Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Refurbished Laptop (Autochk.exe:BAK:$DATA Executable ADS)

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Refurbished Laptop (Autochk.exe:BAK:$DATA Executable ADS)

Unread postby tentakool » December 2nd, 2013, 7:24 am

I bought a refurbished laptop for my mother. Windows updates weren't enabled and I only found out a month or two later when I checked.

So I scanned with Avast and it found some rootkit at Autochk.exe, Spybot found this too (I have attached a screenshot of the scan results). Malwarebytes Anti-Rootkit and Windows Defender Offline didn't seem to find anything, but I'm not sure.

Nothing noticeably wrong with the computer, though after scanning it has been repeatedly playing sound effects like either a disconnected external hardware or disallowed click/error.

Greatly appreciate any help. Thanks!

Here are DDS and Attach logs:

Code: Select all
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 11.0.9600.16428
Run by User at 11:28:53 on 2013-12-02
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.44.1033.18.3063.1712 [GMT 0:00]
.
AV: avast! Antivirus *Enabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: avast! Antivirus *Enabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\Hpservice.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
C:\Program Files\Intel\AMT\atchk.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\AEADISRV.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Windows\system32\BtwRSupportService.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\MyDrive Connect\MyDriveConnect.exe
C:\Program Files\Intel\AMT\UNS.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Hewlett-Packard\Shared\hpqToaster.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - 
TB: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [MyDriveConnect.exe] "c:\program files\mydrive connect\MyDriveConnect.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\QlbCtrl.exe /Start
mRun: [atchk] "c:\program files\intel\amt\atchk.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [20131121] c:\program files\avast software\avast\setup\emupdate\e3518447-4575-4e20-bfb1-343b059e178d.exe /check
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [SoundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe
mRun: [SDTray] "c:\program files\spybot - search & destroy 2\SDTray.exe"
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.5.13.0.cab
TCP: NameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{3496DA39-BFF1-49CF-8225-C6CD49860ADF} : DHCPNameServer = 194.168.4.100 194.168.8.100
TCP: Interfaces\{510BCD69-F960-446E-996B-960190D468BF} : DHCPNameServer = 192.168.1.4
TCP: Interfaces\{7B6720DC-E3A1-4780-895B-740FF1353CFF} : DHCPNameServer = 8.8.8.8 8.8.4.4
Notify: igfxcui - igfxdev.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-9-23 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-9-23 178304]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-9-23 774392]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswsp.sys [2013-9-23 403440]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-9-23 35656]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-9-23 70384]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-10-21 50344]
R2 BcmBtRSupport;Bluetooth Driver Management Service;c:\windows\system32\BtwRSupportService.exe [2013-10-28 1680088]
R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2011-5-13 26168]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files\spybot - search & destroy 2\SDFSSvc.exe [2013-12-1 3921880]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files\spybot - search & destroy 2\SDUpdSvc.exe [2013-12-1 1042272]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files\spybot - search & destroy 2\SDWSCSvc.exe [2013-12-1 171416]
R2 UNS;Intel(R) Active Management Technology User Notification Service;c:\program files\intel\amt\UNS.exe [2013-8-9 1464856]
R3 ATSwpWDF;AuthenTec TruePrint WBF Driver;c:\windows\system32\drivers\ATSwpWDF.sys [2012-10-18 971752]
R3 bcbtums;Bluetooth USB LD Filter;c:\windows\system32\drivers\bcbtums.sys [2013-10-28 175320]
R3 Com4QLBEx;Com4QLBEx;c:\program files\hewlett-packard\hp quick launch buttons\Com4QLBEx.exe [2013-8-9 227896]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]
R3 rismc32;RICOH Smart Card Reader;c:\windows\system32\drivers\rismc32.sys [2013-8-9 49152]
R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\drivers\smscirda.sys [2007-4-25 31232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 btwampfl;btwampfl;c:\windows\system32\drivers\btwampfl.sys [2013-10-28 144600]
S3 GTIPCI21;GTIPCI21;c:\windows\system32\drivers\gtipci21.sys [2006-9-14 88192]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\ieetwcollector.exe [2013-11-28 108032]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2013-11-28 14848]
S3 RICOH SmartCard Reader;RICOH SmartCard Reader;c:\windows\system32\drivers\rismc32.sys [2013-8-9 49152]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]
S3 TrufosAlt;TrufosAlt;c:\windows\system32\drivers\TrufosAlt.sys [2013-12-1 361912]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2013-11-28 49664]
S3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2013-11-28 27136]
S3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]
S3 VSTHWICH;VSTHWICH;c:\windows\system32\drivers\VSTICH3.SYS [2009-7-13 242176]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2013-11-28 1343400]
.
=============== Created Last 30 ================
.
2013-12-01 20:30:39	--------	d-----w-	c:\windows\Microsoft Antimalware
2013-12-01 17:01:06	105176	----a-w-	c:\windows\system32\drivers\MBAMSwissArmy.sys
2013-12-01 14:44:02	--------	d-----w-	c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-12-01 14:42:25	361912	----a-w-	c:\windows\system32\drivers\TrufosAlt.sys
2013-12-01 14:41:38	--------	d-----w-	c:\users\user\appdata\roaming\Malwarebytes
2013-12-01 14:41:30	--------	d-----w-	c:\programdata\Malwarebytes
2013-12-01 14:41:29	22856	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-12-01 14:41:29	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2013-12-01 14:40:52	75992	----a-w-	c:\windows\system32\drivers\mbamchameleon.sys
2013-12-01 14:40:06	18968	----a-w-	c:\windows\system32\sdnclean.exe
2013-12-01 14:40:04	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2013-12-01 14:39:58	--------	d-----w-	c:\program files\Spybot - Search & Destroy 2
2013-12-01 14:39:46	--------	d-----w-	c:\users\user\appdata\local\Programs
2013-11-29 14:38:25	--------	d-----w-	c:\program files\MyDrive Connect
2013-11-29 11:48:07	7772552	----a-w-	c:\programdata\microsoft\windows defender\definition updates\{9ca70617-e8bf-48ef-8f65-6d707b532b12}\mpengine.dll
2013-11-28 21:05:30	--------	d-----w-	c:\users\user\appdata\local\WindowsUpdate
2013-11-28 21:02:51	76288	----a-w-	c:\windows\system32\drivers\usbccgp.sys
2013-11-28 21:02:51	6016	----a-w-	c:\windows\system32\drivers\usbd.sys
2013-11-28 21:02:51	43008	----a-w-	c:\windows\system32\drivers\usbehci.sys
2013-11-28 21:02:51	284672	----a-w-	c:\windows\system32\drivers\usbport.sys
2013-11-28 21:02:51	258560	----a-w-	c:\windows\system32\drivers\usbhub.sys
2013-11-28 21:02:51	24064	----a-w-	c:\windows\system32\drivers\usbuhci.sys
2013-11-28 21:02:51	20480	----a-w-	c:\windows\system32\drivers\usbohci.sys
2013-11-28 20:52:40	1230336	----a-w-	c:\windows\system32\WindowsCodecs.dll
2013-11-28 20:43:15	--------	d-----w-	c:\windows\Migration
2013-11-28 20:33:50	--------	d-----w-	c:\program files\Analog Devices
2013-11-28 20:33:38	--------	d-----w-	c:\program files\CONEXANT
2013-11-28 20:28:27	--------	d-----w-	c:\windows\system32\MRT
2013-11-28 20:27:52	514560	----a-w-	c:\windows\system32\qdvd.dll
2013-11-28 20:24:13	398336	----a-w-	c:\windows\system32\TVWizudlg.exe
2013-11-28 20:24:13	140288	----a-w-	c:\windows\system32\igfxtvcx.dll
2013-11-28 20:24:13	--------	d-----w-	c:\windows\system32\Lang
2013-11-28 20:18:59	--------	d-----w-	c:\windows\system32\Wat
2013-11-28 19:26:57	66560	----a-w-	c:\windows\system32\drivers\WUDFPf.sys
2013-11-28 19:26:57	155136	----a-w-	c:\windows\system32\drivers\WUDFRd.sys
2013-11-28 19:26:56	73216	----a-w-	c:\windows\system32\WUDFSvc.dll
2013-11-28 19:26:56	172032	----a-w-	c:\windows\system32\WUDFPlatform.dll
2013-11-28 19:26:54	613888	----a-w-	c:\windows\system32\WUDFx.dll
2013-11-28 19:26:54	38912	----a-w-	c:\windows\system32\WUDFCoinstaller.dll
2013-11-28 19:26:54	196608	----a-w-	c:\windows\system32\WUDFHost.exe
2013-11-28 19:25:48	19824	----a-w-	c:\windows\system32\drivers\fs_rec.sys
2013-11-28 19:25:47	5120	----a-w-	c:\windows\system32\wmi.dll
2013-11-28 19:25:47	159232	----a-w-	c:\windows\system32\imagehlp.dll
2013-11-28 19:23:08	293376	----a-w-	c:\windows\system32\browserchoice.exe
2013-11-28 19:16:58	1002008	----a-w-	c:\windows\system32\igxpun.exe
2013-11-28 19:16:58	--------	d-----w-	c:\windows\system32\x64
2013-11-28 19:06:28	49152	----a-w-	c:\windows\system32\taskhost.exe
2013-11-28 19:03:31	1505280	----a-w-	c:\windows\system32\d3d11.dll
2013-11-28 18:59:12	530432	----a-w-	c:\windows\system32\comctl32.dll
2013-11-28 18:57:38	196328	----a-w-	c:\windows\system32\drivers\fvevol.sys
2013-11-28 18:56:58	478720	----a-w-	c:\windows\system32\timedate.cpl
2013-11-28 18:55:54	67072	----a-w-	c:\windows\system32\packager.dll
2013-11-28 18:54:53	542208	----a-w-	c:\windows\system32\kerberos.dll
2013-11-28 18:53:58	133056	----a-w-	c:\windows\system32\drivers\ataport.sys
2013-11-28 18:43:24	47104	----a-w-	c:\windows\system32\appinfo.dll
2013-11-28 18:43:24	101720	----a-w-	c:\windows\system32\consent.exe
2013-11-28 18:41:15	7772552	----a-w-	c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2013-11-28 18:35:32	826880	----a-w-	c:\windows\system32\rdpcore.dll
2013-11-28 18:35:32	24576	----a-w-	c:\windows\system32\drivers\tdtcp.sys
2013-11-28 18:29:20	2422272	----a-w-	c:\windows\system32\wucltux.dll
2013-11-28 18:29:08	88576	----a-w-	c:\windows\system32\wudriver.dll
2013-11-28 18:28:58	33792	----a-w-	c:\windows\system32\wuapp.exe
2013-11-28 18:28:58	171904	----a-w-	c:\windows\system32\wuwebv.dll
.
==================== Find3M  ====================
.
2013-11-28 19:04:54	9728	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-11-11 05:50:18	230048	------w-	c:\windows\system32\MpSigStub.exe
2013-10-28 18:02:16	1680088	----a-w-	c:\windows\system32\BtwRSupportService.exe
2013-10-28 18:02:14	60120	----a-w-	c:\windows\system32\btwdi.dll
2013-10-28 18:02:14	175320	----a-w-	c:\windows\system32\drivers\bcbtums.sys
2013-10-28 18:02:14	1640152	----a-w-	c:\windows\system32\BcmBtRSupport.dll
2013-10-28 18:02:14	144600	----a-w-	c:\windows\system32\drivers\btwampfl.sys
2013-10-21 19:41:12	79720	----a-w-	c:\windows\system32\drivers\aswRdr2.sys
2013-10-21 19:41:12	774392	----a-w-	c:\windows\system32\drivers\aswSnx.sys
2013-10-21 19:41:12	70384	----a-w-	c:\windows\system32\drivers\aswMonFlt.sys
2013-10-21 19:41:12	49944	----a-w-	c:\windows\system32\drivers\aswRvrt.sys
2013-10-21 19:41:12	43152	----a-w-	c:\windows\avastSS.scr
2013-10-21 19:41:12	178304	----a-w-	c:\windows\system32\drivers\aswVmm.sys
2013-10-12 02:03:08	656896	----a-w-	c:\windows\system32\nshwfp.dll
2013-10-12 02:01:41	679424	----a-w-	c:\windows\system32\IKEEXT.DLL
2013-10-12 02:01:25	216576	----a-w-	c:\windows\system32\FWPUCLNT.DLL
2013-10-05 19:57:25	1168384	----a-w-	c:\windows\system32\crypt32.dll
2013-10-04 01:58:50	152576	----a-w-	c:\windows\system32\SmartcardCredentialProvider.dll
2013-10-04 01:56:25	168960	----a-w-	c:\windows\system32\credui.dll
2013-10-04 01:56:00	1796096	----a-w-	c:\windows\system32\authui.dll
2013-10-03 01:58:07	305152	----a-w-	c:\windows\system32\gdi32.dll
2013-09-25 02:01:08	136640	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2013-09-25 02:01:06	67520	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2013-09-25 01:57:46	99840	----a-w-	c:\windows\system32\sspicli.dll
2013-09-25 01:57:26	22016	----a-w-	c:\windows\system32\secur32.dll
2013-09-25 01:57:24	247808	----a-w-	c:\windows\system32\schannel.dll
2013-09-25 01:56:42	220160	----a-w-	c:\windows\system32\ncrypt.dll
2013-09-25 01:56:02	1038848	----a-w-	c:\windows\system32\lsasrv.dll
2013-09-25 00:49:20	22016	----a-w-	c:\windows\system32\lsass.exe
2013-09-25 00:49:18	15872	----a-w-	c:\windows\system32\sspisrv.dll
2013-09-14 00:48:58	338944	----a-w-	c:\windows\system32\drivers\afd.sys
2013-09-11 21:21:54	863344	----a-w-	c:\windows\system32\msvcr110_clr0400.dll
2013-09-11 21:21:54	501872	----a-w-	c:\windows\system32\msvcp110_clr0400.dll
2013-09-11 21:21:54	28776	----a-w-	c:\windows\system32\aspnet_counters.dll
2013-09-11 21:21:54	18000	----a-w-	c:\windows\system32\msvcr100_clr0400.dll
2013-09-08 02:07:12	1294272	----a-w-	c:\windows\system32\drivers\tcpip.sys
2013-09-08 02:03:58	231424	----a-w-	c:\windows\system32\mswsock.dll
.
============= FINISH: 11:29:28.73 ===============


Code: Select all
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium 
Boot Device: \Device\HarddiskVolume1
Install Date: 18/04/2013 05:25:41
System Uptime: 02/12/2013 11:09:56 (0 hours ago)
.
Motherboard: Hewlett-Packard |  | 30BE
Processor: Intel(R) Core(TM)2 Duo CPU     T7300  @ 2.00GHz | U10 | 1580/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 75 GiB total, 46.547 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP24: 28/11/2013 18:28:40 - Windows Update
RP25: 28/11/2013 18:40:30 - Windows Update
RP26: 28/11/2013 19:01:36 - Windows Update
RP27: 28/11/2013 20:27:55 - Windows Update
RP28: 28/11/2013 20:40:34 - Windows Update
RP29: 28/11/2013 20:53:41 - Windows Update
RP30: 28/11/2013 21:02:54 - Windows Update
RP31: 29/11/2013 11:15:29 - Windows Update
RP32: 29/11/2013 11:42:46 - Windows Update
RP33: 29/11/2013 12:07:08 - Windows Update
.
==== Installed Programs ======================
.
Adobe Flash Player 10 Plugin
Adobe Reader X (10.1.3)
avast! Free Antivirus
Google Chrome
Google Update Helper
HP Quick Launch Buttons
Intel(R) Active Management Technology Device Software
Intel(R) Graphics Media Accelerator Driver
Intel(R) Management Engine Interface
Intel(R) TV Wizard
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 4.5.1
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
MyDriveConnect 3.3.0.1318
QLBCASL
RICOH Media Driver
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760415) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760585) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2760591) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2827326) 32-Bit Edition 
Security Update for Microsoft Office 2007 suites (KB2827329) 32-Bit Edition 
Security Update for Microsoft Office Excel 2007 (KB2827324) 32-Bit Edition 
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition 
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2827330) 32-Bit Edition 
Soft Data Fax Modem with SmartCP
Spybot - Search & Destroy
Synaptics Pointing Device Driver
System Requirements Lab for Intel
Texas Instruments PCIxx21/x515/xx12 drivers.
TIPCI
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Visual Studio C++ 10.0 Runtime
VLC media player 1.1.11
.
==== Event Viewer Messages From Past Week ========
.
28/11/2013 20:25:32, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Windows 7 (KB2703157).
28/11/2013 20:25:31, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Internet Explorer 8 Compatibility View List for Windows 7 (KB2598845).
28/11/2013 20:20:24, Error: Service Control Manager [7023]  - The Windows Update service terminated with the following error:  %%-2147467243
28/11/2013 20:20:07, Error: Service Control Manager [7000]  - The Windows Search service failed to start due to the following error:  The process cannot access the file because it is being used by another process.
28/11/2013 20:20:07, Error: Microsoft-Windows-WMPNSS-Service [14324]  - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(WindowsMediaPlayer) encountered error '0x80004002'. If possible, reinstall Windows Media Player.
28/11/2013 20:20:03, Error: Service Control Manager [7023]  - The Windows Defender service terminated with the following error:  The process cannot access the file because it is being used by another process.
28/11/2013 20:20:00, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect.
28/11/2013 20:20:00, Error: Service Control Manager [7000]  - The Google Update Service (gupdate) service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
28/11/2013 20:19:59, Error: Service Control Manager [7023]  - The Windows Font Cache Service service terminated with the following error:  The process cannot access the file because it is being used by another process.
28/11/2013 20:19:50, Error: Service Control Manager [7031]  - The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
28/11/2013 19:34:06, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x8024200d: Update for Windows 7 (KB2834140).
28/11/2013 18:29:57, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x8024d00e: Windows Update Core.
02/12/2013 11:10:36, Error: Microsoft-Windows-Smartcard-Server [602]  - WDM Reader driver initialization cannot open reader device:  The system cannot find the path specified.
01/12/2013 17:33:17, Error: mbamchameleon [61440]  - 
01/12/2013 17:33:07, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.
.
==== End Of File ===========================
You do not have the required permissions to view the files attached to this post.
tentakool
Active Member
 
Posts: 12
Joined: December 2nd, 2013, 7:13 am
Advertisement
Register to Remove

Re: Refurbished Laptop (Autochk.exe:BAK:$DATA Executable ADS

Unread postby askey127 » December 3rd, 2013, 11:40 am

Hi tentakool,
The Adobe programs need to be updated. We will remove the old ones, and replace them later.
------------------------------------------------
Remove Programs Using Control Panel
From Start, Control Panel, click on Programs and Features
Click each Entry, as follows, one by one, if it exists, choose Uninstall, and give permission to Continue:

Adobe Flash Player 10 Plugin
Adobe Reader X (10.1.3)
Google Update Helper

Take extra care in answering questions posed by any Uninstaller.
-----------------------------------------------------------
REBOOT (RESTART) Your Machine
-----------------------------------------------------------
Download and Run Farbar Scan Tool
Please download Farbar Recovery Scan Tool and save it to your Desktop.
Note: You need to run the version compatible with your system. (Your system appears to be 32-bit).
  • Right click to run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste the log back here.
  • The first time the tool is run, it generates another log (Addition.txt - also located in the same directory as FRST.exe(desktop). Please also paste that along with the FRST.txt into your reply.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Refurbished Laptop (Autochk.exe:BAK:$DATA Executable ADS

Unread postby tentakool » December 3rd, 2013, 12:54 pm

Thanks for responding :)

I uninstalled the Adobe stuff, but couldn't find the Google Update Helper; only Google Chrome came up. Google seems to say I need to uninstall all Google applications - I didn't check this before running the scanner, I'm afraid.

Logs:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 03-12-2013 01
Ran by User (administrator) on USER-PC on 03-12-2013 16:36:24
Running from C:\Users\User\Desktop
Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Andrea Electronics Corporation) C:\Windows\System32\AEADISRV.EXE
(Intel Corporation) C:\Program Files\Intel\AMT\atchksrv.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
(Intel Corporation) C:\Program Files\Intel\AMT\LMS.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
(Intel Corporation) C:\Program Files\Intel\AMT\atchk.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
( Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Analog Devices, Inc.) C:\Program Files\Analog Devices\Core\smax4pnp.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
(Intel Corporation) C:\Program Files\Intel\AMT\UNS.exe
(Conexant Systems, Inc.) C:\Windows\System32\drivers\XAudio.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
(TomTom) C:\Program Files\MyDrive Connect\MyDriveConnect.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [QlbCtrl.exe] - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe [287800 2009-11-11] ( Hewlett-Packard Development Company, L.P.)
HKLM\...\Run: [atchk] - C:\Program Files\Intel\AMT\atchk.exe [408088 2008-05-25] (Intel Corporation)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1791272 2010-06-04] (Synaptics Incorporated)
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\avastui.exe [3567800 2013-10-22] (AVAST Software)
HKLM\...\Run: [20131121] - C:\Program Files\AVAST Software\Avast\Setup\emupdate\e3518447-4575-4e20-bfb1-343b059e178d.exe [180184 2013-11-23] (AVAST Software)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [SoundMAXPnP] - C:\Program Files\Analog Devices\Core\smax4pnp.exe [1183744 2007-02-21] (Analog Devices, Inc.)
HKLM\...\Run: [SDTray] - C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
Winlogon\Notify\ScCertProp: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [MyDriveConnect.exe] - C:\Program Files\MyDrive Connect\MyDriveConnect.exe [473496 2013-10-21] (TomTom)
BootExecute: autocheck autochk * sdnclean.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x9E27A334ED3BCE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
Toolbar: HKLM - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.co ... 5.13.0.cab
Tcpip\Parameters: [DhcpNameServer] 194.168.4.100 194.168.8.100

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.57\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java(TM) Platform SE 6 U22) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32.dll No File
CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (avast! Online Security) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0
CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0

========================== Services (Whitelisted) =================

R2 atchksrv; C:\Program Files\Intel\AMT\atchksrv.exe [182808 2008-05-25] (Intel Corporation)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-10-21] (AVAST Software)
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [1680088 2013-10-28] (Broadcom Corporation.)
R2 SDScannerService; C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
R2 UNS; C:\Program Files\Intel\AMT\UNS.exe [1464856 2008-05-25] (Intel Corporation)

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [35656 2013-10-21] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [70384 2013-10-21] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [79720 2013-10-21] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [49944 2013-10-21] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [774392 2013-10-21] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [403440 2013-11-08] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [57672 2013-10-21] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [178304 2013-10-21] ()
R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [175320 2013-10-28] (Broadcom Corporation.)
S3 btwampfl; C:\Windows\System32\DRIVERS\btwampfl.sys [144600 2013-10-28] (Broadcom Corporation.)
R3 e1express; C:\Windows\System32\DRIVERS\e1e6232.sys [219352 2009-06-05] (Intel Corporation)
S3 GTIPCI21; C:\Windows\System32\DRIVERS\gtipci21.sys [88192 2006-09-14] (Texas Instruments)
S3 RICOH SmartCard Reader; C:\Windows\System32\DRIVERS\rismc32.sys [49152 2009-07-20] (RICOH Company, Ltd.)
R3 rismc32; C:\Windows\System32\DRIVERS\rismc32.sys [49152 2009-07-20] (RICOH Company, Ltd.)
S3 STAC97; C:\Windows\System32\drivers\STAC97.sys [273168 2005-03-10] (SigmaTel, Inc.)
S3 TrufosAlt; C:\Windows\System32\DRIVERS\TrufosAlt.sys [361912 2013-12-01] (BitDefender S.R.L.)
S3 VSTHWICH; C:\Windows\System32\DRIVERS\VSTICH3.SYS [242176 2009-07-13] (Conexant Systems, Inc.)
S3 w29n51; C:\Windows\System32\DRIVERS\w29n51.sys [2216064 2009-11-11] (Intel® Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-03 16:36 - 2013-12-03 16:36 - 00008773 _____ C:\Users\User\Desktop\FRST.txt
2013-12-03 16:36 - 2013-12-03 16:36 - 00000000 ____D C:\FRST
2013-12-03 16:30 - 2013-12-03 16:30 - 01092515 _____ (Farbar) C:\Users\User\Desktop\FRST.exe
2013-12-02 11:30 - 2013-12-02 11:30 - 00007758 _____ C:\Users\User\Documents\Attach.txt
2013-12-02 11:29 - 2013-12-02 11:29 - 00017683 _____ C:\Users\User\Documents\DDS.txt
2013-12-01 20:30 - 2013-12-01 21:02 - 00000000 ____D C:\Windows\Microsoft Antimalware
2013-12-01 17:01 - 2013-12-01 17:01 - 00105176 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-12-01 14:44 - 2013-12-01 17:33 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-01 14:42 - 2013-12-01 14:42 - 00361912 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\TrufosAlt.sys
2013-12-01 14:41 - 2013-12-01 14:41 - 00000000 ____D C:\Users\User\AppData\Roaming\Malwarebytes
2013-12-01 14:41 - 2013-12-01 14:41 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-01 14:41 - 2013-12-01 14:41 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-12-01 14:41 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-12-01 14:40 - 2013-12-01 17:00 - 00075992 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-12-01 14:40 - 2013-12-01 14:43 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-12-01 14:40 - 2013-09-20 10:49 - 00018968 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean.exe
2013-12-01 14:39 - 2013-12-01 14:40 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2013-11-29 14:38 - 2013-11-29 14:38 - 00000000 ____D C:\Program Files\MyDrive Connect
2013-11-29 12:30 - 2013-11-29 12:30 - 00237114 _____ C:\Users\User\AppData\Local\census.cache
2013-11-29 12:30 - 2013-11-29 12:30 - 00098322 _____ C:\Users\User\AppData\Local\ars.cache
2013-11-29 12:09 - 2013-11-29 12:09 - 00000036 _____ C:\Users\User\AppData\Local\housecall.guid.cache
2013-11-29 11:19 - 2013-11-29 11:19 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2013-11-29 11:19 - 2013-11-29 11:19 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2013-11-28 21:05 - 2013-11-28 21:05 - 00000000 ____D C:\Users\User\AppData\Local\WindowsUpdate
2013-11-28 21:02 - 2013-09-04 01:15 - 00258560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2013-11-28 21:02 - 2013-09-04 01:14 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2013-11-28 21:02 - 2013-09-04 01:14 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2013-11-28 21:02 - 2013-09-04 01:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2013-11-28 21:02 - 2013-09-04 01:14 - 00024064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2013-11-28 21:02 - 2013-09-04 01:14 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2013-11-28 21:02 - 2013-09-04 01:14 - 00006016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2013-11-28 20:53 - 2012-07-06 19:23 - 00393728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2013-11-28 20:53 - 2012-02-11 05:37 - 00317440 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2013-11-28 20:53 - 2011-04-28 03:15 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\BTHUSB.SYS
2013-11-28 20:53 - 2011-03-11 05:39 - 00148864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2013-11-28 20:53 - 2011-03-11 05:39 - 00143744 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys
2013-11-28 20:53 - 2011-03-11 05:39 - 00117120 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys
2013-11-28 20:53 - 2011-03-11 05:38 - 00332160 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys
2013-11-28 20:53 - 2011-03-11 05:38 - 00080256 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdsata.sys
2013-11-28 20:53 - 2011-03-11 05:38 - 00022400 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdxata.sys
2013-11-28 20:53 - 2011-03-11 05:33 - 01699328 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2013-11-28 20:53 - 2011-03-11 05:31 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\fsutil.exe
2013-11-28 20:53 - 2011-03-11 04:01 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2013-11-28 20:53 - 2011-02-25 05:30 - 02616320 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2013-11-28 20:52 - 2013-04-17 07:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-11-28 20:34 - 2013-11-28 20:34 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf
2013-11-28 20:34 - 2012-08-23 14:48 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2013-11-28 20:34 - 2012-08-23 14:44 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2013-11-28 20:34 - 2012-08-23 14:41 - 00027136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbGD.sys
2013-11-28 20:34 - 2012-08-23 14:40 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2013-11-28 20:34 - 2012-08-23 14:10 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2013-11-28 20:34 - 2012-08-23 14:10 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2013-11-28 20:34 - 2012-08-23 13:52 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2013-11-28 20:34 - 2012-08-23 13:47 - 00046592 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2013-11-28 20:34 - 2012-08-23 13:46 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2013-11-28 20:34 - 2012-08-23 13:32 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2013-11-28 20:34 - 2012-08-23 13:18 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2013-11-28 20:34 - 2012-08-23 11:40 - 00056320 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2013-11-28 20:34 - 2012-08-23 11:32 - 00317440 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2013-11-28 20:34 - 2012-08-23 11:15 - 00269312 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2013-11-28 20:34 - 2012-08-23 11:12 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\rdpendp_winip.dll
2013-11-28 20:34 - 2012-08-23 10:39 - 01048064 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2013-11-28 20:34 - 2012-08-23 10:08 - 02739712 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2013-11-28 20:34 - 2012-08-23 08:19 - 04916224 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2013-11-28 20:33 - 2013-11-28 20:33 - 00000000 ____D C:\Program Files\CONEXANT
2013-11-28 20:33 - 2013-11-28 20:33 - 00000000 ____D C:\Program Files\Analog Devices
2013-11-28 20:31 - 2013-11-28 20:31 - 17142784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-28 20:31 - 2013-11-28 20:31 - 11220992 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-28 20:31 - 2013-11-28 20:31 - 04240384 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-28 20:31 - 2013-11-28 20:31 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-28 20:31 - 2013-11-28 20:31 - 02166272 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-28 20:31 - 2013-11-28 20:31 - 01926656 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-28 20:31 - 2013-11-28 20:31 - 01818112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-28 20:31 - 2013-11-28 20:31 - 01156608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-28 20:31 - 2013-11-28 20:31 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-28 20:31 - 2013-11-28 20:31 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-28 20:31 - 2013-11-28 20:31 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-28 20:31 - 2013-11-28 20:31 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-28 20:31 - 2013-11-28 20:31 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-28 20:31 - 2013-11-28 20:31 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-28 20:31 - 2013-11-28 20:31 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-28 20:31 - 2013-11-28 20:31 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-28 20:31 - 2013-11-28 20:31 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-28 20:31 - 2013-11-28 20:31 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-28 20:31 - 2013-11-28 20:31 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-28 20:31 - 2013-11-28 20:31 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-28 20:31 - 2013-11-28 20:31 - 00244736 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-28 20:31 - 2013-11-28 20:31 - 00238288 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-28 20:31 - 2013-11-28 20:31 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-28 20:31 - 2013-11-28 20:31 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-28 20:31 - 2013-11-28 20:31 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-28 20:31 - 2013-11-28 20:31 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-28 20:31 - 2013-11-28 20:31 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-28 20:31 - 2013-11-28 20:31 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-28 20:31 - 2013-11-28 20:31 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-28 20:31 - 2013-11-28 20:31 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-28 20:31 - 2013-11-28 20:31 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-28 20:31 - 2013-11-28 20:31 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-28 20:31 - 2013-11-28 20:31 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-28 20:31 - 2013-11-28 20:31 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-28 20:31 - 2013-11-28 20:31 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-28 20:31 - 2013-11-28 20:31 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-28 20:31 - 2013-11-28 20:31 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-28 20:31 - 2013-11-28 20:31 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-28 20:31 - 2013-11-28 20:31 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-28 20:31 - 2013-11-28 20:31 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-28 20:31 - 2013-11-28 20:31 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-28 20:31 - 2013-11-28 20:31 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-28 20:31 - 2013-11-28 20:31 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-28 20:31 - 2013-11-28 20:31 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-28 20:31 - 2013-11-28 20:31 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-28 20:31 - 2013-11-28 20:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-28 20:31 - 2013-11-28 20:31 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-28 20:31 - 2013-11-28 20:31 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-28 20:31 - 2013-11-28 20:31 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-28 20:31 - 2013-11-28 20:31 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-28 20:31 - 2013-11-28 20:31 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-28 20:31 - 2013-11-28 20:31 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-28 20:31 - 2013-11-28 20:31 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-28 20:31 - 2013-11-28 20:31 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-28 20:31 - 2013-11-28 20:31 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-28 20:31 - 2013-11-28 20:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-28 20:30 - 2013-11-28 20:33 - 00007364 _____ C:\Windows\IE11_main.log
2013-11-28 20:28 - 2013-11-28 20:30 - 00000000 ____D C:\Windows\system32\MRT
2013-11-28 20:28 - 2013-11-07 15:50 - 80340640 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-28 20:27 - 2012-05-04 09:59 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2013-11-28 20:24 - 2013-11-28 20:24 - 00000000 ____D C:\Windows\system32\Lang
2013-11-28 20:24 - 2013-11-28 20:24 - 00000000 ____D C:\Users\User\AppData\Roaming\Adobe
2013-11-28 20:24 - 2009-09-23 11:50 - 00398336 _____ (Intel(R) Corporation) C:\Windows\system32\TVWizudlg.exe
2013-11-28 20:24 - 2009-09-23 11:49 - 00140288 _____ () C:\Windows\system32\igfxtvcx.dll
2013-11-28 20:24 - 2009-09-23 11:47 - 00121232 _____ C:\Windows\system32\IScrNB.bmp
2013-11-28 19:26 - 2012-07-26 03:21 - 00196608 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2013-11-28 19:26 - 2012-07-26 03:20 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2013-11-28 19:26 - 2012-07-26 03:20 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2013-11-28 19:26 - 2012-07-26 03:20 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2013-11-28 19:26 - 2012-07-26 03:20 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2013-11-28 19:26 - 2012-07-26 02:33 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2013-11-28 19:26 - 2012-07-26 02:32 - 00155136 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2013-11-28 19:26 - 2012-06-02 14:57 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2013-11-28 19:25 - 2012-03-01 05:46 - 00019824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys
2013-11-28 19:25 - 2012-03-01 05:33 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2013-11-28 19:25 - 2012-03-01 05:29 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\wmi.dll
2013-11-28 19:24 - 2013-11-28 19:25 - 00003253 _____ C:\Windows\IE9_main.log
2013-11-28 19:23 - 2010-02-11 07:10 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\browserchoice.exe
2013-11-28 19:16 - 2013-11-28 19:16 - 00000000 ____D C:\Windows\system32\x64
2013-11-28 19:16 - 2009-09-23 19:30 - 01002008 _____ (Intel Corporation) C:\Windows\system32\igxpun.exe
2013-11-28 19:06 - 2013-11-28 19:06 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2013-11-28 19:04 - 2013-11-28 19:04 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-11-28 19:04 - 2013-11-28 19:04 - 02284544 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-11-28 19:04 - 2013-11-28 19:04 - 01988096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-11-28 19:04 - 2013-11-28 19:04 - 01247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-11-28 19:04 - 2013-11-28 19:04 - 01158144 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-11-28 19:04 - 2013-11-28 19:04 - 01080832 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-11-28 19:04 - 2013-11-28 19:04 - 00906240 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-11-28 19:04 - 2013-11-28 19:04 - 00604160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-11-28 19:04 - 2013-11-28 19:04 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-11-28 19:04 - 2013-11-28 19:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-11-28 19:04 - 2013-11-28 19:04 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-11-28 19:04 - 2013-11-28 19:04 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-11-28 19:04 - 2013-11-28 19:04 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-11-28 19:04 - 2013-11-28 19:04 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-11-28 19:04 - 2013-11-28 19:04 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-11-28 19:04 - 2013-11-28 19:04 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-11-28 19:04 - 2013-11-28 19:04 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-11-28 19:04 - 2013-11-28 19:04 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-11-28 19:04 - 2013-11-28 19:04 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-11-28 19:04 - 2013-11-28 19:04 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-11-28 19:04 - 2013-11-28 19:04 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-11-28 19:04 - 2013-11-28 19:04 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-11-28 19:04 - 2013-11-28 19:04 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-11-28 19:04 - 2013-11-28 19:04 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-11-28 19:04 - 2013-11-28 19:04 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-11-28 19:03 - 2013-11-28 19:03 - 01505280 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-11-28 19:02 - 2013-11-28 19:08 - 00011742 _____ C:\Windows\IE10_main.log
2013-11-28 18:59 - 2013-07-04 11:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-11-28 18:58 - 2013-10-04 01:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-28 18:58 - 2013-10-04 01:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-28 18:58 - 2013-10-04 01:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-28 18:58 - 2013-09-14 00:48 - 00338944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-28 18:58 - 2013-09-08 02:07 - 01294272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-11-28 18:58 - 2013-09-08 02:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-11-28 18:58 - 2013-07-09 04:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-11-28 18:58 - 2013-07-09 04:50 - 00652800 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-11-28 18:58 - 2013-07-03 03:36 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-11-28 18:58 - 2013-07-03 03:36 - 00025728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-11-28 18:58 - 2013-04-12 13:45 - 01211752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2013-11-28 18:58 - 2013-02-12 03:32 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023x.sys
2013-11-28 18:58 - 2013-02-12 03:32 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2013-11-28 18:58 - 2012-11-22 04:45 - 00626688 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2013-11-28 18:58 - 2012-11-02 05:11 - 00376832 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2013-11-28 18:58 - 2012-08-22 17:16 - 00712048 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2013-11-28 18:58 - 2012-07-04 19:45 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rndismpx.sys
2013-11-28 18:58 - 2012-07-04 19:45 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys
2013-11-28 18:58 - 2011-06-16 04:33 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\xmllite.dll
2013-11-28 18:58 - 2011-04-29 02:46 - 00311808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2013-11-28 18:58 - 2011-04-29 02:46 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2013-11-28 18:58 - 2011-04-29 02:46 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2013-11-28 18:58 - 2011-02-18 05:39 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\prevhost.exe
2013-11-28 18:57 - 2013-09-25 02:01 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-28 18:57 - 2013-09-25 02:01 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-28 18:57 - 2013-09-25 01:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-28 18:57 - 2013-09-25 01:57 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-28 18:57 - 2013-09-25 01:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-28 18:57 - 2013-09-25 01:56 - 01038848 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-28 18:57 - 2013-09-25 01:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-28 18:57 - 2013-09-25 00:49 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-28 18:57 - 2013-09-25 00:49 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-28 18:57 - 2013-07-04 12:16 - 00369848 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2013-11-28 18:57 - 2013-01-24 04:47 - 00196328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2013-11-28 18:57 - 2012-08-21 20:12 - 00245760 _____ (Microsoft Corporation) C:\Windows\system32\OxpsConverter.exe
2013-11-28 18:57 - 2011-08-17 04:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\psisdecd.dll
2013-11-28 18:57 - 2011-08-17 04:19 - 00075776 _____ (Microsoft Corporation) C:\Windows\system32\psisrndr.ax
2013-11-28 18:57 - 2011-03-03 05:38 - 00270336 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2013-11-28 18:57 - 2011-03-03 05:38 - 00132608 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2013-11-28 18:57 - 2011-03-03 05:36 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\dnscacheugc.exe
2013-11-28 18:56 - 2013-08-29 01:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-11-28 18:56 - 2013-08-29 01:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-11-28 18:56 - 2013-08-29 01:50 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-11-28 18:56 - 2013-08-29 01:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-11-28 18:56 - 2013-08-29 01:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-11-28 18:56 - 2013-08-28 00:57 - 00434688 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-11-28 18:56 - 2013-08-01 11:03 - 00729024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-11-28 18:56 - 2013-07-20 10:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-11-28 18:56 - 2013-06-06 04:52 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-11-28 18:56 - 2013-06-06 04:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-11-28 18:56 - 2013-06-06 04:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-11-28 18:56 - 2013-06-06 03:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-11-28 18:56 - 2013-06-06 03:01 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-11-28 18:56 - 2013-05-13 03:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2013-11-28 18:56 - 2013-05-13 03:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2013-11-28 18:56 - 2013-05-10 03:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2013-11-28 18:56 - 2013-04-26 04:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-11-28 18:56 - 2013-04-10 05:18 - 00218984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2013-11-28 18:56 - 2013-03-19 04:53 - 00186368 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2013-11-28 18:56 - 2013-03-19 04:48 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-11-28 18:56 - 2013-03-19 03:33 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2013-11-28 18:56 - 2013-03-19 02:49 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-11-28 18:56 - 2012-11-01 04:47 - 01389568 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2013-11-28 18:56 - 2012-10-03 16:42 - 00242176 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2013-11-28 18:56 - 2012-10-03 16:42 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll
2013-11-28 18:56 - 2012-10-03 16:42 - 00156672 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2013-11-28 18:56 - 2012-10-03 16:42 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2013-11-28 18:56 - 2012-10-03 16:42 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2013-11-28 18:56 - 2012-10-03 16:40 - 00499712 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2013-11-28 18:56 - 2012-10-03 15:21 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2013-11-28 18:56 - 2012-06-06 05:05 - 01236992 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2013-11-28 18:56 - 2012-04-28 03:17 - 00183808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2013-11-28 18:56 - 2011-12-30 05:27 - 00478720 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
2013-11-28 18:56 - 2011-08-27 04:26 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2013-11-28 18:56 - 2011-08-27 04:26 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\oleacc.dll
2013-11-28 18:56 - 2011-07-09 02:30 - 00223744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2013-11-28 18:56 - 2011-05-24 10:44 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\umpnpmgr.dll
2013-11-28 18:56 - 2011-05-03 04:30 - 00741376 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2013-11-28 18:56 - 2011-04-27 02:17 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2013-11-28 18:56 - 2011-04-27 02:17 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2013-11-28 18:56 - 2010-06-26 03:24 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2013-11-28 18:55 - 2013-07-25 08:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-11-28 18:55 - 2013-06-04 04:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-11-28 18:55 - 2013-01-03 05:04 - 00187752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2013-11-28 18:55 - 2012-11-29 23:17 - 00420064 _____ C:\Windows\system32\locale.nls
2013-11-28 18:55 - 2012-08-22 17:16 - 00240496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2013-11-28 18:55 - 2012-07-04 21:16 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll
2013-11-28 18:55 - 2012-07-04 21:14 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\browser.dll
2013-11-28 18:55 - 2012-07-04 21:14 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\browcli.dll
2013-11-28 18:55 - 2012-06-06 05:03 - 00805376 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2013-11-28 18:55 - 2012-05-05 07:46 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2013-11-28 18:55 - 2011-11-19 14:01 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2013-11-28 18:55 - 2011-10-26 04:32 - 01328128 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2013-11-28 18:55 - 2011-10-15 05:38 - 00534528 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2013-11-28 18:55 - 2011-05-04 04:34 - 01549312 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2013-11-28 18:55 - 2011-05-04 04:32 - 01401344 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2013-11-28 18:55 - 2011-05-04 04:32 - 00666624 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2013-11-28 18:55 - 2011-05-04 04:32 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2013-11-28 18:55 - 2011-05-04 04:32 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2013-11-28 18:55 - 2011-05-04 04:32 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2013-11-28 18:55 - 2011-05-04 04:28 - 00427520 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2013-11-28 18:55 - 2011-05-04 04:28 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2013-11-28 18:55 - 2011-05-04 04:28 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2013-11-28 18:55 - 2011-02-12 05:35 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOVER.exe
2013-11-28 18:55 - 2010-12-23 05:54 - 00850944 _____ (Microsoft Corporation) C:\Windows\system32\sbe.dll
2013-11-28 18:55 - 2010-12-23 05:54 - 00642048 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2013-11-28 18:55 - 2010-12-23 05:50 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\mpg2splt.ax
2013-11-28 18:54 - 2013-10-03 01:58 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-28 18:54 - 2013-08-28 01:04 - 02348544 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-11-28 18:54 - 2013-07-26 01:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-11-28 18:54 - 2013-07-26 01:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-11-28 18:54 - 2013-07-04 11:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-11-28 18:54 - 2013-07-04 11:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-11-28 18:54 - 2013-07-04 09:48 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-11-28 18:54 - 2012-12-07 12:26 - 00308736 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2013-11-28 18:54 - 2012-12-07 12:20 - 02576384 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2013-11-28 18:54 - 2012-12-07 10:46 - 00055296 _____ (Microsoft) C:\Windows\system32\cero.rs
2013-11-28 18:54 - 2012-12-07 10:46 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs
2013-11-28 18:54 - 2012-12-07 10:46 - 00046592 _____ (Microsoft) C:\Windows\system32\fpb.rs
2013-11-28 18:54 - 2012-12-07 10:46 - 00045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs
2013-11-28 18:54 - 2012-12-07 10:46 - 00044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs
2013-11-28 18:54 - 2012-12-07 10:46 - 00043520 _____ (Microsoft) C:\Windows\system32\csrr.rs
2013-11-28 18:54 - 2012-12-07 10:46 - 00040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs
2013-11-28 18:54 - 2012-12-07 10:46 - 00030720 _____ (Microsoft) C:\Windows\system32\usk.rs
2013-11-28 18:54 - 2012-12-07 10:46 - 00023552 _____ (Microsoft) C:\Windows\system32\oflc.rs
2013-11-28 18:54 - 2012-12-07 10:46 - 00021504 _____ (Microsoft) C:\Windows\system32\grb.rs
2013-11-28 18:54 - 2012-12-07 10:46 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs
2013-11-28 18:54 - 2012-12-07 10:46 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs
2013-11-28 18:54 - 2012-12-07 10:46 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi.rs
2013-11-28 18:54 - 2012-12-07 10:46 - 00015360 _____ (Microsoft) C:\Windows\system32\djctq.rs
2013-11-28 18:54 - 2012-09-25 22:47 - 00078336 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll
2013-11-28 18:54 - 2012-08-10 23:56 - 00542208 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2013-11-28 18:54 - 2012-05-01 04:44 - 00164352 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2013-11-28 18:54 - 2012-04-26 04:45 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2013-11-28 18:54 - 2012-04-26 04:45 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\rdpwsx.dll
2013-11-28 18:54 - 2012-04-26 04:41 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\rdrmemptylst.exe
2013-11-28 18:54 - 2012-04-07 11:26 - 02342400 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2013-11-28 18:54 - 2012-03-17 07:27 - 00056176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys
2013-11-28 18:54 - 2011-12-16 07:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\msvcrt.dll
2013-11-28 18:54 - 2011-11-17 05:35 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2013-11-28 18:54 - 2011-06-15 08:55 - 00319488 _____ (Microsoft Corporation) C:\Windows\system32\odbcjt32.dll
2013-11-28 18:54 - 2011-06-15 08:55 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\odbctrac.dll
2013-11-28 18:54 - 2011-06-15 08:55 - 00122880 _____ (Microsoft Corporation) C:\Windows\system32\odbccp32.dll
2013-11-28 18:54 - 2011-06-15 08:55 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\odbccu32.dll
2013-11-28 18:54 - 2011-06-15 08:55 - 00081920 _____ (Microsoft Corporation) C:\Windows\system32\odbccr32.dll
2013-11-28 18:53 - 2013-10-12 02:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-28 18:53 - 2013-10-12 02:01 - 00679424 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-28 18:53 - 2013-10-12 02:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-28 18:53 - 2013-10-05 19:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-28 18:53 - 2013-08-05 01:56 - 00133056 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2013-11-28 18:53 - 2013-08-02 01:50 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2013-11-28 18:53 - 2013-08-02 01:49 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2013-11-28 18:53 - 2013-08-02 01:49 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2013-11-28 18:53 - 2013-08-02 01:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-11-28 18:53 - 2013-08-02 01:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-11-28 18:53 - 2013-08-02 01:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-11-28 18:53 - 2013-08-02 01:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-11-28 18:53 - 2013-08-02 01:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-11-28 18:53 - 2013-08-02 01:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-11-28 18:53 - 2013-08-02 01:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-11-28 18:53 - 2013-08-02 01:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-11-28 18:53 - 2013-08-02 01:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-11-28 18:53 - 2013-08-02 01:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-11-28 18:53 - 2013-08-02 01:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-11-28 18:53 - 2013-08-02 01:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-11-28 18:53 - 2013-08-02 01:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-11-28 18:53 - 2013-08-02 01:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-11-28 18:53 - 2013-08-02 01:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-11-28 18:53 - 2013-08-02 01:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-11-28 18:53 - 2013-08-02 01:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-11-28 18:53 - 2013-08-02 01:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-11-28 18:53 - 2013-08-02 01:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-11-28 18:53 - 2013-08-02 01:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-11-28 18:53 - 2013-08-02 01:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-11-28 18:53 - 2013-08-02 01:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-11-28 18:53 - 2013-08-02 01:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-11-28 18:53 - 2013-08-02 01:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-11-28 18:53 - 2013-08-02 00:52 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2013-11-28 18:53 - 2013-08-02 00:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-11-28 18:53 - 2013-08-02 00:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-11-28 18:53 - 2013-08-02 00:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-11-28 18:53 - 2013-08-02 00:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-11-28 18:53 - 2013-07-19 01:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-11-28 18:53 - 2013-07-12 10:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-11-28 18:53 - 2013-07-09 04:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-11-28 18:53 - 2013-07-09 04:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-11-28 18:53 - 2013-06-25 22:56 - 00527064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-11-28 18:53 - 2013-06-15 03:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-11-28 18:53 - 2012-11-28 22:57 - 00047720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2013-11-28 18:53 - 2012-11-28 22:57 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2013-11-28 18:53 - 2012-11-28 22:57 - 00000003 _____ C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2013-11-28 18:53 - 2012-10-09 17:40 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2013-11-28 18:53 - 2012-10-09 17:40 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2013-11-28 18:53 - 2012-05-14 04:33 - 00769024 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2013-11-28 18:53 - 2012-01-04 08:58 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll
2013-11-28 18:53 - 2011-04-22 19:14 - 00027008 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2013-11-28 18:53 - 2011-04-09 05:56 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2013-11-28 18:53 - 2011-03-11 05:33 - 01164288 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll
2013-11-28 18:53 - 2011-03-11 05:33 - 01137664 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll
2013-11-28 18:53 - 2011-02-23 04:47 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2013-11-28 18:43 - 2013-02-27 05:05 - 00101720 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2013-11-28 18:43 - 2013-02-27 04:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2013-11-28 18:35 - 2012-02-17 05:34 - 00826880 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2013-11-28 18:35 - 2012-02-17 04:13 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys
2013-11-28 18:29 - 2012-06-02 22:19 - 01933848 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2013-11-28 18:29 - 2012-06-02 22:19 - 00577048 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2013-11-28 18:29 - 2012-06-02 22:19 - 00053784 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2013-11-28 18:29 - 2012-06-02 22:19 - 00045080 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2013-11-28 18:29 - 2012-06-02 22:19 - 00035864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2013-11-28 18:29 - 2012-06-02 22:12 - 02422272 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2013-11-28 18:29 - 2012-06-02 22:12 - 00088576 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2013-11-28 18:28 - 2012-06-02 15:19 - 00171904 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2013-11-28 18:28 - 2012-06-02 15:12 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe

==================== One Month Modified Files and Folders =======

2013-12-03 16:36 - 2013-12-03 16:36 - 00008773 _____ C:\Users\User\Desktop\FRST.txt
2013-12-03 16:36 - 2013-12-03 16:36 - 00000000 ____D C:\FRST
2013-12-03 16:35 - 2013-04-18 14:26 - 00000878 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-03 16:35 - 2009-07-14 04:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-03 16:35 - 2009-07-14 04:39 - 00034442 _____ C:\Windows\setupact.log
2013-12-03 16:34 - 2013-04-18 19:44 - 01934092 _____ C:\Windows\WindowsUpdate.log
2013-12-03 16:34 - 2010-11-20 21:48 - 00032014 _____ C:\Windows\PFRO.log
2013-12-03 16:30 - 2013-12-03 16:30 - 01092515 _____ (Farbar) C:\Users\User\Desktop\FRST.exe
2013-12-03 16:27 - 2013-04-18 14:25 - 00000000 ____D C:\ProgramData\Adobe
2013-12-03 16:27 - 2009-07-14 04:34 - 00026688 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-03 16:27 - 2009-07-14 04:34 - 00026688 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-03 16:26 - 2010-11-20 21:01 - 00781298 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-03 14:59 - 2013-04-18 14:26 - 00000882 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-02 11:30 - 2013-12-02 11:30 - 00007758 _____ C:\Users\User\Documents\Attach.txt
2013-12-02 11:29 - 2013-12-02 11:29 - 00017683 _____ C:\Users\User\Documents\DDS.txt
2013-12-02 09:32 - 2013-04-18 15:09 - 00074448 _____ C:\Users\User\AppData\Local\GDIPFONTCACHEV1.DAT
2013-12-01 21:02 - 2013-12-01 20:30 - 00000000 ____D C:\Windows\Microsoft Antimalware
2013-12-01 17:33 - 2013-12-01 14:44 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-01 17:01 - 2013-12-01 17:01 - 00105176 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2013-12-01 17:00 - 2013-12-01 14:40 - 00075992 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-12-01 16:28 - 2009-07-14 02:37 - 00000000 ____D C:\Windows\rescache
2013-12-01 14:43 - 2013-12-01 14:40 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2013-12-01 14:42 - 2013-12-01 14:42 - 00361912 _____ (BitDefender S.R.L.) C:\Windows\system32\Drivers\TrufosAlt.sys
2013-12-01 14:41 - 2013-12-01 14:41 - 00000000 ____D C:\Users\User\AppData\Roaming\Malwarebytes
2013-12-01 14:41 - 2013-12-01 14:41 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-01 14:41 - 2013-12-01 14:41 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-12-01 14:40 - 2013-12-01 14:39 - 00000000 ____D C:\Program Files\Spybot - Search & Destroy 2
2013-11-29 14:38 - 2013-11-29 14:38 - 00000000 ____D C:\Program Files\MyDrive Connect
2013-11-29 14:02 - 2009-07-14 04:33 - 00333696 _____ C:\Windows\system32\FNTCACHE.DAT
2013-11-29 12:30 - 2013-11-29 12:30 - 00237114 _____ C:\Users\User\AppData\Local\census.cache
2013-11-29 12:30 - 2013-11-29 12:30 - 00098322 _____ C:\Users\User\AppData\Local\ars.cache
2013-11-29 12:09 - 2013-11-29 12:09 - 00000036 _____ C:\Users\User\AppData\Local\housecall.guid.cache
2013-11-29 11:49 - 2013-10-21 16:02 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-29 11:47 - 2013-10-21 16:02 - 00000000 ____D C:\Program Files\Microsoft Office
2013-11-29 11:22 - 2009-07-14 02:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-11-29 11:19 - 2013-11-29 11:19 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2013-11-29 11:19 - 2013-11-29 11:19 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2013-11-29 11:19 - 2009-07-14 02:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2013-11-29 11:18 - 2013-10-21 16:05 - 00000000 ____D C:\Program Files\Microsoft Works
2013-11-28 21:05 - 2013-11-28 21:05 - 00000000 ____D C:\Users\User\AppData\Local\WindowsUpdate
2013-11-28 20:43 - 2013-10-21 16:05 - 00000000 ____D C:\Program Files\Microsoft.NET
2013-11-28 20:34 - 2013-11-28 20:34 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf
2013-11-28 20:33 - 2013-11-28 20:33 - 00000000 ____D C:\Program Files\CONEXANT
2013-11-28 20:33 - 2013-11-28 20:33 - 00000000 ____D C:\Program Files\Analog Devices
2013-11-28 20:33 - 2013-11-28 20:30 - 00007364 _____ C:\Windows\IE11_main.log
2013-11-28 20:31 - 2013-11-28 20:31 - 17142784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-11-28 20:31 - 2013-11-28 20:31 - 11220992 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-11-28 20:31 - 2013-11-28 20:31 - 04240384 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-11-28 20:31 - 2013-11-28 20:31 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-11-28 20:31 - 2013-11-28 20:31 - 02166272 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-11-28 20:31 - 2013-11-28 20:31 - 01926656 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-11-28 20:31 - 2013-11-28 20:31 - 01818112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-11-28 20:31 - 2013-11-28 20:31 - 01156608 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-11-28 20:31 - 2013-11-28 20:31 - 01051136 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-11-28 20:31 - 2013-11-28 20:31 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-11-28 20:31 - 2013-11-28 20:31 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-11-28 20:31 - 2013-11-28 20:31 - 00645120 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-11-28 20:31 - 2013-11-28 20:31 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-11-28 20:31 - 2013-11-28 20:31 - 00610304 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-11-28 20:31 - 2013-11-28 20:31 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-11-28 20:31 - 2013-11-28 20:31 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-11-28 20:31 - 2013-11-28 20:31 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-11-28 20:31 - 2013-11-28 20:31 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-11-28 20:31 - 2013-11-28 20:31 - 00367104 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-11-28 20:31 - 2013-11-28 20:31 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-11-28 20:31 - 2013-11-28 20:31 - 00244736 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-11-28 20:31 - 2013-11-28 20:31 - 00238288 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-11-28 20:31 - 2013-11-28 20:31 - 00233472 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-11-28 20:31 - 2013-11-28 20:31 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-11-28 20:31 - 2013-11-28 20:31 - 00208384 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-11-28 20:31 - 2013-11-28 20:31 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-11-28 20:31 - 2013-11-28 20:31 - 00182272 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-11-28 20:31 - 2013-11-28 20:31 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-11-28 20:31 - 2013-11-28 20:31 - 00151552 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-11-28 20:31 - 2013-11-28 20:31 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-11-28 20:31 - 2013-11-28 20:31 - 00127488 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-11-28 20:31 - 2013-11-28 20:31 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-11-28 20:31 - 2013-11-28 20:31 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-11-28 20:31 - 2013-11-28 20:31 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-11-28 20:31 - 2013-11-28 20:31 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-11-28 20:31 - 2013-11-28 20:31 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-11-28 20:31 - 2013-11-28 20:31 - 00083456 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-11-28 20:31 - 2013-11-28 20:31 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-11-28 20:31 - 2013-11-28 20:31 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-11-28 20:31 - 2013-11-28 20:31 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-11-28 20:31 - 2013-11-28 20:31 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-11-28 20:31 - 2013-11-28 20:31 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-11-28 20:31 - 2013-11-28 20:31 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-11-28 20:31 - 2013-11-28 20:31 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-11-28 20:31 - 2013-11-28 20:31 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-11-28 20:31 - 2013-11-28 20:31 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-11-28 20:31 - 2013-11-28 20:31 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-11-28 20:31 - 2013-11-28 20:31 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-11-28 20:31 - 2013-11-28 20:31 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-11-28 20:31 - 2013-11-28 20:31 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-11-28 20:31 - 2013-11-28 20:31 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-11-28 20:31 - 2013-11-28 20:31 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-11-28 20:31 - 2013-11-28 20:31 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-11-28 20:31 - 2013-11-28 20:31 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-11-28 20:31 - 2013-11-28 20:31 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-11-28 20:31 - 2013-11-28 20:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-11-28 20:30 - 2013-11-28 20:28 - 00000000 ____D C:\Windows\system32\MRT
2013-11-28 20:24 - 2013-11-28 20:24 - 00000000 ____D C:\Windows\system32\Lang
2013-11-28 20:24 - 2013-11-28 20:24 - 00000000 ____D C:\Users\User\AppData\Roaming\Adobe
2013-11-28 20:24 - 2013-08-09 14:05 - 00000000 ____D C:\Program Files\Intel
2013-11-28 20:19 - 2011-04-12 02:24 - 00000000 ____D C:\Program Files\Windows Journal
2013-11-28 20:19 - 2009-07-14 04:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-11-28 20:19 - 2009-07-14 02:37 - 00000000 ____D C:\Program Files\Common Files\System
2013-11-28 20:18 - 2009-07-14 02:37 - 00000000 ____D C:\Windows\system32\zh-TW
2013-11-28 20:18 - 2009-07-14 02:37 - 00000000 ____D C:\Windows\system32\zh-HK
2013-11-28 20:18 - 2009-07-14 02:37 - 00000000 ____D C:\Windows\system32\zh-CN
2013-11-28 20:18 - 2009-07-14 02:37 - 00000000 ____D C:\Windows\system32\tr-TR
2013-11-28 20:18 - 2009-07-14 02:37 - 00000000 ____D C:\Windows\system32\sv-SE
2013-11-28 20:18 - 2009-07-14 02:37 - 00000000 ____D C:\Windows\system32\ru-RU
2013-11-28 20:18 - 2009-07-14 02:37 - 00000000 ____D C:\Windows\system32\pt-PT
2013-11-28 20:18 - 2009-07-14 02:37 - 00000000 ____D C:\Windows\system32\pt-BR
2013-11-28 20:18 - 2009-07-14 02:37 - 00000000 ____D C:\Windows\system32\pl-PL
2013-11-28 20:18 - 2009-07-14 02:37 - 00000000 ____D C:\Windows\system32\nl-NL
2013-11-28 20:18 - 2009-07-14 02:37 - 00000000 ____D C:\Windows\system32\nb-NO
2013-11-28 20:18 - 2009-07-14 02:37 - 00000000 ____D C:\Windows\system32\ko-KR
2013-11-28 20:18 - 2009-07-14 02:37 - 00000000 ____D C:\Windows\system32\ja-JP
2013-11-28 20:18 - 2009-07-14 02:37 - 00000000 ____D C:\Windows\system32\it-IT
2013-11-28 20:18 - 2009-07-14 02:37 - 00000000 ____D C:\Windows\system32\hu-HU
2013-11-28 20:18 - 2009-07-14 02:37 - 00000000 ____D C:\Windows\system32\fr-FR
2013-11-28 20:18 - 2009-07-14 02:37 - 00000000 ____D C:\Windows\system32\fi-FI
2013-11-28 20:18 - 2009-07-14 02:37 - 00000000 ____D C:\Windows\system32\el-GR
2013-11-28 20:18 - 2009-07-14 02:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-11-28 19:25 - 2013-11-28 19:24 - 00003253 _____ C:\Windows\IE9_main.log
2013-11-28 19:16 - 2013-11-28 19:16 - 00000000 ____D C:\Windows\system32\x64
2013-11-28 19:08 - 2013-11-28 19:02 - 00011742 _____ C:\Windows\IE10_main.log
2013-11-28 19:06 - 2013-11-28 19:06 - 00049152 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2013-11-28 19:04 - 2013-11-28 19:04 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-11-28 19:04 - 2013-11-28 19:04 - 02284544 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-11-28 19:04 - 2013-11-28 19:04 - 01988096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-11-28 19:04 - 2013-11-28 19:04 - 01247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-11-28 19:04 - 2013-11-28 19:04 - 01158144 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-11-28 19:04 - 2013-11-28 19:04 - 01080832 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-11-28 19:04 - 2013-11-28 19:04 - 00906240 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-11-28 19:04 - 2013-11-28 19:04 - 00604160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-11-28 19:04 - 2013-11-28 19:04 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-11-28 19:04 - 2013-11-28 19:04 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-11-28 19:04 - 2013-11-28 19:04 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-11-28 19:04 - 2013-11-28 19:04 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-11-28 19:04 - 2013-11-28 19:04 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-11-28 19:04 - 2013-11-28 19:04 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-11-28 19:04 - 2013-11-28 19:04 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-11-28 19:04 - 2013-11-28 19:04 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-11-28 19:04 - 2013-11-28 19:04 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-11-28 19:04 - 2013-11-28 19:04 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-11-28 19:04 - 2013-11-28 19:04 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-11-28 19:04 - 2013-11-28 19:04 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-11-28 19:04 - 2013-11-28 19:04 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-11-28 19:04 - 2013-11-28 19:04 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-11-28 19:04 - 2013-11-28 19:04 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-11-28 19:04 - 2013-11-28 19:04 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-11-28 19:04 - 2013-11-28 19:04 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-11-28 19:03 - 2013-11-28 19:03 - 01505280 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-11-20 19:45 - 2009-07-14 04:53 - 00032642 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-11-11 05:50 - 2013-04-18 12:13 - 00230048 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-08 19:19 - 2013-09-23 16:34 - 00403440 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2013-11-07 15:50 - 2013-11-28 20:28 - 80340640 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

Some content of TEMP:
====================
C:\Users\User\AppData\Local\Temp\ose00000.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-01 15:56

==================== End Of Log ============================


:bounce:


Additional scan result of Farbar Recovery Scan Tool (x86) Version: 03-12-2013 01
Ran by User at 2013-12-03 16:37:33
Running from C:\Users\User\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

avast! Free Antivirus (Version: 9.0.2006)
Google Chrome (Version: 31.0.1650.57)
Google Update Helper (Version: 1.3.21.165)
HP Quick Launch Buttons (Version: 6.50.14.1)
Intel(R) Active Management Technology Device Software
Intel(R) Graphics Media Accelerator Driver (Version: 8.15.10.1930)
Intel(R) Management Engine Interface
Intel(R) TV Wizard
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Home and Student 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
MyDriveConnect 3.3.0.1318 (Version: 3.3.0.1318)
QLBCASL (Version: 6.40.17.2)
RICOH Media Driver (Version: 2.10.00.04)
Soft Data Fax Modem with SmartCP
Spybot - Search & Destroy (Version: 2.2.25)
Synaptics Pointing Device Driver (Version: 15.0.24.0)
System Requirements Lab for Intel (Version: 4.5.13.0)
Texas Instruments PCIxx21/x515/xx12 drivers. (Version: 2.00.0000)
TIPCI (Version: 2.00.0000)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Visual Studio C++ 10.0 Runtime (Version: 10.0.0)
VLC media player 1.1.11 (Version: 1.1.11)

==================== Restore Points =========================

28-11-2013 20:40:34 Windows Update
28-11-2013 20:53:41 Windows Update
28-11-2013 21:02:54 Windows Update
29-11-2013 11:15:29 Windows Update
29-11-2013 11:42:46 Windows Update
29-11-2013 12:07:08 Windows Update
03-12-2013 11:02:24 Windows Update
03-12-2013 16:26:21 Removed Adobe Reader X (10.1.3).

==================== Hosts content: ==========================

2009-07-14 02:04 - 2009-06-10 21:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {09B7F254-1CD4-4B23-8376-CDA3EF92BD19} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {30D093D7-985A-4B9E-AE9A-D47AB1492178} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-04-18] (Google Inc.)
Task: {4EB15C00-9321-4FB6-A846-79F06E7C51D4} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {6E2E5FC0-15D8-4105-A5FB-21130C7E952A} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-10-21] (AVAST Software)
Task: {7C0DCF66-C72B-49B1-B963-E8868EC9936D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {98816F9E-79D0-4370-86DE-72FCA41853AC} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2013-04-18] (Google Inc.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-12-01 14:40 - 2013-05-16 10:55 - 00113496 _____ () C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2013-12-01 14:40 - 2013-05-16 10:55 - 00416600 _____ () C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl
2013-10-21 19:41 - 2013-10-21 19:41 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-10-21 07:33 - 2013-10-21 07:33 - 00026520 _____ () C:\Program Files\MyDrive Connect\DeviceDetection.dll
2013-10-21 07:33 - 2013-10-21 07:33 - 00082840 _____ () C:\Program Files\MyDrive Connect\TomTomSupporterBase.dll
2013-10-21 07:33 - 2013-10-21 07:33 - 00337816 _____ () C:\Program Files\MyDrive Connect\TomTomSupporterProxy.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Windows\system32\autochk.exe:BAK

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/03/2013 04:35:38 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/03/2013 04:20:28 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/03/2013 02:40:26 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/03/2013 10:57:28 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/02/2013 07:59:05 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/02/2013 11:10:53 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/02/2013 09:59:32 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/02/2013 09:31:25 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/01/2013 09:04:17 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/01/2013 02:44:41 PM) (Source: Application Hang) (User: )
Description: The program SDWelcome.exe version 2.2.21.129 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: b30

Start Time: 01ceeea3459b9e5c

Termination Time: 16

Application Path: C:\Program Files\Spybot - Search & Destroy 2\SDWelcome.exe

Report Id: 18e6497a-5a97-11e3-9016-001e3777b54e


System errors:
=============
Error: (12/03/2013 04:35:14 PM) (Source: SCardSvr) (User: )
Description: The system cannot find the path specified.

Error: (12/03/2013 04:19:47 PM) (Source: SCardSvr) (User: )
Description: The system cannot find the path specified.

Error: (12/03/2013 04:19:36 PM) (Source: EventLog) (User: )
Description: The previous system shutdown at 15:33:30 on ‎03/‎12/‎2013 was unexpected.

Error: (12/03/2013 02:40:22 PM) (Source: Service Control Manager) (User: )
Description: The Spybot-S&D 2 Scanner Service service failed to start due to the following error:
%%1053

Error: (12/03/2013 02:40:22 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.

Error: (12/03/2013 02:39:41 PM) (Source: SCardSvr) (User: )
Description: The system cannot find the path specified.

Error: (12/03/2013 10:56:13 AM) (Source: SCardSvr) (User: )
Description: The system cannot find the path specified.

Error: (12/02/2013 07:58:45 PM) (Source: SCardSvr) (User: )
Description: The system cannot find the path specified.

Error: (12/02/2013 11:10:36 AM) (Source: SCardSvr) (User: )
Description: The system cannot find the path specified.

Error: (12/02/2013 09:59:12 AM) (Source: SCardSvr) (User: )
Description: The system cannot find the path specified.


Microsoft Office Sessions:
=========================

==================== Memory info ===========================

Percentage of memory in use: 26%
Total physical RAM: 3063.3 MB
Available physical RAM: 2240.48 MB
Total Pagefile: 6124.9 MB
Available Pagefile: 5198.84 MB
Total Virtual: 2047.88 MB
Available Virtual: 1884.72 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.53 GB) (Free:46.5 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 75 GB) (Disk ID: E9B92F41)
Partition 1: (Active) - (Size=75 GB) - (Type=07 NTFS)

==================== End Of Log ============================
tentakool
Active Member
 
Posts: 12
Joined: December 2nd, 2013, 7:13 am

Re: Refurbished Laptop (Autochk.exe:BAK:$DATA Executable ADS

Unread postby askey127 » December 3rd, 2013, 2:29 pm

tentakool,
Remove Obsolete plug-ins in Chrome
Start Chrome
Type the following into the browser website address box :
chrome://extensions/
Choose Uninstall ( choose Disable if Uninstall is not offered) for the following:
(Adobe Acrobat)
(Java Deployment Toolkit 6.0.220.4)
(Java(TM) Platform SE 6 U22)
(Shockwave Flash)
---------------------------------------------
Please download SystemLook from the link below and save it to your Desktop.

http://downloads.malwareremoval.com/SystemLook/SystemLook.exe

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield. Do not include "Code:select all":
    Code: Select all
    :regfind
    LogonSound  /s
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The results log can also be found on your Desktop, entitled SystemLook.txt
---------------------------------------------
I see now that your machine was cleaned with the help of Melboy.
You should have mentioned that.
No Wonder the logs look good.
However, if you can't ever get CHKDSK to run correctly, you have a bad Hard drive (refurbished or not)
-----------------------------------------
Check hard Drive for Errors
Open Notepad... then copy and paste the following line into Notepad:
(Notepad is in Start, Programs, Accessories)
Code: Select all
cmd  /c  chkdsk  c:  |find  /v  "percent"  >> "%userprofile%\desktop\checkhd.txt"

Now Save the NotePad file like this:
  • Click on File from the top menu bar.
  • Select Save As, use Filename: testhd.bat and Save As Type: All Files.
  • Choose Desktop as the location
  • Click Save.
Right click on testhd.bat on your desktop and select Run As Administrator to run it. OK the UAC.
A Command Prompt box will pop up, then close after a couple minutes.
Please post the contents of the checkhd.txt file from your desktop.
If the file is very long, just copy and paste the LAST 20 or 30 lines into your reply.

We will try to fix it if chkdsk doesn't have good results.
askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Refurbished Laptop (Autochk.exe:BAK:$DATA Executable ADS

Unread postby tentakool » December 5th, 2013, 6:17 am

The plug-ins you listed don't appear on Chrome's extension page for me. Should I try uninstalling then doing a fresh install of Chrome?

Not sure whether to proceed with the other instructions without doing that bit, so I will wait. :)
tentakool
Active Member
 
Posts: 12
Joined: December 2nd, 2013, 7:13 am

Re: Refurbished Laptop (Autochk.exe:BAK:$DATA Executable ADS

Unread postby askey127 » December 5th, 2013, 9:35 am

Yes, please proceed with the remainder of the instructions.
We will take care of Chrome later.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Refurbished Laptop (Autochk.exe:BAK:$DATA Executable ADS

Unread postby tentakool » December 5th, 2013, 12:11 pm

SystemLook 04.09.10 by jpshortstuff
Log created at 16:03 on 05/12/2013 by User
Administrator - Elevation successful

========== regfind ==========

Searching for "LogonSound /s"
No data found.

-= EOF =-




The type of the file system is NTFS.

WARNING! F parameter not specified.
Running CHKDSK in read-only mode.

CHKDSK is verifying files (stage 1 of 3)...
File verification completed.
229 large file records processed.

0 bad file records processed.

0 EA records processed.

44 reparse records processed.

CHKDSK is verifying indexes (stage 2 of 3)...
Index verification completed.
0 unindexed files scanned.

0 unindexed files recovered.

CHKDSK is verifying security descriptors (stage 3 of 3)...
Security descriptor verification completed.
16567 data files processed.

CHKDSK is verifying Usn Journal...
Usn Journal verification completed.
Windows has checked the file system and found no problems.

78148160 KB total disk space.
29568348 KB in 92647 files.
58264 KB in 16568 indexes.
0 KB in bad sectors.
217540 KB in use by the system.
65536 KB occupied by the log file.
48304008 KB available on disk.

4096 bytes in each allocation unit.
19537040 total allocation units on disk.
12076002 allocation units available on disk.
tentakool
Active Member
 
Posts: 12
Joined: December 2nd, 2013, 7:13 am

Re: Refurbished Laptop (Autochk.exe:BAK:$DATA Executable ADS

Unread postby askey127 » December 5th, 2013, 4:33 pm

tentakool,
Looks OK so far.
---------------------------------------------
Download the OTL Scanner
Please download OTL.exe by OldTimer and save it to your desktop.
---------------------------------------------
Run a Scan with OTL
  • For Win7, right click the OTL icon and choose "Run as administrator".
  • Check the boxes labeled :
    • Scan All Users
    • LOP check
    • Purity check
    • Extra Registry > Use SafeList
    • Under File Scans, change File Age to 7 daysj
  • Make sure all other windows are closed to let it run uninterrupted.
  • Click on the Run Scan button at the top left hand corner. Do not change any settings unless otherwise told to do so.
    When the scan starts, OTL may appear to be frozen while it runs. Please be patient.
When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL. (desktop)
OTL.txt will be open on your desktop, and Extras.txt will be minimized in your taskbar.
The Extras.txt file will only appear as a running Notepad document the very first time you run OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them as a reply. Use separate replies if more convenient.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Refurbished Laptop (Autochk.exe:BAK:$DATA Executable ADS

Unread postby tentakool » December 6th, 2013, 7:18 am

OTL logfile created on: 12/6/2013 11:08:17 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.99 Gb Total Physical Memory | 2.20 Gb Available Physical Memory | 73.43% Memory free
5.98 Gb Paging File | 5.10 Gb Available in Paging File | 85.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 46.19 Gb Free Space | 61.98% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Processes (SafeList) ==========

PRC - [2013/12/06 11:05:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
PRC - [2013/11/28 19:06:28 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2013/10/28 18:02:16 | 001,680,088 | ---- | M] (Broadcom Corporation.) -- C:\Windows\System32\BtwRSupportService.exe
PRC - [2013/10/22 15:35:51 | 003,567,800 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\avastui.exe
PRC - [2013/10/21 19:41:10 | 000,050,344 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2013/10/21 07:33:04 | 000,473,496 | ---- | M] (TomTom) -- C:\Program Files\MyDrive Connect\MyDriveConnect.exe
PRC - [2013/10/15 12:27:38 | 003,921,880 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe
PRC - [2013/09/20 10:57:26 | 001,042,272 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe
PRC - [2013/09/13 10:38:30 | 000,171,416 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDWSCSvc.exe
PRC - [2013/07/25 11:19:26 | 005,624,784 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe
PRC - [2011/02/25 05:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/11/11 13:00:54 | 000,076,856 | ---- | M] ( Hewlett-Packard Development Company, L.P.) -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
PRC - [2008/05/25 19:43:58 | 001,464,856 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\UNS.exe
PRC - [2008/05/25 19:43:54 | 000,182,808 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\atchksrv.exe
PRC - [2008/05/25 19:43:52 | 000,408,088 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\atchk.exe
PRC - [2008/05/25 19:43:50 | 000,121,368 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\AMT\LMS.exe
PRC - [2007/02/06 11:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) -- C:\Windows\System32\AEADISRV.EXE


========== Modules (No Company Name) ==========

MOD - [2013/10/21 19:41:11 | 019,336,120 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\libcef.dll
MOD - [2013/10/21 07:33:16 | 000,026,520 | ---- | M] () -- C:\Program Files\MyDrive Connect\DeviceDetection.dll
MOD - [2013/10/21 07:33:10 | 000,337,816 | ---- | M] () -- C:\Program Files\MyDrive Connect\TomTomSupporterProxy.dll
MOD - [2013/10/21 07:33:06 | 000,082,840 | ---- | M] () -- C:\Program Files\MyDrive Connect\TomTomSupporterBase.dll
MOD - [2013/05/16 10:55:26 | 000,113,496 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\snlThirdParty150.bpl
MOD - [2013/05/16 10:55:24 | 000,416,600 | ---- | M] () -- C:\Program Files\Spybot - Search & Destroy 2\DEC150.bpl


========== Services (SafeList) ==========

SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDWSCService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDUpdateService)
SRV - File not found [Auto | Running] -- C:\Program Files\Spybot -- (SDScannerService)
SRV - [2013/11/28 20:31:31 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2013/11/28 19:11:17 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2013/10/28 18:02:16 | 001,680,088 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Windows\System32\BtwRSupportService.exe -- (BcmBtRSupport)
SRV - [2013/10/21 19:41:10 | 000,050,344 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/05/27 04:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009/07/14 01:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2008/05/25 19:43:58 | 001,464,856 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\UNS.exe -- (UNS)
SRV - [2008/05/25 19:43:54 | 000,182,808 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\atchksrv.exe -- (atchksrv)
SRV - [2008/05/25 19:43:50 | 000,121,368 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\AMT\LMS.exe -- (LMS)
SRV - [2007/02/06 11:44:24 | 000,069,632 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\System32\AEADISRV.EXE -- (AEADIFilters)


========== Driver Services (SafeList) ==========

DRV - [2013/12/01 14:42:26 | 000,361,912 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\TrufosAlt.sys -- (TrufosAlt)
DRV - [2013/11/08 19:19:15 | 000,403,440 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswsp.sys -- (aswSP)
DRV - [2013/10/28 18:02:14 | 000,175,320 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\bcbtums.sys -- (bcbtums)
DRV - [2013/10/21 19:41:12 | 000,774,392 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2013/10/21 19:41:12 | 000,178,304 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswVmm.sys -- (aswVmm)
DRV - [2013/10/21 19:41:12 | 000,079,720 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2013/10/21 19:41:12 | 000,070,384 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2013/10/21 19:41:12 | 000,057,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2013/10/21 19:41:12 | 000,049,944 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswRvrt.sys -- (aswRvrt)
DRV - [2013/10/21 19:41:12 | 000,035,656 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/10/18 10:12:06 | 000,971,752 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF)
DRV - [2012/08/23 14:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012/08/23 14:41:34 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2012/08/23 14:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2011/05/13 17:57:42 | 000,025,656 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\hpdskflt.sys -- (hpdskflt)
DRV - [2011/05/13 17:57:20 | 000,035,896 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Accelerometer.sys -- (Accelerometer)
DRV - [2010/02/24 23:02:30 | 000,015,544 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBTTN.sys -- (HBtnKey)
DRV - [2009/11/11 03:26:02 | 002,216,064 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\w29n51.sys -- (w29n51)
DRV - [2009/07/20 14:05:16 | 000,049,152 | ---- | M] (RICOH Company, Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rismc32.sys -- (rismc32)
DRV - [2009/07/20 14:05:16 | 000,049,152 | ---- | M] (RICOH Company, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rismc32.sys -- (RICOH SmartCard Reader)
DRV - [2009/07/13 23:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/07/13 22:13:46 | 000,242,176 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTICH3.SYS -- (VSTHWICH)
DRV - [2009/07/13 22:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32)
DRV - [2009/06/25 15:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2009/06/05 19:12:34 | 000,219,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6232.sys -- (e1express)
DRV - [2009/04/29 06:46:54 | 000,015,872 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HpqKbFiltr.sys -- (HpqKbFiltr)
DRV - [2007/07/12 09:41:52 | 000,045,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2007/04/25 12:32:42 | 000,031,232 | ---- | M] (SMSC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smscirda.sys -- (SMSCIRDA)
DRV - [2006/11/28 16:44:52 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/09/14 15:55:00 | 000,088,192 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\gtipci21.sys -- (GTIPCI21)
DRV - [2005/03/10 15:56:06 | 000,273,168 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\STAC97.sys -- (STAC97)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-3547131469-2416894023-2218228807-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://uk.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3547131469-2416894023-2218228807-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-gb
IE - HKU\S-1-5-21-3547131469-2416894023-2218228807-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 9E 27 A3 34 ED 3B CE 01 [binary data]
IE - HKU\S-1-5-21-3547131469-2416894023-2218228807-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3547131469-2416894023-2218228807-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-21-3547131469-2416894023-2218228807-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\31.0.1650.57\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - Extension: Google Search = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: avast! Online Security = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0\
CHR - Extension: Google Wallet = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\

O1 HOSTS File: ([2009/06/10 21:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [20131121] C:\Program Files\AVAST Software\Avast\setup\emupdate\e3518447-4575-4e20-bfb1-343b059e178d.exe (AVAST Software)
O4 - HKLM..\Run: [atchk] C:\Program Files\Intel\AMT\atchk.exe (Intel Corporation)
O4 - HKLM..\Run: [AvastUI.exe] C:\Program Files\AVAST Software\Avast\AvastUI.exe (AVAST Software)
O4 - HKLM..\Run: [SDTray] C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-3547131469-2416894023-2218228807-1000..\Run: [MyDriveConnect.exe] C:\Program Files\MyDrive Connect\MyDriveConnect.exe (TomTom)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O13 - gopher Prefix: missing
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.co ... 5.13.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3496DA39-BFF1-49CF-8225-C6CD49860ADF}: DhcpNameServer = 194.168.4.100 194.168.8.100
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{510BCD69-F960-446E-996B-960190D468BF}: DhcpNameServer = 192.168.1.4
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7B6720DC-E3A1-4780-895B-740FF1353CFF}: DhcpNameServer = 8.8.8.8 8.8.4.4
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - (wlnotify.dll) - File not found
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 7 Days ==========

[2013/12/06 11:05:16 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2013/12/03 16:36:13 | 000,000,000 | ---D | C] -- C:\FRST
[2013/12/01 20:30:39 | 000,000,000 | ---D | C] -- C:\Windows\Microsoft Antimalware
[2013/12/01 17:01:06 | 000,105,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2013/12/01 14:44:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013/12/01 14:42:25 | 000,361,912 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\TrufosAlt.sys
[2013/12/01 14:41:38 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes
[2013/12/01 14:41:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/12/01 14:41:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/12/01 14:41:29 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013/12/01 14:41:29 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/12/01 14:40:52 | 000,075,992 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2013/12/01 14:40:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013/12/01 14:40:06 | 000,018,968 | ---- | C] (Safer Networking Limited) -- C:\Windows\System32\sdnclean.exe
[2013/12/01 14:40:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013/12/01 14:39:58 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy 2
[2013/12/01 14:39:46 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Programs
[2013/11/29 14:38:25 | 000,000,000 | ---D | C] -- C:\Program Files\MyDrive Connect

========== Files - Modified Within 7 Days ==========

[2013/12/06 11:05:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2013/12/06 11:03:42 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/06 11:03:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/12/06 11:03:33 | 2409,078,784 | -HS- | M] () -- C:\hiberfil.sys
[2013/12/06 08:35:17 | 000,026,688 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/06 08:35:17 | 000,026,688 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/03 16:26:28 | 000,666,176 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013/12/03 16:26:28 | 000,125,820 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013/12/03 14:59:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/01 17:01:06 | 000,105,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\MBAMSwissArmy.sys
[2013/12/01 17:00:31 | 000,075,992 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamchameleon.sys
[2013/12/01 14:42:26 | 000,361,912 | ---- | M] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\TrufosAlt.sys
[2013/11/29 14:02:27 | 000,333,696 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013/11/29 12:30:39 | 000,237,114 | ---- | M] () -- C:\Users\User\AppData\Local\census.cache
[2013/11/29 12:30:33 | 000,098,322 | ---- | M] () -- C:\Users\User\AppData\Local\ars.cache
[2013/11/29 12:09:57 | 000,000,036 | ---- | M] () -- C:\Users\User\AppData\Local\housecall.guid.cache

========== Files Created - No Company Name ==========

[2013/12/01 14:40:10 | 000,002,135 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013/11/29 12:30:39 | 000,237,114 | ---- | C] () -- C:\Users\User\AppData\Local\census.cache
[2013/11/29 12:30:33 | 000,098,322 | ---- | C] () -- C:\Users\User\AppData\Local\ars.cache
[2013/11/29 12:09:57 | 000,000,036 | ---- | C] () -- C:\Users\User\AppData\Local\housecall.guid.cache
[2013/11/28 20:24:13 | 000,140,288 | ---- | C] () -- C:\Windows\System32\igfxtvcx.dll
[2013/09/23 16:34:00 | 000,178,304 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013/09/23 16:33:59 | 000,049,944 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013/04/18 15:19:48 | 000,000,000 | ---- | C] () -- C:\Users\User\AppData\Local\{0F55D5AF-7771-4118-A74E-5BA7B674F63C}
[2012/04/03 12:57:19 | 000,192,512 | ---- | C] () -- C:\Windows\System32\stac97co.dll

========== ZeroAccess Check ==========

[2009/07/14 04:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/26 01:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 21:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 01:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/10/22 07:55:21 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\AVAST Software
[2013/08/09 14:16:02 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\driveridentifier
[2013/10/21 15:55:17 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\OpenOffice.org

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 22528 bytes -> C:\Windows\System32\autochk.exe:BAK

< End of report >

:compress:

OTL Extras logfile created on: 12/6/2013 11:08:17 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000409 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.99 Gb Total Physical Memory | 2.20 Gb Available Physical Memory | 73.43% Memory free
5.98 Gb Paging File | 5.10 Gb Available in Paging File | 85.22% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 46.19 Gb Free Space | 61.98% Space Free | Partition Type: NTFS

Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 7 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-3547131469-2416894023-2218228807-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{161E2CA2-28C0-4F6E-A03E-F40FDF1D2FFF}" = lport=138 | protocol=17 | dir=in | app=system |
"{16AA33FF-637B-431C-9835-CC3A323EB672}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1B323F85-C4B5-4C76-A59B-36458A449D7C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2F72BA1B-1D06-4886-81C7-8E3E3A06391A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{31A67175-6488-4ECF-897F-DA3EF675762F}" = lport=137 | protocol=17 | dir=in | app=system |
"{42F86CDE-D4D0-4F6B-95ED-33D94FBA761A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4C821F15-78E3-4B10-A06E-791791DEE0F7}" = rport=138 | protocol=17 | dir=out | app=system |
"{5168D752-F8CA-4D0D-9477-1202A53051F5}" = rport=139 | protocol=6 | dir=out | app=system |
"{53AC764F-6027-4ACD-8B26-3D4B276F5FFA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7D55BC57-C177-4BC9-BE26-CC02623BFAF7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7D8A2B0F-5289-449E-B923-912D42A6D78D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{94470272-6635-4221-BDED-01BBD9FD153D}" = lport=2869 | protocol=6 | dir=in | app=system |
"{99171BFE-01EC-425D-8BE1-86914E727C8B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B281A3B7-E294-400D-B997-826C3FACA8A0}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D1B01B05-B584-4266-A274-88A5726A11D1}" = rport=137 | protocol=17 | dir=out | app=system |
"{D8E21F5F-765B-4ADA-BEF2-9AF6A81A550B}" = lport=445 | protocol=6 | dir=in | app=system |
"{E4162DB0-26A0-4C65-848F-02206F667114}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E48DF109-F837-41CD-BBA2-B9AC4E9BFCD0}" = rport=445 | protocol=6 | dir=out | app=system |
"{E4EA3E74-C28E-4B7E-8C00-2993BD9CD991}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{E6A3A1FA-B2E5-4E56-8E5A-5D0C18BA3990}" = lport=139 | protocol=6 | dir=in | app=system |
"{F5F74E97-E2EB-4240-AD8C-A364F6938E88}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04EF5E7A-6A6C-49CC-8413-65046E1122A2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{09A059A0-C703-4CF3-9AE6-ED5DA04292D9}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{351F0169-4110-4F75-AE69-6CD48F0E789E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{42B19253-B536-489C-BDFE-643A3A83B702}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{43E9DDC9-543D-40F8-A9A6-C8DE26B8E5BF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{62BCA083-E410-4CE2-94AA-68AC4C2B7211}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{6AEC4683-C0BD-4E42-BC00-8F0372FF46F7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7692FB66-0A48-4B6C-AE08-DD6B07E4A24D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{7E243853-B646-4E01-8C11-48238B4E7997}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{86FFF013-AB05-4284-999E-2E7034CC4ED3}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{88874258-308C-4BFC-92F5-0CCE87AD895D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8E698EC1-B6B5-4127-8E9B-238E8FA5FF59}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CC7D93E1-9B46-4410-9D70-49BF5DB10774}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{D26D8CA5-EC1E-4EBC-9FBD-957324231D8A}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E0A602E3-453F-4BA1-AE9A-F9A5A899296A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{E66BB8B6-96A4-4B3C-8470-A47CC5B0C8DA}" = protocol=6 | dir=out | app=system |
"{F047CAB7-4EA6-4E9C-9DDA-A14C4C48B286}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{FBFFF8D1-F592-48E2-9DAD-0518E9EFFD43}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E0479F8-180F-4054-B4F7-17EE657F90BF}" = TIPCI
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{4903D172-DCCB-392F-93A3-34CA9D47FE3D}" = Microsoft .NET Framework 4.5.1
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}" = System Requirements Lab for Intel
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F5CC2EF8-20A4-4366-A681-3FE849E65809}" = RICOH Media Driver
"avast" = avast! Free Antivirus
"CNXT_MODEM_PCI_VEN_14F1&DEV_2C06_hpZ1379z" = Soft Data Fax Modem with SmartCP
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HECI" = Intel(R) Management Engine Interface
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{0E0479F8-180F-4054-B4F7-17EE657F90BF}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"MESOL" = Intel(R) Active Management Technology Device Software
"MyDriveConnect" = MyDriveConnect 3.3.0.1318
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TVWiz" = Intel(R) TV Wizard
"VLC media player" = VLC media player 1.1.11

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/2/2013 3:59:05 PM | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/3/2013 6:57:28 AM | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/3/2013 10:40:26 AM | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/3/2013 12:20:28 PM | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/3/2013 12:35:38 PM | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/5/2013 6:08:00 AM | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/5/2013 12:01:45 PM | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/5/2013 5:36:22 PM | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/6/2013 4:26:47 AM | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description =

Error - 12/6/2013 7:04:49 AM | Computer Name = User-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 12/5/2013 6:07:37 AM | Computer Name = User-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D
2 Scanner Service service to connect.

Error - 12/5/2013 6:07:37 AM | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
Description = The Spybot-S&D 2 Scanner Service service failed to start due to the
following error: %%1053

Error - 12/5/2013 12:01:08 PM | Computer Name = User-PC | Source = SCardSvr | ID = 602
Description =

Error - 12/5/2013 5:35:06 PM | Computer Name = User-PC | Source = SCardSvr | ID = 602
Description =

Error - 12/5/2013 5:35:56 PM | Computer Name = User-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D
2 Scanner Service service to connect.

Error - 12/5/2013 5:35:56 PM | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
Description = The Spybot-S&D 2 Scanner Service service failed to start due to the
following error: %%1053

Error - 12/6/2013 4:26:14 AM | Computer Name = User-PC | Source = SCardSvr | ID = 602
Description =

Error - 12/6/2013 7:03:39 AM | Computer Name = User-PC | Source = SCardSvr | ID = 602
Description =

Error - 12/6/2013 7:04:21 AM | Computer Name = User-PC | Source = Service Control Manager | ID = 7009
Description = A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D
2 Scanner Service service to connect.

Error - 12/6/2013 7:04:21 AM | Computer Name = User-PC | Source = Service Control Manager | ID = 7000
Description = The Spybot-S&D 2 Scanner Service service failed to start due to the
following error: %%1053


< End of report >
tentakool
Active Member
 
Posts: 12
Joined: December 2nd, 2013, 7:13 am

Re: Refurbished Laptop (Autochk.exe:BAK:$DATA Executable ADS

Unread postby askey127 » December 6th, 2013, 9:17 am

tentakool,
----------------------------------------------
Perform a Custom Fix with OTL
Run OTL (Right click and choose "Run as administrator" in Vista/Win7)
  • In the Custom Scans/Fixes box at the bottom, paste in the following lines from the Code box (Do not include "Code:select all"):
    Code: Select all
    :Commands
    [CREATERESTOREPOINT]
    
    :OTL
    @Alternate Data Stream - 22528 bytes -> C:\Windows\System32\autochk.exe:BAK
    
    :Files
    C:\Windows\System32\stac97co.dll
    ipconfig /flushdns /c
    
    :Commands
    [EMPTYTEMP]
    
  • Then click the Run Fix button at the top.
  • Let the program run unhindered, and click to allow the Reboot when it is done.
    When the computer Reboots, and you start your usual account, a Notepad text file will appear.
  • Copy the contents of that file and post it in your next reply.
    That is the FIX log file. It will also be available and named by timestamp here: C:\_OTL\Moved Files\mmddyyyy_hhmmss.log
---------------------------------------------------------
Reset Chrome
Take a look here for instruction from Google to Reset Chrome.
https://support.google.com/chrome/answer/3296214?hl=en
I would recommend not installing Chrome extensions, based on the lack of any integrity checking by Google.
See here: http://blog.arpitnext.com/2011/08/chrom ... nshot.html

Use the machine a bit and let me know how it's running.
If you see any detections from anywhere, let me know what they are.

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Refurbished Laptop (Autochk.exe:BAK:$DATA Executable ADS

Unread postby tentakool » December 7th, 2013, 1:29 pm

Thanks, askey127. I'll report back in a bit on how it's running. I will try the Spybot and Avast scans again too before I do.

All processes killed
========== COMMANDS ==========
Restore point Set: OTL Restore Point
========== OTL ==========
Unable to delete ADS C:\Windows\System32\autochk.exe:BAK .
========== FILES ==========
C:\Windows\System32\stac97co.dll moved successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\User\Desktop\cmd.bat deleted successfully.
C:\Users\User\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public

User: User
->Temp folder emptied: 3483566 bytes
->Temporary Internet Files folder emptied: 29549359 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 22805031 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 29811896 bytes
RecycleBin emptied: 132735017 bytes

Total Files Cleaned = 208.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12072013_171809

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\atchksrv.log scheduled to be moved on reboot.
File\Folder C:\Windows\temp\TMP000000012CEB603CD7C48714 not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
tentakool
Active Member
 
Posts: 12
Joined: December 2nd, 2013, 7:13 am

Re: Refurbished Laptop (Autochk.exe:BAK:$DATA Executable ADS

Unread postby askey127 » December 8th, 2013, 11:49 am

OK.
I'll wait to see how you find it.
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Refurbished Laptop (Autochk.exe:BAK:$DATA Executable ADS

Unread postby tentakool » December 12th, 2013, 1:55 pm

Sorry for the delay, I slightly lost track of time.

The laptop is running OK, much as before. Still getting the occasional disconnected hardware sound.

Spybot rootkit scan stilll seems to find the same results as before. The performance of the laptop all seems fine, but I am just concerned in case this "executable ADS" thing is a security risk for things like bank details and passwords.

Here is the log from Spybot's rootkit can:

// info: Rootkit removal help file
// copyright: (c) 2008-2013 Safer-Networking Ltd. All rights reserved.

:: RootAlyzer Results
File:"Executable ADS","C:\Windows.old\Windows\system32\autochk.exe:BAK:$DATA"
File:"Executable ADS","C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe:BAK:$DATA"
File:"Executable ADS","C:\Windows\System32\autochk.exe:BAK:$DATA"
File:"No admin in ACL","C:\ProgramData\Microsoft\OFFICE\DATA"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\","LogonSoundPlayed"
RegyKey:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Security Center\Svc\","Vol"


RootAlyzer Quick Scan Results

Files in Windows folder
----------------------------------------
95 files tested.
No hidden files detected.
========================================

Files in System folder
----------------------------------------
2951 files tested.
No hidden files detected.
========================================

Global run entries
----------------------------------------
10 values tested.
No hidden entries detected.
========================================

Winlogon entries
----------------------------------------
3 keys tested.
No hidden entries detected.
========================================

Invisible processes (from handles)
----------------------------------------
No handle process IDs tested.
No hidden processes detected.
========================================

Invisible processes (from threads)
----------------------------------------
61 processes tested.
No hidden processes detected.
========================================

I do really appreciate your assistance :) Thanks again.
tentakool
Active Member
 
Posts: 12
Joined: December 2nd, 2013, 7:13 am

Re: Refurbished Laptop (Autochk.exe:BAK:$DATA Executable ADS

Unread postby askey127 » December 12th, 2013, 5:45 pm

tentakool,
---------------------------------------------
Please download SystemLook from the link below and save it to your Desktop.
Download Mirror #1 (32-bit)[/b]

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield. Do not include "Code:select all":
    Code: Select all
    :file
    C:\Windows.old\Windows\system32\autochk.exe
    C:\Windows\System32\autochk.exe
    C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The results log can also be found on your Desktop, entitled SystemLook.txt

askey127
User avatar
askey127
Admin/Teacher
Admin/Teacher
 
Posts: 14025
Joined: April 17th, 2005, 3:25 pm
Location: New Hampshire USA

Re: Refurbished Laptop (Autochk.exe:BAK:$DATA Executable ADS

Unread postby tentakool » December 14th, 2013, 7:07 am

SystemLook 04.09.10 by jpshortstuff
Log created at 11:06 on 14/12/2013 by User
Administrator - Elevation successful

========== file ==========

C:\Windows.old\Windows\system32\autochk.exe - File found and opened.
MD5: 3D5E61BE00900EEADBABF4CF5A19AB8B
Created at 04:42 on 14/04/2008
Modified at 04:42 on 14/04/2008
Size: 588800 bytes
Attributes: --a----
No version information available.

C:\Windows\System32\autochk.exe - File found and opened.
MD5: 25462EF704BDB2732B0DF6A2FCCD73D2
Created at 21:29 on 20/11/2010
Modified at 21:29 on 20/11/2010
Size: 668160 bytes
Attributes: --a----
No version information available.

C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe - File found and opened.
MD5: 25462EF704BDB2732B0DF6A2FCCD73D2
Created at 21:29 on 20/11/2010
Modified at 21:29 on 20/11/2010
Size: 668160 bytes
Attributes: --a----
No version information available.

-= EOF =-
tentakool
Active Member
 
Posts: 12
Joined: December 2nd, 2013, 7:13 am
Advertisement
Register to Remove

Next

  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 294 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware