Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Stupid "CouponDropDown" Bug! Arrrrrgggghhhh!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Stupid "CouponDropDown" Bug! Arrrrrgggghhhh!

Unread postby 19rlowe81 » March 1st, 2015, 6:00 pm

Every time I open a webpage, I get flashing banners and advertisements everywhere. Each one is subscripted with "Ad by CouponDropDown". I'm not sure where I picked up this little beastie, but no matter what I try, I can't seem to get rid of it. More than a little annoying.
My rig is sporting an Asrock Z77 Extreme 4 Motherboard and an I5 3470 cpu. I'm currently running Windows 7 Pro. I'm not sure what else you need, aside from the DDS logs, but any advice or help that you can offer would be most appreciated. Thanks for your time....


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17631
Run by Tsunami Dream at 13:33:02 on 2015-03-01
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.8075.6104 [GMT -8:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\igfxCUIService.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\ExpressFiles\EFUpdater.exe
C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe
C:\Windows\SysWow64\IntelCpHeciSvc.exe
C:\Users\Tsunami Dream\AppData\Roaming\03000200-1425202495-0500-0006-000700080009\nstC89C.tmpfs
C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
C:\Users\Tsunami Dream\AppData\Roaming\03000200-1425202495-0500-0006-000700080009\jnsiF617.tmp
C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Windows Network Accelerater\v3\winvxm.exe
C:\Program Files (x86)\YouTube-Downloader\A3\youtubeserv.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
C:\Windows\System32\rundll32.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\igfxEM.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\ProgramData\{671ac39b-a1b6-9513-671a-ac39ba1b0e6e}\Emsisoft Anti-Malware Full License Keys are Here ! [Latest].exe
C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
C:\ProgramData\{2002a3ab-b40a-e6f2-2002-2a3abb408eae}\superpc_soft_partner.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Auslogics\BoostSpeed\BoostSpeed.exe
C:\Windows\sysWOW64\wbem\wmiprvse.exe
C:\Program Files\Auslogics\BoostSpeed\systeminformation.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
uProxyOverride = <-loopback>
mWinlogon: Userinit = userinit.exe,
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
mRun: [gmsd_us_268] <no file>
StartupFolder: C:\Users\TSUNAM~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EMSISO~1.LNK - C:\ProgramData\{671ac39b-a1b6-9513-671a-ac39ba1b0e6e}\Emsisoft Anti-Malware Full License Keys are Here ! [Latest].exe
StartupFolder: C:\Users\TSUNAM~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\PDANET~1.LNK - C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
StartupFolder: C:\Users\TSUNAM~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\SUPERP~1.LNK - C:\ProgramData\{2002a3ab-b40a-e6f2-2002-2a3abb408eae}\superpc_soft_partner.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\ONBttnIE.dll
IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\OCHelper.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
LSP: C:\Windows\System32\BDL.dll
TCP: NameServer = 8.8.8.8
TCP: Interfaces\{1CBBE033-1438-4F49-82B0-799DA00D9FD1} : DHCPNameServer = 8.8.8.8
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL
SSODL: WebCheck - <orphaned>
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [ShadowPlay] C:\Windows\System32\rundll32.exe C:\Windows\System32\nvspcap64.dll,ShadowPlayOnSystemStart
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Tsunami Dream\AppData\Roaming\Mozilla\Firefox\Profiles\h49uz3c2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://websearch.swellsearch.info/?pid= ... =84&l=1&q=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: keyword.URL - hxxps://www.google.com/search?q=
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL
FF - plugin: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll
.
============= SERVICES / DRIVERS ===============
.
R1 {ca032d0a-a16a-4ca5-8bc6-c3c5a2d19d37}Gw64;{ca032d0a-a16a-4ca5-8bc6-c3c5a2d19d37}Gw64;C:\Windows\System32\drivers\{ca032d0a-a16a-4ca5-8bc6-c3c5a2d19d37}Gw64.sys [2015-3-1 48792]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe [2015-2-23 2711736]
R2 fuzefyby;Use Auto Format;C:\Users\Tsunami Dream\AppData\Roaming\03000200-1425202495-0500-0006-000700080009\nstC89C.tmpfs [2015-3-1 113664]
R2 GfExperienceService;NVIDIA GeForce Experience Service;C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [2015-2-23 1148560]
R2 guxuqowo;Monitor Toner;C:\Users\Tsunami Dream\AppData\Roaming\03000200-1425202495-0500-0006-000700080009\jnsiF617.tmp [2015-3-1 174592]
R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\Windows\System32\igfxCUIService.exe [2014-10-1 319080]
R2 NvNetworkService;NVIDIA Network Service;C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [2015-2-23 1701520]
R2 NvStreamSvc;NVIDIA Streamer Service;C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [2015-2-23 19823248]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2015-2-26 410952]
R2 WindowsVNT_R3;Windows Virtual Network (WVN3);C:\Program Files (x86)\Windows Network Accelerater\v3\winvxm.exe [2015-3-1 2973600]
R2 YouTubeDownload_A3;YouTube Downloader Services (A3);C:\Program Files (x86)\YouTube-Downloader\A3\youtubeserv.exe [2015-3-1 2971224]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2015-3-1 454416]
R3 ISCT;Intel(R) Smart Connect Technology Device Driver;C:\Windows\System32\drivers\ISCTD64.sys [2013-1-19 46568]
R3 NvStreamKms;NvStreamKms;C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [2015-2-23 19600]
R3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);C:\Windows\System32\drivers\nvvad64v.sys [2015-2-23 38032]
R3 pneteth;PdaNet Broadband;C:\Windows\System32\drivers\pneteth.sys [2015-2-23 15360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-11 103608]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
S2 globalUpdate;globalUpdate Update Service (globalUpdate);C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /svc --> C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [?]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 globalUpdatem;globalUpdate Update Service (globalUpdatem);C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe /medsvc --> C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [?]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2015-3-1 169752]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-2-25 114688]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2015-2-12 178760]
S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2015-3-1 31800]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2015-2-24 1255736]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile="C:\Windows\System32\NOTEPAD.EXE" %1
FileExt: .ini: inifile="C:\Windows\System32\NOTEPAD.EXE" %1
FileExt: .inf: inffile="C:\Windows\System32\NOTEPAD.EXE" %1
.
=============== Created Last 30 ================
.
2015-03-01 21:07:38 -------- d-----w- C:\Users\Tsunami Dream\AppData\Local\Intel
2015-03-01 21:07:29 -------- d-----w- C:\Program Files (x86)\Intel Driver Update Utility
2015-03-01 21:07:26 -------- d-----w- C:\ProgramData\Package Cache
2015-03-01 18:39:03 -------- d-----w- C:\ProgramData\Windows VXM
2015-03-01 18:39:03 -------- d-----w- C:\Program Files (x86)\Windows Network Accelerater
2015-03-01 18:17:55 -------- d-----w- C:\ProgramData\9f98403200003a4e
2015-03-01 18:16:38 -------- d-----w- C:\ProgramData\a9195fc000006777
2015-03-01 18:11:02 -------- d-----w- C:\Users\Tsunami Dream\AppData\Roaming\EZDownloader
2015-03-01 18:06:20 -------- d-----w- C:\ProgramData\6467701552656366573
2015-03-01 18:05:43 -------- d-----w- C:\ProgramData\{671ac39b-a1b6-9513-671a-ac39ba1b0e6e}
2015-03-01 17:58:46 -------- d-----w- C:\Windows\SysWow64\Flash
2015-03-01 17:54:54 613067 ----a-w- C:\Users\Tsunami Dream\AppData\Local\nsqF1B7.tmp
2015-03-01 17:54:52 -------- d-sh--w- C:\Users\Tsunami Dream\AppData\Roaming\AnyProtectEx
2015-03-01 17:54:51 -------- d-----w- C:\Users\Tsunami Dream\AppData\Local\Pro_PC_Cleaner
2015-03-01 17:54:20 -------- d-----w- C:\ProgramData\{2002a3ab-b40a-e6f2-2002-2a3abb408eae}
2015-03-01 17:53:59 -------- d-----w- C:\ProgramData\Optimizer
2015-03-01 17:53:57 -------- d-----w- C:\Program Files (x86)\YouTube-Downloader
2015-03-01 17:51:27 48792 ----a-w- C:\Windows\System32\drivers\{ca032d0a-a16a-4ca5-8bc6-c3c5a2d19d37}Gw64.sys
2015-03-01 17:49:16 -------- d-----w- C:\Users\Tsunami Dream\AppData\Local\24959504
2015-03-01 17:48:51 2120 ----a-w- C:\Windows\patsearch.bin
2015-03-01 17:46:29 1478104 ----a-w- C:\Users\Tsunami Dream\AppData\Roaming\DUWV.exe
2015-03-01 17:46:14 318808 ----a-w- C:\Windows\SysWow64\BDL.dll
2015-03-01 17:46:10 1804760 ----a-w- C:\Users\Tsunami Dream\AppData\Roaming\LJZLY.exe
2015-03-01 17:46:10 -------- d-----w- C:\Users\Tsunami Dream\AppData\Local\globalUpdate
2015-03-01 17:44:38 -------- d-----w- C:\Users\Tsunami Dream\AppData\Local\SmartWeb
2015-03-01 17:35:47 -------- d-----w- C:\Users\Tsunami Dream\AppData\Local\03000200-1425202547-0500-0006-000700080009
2015-03-01 17:35:09 -------- d-----w- C:\ProgramData\PastaLeadsAgent
2015-03-01 17:35:04 -------- d-----w- C:\Program Files\Common Files\PastaLeads
2015-03-01 17:34:55 -------- d-----w- C:\Users\Tsunami Dream\AppData\Roaming\03000200-1425202495-0500-0006-000700080009
2015-03-01 17:32:59 -------- d-----w- C:\Users\Tsunami Dream\AppData\Roaming\OAS
2015-03-01 17:32:16 -------- d-----w- C:\Windows\System32\appmgmt
2015-03-01 16:58:32 11910896 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{020CD2B8-D73E-4C14-9E4F-DE49651AC8D1}\mpengine.dll
2015-03-01 16:51:08 -------- d-----w- C:\Windows\DB847E94446B49E0AC5DC5627EC8B0C0.TMP
2015-03-01 16:51:08 -------- d-----w- C:\Program Files (x86)\Common Files\Wise Installation Wizard
2015-03-01 16:11:51 -------- d-----w- C:\Users\Tsunami Dream\AppData\Roaming\MiniGet
2015-03-01 15:51:30 -------- d-----w- C:\Program Files (x86)\Auslogics
2015-03-01 15:19:16 -------- d-----w- C:\Program Files\Auslogics BoostSpeed 7
2015-03-01 14:02:00 -------- d-----w- C:\Users\Tsunami Dream\AppData\Local\Apps
2015-03-01 13:53:38 -------- d-----w- C:\Program Files (x86)\Pavtube
2015-03-01 11:30:05 -------- d-----w- C:\Users\Tsunami Dream\AppData\Local\ElevatedDiagnostics
2015-03-01 11:29:02 97283 ----a-w- C:\ProgramData\1425209324.bdinstall.bin
2015-03-01 11:28:44 37823 ----a-w- C:\ProgramData\1425209323.bdinstall.bin
2015-03-01 11:15:31 -------- d-----w- C:\Users\Tsunami Dream\AppData\Local\VS Revo Group
2015-03-01 11:15:29 -------- d-----w- C:\ProgramData\VS Revo Group
2015-03-01 11:15:28 31800 ----a-w- C:\Windows\System32\drivers\revoflt.sys
2015-03-01 11:15:28 -------- d-----w- C:\Program Files\VS Revo Group
2015-03-01 10:29:09 -------- d-----w- C:\Users\Tsunami Dream\AppData\Roaming\ExpressFiles
2015-03-01 10:29:09 -------- d-----w- C:\Program Files (x86)\ExpressFiles
2015-03-01 09:01:44 -------- d-----w- C:\Windows\pss
2015-03-01 08:48:10 -------- d-----w- C:\ProgramData\Spybot - Search & Destroy
2015-03-01 08:22:41 -------- d-----w- C:\ProgramData\Auslogics
2015-03-01 08:18:33 -------- d-----w- C:\Users\Tsunami Dream\AppData\Local\Adobe
2015-03-01 02:23:47 -------- d-----w- C:\Users\Tsunami Dream\AppData\Roaming\CodeLobster Php Edition
2015-02-28 02:30:37 -------- d-----w- C:\Users\Tsunami Dream\AppData\Roaming\TeamViewer
2015-02-28 01:39:10 239104 ----a-w- C:\Windows\mlwps.exe
2015-02-28 01:37:09 208248 ----a-w- C:\ProgramData\1425087087.bdinstall.bin
2015-02-28 01:35:23 -------- d-----w- C:\Program Files (x86)\Microsoft ASP.NET
2015-02-28 01:33:00 1721576 ----a-w- C:\Windows\System32\WdfCoInstaller01009.dll
2015-02-28 01:31:27 -------- d-----w- C:\Users\Tsunami Dream\AppData\Roaming\QuickScan
2015-02-28 01:18:35 -------- d-----w- C:\Users\Tsunami Dream\Cisco Packet Tracer 6.1.1iv
2015-02-28 01:17:45 -------- d-----w- C:\Program Files (x86)\Cisco Packet Tracer 6.1.1iv
2015-02-28 01:17:35 -------- d-----w- C:\Users\Tsunami Dream\AppData\Local\Programs
2015-02-27 03:53:29 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2015-02-27 03:53:29 4300800 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-02-27 03:53:28 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2015-02-27 03:53:28 6041600 ----a-w- C:\Windows\System32\jscript9.dll
2015-02-27 03:09:05 73728 ----a-w- C:\Windows\SysWow64\tasks.dll
2015-02-26 14:18:26 -------- d-----w- C:\Windows\Migration
2015-02-26 14:11:32 621384 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2015-02-26 14:11:07 2558792 ----a-w- C:\Windows\System32\nvsvcr.dll
2015-02-26 11:00:40 2777088 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2015-02-26 11:00:40 2285056 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2015-02-26 00:02:56 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-02-26 00:01:58 67072 ----a-w- C:\Windows\splwow64.exe
2015-02-26 00:01:58 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2015-02-26 00:00:57 -------- d-----w- C:\Program Files (x86)\PrivateVPN
2015-02-24 15:04:13 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll
2015-02-24 15:04:13 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll
2015-02-24 15:00:18 -------- d-sh--w- C:\Users\Tsunami Dream\IntelGraphicsProfiles
2015-02-24 11:27:12 -------- d-----w- C:\Windows\SysWow64\Wat
2015-02-24 11:27:12 -------- d-----w- C:\Windows\System32\Wat
2015-02-24 11:27:10 -------- d-s---w- C:\Windows\System32\CompatTel
2015-02-24 11:27:10 -------- d-----w- C:\Windows\System32\appraiser
2015-02-24 07:58:19 167424 ----a-w- C:\Program Files\Windows Media Player\wmplayer.exe
2015-02-24 07:58:19 164864 ----a-w- C:\Program Files (x86)\Windows Media Player\wmplayer.exe
2015-02-24 07:58:19 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2015-02-24 07:58:18 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2015-02-24 07:35:04 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2015-02-24 07:11:40 -------- d-----w- C:\Program Files (x86)\Common Files\Intel
2015-02-24 07:03:22 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui
2015-02-24 06:44:58 5554512 ----a-w- C:\Windows\System32\d3dcsx_42.dll
2015-02-24 06:43:58 469264 ----a-w- C:\Windows\System32\d3dx10.dll
2015-02-24 06:38:01 -------- d-----w- C:\Users\Tsunami Dream\AppData\Local\Skyrim
2015-02-24 06:16:47 55808 ----a-w- C:\Windows\System32\rrinstaller.exe
2015-02-24 06:16:47 50176 ----a-w- C:\Windows\SysWow64\rrinstaller.exe
2015-02-24 06:16:47 4121600 ----a-w- C:\Windows\System32\mf.dll
2015-02-24 06:16:47 3209728 ----a-w- C:\Windows\SysWow64\mf.dll
2015-02-24 06:16:47 24576 ----a-w- C:\Windows\System32\mfpmp.exe
2015-02-24 06:16:47 23040 ----a-w- C:\Windows\SysWow64\mfpmp.exe
2015-02-24 06:16:47 206848 ----a-w- C:\Windows\System32\mfps.dll
2015-02-24 06:16:47 2048 ----a-w- C:\Windows\SysWow64\mferror.dll
2015-02-24 06:16:47 2048 ----a-w- C:\Windows\System32\mferror.dll
2015-02-24 06:16:47 103424 ----a-w- C:\Windows\SysWow64\mfps.dll
2015-02-24 06:14:32 -------- d-----w- C:\Program Files\VideoLAN
2015-02-24 06:10:33 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2015-02-24 06:10:33 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2015-02-24 06:10:33 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2015-02-24 06:10:33 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2015-02-24 06:10:33 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2015-02-24 06:10:33 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2015-02-24 06:10:33 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2015-02-24 06:01:29 -------- d-----w- C:\Users\Tsunami Dream\AppData\Local\Steam
2015-02-24 05:59:56 -------- d-----w- C:\Program Files (x86)\Common Files\Steam
2015-02-24 05:59:55 -------- d-----w- C:\Program Files (x86)\Steam
2015-02-24 05:54:39 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2015-02-24 05:54:39 5120 ----a-w- C:\Windows\System32\wmi.dll
2015-02-24 05:54:39 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2015-02-24 05:51:34 -------- d-----w- C:\Users\Tsunami Dream\AppData\Local\Mozilla
2015-02-24 05:51:25 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-24 05:46:27 -------- d-----w- C:\Windows\System32\MRT
2015-02-24 05:42:35 99480 ----a-w- C:\Windows\SysWow64\infocardapi.dll
2015-02-24 05:42:35 171160 ----a-w- C:\Windows\System32\infocardapi.dll
2015-02-24 05:42:34 619672 ----a-w- C:\Windows\SysWow64\icardagt.exe
2015-02-24 05:42:34 1389208 ----a-w- C:\Windows\System32\icardagt.exe
2015-02-24 05:42:33 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
2015-02-24 05:42:33 8856 ----a-w- C:\Windows\System32\icardres.dll
2015-02-24 05:42:27 35480 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
2015-02-24 05:42:27 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
2015-02-24 05:37:31 950272 ----a-w- C:\Windows\System32\perftrack.dll
2015-02-24 05:37:31 91136 ----a-w- C:\Windows\System32\wdi.dll
2015-02-24 05:37:31 76800 ----a-w- C:\Windows\SysWow64\wdi.dll
2015-02-24 05:37:31 29696 ----a-w- C:\Windows\System32\powertracker.dll
2015-02-24 05:35:55 907976 ----a-w- C:\ProgramData\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2015-02-24 05:34:34 -------- d-----w- C:\ProgramData\regid.1991-06.com.microsoft
2015-02-24 05:30:51 -------- d-----w- C:\Program Files\Microsoft Office 15
2015-02-24 05:30:49 1715224 ----a-w- C:\Windows\System32\nvspbridge64.dll
2015-02-24 05:30:49 1291464 ----a-w- C:\Windows\SysWow64\nvspbridge.dll
2015-02-24 05:30:35 38032 ----a-w- C:\Windows\System32\drivers\nvvad64v.sys
2015-02-24 05:30:35 32400 ----a-w- C:\Windows\SysWow64\nvaudcap32v.dll
2015-02-24 05:20:04 511328 ----a-w- C:\Windows\System32\d3dx10_43.dll
2015-02-24 05:20:04 470880 ----a-w- C:\Windows\SysWow64\d3dx10_43.dll
2015-02-24 05:20:04 276832 ----a-w- C:\Windows\System32\d3dx11_43.dll
2015-02-24 05:20:04 248672 ----a-w- C:\Windows\SysWow64\d3dx11_43.dll
2015-02-24 05:20:04 2401112 ----a-w- C:\Windows\System32\D3DX9_43.dll
2015-02-24 05:20:04 1998168 ----a-w- C:\Windows\SysWow64\D3DX9_43.dll
2015-02-24 05:19:49 2824504 ----a-w- C:\Windows\System32\nvspcap64.dll
2015-02-24 05:19:49 2210040 ----a-w- C:\Windows\SysWow64\nvspcap.dll
2015-02-24 05:19:47 -------- d-----w- C:\Users\Tsunami Dream\AppData\Local\NVIDIA Corporation
2015-02-24 05:19:47 -------- d-----w- C:\Users\Tsunami Dream\AppData\Local\NVIDIA
2015-02-24 05:18:13 935056 ----a-w- C:\Windows\System32\nvvsvc.exe
2015-02-24 05:18:13 6861128 ----a-w- C:\Windows\System32\nvcpl.dll
2015-02-24 05:18:13 62792 ----a-w- C:\Windows\System32\nvshext.dll
2015-02-24 05:18:13 4236870 ----a-w- C:\Windows\System32\nvcoproc.bin
2015-02-24 05:18:13 385168 ----a-w- C:\Windows\System32\nvmctray.dll
2015-02-24 05:18:13 3517584 ----a-w- C:\Windows\System32\nvsvc64.dll
2015-02-24 05:18:03 64000 ----a-w- C:\Windows\System32\OpenCL.dll
2015-02-24 05:18:03 60416 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2015-02-24 05:17:55 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2015-02-24 05:17:53 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2015-02-24 05:13:44 -------- d-sh--w- C:\Windows\Installer
2015-02-24 05:11:31 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2015-02-24 05:11:31 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2015-02-24 05:09:59 509952 ----a-w- C:\Windows\System32\ntshrui.dll
2015-02-24 05:08:46 455168 ----a-w- C:\Windows\System32\winlogon.exe
2015-02-24 05:03:33 683520 ----a-w- C:\Windows\System32\termsrv.dll
2015-02-24 04:53:45 5554112 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-02-24 04:53:44 3972544 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2015-02-24 04:53:44 3917760 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2015-02-24 04:53:42 503808 ----a-w- C:\Windows\System32\srcore.dll
2015-02-24 04:53:42 296960 ----a-w- C:\Windows\System32\rstrui.exe
2015-02-24 04:53:41 50176 ----a-w- C:\Windows\System32\srclient.dll
2015-02-24 04:53:41 43008 ----a-w- C:\Windows\SysWow64\srclient.dll
2015-02-24 04:51:01 2315776 ----a-w- C:\Windows\System32\tquery.dll
2015-02-24 04:51:01 2223616 ----a-w- C:\Windows\System32\mssrch.dll
2015-02-24 04:51:00 591872 ----a-w- C:\Windows\System32\SearchIndexer.exe
2015-02-24 04:51:00 1401344 ----a-w- C:\Windows\SysWow64\mssrch.dll
2015-02-24 04:49:06 197120 ----a-w- C:\Windows\System32\credui.dll
2015-02-24 04:49:06 190464 ----a-w- C:\Windows\System32\SmartcardCredentialProvider.dll
2015-02-24 04:49:06 168960 ----a-w- C:\Windows\SysWow64\credui.dll
2015-02-24 04:49:06 152576 ----a-w- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
2015-02-24 04:48:18 3241984 ----a-w- C:\Windows\System32\msi.dll
2015-02-24 04:48:17 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2015-02-24 04:48:17 1941504 ----a-w- C:\Windows\System32\authui.dll
2015-02-24 04:48:16 70144 ----a-w- C:\Windows\System32\appinfo.dll
2015-02-24 04:48:16 504320 ----a-w- C:\Windows\System32\msihnd.dll
2015-02-24 04:48:16 337408 ----a-w- C:\Windows\SysWow64\msihnd.dll
2015-02-24 04:48:16 1805824 ----a-w- C:\Windows\SysWow64\authui.dll
2015-02-24 04:48:16 112064 ----a-w- C:\Windows\System32\consent.exe
2015-02-24 04:47:23 156824 ----a-w- C:\Windows\SysWow64\mscorier.dll
2015-02-24 04:47:23 156312 ----a-w- C:\Windows\System32\mscorier.dll
2015-02-24 04:47:23 1131664 ----a-w- C:\Windows\SysWow64\dfshim.dll
2015-02-24 04:47:22 81560 ----a-w- C:\Windows\SysWow64\mscories.dll
2015-02-24 04:47:22 73880 ----a-w- C:\Windows\System32\mscories.dll
2015-02-24 04:47:22 1943696 ----a-w- C:\Windows\System32\dfshim.dll
2015-02-24 04:46:04 376768 ----a-w- C:\Windows\System32\drivers\netio.sys
2015-02-24 04:46:04 288192 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2015-02-24 04:46:04 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2015-02-24 04:44:52 335360 ----a-w- C:\Windows\System32\msieftp.dll
2015-02-24 04:43:35 3722752 ----a-w- C:\Windows\System32\mstscax.dll
2015-02-24 04:41:59 46080 ----a-w- C:\Windows\System32\atmlib.dll
2015-02-24 04:40:44 202752 ----a-w- C:\Windows\System32\scrrun.dll
2015-02-24 04:38:40 112640 ----a-w- C:\Windows\System32\smss.exe
2015-02-24 04:37:37 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2015-02-24 04:37:37 2048 ----a-w- C:\Windows\System32\tzres.dll
2015-02-24 04:35:54 404480 ----a-w- C:\Windows\System32\gdi32.dll
2015-02-24 04:34:58 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2015-02-24 04:33:58 68608 ----a-w- C:\Windows\System32\taskhost.exe
2015-02-24 04:18:52 -------- d-----w- C:\Users\Tsunami Dream\AppData\Local\WindowsUpdate
2015-02-24 04:08:04 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2015-02-24 04:08:04 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
2015-02-24 03:57:42 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2015-02-24 03:57:42 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2015-02-24 03:57:41 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2015-02-24 03:47:57 15360 ----a-w- C:\Windows\System32\drivers\pneteth.sys
2015-02-24 03:47:56 -------- d-----w- C:\Program Files (x86)\PdaNet for Android
2015-02-24 03:19:39 -------- d-----w- C:\Windows\Panther
2015-02-24 03:13:10 -------- d-----w- C:\Windows.old
2015-02-23 01:57:35 -------- d-----w- C:\Desktop
2015-02-22 21:50:24 303616 ----a-w- C:\Windows\IsUninst.exe
2015-02-22 12:04:37 -------- d-----w- C:\Program Files (x86)\Xpadder
2015-02-21 20:38:39 -------- d-----w- C:\Bethesda
2015-02-21 14:47:59 -------- d-----w- C:\Program Files (x86)\Common Files\Stardock
2015-02-21 14:07:14 -------- d-----w- C:\Program Files\Auslogics
2015-02-21 13:24:12 -------- d-----w- C:\Transfer
2015-02-21 13:13:54 77656 ----a-w- C:\Windows\System32\XAPOFX1_5.dll
2015-02-21 13:13:54 74072 ----a-w- C:\Windows\SysWow64\XAPOFX1_5.dll
2015-02-21 13:13:54 527192 ----a-w- C:\Windows\SysWow64\XAudio2_7.dll
2015-02-21 13:13:54 518488 ----a-w- C:\Windows\System32\XAudio2_7.dll
2015-02-21 13:13:53 239960 ----a-w- C:\Windows\SysWow64\xactengine3_7.dll
2015-02-21 13:13:53 1907552 ----a-w- C:\Windows\System32\d3dcsx_43.dll
2015-02-21 13:13:53 1868128 ----a-w- C:\Windows\SysWow64\d3dcsx_43.dll
2015-02-21 13:13:53 176984 ----a-w- C:\Windows\System32\xactengine3_7.dll
2015-02-21 13:12:37 -------- d-----w- C:\Windows\SysWow64\directx
2015-02-05 02:55:44 1113088 ----a-w- C:\Windows\System32\rdpcorets.dll
2015-02-03 04:13:33 -------- d-----w- C:\Windows\System32\SPReview
2015-02-03 04:13:17 -------- d-----w- C:\Windows\System32\EventProviders
2015-02-03 04:09:19 95744 ----a-w- C:\Windows\System32\RDVGHelper.exe
2015-02-03 04:09:19 133632 ----a-w- C:\Windows\System32\tssrvlic.dll
2015-02-03 04:09:11 162816 ----a-w- C:\Windows\System32\rdpudd.dll
2015-02-03 04:09:08 79232 ----a-w- C:\Windows\SysWow64\rdvgumd32.dll
2015-02-03 04:09:04 53248 ----a-w- C:\Windows\System32\LSCSHostPolicy.dll
2015-02-03 04:09:02 299520 ----a-w- C:\Windows\System32\rdpshell.exe
2015-02-03 04:08:57 169984 ----a-w- C:\Windows\System32\tspubwmi.dll
2015-02-03 04:08:56 109056 ----a-w- C:\Windows\System32\drivers\UMDF\usbdr.dll
2015-02-03 04:08:55 178176 ----a-w- C:\Windows\System32\rdpinit.exe
2015-02-03 04:08:43 66048 ----a-w- C:\Windows\System32\rdpsign.exe
2015-02-03 04:08:37 20992 ----a-w- C:\Windows\System32\drivers\rdpvideominiport.sys
2015-02-03 04:08:28 184320 ----a-w- C:\Windows\System32\fvecpl.dll
2015-02-03 04:08:05 130560 ----a-w- C:\Windows\System32\BdeHdCfg.exe
2015-02-03 04:07:53 6144 ----a-w- C:\Windows\System32\drivers\en-US\rdvgkmd.sys.mui
2015-02-03 04:07:53 4096 ----a-w- C:\Windows\System32\drivers\en-US\tsusbhub.sys.mui
2015-02-02 11:00:26 -------- d-----w- C:\Program Files (x86)\MSXML 4.0
2015-02-01 23:22:00 -------- d-----w- C:\Program Files (x86)\Codelobster Software
2015-02-01 10:50:40 -------- d-----w- C:\Program Files (x86)\Tor Browser
2015-02-01 10:03:58 -------- d-----w- C:\Program Files\CCleaner
.
==================== Find3M ====================
.
2015-02-24 07:35:04 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2015-02-05 21:01:44 995248 ----a-w- C:\Windows\System32\nvumdshimx.dll
2015-02-04 03:16:29 609280 ----a-w- C:\Windows\System32\generaltel.dll
2015-02-04 03:16:20 762368 ----a-w- C:\Windows\System32\invagent.dll
2015-02-04 03:16:16 414720 ----a-w- C:\Windows\System32\devinv.dll
2015-02-04 03:16:14 894976 ----a-w- C:\Windows\System32\appraiser.dll
2015-02-04 03:16:13 227328 ----a-w- C:\Windows\System32\aepdu.dll
2015-02-04 03:16:13 192000 ----a-w- C:\Windows\System32\aepic.dll
2015-02-04 03:13:28 1098752 ----a-w- C:\Windows\System32\aeinv.dll
2015-01-27 23:36:21 1239720 ----a-w- C:\Windows\System32\aitstatic.exe
2015-01-15 08:14:17 155072 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-01-15 08:14:16 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-01-15 08:09:58 29184 ----a-w- C:\Windows\System32\sspisrv.dll
2015-01-15 08:09:58 136192 ----a-w- C:\Windows\System32\sspicli.dll
2015-01-15 08:09:57 28160 ----a-w- C:\Windows\System32\secur32.dll
2015-01-15 08:09:51 1461760 ----a-w- C:\Windows\System32\lsasrv.dll
2015-01-15 08:09:15 31232 ----a-w- C:\Windows\System32\lsass.exe
2015-01-15 08:08:59 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-01-15 08:06:22 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-01-15 08:06:11 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-01-15 08:04:23 686080 ----a-w- C:\Windows\System32\adtschema.dll
2015-01-15 07:42:59 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2015-01-15 07:42:05 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-01-15 07:41:53 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2015-01-15 07:39:53 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2015-01-15 07:39:36 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2015-01-15 07:37:55 686080 ----a-w- C:\Windows\SysWow64\adtschema.dll
2015-01-15 04:22:18 458824 ----a-w- C:\Windows\System32\drivers\cng.sys
2015-01-12 03:05:32 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2015-01-12 03:05:19 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2015-01-12 02:49:42 66560 ----a-w- C:\Windows\System32\iesetup.dll
2015-01-12 02:48:57 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2015-01-12 02:48:52 584192 ----a-w- C:\Windows\System32\vbscript.dll
2015-01-12 02:47:25 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2015-01-12 02:34:42 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-01-12 02:34:30 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2015-01-12 02:25:28 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-01-12 02:21:19 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-01-12 02:08:09 503296 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-01-12 02:07:51 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-01-12 02:07:06 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2015-01-12 02:05:36 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2015-01-12 01:55:47 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-01-12 01:46:29 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2015-01-12 01:46:00 2125824 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-01-12 01:40:43 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-01-12 01:27:32 2358272 ----a-w- C:\Windows\System32\wininet.dll
2015-01-12 01:23:09 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-01-12 01:22:17 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2015-01-12 01:00:17 1888256 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-01-10 06:48:22 210944 ----a-w- C:\Windows\System32\wdigest.dll
2015-01-10 06:48:19 86528 ----a-w- C:\Windows\System32\TSpkg.dll
2015-01-10 06:48:17 341504 ----a-w- C:\Windows\System32\schannel.dll
2015-01-10 06:48:13 309760 ----a-w- C:\Windows\System32\ncrypt.dll
2015-01-10 06:48:12 314880 ----a-w- C:\Windows\System32\msv1_0.dll
2015-01-10 06:48:10 728064 ----a-w- C:\Windows\System32\kerberos.dll
2015-01-10 06:48:05 22016 ----a-w- C:\Windows\System32\credssp.dll
2015-01-10 06:27:54 172032 ----a-w- C:\Windows\SysWow64\wdigest.dll
2015-01-10 06:27:51 65536 ----a-w- C:\Windows\SysWow64\TSpkg.dll
2015-01-10 06:27:47 248832 ----a-w- C:\Windows\SysWow64\schannel.dll
2015-01-10 06:27:44 221184 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2015-01-10 06:27:43 259584 ----a-w- C:\Windows\SysWow64\msv1_0.dll
2015-01-10 06:27:39 550912 ----a-w- C:\Windows\SysWow64\kerberos.dll
2015-01-10 06:27:32 17408 ----a-w- C:\Windows\SysWow64\credssp.dll
2015-01-09 02:03:01 3201536 ----a-w- C:\Windows\System32\win32k.sys
2015-01-04 08:43:53 276256 ----a-w- C:\Windows\System32\drivers\snapman.sys
2015-01-04 08:43:52 118560 ----a-w- C:\Windows\System32\drivers\fltsrv.sys
2015-01-04 05:56:32 0 ----a-w- C:\Windows\System32\BDSandBoxUISkin32.dll
2015-01-04 05:56:32 0 ----a-w- C:\Windows\System32\BDSandBoxUISkin.dll
2015-01-04 05:56:32 0 ----a-w- C:\Windows\System32\BDSandBoxUH.dll
2014-12-23 08:41:02 298120 ------w- C:\Windows\System32\MpSigStub.exe
2014-12-20 02:52:12 71344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-12-20 02:52:12 701104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2014-12-19 03:06:55 210432 ----a-w- C:\Windows\System32\profsvc.dll
2014-12-19 01:46:45 141312 ----a-w- C:\Windows\System32\drivers\mrxdav.sys
2014-12-12 05:31:39 1480192 ----a-w- C:\Windows\System32\crypt32.dll
2014-12-12 05:07:26 1174528 ----a-w- C:\Windows\SysWow64\crypt32.dll
2014-12-11 23:13:22 2526056 ----a-w- C:\Windows\System32\D3DCompiler_43.dll
2014-12-11 23:13:22 2106216 ----a-w- C:\Windows\SysWow64\D3DCompiler_43.dll
2014-12-11 17:47:12 52736 ----a-w- C:\Windows\System32\TSWbPrxy.exe
2014-12-08 03:09:05 406528 ----a-w- C:\Windows\System32\scesrv.dll
2014-12-08 02:46:05 308224 ----a-w- C:\Windows\SysWow64\scesrv.dll
2014-12-06 04:17:27 303616 ----a-w- C:\Windows\System32\nlasvc.dll
2014-12-06 03:50:19 52224 ----a-w- C:\Windows\SysWow64\nlaapi.dll
2014-12-06 03:50:18 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
.
============= FINISH: 13:33:27.43 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume2
Install Date: 2/23/2015 7:38:37 PM
System Uptime: 3/1/2015 1:11:58 PM (0 hours ago)
.
Motherboard: ASRock | | Z77 Extreme4
Processor: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz | CPUSocket | 3201/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 1397 GiB total, 1222.095 GiB free.
D: is FIXED (NTFS) - 0 GiB total, 0.063 GiB free.
E: is CDROM ()
F: is Removable
G: is FIXED (NTFS) - 1863 GiB total, 584.036 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: qrnfd_1_10_0_9
Device ID: ROOT\LEGACY_QRNFD_1_10_0_9\0000
Manufacturer:
Name: qrnfd_1_10_0_9
PNP Device ID: ROOT\LEGACY_QRNFD_1_10_0_9\0000
Service: qrnfd_1_10_0_9
.
Class GUID:
Description: SM Bus Controller
Device ID: PCI\VEN_8086&DEV_1E22&SUBSYS_1E221849&REV_04\3&11583659&0&FB
Manufacturer:
Name: SM Bus Controller
PNP Device ID: PCI\VEN_8086&DEV_1E22&SUBSYS_1E221849&REV_04\3&11583659&0&FB
Service:
.
Class GUID:
Description: Ethernet Controller
Device ID: PCI\VEN_14E4&DEV_16B1&SUBSYS_96B11849&REV_10\4&2B8260C3&0&00E4
Manufacturer:
Name: Ethernet Controller
PNP Device ID: PCI\VEN_14E4&DEV_16B1&SUBSYS_96B11849&REV_10\4&2B8260C3&0&00E4
Service:
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft ISATAP Adapter
Device ID: ROOT\*ISATAP\0000
Manufacturer: Microsoft
Name: Microsoft ISATAP Adapter
PNP Device ID: ROOT\*ISATAP\0000
Service: tunnel
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: Microsoft Teredo Tunneling Adapter
Device ID: ROOT\*TEREDO\0000
Manufacturer: Microsoft
Name: Teredo Tunneling Pseudo-Interface
PNP Device ID: ROOT\*TEREDO\0000
Service: tunnel
.
Class GUID:
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_8086&DEV_1E31&SUBSYS_1E311849&REV_04\3&11583659&0&A0
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_8086&DEV_1E31&SUBSYS_1E311849&REV_04\3&11583659&0&A0
Service:
.
Class GUID:
Description: Universal Serial Bus (USB) Controller
Device ID: PCI\VEN_1B21&DEV_1042&SUBSYS_10421849&REV_00\4&37A73C8A&0&00E7
Manufacturer:
Name: Universal Serial Bus (USB) Controller
PNP Device ID: PCI\VEN_1B21&DEV_1042&SUBSYS_10421849&REV_00\4&37A73C8A&0&00E7
Service:
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: cherimoya
Device ID: ROOT\LEGACY_CHERIMOYA\0000
Manufacturer:
Name: cherimoya
PNP Device ID: ROOT\LEGACY_CHERIMOYA\0000
Service: cherimoya
.
==== System Restore Points ===================
.
RP33: 3/1/2015 1:07:18 PM - Intel® Driver Update Utility
.
==== Installed Programs ======================
.
Adobe Reader XI (11.0.10)
Adobe Refresh Manager
Cisco Packet Tracer 6.1.1 Instructor
ExpressFiles
Intel(R) Driver Update Utility 2.0
Intel(R) Processor Graphics
Intel® Driver Update Utility
Microsoft .NET Framework 4.5.2
Microsoft ASP.NET MVC 4 Runtime
Microsoft Office 365 ProPlus - en-us
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
Mozilla Firefox 36.0 (x86 en-US)
Mozilla Maintenance Service
NVIDIA 3D Vision Controller Driver 347.09
NVIDIA 3D Vision Driver 347.52
NVIDIA Control Panel 347.52
NVIDIA GeForce Experience 2.1.5
NVIDIA GeForce Experience Service
NVIDIA Graphics Driver 347.52
NVIDIA HD Audio Driver 1.3.33.0
NVIDIA Install Application
NVIDIA LED Visualizer 1.0
NVIDIA Network Service
NVIDIA PhysX
NVIDIA PhysX System Software 9.14.0702
NVIDIA ShadowPlay 16.18.9
NVIDIA Stereoscopic 3D Driver
NVIDIA Update 16.18.9
NVIDIA Update Core
NVIDIA Virtual Audio 1.2.27
Office 15 Click-to-Run Extensibility Component
Office 15 Click-to-Run Licensing Component
Office 15 Click-to-Run Localization Component
Pavtube Video Converter Ultimate Ver 4.5.0.5225
PdaNet+ for Android 4.17
Revo Uninstaller Pro 3.0.7
Security Update for Microsoft .NET Framework 4.5.2 (KB2972107)
Security Update for Microsoft .NET Framework 4.5.2 (KB2972216)
Security Update for Microsoft .NET Framework 4.5.2 (KB2978128)
Security Update for Microsoft .NET Framework 4.5.2 (KB2979578v2)
SHIELD Streaming
SHIELD Wireless Controller Driver
Steam
The Elder Scrolls III: Morrowind
The Elder Scrolls V: Skyrim
VLC media player
.
==== Event Viewer Messages From Past Week ========
.
3/1/2015 9:58:41 AM, Error: Service Control Manager [7031] - The Update Browser Good service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
3/1/2015 9:58:34 AM, Error: Service Control Manager [7031] - The Util Browser Good service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
3/1/2015 9:53:58 AM, Error: Service Control Manager [7030] - The YouTube Downloader Services (A3) service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
3/1/2015 9:53:33 AM, Error: Service Control Manager [7034] - The BasementDuster service terminated unexpectedly. It has done this 4 time(s).
3/1/2015 9:52:58 AM, Error: Service Control Manager [7034] - The BasementDuster service terminated unexpectedly. It has done this 3 time(s).
3/1/2015 9:52:32 AM, Error: Service Control Manager [7034] - The BasementDuster service terminated unexpectedly. It has done this 2 time(s).
3/1/2015 9:50:42 AM, Error: Service Control Manager [7031] - The BasementDuster service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 200 milliseconds: Restart the service.
3/1/2015 3:28:50 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for DeleteFlag with the following error: Access is denied.
3/1/2015 3:28:48 AM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
3/1/2015 12:54:23 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Spybot-S&D 2 Scanner Service service to connect.
3/1/2015 12:54:23 AM, Error: Service Control Manager [7000] - The Spybot-S&D 2 Scanner Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/1/2015 11:34:24 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.
3/1/2015 10:42:38 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
3/1/2015 10:42:38 AM, Error: Service Control Manager [7000] - The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
3/1/2015 10:39:03 AM, Error: Service Control Manager [7030] - The Windows Virtual Network (WVN3) service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
3/1/2015 10:16:24 AM, Error: Service Control Manager [7034] - The csrcc service terminated unexpectedly. It has done this 1 time(s).
3/1/2015 10:16:24 AM, Error: Service Control Manager [7034] - The 70F4EEDB-1367-4b4f-8247-3133551A7415 service terminated unexpectedly. It has done this 1 time(s).
3/1/2015 10:12:55 AM, Error: Service Control Manager [7031] - The NeBeDrw service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/1/2015 1:32:32 AM, Error: Service Control Manager [7031] - The Spybot-S&D 2 Updating Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/1/2015 1:32:24 AM, Error: Service Control Manager [7031] - The Spybot-S&D 2 Scanner Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
3/1/2015 1:14:30 PM, Error: Service Control Manager [7000] - The globalUpdate Update Service (globalUpdate) service failed to start due to the following error: The system cannot find the file specified.
3/1/2015 1:12:29 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: cherimoya qrnfd_1_10_0_9
2/28/2015 4:03:57 PM, Error: Service Control Manager [7030] - The Privoxy (PrivoxyService) service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
2/27/2015 5:33:07 PM, Error: Service Control Manager [7000] - The bdfwfpf service failed to start due to the following error: The system cannot find the file specified.
2/27/2015 3:48:01 PM, Error: Service Control Manager [7034] - The Live Malware Protection service terminated unexpectedly. It has done this 1 time(s).
2/24/2015 3:41:57 AM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Internet Explorer 8 Compatibility View List for Windows 7 for x64-based Systems (KB2598845).
2/24/2015 3:37:09 AM, Error: Service Control Manager [7023] -
2/24/2015 3:29:15 AM, Error: Service Control Manager [7034] - The NVIDIA Network Service service terminated unexpectedly. It has done this 1 time(s).
2/24/2015 3:29:13 AM, Error: Service Control Manager [7034] - The NVIDIA Stereoscopic 3D Driver Service service terminated unexpectedly. It has done this 1 time(s).
2/24/2015 3:29:08 AM, Error: Service Control Manager [7043] - The Windows Modules Installer service did not shut down properly after receiving a preshutdown control.
2/23/2015 10:01:30 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
2/23/2015 10:01:30 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================
19rlowe81
Active Member
 
Posts: 12
Joined: March 1st, 2015, 5:38 pm
Advertisement
Register to Remove

Re: Stupid "CouponDropDown" Bug! Arrrrrgggghhhh!

Unread postby Gary R » March 2nd, 2015, 1:14 am

Looking over your logs, back soon.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Stupid "CouponDropDown" Bug! Arrrrrgggghhhh!

Unread postby Gary R » March 2nd, 2015, 1:25 am

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the "Infected? Virus, malware, adware, ransomware, oh my!" forum and wait for help.


Unless informed of in advance, failure to post replies within 3 days will result in this thread being closed.


Hi 19rlowe81

I'm Gary R,

Before we start: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

As an added safety precaution, before we start removing anything, I'd like you to make a backup of your Registry, which we can restore to if necessary.

Please click on THIS link, and follow the instructions for installing TCRB and creating a backup of your Registry.

Please observe these rules while we work:
  • Do not edit your logs in any way whatsoever.
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.
  • As you're using Windows 7, it will be necessary to right click all tools we use and select ----> Run as Administrator

It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


There's one or two things showing in your DDS log that need attending to, but before we do that I need you to run some additional scans for me, so that I've got a more complete picture of what we're dealing with.

First ...

Please download AdwCleaner and save it to your desktop.

  • Double click AdwCleaner.exe to run it.
  • Click Scan.
  • A logfile will automatically open after the scan has finished.
  • Close the adwCleaner window, click ok to the prompt.
  • Please post the contents of that logfile with your next reply.
  • You can also find the logfile at C:\AdwCleaner[R1].txt.

AT THIS POINT, DO NOT ATTEMPT TO CLEAN ANYTHING THAT MAY BE FOUND

Next ...

  • Download FRST64 to your Desktop.
  • Double click Frst64.exe to launch it.
  • FRST will start to run.
    • When the tool opens click Yes to disclaimer.
    • Press the Scan button.
    • When finished scanning 2 logs will open on your Desktop, FRST.txt and Addition.txt
    • Please post them in your next reply.

Next ...

I'd now like you to run a search for me using FRST ...

  • Double click Frst64.exe to launch it.
  • FRST will start to run.
    • When the tool opens click Yes to the disclaimer.
    • Copy/Paste or Type the following line into the Search: box.
    Fun4IM;Bandoo;Searchnu;Searchqu;iLivid;whitesmoke;datamngr;kelkoopartners;trolltech;babylon;conduit;swellsearch;globalUpdate;smartweb

    • Press the Search Registry button.
    • When finished searching a log will open on your Desktop ... Search.txt
    • Please post it in your next reply.

Summary of the logs I need from you in your next post:
  • ADWCleaner log
  • FRST.txt
  • Addition.txt
  • Search.txt


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Stupid "CouponDropDown" Bug! Arrrrrgggghhhh!

Unread postby 19rlowe81 » March 2nd, 2015, 2:16 am

Hi Gary, thanks in advance for your help. Here are the logs that you requested. I should note that since my first post, I picked up Microsoft Security Essentials, Emsisoft Anti-Malware and Spyhunter 4. So I should be well protected from now on. Yes, I know I should have been using something of the sort from the beginning, but I suppose we can call it a lesson well learned.

# AdwCleaner v4.111 - Logfile created 01/03/2015 at 22:01:04
# Updated 18/02/2015 by Xplode
# Database : 2015-02-18.3 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Tsunami Dream - TSUNAMIDREAM-PC
# Running from : C:\Users\Tsunami Dream\Desktop\adwcleaner_4.111.exe
# Option : Scan

***** [ Services ] *****

Service Found : cherimoya
Service Found : {ca032d0a-a16a-4ca5-8bc6-c3c5a2d19d37}Gw64

***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Users\Tsunami Dream\AppData\Roaming\Mozilla\Firefox\Profiles\h49uz3c2.default\user.js
File Found : C:\Users\Tsunami Dream\Desktop\Continue Live Installation.lnk
File Found : C:\Windows\patsearch.bin
File Found : C:\Windows\System32\drivers\{ca032d0a-a16a-4ca5-8bc6-c3c5a2d19d37}Gw64.sys
Folder Found : C:\Program Files (x86)\ExpressFiles
Folder Found : C:\ProgramData\6467701552656366573
Folder Found : C:\ProgramData\9f98403200003a4e
Folder Found : C:\ProgramData\a9195fc000006777
Folder Found : C:\Users\Tsunami Dream\AppData\Local\globalUpdate
Folder Found : C:\Users\Tsunami Dream\AppData\Roaming\AnyProtectEx
Folder Found : C:\Users\Tsunami Dream\AppData\Roaming\ExpressFiles

***** [ Scheduled tasks ] *****

Task Found : Express FilesUpdate
Task Found : ProPCCleaner_Start

***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>
Key Found : HKCU\Software\AnyProtect
Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Found : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\DynConIE
Key Found : HKCU\Software\ExpressFiles
Key Found : HKCU\Software\GlobalUpdate
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\ExpressFiles
Key Found : HKCU\Software\ProPCCleanerConfig
Key Found : HKCU\Software\ProPCCleanerLanguage
Key Found : HKCU\Software\StormWatchApp
Key Found : HKCU\Software\Super Optimizer
Key Found : [x64] HKCU\Software\AnyProtect
Key Found : [x64] HKCU\Software\ExpressFiles
Key Found : [x64] HKCU\Software\GlobalUpdate
Key Found : [x64] HKCU\Software\ProPCCleanerConfig
Key Found : [x64] HKCU\Software\ProPCCleanerLanguage
Key Found : [x64] HKCU\Software\StormWatchApp
Key Found : [x64] HKCU\Software\Super Optimizer
Key Found : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Found : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Found : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{5157DEF6-4D45-4AE0-982B-227A3458A01B}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Found : HKLM\SOFTWARE\ExpressFiles
Key Found : HKLM\SOFTWARE\GlobalUpdate
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Key Found : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Key Found : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Key Found : HKLM\SOFTWARE\Tutorials
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17631


-\\ Mozilla Firefox v36.0 (x86 en-US)

[h49uz3c2.default] - Line Found : user_pref("browser.search.defaultenginename,S", "WebSearch");
[h49uz3c2.default] - Line Found : user_pref("browser.search.defaulturl", "hxxp://websearch.swellsearch.info/?pid=3458&r=2015/03/01&hid=17527313840990002891&lg=EN&cc=HK&unqvl=84&l=1&q=");
[h49uz3c2.default] - Line Found : user_pref("browser.search.hiddenOneOffs", "WebSearch,Amazon.com,eBay");
[h49uz3c2.default] - Line Found : user_pref("browser.search.order.1", "WebSearch");
[h49uz3c2.default] - Line Found : user_pref("browser.search.order.1,S", "WebSearch");
[h49uz3c2.default] - Line Found : user_pref("browser.search.selectedEngine,S", "WebSearch");
[h49uz3c2.default] - Line Found : user_pref("extensions.08t0JarCu5YvPH5M.scode", "(function(){try{if(window.self.location.href.indexOf(\"rjC8rTCHrjr5qda4pjaErds5pjw\")>-1){return;}}catch(e){}try{var d=[[\"acebook\",\"flybrain.com\",\"[...]
[h49uz3c2.default] - Line Found : user_pref("extensions.674fbuEAq23mvzp8.scode", "(function(){try{if(window.self.location.href.indexOf(\"rjC8rTCHrjr5qda4pjaErds5pjw\")>-1){return;}}catch(e){}try{var d=[[\"acebook\",\"flybrain.com\",\"[...]
*************************

AdwCleaner[R0].txt - [8679 bytes] - [01/03/2015 22:01:04]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [8738 bytes] ##########
19rlowe81
Active Member
 
Posts: 12
Joined: March 1st, 2015, 5:38 pm

Re: Stupid "CouponDropDown" Bug! Arrrrrgggghhhh!

Unread postby 19rlowe81 » March 2nd, 2015, 2:19 am

First.txt:

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 29-02-2015
Ran by Tsunami Dream (administrator) on TSUNAMIDREAM-PC on 01-03-2015 22:04:27
Running from C:\Users\Tsunami Dream\Desktop
Loaded Profiles: Tsunami Dream (Available profiles: Tsunami Dream)
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe
(Enigma Software Group USA, LLC.) C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
() C:\Program Files (x86)\ExpressFiles\EFUpdater.exe
(Enigma Software Group USA, LLC.) C:\Program Files (x86)\Enigma Software Group\SpyHunter\SpyHunter4.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
() C:\Users\Tsunami Dream\AppData\Roaming\03000200-1425202495-0500-0006-000700080009\nstC89C.tmpfs
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
() C:\Users\Tsunami Dream\AppData\Roaming\03000200-1425202495-0500-0006-000700080009\jnsiF617.tmp
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(MicroStudio) C:\Program Files (x86)\Windows Network Accelerater\v3\winvxm.exe
(Microsoftware) C:\Program Files (x86)\YouTube-Downloader\A3\youtubeserv.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
() C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Emsisoft GmbH) C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
( ) C:\Users\Tsunami Dream\AppData\Roaming\03000200-1425202495-0500-0006-000700080009\vnsyB811.tmp
() C:\Users\Tsunami Dream\Desktop\adwcleaner_4.111.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2531472 2014-12-12] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1332296 2015-01-30] (Microsoft Corporation)
HKLM-x32\...\Run: [gmsd_us_268] => [X]
HKLM-x32\...\Run: [emsisoft anti-malware] => c:\program files (x86)\emsisoft anti-malware\a2guard.exe [4997872 2015-03-01] (Emsisoft GmbH)
HKLM\...\Policies\Explorer: [NoThumbnailCache] 1
HKLM\...\Policies\Explorer: [DisableThumbnailsOnNetworkFolders] 1
HKLM\...\Policies\Explorer: [NoRecentDocsHistory] 1
HKU\S-1-5-21-2140818859-1863541225-2881176698-1000\...\Run: [ASRockXTU] => [X]
HKU\S-1-5-21-2140818859-1863541225-2881176698-1000\...\Policies\Explorer: [NoSMHelp] 1
HKU\S-1-5-21-2140818859-1863541225-2881176698-1000\...\Policies\Explorer: [StartMenuLogOff] 1
HKU\S-1-5-21-2140818859-1863541225-2881176698-1000\...\MountPoints2: {01c3614d-bbd4-11e4-9b51-806e6f6e6963} - E:\SETUP.EXE
Startup: C:\Users\Tsunami Dream\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PdaNet Desktop.lnk
ShortcutTarget: PdaNet Desktop.lnk -> C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe ()
ShellIconOverlayIdentifiers: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = Firefox start page
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = Firefox start page
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = 0x00
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-2140818859-1863541225-2881176698-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
HKU\S-1-5-21-2140818859-1863541225-2881176698-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://Mozilla Firefox Start Page/
SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.swellsearch.info/?l=1&q={searchTerms}&pid=3458&r=2015/03/01&hid=17527313840990002891&lg=EN&cc=HK&unqvl=84
SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.swellsearch.info/?l=1&q={searchTerms}&pid=3458&r=2015/03/01&hid=17527313840990002891&lg=EN&cc=HK&unqvl=84
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
Winsock: Catalog9 01 C:\Windows\SysWOW64\BDL.dll [318808] (OM Inc.)
Winsock: Catalog9 02 C:\Windows\SysWOW64\BDL.dll [318808] (OM Inc.)
Winsock: Catalog9 03 C:\Windows\SysWOW64\BDL.dll [318808] (OM Inc.)
Winsock: Catalog9 04 C:\Windows\SysWOW64\BDL.dll [318808] (OM Inc.)
Winsock: Catalog9 15 C:\Windows\SysWOW64\BDL.dll [318808] (OM Inc.)
Tcpip\Parameters: [DhcpNameServer] 8.8.8.8

FireFox:
========
FF ProfilePath: C:\Users\Tsunami Dream\AppData\Roaming\Mozilla\Firefox\Profiles\h49uz3c2.default
FF DefaultSearchEngine,S: WebSearch
FF DefaultSearchUrl: hxxp://websearch.swellsearch.info/?pid= ... =84&l=1&q=
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.1,S: WebSearch
FF SelectedSearchEngine: Google
FF SelectedSearchEngine,S: WebSearch
FF Keyword.URL: https://www.google.com/search?q=
FF NetworkProxy: "type", 0
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=10 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: @staging.google.com/globalUpdate Update;version=4 -> C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF user.js: detected! => C:\Users\Tsunami Dream\AppData\Roaming\Mozilla\Firefox\Profiles\h49uz3c2.default\user.js
FF Extension: LastPass - C:\Users\Tsunami Dream\AppData\Roaming\Mozilla\Firefox\Profiles\h49uz3c2.default\Extensions\support@lastpass.com [2015-02-23]
FF Extension: Google search link fix - C:\Users\Tsunami Dream\AppData\Roaming\Mozilla\Firefox\Profiles\h49uz3c2.default\Extensions\jid0-XWJxt5VvCXkKzQK99PhZqAn7Xbg@jetpack.xpi [2015-03-01]
FF Extension: Google Untracker - C:\Users\Tsunami Dream\AppData\Roaming\Mozilla\Firefox\Profiles\h49uz3c2.default\Extensions\jid1-0PPAg3kpBlAJHA@jetpack.xpi [2015-03-01]
FF Extension: Happy Bonobo: Disable WebRTC - C:\Users\Tsunami Dream\AppData\Roaming\Mozilla\Firefox\Profiles\h49uz3c2.default\Extensions\jid1-5Fs7iTLscUaZBgwr@jetpack.xpi [2015-03-01]
FF Extension: AdBlock for Firefox - C:\Users\Tsunami Dream\AppData\Roaming\Mozilla\Firefox\Profiles\h49uz3c2.default\Extensions\jid1-NIfFY2CA8fy1tg@jetpack.xpi [2015-03-01]
FF Extension: Private Tab - C:\Users\Tsunami Dream\AppData\Roaming\Mozilla\Firefox\Profiles\h49uz3c2.default\Extensions\privateTab@infocatcher.xpi [2015-03-01]
FF Extension: Firefox Helper - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\8c2ecf7011b253f473e5f961c4c02d27 [2015-03-01]

Chrome:
=======
CHR dev: Chrome dev build detected! <======= ATTENTION

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [4920104 2015-03-01] (Emsisoft GmbH)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2711736 2015-01-13] (Microsoft Corporation)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148560 2014-12-12] (NVIDIA Corporation)
R2 guxuqowo; C:\Users\Tsunami Dream\AppData\Roaming\03000200-1425202495-0500-0006-000700080009\jnsiF617.tmp [174592 2015-03-01] () [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319080 2015-01-08] (Intel Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23784 2015-01-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366512 2015-01-30] (Microsoft Corporation)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1701520 2014-12-12] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19823248 2014-12-12] (NVIDIA Corporation)
R2 SpyHunter 4 Service; C:\Program Files (x86)\Enigma Software Group\SpyHunter\SH4Service.exe [327064 2010-05-18] (Enigma Software Group USA, LLC.)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 WindowsVNT_R3; C:\Program Files (x86)\Windows Network Accelerater\v3\winvxm.exe [2973600 2014-10-20] (MicroStudio) [File not signed]
R2 YouTubeDownload_A3; C:\Program Files (x86)\YouTube-Downloader\A3\youtubeserv.exe [2971224 2015-02-12] (Microsoftware)
R2 fuzefyby; C:\Users\Tsunami Dream\AppData\Roaming\03000200-1425202495-0500-0006-000700080009\nstC89C.tmpfs [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2015-03-01] (Emsisoft GmbH)
R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2015-03-01] (Emsisoft GmbH)
R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2015-03-01] (Emsisoft GmbH)
R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [23088 2015-03-01] (Emsisoft GmbH)
R0 AsrRamDisk; C:\Windows\System32\DRIVERS\AsrRamDisk.sys [31016 2012-01-13] (ASRock Inc.)
R3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2015-03-01] (Emsisoft GmbH)
S3 esgiguard; C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys [5248 2010-01-27] () [File not signed]
R3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [46568 2013-01-19] ()
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [274696 2014-11-15] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124560 2014-11-15] (Microsoft Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19600 2014-12-12] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38032 2014-11-22] (NVIDIA Corporation)
R1 {ca032d0a-a16a-4ca5-8bc6-c3c5a2d19d37}Gw64; C:\Windows\System32\drivers\{ca032d0a-a16a-4ca5-8bc6-c3c5a2d19d37}Gw64.sys [48792 2015-03-01] (StdLib)
S1 cherimoya; system32\drivers\cherimoya.sys [X]
S3 MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [X]
S1 qrnfd_1_10_0_9; system32\drivers\qrnfd_1_10_0_9.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-01 22:04 - 2015-03-01 22:04 - 00014885 _____ () C:\Users\Tsunami Dream\Desktop\FRST.txt
2015-03-01 22:04 - 2015-03-01 22:04 - 00000000 ____D () C:\FRST
2015-03-01 22:03 - 2015-03-01 22:03 - 02092544 _____ (Farbar) C:\Users\Tsunami Dream\Desktop\FRST64.exe
2015-03-01 22:00 - 2015-03-01 22:02 - 00000000 ____D () C:\AdwCleaner
2015-03-01 22:00 - 2015-03-01 22:00 - 02126848 _____ () C:\Users\Tsunami Dream\Desktop\adwcleaner_4.111.exe
2015-03-01 21:58 - 2015-03-01 21:58 - 00000000 _____ () C:\Users\Tsunami Dream\Documents\MalwareRemoval.com.txt
2015-03-01 21:52 - 2015-03-01 21:52 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-TSUNAMIDREAM-PC-Windows-7-Professional-(64-bit).dat
2015-03-01 21:51 - 2015-03-01 21:51 - 00000000 ____D () C:\RegBackup
2015-03-01 21:50 - 2015-03-01 21:50 - 04804736 _____ () C:\Users\Tsunami Dream\Downloads\tweaking.com_registry_backup_setup.exe
2015-03-01 21:50 - 2015-03-01 21:50 - 00002249 _____ () C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-03-01 21:50 - 2015-03-01 21:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-03-01 21:50 - 2015-03-01 21:50 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2015-03-01 20:19 - 2015-03-01 20:19 - 00249257 _____ () C:\spyhunter.fix
2015-03-01 19:55 - 2015-03-01 19:55 - 00002314 _____ () C:\Users\Tsunami Dream\Desktop\SpyHunter.lnk
2015-03-01 19:55 - 2015-03-01 19:55 - 00000000 ____D () C:\Windows\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
2015-03-01 19:55 - 2015-03-01 19:55 - 00000000 ____D () C:\Users\Tsunami Dream\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2015-03-01 19:55 - 2015-03-01 19:55 - 00000000 ____D () C:\sh4ldr
2015-03-01 19:55 - 2015-03-01 19:55 - 00000000 ____D () C:\Program Files (x86)\Enigma Software Group
2015-03-01 19:46 - 2015-03-01 19:46 - 00000144 _____ () C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-03-01 19:25 - 2015-03-01 19:25 - 00001105 _____ () C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2015-03-01 19:25 - 2015-03-01 19:25 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2015-03-01 19:24 - 2015-03-01 21:50 - 00000000 ____D () C:\Program Files (x86)\Emsisoft Anti-Malware
2015-03-01 19:24 - 2015-03-01 19:24 - 00000000 ____D () C:\Users\Tsunami Dream\Documents\Anti-Malware
2015-03-01 18:46 - 2015-03-01 20:28 - 00001130 _____ () C:\Windows\setupact.log
2015-03-01 18:46 - 2015-03-01 18:46 - 00000000 _____ () C:\Windows\setuperr.log
2015-03-01 17:04 - 2015-03-01 17:04 - 00066852 _____ () C:\Users\Tsunami Dream\Documents\cc_20150301_170432.reg
2015-03-01 16:42 - 2015-03-01 16:42 - 00000000 ____D () C:\inetpub
2015-03-01 16:39 - 2015-03-01 20:47 - 00007603 _____ () C:\Users\Tsunami Dream\AppData\Local\Resmon.ResmonCfg
2015-03-01 15:45 - 2015-03-01 15:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Asmedia Technology
2015-03-01 15:45 - 2015-03-01 15:45 - 00000000 ____D () C:\Program Files (x86)\ASM104xUSB3
2015-03-01 15:42 - 2015-03-01 15:42 - 00001240 _____ () C:\Users\Public\Desktop\ASRock eXtreme Tuner.lnk
2015-03-01 15:42 - 2015-03-01 15:42 - 00000000 ____D () C:\Users\Tsunami Dream\Downloads\AXTU(v0.1.257)
2015-03-01 15:42 - 2015-03-01 15:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASRock Utility
2015-03-01 15:42 - 2015-03-01 15:42 - 00000000 ____D () C:\Program Files\ASRock Utility
2015-03-01 15:42 - 2015-03-01 15:42 - 00000000 ____D () C:\Program Files (x86)\ASRock Utility
2015-03-01 15:42 - 2012-01-13 12:52 - 00031016 _____ (ASRock Inc.) C:\Windows\system32\Drivers\AsrRamDisk.sys
2015-03-01 15:41 - 2015-03-01 15:41 - 05255093 _____ () C:\Users\Tsunami Dream\Downloads\AXTU(v0.1.257).zip
2015-03-01 15:41 - 2015-03-01 15:41 - 04746651 _____ () C:\Users\Tsunami Dream\Downloads\USB3_ASMedia_Win7-64_Win7_Vista64_Vista_XP64_XP(v1.10.1.0).zip
2015-03-01 15:03 - 2015-03-01 15:03 - 00002127 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-03-01 15:03 - 2015-03-01 15:03 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-03-01 15:03 - 2015-03-01 15:03 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-03-01 15:03 - 2015-03-01 15:03 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-03-01 15:02 - 2015-03-01 15:02 - 14160536 _____ (Microsoft Corporation) C:\Users\Tsunami Dream\Downloads\mseinstall.exe
2015-03-01 14:52 - 2015-03-01 17:27 - 00001077 _____ () C:\Users\Tsunami Dream\Desktop\Continue Live Installation.lnk
2015-03-01 14:52 - 2015-03-01 14:52 - 00347816 _____ (Microsoft Corporation) C:\Users\Tsunami Dream\Downloads\MicrosoftFixit.malware.Run.exe
2015-03-01 13:34 - 2015-03-01 13:34 - 00036710 _____ () C:\Users\Tsunami Dream\Downloads\DDS.txt
2015-03-01 13:34 - 2015-03-01 13:34 - 00010947 _____ () C:\Users\Tsunami Dream\Downloads\Attach.txt
2015-03-01 13:33 - 2015-03-01 13:33 - 00036710 _____ () C:\Users\Tsunami Dream\Documents\dds.txt
2015-03-01 13:33 - 2015-03-01 13:33 - 00010947 _____ () C:\Users\Tsunami Dream\Documents\attach.txt
2015-03-01 13:31 - 2015-03-01 13:31 - 00688992 ____R (Swearware) C:\Users\Tsunami Dream\Documents\dds.scr
2015-03-01 13:31 - 2015-03-01 13:31 - 00688992 _____ (Swearware) C:\Users\Tsunami Dream\Downloads\dds.scr
2015-03-01 13:12 - 2015-03-01 13:12 - 00019924 _____ () C:\Windows\system32\results.xml
2015-03-01 13:11 - 2015-03-01 14:28 - 00000961 _____ () C:\Users\Tsunami Dream\Documents\New Document).txt
2015-03-01 13:11 - 2015-03-01 13:11 - 00000000 ____D () C:\Program Files\Intel
2015-03-01 13:10 - 2015-03-01 13:10 - 00000000 ____D () C:\ProgramData\IntelDLM
2015-03-01 13:10 - 2015-01-08 11:24 - 22905344 _____ (Intel Corporation) C:\Windows\system32\igdfcl64.dll
2015-03-01 13:10 - 2015-01-08 11:24 - 17837568 _____ (Intel Corporation) C:\Windows\SysWOW64\igdfcl32.dll
2015-03-01 13:10 - 2015-01-08 11:24 - 12183328 _____ (Intel Corporation) C:\Windows\system32\igd10iumd64.dll
2015-03-01 13:10 - 2015-01-08 11:24 - 11762552 _____ (Intel Corporation) C:\Windows\SysWOW64\igd10iumd32.dll
2015-03-01 13:10 - 2015-01-08 11:24 - 10896312 _____ (Intel Corporation) C:\Windows\system32\igdumdim64.dll
2015-03-01 13:10 - 2015-01-08 11:24 - 10435920 _____ (Intel Corporation) C:\Windows\SysWOW64\igdumdim32.dll
2015-03-01 13:10 - 2015-01-08 11:24 - 08507392 _____ (Intel Corporation) C:\Windows\system32\ig7icd64.dll
2015-03-01 13:10 - 2015-01-08 11:24 - 06491136 _____ (Intel Corporation) C:\Windows\SysWOW64\ig7icd32.dll
2015-03-01 13:10 - 2015-01-08 11:24 - 04580864 _____ (Intel Corporation) C:\Windows\system32\igdusc64.dll
2015-03-01 13:10 - 2015-01-08 11:24 - 04357224 _____ (Intel Corporation) C:\Windows\system32\Gfxv4_0.exe
2015-03-01 13:10 - 2015-01-08 11:24 - 04354152 _____ (Intel Corporation) C:\Windows\system32\Gfxv2_0.exe
2015-03-01 13:10 - 2015-01-08 11:24 - 03775928 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd64.sys
2015-03-01 13:10 - 2015-01-08 11:24 - 03621928 _____ (Intel Corporation) C:\Windows\SysWOW64\igdusc32.dll
2015-03-01 13:10 - 2015-01-08 11:24 - 02027008 _____ (Intel Corporation) C:\Windows\system32\igfxcmjit64.dll
2015-03-01 13:10 - 2015-01-08 11:24 - 01931776 _____ (Intel Corporation) C:\Windows\system32\igdrcl64.dll
2015-03-01 13:10 - 2015-01-08 11:24 - 01758208 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmjit32.dll
2015-03-01 13:10 - 2015-01-08 11:24 - 01731584 _____ (Intel Corporation) C:\Windows\SysWOW64\igdrcl32.dll
2015-03-01 13:10 - 2015-01-08 11:24 - 00959592 _____ (Intel Corporation) C:\Windows\system32\GfxUIEx.exe
2015-03-01 13:10 - 2015-01-08 11:24 - 00545896 _____ (Intel Corporation) C:\Windows\system32\DPTopologyApp.exe
2015-03-01 13:10 - 2015-01-08 11:24 - 00545384 _____ (Intel Corporation) C:\Windows\system32\DPTopologyAppv2_0.exe
2015-03-01 13:10 - 2015-01-08 11:24 - 00455744 _____ (Intel Corporation) C:\Windows\system32\igdmd64.dll
2015-03-01 13:10 - 2015-01-08 11:24 - 00454416 _____ (Intel(R) Corporation) C:\Windows\system32\Drivers\IntcDAud.sys
2015-03-01 13:10 - 2015-01-08 11:24 - 00399464 _____ (Intel Corporation) C:\Windows\system32\CustomModeApp.exe
2015-03-01 13:10 - 2015-01-08 11:24 - 00398952 _____ (Intel Corporation) C:\Windows\system32\CustomModeAppv2_0.exe
2015-03-01 13:10 - 2015-01-08 11:24 - 00384104 _____ (Intel Corporation) C:\Windows\system32\igfxTray.exe
2015-03-01 13:10 - 2015-01-08 11:24 - 00384000 _____ (Intel Corporation) C:\Windows\system32\igfxOSP.dll
2015-03-01 13:10 - 2015-01-08 11:24 - 00376832 _____ (Intel Corporation) C:\Windows\system32\IntelOpenCL64.dll
2015-03-01 13:10 - 2015-01-08 11:24 - 00367664 _____ (Intel Corporation) C:\Windows\SysWOW64\igdmd32.dll
2015-03-01 13:10 - 2015-01-08 11:24 - 00329216 _____ (Intel Corporation) C:\Windows\system32\igdbcl64.dll
2015-03-01 13:10 - 2015-01-08 11:24 - 00287232 _____ (Intel Corporation) C:\Windows\SysWOW64\igdbcl32.dll
2015-03-01 13:10 - 2015-01-08 11:24 - 00286720 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelOpenCL32.dll
2015-03-01 13:10 - 2015-01-08 11:24 - 00280680 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
2015-03-01 13:10 - 2015-01-08 11:24 - 00255488 _____ () C:\Windows\system32\igfxCPL.cpl
2015-03-01 13:10 - 2015-01-08 11:24 - 00246888 _____ (Intel Corporation) C:\Windows\system32\igfxHK.exe
2015-03-01 13:10 - 2015-01-08 11:24 - 00223232 _____ () C:\Windows\system32\igdde64.dll
2015-03-01 13:10 - 2015-01-08 11:24 - 00220160 _____ (Intel Corporation) C:\Windows\system32\igfxDTCM.dll
2015-03-01 13:10 - 2015-01-08 11:24 - 00194664 _____ (Intel Corporation) C:\Windows\system32\igfxext.exe
2015-03-01 13:10 - 2015-01-08 11:24 - 00188456 _____ (Intel Corporation) C:\Windows\system32\igfxcmrt64.dll
2015-03-01 13:10 - 2015-01-08 11:24 - 00184832 _____ (Intel Corporation) C:\Windows\system32\igfx11cmrt64.dll
2015-03-01 13:10 - 2015-01-08 11:24 - 00184832 _____ () C:\Windows\SysWOW64\igdde32.dll
2015-03-01 13:10 - 2015-01-08 11:24 - 00183296 _____ (Intel Corporation) C:\Windows\system32\igfxCoIn_v4061.dll
2015-03-01 13:10 - 2015-01-08 11:24 - 00162304 _____ () C:\Windows\system32\igdail64.dll
2015-03-01 13:10 - 2015-01-08 11:24 - 00159056 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmrt32.dll
2015-03-01 13:10 - 2015-01-08 11:24 - 00155136 _____ (Intel Corporation) C:\Windows\SysWOW64\igfx11cmrt32.dll
2015-03-01 13:10 - 2015-01-08 11:24 - 00154728 _____ (Intel Corporation) C:\Windows\system32\difx64.exe
2015-03-01 13:10 - 2015-01-08 11:24 - 00153268 __RSH () C:\Windows\system32\resCSY.cui
2015-03-01 13:10 - 2015-01-08 11:24 - 00143872 _____ () C:\Windows\SysWOW64\igdail32.dll
2015-03-01 13:10 - 2015-01-08 11:24 - 00086528 _____ () C:\Windows\system32\igfxCUIServicePS.dll
2015-03-01 13:10 - 2015-01-08 11:24 - 00069632 _____ ( ) C:\Windows\system32\igfxDHLibv2_0.dll
2015-03-01 13:10 - 2015-01-08 11:24 - 00059392 _____ ( ) C:\Windows\system32\igfxDHLib.dll
2015-03-01 13:10 - 2015-01-08 11:24 - 00031408 _____ (Intel Corporation) C:\Windows\system32\igfxexps.dll
2015-03-01 13:10 - 2015-01-08 11:24 - 00030720 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxexps32.dll
2015-03-01 13:10 - 2015-01-08 11:24 - 00010752 _____ ( ) C:\Windows\system32\igfxDILib.dll
2015-03-01 13:10 - 2015-01-08 11:24 - 00010240 _____ ( ) C:\Windows\system32\igfxEMLibv2_0.dll
2015-03-01 13:10 - 2015-01-08 11:24 - 00010240 _____ ( ) C:\Windows\system32\igfxEMLib.dll
2015-03-01 13:10 - 2015-01-08 11:24 - 00010240 _____ ( ) C:\Windows\system32\igfxDILibv2_0.dll
2015-03-01 13:10 - 2015-01-08 11:24 - 00005120 _____ ( ) C:\Windows\system32\igfxLHMLibv2_0.dll
2015-03-01 13:10 - 2015-01-08 11:24 - 00005120 _____ ( ) C:\Windows\system32\igfxLHMLib.dll
2015-03-01 13:10 - 2015-01-08 11:24 - 00002564 _____ () C:\Windows\system32\iglhxs64.vp
2015-03-01 13:07 - 2015-03-01 13:07 - 02333416 _____ (Intel) C:\Users\Tsunami Dream\Downloads\Intel Driver Update Utility Installer.exe
2015-03-01 13:07 - 2015-03-01 13:07 - 00001180 _____ () C:\Users\Public\Desktop\Intel(R) Driver Update Utility 2.0.lnk
2015-03-01 13:07 - 2015-03-01 13:07 - 00000000 ____D () C:\Users\Tsunami Dream\AppData\Local\Intel
2015-03-01 13:07 - 2015-03-01 13:07 - 00000000 ____D () C:\ProgramData\Package Cache
2015-03-01 13:07 - 2015-03-01 13:07 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver Update Utility
2015-03-01 13:07 - 2015-03-01 13:07 - 00000000 ____D () C:\Program Files (x86)\Intel Driver Update Utility
2015-03-01 12:58 - 2015-03-01 12:58 - 00000000 _____ () C:\Users\Tsunami Dream\Documents\New Text Document (2).txt
2015-03-01 10:42 - 2015-03-01 10:43 - 00000862 _____ () C:\Windows\SysWOW64\debug.log
2015-03-01 10:39 - 2015-03-01 10:39 - 00000000 ____D () C:\ProgramData\Windows VXM
2015-03-01 10:39 - 2015-03-01 10:39 - 00000000 ____D () C:\Program Files (x86)\Windows Network Accelerater
2015-03-01 10:17 - 2015-03-01 10:17 - 00000000 ____D () C:\ProgramData\9f98403200003a4e
2015-03-01 10:16 - 2015-03-01 10:16 - 00000000 ____D () C:\ProgramData\a9195fc000006777
2015-03-01 10:06 - 2015-03-01 10:06 - 00000000 ____D () C:\ProgramData\6467701552656366573
2015-03-01 10:05 - 2015-03-01 10:42 - 00000000 ____D () C:\ProgramData\{671ac39b-a1b6-9513-671a-ac39ba1b0e6e}
2015-03-01 09:58 - 2015-03-01 09:58 - 00000000 ____D () C:\Windows\SysWOW64\Flash
2015-03-01 09:54 - 2015-03-01 10:42 - 00000000 ____D () C:\ProgramData\{2002a3ab-b40a-e6f2-2002-2a3abb408eae}
2015-03-01 09:54 - 2015-03-01 09:54 - 00613067 _____ (CMI Limited) C:\Users\Tsunami Dream\AppData\Local\nsqF1B7.tmp
2015-03-01 09:54 - 2015-03-01 09:54 - 00003224 _____ () C:\Windows\System32\Tasks\ProPCCleaner_Start
2015-03-01 09:54 - 2015-03-01 09:54 - 00000000 __SHD () C:\Users\Tsunami Dream\AppData\Roaming\AnyProtectEx
2015-03-01 09:53 - 2015-03-01 10:38 - 00000000 ____D () C:\ProgramData\Optimizer
2015-03-01 09:53 - 2015-03-01 09:53 - 00000000 ____D () C:\Program Files (x86)\YouTube-Downloader
2015-03-01 09:51 - 2015-03-01 05:11 - 00048792 _____ (StdLib) C:\Windows\system32\Drivers\{ca032d0a-a16a-4ca5-8bc6-c3c5a2d19d37}Gw64.sys
2015-03-01 09:49 - 2015-03-01 09:49 - 00000000 ____D () C:\Users\Tsunami Dream\AppData\Local\24959504
2015-03-01 09:48 - 2015-03-01 09:48 - 00002120 _____ () C:\Windows\patsearch.bin
2015-03-01 09:48 - 2015-03-01 09:48 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_webTinstMK_01009.Wdf
2015-03-01 09:46 - 2015-03-01 09:48 - 00008584 _____ () C:\Windows\SysWOW64\BasementDusterOff.ini
2015-03-01 09:46 - 2015-03-01 09:48 - 00008584 _____ () C:\Windows\system32\BasementDusterOff.ini
2015-03-01 09:46 - 2015-03-01 09:46 - 01804760 _____ (Cinema PlusV01.03) C:\Users\Tsunami Dream\AppData\Roaming\LJZLY.exe
2015-03-01 09:46 - 2015-03-01 09:46 - 01478104 _____ (Cinema PlusV01.03) C:\Users\Tsunami Dream\AppData\Roaming\DUWV.exe
2015-03-01 09:46 - 2015-03-01 09:46 - 00000000 ____D () C:\Users\Tsunami Dream\AppData\Local\globalUpdate
2015-03-01 09:46 - 2015-02-24 05:51 - 00318808 _____ (OM Inc.) C:\Windows\SysWOW64\BDL.dll
2015-03-01 09:35 - 2015-03-01 09:40 - 00000000 ____D () C:\Users\Tsunami Dream\AppData\Local\03000200-1425202547-0500-0006-000700080009
2015-03-01 09:35 - 2015-03-01 09:35 - 00000000 ____D () C:\ProgramData\PastaLeadsAgent
2015-03-01 09:35 - 2015-03-01 09:35 - 00000000 ____D () C:\Program Files\Common Files\PastaLeads
2015-03-01 09:34 - 2015-03-01 09:53 - 00000000 ____D () C:\Users\Tsunami Dream\AppData\Roaming\03000200-1425202495-0500-0006-000700080009
2015-03-01 09:33 - 2015-03-01 09:33 - 00000000 ____D () C:\Users\Tsunami Dream\AppData\Roaming\Macromedia
2015-03-01 09:32 - 2015-03-01 10:43 - 00000000 ____D () C:\Users\Tsunami Dream\AppData\Roaming\OAS
2015-03-01 09:32 - 2015-03-01 09:34 - 00000000 ____D () C:\Windows\system32\appmgmt
2015-03-01 08:51 - 2015-03-01 09:32 - 00000000 ____D () C:\Windows\DB847E94446B49E0AC5DC5627EC8B0C0.TMP
2015-03-01 08:51 - 2015-03-01 08:51 - 00000000 _____ () C:\autoexec.bat
2015-03-01 07:54 - 2015-03-01 07:54 - 00000155 _____ () C:\Users\Tsunami Dream\Documents\BoostSpeed 7 Reg.txt
2015-03-01 07:51 - 2015-03-01 07:51 - 06832608 _____ (Auslogics Labs Pty Ltd ) C:\Users\Tsunami Dream\Downloads\anti-malware-setup.exe
2015-03-01 07:36 - 2015-03-01 07:36 - 00000000 ____D () C:\Windows\System32\Tasks\Auslogics
2015-03-01 07:11 - 2015-03-01 07:11 - 00001963 _____ () C:\Users\Public\Desktop\Express Files.lnk
2015-03-01 07:10 - 2015-03-01 07:10 - 06644320 _____ (http://www.express-files.com/) C:\Users\Tsunami Dream\Downloads\g_installer.exe
2015-03-01 06:02 - 2015-03-01 06:02 - 00000000 ____D () C:\Users\Tsunami Dream\AppData\Local\Apps\2.0
2015-03-01 05:53 - 2015-03-01 05:53 - 00001326 _____ () C:\Users\Public\Desktop\Pavtube Video Converter Ultimate.lnk
2015-03-01 05:53 - 2015-03-01 05:53 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pavtube
2015-03-01 05:53 - 2015-03-01 05:53 - 00000000 ____D () C:\Program Files (x86)\Pavtube
2015-03-01 03:29 - 2015-03-01 03:29 - 00097283 _____ () C:\ProgramData\1425209324.bdinstall.bin
2015-03-01 03:28 - 2015-03-01 03:28 - 00037823 _____ () C:\ProgramData\1425209323.bdinstall.bin
2015-03-01 03:15 - 2015-03-01 03:15 - 00000000 ____D () C:\Users\Tsunami Dream\AppData\Local\VS Revo Group
2015-03-01 03:15 - 2015-03-01 03:15 - 00000000 ____D () C:\ProgramData\VS Revo Group
2015-03-01 03:15 - 2015-03-01 03:15 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2015-03-01 03:15 - 2015-03-01 03:15 - 00000000 ____D () C:\Program Files\VS Revo Group
2015-03-01 03:15 - 2009-12-30 11:21 - 00031800 _____ (VS Revo Group) C:\Windows\system32\Drivers\revoflt.sys
2015-03-01 03:09 - 2015-03-01 05:16 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-03-01 02:29 - 2015-03-01 07:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\ExpressFiles
2015-03-01 02:29 - 2015-03-01 07:11 - 00000000 ____D () C:\Program Files (x86)\ExpressFiles
2015-03-01 02:29 - 2015-03-01 02:30 - 00000000 ____D () C:\Users\Tsunami Dream\AppData\Roaming\ExpressFiles
2015-03-01 01:03 - 2015-03-01 02:08 - 00000383 _____ () C:\Windows\wininit.ini
2015-03-01 01:01 - 2015-03-01 01:02 - 00000000 ____D () C:\Windows\pss
2015-03-01 00:55 - 2015-03-01 00:55 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-03-01 00:48 - 2015-03-01 01:49 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2015-03-01 00:48 - 2015-03-01 00:48 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2015-03-01 00:22 - 2015-03-01 07:51 - 00000000 ____D () C:\ProgramData\Auslogics
2015-03-01 00:20 - 2015-03-01 00:20 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-03-01 00:19 - 2015-03-01 00:53 - 00000000 ____D () C:\ProgramData\Adobe
2015-03-01 00:18 - 2015-03-01 03:42 - 00000000 ____D () C:\Users\Tsunami Dream\AppData\Local\Adobe
2015-02-28 19:26 - 2015-02-28 19:26 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-02-28 19:26 - 2015-02-23 21:31 - 21543568 _____ () C:\WindowsMSYH.tt2
2015-02-28 19:26 - 2015-02-23 21:31 - 21302624 _____ () C:\WindowsMSJH.tt2
2015-02-28 19:26 - 2015-02-23 21:31 - 14381616 _____ () C:\WindowsMSYHBD.tt2
2015-02-28 19:26 - 2015-02-23 21:31 - 14343024 _____ () C:\WindowsMSJHBD.tt2
2015-02-28 18:31 - 2015-02-28 20:11 - 00000000 ____D () C:\Users\Tsunami Dream\AppData\Roaming\ClPhpEd
2015-02-28 18:31 - 2015-02-28 18:31 - 00000000 ____D () C:\Users\Tsunami Dream\AppData\Roaming\CLYii
2015-02-28 18:31 - 2015-02-28 18:31 - 00000000 ____D () C:\Users\Tsunami Dream\AppData\Roaming\CLWordPress
2015-02-28 18:31 - 2015-02-28 18:31 - 00000000 ____D () C:\Users\Tsunami Dream\AppData\Roaming\CLSymfony
2015-02-28 18:31 - 2015-02-28 18:31 - 00000000 ____D () C:\Users\Tsunami Dream\AppData\Roaming\CLSMySQL
2015-02-28 18:31 - 2015-02-28 18:31 - 00000000 ____D () C:\Users\Tsunami Dream\AppData\Roaming\CLSmarty
2015-02-28 18:31 - 2015-02-28 18:31 - 00000000 ____D () C:\Users\Tsunami Dream\AppData\Roaming\CLPhalcon
2015-02-28 18:31 - 2015-02-28 18:31 - 00000000 ____D () C:\Users\Tsunami Dream\AppData\Roaming\CLLaravel
2015-02-28 18:31 - 2015-02-28 18:31 - 00000000 ____D () C:\Users\Tsunami Dream\AppData\Roaming\CLJQuery
2015-02-28 18:31 - 2015-02-28 18:31 - 00000000 ____D () C:\Users\Tsunami Dream\AppData\Roaming\CLJoomla
2015-02-28 18:31 - 2015-02-28 18:31 - 00000000 ____D () C:\Users\Tsunami Dream\AppData\Roaming\CLDrupal
2015-02-28 18:31 - 2015-02-28 18:31 - 00000000 ____D () C:\Users\Tsunami Dream\AppData\Roaming\CLCodeIgniter
2015-02-28 18:31 - 2015-02-28 18:31 - 00000000 ____D () C:\Users\Tsunami Dream\AppData\Roaming\CLCakePHP
2015-02-28 18:23 - 2015-02-28 18:23 - 00000000 ____D () C:\Users\Tsunami Dream\AppData\Roaming\CodeLobster Php Edition
2015-02-28 16:16 - 2015-03-01 16:57 - 00000000 ____D () C:\Users\Tsunami Dream\Documents\Visitor's Application_files
2015-02-27 18:30 - 2015-02-27 19:06 - 00000000 ____D () C:\Users\Tsunami Dream\AppData\Roaming\TeamViewer
2015-02-27 17:39 - 2015-02-27 17:39 - 00239104 _____ (AV Security Software) C:\Windows\mlwps.exe
2015-02-27 17:37 - 2015-02-27 17:37 - 00208248 _____ () C:\ProgramData\1425087087.bdinstall.bin
2015-02-27 17:35 - 2015-02-27 17:35 - 00000000 ____D () C:\Program Files (x86)\Microsoft ASP.NET
2015-02-27 17:33 - 2009-07-15 01:21 - 01721576 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2015-02-27 17:18 - 2015-02-27 17:18 - 00001273 _____ () C:\Users\Tsunami Dream\Desktop\Cisco Packet Tracer Instructor.lnk
2015-02-27 17:18 - 2015-02-27 17:18 - 00000212 _____ () C:\Users\Tsunami Dream\.packettracer
2015-02-27 17:18 - 2015-02-27 17:18 - 00000000 ____D () C:\Users\Tsunami Dream\Cisco Packet Tracer 6.1.1iv
2015-02-27 17:18 - 2015-02-27 17:18 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cisco Packet Tracer Instructor
2015-02-27 17:17 - 2015-02-28 07:02 - 00000000 ____D () C:\Program Files (x86)\Cisco Packet Tracer 6.1.1iv
2015-02-26 19:53 - 2015-01-22 20:42 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-02-26 19:53 - 2015-01-22 20:41 - 06041600 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-02-26 19:53 - 2015-01-22 19:43 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-02-26 19:53 - 2015-01-22 19:17 - 04300800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-02-26 19:09 - 2015-03-01 16:01 - 00073728 _____ () C:\Windows\SysWOW64\tasks.dll
2015-02-26 06:11 - 2015-02-05 11:07 - 02558792 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-02-26 06:11 - 2015-02-05 09:57 - 00621384 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2015-02-26 06:09 - 2015-02-26 06:09 - 00000000 __SHD () C:\Users\Tsunami Dream\AppData\Local\EmieUserList
2015-02-26 06:09 - 2015-02-26 06:09 - 00000000 __SHD () C:\Users\Tsunami Dream\AppData\Local\EmieSiteList
2015-02-26 06:09 - 2015-02-26 06:09 - 00000000 __SHD () C:\Users\Tsunami Dream\AppData\Local\EmieBrowserModeList
2015-02-26 06:09 - 2015-02-05 13:01 - 32106640 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-02-26 06:09 - 2015-02-05 13:01 - 25460880 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2015-02-26 06:09 - 2015-02-05 13:01 - 24768144 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-02-26 06:09 - 2015-02-05 13:01 - 20466496 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2015-02-26 06:09 - 2015-02-05 13:01 - 17253848 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-02-26 06:09 - 2015-02-05 13:01 - 13294528 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-02-26 06:09 - 2015-02-05 13:01 - 13208200 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-02-26 06:09 - 2015-02-05 13:01 - 10773704 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-02-26 06:09 - 2015-02-05 13:01 - 10713256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-02-26 06:09 - 2015-02-05 13:01 - 10284872 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-02-26 06:09 - 2015-02-05 13:01 - 03610768 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-02-26 06:09 - 2015-02-05 13:01 - 03247248 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-02-26 06:09 - 2015-02-05 13:01 - 02902784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-02-26 06:09 - 2015-02-05 13:01 - 01895240 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6434752.dll
2015-02-26 06:09 - 2015-02-05 13:01 - 01557648 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6434752.dll
2015-02-26 06:09 - 2015-02-05 13:01 - 00995248 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-02-26 06:09 - 2015-02-05 13:01 - 00969872 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-02-26 06:09 - 2015-02-05 13:01 - 00943760 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-02-26 06:09 - 2015-02-05 13:01 - 00929936 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-02-26 06:09 - 2015-02-05 13:01 - 00908104 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-02-26 06:09 - 2015-02-05 13:01 - 00877816 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-02-26 06:09 - 2015-02-05 13:01 - 00353224 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-02-26 06:09 - 2015-02-05 13:01 - 00305136 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-02-26 06:09 - 2015-02-05 13:01 - 00195728 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvhda64v.sys
2015-02-26 06:09 - 2015-02-05 13:01 - 00177624 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-02-26 06:09 - 2015-02-05 13:01 - 00164752 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-02-26 06:09 - 2015-02-05 13:01 - 00030536 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdap64.dll
2015-02-26 03:04 - 2015-01-08 15:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-02-26 03:04 - 2015-01-08 15:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-02-26 03:00 - 2014-06-26 18:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2015-02-26 03:00 - 2014-06-26 17:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2015-02-25 16:45 - 2015-02-25 16:45 - 00000221 _____ () C:\Users\Tsunami Dream\Desktop\The Elder Scrolls III Morrowind.url
2015-02-25 16:03 - 2015-01-09 22:48 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-02-25 16:03 - 2015-01-09 22:48 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-02-25 16:03 - 2015-01-09 22:48 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-02-25 16:03 - 2015-01-09 22:48 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-02-25 16:03 - 2015-01-09 22:48 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-02-25 16:03 - 2015-01-09 22:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-02-25 16:03 - 2015-01-09 22:48 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-02-25 16:03 - 2015-01-09 22:27 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-02-25 16:03 - 2015-01-09 22:27 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-02-25 16:03 - 2015-01-09 22:27 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-02-25 16:03 - 2015-01-09 22:27 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-02-25 16:03 - 2015-01-09 22:27 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-02-25 16:03 - 2015-01-09 22:27 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-02-25 16:03 - 2015-01-09 22:27 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-02-25 16:03 - 2013-11-23 10:26 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-02-25 16:03 - 2013-11-23 09:47 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-02-25 16:03 - 2011-02-24 22:19 - 02871808 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2015-02-25 16:03 - 2011-02-24 21:30 - 02616320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2015-02-25 16:02 - 2015-01-13 21:47 - 00389808 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-02-25 16:02 - 2015-01-13 21:09 - 00342712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-02-25 16:02 - 2015-01-11 19:09 - 25056256 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-02-25 16:02 - 2015-01-11 19:05 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-02-25 16:02 - 2015-01-11 19:05 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-02-25 16:02 - 2015-01-11 18:49 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-02-25 16:02 - 2015-01-11 18:48 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-02-25 16:02 - 2015-01-11 18:48 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-02-25 16:02 - 2015-01-11 18:48 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-02-25 16:02 - 2015-01-11 18:47 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-02-25 16:02 - 2015-01-11 18:40 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-02-25 16:02 - 2015-01-11 18:39 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-02-25 16:02 - 2015-01-11 18:36 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-02-25 16:02 - 2015-01-11 18:34 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-02-25 16:02 - 2015-01-11 18:34 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-02-25 16:02 - 2015-01-11 18:25 - 19740160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-02-25 16:02 - 2015-01-11 18:25 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-02-25 16:02 - 2015-01-11 18:21 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-02-25 16:02 - 2015-01-11 18:21 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-02-25 16:02 - 2015-01-11 18:13 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-02-25 16:02 - 2015-01-11 18:08 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-02-25 16:02 - 2015-01-11 18:08 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-02-25 16:02 - 2015-01-11 18:07 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-02-25 16:02 - 2015-01-11 18:07 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-02-25 16:02 - 2015-01-11 18:07 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-02-25 16:02 - 2015-01-11 18:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-02-25 16:02 - 2015-01-11 18:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-02-25 16:02 - 2015-01-11 18:02 - 02277888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-02-25 16:02 - 2015-01-11 18:00 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-02-25 16:02 - 2015-01-11 17:59 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-02-25 16:02 - 2015-01-11 17:57 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-02-25 16:02 - 2015-01-11 17:55 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-02-25 16:02 - 2015-01-11 17:48 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-02-25 16:02 - 2015-01-11 17:48 - 00718848 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-02-25 16:02 - 2015-01-11 17:46 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-02-25 16:02 - 2015-01-11 17:46 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-02-25 16:02 - 2015-01-11 17:45 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-02-25 16:02 - 2015-01-11 17:43 - 14401024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-02-25 16:02 - 2015-01-11 17:40 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-02-25 16:02 - 2015-01-11 17:36 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-02-25 16:02 - 2015-01-11 17:35 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-02-25 16:02 - 2015-01-11 17:33 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-02-25 16:02 - 2015-01-11 17:27 - 02358272 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-02-25 16:02 - 2015-01-11 17:23 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-02-25 16:02 - 2015-01-11 17:23 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-02-25 16:02 - 2015-01-11 17:22 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-02-25 16:02 - 2015-01-11 17:14 - 12829184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-02-25 16:02 - 2015-01-11 17:14 - 01548288 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-02-25 16:02 - 2015-01-11 17:02 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-02-25 16:02 - 2015-01-11 17:00 - 01888256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-02-25 16:02 - 2015-01-11 16:56 - 01307136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-02-25 16:02 - 2015-01-11 16:55 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-02-25 16:02 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2015-02-25 16:02 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2015-02-25 16:02 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2015-02-25 16:02 - 2014-07-08 18:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2015-02-25 16:02 - 2014-07-08 18:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2015-02-25 16:02 - 2014-07-08 17:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2015-02-25 16:02 - 2014-07-08 17:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2015-02-25 16:02 - 2014-07-08 17:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2015-02-25 16:02 - 2014-07-08 17:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2015-02-25 16:02 - 2014-07-08 17:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2015-02-25 16:02 - 2014-06-23 19:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-02-25 16:02 - 2014-06-23 18:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-02-25 16:02 - 2013-11-26 00:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2015-02-25 16:02 - 2013-11-22 14:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-02-25 16:02 - 2011-03-10 22:41 - 00410496 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStorV.sys
2015-02-25 16:02 - 2011-03-10 22:41 - 00166272 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvstor.sys
2015-02-25 16:02 - 2011-03-10 22:41 - 00148352 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvraid.sys
2015-02-25 16:02 - 2011-03-10 22:41 - 00107904 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdsata.sys
2015-02-25 16:02 - 2011-03-10 22:41 - 00027008 _____ (Advanced Micro Devices) C:\Windows\system32\Drivers\amdxata.sys
2015-02-25 16:02 - 2011-03-10 22:33 - 02565632 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2015-02-25 16:02 - 2011-03-10 22:30 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\fsutil.exe
2015-02-25 16:02 - 2011-03-10 21:33 - 01699328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2015-02-25 16:02 - 2011-03-10 21:31 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fsutil.exe
2015-02-25 16:02 - 2011-03-10 20:37 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBSTOR.SYS
2015-02-25 16:01 - 2012-02-10 22:36 - 00559104 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2015-02-25 16:01 - 2012-02-10 22:36 - 00067072 _____ (Microsoft Corporation) C:\Windows\splwow64.exe
2015-02-25 16:00 - 2015-02-25 16:01 - 00003304 _____ () C:\Windows\System32\Tasks\Malware Cleaner
2015-02-25 16:00 - 2015-02-25 16:01 - 00000000 ____D () C:\Program Files (x86)\PrivateVPN
2015-02-24 07:17 - 2015-02-24 07:17 - 00000000 ____D () C:\Users\Tsunami Dream\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-02-24 07:04 - 2015-01-12 19:10 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-02-24 07:04 - 2015-01-12 18:49 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-02-24 03:39 - 2015-03-01 03:42 - 00000000 ____D () C:\Users\Tsunami Dream\AppData\Roaming\Adobe
2015-02-24 03:27 - 2015-02-24 03:27 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-02-24 03:27 - 2015-02-24 03:27 - 00000000 ____D () C:\Windows\system32\appraiser
2015-02-23 23:58 - 2013-05-09 21:56 - 14631424 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-02-23 23:58 - 2013-05-09 21:56 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-02-23 23:58 - 2013-05-09 20:56 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-02-23 23:58 - 2013-05-09 20:56 - 11410432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-02-23 23:46 - 2015-03-01 08:49 - 00000000 ____D () C:\Users\Tsunami Dream\Desktop\New folder
2015-02-23 23:42 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2015-02-23 23:39 - 2015-02-23 23:39 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2015-02-23 23:39 - 2015-02-23 23:39 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-02-23 23:39 - 2015-02-23 23:39 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2015-02-23 23:39 - 2015-02-23 23:39 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2015-02-23 23:39 - 2015-02-23 23:39 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2015-02-23 23:39 - 2015-02-23 23:39 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-02-23 23:39 - 2015-02-23 23:39 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-02-23 23:39 - 2015-02-23 23:39 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-02-23 23:39 - 2015-02-23 23:39 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2015-02-23 23:39 - 2015-02-23 23:39 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-02-23 23:39 - 2015-02-23 23:39 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-02-23 23:39 - 2015-02-23 23:39 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2015-02-23 23:39 - 2015-02-23 23:39 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-02-23 23:39 - 2015-02-23 23:39 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-02-23 23:39 - 2015-02-23 23:39 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2015-02-23 23:39 - 2015-02-23 23:39 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2015-02-23 23:39 - 2015-02-23 23:39 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2015-02-23 23:39 - 2015-02-23 23:39 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2015-02-23 23:39 - 2015-02-23 23:39 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-02-23 23:39 - 2015-02-23 23:39 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2015-02-23 23:39 - 2015-02-23 23:39 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2015-02-23 23:39 - 2015-02-23 23:39 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-02-23 23:39 - 2015-02-23 23:39 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2015-02-23 23:39 - 2015-02-23 23:39 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-02-23 23:39 - 2015-02-23 23:39 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-02-23 23:39 - 2015-02-23 23:39 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2015-02-23 23:39 - 2015-02-23 23:39 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-02-23 23:39 - 2015-02-23 23:39 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-02-23 23:39 - 2015-02-23 23:39 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2015-02-23 23:39 - 2015-02-23 23:39 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2015-02-23 23:39 - 2015-02-23 23:39 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-02-23 23:39 - 2015-02-23 23:39 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2015-02-23 23:39 - 2015-02-23 23:39 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2015-02-23 23:39 - 2015-02-23 23:39 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2015-02-23 23:39 - 2015-02-23 23:39 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2015-02-23 23:39 - 2015-02-23 23:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2015-02-23 23:39 - 2015-02-23 23:39 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2015-02-23 23:39 - 2015-02-23 23:39 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2015-02-23 23:39 - 2015-02-23 23:39 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2015-02-23 23:39 - 2015-02-23 23:39 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2015-02-23 23:39 - 2015-02-23 23:39 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-02-23 23:39 - 2015-02-23 23:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2015-02-23 23:39 - 2015-02-23 23:39 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2015-02-23 23:39 - 2015-02-23 23:39 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2015-02-23 23:39 - 2015-02-23 23:39 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-02-23 23:39 - 2015-02-23 23:39 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2015-02-23 23:39 - 2015-02-23 23:39 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2015-02-23 23:39 - 2015-02-23 23:39 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2015-02-23 23:39 - 2015-02-23 23:39 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-02-23 23:39 - 2015-02-23 23:39 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-02-23 23:39 - 2015-02-23 23:39 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-02-23 23:39 - 2015-02-23 23:39 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-02-23 23:35 - 2015-02-23 23:35 - 01682432 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2015-02-23 23:35 - 2015-02-23 23:35 - 01643520 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-02-23 23:35 - 2015-02-23 23:35 - 01247744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-02-23 23:35 - 2015-02-23 23:35 - 01238528 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2015-02-23 23:35 - 2015-02-23 23:35 - 01175552 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-02-23 23:35 - 2015-02-23 23:35 - 01158144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsPrint.dll
2015-02-23 23:35 - 2015-02-23 23:35 - 01080832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2015-02-23 23:35 - 2015-02-23 23:35 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2015-02-23 23:35 - 2015-02-23 23:35 - 00604160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2015-02-23 23:35 - 2015-02-23 23:35 - 00522752 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2015-02-23 23:35 - 2015-02-23 23:35 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XpsGdiConverter.dll
2015-02-23 23:35 - 2015-02-23 23:35 - 00363008 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2015-02-23 23:35 - 2015-02-23 23:35 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2015-02-23 23:35 - 2015-02-23 23:35 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2015-02-23 23:35 - 2015-02-23 23:35 - 00293376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxgi.dll
2015-02-23 23:35 - 2015-02-23 23:35 - 00249856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2015-02-23 23:35 - 2015-02-23 23:35 - 00245248 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2015-02-23 23:35 - 2015-02-23 23:35 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2015-02-23 23:35 - 2015-02-23 23:35 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2015-02-23 23:35 - 2015-02-23 23:35 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecsExt.dll
2015-02-23 23:35 - 2015-02-23 23:35 - 00194560 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2015-02-23 23:35 - 2015-02-23 23:35 - 00187392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAnimation.dll
2015-02-23 23:35 - 2015-02-23 23:35 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2015-02-23 23:35 - 2015-02-23 23:35 - 00010752 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2015-02-23 23:35 - 2015-02-23 23:35 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2015-02-23 23:35 - 2015-02-23 23:35 - 00009728 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2015-02-23 23:35 - 2015-02-23 23:35 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2015-02-23 23:35 - 2015-02-23 23:35 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2015-02-23 23:35 - 2015-02-23 23:35 - 00005632 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2015-02-23 23:35 - 2015-02-23 23:35 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2015-02-23 23:35 - 2015-02-23 23:35 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2015-02-23 23:35 - 2015-02-23 23:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2015-02-23 23:35 - 2015-02-23 23:35 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2015-02-23 23:35 - 2015-02-23 23:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2015-02-23 23:35 - 2015-02-23 23:35 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2015-02-23 23:35 - 2015-02-23 23:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2015-02-23 23:35 - 2015-02-23 23:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2015-02-23 23:35 - 2015-02-23 23:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2015-02-23 23:35 - 2015-02-23 23:35 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2015-02-23 23:35 - 2015-02-23 23:35 - 00002560 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2015-02-23 23:35 - 2015-02-23 23:35 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2015-02-23 23:11 - 2015-03-01 13:11 - 00000000 ____D () C:\Program Files (x86)\Intel
2015-02-23 22:57 - 2015-02-23 22:57 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_Kernel_xusb21_01007.Wdf
2015-02-23 22:45 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2015-02-23 22:45 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2015-02-23 22:45 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2015-02-23 22:45 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2015-02-23 22:45 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2015-02-23 22:45 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2015-02-23 22:45 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2015-02-23 22:45 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2015-02-23 22:45 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2015-02-23 22:45 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2015-02-23 22:45 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2015-02-23 22:45 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2015-02-23 22:45 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2015-02-23 22:45 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2015-02-23 22:44 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2015-02-23 22:44 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2015-02-23 22:44 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2015-02-23 22:44 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2015-02-23 22:44 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2015-02-23 22:44 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2015-02-23 22:44 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2015-02-23 22:44 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2015-02-23 22:44 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2015-02-23 22:44 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2015-02-23 22:44 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2015-02-23 22:44 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2015-02-23 22:44 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2015-02-23 22:44 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2015-02-23 22:44 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2015-02-23 22:44 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2015-02-23 22:44 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2015-02-23 22:44 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2015-02-23 22:44 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2015-02-23 22:44 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2015-02-23 22:44 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2015-02-23 22:44 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2015-02-23 22:44 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2015-02-23 22:44 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2015-02-23 22:44 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2015-02-23 22:44 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2015-02-23 22:44 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2015-02-23 22:44 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2015-02-23 22:44 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2015-02-23 22:44 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2015-02-23 22:44 - 2008-10-15 06:22 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2015-02-23 22:44 - 2008-10-15 06:22 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2015-02-23 22:44 - 2008-10-15 06:22 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2015-02-23 22:44 - 2008-10-15 06:22 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2015-02-23 22:44 - 2008-10-15 06:22 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2015-02-23 22:44 - 2008-10-15 06:22 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2015-02-23 22:44 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2015-02-23 22:44 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2015-02-23 22:44 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2015-02-23 22:44 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2015-02-23 22:44 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2015-02-23 22:44 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2015-02-23 22:44 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2015-02-23 22:44 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2015-02-23 22:44 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2015-02-23 22:44 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2015-02-23 22:44 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2015-02-23 22:44 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2015-02-23 22:44 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2015-02-23 22:44 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2015-02-23 22:44 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2015-02-23 22:44 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2015-02-23 22:44 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2015-02-23 22:44 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2015-02-23 22:44 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2015-02-23 22:44 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2015-02-23 22:44 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2015-02-23 22:44 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2015-02-23 22:44 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2015-02-23 22:44 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2015-02-23 22:44 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2015-02-23 22:44 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2015-02-23 22:44 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2015-02-23 22:44 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2015-02-23 22:44 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2015-02-23 22:44 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2015-02-23 22:44 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2015-02-23 22:44 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2015-02-23 22:44 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2015-02-23 22:44 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2015-02-23 22:44 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2015-02-23 22:44 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2015-02-23 22:44 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2015-02-23 22:44 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2015-02-23 22:44 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2015-02-23 22:44 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2015-02-23 22:44 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2015-02-23 22:44 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2015-02-23 22:44 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2015-02-23 22:44 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2015-02-23 22:44 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2015-02-23 22:44 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2015-02-23 22:44 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2015-02-23 22:44 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2015-02-23 22:44 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2015-02-23 22:44 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2015-02-23 22:44 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2015-02-23 22:44 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2015-02-23 22:44 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2015-02-23 22:44 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2015-02-23 22:44 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2015-02-23 22:44 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2015-02-23 22:44 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2015-02-23 22:44 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2015-02-23 22:44 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2015-02-23 22:44 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2015-02-23 22:44 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2015-02-23 22:44 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2015-02-23 22:44 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2015-02-23 22:44 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2015-02-23 22:44 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2015-02-23 22:44 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2015-02-23 22:44 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2015-02-23 22:44 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2015-02-23 22:44 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2015-02-23 22:44 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2015-02-23 22:44 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2015-02-23 22:44 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2015-02-23 22:44 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2015-02-23 22:44 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2015-02-23 22:44 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2015-02-23 22:44 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2015-02-23 22:44 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2015-02-23 22:44 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2015-02-23 22:43 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2015-02-23 22:43 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2015-02-23 22:43 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2015-02-23 22:43 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2015-02-23 22:43 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2015-02-23 22:43 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2015-02-23 22:43 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2015-02-23 22:43 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2015-02-23 22:43 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2015-02-23 22:43 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2015-02-23 22:43 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2015-02-23 22:43 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2015-02-23 22:43 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2015-02-23 22:43 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2015-02-23 22:43 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2015-02-23 22:43 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2015-02-23 22:43 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2015-02-23 22:43 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2015-02-23 22:43 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2015-02-23 22:43 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2015-02-23 22:38 - 2015-02-23 22:45 - 00000000 ____D () C:\Users\Tsunami Dream\AppData\Local\Skyrim
2015-02-23 22:37 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2015-02-23 22:37 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2015-02-23 22:37 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2015-02-23 22:37 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2015-02-23 22:37 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2015-02-23 22:37 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2015-02-23 22:37 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2015-02-23 22:37 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2015-02-23 22:37 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2015-02-23 22:37 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2015-02-23 22:37 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2015-02-23 22:37 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2015-02-23 22:37 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2015-02-23 22:37 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2015-02-23 22:37 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2015-02-23 22:37 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2015-02-23 22:37 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2015-02-23 22:37 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2015-02-23 22:18 - 2015-03-01 09:34 - 00000000 ____D () C:\ProgramData\WinZip
2015-02-23 22:16 - 2014-10-17 18:05 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-02-23 22:16 - 2014-10-17 17:33 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-02-23 22:16 - 2014-07-06 18:06 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-02-23 22:16 - 2014-07-06 18:06 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-02-23 22:16 - 2014-07-06 18:06 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-02-23 22:16 - 2014-07-06 18:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-02-23 22:16 - 2014-07-06 17:40 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-02-23 22:16 - 2014-07-06 17:39 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-02-23 22:16 - 2014-07-06 17:39 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-02-23 22:16 - 2014-07-06 17:37 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-02-23 22:14 - 2015-03-01 05:03 - 00000000 ____D () C:\Users\Tsunami Dream\AppData\Roaming\vlc
2015-02-23 22:14 - 2015-02-23 22:14 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
19rlowe81
Active Member
 
Posts: 12
Joined: March 1st, 2015, 5:38 pm

Re: Stupid "CouponDropDown" Bug! Arrrrrgggghhhh!

Unread postby 19rlowe81 » March 2nd, 2015, 2:20 am

First.txt continued:

2015-02-23 22:14 - 2015-02-23 22:14 - 00000000 ____D () C:\Program Files\VideoLAN
2015-02-23 22:10 - 2012-07-25 19:08 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2015-02-23 22:10 - 2012-07-25 19:08 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2015-02-23 22:10 - 2012-07-25 19:08 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2015-02-23 22:10 - 2012-07-25 19:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2015-02-23 22:10 - 2012-07-25 19:08 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2015-02-23 22:10 - 2012-07-25 18:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2015-02-23 22:10 - 2012-07-25 18:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2015-02-23 22:10 - 2012-06-02 06:57 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2015-02-23 22:03 - 2015-02-23 22:03 - 00000000 ____D () C:\Users\Tsunami Dream\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2015-02-23 22:01 - 2015-02-23 22:01 - 00000000 ____D () C:\Users\Tsunami Dream\AppData\Local\Steam
2015-02-23 21:59 - 2015-03-01 20:29 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-02-23 21:59 - 2015-02-23 21:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2015-02-23 21:54 - 2012-02-29 22:46 - 00023408 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys
2015-02-23 21:54 - 2012-02-29 22:28 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\wmi.dll
2015-02-23 21:54 - 2012-02-29 21:29 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2015-02-23 21:51 - 2015-03-01 10:41 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-02-23 21:51 - 2015-02-23 21:51 - 00001173 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-02-23 21:51 - 2015-02-23 21:51 - 00000000 ____D () C:\Users\Tsunami Dream\AppData\Roaming\Mozilla
2015-02-23 21:51 - 2015-02-23 21:51 - 00000000 ____D () C:\Users\Tsunami Dream\AppData\Local\Mozilla
2015-02-23 21:51 - 2015-02-23 21:51 - 00000000 ____D () C:\ProgramData\Mozilla
2015-02-23 21:46 - 2015-02-23 21:48 - 00000000 ____D () C:\Windows\system32\MRT
2015-02-23 21:46 - 2015-01-29 17:49 - 116773704 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-02-23 21:42 - 2014-06-30 14:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2015-02-23 21:42 - 2014-06-30 14:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2015-02-23 21:42 - 2014-06-05 22:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2015-02-23 21:42 - 2014-06-05 22:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2015-02-23 21:42 - 2014-03-09 13:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2015-02-23 21:42 - 2014-03-09 13:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2015-02-23 21:42 - 2014-03-09 13:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2015-02-23 21:42 - 2014-03-09 13:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2015-02-23 21:41 - 2015-02-23 21:41 - 00000000 ____D () C:\Program Files\Common Files\DESIGNER
2015-02-23 21:37 - 2015-01-08 19:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-02-23 21:37 - 2015-01-08 19:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-02-23 21:37 - 2015-01-08 19:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-02-23 21:37 - 2015-01-08 18:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-02-23 21:34 - 2015-02-23 21:34 - 00000000 ____D () C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2015-02-23 21:34 - 2015-02-23 21:34 - 00000000 ____D () C:\Program Files\Microsoft Office
2015-02-23 21:30 - 2015-02-28 19:26 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2015-02-23 21:30 - 2014-12-12 16:12 - 01715224 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-02-23 21:30 - 2014-12-12 16:12 - 01291464 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-02-23 21:30 - 2014-11-22 02:46 - 00038032 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-02-23 21:30 - 2014-11-22 02:46 - 00032400 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-02-23 21:23 - 2015-03-01 15:42 - 00111832 _____ () C:\Users\Tsunami Dream\AppData\Local\GDIPFONTCACHEV1.DAT
2015-02-23 21:20 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2015-02-23 21:20 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2015-02-23 21:20 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2015-02-23 21:20 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2015-02-23 21:20 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2015-02-23 21:20 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2015-02-23 21:19 - 2015-03-01 20:28 - 00000000 ____D () C:\ProgramData\NVIDIA
2015-02-23 21:19 - 2015-03-01 10:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-02-23 21:19 - 2015-02-23 21:31 - 00000000 ____D () C:\Users\Tsunami Dream\AppData\Local\NVIDIA Corporation
2015-02-23 21:19 - 2015-02-23 21:27 - 00000000 ____D () C:\Users\Tsunami Dream\AppData\Local\NVIDIA
2015-02-23 21:19 - 2014-12-12 16:12 - 02824504 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-02-23 21:19 - 2014-12-12 16:12 - 02210040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-02-23 21:18 - 2015-02-05 11:07 - 06861128 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-02-23 21:18 - 2015-02-05 11:07 - 03517584 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-02-23 21:18 - 2015-02-05 11:07 - 00935056 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-02-23 21:18 - 2015-02-05 11:07 - 00062792 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-02-23 21:18 - 2015-02-05 11:06 - 00385168 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-02-23 21:18 - 2015-02-05 04:50 - 04236870 _____ () C:\Windows\system32\nvcoproc.bin
2015-02-23 21:18 - 2014-10-01 19:54 - 00064000 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-02-23 21:18 - 2014-10-01 19:54 - 00060416 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-02-23 21:17 - 2015-02-26 06:19 - 00774592 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-02-23 21:17 - 2015-02-26 06:11 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2015-02-23 21:17 - 2015-02-23 21:23 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2015-02-23 21:12 - 2015-02-03 19:16 - 00894976 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-02-23 21:12 - 2015-02-03 19:16 - 00762368 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-02-23 21:12 - 2015-02-03 19:16 - 00609280 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-02-23 21:12 - 2015-02-03 19:16 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-02-23 21:12 - 2015-02-03 19:16 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-02-23 21:12 - 2015-02-03 19:16 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-02-23 21:12 - 2015-02-03 19:13 - 01098752 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-02-23 21:12 - 2015-01-27 15:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-02-23 21:12 - 2014-12-11 09:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-02-23 21:12 - 2013-08-28 18:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-02-23 21:12 - 2013-08-28 18:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-02-23 21:12 - 2013-08-28 18:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-02-23 21:12 - 2013-08-28 17:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-02-23 21:12 - 2013-08-28 17:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-02-23 21:12 - 2013-08-28 17:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-02-23 21:12 - 2013-07-04 04:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-02-23 21:12 - 2013-07-04 03:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-02-23 21:12 - 2012-12-07 05:20 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\Wpc.dll
2015-02-23 21:12 - 2012-12-07 05:15 - 02746368 _____ (Microsoft Corporation) C:\Windows\system32\gameux.dll
2015-02-23 21:12 - 2012-12-07 04:26 - 00308736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Wpc.dll
2015-02-23 21:12 - 2012-12-07 04:20 - 02576384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gameux.dll
2015-02-23 21:12 - 2012-12-07 03:20 - 00045568 _____ (Microsoft) C:\Windows\system32\oflc-nz.rs
2015-02-23 21:12 - 2012-12-07 03:20 - 00044544 _____ (Microsoft) C:\Windows\system32\pegibbfc.rs
2015-02-23 21:12 - 2012-12-07 03:20 - 00043520 _____ (Microsoft) C:\Windows\system32\csrr.rs
2015-02-23 21:12 - 2012-12-07 03:20 - 00030720 _____ (Microsoft) C:\Windows\system32\usk.rs
2015-02-23 21:12 - 2012-12-07 03:20 - 00023552 _____ (Microsoft) C:\Windows\system32\oflc.rs
2015-02-23 21:12 - 2012-12-07 03:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-pt.rs
2015-02-23 21:12 - 2012-12-07 03:20 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi-fi.rs
2015-02-23 21:12 - 2012-12-07 03:19 - 00055296 _____ (Microsoft) C:\Windows\system32\cero.rs
2015-02-23 21:12 - 2012-12-07 03:19 - 00051712 _____ (Microsoft) C:\Windows\system32\esrb.rs
2015-02-23 21:12 - 2012-12-07 03:19 - 00046592 _____ (Microsoft) C:\Windows\system32\fpb.rs
2015-02-23 21:12 - 2012-12-07 03:19 - 00040960 _____ (Microsoft) C:\Windows\system32\cob-au.rs
2015-02-23 21:12 - 2012-12-07 03:19 - 00021504 _____ (Microsoft) C:\Windows\system32\grb.rs
2015-02-23 21:12 - 2012-12-07 03:19 - 00020480 _____ (Microsoft) C:\Windows\system32\pegi.rs
2015-02-23 21:12 - 2012-12-07 03:19 - 00015360 _____ (Microsoft) C:\Windows\system32\djctq.rs
2015-02-23 21:12 - 2012-12-07 02:46 - 00055296 _____ (Microsoft) C:\Windows\SysWOW64\cero.rs
2015-02-23 21:12 - 2012-12-07 02:46 - 00051712 _____ (Microsoft) C:\Windows\SysWOW64\esrb.rs
2015-02-23 21:12 - 2012-12-07 02:46 - 00046592 _____ (Microsoft) C:\Windows\SysWOW64\fpb.rs
2015-02-23 21:12 - 2012-12-07 02:46 - 00045568 _____ (Microsoft) C:\Windows\SysWOW64\oflc-nz.rs
2015-02-23 21:12 - 2012-12-07 02:46 - 00044544 _____ (Microsoft) C:\Windows\SysWOW64\pegibbfc.rs
2015-02-23 21:12 - 2012-12-07 02:46 - 00043520 _____ (Microsoft) C:\Windows\SysWOW64\csrr.rs
2015-02-23 21:12 - 2012-12-07 02:46 - 00040960 _____ (Microsoft) C:\Windows\SysWOW64\cob-au.rs
2015-02-23 21:12 - 2012-12-07 02:46 - 00030720 _____ (Microsoft) C:\Windows\SysWOW64\usk.rs
2015-02-23 21:12 - 2012-12-07 02:46 - 00023552 _____ (Microsoft) C:\Windows\SysWOW64\oflc.rs
2015-02-23 21:12 - 2012-12-07 02:46 - 00021504 _____ (Microsoft) C:\Windows\SysWOW64\grb.rs
2015-02-23 21:12 - 2012-12-07 02:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-pt.rs
2015-02-23 21:12 - 2012-12-07 02:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi-fi.rs
2015-02-23 21:12 - 2012-12-07 02:46 - 00020480 _____ (Microsoft) C:\Windows\SysWOW64\pegi.rs
2015-02-23 21:12 - 2012-12-07 02:46 - 00015360 _____ (Microsoft) C:\Windows\SysWOW64\djctq.rs
2015-02-23 21:12 - 2012-10-09 10:17 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2015-02-23 21:12 - 2012-10-09 10:17 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2015-02-23 21:12 - 2012-10-09 09:40 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2015-02-23 21:12 - 2012-10-09 09:40 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2015-02-23 21:12 - 2011-06-15 02:02 - 00212992 _____ (Microsoft Corporation) C:\Windows\system32\odbctrac.dll
2015-02-23 21:12 - 2011-06-15 02:02 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\odbccp32.dll
2015-02-23 21:12 - 2011-06-15 02:02 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\odbccu32.dll
2015-02-23 21:12 - 2011-06-15 02:02 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\odbccr32.dll
2015-02-23 21:12 - 2011-06-15 00:55 - 00319488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbcjt32.dll
2015-02-23 21:12 - 2011-06-15 00:55 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbctrac.dll
2015-02-23 21:12 - 2011-06-15 00:55 - 00122880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbccp32.dll
2015-02-23 21:12 - 2011-06-15 00:55 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbccu32.dll
2015-02-23 21:12 - 2011-06-15 00:55 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\odbccr32.dll
2015-02-23 21:12 - 2010-12-23 02:42 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\sbe.dll
2015-02-23 21:12 - 2010-12-23 02:42 - 00961024 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2015-02-23 21:12 - 2010-12-23 02:36 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\mpg2splt.ax
2015-02-23 21:12 - 2010-12-22 21:54 - 00850944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sbe.dll
2015-02-23 21:12 - 2010-12-22 21:54 - 00642048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2015-02-23 21:12 - 2010-12-22 21:50 - 00199680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mpg2splt.ax
2015-02-23 21:11 - 2014-11-25 19:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-02-23 21:11 - 2014-11-25 19:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-02-23 21:10 - 2015-02-05 13:01 - 18575880 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-02-23 21:10 - 2015-02-05 13:01 - 16017040 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-02-23 21:10 - 2015-02-05 13:01 - 14119744 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-02-23 21:10 - 2015-02-05 13:01 - 03299512 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-02-23 21:10 - 2015-02-05 13:01 - 01540240 _____ (NVIDIA Corporation) C:\Windows\system32\nvhdagenco6420103.dll
2015-02-23 21:10 - 2015-02-05 13:01 - 00027441 _____ () C:\Windows\system32\nvinfo.pb
2015-02-23 21:10 - 2014-11-22 02:46 - 00035472 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2015-02-23 21:10 - 2014-11-10 19:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-02-23 21:10 - 2014-11-10 18:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2015-02-23 21:10 - 2014-08-01 03:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2015-02-23 21:10 - 2014-08-01 03:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2015-02-23 21:10 - 2014-05-19 18:44 - 01889112 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433788.dll
2015-02-23 21:10 - 2014-05-19 18:44 - 01541576 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433788.dll
2015-02-23 21:10 - 2011-11-16 22:35 - 00395776 _____ (Microsoft Corporation) C:\Windows\system32\webio.dll
2015-02-23 21:10 - 2011-11-16 21:35 - 00314880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webio.dll
2015-02-23 21:09 - 2015-02-26 06:10 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2015-02-23 21:09 - 2014-12-05 20:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-02-23 21:09 - 2014-12-05 19:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-02-23 21:09 - 2014-12-05 19:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-02-23 21:09 - 2014-04-24 18:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-02-23 21:09 - 2014-04-24 18:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2015-02-23 21:09 - 2013-04-25 15:30 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2015-02-23 21:09 - 2013-03-31 14:52 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2015-02-23 21:09 - 2012-03-16 23:58 - 00075120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys
2015-02-23 21:09 - 2012-01-04 02:44 - 00509952 _____ (Microsoft Corporation) C:\Windows\system32\ntshrui.dll
2015-02-23 21:09 - 2012-01-04 00:58 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntshrui.dll
2015-02-23 21:09 - 2011-08-16 21:26 - 00613888 _____ (Microsoft Corporation) C:\Windows\system32\psisdecd.dll
2015-02-23 21:09 - 2011-08-16 21:25 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\psisrndr.ax
2015-02-23 21:09 - 2011-08-16 20:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisdecd.dll
2015-02-23 21:09 - 2011-08-16 20:19 - 00075776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\psisrndr.ax
2015-02-23 21:09 - 2011-06-15 21:49 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\xmllite.dll
2015-02-23 21:09 - 2011-06-15 20:33 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xmllite.dll
2015-02-23 21:08 - 2014-12-11 21:31 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-02-23 21:08 - 2014-12-11 21:07 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-02-23 21:08 - 2014-10-02 18:12 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-02-23 21:08 - 2014-10-02 18:11 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-02-23 21:08 - 2014-10-02 18:11 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-02-23 21:08 - 2014-10-02 18:11 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-02-23 21:08 - 2014-10-02 18:11 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-02-23 21:08 - 2014-10-02 17:44 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-02-23 21:08 - 2014-10-02 17:44 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-02-23 21:08 - 2014-10-02 17:44 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-02-23 21:08 - 2014-07-16 18:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-02-23 21:08 - 2014-07-16 18:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2015-02-23 21:08 - 2014-07-16 18:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2015-02-23 21:08 - 2014-07-16 18:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2015-02-23 21:08 - 2014-07-16 17:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2015-02-23 21:08 - 2014-07-16 17:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2015-02-23 21:08 - 2014-07-16 17:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2015-02-23 21:08 - 2014-07-16 17:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2015-02-23 21:08 - 2014-07-06 18:07 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-02-23 21:08 - 2014-07-06 18:06 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-02-23 21:08 - 2014-07-06 17:40 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-02-23 21:08 - 2014-07-06 17:40 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-02-23 21:08 - 2014-01-28 18:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-02-23 21:08 - 2014-01-28 18:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-02-23 21:08 - 2013-07-08 21:46 - 00139776 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-02-23 21:08 - 2013-07-08 20:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-02-23 21:08 - 2013-02-14 22:08 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-02-23 21:08 - 2013-02-14 22:02 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\aaclient.dll
2015-02-23 21:08 - 2013-02-14 19:25 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-02-23 21:08 - 2012-04-25 21:41 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\rdpwsx.dll
2015-02-23 21:08 - 2012-04-25 21:34 - 00009216 _____ (Microsoft Corporation) C:\Windows\system32\rdrmemptylst.exe
2015-02-23 21:03 - 2014-10-13 18:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2015-02-23 20:57 - 2015-01-15 00:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-02-23 20:57 - 2015-01-15 00:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-02-23 20:57 - 2015-01-15 00:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-02-23 20:57 - 2015-01-15 00:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-02-23 20:57 - 2015-01-15 00:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-02-23 20:57 - 2015-01-15 00:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-02-23 20:57 - 2015-01-15 00:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-02-23 20:57 - 2015-01-15 00:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-02-23 20:57 - 2015-01-15 00:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-02-23 20:57 - 2015-01-15 00:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-02-23 20:57 - 2015-01-15 00:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-02-23 20:57 - 2015-01-14 23:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-02-23 20:57 - 2015-01-14 23:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-02-23 20:57 - 2015-01-14 23:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-02-23 20:57 - 2015-01-14 23:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-02-23 20:57 - 2015-01-14 23:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-02-23 20:57 - 2015-01-14 23:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-02-23 20:57 - 2015-01-14 20:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-02-23 20:53 - 2015-01-13 22:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-02-23 20:53 - 2015-01-13 22:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-02-23 20:53 - 2015-01-13 22:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-02-23 20:53 - 2015-01-13 22:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-02-23 20:53 - 2015-01-13 21:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-02-23 20:53 - 2015-01-13 21:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-02-23 20:53 - 2015-01-13 21:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-02-23 20:52 - 2013-12-03 18:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2015-02-23 20:52 - 2013-12-03 18:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2015-02-23 20:52 - 2013-12-03 18:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2015-02-23 20:52 - 2013-12-03 18:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2015-02-23 20:52 - 2013-12-03 18:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2015-02-23 20:52 - 2013-12-03 18:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2015-02-23 20:52 - 2013-12-03 18:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2015-02-23 20:52 - 2013-12-03 18:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2015-02-23 20:52 - 2013-12-03 18:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2015-02-23 20:52 - 2013-12-03 18:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2015-02-23 20:52 - 2013-12-03 18:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2015-02-23 20:52 - 2013-12-03 18:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2015-02-23 20:52 - 2013-12-03 18:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2015-02-23 20:52 - 2013-12-03 18:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2015-02-23 20:52 - 2013-12-03 17:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2015-02-23 20:52 - 2013-12-03 17:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2015-02-23 20:52 - 2013-12-03 17:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2015-02-23 20:52 - 2013-12-03 17:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2015-02-23 20:51 - 2011-05-03 21:25 - 02315776 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2015-02-23 20:51 - 2011-05-03 21:22 - 02223616 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2015-02-23 20:51 - 2011-05-03 21:19 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2015-02-23 20:51 - 2011-05-03 20:32 - 01401344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2015-02-23 20:50 - 2013-05-12 21:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2015-02-23 20:50 - 2013-05-12 19:43 - 01192448 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2015-02-23 20:50 - 2013-05-12 19:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2015-02-23 20:50 - 2013-05-12 19:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2015-02-23 20:50 - 2011-05-03 21:22 - 00778752 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2015-02-23 20:50 - 2011-05-03 21:22 - 00491520 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2015-02-23 20:50 - 2011-05-03 21:22 - 00288256 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2015-02-23 20:50 - 2011-05-03 21:22 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\msscntrs.dll
2015-02-23 20:50 - 2011-05-03 21:19 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2015-02-23 20:50 - 2011-05-03 21:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\SearchFilterHost.exe
2015-02-23 20:50 - 2011-05-03 20:34 - 01549312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2015-02-23 20:50 - 2011-05-03 20:32 - 00666624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2015-02-23 20:50 - 2011-05-03 20:32 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2015-02-23 20:50 - 2011-05-03 20:32 - 00197120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssphtb.dll
2015-02-23 20:50 - 2011-05-03 20:32 - 00059392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscntrs.dll
2015-02-23 20:50 - 2011-05-03 20:28 - 00427520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2015-02-23 20:50 - 2011-05-03 20:28 - 00164352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2015-02-23 20:50 - 2011-05-03 20:28 - 00086528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchFilterHost.exe
2015-02-23 20:49 - 2013-10-03 18:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2015-02-23 20:49 - 2013-10-03 18:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2015-02-23 20:49 - 2013-10-03 17:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2015-02-23 20:49 - 2013-10-03 17:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2015-02-23 20:48 - 2014-10-13 18:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-02-23 20:48 - 2014-10-13 17:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-02-23 20:48 - 2014-06-03 02:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-02-23 20:48 - 2014-06-03 02:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-02-23 20:48 - 2014-06-03 02:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-02-23 20:48 - 2014-06-03 01:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-02-23 20:48 - 2014-06-03 01:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-02-23 20:48 - 2013-02-26 21:47 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-02-23 20:47 - 2014-06-18 14:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2015-02-23 20:47 - 2014-06-18 14:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2015-02-23 20:47 - 2014-06-18 14:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2015-02-23 20:47 - 2014-06-18 14:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2015-02-23 20:47 - 2014-06-18 14:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2015-02-23 20:47 - 2014-06-18 14:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2015-02-23 20:46 - 2014-04-04 18:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2015-02-23 20:46 - 2014-04-04 18:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2015-02-23 20:46 - 2013-11-26 03:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2015-02-23 20:45 - 2014-06-17 18:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2015-02-23 20:45 - 2014-06-17 17:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2015-02-23 20:45 - 2014-06-06 02:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2015-02-23 20:45 - 2014-06-06 01:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2015-02-23 20:45 - 2014-03-26 06:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-02-23 20:45 - 2014-03-26 06:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-02-23 20:45 - 2014-03-26 06:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-02-23 20:45 - 2014-03-26 06:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-02-23 20:45 - 2013-08-04 18:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2015-02-23 20:45 - 2011-10-25 21:25 - 01572864 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-02-23 20:45 - 2011-10-25 20:32 - 01328128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-02-23 20:45 - 2011-07-08 18:46 - 00288768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-02-23 20:45 - 2011-04-26 18:40 - 00158208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-02-23 20:45 - 2011-04-26 18:39 - 00128000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-02-23 20:44 - 2014-03-04 01:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2015-02-23 20:44 - 2014-03-04 01:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-02-23 20:44 - 2014-03-04 01:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2015-02-23 20:44 - 2014-03-04 01:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2015-02-23 20:44 - 2014-03-04 01:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2015-02-23 20:44 - 2014-03-04 01:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2015-02-23 20:44 - 2014-03-04 01:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2015-02-23 20:44 - 2014-03-04 01:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2015-02-23 20:44 - 2014-03-04 01:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2015-02-23 20:44 - 2014-03-04 01:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2015-02-23 20:44 - 2014-03-04 01:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2015-02-23 20:44 - 2014-03-04 01:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2015-02-23 20:44 - 2014-03-04 01:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2015-02-23 20:44 - 2014-03-04 01:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2015-02-23 20:44 - 2014-03-04 01:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2015-02-23 20:44 - 2014-03-04 01:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-02-23 20:44 - 2014-01-27 18:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2015-02-23 20:44 - 2013-10-29 18:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2015-02-23 20:44 - 2013-10-29 18:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2015-02-23 20:44 - 2013-03-18 21:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2015-02-23 20:44 - 2013-02-11 20:12 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2015-02-23 20:43 - 2014-12-18 17:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-02-23 20:43 - 2014-10-03 18:10 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-02-23 20:43 - 2014-10-03 17:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-02-23 20:43 - 2014-10-03 17:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-02-23 20:43 - 2014-03-04 01:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-02-23 20:43 - 2014-03-04 01:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-02-23 20:43 - 2014-03-04 01:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-02-23 20:43 - 2014-03-04 01:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-02-23 20:43 - 2014-03-04 01:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-02-23 20:43 - 2014-03-04 01:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-02-23 20:43 - 2014-03-04 01:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-02-23 20:43 - 2014-03-04 01:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-02-23 20:43 - 2014-03-04 01:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-02-23 20:43 - 2014-03-04 00:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-02-23 20:43 - 2014-03-04 00:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-02-23 20:43 - 2013-10-18 18:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2015-02-23 20:43 - 2013-10-18 17:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2015-02-23 20:43 - 2013-08-01 18:14 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-02-23 20:43 - 2013-08-01 18:12 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-02-23 20:43 - 2013-08-01 18:12 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-02-23 20:43 - 2013-08-01 18:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-02-23 20:43 - 2013-08-01 18:12 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-02-23 20:43 - 2013-08-01 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-02-23 20:43 - 2013-08-01 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-02-23 20:43 - 2013-08-01 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-02-23 20:43 - 2013-08-01 18:12 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-02-23 20:43 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-02-23 20:43 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-02-23 20:43 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-02-23 20:43 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-02-23 20:43 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-02-23 20:43 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-02-23 20:43 - 2013-08-01 18:12 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-02-23 20:43 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-02-23 20:43 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-02-23 20:43 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-02-23 20:43 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-02-23 20:43 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-02-23 20:43 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-02-23 20:43 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-02-23 20:43 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-02-23 20:43 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-02-23 20:43 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-02-23 20:43 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-02-23 20:43 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-02-23 20:43 - 2013-08-01 18:12 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-02-23 20:43 - 2013-08-01 17:48 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-02-23 20:43 - 2013-08-01 17:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-02-23 20:43 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-02-23 20:43 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-02-23 20:43 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-02-23 20:43 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-02-23 20:43 - 2013-08-01 17:48 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-02-23 20:43 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-02-23 20:43 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-02-23 20:43 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-02-23 20:43 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-02-23 20:43 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-02-23 20:43 - 2013-08-01 17:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-02-23 20:43 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-02-23 20:43 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-02-23 20:43 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-02-23 20:43 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-02-23 20:43 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-02-23 20:43 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-02-23 20:43 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-02-23 20:43 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-02-23 20:43 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-02-23 20:43 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-02-23 20:43 - 2013-08-01 17:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-02-23 20:43 - 2013-08-01 17:09 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-02-23 20:43 - 2013-08-01 16:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-02-23 20:43 - 2013-08-01 16:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-02-23 20:43 - 2013-08-01 16:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-02-23 20:43 - 2013-08-01 16:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-02-23 20:43 - 2011-12-29 22:26 - 00515584 _____ (Microsoft Corporation) C:\Windows\system32\timedate.cpl
2015-02-23 20:43 - 2011-12-29 21:27 - 00478720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\timedate.cpl
2015-02-23 20:42 - 2014-12-18 19:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-02-23 20:42 - 2014-11-10 17:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-02-23 20:42 - 2014-05-29 22:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-02-23 20:42 - 2013-10-03 18:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2015-02-23 20:42 - 2013-10-03 17:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2015-02-23 20:42 - 2013-07-25 01:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2015-02-23 20:42 - 2013-07-25 00:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2015-02-23 20:42 - 2012-08-22 10:12 - 00950128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-02-23 20:42 - 2012-07-04 14:16 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll
2015-02-23 20:42 - 2012-07-04 14:13 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\browser.dll
2015-02-23 20:42 - 2012-07-04 14:13 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\browcli.dll
2015-02-23 20:42 - 2012-07-04 13:16 - 00057344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2015-02-23 20:42 - 2012-07-04 13:14 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\browcli.dll
2015-02-23 20:42 - 2012-07-04 12:26 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys
2015-02-23 20:42 - 2011-08-26 21:37 - 00331776 _____ (Microsoft Corporation) C:\Windows\system32\oleacc.dll
2015-02-23 20:42 - 2011-08-26 20:26 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleacc.dll
2015-02-23 20:42 - 2011-04-08 22:58 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-02-23 20:42 - 2011-04-08 21:56 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-02-23 20:42 - 2011-03-10 22:34 - 01395712 _____ (Microsoft Corporation) C:\Windows\system32\mfc42.dll
2015-02-23 20:42 - 2011-03-10 22:34 - 01359872 _____ (Microsoft Corporation) C:\Windows\system32\mfc42u.dll
2015-02-23 20:42 - 2011-03-10 21:33 - 01164288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42u.dll
2015-02-23 20:42 - 2011-03-10 21:33 - 01137664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfc42.dll
2015-02-23 20:41 - 2013-06-05 21:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-02-23 20:41 - 2013-06-05 21:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-02-23 20:41 - 2013-06-05 21:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-02-23 20:41 - 2013-06-05 21:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-02-23 20:41 - 2013-06-05 20:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-02-23 20:41 - 2013-06-05 20:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-02-23 20:41 - 2013-06-05 20:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-02-23 20:41 - 2013-06-05 19:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-02-23 20:41 - 2013-06-05 19:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-02-23 20:41 - 2013-06-05 19:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-02-23 20:41 - 2013-05-09 21:49 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2015-02-23 20:41 - 2013-05-09 19:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2015-02-23 20:41 - 2013-01-23 22:01 - 00223752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2015-02-23 20:41 - 2011-12-16 00:46 - 00634880 _____ (Microsoft Corporation) C:\Windows\system32\msvcrt.dll
2015-02-23 20:41 - 2011-12-15 23:52 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2015-02-23 20:41 - 2011-05-02 21:29 - 00976896 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-02-23 20:41 - 2011-05-02 20:30 - 00741376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-02-23 20:40 - 2014-12-07 19:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-02-23 20:40 - 2014-12-07 18:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-02-23 20:40 - 2014-01-23 18:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2015-02-23 20:40 - 2013-10-11 18:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2015-02-23 20:40 - 2013-10-11 18:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2015-02-23 20:40 - 2013-10-11 18:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2015-02-23 20:40 - 2013-10-11 18:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2015-02-23 20:40 - 2013-10-11 17:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2015-02-23 20:40 - 2013-10-11 17:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2015-02-23 20:40 - 2013-10-11 17:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2015-02-23 20:40 - 2013-10-11 17:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2015-02-23 20:40 - 2011-02-18 02:51 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\prevhost.exe
2015-02-23 20:40 - 2011-02-17 21:39 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\prevhost.exe
2015-02-23 20:40 - 2011-02-12 03:34 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\FXSCOVER.exe
2015-02-23 20:38 - 2013-08-01 18:12 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-02-23 20:38 - 2013-08-01 18:12 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-02-23 20:38 - 2013-08-01 17:48 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-02-23 20:38 - 2013-08-01 16:59 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-02-23 20:38 - 2013-07-25 18:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2015-02-23 20:38 - 2013-07-25 17:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2015-02-23 20:38 - 2012-10-03 09:44 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll
2015-02-23 20:38 - 2012-10-03 09:44 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-02-23 20:38 - 2012-10-03 09:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-02-23 20:38 - 2012-10-03 09:44 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2015-02-23 20:38 - 2012-10-03 09:42 - 00569344 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2015-02-23 20:38 - 2012-10-03 08:42 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2015-02-23 20:38 - 2012-10-03 08:42 - 00018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2015-02-23 20:38 - 2012-10-03 08:07 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2015-02-23 20:37 - 2014-11-07 19:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-02-23 20:37 - 2014-11-07 18:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-02-23 20:36 - 2014-06-24 18:05 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-02-23 20:36 - 2014-06-24 17:41 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-02-23 20:36 - 2014-02-03 18:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2015-02-23 20:36 - 2014-02-03 18:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2015-02-23 20:36 - 2014-02-03 18:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2015-02-23 20:36 - 2014-02-03 18:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2015-02-23 20:36 - 2014-02-03 18:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2015-02-23 20:36 - 2013-11-26 17:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2015-02-23 20:36 - 2013-11-26 17:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2015-02-23 20:36 - 2013-11-26 17:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2015-02-23 20:36 - 2013-11-26 17:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2015-02-23 20:36 - 2013-11-26 17:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2015-02-23 20:36 - 2012-06-05 22:02 - 01133568 _____ (Microsoft Corporation) C:\Windows\system32\cdosys.dll
2015-02-23 20:36 - 2012-06-05 21:03 - 00805376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2015-02-23 20:35 - 2014-08-22 18:07 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-02-23 20:35 - 2014-08-22 17:45 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-02-23 20:35 - 2014-08-20 22:43 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-02-23 20:35 - 2014-08-20 22:40 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-02-23 20:35 - 2014-08-20 22:26 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-02-23 20:35 - 2014-08-20 22:23 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-02-23 20:35 - 2013-09-07 18:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2015-02-23 20:35 - 2013-09-07 18:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2015-02-23 20:35 - 2013-07-12 02:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2015-02-23 20:35 - 2012-08-21 13:01 - 00245760 _____ (Microsoft Corporation) C:\Windows\system32\OxpsConverter.exe
2015-02-23 20:35 - 2011-03-02 22:24 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dnsapi.dll
2015-02-23 20:35 - 2011-03-02 22:24 - 00183296 _____ (Microsoft Corporation) C:\Windows\system32\dnsrslvr.dll
2015-02-23 20:35 - 2011-03-02 22:21 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\dnscacheugc.exe
2015-02-23 20:35 - 2011-03-02 21:38 - 00270336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnsapi.dll
2015-02-23 20:35 - 2011-03-02 21:36 - 00028672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dnscacheugc.exe
2015-02-23 20:35 - 2011-02-22 20:55 - 00090624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bowser.sys
2015-02-23 20:34 - 2015-01-08 18:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-02-23 20:34 - 2014-10-02 18:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2015-02-23 20:34 - 2014-10-02 18:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2015-02-23 20:34 - 2014-10-02 18:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2015-02-23 20:34 - 2014-10-02 18:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2015-02-23 20:34 - 2014-10-02 18:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2015-02-23 20:34 - 2014-10-02 17:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2015-02-23 20:34 - 2014-10-02 17:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2015-02-23 20:34 - 2014-10-02 17:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2015-02-23 20:34 - 2014-10-02 17:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2015-02-23 20:34 - 2014-10-02 17:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2015-02-23 20:34 - 2014-09-24 18:08 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-02-23 20:34 - 2014-09-24 17:40 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-02-23 20:34 - 2014-08-11 18:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2015-02-23 20:34 - 2014-08-11 17:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2015-02-23 20:34 - 2014-06-15 18:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2015-02-23 20:34 - 2013-10-11 18:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2015-02-23 20:34 - 2013-10-11 18:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2015-02-23 20:34 - 2013-10-11 18:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2015-02-23 20:34 - 2013-10-11 18:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2015-02-23 20:34 - 2013-10-11 18:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2015-02-23 20:34 - 2013-07-04 04:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-02-23 20:34 - 2013-07-04 04:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-02-23 20:34 - 2013-07-04 03:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-02-23 20:34 - 2013-07-04 03:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-02-23 20:34 - 2013-07-02 20:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2015-02-23 20:34 - 2013-07-02 20:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2015-02-23 20:34 - 2013-06-25 14:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2015-02-23 20:34 - 2013-04-25 21:51 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2015-02-23 20:34 - 2013-04-25 20:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2015-02-23 20:34 - 2013-04-09 22:01 - 00265064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2015-02-23 20:34 - 2012-11-28 14:56 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2015-02-23 20:34 - 2012-11-28 14:56 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2015-02-23 20:34 - 2012-11-28 14:56 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
2015-02-23 20:34 - 2012-11-01 21:59 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2015-02-23 20:34 - 2012-11-01 21:11 - 00376832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2015-02-23 20:34 - 2012-05-13 21:26 - 00956928 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-02-23 20:34 - 2011-10-14 22:31 - 00723456 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2015-02-23 20:34 - 2011-10-14 21:38 - 00534528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2015-02-23 20:34 - 2011-04-28 19:06 - 00467456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv.sys
2015-02-23 20:34 - 2011-04-28 19:05 - 00410112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srv2.sys
2015-02-23 20:34 - 2011-04-28 19:05 - 00168448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\srvnet.sys
2015-02-23 20:34 - 2011-02-03 03:25 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2015-02-23 20:33 - 2014-10-29 18:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2015-02-23 20:33 - 2014-10-29 17:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2015-02-23 20:33 - 2014-10-24 17:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2015-02-23 20:33 - 2014-10-24 17:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2015-02-23 20:33 - 2014-09-03 21:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2015-02-23 20:33 - 2014-09-03 21:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2015-02-23 20:33 - 2013-08-27 17:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2015-02-23 20:33 - 2013-07-20 02:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-02-23 20:33 - 2013-07-20 02:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-02-23 20:33 - 2012-11-22 19:13 - 00068608 _____ (Microsoft Corporation) C:\Windows\system32\taskhost.exe
2015-02-23 20:33 - 2012-09-25 14:47 - 00078336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2015-02-23 20:33 - 2012-09-25 14:46 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll
2015-02-23 20:33 - 2011-05-24 03:42 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\umpnpmgr.dll
2015-02-23 20:33 - 2011-05-24 02:40 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devobj.dll
2015-02-23 20:33 - 2011-05-24 02:40 - 00044544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devrtl.dll
2015-02-23 20:33 - 2011-05-24 02:39 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cfgmgr32.dll
2015-02-23 20:33 - 2011-05-24 02:37 - 00252928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drvinst.exe
2015-02-23 20:33 - 2011-02-05 09:10 - 00642944 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-02-23 20:33 - 2011-02-05 09:10 - 00020352 _____ (Microsoft Corporation) C:\Windows\system32\kdusb.dll
2015-02-23 20:33 - 2011-02-05 09:10 - 00019328 _____ (Microsoft Corporation) C:\Windows\system32\kd1394.dll
2015-02-23 20:33 - 2011-02-05 09:10 - 00017792 _____ (Microsoft Corporation) C:\Windows\system32\kdcom.dll
2015-02-23 20:33 - 2011-02-05 09:06 - 00605552 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-02-23 20:33 - 2011-02-05 09:06 - 00566208 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-02-23 20:33 - 2011-02-05 09:06 - 00518672 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-02-23 20:18 - 2015-02-23 20:18 - 00000000 ____D () C:\Users\Tsunami Dream\AppData\Local\WindowsUpdate
2015-02-23 20:08 - 2014-07-13 18:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-02-23 20:08 - 2014-07-13 17:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-02-23 19:57 - 2012-02-16 22:38 - 01031680 _____ (Microsoft Corporation) C:\Windows\system32\rdpcore.dll
2015-02-23 19:57 - 2012-02-16 21:34 - 00826880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpcore.dll
2015-02-23 19:57 - 2012-02-16 20:57 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdtcp.sys
2015-02-23 19:50 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-02-23 19:50 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-02-23 19:50 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-02-23 19:50 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-02-23 19:50 - 2014-05-14 08:23 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-02-23 19:50 - 2014-05-14 08:23 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-02-23 19:50 - 2014-05-14 08:23 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-02-23 19:50 - 2014-05-14 08:23 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-02-23 19:50 - 2014-05-14 08:23 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-02-23 19:50 - 2014-05-14 08:23 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-02-23 19:50 - 2014-05-14 08:23 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-02-23 19:50 - 2014-05-14 08:21 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-02-23 19:50 - 2014-05-14 08:20 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-02-23 19:50 - 2014-05-14 08:17 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-02-23 19:47 - 2015-02-28 07:02 - 00000000 ____D () C:\Program Files (x86)\PdaNet for Android
2015-02-23 19:47 - 2015-02-23 19:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PdaNet for Android
2015-02-23 19:47 - 2011-11-25 00:25 - 00015360 _____ (June Fabrics Technology Inc.) C:\Windows\system32\Drivers\pneteth.sys
2015-02-23 19:39 - 2015-02-24 03:39 - 00001427 _____ () C:\Users\Tsunami Dream\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-02-23 19:38 - 2015-02-28 16:13 - 00000000 ____D () C:\Users\Tsunami Dream
2015-02-23 19:38 - 2015-02-23 19:38 - 00000020 ___SH () C:\Users\Tsunami Dream\ntuser.ini
2015-02-23 19:38 - 2015-02-23 19:38 - 00000000 ____D () C:\Users\Tsunami Dream\AppData\Local\VirtualStore
2015-02-23 19:38 - 2009-07-13 20:54 - 00000000 ___RD () C:\Users\Tsunami Dream\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-02-23 19:38 - 2009-07-13 20:49 - 00000000 ___RD () C:\Users\Tsunami Dream\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-02-23 19:23 - 2015-03-01 20:50 - 01395110 _____ () C:\Windows\WindowsUpdate.log
2015-02-23 19:23 - 2015-02-23 19:23 - 00001345 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2015-02-23 19:23 - 2015-02-23 19:23 - 00001326 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2015-02-23 19:22 - 2015-02-23 19:22 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2015-02-23 19:21 - 2015-02-23 19:21 - 00000000 ____H () C:\Windows\system32\Drivers\Msft_User_WpdFs_01_09_00.Wdf
2015-02-23 19:19 - 2015-03-01 05:36 - 00000000 ____D () C:\Windows\Panther
2015-02-23 16:54 - 2015-02-23 16:54 - 00001890 _____ () C:\Windows\diagwrn.xml
2015-02-23 16:54 - 2015-02-23 16:54 - 00001890 _____ () C:\Windows\diagerr.xml
2015-02-22 20:19 - 2015-02-28 06:29 - 00000000 ____D () C:\Program Files\WinZip
2015-02-22 17:59 - 2015-02-22 18:05 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Software
2015-02-22 17:45 - 2015-02-22 17:46 - 00000426 _____ () C:\Users\Tsunami Dream\Documents\New Text Document.txt
2015-02-22 16:59 - 2015-02-22 16:59 - 00021024 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0.bak
2015-02-22 16:59 - 2015-02-22 16:59 - 00021024 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0.bak
2015-02-22 16:59 - 2015-02-22 16:59 - 00000552 _____ () C:\Windows\system32\spsys.log
2015-02-22 13:50 - 1997-11-19 14:49 - 00303616 _____ (InstallShield Software Corporation) C:\Windows\IsUninst.exe
2015-02-22 04:04 - 2015-02-25 16:22 - 00000000 ____D () C:\Program Files (x86)\Xpadder
2015-02-21 12:38 - 2015-03-01 04:16 - 00000000 ____D () C:\Bethesda
2015-02-21 06:00 - 2014-02-08 17:24 - 00012030 _____ () C:\Users\Tsunami Dream\Documents\Sue & Ruben Movie List.xlsx
2015-02-21 06:00 - 2014-01-29 00:13 - 00000341 _____ () C:\Users\Tsunami Dream\Documents\ax_files.xml
2015-02-21 06:00 - 2014-01-28 17:39 - 00015187 _____ () C:\Users\Tsunami Dream\Documents\Movie List 1.28.14.xlsx
2015-02-21 06:00 - 2014-01-11 13:53 - 00013410 _____ () C:\Users\Tsunami Dream\Documents\Book1.xlsx
2015-02-21 06:00 - 2013-10-02 01:15 - 00008936 _____ () C:\Users\Tsunami Dream\Documents\cc_20131002_021512.reg
2015-02-21 05:24 - 2015-03-01 02:15 - 00000000 ____D () C:\Transfer
2015-02-21 05:13 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2015-02-21 05:13 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2015-02-21 05:13 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2015-02-21 05:13 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2015-02-21 05:13 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2015-02-21 05:13 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2015-02-21 05:13 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2015-02-21 05:13 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2015-02-21 05:12 - 2015-02-21 05:13 - 00000000 ____D () C:\Windows\SysWOW64\directx
2015-02-09 18:42 - 2015-02-09 18:42 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-02-06 11:42 - 2015-02-06 11:42 - 00003004 _____ () C:\Windows\System32\Tasks\{A7002EFA-594B-4196-9D5D-8E060251C6C2}
2015-02-06 11:42 - 2015-02-06 11:42 - 00003004 _____ () C:\Windows\System32\Tasks\{5799C4E8-7A4E-4397-B430-9D7216EAF7FA}
2015-02-04 18:55 - 2014-07-16 18:07 - 01113088 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-02-03 20:51 - 2015-02-21 07:47 - 00000762 _____ () C:\Windows\system32\TeamViewer10_Hooks.log
2015-02-02 20:13 - 2015-02-22 13:22 - 00000000 ____D () C:\Windows\system32\SPReview
2015-02-02 20:13 - 2015-02-22 13:22 - 00000000 ____D () C:\Windows\system32\EventProviders
2015-02-02 20:09 - 2010-11-20 05:27 - 00133632 _____ (Microsoft Corporation) C:\Windows\system32\tssrvlic.dll
2015-02-02 20:09 - 2010-11-20 05:26 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\LSCSHostPolicy.dll
2015-02-02 20:09 - 2010-11-20 05:25 - 00299520 _____ (Microsoft Corporation) C:\Windows\system32\rdpshell.exe
2015-02-02 20:09 - 2010-11-20 05:25 - 00095744 _____ () C:\Windows\system32\RDVGHelper.exe
2015-02-02 20:09 - 2010-11-20 04:30 - 00079232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvgumd32.dll
2015-02-02 20:09 - 2010-11-20 03:07 - 00162816 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-02-02 20:08 - 2010-11-20 05:27 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\tspubwmi.dll
2015-02-02 20:08 - 2010-11-20 05:26 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\fvecpl.dll
2015-02-02 20:08 - 2010-11-20 05:25 - 00178176 _____ (Microsoft Corporation) C:\Windows\system32\rdpinit.exe
2015-02-02 20:08 - 2010-11-20 05:25 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\rdpsign.exe
2015-02-02 20:08 - 2010-11-20 05:24 - 00130560 _____ (Microsoft Corporation) C:\Windows\system32\BdeHdCfg.exe
2015-02-02 20:08 - 2010-11-20 03:03 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-02-02 03:00 - 2015-02-22 20:04 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2015-02-01 15:23 - 2015-02-01 15:21 - 01804512 _____ () C:\WindowsGABRIOLA.tt2
2015-02-01 15:22 - 2015-02-01 15:22 - 00000000 ____D () C:\Program Files (x86)\Codelobster Software
2015-02-01 02:50 - 2015-02-01 21:04 - 00000000 ____D () C:\Program Files (x86)\Tor Browser
2015-02-01 02:03 - 2015-02-09 19:22 - 00000000 ____D () C:\Program Files\CCleaner
2015-02-01 02:03 - 2015-02-01 02:03 - 00002768 _____ () C:\Windows\System32\Tasks\CCleanerSkipUAC
2015-01-30 15:20 - 2015-01-30 15:20 - 00000000 ____D () C:\Windows\system32\Macromed
2015-01-30 15:19 - 2015-01-30 15:19 - 00003132 _____ () C:\Windows\System32\Tasks\{7D5A316B-49A6-40A4-A315-0AB877D14D0A}
2015-01-30 15:19 - 2015-01-30 15:19 - 00000000 ____D () C:\Windows\SysWOW64\Macromed
2015-01-30 05:54 - 2015-02-09 19:25 - 00000000 ____D () C:\Windows\Minidump
2015-01-30 05:38 - 2015-01-30 05:38 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2015-01-30 05:38 - 2015-01-30 05:38 - 00000000 ____D () C:\Windows\USB_Vibration
2015-01-30 05:38 - 2015-01-30 05:38 - 00000000 ____D () C:\Program Files (x86)\USB_Vibration
2015-01-30 05:07 - 2015-03-01 03:53 - 00000000 ____D () C:\Users\Tsunami Dream\My Games

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-03-01 20:35 - 2009-07-13 21:13 - 00787060 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-03-01 20:35 - 2009-07-13 20:45 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-03-01 20:35 - 2009-07-13 20:45 - 00021680 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-03-01 20:28 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-03-01 18:09 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\rescache
2015-03-01 16:42 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\inetsrv
2015-03-01 16:42 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\inetsrv
2015-03-01 16:00 - 2009-07-13 20:45 - 00437872 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-03-01 15:14 - 2014-10-05 15:34 - 00000000 ____D () C:\Windows\AutoKMS
2015-03-01 13:10 - 2015-01-28 15:31 - 00000000 ____D () C:\Intel
2015-03-01 09:51 - 2009-07-13 18:34 - 00000505 _____ () C:\Windows\win.ini
2015-03-01 07:11 - 2014-09-24 22:33 - 00003112 _____ () C:\Windows\System32\Tasks\Express FilesUpdate
2015-03-01 07:03 - 2014-07-06 07:22 - 00000000 ____D () C:\Program Files\ZTE Handset USB Driver
2015-03-01 04:33 - 2014-09-13 08:33 - 00000000 ____D () C:\Users\Master
2015-02-28 15:01 - 2015-01-28 08:52 - 00000000 ____D () C:\Temp
2015-02-28 07:45 - 2009-07-13 21:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-02-28 07:30 - 2015-01-28 06:01 - 00000000 ____D () C:\Users\RSL
2015-02-28 07:20 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\oobe
2015-02-28 07:20 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\NDF
2015-02-28 07:18 - 2009-07-13 19:20 - 00000000 __RSD () C:\Windows\Media
2015-02-28 07:18 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\Registration
2015-02-28 07:16 - 2009-07-13 20:45 - 00000000 ____D () C:\Windows\Setup
2015-02-28 07:16 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\Resources
2015-02-28 07:16 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\LiveKernelReports
2015-02-28 07:02 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files (x86)\Windows Sidebar
2015-02-26 03:20 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-02-26 03:02 - 2009-07-13 19:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-02-24 03:39 - 2009-07-13 20:57 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-02-24 03:27 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\tracing
2015-02-24 03:27 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\zh-HK
2015-02-24 03:27 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR
2015-02-24 03:27 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\zh-HK
2015-02-24 03:27 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\tr-TR
2015-02-24 03:27 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\AppCompat
2015-02-24 03:27 - 2009-07-13 19:20 - 00000000 ____D () C:\Program Files\Common Files\System
2015-02-24 03:26 - 2011-04-12 00:28 - 00000000 ____D () C:\Program Files\Windows Journal
2015-02-24 03:26 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files\Windows Defender
2015-02-24 03:26 - 2009-07-13 21:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-02-24 03:26 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-02-24 03:26 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-02-23 21:18 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\Help
2015-02-23 19:48 - 2009-07-13 21:32 - 00000000 ____D () C:\Windows\system32\restore
2015-02-23 19:38 - 2014-09-13 08:33 - 00000000 __SHD () C:\Recovery
2015-02-23 19:38 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\Recovery
2015-02-23 19:23 - 2009-07-13 19:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-02-23 19:23 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\system32\sysprep
2015-02-23 19:20 - 2011-04-12 00:28 - 00000000 ____D () C:\Windows\CSC
2015-02-23 19:19 - 2009-07-13 21:38 - 00025600 ___SH () C:\Windows\system32\config\BCD-Template.LOG
2015-02-23 19:19 - 2009-07-13 21:32 - 00028672 _____ () C:\Windows\system32\config\BCD-Template
2015-02-23 18:44 - 2014-10-04 14:25 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-02-22 14:25 - 2015-01-28 07:05 - 00000000 ____D () C:\Program Files (x86)\TeamViewer
2015-02-03 03:16 - 2009-07-13 23:46 - 00000000 __SHD () C:\Windows\BitLockerDiscoveryVolumeContents

==================== Files in the root of some directories =======

2015-01-25 08:12 - 2015-01-25 08:12 - 0002086 _____ () C:\Users\Tsunami Dream\AppData\Roaming\DUWV
2015-03-01 09:46 - 2015-03-01 09:46 - 1478104 _____ (Cinema PlusV01.03) C:\Users\Tsunami Dream\AppData\Roaming\DUWV.exe
2015-01-25 08:12 - 2015-01-25 08:12 - 0001248 _____ () C:\Users\Tsunami Dream\AppData\Roaming\LJZLY
2015-03-01 09:46 - 2015-03-01 09:46 - 1804760 _____ (Cinema PlusV01.03) C:\Users\Tsunami Dream\AppData\Roaming\LJZLY.exe
2015-03-01 09:54 - 2015-03-01 09:54 - 0613067 _____ (CMI Limited) C:\Users\Tsunami Dream\AppData\Local\nsqF1B7.tmp
2015-03-01 16:39 - 2015-03-01 20:47 - 0007603 _____ () C:\Users\Tsunami Dream\AppData\Local\Resmon.ResmonCfg
2015-02-27 17:37 - 2015-02-27 17:37 - 0208248 _____ () C:\ProgramData\1425087087.bdinstall.bin
2015-03-01 03:28 - 2015-03-01 03:28 - 0037823 _____ () C:\ProgramData\1425209323.bdinstall.bin
2015-03-01 03:29 - 2015-03-01 03:29 - 0097283 _____ () C:\ProgramData\1425209324.bdinstall.bin

Some content of TEMP:
====================
C:\Users\Tsunami Dream\AppData\Local\Temp\Quarantine.exe
C:\Users\Tsunami Dream\AppData\Local\Temp\sqlite3.dll


Some zero byte size files/folders:
==========================
C:\Windows\System32\BDSandBoxUH.dll
C:\Windows\System32\BDSandBoxUISkin.dll
C:\Windows\System32\BDSandBoxUISkin32.dll

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-02-24 03:02

==================== End Of Log ============================
19rlowe81
Active Member
 
Posts: 12
Joined: March 1st, 2015, 5:38 pm

Re: Stupid "CouponDropDown" Bug! Arrrrrgggghhhh!

Unread postby 19rlowe81 » March 2nd, 2015, 2:22 am

Addition.txt :

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-02-2015
Ran by Tsunami Dream at 2015-03-01 22:05:16
Running from C:\Users\Tsunami Dream\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Emsisoft Anti-Malware (Enabled - Up to date) {8504DEEF-CC04-1F76-2137-F1A5F4A659DA}
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Emsisoft Anti-Malware (Enabled - Up to date) {3E653F0B-EA3E-10F8-1B87-CAD78F211367}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Reader XI (11.0.10) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.10.1.0 - Asmedia Technology)
ASRock eXtreme Tuner v0.1.257 (HKLM-x32\...\ASRock eXtreme Tuner_is1) (Version: - )
ASRock XFast RAM v2.0.9 (HKLM\...\ASRock XFast RAM_is1) (Version: - ASRock Inc.)
Cisco Packet Tracer 6.1.1 Instructor (HKLM-x32\...\Cisco Packet Tracer 6.1.1 Instructor_is1) (Version: - Cisco Systems, Inc.)
Emsisoft Anti-Malware (HKLM-x32\...\{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1) (Version: 7.0 - Emsisoft GmbH)
ExpressFiles (HKU\S-1-5-21-2140818859-1863541225-2881176698-1000\...\ExpressFiles) (Version: 1.9.7 - http://www.express-files.com/) <==== ATTENTION
Intel(R) Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4061 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4693.1002 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.7.205.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 36.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 36.0 (x86 en-US)) (Version: 36.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0.1 - Mozilla)
NVIDIA 3D Vision Controller Driver 347.09 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 347.09 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 347.52 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.5 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 347.52 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 347.52 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.33.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.33.0 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (Version: 15.0.4693.1002 - Microsoft Corporation) Hidden
Pavtube Video Converter Ultimate Ver 4.5.0.5225 (HKLM-x32\...\{682B3199-76C3-4745-B7AE-FC13F6676421}_is1) (Version: - )
PdaNet+ for Android 4.17 (HKLM-x32\...\PdaNet_is1) (Version: - June Fabrics Technology Inc)
Revo Uninstaller Pro 3.0.7 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.0.7 - VS Revo Group, Ltd.)
SHIELD Streaming (Version: 3.1.3000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.18.9 - NVIDIA Corporation) Hidden
SpyHunter (HKLM-x32\...\{4FC9DA9D-F608-454E-8191-D7EFFDCC5726}) (Version: 4.1.11 - Enigma Software Group USA, LLC)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
The Elder Scrolls III: Morrowind (HKLM-x32\...\Steam App 22320) (Version: - Bethesda Game Studios®)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version: - Bethesda Game Studios)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 2.1.1 - Tweaking.com)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

CustomCLSID: HKU\S-1-5-21-2140818859-1863541225-2881176698-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points =========================

01-03-2015 13:07:18 Intel® Driver Update Utility
01-03-2015 15:46:51 Windows Update
01-03-2015 16:42:08 Windows Modules Installer

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 18:34 - 2015-03-01 20:29 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {0B7E2DC3-B672-45A8-BAE5-D3C087AA3336} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-12-30] (Microsoft Corporation)
Task: {3BA15C36-25CF-44A9-B79D-AD2E0ED7E549} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-23] (Microsoft Corporation)
Task: {65BCEC85-0394-4A57-A101-95995F684296} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
Task: {683A59A3-CD6D-4F78-B269-908F4E506217} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-02-23] (Microsoft Corporation)
Task: {76596711-9AF9-4A73-998B-2A75BA207E99} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx64\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-02-23] (Microsoft Corporation)
Task: {85C899B1-ABF2-486A-B204-C77F96C7A753} - System32\Tasks\Express FilesUpdate => C:\Program Files (x86)\ExpressFiles\EFUpdater.exe [2015-03-01] () <==== ATTENTION
Task: {90166816-CED5-4196-BB76-250BF3ACAC63} - System32\Tasks\Auslogics\Anti-Malware\Start Anti-Malware оn Tsunami Dream logon => C:\Program Files (x86)\Auslogics\Anti-Malware\AntiMalware.exe
Task: {9B04800F-2E7B-44E1-A884-7EE747916496} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe <==== ATTENTION
Task: {C26004C7-7B59-469C-ACE6-575BEEBB3956} - System32\Tasks\Malware Cleaner => C:\Users\Tsunami Dream\AppData\Roaming\4D30.tmp.exe
Task: {D268232D-42F1-4216-A4E8-C7BAE03BCFFF} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {E4A990D6-A621-4200-AAC8-193EC8305FBD} - \Jelbrus Secure Web Task No Task File <==== ATTENTION
Task: {FD52416D-23E2-4495-8DF7-F6C3815D7F26} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-12-30] (Microsoft Corporation)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) ==============

2015-02-23 21:18 - 2015-02-05 11:07 - 00117576 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-02-23 21:31 - 2015-02-23 21:36 - 08898728 _____ () C:\Program Files\Microsoft Office 15\root\Office15\1033\GrooveIntlResource.dll
2015-03-01 07:11 - 2015-03-01 07:11 - 00249440 ____N () C:\Program Files (x86)\ExpressFiles\EFUpdater.exe
2015-02-23 21:30 - 2014-05-20 08:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-03-01 09:35 - 2015-03-01 09:35 - 00113664 _____ () C:\Users\Tsunami Dream\AppData\Roaming\03000200-1425202495-0500-0006-000700080009\nstC89C.tmpfs
2015-03-01 09:35 - 2015-03-01 09:35 - 00174592 _____ () C:\Users\Tsunami Dream\AppData\Roaming\03000200-1425202495-0500-0006-000700080009\jnsiF617.tmp
2015-02-23 19:47 - 2015-01-02 10:19 - 01054520 _____ () C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
2015-03-01 22:00 - 2015-03-01 22:00 - 02126848 _____ () C:\Users\Tsunami Dream\Desktop\adwcleaner_4.111.exe
2010-05-18 16:54 - 2010-05-18 16:54 - 00395776 _____ () C:\Program Files (x86)\Enigma Software Group\SpyHunter\ExecutionGuard.dll
2015-02-23 21:36 - 2015-02-23 21:36 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-02-23 21:54 - 2015-02-23 21:54 - 01020928 _____ () C:\Users\Tsunami Dream\AppData\Roaming\Mozilla\Firefox\Profiles\h49uz3c2.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
2015-03-01 20:58 - 2015-03-01 20:58 - 00011264 _____ () C:\Users\Tsunami Dream\AppData\Local\Temp\nsw46B1.tmp\System.dll
2015-03-01 20:58 - 2015-03-01 20:58 - 00117248 _____ () C:\Users\Tsunami Dream\AppData\Local\Temp\nsw46B1.tmp\IpConfig.dll

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"

==================== EXE Association (whitelisted) ===============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2140818859-1863541225-2881176698-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Tsunami Dream\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 8.8.8.8

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\steam.exe" -silent

==================== Accounts: =============================

Administrator (S-1-5-21-2140818859-1863541225-2881176698-500 - Administrator - Disabled)
Guest (S-1-5-21-2140818859-1863541225-2881176698-501 - Limited - Disabled)
Tsunami Dream (S-1-5-21-2140818859-1863541225-2881176698-1000 - Administrator - Enabled) => C:\Users\Tsunami Dream

==================== Faulty Device Manager Devices =============

Name: cherimoya
Description: cherimoya
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: cherimoya
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: SM Bus Controller
Description: SM Bus Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: Microsoft ISATAP Adapter
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Microsoft ISATAP Adapter #2
Description: Microsoft ISATAP Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Ethernet Controller
Description: Ethernet Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

Name: qrnfd_1_10_0_9
Description: qrnfd_1_10_0_9
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: qrnfd_1_10_0_9
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Microsoft Teredo Tunneling Adapter
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: Universal Serial Bus (USB) Controller
Description: Universal Serial Bus (USB) Controller
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/01/2015 08:28:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/01/2015 07:46:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (03/01/2015 08:32:41 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The esgiguard service failed to start due to the following error:
%%1275

Error: (03/01/2015 08:32:41 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgi has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (03/01/2015 08:32:36 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The esgiguard service failed to start due to the following error:
%%1275

Error: (03/01/2015 08:32:36 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Program Files (x86)\Enigma Software Group\SpyHunter\esgi has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.

Error: (03/01/2015 08:28:30 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cherimoya
qrnfd_1_10_0_9

Error: (03/01/2015 08:28:21 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Emsisoft Anti-Malware 7.0 - Service service hung on starting.

Error: (03/01/2015 07:46:24 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load:
cherimoya
qrnfd_1_10_0_9

Error: (03/01/2015 07:46:17 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Emsisoft Anti-Malware 7.0 - Service service hung on starting.


Microsoft Office Sessions:
=========================
Error: (03/01/2015 08:28:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/01/2015 07:46:33 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
Date: 2015-03-01 20:32:41.806
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-03-01 20:32:41.775
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-03-01 20:32:36.768
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2015-03-01 20:32:36.721
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Program Files (x86)\Enigma Software Group\SpyHunter\esgiguard.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz
Percentage of memory in use: 26%
Total physical RAM: 8075.08 MB
Available physical RAM: 5899.21 MB
Total Pagefile: 16073.27 MB
Available Pagefile: 12570.59 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (Local Disk) (Fixed) (Total:1397.17 GB) (Free:1228.27 GB) NTFS
Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.06 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (COLLEGE) (Removable) (Total:15.1 GB) (Free:13.1 GB) FAT32
Drive g: (Movie Backup) (Fixed) (Total:1863.01 GB) (Free:595.02 GB) NTFS ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: 065F49BD)
Partition 1: (Active) - (Size=1863 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: 4BE1A334)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1397.2 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (Size: 15.1 GB) (Disk ID: 6F20736B)
No partition Table on disk 2.
Disk 2 is a removable device.

==================== End Of Log ============================
19rlowe81
Active Member
 
Posts: 12
Joined: March 1st, 2015, 5:38 pm

Re: Stupid "CouponDropDown" Bug! Arrrrrgggghhhh!

Unread postby 19rlowe81 » March 2nd, 2015, 2:24 am

And finally, Search.txt:

Farbar Recovery Scan Tool (x64) Version: 29-02-2015
Ran by Tsunami Dream at 2015-03-01 22:09:54
Running from C:\Users\Tsunami Dream\Desktop
Boot Mode: Normal

================== Search Registry: "Fun4IM;Bandoo;Searchnu;Searchqu;iLivid;whitesmoke;datamngr;kelkoopartners;trolltech;babylon;conduit;swellsearch;globalUpdate;smartweb" ===========


===================== Search result for "Searchqu" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
""="ISearchQueryHelper"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
""="ISearchQueryHelper"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\15.0\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{5072148C-DE7A-4826-965C-812AB676E0A4}]
""="IUccUserSearchQuery"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\15.0\ClickToRun\REGISTRY\MACHINE\Software\Classes\Interface\{94F59D79-583A-4547-A620-EAD932A2F2EB}]
""="_IUccUserSearchQueryEvents"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
""="ISearchQueryHelper"


===================== Search result for "trolltech" ==========

[HKEY_USERS\S-1-5-21-2140818859-1863541225-2881176698-1000\Software\Trolltech]


===================== Search result for "babylon" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"


===================== Search result for "swellsearch" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}]
"FaviconURL"="http://websearch.swellsearch.info/favicon.ico"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}]
"URL"="http://websearch.swellsearch.info/?l=1&q={searchTerms}&pid=3458&r=2015/03/01&hid=17527313840990002891&lg=EN&cc=HK&unqvl=84"


===================== Search result for "globalUpdate" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}]
"LocalService"="globalUpdatem"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine\CurVer]
""="globalUpdate.OneClickProcessLauncherMachine.1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0]
""="globalUpdate.OneClickProcessLauncher"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdate.Update3WebControl.4]
""="globalUpdate Update Plugin"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync\CurVer]
""="globalUpdateUpdate.CoCreateAsync.1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.CoreClass]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass\CurVer]
""="globalUpdateUpdate.CoreMachineClass.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine\CurVer]
""="globalUpdateUpdate.OnDemandCOMClassMachine.1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc\CurVer]
""="globalUpdateUpdate.OnDemandCOMClassSvc.1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService\CurVer]
""="globalUpdateUpdate.Update3COMClassService.1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback\CurVer]
""="globalUpdateUpdate.Update3WebMachineFallback.1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0]

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}\InprocHandler32]
""="C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\psmachine.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}\VersionIndependentProgID]
""="globalUpdateUpdate.OnDemandCOMClassSvc"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}\VersionIndependentProgID]
""="globalUpdateUpdate.CoreClass"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}\VersionIndependentProgID]
""="globalUpdateUpdate.Update3COMClassService"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}\VersionIndependentProgID]
""="globalUpdateUpdate.Update3WebSvc"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}]
"LocalService"="globalUpdatem"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\GlobalUpdate]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\GlobalUpdate\Update\Clients\{430FD4D0-B729-4F61-AA34-91526481799D}]
"name"="globalUpdate Update"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}]
"AppPath"="C:\Program Files (x86)\globalUpdate\Update"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10]
"Description"="globalUpdate Update"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10]
"Vendor"="globalUpdate"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4]
"Path"="C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4]
"ProductName"="globalUpdate Update"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}\InprocHandler32]
""="C:\Program Files (x86)\globalUpdate\Update\1.3.25.0\psmachine.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}\VersionIndependentProgID]
""="globalUpdateUpdate.OnDemandCOMClassSvc"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}\VersionIndependentProgID]
""="globalUpdateUpdate.CoreClass"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}\VersionIndependentProgID]
""="globalUpdateUpdate.Update3COMClassService"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}\VersionIndependentProgID]
""="globalUpdateUpdate.Update3WebSvc"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}]
"LocalService"="globalUpdatem"

[HKEY_USERS\S-1-5-21-2140818859-1863541225-2881176698-1000\Software\globalUpdate]

====== End Of Search ======
19rlowe81
Active Member
 
Posts: 12
Joined: March 1st, 2015, 5:38 pm

Re: Stupid "CouponDropDown" Bug! Arrrrrgggghhhh!

Unread postby Gary R » March 2nd, 2015, 4:23 am

In the case of computer security, more is not better. You should only ever have one Anti-Virus, and one Anti-Spyware program installed on your computer, otherwise they will conflict and give you less not more protection.

Choose which one of the two AV products you wish to keep (Microsoft Security Essentials or EmsiSoft) and uninstall the other.

I don't really rate SpyHunter, if you want a good Anti-Spyware, I recommend the free version of Malwarebytes Anti-Malware, it has a much better record for removing infection.

Also, please uninstall Google Chrome.

Your FRST log shows you have the Dev version installed. Attackers are known to modify the version of Chrome that you may have had installed to the Dev version, because it disables the inbuilt security features that come with Chrome.

You can re-install a new clean version of Chrome once your machine is clean.

Once you've uninstalled the necessary programs, reboot your computer.

Next ...

  • Double click AdwCleaner.exe to run it.
  • Click Scan and allow the scan to finish.
  • Now click Clean to remove the items found.
  • Click OK to the prompt.
  • The tool will run & your computer will be rebooted automatically. A logfile will open after the restart.
  • Post the contents of the logfile with your next reply.
  • You can also find the logfile at C:\AdwCleaner[s1].txt.

Next ...

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy/Paste the contents of the code box below into Notepad (don't include Code: Select all).
Code: Select all
HKU\S-1-5-21-2140818859-1863541225-2881176698-1000\...\MountPoints2: {01c3614d-bbd4-11e4-9b51-806e6f6e6963} - E:\SETUP.EXE
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.swellsearch.info/?l=1&q= {searchTerms}&pid=3458&r=2015/03/01&hid=17527313840990002891&lg=EN&cc=HK&unqvl=84
SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.swellsearch.info/?l=1&q= {searchTerms}&pid=3458&r=2015/03/01&hid=17527313840990002891&lg=EN&cc=HK&unqvl=84
FF DefaultSearchEngine,S: WebSearch
FF DefaultSearchUrl: hxxp://websearch.swellsearch.info/?pid= ... =84&l=1&q=
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.1,S: WebSearch
FF SelectedSearchEngine,S: WebSearch
FF Extension: Happy Bonobo: Disable WebRTC - C:\Users\Tsunami Dream\AppData\Roaming\Mozilla\Firefox\Profiles\h49uz3c2.default\Extensions\jid1-5Fs7iTLscUaZBgwr@jetpack.xpi [2015-03-01]
R2 guxuqowo; C:\Users\Tsunami Dream\AppData\Roaming\03000200-1425202495-0500-0006-000700080009\jnsiF617.tmp [174592 2015-03-01] () [File not signed]
C:\Users\Tsunami Dream\AppData\Roaming\03000200-1425202495-0500-0006-000700080009\jnsiF617.tmp
R2 YouTubeDownload_A3; C:\Program Files (x86)\YouTube-Downloader\A3\youtubeserv.exe [2971224 2015-02-12] (Microsoftware)
C:\Program Files (x86)\YouTube-Downloader
R2 fuzefyby; C:\Users\Tsunami Dream\AppData\Roaming\03000200-1425202495-0500-0006-000700080009\nstC89C.tmpfs [X]
C:\Users\Tsunami Dream\AppData\Roaming\03000200-1425202495-0500-0006-000700080009\nstC89C.tmpfs
R1 {ca032d0a-a16a-4ca5-8bc6-c3c5a2d19d37}Gw64; C:\Windows\System32\drivers\{ca032d0a-a16a-4ca5-8bc6-c3c5a2d19d37}Gw64.sys [48792 2015-03-01] (StdLib)
C:\Windows\System32\drivers\{ca032d0a-a16a-4ca5-8bc6-c3c5a2d19d37}Gw64.sys
S1 cherimoya; system32\drivers\cherimoya.sys [X]
C:\Windows\system32\drivers\cherimoya.sys
S1 qrnfd_1_10_0_9; system32\drivers\qrnfd_1_10_0_9.sys [X]
C:\Windows\system32\drivers\qrnfd_1_10_0_9.sys
Task: {85C899B1-ABF2-486A-B204-C77F96C7A753} - System32\Tasks\Express FilesUpdate => C:\Program Files (x86)\ExpressFiles\EFUpdater.exe [2015-03-01] () <==== ATTENTION
Task: {9B04800F-2E7B-44E1-A884-7EE747916496} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe <==== ATTENTION
Task: {C26004C7-7B59-469C-ACE6-575BEEBB3956} - System32\Tasks\Malware Cleaner => C:\Users\Tsunami Dream\AppData\Roaming\4D30.tmp.exe
Task: {E4A990D6-A621-4200-AAC8-193EC8305FBD} - \Jelbrus Secure Web Task No Task File <==== ATTENTION
C:\Program Files (x86)\globalUpdate
[-HKEY_USERS\S-1-5-21-2140818859-1863541225-2881176698-1000\Software\Trolltech]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdate.Update3WebControl.4]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.CoreClass]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\GlobalUpdate]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}]
[-HKEY_USERS\S-1-5-21-2140818859-1863541225-2881176698-1000\Software\globalUpdate]
EmptyTemp:
Hosts:
CMD: ipconfig /flushdns

    • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post me the log

Summary of the logs I need from you in your next post:
  • ADWCleaner fixlog
  • Fixlog.txt
  • Let me know how your computer is behaving now please.


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Stupid "CouponDropDown" Bug! Arrrrrgggghhhh!

Unread postby 19rlowe81 » March 2nd, 2015, 11:47 am

# AdwCleaner v4.111 - Logfile created 02/03/2015 at 06:58:51
# Updated 18/02/2015 by Xplode
# Database : 2015-03-02.1 [Server]
# Operating system : Windows 7 Professional Service Pack 1 (x64)
# Username : Tsunami Dream - TSUNAMIDREAM-PC
# Running from : C:\Users\Tsunami Dream\Desktop\adwcleaner_4.111.exe
# Option : Cleaning

***** [ Services ] *****

[#] Service Deleted : cherimoya
Service Deleted : {ca032d0a-a16a-4ca5-8bc6-c3c5a2d19d37}Gw64

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\6467701552656366573
Folder Deleted : C:\ProgramData\9f98403200003a4e
Folder Deleted : C:\ProgramData\a9195fc000006777
Folder Deleted : C:\Program Files (x86)\ExpressFiles
Folder Deleted : C:\Users\Tsunami Dream\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Tsunami Dream\AppData\Roaming\AnyProtectEx
Folder Deleted : C:\Users\Tsunami Dream\AppData\Roaming\ExpressFiles
File Deleted : C:\END
File Deleted : C:\Windows\patsearch.bin
File Deleted : C:\Windows\System32\drivers\{ca032d0a-a16a-4ca5-8bc6-c3c5a2d19d37}Gw64.sys
File Deleted : C:\Users\Tsunami Dream\Desktop\Continue Live Installation.lnk
File Deleted : C:\Users\Tsunami Dream\AppData\Roaming\Mozilla\Firefox\Profiles\h49uz3c2.default\user.js

***** [ Scheduled tasks ] *****

Task Deleted : Express FilesUpdate
Task Deleted : ProPCCleaner_Start

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{5157DEF6-4D45-4AE0-982B-227A3458A01B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{E5A7A645-8318-4895-B85C-EDC606B80DB6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Deleted : HKCU\Software\AnyProtect
Key Deleted : HKCU\Software\ExpressFiles
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\StormWatchApp
Key Deleted : HKCU\Software\Super Optimizer
Key Deleted : HKCU\Software\ProPCCleanerLanguage
Key Deleted : HKCU\Software\ProPCCleanerConfig
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{4A0F38A9-FE55-4B89-B73F-E60FDC0F72E9}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\ExpressFiles
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\Tutorials
Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - <-loopback>

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17631


-\\ Mozilla Firefox v36.0 (x86 en-US)

[h49uz3c2.default\prefs.js] - Line Deleted : user_pref("browser.search.defaultenginename,S", "WebSearch");
[h49uz3c2.default\prefs.js] - Line Deleted : user_pref("browser.search.defaulturl", "hxxp://websearch.swellsearch.info/?pid=3458&r=2015/03/01&hid=17527313840990002891&lg=EN&cc=HK&unqvl=84&l=1&q=");
[h49uz3c2.default\prefs.js] - Line Deleted : user_pref("browser.search.hiddenOneOffs", "WebSearch,Amazon.com,eBay");
[h49uz3c2.default\prefs.js] - Line Deleted : user_pref("browser.search.order.1", "WebSearch");
[h49uz3c2.default\prefs.js] - Line Deleted : user_pref("browser.search.order.1,S", "WebSearch");
[h49uz3c2.default\prefs.js] - Line Deleted : user_pref("browser.search.selectedEngine,S", "WebSearch");
[h49uz3c2.default\prefs.js] - Line Deleted : user_pref("extensions.08t0JarCu5YvPH5M.scode", "(function(){try{if(window.self.location.href.indexOf(\"rjC8rTCHrjr5qda4pjaErds5pjw\")>-1){return;}}catch(e){}try{var d=[[\"acebook\",\"flybrain.com\",\"[...]
[h49uz3c2.default\prefs.js] - Line Deleted : user_pref("extensions.674fbuEAq23mvzp8.scode", "(function(){try{if(window.self.location.href.indexOf(\"rjC8rTCHrjr5qda4pjaErds5pjw\")>-1){return;}}catch(e){}try{var d=[[\"acebook\",\"flybrain.com\",\"[...]

*************************

AdwCleaner[R0].txt - [8857 bytes] - [01/03/2015 22:01:04]
AdwCleaner[R1].txt - [8833 bytes] - [02/03/2015 06:56:33]
AdwCleaner[S0].txt - [8682 bytes] - [02/03/2015 06:58:51]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8741 bytes] ##########
19rlowe81
Active Member
 
Posts: 12
Joined: March 1st, 2015, 5:38 pm

Re: Stupid "CouponDropDown" Bug! Arrrrrgggghhhh!

Unread postby 19rlowe81 » March 2nd, 2015, 11:55 am

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 29-02-2015
Ran by Tsunami Dream at 2015-03-02 07:16:27 Run:1
Running from C:\Users\Tsunami Dream\Desktop\FRST64
Loaded Profiles: Tsunami Dream (Available profiles: Tsunami Dream)
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-2140818859-1863541225-2881176698-1000\...\MountPoints2: {01c3614d-bbd4-11e4-9b51-806e6f6e6963} - E:\SETUP.EXE
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
SearchScopes: HKLM-x32 -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.swellsearch.info/?l=1&q= {searchTerms}&pid=3458&r=2015/03/01&hid=17527313840990002891&lg=EN&cc=HK&unqvl=84
SearchScopes: HKLM-x32 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.swellsearch.info/?l=1&q= {searchTerms}&pid=3458&r=2015/03/01&hid=17527313840990002891&lg=EN&cc=HK&unqvl=84
FF DefaultSearchEngine,S: WebSearch
FF DefaultSearchUrl: hxxp://websearch.swellsearch.info/?pid= ... =84&l=1&q=
FF SearchEngineOrder.1: WebSearch
FF SearchEngineOrder.1,S: WebSearch
FF SelectedSearchEngine,S: WebSearch
FF Extension: Happy Bonobo: Disable WebRTC - C:\Users\Tsunami Dream\AppData\Roaming\Mozilla\Firefox\Profiles\h49uz3c2.default\Extensions\jid1-5Fs7iTLscUaZBgwr@jetpack.xpi [2015-03-01]
R2 guxuqowo; C:\Users\Tsunami Dream\AppData\Roaming\03000200-1425202495-0500-0006-000700080009\jnsiF617.tmp [174592 2015-03-01] () [File not signed]
C:\Users\Tsunami Dream\AppData\Roaming\03000200-1425202495-0500-0006-000700080009\jnsiF617.tmp
R2 YouTubeDownload_A3; C:\Program Files (x86)\YouTube-Downloader\A3\youtubeserv.exe [2971224 2015-02-12] (Microsoftware)
C:\Program Files (x86)\YouTube-Downloader
R2 fuzefyby; C:\Users\Tsunami Dream\AppData\Roaming\03000200-1425202495-0500-0006-000700080009\nstC89C.tmpfs [X]
C:\Users\Tsunami Dream\AppData\Roaming\03000200-1425202495-0500-0006-000700080009\nstC89C.tmpfs
R1 {ca032d0a-a16a-4ca5-8bc6-c3c5a2d19d37}Gw64; C:\Windows\System32\drivers\{ca032d0a-a16a-4ca5-8bc6-c3c5a2d19d37}Gw64.sys [48792 2015-03-01] (StdLib)
C:\Windows\System32\drivers\{ca032d0a-a16a-4ca5-8bc6-c3c5a2d19d37}Gw64.sys
S1 cherimoya; system32\drivers\cherimoya.sys [X]
C:\Windows\system32\drivers\cherimoya.sys
S1 qrnfd_1_10_0_9; system32\drivers\qrnfd_1_10_0_9.sys [X]
C:\Windows\system32\drivers\qrnfd_1_10_0_9.sys
Task: {85C899B1-ABF2-486A-B204-C77F96C7A753} - System32\Tasks\Express FilesUpdate => C:\Program Files (x86)\ExpressFiles\EFUpdater.exe [2015-03-01] () <==== ATTENTION
Task: {9B04800F-2E7B-44E1-A884-7EE747916496} - System32\Tasks\ProPCCleaner_Start => C:\Program Files (x86)\Pro PC Cleaner\ProPCCleaner.exe <==== ATTENTION
Task: {C26004C7-7B59-469C-ACE6-575BEEBB3956} - System32\Tasks\Malware Cleaner => C:\Users\Tsunami Dream\AppData\Roaming\4D30.tmp.exe
Task: {E4A990D6-A621-4200-AAC8-193EC8305FBD} - \Jelbrus Secure Web Task No Task File <==== ATTENTION
C:\Program Files (x86)\globalUpdate
[-HKEY_USERS\S-1-5-21-2140818859-1863541225-2881176698-1000\Software\Trolltech]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdate.Update3WebControl.4]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.CoreClass]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\GlobalUpdate]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}]
[-HKEY_USERS\S-1-5-21-2140818859-1863541225-2881176698-1000\Software\globalUpdate]
EmptyTemp:
Hosts:
CMD: ipconfig /flushdns
*****************

"HKU\S-1-5-21-2140818859-1863541225-2881176698-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{01c3614d-bbd4-11e4-9b51-806e6f6e6963}" => Key deleted successfully.
HKCR\CLSID\{01c3614d-bbd4-11e4-9b51-806e6f6e6963} => Key not found.
"HKLM\SOFTWARE\Policies\Google" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE} => Key not found.
HKCR\Wow6432Node\CLSID\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE} => Key not found.
Firefox DefaultSearchEngine,S deleted successfully.
Firefox DefaultSearchUrl deleted successfully.
Firefox SearchEngineOrder.1 deleted successfully.
Firefox SearchEngineOrder.1,S deleted successfully.
Firefox SelectedSearchEngine,S deleted successfully.
C:\Users\Tsunami Dream\AppData\Roaming\Mozilla\Firefox\Profiles\h49uz3c2.default\Extensions\jid1-5Fs7iTLscUaZBgwr@jetpack.xpi => Moved successfully.
guxuqowo => Service stopped successfully.
guxuqowo => Service deleted successfully.
C:\Users\Tsunami Dream\AppData\Roaming\03000200-1425202495-0500-0006-000700080009\jnsiF617.tmp => Moved successfully.
YouTubeDownload_A3 => Service stopped successfully.
YouTubeDownload_A3 => Service deleted successfully.
C:\Program Files (x86)\YouTube-Downloader => Moved successfully.
fuzefyby => Service stopped successfully.
fuzefyby => Service deleted successfully.
C:\Users\Tsunami Dream\AppData\Roaming\03000200-1425202495-0500-0006-000700080009\nstC89C.tmpfs => Moved successfully.
{ca032d0a-a16a-4ca5-8bc6-c3c5a2d19d37}Gw64 => Service not found.
"C:\Windows\System32\drivers\{ca032d0a-a16a-4ca5-8bc6-c3c5a2d19d37}Gw64.sys" => File/Directory not found.
cherimoya => Service not found.
"C:\Windows\system32\drivers\cherimoya.sys" => File/Directory not found.
qrnfd_1_10_0_9 => Service deleted successfully.
"C:\Windows\system32\drivers\qrnfd_1_10_0_9.sys" => File/Directory not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{85C899B1-ABF2-486A-B204-C77F96C7A753} => Key not found.
C:\Windows\System32\Tasks\Express FilesUpdate not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Express FilesUpdate => Key not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9B04800F-2E7B-44E1-A884-7EE747916496} => Key not found.
C:\Windows\System32\Tasks\ProPCCleaner_Start not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ProPCCleaner_Start => Key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C26004C7-7B59-469C-ACE6-575BEEBB3956}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C26004C7-7B59-469C-ACE6-575BEEBB3956}" => Key deleted successfully.
C:\Windows\System32\Tasks\Malware Cleaner => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Malware Cleaner" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E4A990D6-A621-4200-AAC8-193EC8305FBD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E4A990D6-A621-4200-AAC8-193EC8305FBD}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Jelbrus Secure Web Task" => Key deleted successfully.
"C:\Program Files (x86)\globalUpdate" => File/Directory not found.
HKEY_USERS\S-1-5-21-2140818859-1863541225-2881176698-1000\Software\Trolltech => Failed to delete key at first attempt (Error: C0000121), see next line.
HKEY_USERS\S-1-5-21-2140818859-1863541225-2881176698-1000\Software\Trolltech => Key Deleted Successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B} => Key Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC} => Key Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B} => Key Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC} => Key Deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{BB82DE59-BC4C-4172-9AC4-73315F71CFFE} => Key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492} => Key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10 => Key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine => Key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0 => Key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdate.Update3WebControl.4 => Key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync => Key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.CoreClass => Key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1 => Key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass => Key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine => Key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0 => Key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine => Key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback => Key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0 => Key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc => Key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher => Key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0 => Key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService => Key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine => Key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0 => Key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback => Key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc => Key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0 => Key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB} => Key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492} => Key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978} => Key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52} => Key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61} => Key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\GlobalUpdate => Key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298} => Key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10 => Key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4 => Key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB} => Key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492} => Key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978} => Key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52} => Key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61} => Key not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492} => Key not found.
HKEY_USERS\S-1-5-21-2140818859-1863541225-2881176698-1000\Software\globalUpdate => Key not found.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => Removed 65.5 MB temporary data.


The system needed a reboot.

==== End of Fixlog 07:32:22 ====


Morning Gary,
Here are the logs that you requested. Everything seems to be working good. I've taken your advice and gotten rid of the Microsoft Security Essentials and will be making the switch to Malwarebytes as soon as I can. You asked me to uninstall Google Chrome but the thing is, I've never installed it on this rig. I'm not a fan of it, so I don't use it. I've searched everywhere for a buried installation but I'm not finding one. I'll keep looking though. One last thing, it's taking my computer almost 2 minutes to shut down and almost a minute to boot back to the desktop. That seems to me to be an unusually long wait time. Thoughts?
19rlowe81
Active Member
 
Posts: 12
Joined: March 1st, 2015, 5:38 pm

Re: Stupid "CouponDropDown" Bug! Arrrrrgggghhhh!

Unread postby 19rlowe81 » March 2nd, 2015, 12:49 pm

Upon further investigation, I'm still getting the CouponDropDown ad banners all over the webpages that I visit and also in the search results from Google. I've cut my search engines down to just Google, hoping that I could isolate the problem, but it doesn't seem to do much good. On the plus side, Firefox has an Adblocker plug-in that does seem to get rid of the flashing banners, but I'm afraid that it's a "treat the symptom" kind of fix. Also, I'm a bit leery of any of the extensions and plugins that the browsers offer. After all, who knows what they're really doing behind the scenes right? I am fairly certain that I don't have any of the CouponDropDown software on my system, but nonetheless, the ads persist. If I have to put up with them, I suppose I could get over it, but I would appreciate your feedback on the matter.

- Thanks again for your time.

Rob
19rlowe81
Active Member
 
Posts: 12
Joined: March 1st, 2015, 5:38 pm

Re: Stupid "CouponDropDown" Bug! Arrrrrgggghhhh!

Unread postby Gary R » March 7th, 2015, 1:22 pm

So sorry not to have gotten back to you sooner, I did not get a notification that you had replied to this topic.

OK, lets see if there's something that we've missed ...

Please run a scan with ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go HERE then click on Run ESET Online Scanner
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed click on Start to start the scan.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed you will be presented with a list of found threats ....
    • Click on the List of found threats link
    • Click on Export to text file
    • Save as ESET.txt to your Desktop
  • Exit out of ESET Online Scanner.
  • Post me the contents of ESET.txt please.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Stupid "CouponDropDown" Bug! Arrrrrgggghhhh!

Unread postby 19rlowe81 » March 7th, 2015, 3:57 pm

Hi Gary! Hope you're having a great day. Here is the ESET log that you requested.

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7623
# api_version=3.0.2
# EOSSerial=d9845867b1b3fc48a1389d3061b5d8ad
# engine=22800
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-03-07 07:38:19
# local_time=2015-03-07 11:38:19 (-0800, Pacific Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Panda Cloud Antivirus'
# compatibility_mode=1552 16777213 75 93 0 211031473 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 177300549 0 0
# scanned=223775
# found=39
# cleaned=0
# scan_time=5137
sh=88F1A3792E663D17ADA4FBF7A6AF61AA95354F1B ft=1 fh=3bdcf916f2141df5 vn="a variant of Win32/SmartTweak.A potentially unwanted application" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2140818859-1863541225-2881176698-1000\$R248ZJM.exe"
sh=6B7B1F3C8E9F4BBB20421383F1E4E520227CC61B ft=1 fh=dc28f5abb0df5f50 vn="a variant of Win32/InstallCore.WX potentially unwanted application" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2140818859-1863541225-2881176698-1000\$R2CY2TE.exe"
sh=8B0FF348D2BD55FF28C21CBCE4DECC2F7D96CD4B ft=1 fh=aebb9f1357b0d130 vn="a variant of Win32/InstallIQ.A potentially unwanted application" ac=I fn="C:\$Recycle.Bin\S-1-5-21-2140818859-1863541225-2881176698-1000\$RHVU65Z.exe"
sh=48F6B89C999D462EEA1B53B3031FCC80C43CE9C5 ft=1 fh=ab63e62deb57162e vn="a variant of Win32/YourFileDownloader.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ExpressFiles\EFUpdater.exe.vir"
sh=735D0A08FF6C3463B366DBD2D5461C30AF210987 ft=1 fh=c71c0011e1aafe46 vn="a variant of Win32/ExpressFiles.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ExpressFiles\ExpressFiles.exe.vir"
sh=4D5563F21C3E5A1163250CA7D3825424D2D6B692 ft=1 fh=f09a813f0b033dab vn="a variant of Win32/ExpressFiles.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\ExpressFiles\uninstall.exe.vir"
sh=9F54AFF409B15836DBA90C2C3CFC9A1BE734CB98 ft=1 fh=2c0c775f1a803598 vn="a variant of Win64/NetFilter.A potentially unsafe application" ac=I fn="C:\AdwCleaner\Quarantine\C\Windows\System32\drivers\{ca032d0a-a16a-4ca5-8bc6-c3c5a2d19d37}Gw64.sys.vir"
sh=A0AA9C3C1A5942E1629025A015EABB334EFE3FC5 ft=1 fh=adc45c1e973ce02d vn="a variant of Win32/Adware.ConvertAd.BI application" ac=I fn="C:\FRST\Quarantine\C\Users\Tsunami Dream\AppData\Roaming\03000200-1425202495-0500-0006-000700080009\jnsiF617.tmp.xBAD"
sh=EE0FEC81F36D906C5AD72CC52232AA11162785BA ft=1 fh=7b6385d783ea5bd6 vn="a variant of Win32/Adware.ConvertAd.BR application" ac=I fn="C:\FRST\Quarantine\C\Users\Tsunami Dream\AppData\Roaming\03000200-1425202495-0500-0006-000700080009\nstC89C.tmpfs.xBAD"
sh=92C090241E1FBE3D53F34B9FCFEA3E44504DB818 ft=1 fh=3e3f195195eeac58 vn="a variant of Win32/HackTool.Patcher.AD potentially unsafe application" ac=I fn="C:\Program Files\Codelobster Software\CodelobsterPHPEdition\codelobster.php.edition.pro.5.2-patch.exe"
sh=EE2D8A0C16CB4F60E07AD30BC8F4AF2D25E4FF62 ft=1 fh=c2a60ef126908cf5 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSS.exe"
sh=24A108C48173FDD9962F7CC3D4DB4B852D864838 ft=1 fh=0501d0dc4c9a869f vn="a variant of Win32/Systweak.N potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSHelper.dll"
sh=915239C2678EFCE5C2E45012595BEA0C050864B4 ft=1 fh=9ca6c4d86ffea4d8 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSPrivacyProtector.exe"
sh=67A75BAA7A5BBB2EEEBB99D490F00F82D0BB1E09 ft=1 fh=5d5a0ac2ab2c0a85 vn="a variant of Win32/Systweak potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegClean.exe"
sh=2C09414F7BCF16F3C9A358B5CCD4492EF7EEF08E ft=1 fh=5545a1a02bc092d6 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSRegistryOptimizer.exe"
sh=322DCE4CCA5EB266FFEDD900C6D628769AD18300 ft=1 fh=b3d66e50f9e4f6b1 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Program Files\WinZip\Utils\WzSysScan\WINZIPSSSystemCleaner.exe"
sh=DA266EA8F63832E7FD1BD322593E637D0F1ABE53 ft=1 fh=7aea361e2012e168 vn="a variant of Win32/Tool.TPE.A potentially unsafe application" ac=I fn="C:\Program Files (x86)\Pavtube\Pavtube Video Converter Ultimate\Pavtube Patch By Umer.exe"
sh=6C814D7BCA8F8302D21EE8997FCE6248C6DF0F4E ft=1 fh=041c29d54e4f0f83 vn="a variant of Win32/Adware.SpeedingUpMyPC.Y application" ac=I fn="C:\ProgramData\{2002a3ab-b40a-e6f2-2002-2a3abb408eae}\superpc_soft_partner.exe"
sh=102CC0C74731F53C3ED29125C7238236D8C4AE75 ft=0 fh=0000000000000000 vn="a variant of Win32/HackTool.Patcher.D potentially unsafe application" ac=I fn="C:\Transfer\Data and Programs\Game-Cloner.2.10.588.rar"
sh=0B798DDF7564FE64DB2F59964AEB68C5F7F24255 ft=0 fh=0000000000000000 vn="a variant of Win32/HackTool.Patcher.AD potentially unsafe application" ac=I fn="C:\Transfer\Data and Programs\codelobster.php.edition.pro.5.2\Codelobster Pro.zip"
sh=92C090241E1FBE3D53F34B9FCFEA3E44504DB818 ft=1 fh=3e3f195195eeac58 vn="a variant of Win32/HackTool.Patcher.AD potentially unsafe application" ac=I fn="C:\Transfer\Data and Programs\codelobster.php.edition.pro.5.2\codelobster.php.edition.pro.5.2-patch.exe.5250.gzquar"
sh=92C090241E1FBE3D53F34B9FCFEA3E44504DB818 ft=1 fh=3e3f195195eeac58 vn="a variant of Win32/HackTool.Patcher.AD potentially unsafe application" ac=I fn="C:\Transfer\Data and Programs\codelobster.php.edition.pro.5.2\Codelobster Pro\codelobster.php.edition.pro.5.2-patch.exe.5249.gzquar"
sh=DFCDC400288B7D85F7A6169892ADB4444C800C01 ft=0 fh=0000000000000000 vn="a variant of Win32/Tool.TPE.A potentially unsafe application" ac=I fn="C:\Transfer\Data and Programs\Pavtube\Pavtube Video Converter Ultimate 4.5 Included Patch.7z"
sh=9C803201507E467318FF3917C0C9321AE35A953E ft=1 fh=e69839cbaa4f091b vn="a variant of Win32/Injector.BKZ trojan" ac=I fn="C:\Transfer\Windows Dreamspark\Windows 7 product keys (100% wotked) by Zyonara001\Windows 7 Activator All Versions v4 DyNaCr3w.exe"
sh=6C814D7BCA8F8302D21EE8997FCE6248C6DF0F4E ft=1 fh=041c29d54e4f0f83 vn="a variant of Win32/Adware.SpeedingUpMyPC.Y application" ac=I fn="C:\Users\All Users\{2002a3ab-b40a-e6f2-2002-2a3abb408eae}\superpc_soft_partner.exe"
sh=E780478F47E923EBE919918D475B5A4F4B1FBA26 ft=1 fh=fe85c3d959983663 vn="Win32/VOPackage.BC potentially unwanted application" ac=I fn="C:\Users\Tsunami Dream\AppData\Local\nsqF1B7.tmp"
sh=E47CB9AD677B051066724B544C4A11929305D9EB ft=1 fh=c71c0011f9034c4f vn="a variant of Win32/Adware.ConvertAd.BF application" ac=I fn="C:\Users\Tsunami Dream\AppData\Local\03000200-1425202547-0500-0006-000700080009\onsy8292.tmp"
sh=9018FADB117565369AEED036B6DEC2FF9ACEFEFC ft=1 fh=6d22dfbe8eda1558 vn="a variant of Win32/Adware.ConvertAd.BQ application" ac=I fn="C:\Users\Tsunami Dream\AppData\Local\03000200-1425202547-0500-0006-000700080009\rnsy8291.exe"
sh=D87BC60DE6254AB8D4F464F1115EFF3D79F3330E ft=1 fh=635e03ac85eba62e vn="a variant of Win32/Toolbar.Visicom.A potentially unwanted application" ac=I fn="C:\Users\Tsunami Dream\AppData\Local\Temp\{28E2A9B7-67DF-4010-9C98-6543C84FB194}.exe"
sh=D87BC60DE6254AB8D4F464F1115EFF3D79F3330E ft=1 fh=635e03ac85eba62e vn="a variant of Win32/Toolbar.Visicom.A potentially unwanted application" ac=I fn="C:\Users\Tsunami Dream\AppData\Local\Temp\{C2162A1F-D5FC-4268-B6D9-265B16A6175E}.exe"
sh=9413821E4285C46DAF48156B472065FC2D763FE8 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C potentially unwanted application" ac=I fn="C:\Users\Tsunami Dream\AppData\Roaming\DUWV"
sh=DDD7E789E67132CF6C5D8169B2F46E3498FCA60F ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.C potentially unwanted application" ac=I fn="C:\Users\Tsunami Dream\AppData\Roaming\LJZLY"
sh=9018FADB117565369AEED036B6DEC2FF9ACEFEFC ft=1 fh=6d22dfbe8eda1558 vn="a variant of Win32/Adware.ConvertAd.BQ application" ac=I fn="C:\Users\Tsunami Dream\AppData\Roaming\03000200-1425202495-0500-0006-000700080009\rnstF394.exe"
sh=06BADC464A10BF92B664E8D4E803144A0D5E6775 ft=1 fh=d396811c5544043a vn="Win32/Adware.ConvertAd.BS application" ac=I fn="C:\Users\Tsunami Dream\AppData\Roaming\03000200-1425202495-0500-0006-000700080009\Uninstall.exe"
sh=D6AF3659DF29C28B071376C89427711C72135B25 ft=1 fh=1dd26feca629d6e8 vn="Win32/Adware.ConvertAd.BS application" ac=I fn="C:\Users\Tsunami Dream\AppData\Roaming\03000200-1425202495-0500-0006-000700080009\vnsyB811.tmp"
sh=4A9FE003B9EF1CDEB12DDAA71299298C59785CC2 ft=0 fh=0000000000000000 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="C:\Windows\Installer\1f283b.msi"
sh=EAE899383E3BDBD2F9452F8571E66F22A875ABE7 ft=0 fh=0000000000000000 vn="a variant of Win32/Injector.BKZ trojan" ac=I fn="G:\RSL-PC\Backup Set 2015-02-23 170156\Backup Files 2015-02-23 170156\Backup files 2.zip"
sh=E356AABDE4FE55FD08E8F3953C9005CA2CECCF94 ft=0 fh=0000000000000000 vn="a variant of Win32/DownloadAdmin.I potentially unwanted application" ac=I fn="G:\RSL-PC\Backup Set 2015-02-23 170156\Backup Files 2015-02-23 170156\Backup files 5.zip"
sh=BC0AC3B2298BC0200E5DE07130896A33B4E7C24C ft=0 fh=0000000000000000 vn="a variant of Win32/Systweak.L potentially unwanted application" ac=I fn="G:\RSL-PC\Backup Set 2015-02-23 170156\Backup Files 2015-02-23 170156\Backup files 59.zip"


Thanks again for all your help!

-Rob
19rlowe81
Active Member
 
Posts: 12
Joined: March 1st, 2015, 5:38 pm

Re: Stupid "CouponDropDown" Bug! Arrrrrgggghhhh!

Unread postby Gary R » March 8th, 2015, 1:50 am

Some of the stuff found by e-set has already been quarantined by ADWCleaner or FRST, and those are not a problem, we'll clean them out in due course, but for the moment I'd prefer to leave them where they are.

So what we'll do now is clean out the rest of e-set's detections.

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.
    • Copy/Paste the contents of the code box below into Notepad (don't include Code: Select all).
Code: Select all
C:\Program Files\Codelobster Software
C:\Program Files\WinZip\Utils\WzSysScan
C:\Program Files (x86)\Pavtube\Pavtube Video Converter Ultimate\Pavtube Patch By Umer.exe
C:\ProgramData\{2002a3ab-b40a-e6f2-2002-2a3abb408eae}\superpc_soft_partner.exe
C:\Transfer\Data and Programs\Game-Cloner.2.10.588.rar
C:\Transfer\Data and Programs\codelobster.php.edition.pro.5.2\Codelobster Pro.zip
C:\Transfer\Data and Programs\codelobster.php.edition.pro.5.2\codelobster.php.edition.pro.5.2-patch.exe.5250.gzquar
C:\Transfer\Data and Programs\codelobster.php.edition.pro.5.2\Codelobster Pro\codelobster.php.edition.pro.5.2-patch.exe.5249.gzquar
C:\Transfer\Data and Programs\Pavtube\Pavtube Video Converter Ultimate 4.5 Included Patch.7z
C:\Transfer\Windows Dreamspark\Windows 7 product keys (100% wotked) by Zyonara001\Windows 7 Activator All Versions v4 DyNaCr3w.exe
C:\Users\All Users\{2002a3ab-b40a-e6f2-2002-2a3abb408eae}\superpc_soft_partner.exe
C:\Users\Tsunami Dream\AppData\Local\nsqF1B7.tmp
C:\Users\Tsunami Dream\AppData\Local\03000200-1425202547-0500-0006-000700080009\onsy8292.tmp
C:\Users\Tsunami Dream\AppData\Local\03000200-1425202547-0500-0006-000700080009\rnsy8291.exe
C:\Users\Tsunami Dream\AppData\Local\Temp\{28E2A9B7-67DF-4010-9C98-6543C84FB194}.exe
C:\Users\Tsunami Dream\AppData\Local\Temp\{C2162A1F-D5FC-4268-B6D9-265B16A6175E}.exe
C:\Users\Tsunami Dream\AppData\Roaming\DUWV
C:\Users\Tsunami Dream\AppData\Roaming\LJZLY
C:\Users\Tsunami Dream\AppData\Roaming\03000200-1425202495-0500-0006-000700080009\rnstF394.exe
C:\Users\Tsunami Dream\AppData\Roaming\03000200-1425202495-0500-0006-000700080009\Uninstall.exe
C:\Users\Tsunami Dream\AppData\Roaming\03000200-1425202495-0500-0006-000700080009\vnsyB811.tmp
C:\Windows\Installer\1f283b.msi
G:\RSL-PC\Backup Set 2015-02-23 170156\Backup Files 2015-02-23 170156\Backup files 2.zip
G:\RSL-PC\Backup Set 2015-02-23 170156\Backup Files 2015-02-23 170156\Backup files 5.zip
G:\RSL-PC\Backup Set 2015-02-23 170156\Backup Files 2015-02-23 170156\Backup files 59.zip
EmptyTemp:
RemoveProxy:

    • Save it to the same folder/directory that FRST.exe is in, naming it as fixlist.txt

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system

  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post me the log
    • Also please let me know how your computer is behaving now.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove

Next

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 126 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware