-12A4-4DBC-877B-4D03CFF4C2B6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{439BD0F6-71CA-46A6-9FF3-1A41521B5A39}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{9B468468-6FEB-4495-8340-AC4217412CC7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{47B0C70E-5B82-409A-A436-0506AEE88531}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Team Fortress 2\hl2.exe
FirewallRules: [{2F197CE6-0130-4ADE-95DF-F48FA798D275}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{D634536C-A212-4AC0-921A-2CD62BD33783}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{50BDC4C9-DA0B-454B-8917-F6B20BA2A1C8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{0FE47999-B275-469E-84CE-C420B2D1A9C6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [TCP Query User{7978AE5C-8CBB-4C5D-B680-8CAFD4A0E28F}C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe] => (Allow) C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe
FirewallRules: [UDP Query User{D6B8221D-2335-40FF-A716-683D5219AA57}C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe] => (Allow) C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe
FirewallRules: [{B496720F-70A5-477C-A0B0-9646D67944CC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DayZ\DayZ.exe
FirewallRules: [{C004580D-0259-49DE-A670-FAD0289598AA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DayZ\DayZ.exe
FirewallRules: [{41461467-FD1A-4296-8E8F-D0F9C04C8D81}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{067A973A-D135-4332-BFC2-03B4FD7FB69D}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{913487A0-710B-4A13-876B-6EEE0BC5710A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Loadout\Loadout.exe
FirewallRules: [{97536AC9-E9E4-4F07-AB46-FDBA76F9D586}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Loadout\Loadout.exe
FirewallRules: [{48B45E4E-F416-43A0-9BEC-4F1DD2F86D3D}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{36CD54F0-692E-47B2-8942-D3C796B34E39}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{62E0CAE4-C08A-4002-B2D9-D9CB394ECCC7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7B169ECE-02E0-4DFF-8E6C-8DFE3A63195D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{7129CF09-2256-4F7D-BEA2-AC045E6D07A3}] => (Block) %ProgramFiles% (x86)\DigiDNA\DiskAid\DiskAid.exe
FirewallRules: [{405C61D6-CA57-48C6-9BDE-4715D5DDA680}] => (Block) %ProgramFiles% (x86)\DigiDNA\DiskAid\DiskAid.exe
FirewallRules: [{85FB44F0-2054-4C32-9C96-7A7C75682613}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{A852E305-F973-4CB1-90A9-52777F61192B}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
FirewallRules: [{6590DEB2-F78C-49E8-9BE0-2EF6DBFC6E52}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{B4C416F9-A548-44AC-B985-DD181B5303DB}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
FirewallRules: [{35B5F8C0-3F9E-414D-AB86-28FE2C90CC40}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{62D493DE-9803-4872-BB60-3B20BFDF2555}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
FirewallRules: [{8AFF3038-E8A6-4364-83AA-6FA247B7476C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{A76136C9-99D7-49E5-8C6C-08619D321513}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [TCP Query User{8B635991-8C19-4187-B798-09F5B1B72318}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [UDP Query User{3777FD99-E0DE-4211-B0C4-E2713EF6065C}C:\program files (x86)\java\jre7\bin\javaw.exe] => (Allow) C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{BF5C49D7-EC58-4D45-A0BA-3FA69E3F5034}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sniper Elite V2\bin\SniperEliteV2.exe
FirewallRules: [{29AF63FC-1474-4A2F-BAFE-34D98BDBE1D6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sniper Elite V2\bin\SniperEliteV2.exe
FirewallRules: [{D30866A0-6B6E-4478-BE2A-FB12DA5FD63B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fallout\FalloutLauncher.exe
FirewallRules: [{B2599FB9-CF42-4F5A-8144-85E900104898}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fallout\FalloutLauncher.exe
FirewallRules: [{B4116C10-91F6-472A-8300-AEC787C6CACA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fallout 2\Fallout2Launcher.exe
FirewallRules: [{6374A03D-0111-4E7C-AAFB-CC9D980EDF74}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fallout 2\Fallout2Launcher.exe
FirewallRules: [{BC8DA57A-F44D-47CD-BC74-ED303D48627E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fallout Tactics\TacticsLauncher.exe
FirewallRules: [{18FD8526-4F3D-4A03-86E0-7EED95BCE209}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Fallout Tactics\TacticsLauncher.exe
FirewallRules: [{74AB524C-BA42-4D38-A99C-123E945A1F4C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\the witcher 2\Launcher.exe
FirewallRules: [{99287868-E3BE-496C-A24C-8A826826E1ED}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\the witcher 2\Launcher.exe
FirewallRules: [{5CC08DD6-2910-4496-AF67-BF4846E7AEBB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Game Dev Tycoon\GameDevTycoon.exe
FirewallRules: [{43D70BA8-0B37-4A9E-A8C5-33BD9FEB82DF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Game Dev Tycoon\GameDevTycoon.exe
FirewallRules: [{1C6285D6-EE76-4FE0-91A7-9EACA5BC59DC}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\PapersPlease\PapersPlease.exe
FirewallRules: [{549524A6-A116-437D-80AE-C96E57F584D7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\PapersPlease\PapersPlease.exe
FirewallRules: [{24365A2F-3B5C-47D3-9E1D-A02B54827009}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Rocksmith2014\Rocksmith2014.exe
FirewallRules: [{316CDC05-8665-46D1-86CD-3543ABEC1765}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Rocksmith2014\Rocksmith2014.exe
FirewallRules: [{2C37BFAC-75BA-4A47-AA97-F5FC3C3D4B41}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Surgeon Simulator 2013\ss2013.exe
FirewallRules: [{D36903B7-E9D2-4429-9A6C-35F210863B14}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Surgeon Simulator 2013\ss2013.exe
FirewallRules: [{38F11A5B-6BA2-40B8-A9AF-F2CBECBE8FAF}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{30B8F867-3420-4085-94B3-8B63189232B8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Terraria\Terraria.exe
FirewallRules: [{421EC474-FBB0-4134-A30E-87673A9EE8C7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dragon Age Ultimate Edition\DAOriginsLauncher.exe
FirewallRules: [{342B3DD3-27DF-45A8-90A7-4BF927FC444C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dragon Age Ultimate Edition\DAOriginsLauncher.exe
FirewallRules: [{03E4A2D1-A277-4B96-9CEB-F5C792ABAEF4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe
FirewallRules: [{4FD43D8E-82E6-405D-8C6B-246969141375}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Dragon Age Ultimate Edition\bin_ship\DAUpdaterSvc.Service.exe
FirewallRules: [TCP Query User{62EFDEF6-2ABC-4888-AED5-55195FCA22A3}C:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe
FirewallRules: [UDP Query User{70FDAF87-59C7-4776-B91C-5A5C118443B2}C:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe
FirewallRules: [{C793B583-56CB-4717-B4AE-6D3DBE2024BD}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{F510D717-E38D-4C20-B2CA-A21F193E9095}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Saints Row IV\SaintsRowIV.exe
FirewallRules: [{B1D4BF2F-5100-4984-B5FB-2A5C225BA7E9}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{87AB5F61-5C74-47DF-B7DA-23831E635736}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Source\hl2.exe
FirewallRules: [{7F21C5E1-3C8B-4F15-BCFB-E9809332E974}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{7F2C9B03-5DAE-499D-83DB-3A55737DD25F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\GarrysMod\hl2.exe
FirewallRules: [{F4BA23E0-B7BB-451C-9713-E2A3D969CDE1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{123CFEEC-C147-4153-B58C-774E232B0BEA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{540463F3-3E38-4038-9791-2D2312A95A3B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{8B026BAC-C6E1-4FA7-B0F1-E687CFEA96D8}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FTL Faster Than Light\FTLGame.exe
FirewallRules: [{DF699CFF-417E-4FC5-A55A-E93A7AB2D180}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Metro 2033\metro2033.exe
FirewallRules: [{039CBDDE-E169-470A-91A2-BF1ECD1D2E64}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Metro 2033\metro2033.exe
FirewallRules: [{9C76615D-0C71-4BD5-ACED-15C3F597E24A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FINAL FANTASY VIII\FF8_Launcher.exe
FirewallRules: [{B1F96A40-6DA2-4C8B-8E0F-9F0EC70FE661}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\FINAL FANTASY VIII\FF8_Launcher.exe
FirewallRules: [{A545C082-519F-4E37-9A45-6D660536EA84}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\arma 2 operation arrowhead\ArmA2OA_BE.exe
FirewallRules: [{98AA9BE9-3E3A-4602-9692-D59E6B18F95A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\arma 2 operation arrowhead\ArmA2OA_BE.exe
FirewallRules: [{9EE29819-C512-4547-9144-63CCA949FB2D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Unturned\Unturned.exe
FirewallRules: [{C2AB4029-DBBA-439B-9745-DA5F90DAD92B}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Unturned\Unturned.exe
FirewallRules: [{04E7D10E-0D24-487E-B753-579CC4BDACD2}] => (Allow) C:\Program Files\Echobit\Evolve\EvoSvc.exe
FirewallRules: [{E49E1292-4D46-4DC8-8242-1EDED6E12F89}] => (Allow) C:\Program Files\Echobit\Evolve\EvolveClient.exe
FirewallRules: [{62CDF678-F43C-4A34-B001-F27CF1ADB701}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{A9527302-BF7F-490C-A64A-91BAC4814981}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{07C8E185-68B1-4A75-BAF5-1683D5034074}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Metro Last Light\MetroLL.exe
FirewallRules: [{78DC28D7-A278-4A81-B7D5-A0841B09C8E0}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Metro Last Light\MetroLL.exe
FirewallRules: [{AC73C9D5-E395-48DD-9B7A-43C12CB0999A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Game Dev Tycoon\nw.exe
FirewallRules: [{E47EA842-3535-4971-BC9E-576BE5C613FE}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Game Dev Tycoon\nw.exe
FirewallRules: [{E1771630-1C7A-4750-8ADA-2D614A6E5D78}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{E0A5ADC4-CE80-4E80-9D6E-CF378B9C51B3}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{7969C9D1-1424-4863-B718-D823B5334637}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{64DC4055-713C-4929-9A64-4C847104744B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{AC343F98-7025-4CC5-85C9-0D28497012D4}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{BF4BFFE6-9C76-4D13-BFF3-086DC2561060}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{EED90833-6EC3-4C34-91AC-6151311F2F00}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [TCP Query User{E9369158-4AC0-4DF3-9087-57A302942D7E}C:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe
FirewallRules: [UDP Query User{F5C44FC3-D6D2-4C48-A131-56E380CAB417}C:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe] => (Allow) C:\program files (x86)\steam\steamapps\common\dragon age ultimate edition\bin_ship\daorigins.exe
FirewallRules: [{2C369026-C58F-455F-AF45-5A581DD628C0}] => (Allow) C:\Program Files (x86)\Dragon Age Origins Character Creator\bin_ship\DAOCharacterCreator.exe
FirewallRules: [{91EC9B49-BAD3-4396-ABDA-6BEB6FDEB252}] => (Allow) C:\Program Files (x86)\Dragon Age Origins Character Creator\bin_ship\DAOCharacterCreator.exe
FirewallRules: [{58C03554-5F60-4B90-8C10-5225130DBC2D}] => (Allow) C:\Program Files (x86)\Dragon Age Origins Character Creator\DAOriginsLauncher.exe
FirewallRules: [{E6B08BDD-21D8-4968-BFAD-00E68A69DE72}] => (Allow) C:\Program Files (x86)\Dragon Age Origins Character Creator\DAOriginsLauncher.exe
FirewallRules: [{14BF61D9-580D-4848-B56B-C304F6C7A4C6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{618DED21-E7E4-4B33-A76B-4171FC7FC4B6}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win64\CMW.exe
FirewallRules: [{E30F9CD7-339B-4859-8620-F1E8121ABDD3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{AE4DDA88-12B0-438A-9D0C-3102137F532E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\Binaries\Win32\CMW.exe
FirewallRules: [{6FCA7224-D5CA-4F33-9C7D-40D8E1C8BCD7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{D2DF4917-350C-4AD7-BDAD-7C8916C3A644}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\chivalrymedievalwarfare\ChivLauncher.exe
FirewallRules: [{8A7467FE-7822-43B0-A22C-A9B652EB6A0E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DayZ\DayZ_BE.exe
FirewallRules: [{E639FFCE-42F1-47BB-AFB0-5B78A12C0F0A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\DayZ\DayZ_BE.exe
FirewallRules: [{74060823-BD8D-45F4-A979-2512E769ABA5}] => (Allow) C:\Program Files (x86)\Origin Games\Dragon Age Inquisition\DragonAgeInquisition.exe
FirewallRules: [{4DA06094-1C9D-40E2-8067-67FE4AD82736}] => (Allow) C:\Program Files (x86)\Origin Games\Dragon Age Inquisition\DragonAgeInquisition.exe
FirewallRules: [{17DAE2C5-1698-4F84-B580-8C4486AE27B4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Walking Dead\WalkingDead101.exe
FirewallRules: [{EF7F0048-E51C-49C9-AB23-796C2CB9F754}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Walking Dead\WalkingDead101.exe
FirewallRules: [{ED5A4158-6E03-41F2-ACCB-04BA05AAF18C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Walking Dead Season Two\TheWalkingDead2.exe
FirewallRules: [{D14FA23E-6C92-4E64-9FF4-88B91DCE3A02}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\The Walking Dead Season Two\TheWalkingDead2.exe
FirewallRules: [{3CE64BA8-DEC6-4D3F-BFC6-3AEB126AA449}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{6FFFF7F7-D834-4BE0-9412-0AA0C6CF0A09}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\MountBlade Warband\mb_warband.exe
FirewallRules: [{FF461456-E775-46EA-B744-B43F64004FCA}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Star Wars Battlefront II\GameData\BattlefrontII.exe
FirewallRules: [{E8224E34-8EDC-410B-BBDA-59DDAC8AAEA3}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Star Wars Battlefront II\GameData\BattlefrontII.exe
FirewallRules: [{38830EC4-0C50-452E-B428-15DFEE273BF7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Star Wars Republic Commando\GameData\System\SWRepublicCommando.exe
FirewallRules: [{AC20CCC5-30B9-4BE3-827B-15B11445F44A}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Star Wars Republic Commando\GameData\System\SWRepublicCommando.exe
FirewallRules: [{D57EA43D-5C8F-42B3-B456-7CA7027C4A1E}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Jedi Academy\GameData\jasp.exe
FirewallRules: [{D0843EDC-E701-48DC-B267-00E8B9A8D09F}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Jedi Academy\GameData\jasp.exe
FirewallRules: [{799BB2DA-D6F3-4045-8A4F-4D40AB964AC4}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Jedi Academy\GameData\jamp.exe
FirewallRules: [{8857C080-61E6-4DF0-B9D6-8E3151BCB18D}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Jedi Academy\GameData\jamp.exe
FirewallRules: [{A2096A1C-7900-4D0E-B82B-96BF4E1344AB}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\swkotor\swkotor.exe
FirewallRules: [{1E141E8F-3A58-4ABE-B4A5-526987F9739C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\swkotor\swkotor.exe
FirewallRules: [{DB618528-1BD4-444B-AB40-9FCE8FBA3D3C}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Knights of the Old Republic II\swkotor2.exe
FirewallRules: [{A9F99BCA-8850-430B-9F46-2E19A91BF978}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Knights of the Old Republic II\swkotor2.exe
FirewallRules: [{D9E4016B-241F-4F21-A7E9-04C8F631CCD1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sniper Elite V2\Launcher\SniperV2Launcher.exe
FirewallRules: [{B5847670-A312-4F1B-A8AB-230D617A2726}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Sniper Elite V2\Launcher\SniperV2Launcher.exe
FirewallRules: [TCP Query User{54646CF4-3938-4CD7-BA78-6BAB3A2F2B31}C:\users\usa\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\usa\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{96D6D411-3D46-4277-B918-6CC76B62741B}C:\users\usa\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\usa\appdata\roaming\spotify\spotify.exe
FirewallRules: [{821AFF8C-55BD-4E42-AD9F-071394D94649}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{9CF71F51-A4A8-465C-B4E3-EC9AED55A23A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
FirewallRules: [{682D3E24-E96B-41B6-A924-0B7180F4B26F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{35724635-B0E9-491B-9064-5F36D9C2A4C8}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C1213A16-89C6-4E04-9DB6-EFB46FC5460B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{E48DC0B4-F9D9-4D67-9CA3-F594C32C2C65}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{93289DB0-785A-48FB-90B7-A6CE76597DCB}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/05/2015 10:19:49 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/04/2015 02:41:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/03/2015 05:11:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/02/2015 11:12:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/02/2015 02:24:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/01/2015 10:06:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/01/2015 01:28:22 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/31/2015 08:16:52 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/30/2015 02:22:40 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (07/29/2015 06:08:18 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (08/05/2015 10:28:11 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error:
%%5

Error: (08/05/2015 10:28:05 AM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (08/02/2015 11:21:07 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error:
%%5

Error: (08/02/2015 11:21:03 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (08/02/2015 11:11:13 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (08/02/2015 11:11:13 PM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

Feature: %%886

Error Code: 0x80070005

Error description: Access is denied.

Reason: %%892

Error: (08/02/2015 02:32:44 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for FailureCommand with the following error:
%%5

Error: (08/02/2015 02:32:41 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5

Error: (08/02/2015 02:22:51 PM) (Source: Microsoft Antimalware) (EventID: 3002) (User: )
Description: %%860 Real-Time Protection feature has encountered an error and failed.

Feature: %%886

Error Code: 0x80070005

Error description: Access is denied.

Reason: %%892

Error: (08/02/2015 02:22:51 PM) (Source: Service Control Manager) (EventID: 7006) (User: )
Description: The ScRegSetValueExW call failed for Start with the following error:
%%5


Microsoft Office:
=========================

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz
Percentage of memory in use: 29%
Total physical RAM: 8168.85 MB
Available physical RAM: 5755.47 MB
Total Virtual: 16335.91 MB
Available Virtual: 13808.12 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:94.98 GB) NTFS
Drive e: (USB30FD) (Removable) (Total:29.98 GB) (Free:22.67 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 29350BAF)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 30 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=30 GB) - (Type=0C)

==================== End of log ============================
Davvy
Regular Member
 
Posts: 22
Joined: June 6th, 2012, 11:59 pm

Re: Potential Bot infection - Windows 7 can't boot

Unread postby Davvy » August 5th, 2015, 1:55 pm

And here is the AdwCleaner log:

# AdwCleaner v4.208 - Logfile created 05/08/2015 at 10:44:51
# Updated 09/07/2015 by Xplode
# Database : 2015-08-01.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : usa - ALEX-I7PC
# Running from : C:\Users\usa\Desktop\adwcleaner_4.208.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo.xml
File Found : C:\Users\usa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_plarium.com_0.localstorage
File Found : C:\Users\usa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_plarium.com_0.localstorage-journal
File Found : C:\Users\usa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
File Found : C:\Users\usa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
File Found : C:\Users\usa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
File Found : C:\Users\usa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17909


-\\ Mozilla Firefox v36.0.4 (x86 en-US)


-\\ Google Chrome v44.0.2403.125

[C:\Users\usa\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Homepage] : hxxps://www.google.com/","homepage_is_newtabpage":false,"pinned_tabs":[],"protection":{"macs":{"browser":{"show_home_button":"F8D07CCCD5C0EA5E2D47D96C319D2CC8285E555BD36D023B0D294916E83E5BF8"},"default_search_provider":{"keyword":"CB4E0B5E312C2FE06BE9F663228227EF0BD336F819973C5015C7907B2526C85C","name":"9A46850366A5531AA964A236B41550F0598E69ECE10E10CA74827C6F7E2DEE63","search_url":"313ABC321685CAA09B43A492CC0C8B20BB1D61861F36E003639088D98A0B8E41"},"default_search_provider_data":{"template_url_data":"7E021C2DDDCFCCF826C0B6EBC5A2F6BCB7313CAE277121427E9BE597A29B4B0F"},"extensions":{"settings":{"ahfgeienlihckogmohjhadlkjgocpleb":"00C9269E0358F6C4670251A39BB2175C5084BD6A470234C708D637D8563BB6E8","apdfllckaahabafndbhieahigkjlhalf":"EDB2647C96AA29BB7D16F1826ADE713F489D72C3436D0755074172760935B8D4","bepbmhgboaologfdajaanbcjmnhjmhfn":"2A8CAE4C5DA74D83E987FA3F2BDF7A8637FEDF0F72355436727449766A15B44A","dhdgffkkebhmkfjojejmpbldmpobfkfo":"8AA9DD9478DA3C6BACDA0BBAE1AA3FF010A522AF19FAD387F64789387DC88FEF","dnhpdliibojhegemfjheidglijccjfmc":"1E3C60BED1B55058752BA29A887F7CC1AE52DA27A3328B79BA6D9818A7994483","eemcgdkfndhakfknompkggombfjjjeno":"7205CA3504CA4BE429218FBF75B7B70D25C8DDBF34BAE192087425C73DB0FFBE","ennkphjdgehloodpbhlhldgbnhmacadg":"F565305E750B6CEC39C89965833E635785B0D36C241B78A69B79695BFFDF29DB","gfdkimpbcpahaombhbimeihdjnejgicl":"D8438BC6005251ACDDA3C1EB611FB0A837527AF2EBAD0DD09C644E58CA924307","kmendfapggjehodndflmmgagdbamhnfd":"330C68778D84465A99536CC35B4F751E91964408F89A3EA9DE997EA1B5420C6E","lccekmodgklaepjeofjdjpbminllajkg":"1ECE51E91ABA8D541D4CCA443447CE58ED80BF07173158589632BF9052D0F0E1","lifbcibllhkdhoafpjfnlhfpfgnpldfl":"1E187B93D82DB636A4ED5BAEBBF5C2BBC85FBE760D289D4DCE28FC559D56AC60","mfehgcgbbipciphmccgaenjidiccnmng":"D6667ACB481AC70A75B9377C4618E71E5E85171B96518B6046E1A857F45276C4","mgndgikekgjfcpckkfioiadnlibdjbkf":"654B124DEFDE06CBCC483CB37997FC24276E3C012B8DDEFBDBA569CFE90A23A2","mhjfbmdgcfjbbpaeojofohoefgiehjai":"189E63DE9430BA2CCBD8355CBBEA07538671EB38F73E25CA39AA086213005027","nbpagnldghgfoolbancepceaanlmhfmd":"8020ACA21A3AB92BD697D111AA06CF657674DF598A58B8B55A1E07395320566D","neajdppkdcdipfabeoofebfddakdcjhd":"ECE4ABD1D15F90DAF8F7F8509B417B6822FFCEE5683406AF6823AF50C17383CA","nkeimhogjdpnpccoofpliimaahmaaome":"1F311C4CAD0F5E5BA2F021BAD230BB0FE4C2E1C497E37A419D683025AF338593","nmmhkkegccagdldgiimedpiccmgmieda":"0A11DCBBD2C3A4D6700F95ECFD975761F272E2455F250BEDCF55CF46260203EC","pafkbggdmjlpgkdkcbjmhmfcdpncadgh":"0D17CA3A593B5DC748439082B4FD8CD5CC85DE15E493D6EF0D6069214C252AB1"}},"google":{"services":{"account_id":"ABCC970D7242BB1F07D3D2B389A56B9FB1CECB8D83B0BA2E22041D85E76BC1BA","last_username":"F12EC862C0DC15781F5FB9171EBEC7973DF12BC63A2013321E678272B4E01842","username":"78E0F2E6920804E3F5511DA535BFE42E31FA71E7707F7D31466C7C564F7F484D"}},"homepage":"F37C490CE123FDF490E63CCEBEF1E7BD143F66BF7C08A43CA9FCEE88F199A010","homepage_is_newtabpage":"46AED2B556394373AD7417CF2B306E1AD922C58AFC9C52D25501CA6B98F141C4","pinned_tabs":"E342B08D63AFDC1C7F220FC7E9CC6647BB2F8D6C7C85316C6AA5BC07CAEE03FA","prefs":{"preference_reset_time":"025EF09A680322EA556F54527F853132C9101484A8E8A6220397C641D59AD9D4"},"profile":{"reset_prompt_memento":"4F386E5D0B5F40B44FE96B6A4C76B6250A17D3DF197F5CBF6FBC4967C8015D4E"},"safebrowsing":{"incidents_sent":"0220A6F97629BF6275ADB92E32CFF0C6595CF6B49A6E9CD8B2DF3D056EEB99E5"},"search_provider_overrides":"61991C0492D0BD237A0A5AB677FA9E68BA632BF9FBCBB1F83FCBB67C5122371C","session":{"restore_on_startup":"7923457010A4DD0982639CB0243EF5125F0CFD10BBA9FD602397B854FE152079","startup_urls":"F0E50D296E56069548EC564ADA1866041F9E08F5EEBB9B9FA279518FEF6ECE8E"},"software_reporter":{"prompt_reason":"F156790E45B1110C5DB07FE2BEFA3740E2954C010BA6819A1ABBB6C620199CE4","prompt_seed":"1D33A84AA8D8218B883AFD716F88E7521B0CAC9BEF6DA8F71487734CB3E5A3AC","prompt_version":"74E94DC901C005B3F2A97E05B9518CF061E9BFB5A16ABE8FFEE3827DF8AB765D"},"sync":{"remaining_rollback_tries":"870335FB3EFD5C2908544FF9956D65EE5399E41531F055FA3BE7735D649A4DF0"}},"super_mac":"C50918B254749A4D19F9713ADC15C348F457335D962D288141A4E9A1F629F32D"},"session":{"restore_on_startup":1,"startup_urls":["hxxp://search.conduit.com/?ctid=CT3320047&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SPB62E4C09-606D-4FAD-A5CF-FF91D0DBFDFE&SSPV=
[C:\Users\usa\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Found [Startup_URLs] : F0E50D296E56069548EC564ADA1866041F9E08F5EEBB9B9FA279518FEF6ECE8E"},"software_reporter":{"prompt_reason":"F156790E45B1110C5DB07FE2BEFA3740E2954C010BA6819A1ABBB6C620199CE4","prompt_seed":"1D33A84AA8D8218B883AFD716F88E7521B0CAC9BEF6DA8F71487734CB3E5A3AC","prompt_version":"74E94DC901C005B3F2A97E05B9518CF061E9BFB5A16ABE8FFEE3827DF8AB765D"},"sync":{"remaining_rollback_tries":"870335FB3EFD5C2908544FF9956D65EE5399E41531F055FA3BE7735D649A4DF0"}},"super_mac":"C50918B254749A4D19F9713ADC15C348F457335D962D288141A4E9A1F629F32D"},"session":{"restore_on_startup":1,"startup_urls":["hxxp://search.conduit.com/?ctid=CT3320047&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SPB62E4C09-606D-4FAD-A5CF-FF91D0DBFDFE&SSPV=

-\\ Chromium v


*************************

AdwCleaner[R0].txt - [6812 bytes] - [05/08/2015 10:44:51]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [6871 bytes] ##########
Davvy
Regular Member
 
Posts: 22
Joined: June 6th, 2012, 11:59 pm

Re: Potential Bot infection - Windows 7 can't boot

Unread postby Gary R » August 5th, 2015, 5:52 pm

Not too much to deal with on this machine.

First ...

Please go to Control Panel > Programs > Uninstall a program and Uninstall the following:

Java 7 Update 25


Reboot the computer once it's uninstalled

Next ...

  • Double click AdwCleaner.exe to run it.
  • Click Scan and allow the scan to finish.
  • Now click Clean to remove the items found.
  • Click OK to the prompt.
  • The tool will run & your computer will be rebooted automatically. A logfile will open after the restart.
  • Post the contents of the logfile with your next reply.
  • You can also find the logfile at C:\AdwCleaner[s1].txt.

Next ...

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy/Paste the contents of the code box below into Notepad (don't include Code: Select all).
Code: Select all
HKU\S-1-5-19\...\Run: [ArmA 2] => rundll32 "C:\Users\usa\AppData\Local\Oblivion\ArmA 2\maoe.dll",DllRegisterServer <===== ATTENTION
HKU\S-1-5-20\...\Run: [ArmA 2] => rundll32 "C:\Users\usa\AppData\Local\Oblivion\ArmA 2\maoe.dll",DllRegisterServer <===== ATTENTION
HKU\S-1-5-21-3152413659-541220980-1918132639-1000\...\Run: [ArmA 2] => rundll32 "C:\Users\usa\AppData\Local\Oblivion\ArmA 2\maoe.dll",DllRegisterServer <===== ATTENTION
HKU\S-1-5-18\...\Run: [ArmA 2] => rundll32 "C:\Users\usa\AppData\Local\Oblivion\ArmA 2\maoe.dll",DllRegisterServer <===== ATTENTION
C:\Users\usa\AppData\Local\Oblivion\ArmA 2\maoe.dll
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin -> C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
Hosts:
EmptyTemp:
CMD: ipconfig /flushdns

    • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post me the log

Summary of the logs I need from you in your next post:
  • ADWCleaner log
  • Fixlog.txt


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 21868
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Potential Bot infection - Windows 7 can't boot

Unread postby Davvy » August 5th, 2015, 7:27 pm

AdwCleaner Log posted below after cleaning. Question: When I uninstalled the Java 7 Update 25 I noticed there was a JavaFX 2.1.0 program in the list. Is this safe to leave? The PC belongs to my son, he plays quite a few games on it, I'm not sure if it's something one of those games installed and needs to run.

# AdwCleaner v4.208 - Logfile created 05/08/2015 at 16:05:07
# Updated 09/07/2015 by Xplode
# Database : 2015-08-01.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : usa - ALEX-I7PC
# Running from : C:\Users\usa\Desktop\New Malware Scans\adwcleaner_4.208.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****

File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo.xml
File Deleted : C:\Users\usa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_plarium.com_0.localstorage
File Deleted : C:\Users\usa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_plarium.com_0.localstorage-journal
File Deleted : C:\Users\usa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
File Deleted : C:\Users\usa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
File Deleted : C:\Users\usa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage
File Deleted : C:\Users\usa\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal

***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17909


-\\ Mozilla Firefox v36.0.4 (x86 en-US)


-\\ Google Chrome v44.0.2403.125

[C:\Users\usa\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Homepage] :
[C:\Users\usa\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Startup_URLs] : F0E50D296E56069548EC564ADA1866041F9E08F5EEBB9B9FA279518FEF6ECE8E"},"software_reporter":{"prompt_reason":"F156790E45B1110C5DB07FE2BEFA3740E2954C010BA6819A1ABBB6C620199CE4","prompt_seed":"1D33A84AA8D8218B883AFD716F88E7521B0CAC9BEF6DA8F71487734CB3E5A3AC","prompt_version":"74E94DC901C005B3F2A97E05B9518CF061E9BFB5A16ABE8FFEE3827DF8AB765D"},"sync":{"remaining_rollback_tries":"870335FB3EFD5C2908544FF9956D65EE5399E41531F055FA3BE7735D649A4DF0"}},"super_mac":"C50918B254749A4D19F9713ADC15C348F457335D962D288141A4E9A1F629F32D"},"session":{"restore_on_startup":1,"startup_urls":["hxxp://search.conduit.com/?ctid=CT3320047&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SPB62E4C09-606D-4FAD-A5CF-FF91D0DBFDFE&SSPV=

-\\ Chromium v


*************************

AdwCleaner[R0].txt - [6950 bytes] - [05/08/2015 10:44:51]
AdwCleaner[R1].txt - [7027 bytes] - [05/08/2015 16:03:05]
AdwCleaner[S0].txt - [2694 bytes] - [05/08/2015 16:05:07]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2753 bytes] ##########
Davvy
Regular Member
 
Posts: 22
Joined: June 6th, 2012, 11:59 pm
Advertisement
Register to Remove

PreviousNext

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 56 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware