Tech Support Forum banner
Cancel
Create thread New Forums
Status
Not open for further replies.

glitches after reinstall

Jump to Latest
2.9K views 37 replies 2 participants last post by  tierra  
T
#1 ·
Hi,

I really don't think I have malware; however, from my thread some glitches after restored win7 http://www.techsupportforum.com/forums/f217/some-glitches-after-restored-win7-1014026.html spunk.funk thinks it may be malware.

Right now the biggest problem is with FF, making the tabs the same when I try to open a new one or change one, clicking on links in email or forum doesn't work and loss of icon on taskbar in general account only. I've uninstalled and reinstalled FF 4 times since the reinstall of the OS (the first one I had a BSOD in the middle of updating windows and had many, many problems, so did a full reinstall - and ran anti-malware programs both before and after the reinstalls (MSSE, Malwarebytes, and ESET online scanner) and none found any problems. I didn't load the 3 PUPs windows updates when updating windows, although before the reinstall and before I knew the windows7 updates were PUP's for win10 I had them downloaded and installed.

One other program isn't showing up on in my general account. Also, a few desktop icons I can't seem to get rid of that have to do with my cannon printer.

Since the BSOD in the first try to reinstall had to do with hardware, I've loaded the drivers for my other USB hardware but removed them, so only my mouse and keyboard are plugged in.

I have the factory disc (which I used for the reinstalls) and the windows disc for my computer.

Thank you

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.9600.17840
Run by 93 at 14:16:49 on 2015-07-05
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7104.5233 [GMT -7:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Program Files\Sandboxie\SbieSvc.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\System32\svchost.exe -k utcsvc
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\Program Files\Microsoft LifeCam\MSCamS64.exe
C:\Windows\system32\svchost.exe -k imgsvc
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Users\93\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\splwow64.exe
C:\Program Files (x86)\Canon\Quick Menu\CNQMUPDT.EXE
C:\Program Files (x86)\Canon\Quick Menu\CNQMSWCS.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\PrintIsolationHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.pugetsystems.com/welcome.php?oid=117561
mWinlogon: Userinit = userinit.exe
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [f.lux] "C:\Users\93\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
uRun: [SandboxieControl] "C:\Program Files\Sandboxie\SbieCtrl.exe"
uRun: [WinPatrol] C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe -expressboot
mRun: [USB3MON] "C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [LifeCam] "C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe"
mRun: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~3\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{649FED28-E5CC-41A3-A3E0-B1852BA10A06} : DHCPNameServer = 192.168.0.1 205.171.3.25
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\43.0.2357.130\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s
x64-Run: [IAStorIcon] "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
x64-Run: [IgfxTray] "C:\Windows\System32\igfxtray.exe"
x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe"
x64-Run: [Persistence] "C:\Windows\System32\igfxpers.exe"
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\93\AppData\Roaming\Mozilla\Firefox\Profiles\syowip1a.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.pugetsystems.com/welcome.php?oid=117561
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll
FF - plugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
FF - plugin: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrlui.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_194.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\Windows\System32\drivers\iaStorA.sys [2013-1-31 652784]
R0 iaStorF;iaStorF;C:\Windows\System32\drivers\iaStorF.sys [2013-1-31 28656]
R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;C:\Windows\System32\drivers\iusb3hcs.sys [2013-11-21 20464]
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2015-3-4 280376]
R2 Apple Mobile Device Service;Apple Mobile Device Service;C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2015-5-29 77128]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe [2013-11-21 927232]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2014-4-11 103608]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2014-4-11 124088]
R2 DiagTrack;Diagnostics Tracking Service;C:\Windows\System32\svchost.exe -k utcsvc [2009-7-13 27136]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-1-31 15344]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2013-2-13 731648]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2013-11-21 169432]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2013-6-18 124568]
R3 e1dexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver D;C:\Windows\System32\drivers\e1d62x64.sys [2013-11-21 496400]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2013-11-21 452088]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver;C:\Windows\System32\drivers\iusb3hub.sys [2013-11-21 368112]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;C:\Windows\System32\drivers\iusb3xhc.sys [2013-11-21 786416]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-11-21 25816]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2015-4-30 366544]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2015-6-23 190088]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-7-4 1133880]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2015-6-3 327296]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2015-7-4 114688]
S3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [2013-2-13 820184]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\Windows\System32\drivers\mwac.sys [2015-7-4 63704]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;C:\Windows\System32\drivers\nx6000.sys [2010-5-20 36720]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-11-21 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2015-7-5 56832]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-11-21 30208]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-11-21 1255736]
.
=============== Created Last 30 ================
.
2015-07-05 21:05:39 75888 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B8CDF2AE-9704-4AC7-A361-33BB8383E557}\offreg.936.dll
2015-07-05 14:58:35 -------- d-----r- C:\Sandbox
2015-07-05 14:53:41 12221144 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{B8CDF2AE-9704-4AC7-A361-33BB8383E557}\mpengine.dll
2015-07-05 13:55:51 12221144 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-07-05 13:11:54 -------- d-----w- C:\Program Files (x86)\ESET
2015-07-05 13:08:09 -------- d-----w- C:\Windows\pss
2015-07-05 12:53:06 -------- d-----w- C:\Users\93\AppData\Roaming\WinPatrol
2015-07-05 12:53:01 -------- d-----w- C:\ProgramData\InstallMate
2015-07-05 12:53:01 -------- d-----w- C:\Program Files (x86)\Ruiware
2015-07-05 12:47:28 -------- d-----w- C:\Program Files\iTunes
2015-07-05 12:47:28 -------- d-----w- C:\Program Files\iPod
2015-07-05 12:47:28 -------- d-----w- C:\Program Files (x86)\iTunes
2015-07-05 12:33:13 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll
2015-07-05 12:33:13 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll
2015-07-05 12:33:13 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll
2015-07-05 12:33:13 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll
2015-07-05 12:33:13 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll
2015-07-05 12:20:59 -------- d-----w- C:\Users\93\AppData\Local\Macromedia
2015-07-05 12:19:17 -------- d-----w- C:\Users\93\AppData\Roaming\Canneverbe Limited
2015-07-05 12:09:38 778416 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2015-07-05 12:09:38 142512 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2015-07-05 12:01:58 336896 ----a-w- C:\Windows\SysWow64\CNC_C9L.dll
2015-07-05 12:01:58 15872 ----a-w- C:\Windows\SysWow64\CNHMCA.dll
2015-07-05 11:59:58 -------- d-----w- C:\ProgramData\CanonIJWSpt
2015-07-05 11:56:22 -------- d-----w- C:\Program Files\Canon
2015-07-05 11:55:41 30208 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPDC9.DLL
2015-07-05 11:55:41 102912 ----a-w- C:\Windows\System32\Spool\prtprocs\x64\CNMPPC9.DLL
2015-07-05 11:55:39 369664 ----a-w- C:\Windows\System32\CNC_C9L.dll
2015-07-05 11:55:39 316928 ----a-w- C:\Windows\System32\CNC_C9C.dll
2015-07-05 11:55:39 17920 ----a-w- C:\Windows\System32\CNHMCA6.dll
2015-07-05 11:55:39 105984 ----a-w- C:\Windows\System32\CNC_C9I.dll
2015-07-05 11:55:35 406016 ----a-w- C:\Windows\System32\CNMLMC9.DLL
2015-07-05 11:30:34 -------- d-----w- C:\Users\93\AppData\Roaming\Canon_Inc_IC
2015-07-05 11:30:00 -------- d-----w- C:\Program Files (x86)\Canon
2015-07-05 11:29:57 -------- d-----w- C:\Program Files (x86)\Common Files\Canon_Inc_IC
2015-07-05 11:28:38 -------- d-----w- C:\ProgramData\Canon_Inc_IC
2015-07-05 11:23:42 -------- d-----w- C:\Temp
2015-07-05 08:46:41 6584320 ----a-w- C:\Windows\System32\mstscax.dll
2015-07-05 08:45:58 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll
2015-07-05 08:45:58 1987584 ----a-w- C:\Windows\SysWow64\d3d10warp.dll
2015-07-05 08:45:57 3179520 ----a-w- C:\Windows\System32\rdpcorets.dll
2015-07-05 08:45:57 243200 ----a-w- C:\Windows\System32\rdpudd.dll
2015-07-05 08:45:57 16384 ----a-w- C:\Windows\System32\RdpGroupPolicyExtension.dll
2015-07-05 08:45:42 460800 ----a-w- C:\Windows\System32\certcli.dll
2015-07-05 08:45:42 342016 ----a-w- C:\Windows\SysWow64\certcli.dll
2015-07-05 08:45:22 1647104 ----a-w- C:\Windows\System32\DWrite.dll
2015-07-05 08:45:22 1250816 ----a-w- C:\Windows\SysWow64\DWrite.dll
2015-07-05 08:45:22 1179136 ----a-w- C:\Windows\System32\FntCache.dll
2015-07-05 08:45:17 683520 ----a-w- C:\Windows\System32\termsrv.dll
2015-07-05 08:43:02 52224 ----a-w- C:\Windows\SysWow64\nlaapi.dll
2015-07-05 08:43:02 303616 ----a-w- C:\Windows\System32\nlasvc.dll
2015-07-05 08:43:02 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2015-07-05 08:43:00 335360 ----a-w- C:\Windows\System32\msieftp.dll
2015-07-05 08:43:00 301568 ----a-w- C:\Windows\SysWow64\msieftp.dll
2015-07-05 08:42:58 210432 ----a-w- C:\Windows\System32\profsvc.dll
2015-07-05 08:42:56 484864 ----a-w- C:\Windows\System32\wer.dll
2015-07-05 08:42:56 381440 ----a-w- C:\Windows\SysWow64\wer.dll
2015-07-05 08:42:54 141312 ----a-w- C:\Windows\System32\drivers\mrxdav.sys
2015-07-05 08:27:44 -------- d-s---w- C:\Windows\SysWow64\GWX
2015-07-05 08:27:44 -------- d-s---w- C:\Windows\System32\GWX
2015-07-05 08:27:44 -------- d-----w- C:\Windows\Migration
2015-07-05 08:17:05 2777088 ----a-w- C:\Windows\System32\msmpeg2vdec.dll
2015-07-05 08:17:05 2285056 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll
2015-07-05 07:35:58 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2015-07-05 07:35:58 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2015-07-05 07:35:56 504320 ----a-w- C:\Windows\System32\msihnd.dll
2015-07-05 07:35:56 337408 ----a-w- C:\Windows\SysWow64\msihnd.dll
2015-07-05 07:35:56 1941504 ----a-w- C:\Windows\System32\authui.dll
2015-07-05 07:35:56 1805824 ----a-w- C:\Windows\SysWow64\authui.dll
2015-07-05 07:35:56 112064 ----a-w- C:\Windows\System32\consent.exe
2015-07-05 07:35:45 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2015-07-05 07:35:44 624128 ----a-w- C:\Windows\System32\qedit.dll
2015-07-05 07:35:44 509440 ----a-w- C:\Windows\SysWow64\qedit.dll
2015-07-05 07:12:31 -------- d-----w- C:\Program Files\Sandboxie
2015-07-05 07:09:35 -------- d-----w- C:\Users\93\AppData\Local\FluxSoftware
2015-07-05 06:52:17 124112 ----a-w- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll
2015-07-05 06:52:17 102608 ----a-w- C:\Windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-07-05 06:39:09 230400 ----a-w- C:\Windows\System32\drivers\portcls.sys
2015-07-05 06:39:09 116736 ----a-w- C:\Windows\System32\drivers\drmk.sys
2015-07-05 06:39:04 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2015-07-05 06:39:04 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2015-07-05 06:39:04 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2015-07-05 06:39:04 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2015-07-05 06:39:04 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2015-07-05 06:39:04 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2015-07-05 06:39:04 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2015-07-05 06:38:46 -------- d-----w- C:\Users\93\AppData\Roaming\Contaware
2015-07-05 06:38:46 -------- d-----w- C:\ContaCam
2015-07-05 06:38:39 -------- d-----w- C:\Program Files (x86)\ContaCam
2015-07-05 06:36:02 -------- d-----w- C:\ProgramData\Licenses
2015-07-05 06:36:01 129872 ----a-w- C:\Windows\SysWow64\MSSTDFMT.DLL
2015-07-05 06:35:59 -------- d-----w- C:\Program Files (x86)\SpywareBlaster
2015-07-05 06:28:45 -------- d-----w- C:\Users\93\AppData\Local\Skype
2015-07-05 06:27:01 -------- d-----w- C:\Program Files\Microsoft LifeCam
2015-07-05 06:27:01 -------- d-----w- C:\Program Files (x86)\Microsoft LifeCam
2015-07-05 06:08:24 -------- d-----w- C:\Program Files\Microsoft Mouse and Keyboard Center
2015-07-05 06:03:46 878080 ----a-w- C:\Windows\System32\IMJP10K.DLL
2015-07-05 06:03:46 701440 ----a-w- C:\Windows\SysWow64\IMJP10K.DLL
2015-07-05 06:03:45 3928064 ----a-w- C:\Windows\System32\d2d1.dll
2015-07-05 06:03:45 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll
2015-07-05 06:03:44 2048 ----a-w- C:\Windows\SysWow64\msxml3r.dll
2015-07-05 06:03:44 2048 ----a-w- C:\Windows\System32\msxml3r.dll
2015-07-05 06:03:44 1882624 ----a-w- C:\Windows\System32\msxml3.dll
2015-07-05 06:03:44 1237504 ----a-w- C:\Windows\SysWow64\msxml3.dll
2015-07-05 06:03:41 985536 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2015-07-05 06:00:13 459336 ----a-w- C:\Windows\System32\drivers\cng.sys
2015-07-05 05:59:21 3206144 ----a-w- C:\Windows\System32\win32k.sys
2015-07-05 05:51:44 861696 ----a-w- C:\Windows\System32\oleaut32.dll
2015-07-05 05:51:44 571904 ----a-w- C:\Windows\SysWow64\oleaut32.dll
2015-07-05 05:51:40 142336 ----a-w- C:\Windows\System32\poqexec.exe
2015-07-05 05:51:40 123904 ----a-w- C:\Windows\SysWow64\poqexec.exe
2015-07-05 05:49:08 241152 ----a-w- C:\Windows\System32\pku2u.dll
2015-07-05 05:49:08 186880 ----a-w- C:\Windows\SysWow64\pku2u.dll
2015-07-05 05:46:48 828928 ----a-w- C:\Windows\SysWow64\msctf.dll
2015-07-05 05:45:53 72192 ----a-w- C:\Windows\System32\aelupsvc.dll
2015-07-05 05:44:57 1684928 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2015-07-05 05:44:55 406528 ----a-w- C:\Windows\System32\scesrv.dll
2015-07-05 05:44:55 308224 ----a-w- C:\Windows\SysWow64\scesrv.dll
2015-07-05 05:44:53 3241984 ----a-w- C:\Windows\System32\msi.dll
2015-07-05 05:44:53 2363904 ----a-w- C:\Windows\SysWow64\msi.dll
2015-07-05 05:44:35 202752 ----a-w- C:\Windows\System32\scrrun.dll
2015-07-05 05:44:35 168960 ----a-w- C:\Windows\System32\wscript.exe
2015-07-05 05:44:35 163840 ----a-w- C:\Windows\SysWow64\scrrun.dll
2015-07-05 05:44:35 156160 ----a-w- C:\Windows\System32\cscript.exe
2015-07-05 05:44:35 150016 ----a-w- C:\Windows\System32\wshom.ocx
2015-07-05 05:44:35 141824 ----a-w- C:\Windows\SysWow64\wscript.exe
2015-07-05 05:44:35 126976 ----a-w- C:\Windows\SysWow64\cscript.exe
2015-07-05 05:44:35 121856 ----a-w- C:\Windows\SysWow64\wshom.ocx
2015-07-05 05:43:02 465920 ----a-w- C:\Windows\System32\WMPhoto.dll
2015-07-05 05:43:02 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll
2015-07-05 05:43:01 664064 ----a-w- C:\Windows\SysWow64\rpcrt4.dll
2015-07-05 05:43:01 1216000 ----a-w- C:\Windows\System32\rpcrt4.dll
2015-07-05 05:21:55 -------- d-----w- C:\Windows\TempF557102D-152E-62A5-F388-7DC92BE60855-Signatures
2015-07-05 05:15:25 -------- d-----r- C:\Program Files (x86)\Skype
2015-07-05 05:11:12 99480 ----a-w- C:\Windows\SysWow64\infocardapi.dll
2015-07-05 05:11:11 8856 ----a-w- C:\Windows\SysWow64\icardres.dll
2015-07-05 05:11:11 8856 ----a-w- C:\Windows\System32\icardres.dll
2015-07-05 05:11:11 619672 ----a-w- C:\Windows\SysWow64\icardagt.exe
2015-07-05 05:11:11 171160 ----a-w- C:\Windows\System32\infocardapi.dll
2015-07-05 05:11:11 1389208 ----a-w- C:\Windows\System32\icardagt.exe
2015-07-05 05:10:59 35480 ----a-w- C:\Windows\SysWow64\TsWpfWrp.exe
2015-07-05 05:10:59 35480 ----a-w- C:\Windows\System32\TsWpfWrp.exe
2015-07-05 04:50:35 1480192 ----a-w- C:\Windows\System32\crypt32.dll
2015-07-05 04:30:30 493504 ----a-w- C:\Windows\System32\mcupdate_GenuineIntel.dll
2015-07-05 04:26:21 81560 ----a-w- C:\Windows\SysWow64\mscories.dll
2015-07-05 04:26:21 73880 ----a-w- C:\Windows\System32\mscories.dll
2015-07-05 04:26:21 1943696 ----a-w- C:\Windows\System32\dfshim.dll
2015-07-05 04:26:21 156824 ----a-w- C:\Windows\SysWow64\mscorier.dll
2015-07-05 04:26:21 156312 ----a-w- C:\Windows\System32\mscorier.dll
2015-07-05 04:26:21 1131664 ----a-w- C:\Windows\SysWow64\dfshim.dll
2015-07-05 04:24:57 82944 ----a-w- C:\Windows\System32\dwmapi.dll
2015-07-05 04:24:57 67584 ----a-w- C:\Windows\SysWow64\dwmapi.dll
2015-07-05 04:24:57 1632768 ----a-w- C:\Windows\System32\dwmcore.dll
2015-07-05 04:24:57 1372160 ----a-w- C:\Windows\SysWow64\dwmcore.dll
2015-07-05 04:18:08 965000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2015-07-05 04:18:08 1190000 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A3917C19-9C92-466A-9D63-AE4A0B6E4827}\gapaengine.dll
2015-07-05 04:09:59 -------- d-----w- C:\Windows\PCHEALTH
2015-07-05 04:06:53 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services
2015-07-05 04:06:41 -------- d-----w- C:\Users\93\AppData\Local\Microsoft Help
2015-06-17 07:23:50 94208 ----a-w- C:\Windows\SysWow64\QuickTimeVR.qtx
2015-06-17 07:23:50 69632 ----a-w- C:\Windows\SysWow64\QuickTime.qts
.
==================== Find3M ====================
.
2015-07-05 10:08:23 300704 ------w- C:\Windows\System32\MpSigStub.exe
2015-07-05 05:54:57 113880 ----a-w- C:\Windows\System32\drivers\MBAMSwissArmy.sys
2015-06-18 15:41:56 63704 ----a-w- C:\Windows\System32\drivers\mwac.sys
2015-06-18 15:41:44 109272 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2015-06-18 15:41:40 25816 ----a-w- C:\Windows\System32\drivers\mbam.sys
2015-05-25 18:24:00 5569984 ----a-w- C:\Windows\System32\ntoskrnl.exe
2015-05-25 18:23:59 95680 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2015-05-25 18:23:59 155584 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2015-05-25 18:21:21 1728960 ----a-w- C:\Windows\System32\ntdll.dll
2015-05-25 18:18:56 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2015-05-25 18:18:56 22016 ----a-w- C:\Windows\System32\credssp.dll
2015-05-25 18:18:54 879104 ----a-w- C:\Windows\System32\advapi32.dll
2015-05-25 18:18:45 47104 ----a-w- C:\Windows\System32\typeperf.exe
2015-05-25 18:18:45 404992 ----a-w- C:\Windows\System32\tracerpt.exe
2015-05-25 18:18:39 112640 ----a-w- C:\Windows\System32\smss.exe
2015-05-25 18:18:32 296960 ----a-w- C:\Windows\System32\rstrui.exe
2015-05-25 18:18:30 43008 ----a-w- C:\Windows\System32\relog.exe
2015-05-25 18:18:19 31232 ----a-w- C:\Windows\System32\lsass.exe
2015-05-25 18:18:19 104448 ----a-w- C:\Windows\System32\logman.exe
2015-05-25 18:18:11 19456 ----a-w- C:\Windows\System32\diskperf.exe
2015-05-25 18:18:08 338432 ----a-w- C:\Windows\System32\conhost.exe
2015-05-25 18:18:04 64000 ----a-w- C:\Windows\System32\auditpol.exe
2015-05-25 18:14:26 60416 ----a-w- C:\Windows\System32\msobjs.dll
2015-05-25 18:14:04 146432 ----a-w- C:\Windows\System32\msaudite.dll
2015-05-25 18:07:34 3989440 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2015-05-25 18:07:34 3934144 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2015-05-25 18:04:08 1310744 ----a-w- C:\Windows\SysWow64\ntdll.dll
2015-05-25 18:00:44 40448 ----a-w- C:\Windows\SysWow64\typeperf.exe
2015-05-25 18:00:40 364544 ----a-w- C:\Windows\SysWow64\tracerpt.exe
2015-05-25 18:00:28 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2015-05-25 18:00:25 37888 ----a-w- C:\Windows\SysWow64\relog.exe
2015-05-25 18:00:17 82944 ----a-w- C:\Windows\SysWow64\logman.exe
2015-05-25 18:00:09 17408 ----a-w- C:\Windows\SysWow64\diskperf.exe
2015-05-25 18:00:04 50176 ----a-w- C:\Windows\SysWow64\auditpol.exe
2015-05-25 17:59:52 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2015-05-25 17:59:52 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2015-05-25 17:59:51 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2015-05-25 17:57:31 60416 ----a-w- C:\Windows\SysWow64\msobjs.dll
2015-05-25 17:57:15 146432 ----a-w- C:\Windows\SysWow64\msaudite.dll
2015-05-25 17:00:56 36864 ----a-w- C:\Windows\System32\UtcResources.dll
2015-05-25 16:50:38 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2015-05-25 16:50:36 2048 ----a-w- C:\Windows\SysWow64\user.exe
2015-05-25 16:48:25 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2015-05-25 16:48:25 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-25 16:48:25 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-25 16:48:25 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2015-05-23 03:28:17 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2015-05-23 03:15:54 503808 ----a-w- C:\Windows\SysWow64\vbscript.dll
2015-05-23 03:15:40 62464 ----a-w- C:\Windows\SysWow64\iesetup.dll
2015-05-23 03:15:02 47616 ----a-w- C:\Windows\SysWow64\ieetwproxystub.dll
2015-05-23 03:14:51 341504 ----a-w- C:\Windows\SysWow64\html.iec
2015-05-23 03:13:48 64000 ----a-w- C:\Windows\SysWow64\MshtmlDac.dll
2015-05-23 03:05:21 115712 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2015-05-23 03:04:50 620032 ----a-w- C:\Windows\SysWow64\jscript9diag.dll
2015-05-23 02:52:43 60416 ----a-w- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
2015-05-23 02:47:31 4305920 ----a-w- C:\Windows\SysWow64\jscript9.dll
2015-05-23 02:37:45 2052608 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2015-05-23 02:37:25 1155072 ----a-w- C:\Windows\SysWow64\mshtmlmedia.dll
2015-05-23 02:20:35 1950720 ----a-w- C:\Windows\SysWow64\wininet.dll
2015-05-22 19:16:55 2724864 ----a-w- C:\Windows\System32\mshtml.tlb
2015-05-22 19:16:44 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll
2015-05-22 19:01:42 66560 ----a-w- C:\Windows\System32\iesetup.dll
2015-05-22 19:00:54 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll
2015-05-22 19:00:47 417792 ----a-w- C:\Windows\System32\html.iec
2015-05-22 19:00:25 584192 ----a-w- C:\Windows\System32\vbscript.dll
2015-05-22 18:59:27 88064 ----a-w- C:\Windows\System32\MshtmlDac.dll
2015-05-22 18:52:21 6026240 ----a-w- C:\Windows\System32\jscript9.dll
2015-05-22 18:47:49 144384 ----a-w- C:\Windows\System32\ieUnatt.exe
2015-05-22 18:47:34 114688 ----a-w- C:\Windows\System32\ieetwcollector.exe
2015-05-22 18:47:03 814080 ----a-w- C:\Windows\System32\jscript9diag.dll
2015-05-22 18:40:17 968704 ----a-w- C:\Windows\System32\MsSpellCheckingFacility.exe
2015-05-22 18:29:31 77824 ----a-w- C:\Windows\System32\JavaScriptCollectionAgent.dll
2015-05-22 18:05:28 1359360 ----a-w- C:\Windows\System32\mshtmlmedia.dll
2015-05-22 18:05:06 2125824 ----a-w- C:\Windows\System32\inetcpl.cpl
2015-05-22 17:50:20 2426880 ----a-w- C:\Windows\System32\wininet.dll
2015-05-09 03:27:37 98304 ----a-w- C:\Windows\System32\wudriver.dll
2015-05-09 03:27:37 3147776 ----a-w- C:\Windows\System32\wucltux.dll
2015-05-09 03:27:37 191488 ----a-w- C:\Windows\System32\wuwebv.dll
2015-05-09 03:26:38 87040 ----a-w- C:\Windows\System32\WinSetupUI.dll
2015-05-09 03:26:30 12288 ----a-w- C:\Windows\System32\wu.upgrade.ps.dll
2015-05-09 03:26:27 36864 ----a-w- C:\Windows\System32\wuapp.exe
2015-05-09 03:14:46 92672 ----a-w- C:\Windows\SysWow64\wudriver.dll
2015-05-09 03:14:46 173056 ----a-w- C:\Windows\SysWow64\wuwebv.dll
2015-05-09 03:13:32 33792 ----a-w- C:\Windows\SysWow64\wuapp.exe
2015-04-29 18:21:50 5120 ----a-w- C:\Windows\System32\msdxm.ocx
2015-04-29 18:21:50 5120 ----a-w- C:\Windows\System32\dxmasf.dll
2015-04-29 18:21:46 9728 ----a-w- C:\Windows\System32\spwmp.dll
2015-04-29 18:19:43 12625920 ----a-w- C:\Windows\System32\wmploc.DLL
2015-04-29 18:07:12 4096 ----a-w- C:\Windows\SysWow64\msdxm.ocx
2015-04-29 18:07:12 4096 ----a-w- C:\Windows\SysWow64\dxmasf.dll
2015-04-29 18:07:07 8192 ----a-w- C:\Windows\SysWow64\spwmp.dll
2015-04-29 18:05:19 12625408 ----a-w- C:\Windows\SysWow64\wmploc.DLL
2015-04-27 19:23:45 229376 ----a-w- C:\Windows\System32\wintrust.dll
2015-04-27 19:23:13 188416 ----a-w- C:\Windows\System32\cryptsvc.dll
2015-04-27 19:23:13 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2015-04-27 19:05:58 179200 ----a-w- C:\Windows\SysWow64\wintrust.dll
2015-04-27 19:04:37 143872 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2015-04-27 19:04:37 1174528 ----a-w- C:\Windows\SysWow64\crypt32.dll
2015-04-27 19:04:37 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2015-04-24 18:17:26 633856 ----a-w- C:\Windows\System32\comctl32.dll
.
============= FINISH: 14:17:16.38 ===============
 

Attachments

See less See more
#3 ·
Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

CCleaner

We do not recommend the use of registry cleaners, or the registry cleaner feature of CCleaner. Our colleague miekiemoes has an excellent writeup here

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Do NOT click the green 'Download' button(if visible).
  • Click the blue 'Download now @bleepingcomputer' button.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Cleaning
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[S#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
 
Save
Like Like
T
#4 ·
Hi chemist,

I don't use CCleaner to clean registry and it came with my computer so I only updated and used the cleaner part.

I'm very careful of where I download, and most were updates, and even updates I'm careful about what's checked and not.

# AdwCleaner v4.208 - Logfile created 10/07/2015 at 05:08:28
# Updated 09/07/2015 by Xplode
# Database : 2015-07-10.1 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : 93 - PUGET-117561
# Running from : C:\Users\93\Downloads\AdwCleaner.exe
# Option : Cleaning

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Scheduled tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyOverride] - *.local

***** [ Web browsers ] *****

-\\ Internet Explorer v11.0.9600.17840


-\\ Mozilla Firefox v39.0 (x86 en-US)


-\\ Google Chrome v43.0.2357.132

[C:\Users\4\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
[C:\Users\4\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}

*************************

AdwCleaner[R0].txt - [1178 bytes] - [10/07/2015 05:06:55]
AdwCleaner[S0].txt - [1109 bytes] - [10/07/2015 05:08:28]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1168 bytes] ##########

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:09-07-2015
Ran by 93 (administrator) on PUGET-117561 on 10-07-2015 05:13:02
Running from C:\Users\93\Desktop
Loaded Profiles: 93 (Available Profiles: 93 & 4)
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files\Microsoft LifeCam\MSCamS64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Flux Software LLC) C:\Users\93\AppData\Local\FluxSoftware\Flux\flux.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieCtrl.exe
(Ruiware) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe
() C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe
() C:\Users\93\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ActivateReminder.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6846096 2012-11-19] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [286192 2013-01-31] (Intel Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-06-29] (Apple Inc.)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-15] (Apple Inc.)
HKLM-x32\...\Run: [LifeCam] => C:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe [119152 2010-05-20] (Microsoft Corporation)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1284680 2014-01-17] (CANON INC.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-854756855-4244279769-3060794413-1000\...\Run: [f.lux] => C:\Users\93\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-854756855-4244279769-3060794413-1000\...\Run: [SandboxieControl] => C:\Program Files\Sandboxie\SbieCtrl.exe [787592 2015-06-23] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-854756855-4244279769-3060794413-1000\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1244296 2015-06-25] (Ruiware)
HKU\S-1-5-21-854756855-4244279769-3060794413-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8358680 2015-06-01] (Piriform Ltd)
Startup: C:\Users\93\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ActivateReminder.exe [2015-07-08] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ImageBrowser EX Agent.lnk [2015-07-08]
ShortcutTarget: ImageBrowser EX Agent.lnk -> C:\Program Files (x86)\Canon\ImageBrowser EX\MFManager.exe ()
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-854756855-4244279769-3060794413-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.pugetsystems.com/welcome.php?oid=117561
HKU\S-1-5-21-854756855-4244279769-3060794413-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN.com - Hotmail, Outlook, Skype, Bing, Latest News, Photos & Videos
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.3.25
Tcpip\..\Interfaces\{649FED28-E5CC-41A3-A3E0-B1852BA10A06}: [DhcpNameServer] 192.168.0.1 205.171.3.25

FireFox:
========
FF ProfilePath: C:\Users\93\AppData\Roaming\Mozilla\Firefox\Profiles\syowip1a.default
FF Homepage: hxxp://www.pugetsystems.com/welcome.php?oid=117561
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_203.dll [2015-07-08] ()
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_203.dll [2015-07-08] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2013-07-12] (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-02-13] (Google, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.0.72 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-03-12] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-03-12] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-07-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-07-05] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Extension: FEBE - C:\Users\93\AppData\Roaming\Mozilla\Firefox\Profiles\syowip1a.default\Extensions\{4BBDD651-70CF-4821-84F8-2B918CF89CA3} [2015-07-05]
FF Extension: WOT - C:\Users\93\AppData\Roaming\Mozilla\Firefox\Profiles\syowip1a.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-07-09]
FF Extension: Ghostery - C:\Users\93\AppData\Roaming\Mozilla\Firefox\Profiles\syowip1a.default\Extensions\firefox@ghostery.com.xpi [2015-07-05]
FF Extension: Flagfox - C:\Users\93\AppData\Roaming\Mozilla\Firefox\Profiles\syowip1a.default\Extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}.xpi [2015-07-05]
FF Extension: Cookie Monster - C:\Users\93\AppData\Roaming\Mozilla\Firefox\Profiles\syowip1a.default\Extensions\{45d8ff86-d909-11db-9705-005056c00008}.xpi [2015-07-05]
FF Extension: NoScript - C:\Users\93\AppData\Roaming\Mozilla\Firefox\Profiles\syowip1a.default\Extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-07-05]
FF Extension: Adblock Plus - C:\Users\93\AppData\Roaming\Mozilla\Firefox\Profiles\syowip1a.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-07-05]
FF Extension: BetterPrivacy - C:\Users\93\AppData\Roaming\Mozilla\Firefox\Profiles\syowip1a.default\Extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2015-07-05]
FF Extension: Redirect Remover - C:\Users\93\AppData\Roaming\Mozilla\Firefox\Profiles\syowip1a.default\Extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}.xpi [2015-07-05]

Chrome:
=======
CHR Profile: C:\Users\93\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\93\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-07-05]
CHR Extension: (Google Drive) - C:\Users\93\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-07-05]
CHR Extension: (YouTube) - C:\Users\93\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-07-05]
CHR Extension: (Google Search) - C:\Users\93\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-07-05]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\93\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-07-05]
CHR Extension: (Google Wallet) - C:\Users\93\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-05]
CHR Extension: (Gmail) - C:\Users\93\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-05]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe [927232 2012-10-29] ()
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-01-31] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [731648 2013-02-13] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-03-12] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [175752 2015-06-23] (Sandboxie Holdings, LLC)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [496400 2013-02-26] (Intel Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28656 2013-01-31] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-06-18] (Malwarebytes Corporation)
S3 MODEMCSA; C:\Windows\System32\drivers\MODEMCSA.sys [24064 2009-07-13] (Microsoft Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [190088 2015-06-23] (Sandboxie Holdings, LLC)
S3 ALSysIO; \??\C:\Users\93\AppData\Local\Temp\ALSysIO64.sys [X]
S3 cpuz135; \??\C:\Users\93\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [X]
S3 cpuz136; \??\C:\Users\93\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
S3 GPU-Z; \??\C:\Users\93\AppData\Local\Temp\GPU-Z.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-10 05:13 - 2015-07-10 05:13 - 00016167 _____ C:\Users\93\Desktop\FRST.txt
2015-07-10 05:12 - 2015-07-10 05:13 - 00000000 ____D C:\FRST
2015-07-10 05:12 - 2015-07-10 05:12 - 02112512 _____ (Farbar) C:\Users\93\Desktop\FRST64.exe
2015-07-10 05:11 - 2015-07-10 05:11 - 00001248 _____ C:\Users\93\Desktop\AdwCleaner[S0].txt
2015-07-10 05:08 - 2015-07-10 05:08 - 00000127 _____ C:\Users\93\Desktop\quick note to tsf.txt
2015-07-10 05:06 - 2015-07-10 05:08 - 00000000 ____D C:\AdwCleaner
2015-07-09 14:47 - 2015-07-09 14:49 - 00000000 ____D C:\Users\93\AppData\Local\Microsoft Games
2015-07-07 04:06 - 2015-07-07 04:07 - 00000000 ____D C:\Users\4\AppData\Local\Microsoft Games
2015-07-05 13:36 - 2015-07-05 13:36 - 00001159 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-07-05 13:36 - 2015-07-05 13:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-05 13:36 - 2015-07-05 13:36 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-07-05 07:58 - 2015-07-07 16:37 - 00000000 ___RD C:\Sandbox
2015-07-05 07:56 - 2015-07-05 07:56 - 01585152 _____ C:\Users\4\Documents\bookmarks.html
2015-07-05 07:48 - 2015-07-05 07:48 - 00000000 ____D C:\Users\4\AppData\Roaming\Macromedia
2015-07-05 07:48 - 2015-07-05 07:48 - 00000000 ____D C:\Users\4\AppData\Local\Macromedia
2015-07-05 06:58 - 2015-07-05 06:58 - 00000000 ____D C:\Users\4\AppData\Roaming\Canon
2015-07-05 06:57 - 2015-07-05 06:57 - 00000000 ____D C:\Users\4\AppData\Local\Google
2015-07-05 06:11 - 2015-07-05 06:11 - 02870984 _____ (ESET) C:\Users\93\Downloads\esetsmartinstaller_enu.exe
2015-07-05 06:11 - 2015-07-05 06:11 - 00000000 ____D C:\Program Files (x86)\ESET
2015-07-05 06:09 - 2015-07-10 05:09 - 00002633 _____ C:\Windows\setupact.log
2015-07-05 06:09 - 2015-07-05 06:09 - 00000000 _____ C:\Windows\setuperr.log
2015-07-05 06:08 - 2015-07-08 07:11 - 00000000 ____D C:\Windows\pss
2015-07-05 06:08 - 2015-07-05 13:32 - 00003816 _____ C:\Windows\PFRO.log
2015-07-05 05:53 - 2015-07-05 05:53 - 00000000 ____D C:\Users\93\AppData\Roaming\WinPatrol
2015-07-05 05:53 - 2015-07-05 05:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol
2015-07-05 05:53 - 2015-07-05 05:53 - 00000000 ____D C:\ProgramData\InstallMate
2015-07-05 05:53 - 2015-07-05 05:53 - 00000000 ____D C:\Program Files (x86)\Ruiware
2015-07-05 05:48 - 2015-07-05 05:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-07-05 05:47 - 2015-07-05 05:48 - 00000000 ____D C:\Program Files\iTunes
2015-07-05 05:47 - 2015-07-05 05:47 - 00000000 ____D C:\Program Files\iPod
2015-07-05 05:47 - 2015-07-05 05:47 - 00000000 ____D C:\Program Files (x86)\iTunes
2015-07-05 05:33 - 2015-07-05 05:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-07-05 05:33 - 2015-07-05 05:33 - 00000000 ____D C:\Program Files (x86)\QuickTime
2015-07-05 05:20 - 2015-07-05 05:20 - 00000000 ____D C:\Users\93\AppData\Roaming\Macromedia
2015-07-05 05:20 - 2015-07-05 05:20 - 00000000 ____D C:\Users\93\AppData\Local\Macromedia
2015-07-05 05:19 - 2015-07-05 05:19 - 00001105 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2015-07-05 05:19 - 2015-07-05 05:19 - 00000000 ____D C:\Users\93\AppData\Roaming\Canneverbe Limited
2015-07-05 05:19 - 2015-07-05 05:19 - 00000000 ____D C:\Program Files (x86)\CDBurnerXP
2015-07-05 05:18 - 2015-07-05 05:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-07-05 05:14 - 2015-07-10 05:10 - 00000886 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-07-05 05:14 - 2015-07-09 22:19 - 00000890 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-07-05 05:14 - 2015-07-05 05:14 - 00003886 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-07-05 05:14 - 2015-07-05 05:14 - 00003634 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-07-05 05:09 - 2015-07-10 05:10 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-07-05 05:09 - 2015-07-08 21:11 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-07-05 05:09 - 2015-07-08 21:11 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-07-05 05:09 - 2015-07-08 21:11 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-07-05 05:01 - 2015-07-05 05:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG6600 series User Registration
2015-07-05 05:01 - 2014-01-21 13:15 - 00336896 _____ (CANON INC.) C:\Windows\SysWOW64\CNC_C9L.dll
2015-07-05 05:01 - 2013-12-02 12:58 - 00096000 _____ C:\Windows\SysWOW64\CNC177ED.TBL
2015-07-05 05:01 - 2008-08-25 18:02 - 00015872 _____ (CANON INC.) C:\Windows\SysWOW64\CNHMCA.dll
2015-07-05 04:59 - 2015-07-05 04:59 - 00000000 ____D C:\ProgramData\CanonIJWSpt
2015-07-05 04:56 - 2015-07-05 05:01 - 00000000 ____D C:\Program Files\Canon
2015-07-05 04:56 - 2015-07-05 04:56 - 00002358 _____ C:\Users\Public\Desktop\Canon MG6600 series On-screen Manual.lnk
2015-07-05 04:56 - 2015-07-05 04:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG6600 series Manual
2015-07-05 04:55 - 2015-07-05 04:55 - 00000000 ___HD C:\ProgramData\CanonBJ
2015-07-05 04:55 - 2015-07-05 04:55 - 00000000 ___HD C:\Program Files\CanonBJ
2015-07-05 04:55 - 2014-03-18 05:00 - 00406016 _____ (CANON INC.) C:\Windows\system32\CNMLMC9.DLL
2015-07-05 04:55 - 2014-02-04 15:29 - 00316928 _____ (CANON INC.) C:\Windows\system32\CNC_C9C.dll
2015-07-05 04:55 - 2014-02-04 15:29 - 00105984 _____ (CANON INC.) C:\Windows\system32\CNC_C9I.dll
2015-07-05 04:55 - 2014-01-21 13:16 - 00369664 _____ (CANON INC.) C:\Windows\system32\CNC_C9L.dll
2015-07-05 04:55 - 2013-12-02 12:58 - 00096000 _____ C:\Windows\system32\CNC177ED.TBL
2015-07-05 04:55 - 2008-08-25 18:02 - 00017920 _____ (CANON INC.) C:\Windows\system32\CNHMCA6.dll
2015-07-05 04:44 - 2015-07-05 04:44 - 00001102 _____ C:\Users\Public\Desktop\PowerShot A4000 IS and A3400 IS and A2400 IS and A2300 and A1300 and A810 Camera User Guide.lnk
2015-07-05 04:44 - 2015-07-05 04:44 - 00000000 ____D C:\Users\Public\Documents\Canon MyCameraFiles
2015-07-05 04:30 - 2015-07-05 05:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2015-07-05 04:30 - 2015-07-05 05:02 - 00000000 ____D C:\Program Files (x86)\Canon
2015-07-05 04:30 - 2015-07-05 04:30 - 00000000 ____D C:\Users\93\AppData\Roaming\Canon_Inc_IC
2015-07-05 04:28 - 2015-07-05 05:03 - 00000000 ____D C:\Users\93\AppData\Roaming\canon
2015-07-05 04:28 - 2015-07-05 04:28 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2015-07-05 04:28 - 2015-07-05 04:28 - 00000000 ____D C:\ProgramData\Canon_Inc_IC
2015-07-05 04:24 - 2015-07-05 04:24 - 00000000 ____D C:\Program Files\DIFX
2015-07-05 04:23 - 2015-07-05 04:23 - 00000000 ____D C:\Temp
2015-07-05 01:47 - 2015-02-02 20:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-07-05 01:47 - 2015-02-02 20:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-07-05 01:47 - 2015-02-02 20:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-07-05 01:47 - 2015-02-02 20:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-07-05 01:47 - 2015-02-02 20:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-07-05 01:47 - 2015-02-02 20:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-07-05 01:47 - 2015-02-02 20:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-07-05 01:47 - 2015-02-02 20:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-07-05 01:47 - 2015-02-02 20:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-07-05 01:47 - 2015-02-02 20:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-07-05 01:47 - 2015-02-02 20:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-07-05 01:47 - 2015-02-02 20:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-07-05 01:47 - 2015-02-02 20:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-07-05 01:47 - 2015-02-02 20:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-07-05 01:47 - 2015-02-02 20:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-07-05 01:47 - 2015-02-02 20:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-07-05 01:47 - 2015-02-02 20:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-07-05 01:47 - 2015-02-02 20:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-07-05 01:47 - 2015-02-02 20:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-07-05 01:47 - 2015-02-02 20:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-07-05 01:47 - 2015-02-02 20:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-07-05 01:47 - 2015-02-02 20:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-07-05 01:47 - 2015-02-02 20:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-07-05 01:47 - 2015-02-02 20:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-07-05 01:47 - 2015-02-02 20:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-07-05 01:47 - 2015-02-02 20:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-07-05 01:47 - 2015-02-02 20:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-07-05 01:47 - 2015-02-02 20:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-07-05 01:47 - 2015-02-02 20:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-07-05 01:47 - 2015-02-02 20:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-07-05 01:47 - 2015-02-02 20:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-07-05 01:47 - 2015-02-02 20:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-07-05 01:47 - 2015-02-02 20:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-07-05 01:47 - 2015-02-02 20:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-07-05 01:47 - 2015-02-02 20:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-07-05 01:47 - 2015-02-02 20:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-07-05 01:47 - 2015-02-02 20:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-07-05 01:47 - 2015-02-02 20:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-07-05 01:47 - 2015-02-02 20:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-07-05 01:47 - 2015-02-02 20:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-07-05 01:47 - 2015-02-02 20:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-07-05 01:47 - 2015-02-02 20:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-07-05 01:47 - 2015-02-02 20:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-07-05 01:47 - 2015-02-02 20:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-07-05 01:47 - 2015-02-02 20:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-07-05 01:47 - 2015-02-02 20:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-07-05 01:47 - 2015-02-02 20:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-07-05 01:47 - 2015-02-02 20:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-07-05 01:47 - 2015-02-02 20:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-07-05 01:47 - 2015-02-02 20:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-07-05 01:47 - 2015-02-02 20:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-07-05 01:47 - 2015-02-02 20:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-07-05 01:47 - 2015-02-02 20:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-07-05 01:47 - 2015-02-02 20:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-07-05 01:47 - 2015-02-02 20:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-07-05 01:47 - 2015-02-02 20:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-07-05 01:47 - 2015-02-02 20:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-07-05 01:47 - 2015-02-02 20:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-07-05 01:47 - 2015-02-02 20:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-07-05 01:47 - 2015-02-02 19:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-07-05 01:47 - 2014-12-11 10:47 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-07-05 01:47 - 2014-10-31 15:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-07-05 01:47 - 2014-08-01 04:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2015-07-05 01:47 - 2014-08-01 04:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2015-07-05 01:47 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2015-07-05 01:47 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2015-07-05 01:47 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2015-07-05 01:47 - 2014-07-08 19:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2015-07-05 01:47 - 2014-07-08 19:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2015-07-05 01:47 - 2014-07-08 18:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2015-07-05 01:47 - 2014-07-08 18:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2015-07-05 01:47 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2015-07-05 01:47 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2015-07-05 01:47 - 2014-07-08 18:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2015-07-05 01:47 - 2014-06-27 17:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-07-05 01:47 - 2014-06-27 17:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-07-05 01:46 - 2015-05-25 11:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-07-05 01:46 - 2015-05-25 11:23 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-07-05 01:46 - 2015-05-25 11:23 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-07-05 01:46 - 2015-05-25 11:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-07-05 01:46 - 2015-05-25 11:19 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-07-05 01:46 - 2015-05-25 11:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-07-05 01:46 - 2015-05-25 11:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-07-05 01:46 - 2015-05-25 11:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-07-05 01:46 - 2015-05-25 11:19 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-07-05 01:46 - 2015-05-25 11:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-07-05 01:46 - 2015-05-25 11:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-07-05 01:46 - 2015-05-25 11:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-07-05 01:46 - 2015-05-25 11:19 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-07-05 01:46 - 2015-05-25 11:19 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-07-05 01:46 - 2015-05-25 11:19 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-07-05 01:46 - 2015-05-25 11:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-07-05 01:46 - 2015-05-25 11:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-07-05 01:46 - 2015-05-25 11:19 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-07-05 01:46 - 2015-05-25 11:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-07-05 01:46 - 2015-05-25 11:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
2015-07-05 01:46 - 2015-05-25 11:19 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-07-05 01:46 - 2015-05-25 11:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-07-05 01:46 - 2015-05-25 11:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-07-05 01:46 - 2015-05-25 11:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-07-05 01:46 - 2015-05-25 11:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-07-05 01:46 - 2015-05-25 11:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-07-05 01:46 - 2015-05-25 11:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-07-05 01:46 - 2015-05-25 11:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
2015-07-05 01:46 - 2015-05-25 11:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-07-05 01:46 - 2015-05-25 11:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-07-05 01:46 - 2015-05-25 11:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-07-05 01:46 - 2015-05-25 11:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
2015-07-05 01:46 - 2015-05-25 11:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-07-05 01:46 - 2015-05-25 11:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
2015-07-05 01:46 - 2015-05-25 11:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-07-05 01:46 - 2015-05-25 11:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
2015-07-05 01:46 - 2015-05-25 11:18 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-07-05 01:46 - 2015-05-25 11:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-07-05 01:46 - 2015-05-25 11:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
2015-07-05 01:46 - 2015-05-25 11:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-07-05 01:46 - 2015-05-25 11:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-07-05 01:46 - 2015-05-25 11:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-07-05 01:46 - 2015-05-25 11:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-07-05 01:46 - 2015-05-25 11:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-07-05 01:46 - 2015-05-25 11:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-07-05 01:46 - 2015-05-25 11:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-07-05 01:46 - 2015-05-25 11:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-07-05 01:46 - 2015-05-25 11:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-07-05 01:46 - 2015-05-25 11:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-07-05 01:46 - 2015-05-25 11:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-07-05 01:46 - 2015-05-25 11:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-07-05 01:46 - 2015-05-25 11:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-07-05 01:46 - 2015-05-25 11:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-07-05 01:46 - 2015-05-25 11:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-07-05 01:46 - 2015-05-25 11:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-07-05 01:46 - 2015-05-25 11:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-07-05 01:46 - 2015-05-25 11:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-07-05 01:46 - 2015-05-25 11:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-07-05 01:46 - 2015-05-25 11:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-07-05 01:46 - 2015-05-25 11:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-07-05 01:46 - 2015-05-25 11:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-07-05 01:46 - 2015-05-25 11:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-07-05 01:46 - 2015-05-25 11:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-07-05 01:46 - 2015-05-25 11:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-07-05 01:46 - 2015-05-25 11:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-07-05 01:46 - 2015-05-25 11:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-07-05 01:46 - 2015-05-25 11:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-07-05 01:46 - 2015-05-25 11:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-07-05 01:46 - 2015-05-25 11:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-07-05 01:46 - 2015-05-25 11:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-07-05 01:46 - 2015-05-25 11:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-07-05 01:46 - 2015-05-25 11:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-07-05 01:46 - 2015-05-25 11:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-07-05 01:46 - 2015-05-25 11:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-07-05 01:46 - 2015-05-25 11:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-07-05 01:46 - 2015-05-25 11:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-07-05 01:46 - 2015-05-25 11:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-07-05 01:46 - 2015-05-25 11:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-07-05 01:46 - 2015-05-25 11:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-07-05 01:46 - 2015-05-25 11:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-07-05 01:46 - 2015-05-25 11:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-07-05 01:46 - 2015-05-25 11:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll
2015-07-05 01:46 - 2015-05-25 11:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-07-05 01:46 - 2015-05-25 11:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-07-05 01:46 - 2015-05-25 11:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-07-05 01:46 - 2015-05-25 11:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-07-05 01:46 - 2015-05-25 11:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-07-05 01:46 - 2015-05-25 11:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe
2015-07-05 01:46 - 2015-05-25 11:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe
2015-07-05 01:46 - 2015-05-25 11:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-07-05 01:46 - 2015-05-25 11:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe
2015-07-05 01:46 - 2015-05-25 11:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe
2015-07-05 01:46 - 2015-05-25 11:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-07-05 01:46 - 2015-05-25 11:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe
2015-07-05 01:46 - 2015-05-25 10:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-07-05 01:46 - 2015-05-25 10:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-07-05 01:46 - 2015-05-25 10:59 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-07-05 01:46 - 2015-05-25 10:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-07-05 01:46 - 2015-05-25 10:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-07-05 01:46 - 2015-05-25 10:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-07-05 01:46 - 2015-05-25 10:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-07-05 01:46 - 2015-05-25 10:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-07-05 01:46 - 2015-05-25 10:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-07-05 01:46 - 2015-05-25 10:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-07-05 01:46 - 2015-05-25 10:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-07-05 01:46 - 2015-05-25 10:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-07-05 01:46 - 2015-05-25 10:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-07-05 01:46 - 2015-05-25 10:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-07-05 01:46 - 2015-05-25 10:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-07-05 01:46 - 2015-05-25 10:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-07-05 01:46 - 2015-05-25 10:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-07-05 01:46 - 2015-05-25 10:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-07-05 01:46 - 2015-05-25 10:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-07-05 01:46 - 2015-05-25 10:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-07-05 01:46 - 2015-05-25 10:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-07-05 01:46 - 2015-05-25 10:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-07-05 01:46 - 2015-05-25 10:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-07-05 01:46 - 2015-05-25 10:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-07-05 01:46 - 2015-05-25 10:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-07-05 01:46 - 2015-05-25 10:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-07-05 01:46 - 2015-05-25 10:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-07-05 01:46 - 2015-05-25 10:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-07-05 01:46 - 2015-05-25 10:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-07-05 01:46 - 2015-05-25 10:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-07-05 01:46 - 2015-05-25 10:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-07-05 01:46 - 2015-05-25 10:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-07-05 01:46 - 2015-05-25 10:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-07-05 01:46 - 2015-05-25 09:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-07-05 01:46 - 2015-05-25 09:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-07-05 01:46 - 2015-05-25 09:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-07-05 01:46 - 2015-05-25 09:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-07-05 01:46 - 2015-05-25 09:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-07-05 01:46 - 2015-05-25 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-07-05 01:46 - 2014-09-04 19:11 - 06584320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-07-05 01:46 - 2014-09-04 18:52 - 05703168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-07-05 01:45 - 2015-04-19 20:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-07-05 01:45 - 2015-04-19 20:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-07-05 01:45 - 2015-04-19 19:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-07-05 01:45 - 2015-04-17 20:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-07-05 01:45 - 2015-04-17 19:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-07-05 01:45 - 2015-01-30 20:48 - 03179520 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-07-05 01:45 - 2015-01-30 20:48 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\RdpGroupPolicyExtension.dll
2015-07-05 01:45 - 2015-01-30 16:56 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-07-05 01:45 - 2014-10-13 19:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2015-07-05 01:45 - 2014-06-23 20:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-07-05 01:45 - 2014-06-23 19:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-07-05 01:44 - 2015-04-29 11:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-07-05 01:44 - 2015-04-29 11:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-07-05 01:44 - 2015-04-29 11:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-07-05 01:44 - 2015-04-29 11:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-07-05 01:44 - 2015-04-29 11:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-07-05 01:44 - 2015-04-29 11:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-07-05 01:44 - 2015-04-29 11:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-07-05 01:44 - 2015-04-29 11:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-07-05 01:44 - 2015-04-29 11:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-07-05 01:44 - 2015-04-29 11:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-07-05 01:44 - 2015-04-12 20:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-07-05 01:44 - 2015-04-07 20:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-07-05 01:44 - 2015-04-07 20:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-07-05 01:44 - 2015-04-07 20:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-07-05 01:44 - 2015-02-19 21:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-07-05 01:44 - 2015-02-19 21:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-07-05 01:44 - 2015-02-19 21:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-07-05 01:44 - 2015-02-19 21:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-07-05 01:44 - 2015-02-19 21:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-07-05 01:44 - 2015-02-19 21:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-07-05 01:44 - 2015-02-19 21:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-07-05 01:44 - 2015-02-19 21:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-07-05 01:44 - 2015-02-19 20:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-07-05 01:44 - 2015-02-19 20:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-07-05 01:44 - 2014-01-27 19:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2015-07-05 01:43 - 2014-12-05 21:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-07-05 01:43 - 2014-12-05 20:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-07-05 01:43 - 2014-12-05 20:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-07-05 01:43 - 2013-10-29 19:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2015-07-05 01:43 - 2013-10-29 19:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2015-07-05 01:42 - 2014-12-18 20:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-07-05 01:42 - 2014-12-18 18:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-07-05 01:42 - 2014-01-28 19:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-07-05 01:42 - 2014-01-28 19:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-07-05 01:41 - 2015-04-24 11:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-07-05 01:41 - 2015-04-24 10:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-07-05 01:41 - 2015-03-04 22:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-07-05 01:41 - 2015-03-04 21:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-07-05 01:41 - 2015-03-03 21:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-07-05 01:41 - 2015-03-03 21:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-07-05 01:41 - 2015-03-03 21:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-07-05 01:41 - 2015-02-12 22:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-07-05 01:41 - 2015-02-12 22:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-07-05 01:41 - 2015-02-02 20:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-07-05 01:41 - 2015-02-02 20:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-07-05 01:41 - 2015-01-28 20:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-07-05 01:41 - 2015-01-28 20:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-07-05 01:41 - 2014-11-10 18:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-07-05 01:27 - 2015-07-05 01:29 - 00000000 ___SD C:\Windows\system32\GWX
2015-07-05 01:27 - 2015-07-05 01:27 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-07-05 01:20 - 2015-01-08 16:44 - 00419936 _____ C:\Windows\SysWOW64\locale.nls
2015-07-05 01:20 - 2015-01-08 16:43 - 00419936 _____ C:\Windows\system32\locale.nls
2015-07-05 01:17 - 2014-06-26 19:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2015-07-05 01:17 - 2014-06-26 18:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2015-07-05 01:09 - 2015-07-05 01:09 - 00597304 _____ C:\Users\4\Downloads\flux-setup.exe
2015-07-05 01:09 - 2015-07-05 01:09 - 00000000 ____D C:\Users\4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux
2015-07-05 01:09 - 2015-07-05 01:09 - 00000000 ____D C:\Users\4\AppData\Local\FluxSoftware
2015-07-05 00:36 - 2014-06-17 19:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2015-07-05 00:36 - 2014-06-17 18:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2015-07-05 00:36 - 2014-04-24 19:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-07-05 00:36 - 2014-04-24 19:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2015-07-05 00:36 - 2014-04-04 19:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2015-07-05 00:36 - 2014-04-04 19:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2015-07-05 00:36 - 2013-11-26 04:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2015-07-05 00:35 - 2015-07-05 00:35 - 00000000 ____D C:\Users\4\Documents\screen shots
2015-07-05 00:35 - 2014-07-07 15:41 - 00000060 _____ C:\Users\4\Documents\bl to read now.txt
2015-07-05 00:35 - 2014-06-06 03:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2015-07-05 00:35 - 2014-06-06 02:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2015-07-05 00:35 - 2014-06-03 03:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-07-05 00:35 - 2014-06-03 03:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-07-05 00:35 - 2014-06-03 03:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-07-05 00:35 - 2014-06-03 02:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-07-05 00:35 - 2014-06-03 02:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-07-05 00:35 - 2014-05-29 23:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-07-05 00:35 - 2013-10-18 19:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2015-07-05 00:35 - 2013-10-18 18:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2015-07-05 00:34 - 2015-07-08 20:51 - 00000000 ____D C:\Users\4\Documents\medical
2015-07-05 00:34 - 2015-07-07 04:06 - 00000000 ____D C:\Users\4\Documents\computer
2015-07-05 00:34 - 2015-07-06 05:54 - 00000000 ____D C:\Users\4\Documents\misc doc
2015-07-05 00:34 - 2015-07-05 00:35 - 00000000 ____D C:\Users\4\Documents\Recipes
2015-07-05 00:34 - 2015-07-05 00:34 - 00000000 ____D C:\Users\4\Documents\names
2015-07-05 00:34 - 2015-07-05 00:34 - 00000000 ____D C:\Users\4\Documents\library
2015-07-05 00:34 - 2015-07-05 00:34 - 00000000 ____D C:\Users\4\Documents\Languages
2015-07-05 00:34 - 2015-07-05 00:34 - 00000000 ____D C:\Users\4\Documents\consumer
2015-07-05 00:34 - 2015-07-05 00:34 - 00000000 ____D C:\Users\4\Documents\cleaning
2015-07-05 00:34 - 2015-07-05 00:34 - 00000000 ____D C:\Users\4\Documents\cats
2015-07-05 00:34 - 2015-07-05 00:34 - 00000000 ____D C:\Users\4\Documents\Canon MyCameraFiles
2015-07-05 00:33 - 2015-07-05 00:34 - 00000000 ____D C:\Users\4\Documents\alt
2015-07-05 00:33 - 2015-07-05 00:33 - 00000000 ____D C:\Users\4\Documents\important phone numbers
2015-07-05 00:33 - 2015-07-05 00:33 - 00000000 ____D C:\Users\4\Documents\housing DHSH HUD
2015-07-05 00:33 - 2015-07-05 00:33 - 00000000 ____D C:\Users\4\Documents\Fax
2015-07-05 00:33 - 1899-12-29 17:00 - 00000000 ____D C:\Users\4\Documents\HP Photosmart Projects
2015-07-05 00:25 - 2015-07-05 01:11 - 00000000 ____D C:\Users\4\AppData\Local\Mozilla
2015-07-05 00:25 - 2015-07-05 00:25 - 00000000 ____D C:\Users\4\AppData\Roaming\Mozilla
2015-07-05 00:23 - 2015-07-05 00:12 - 00000915 _____ C:\Users\4\Desktop\Sandboxie Control.lnk
2015-07-05 00:21 - 2009-07-13 21:49 - 00000262 _____ C:\Users\4\Desktop\Run.lnk
2015-07-05 00:20 - 2009-07-13 21:54 - 00001280 _____ C:\Users\4\Desktop\Command Prompt.lnk
2015-07-05 00:18 - 2015-07-08 11:12 - 00000000 ____D C:\Users\4\Desktop\kindle
2015-07-05 00:18 - 2015-07-05 00:18 - 00000000 ____D C:\Users\4\AppData\Roaming\Intel Corporation
2015-07-05 00:17 - 2015-07-05 01:06 - 00086552 _____ C:\Users\4\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-05 00:17 - 2015-07-05 00:17 - 00001413 _____ C:\Users\4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-07-05 00:17 - 2015-07-05 00:17 - 00000000 ____D C:\Users\4\AppData\Roaming\Apple Computer
2015-07-05 00:17 - 2015-07-05 00:17 - 00000000 ____D C:\Users\4\AppData\Roaming\Adobe
2015-07-05 00:16 - 2015-07-05 00:17 - 00000000 ____D C:\Users\4
2015-07-05 00:16 - 2015-07-05 00:16 - 00000020 ___SH C:\Users\4\ntuser.ini
2015-07-05 00:16 - 2015-07-05 00:16 - 00000000 ____D C:\Users\4\AppData\Local\VirtualStore
2015-07-05 00:16 - 2015-07-04 23:57 - 00000000 ____D C:\Users\4\AppData\Local\Microsoft Help
2015-07-05 00:16 - 2009-07-13 21:54 - 00000000 ___RD C:\Users\4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-07-05 00:16 - 2009-07-13 21:49 - 00000000 ___RD C:\Users\4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-07-05 00:13 - 2015-07-05 00:12 - 00000915 _____ C:\Users\93\Desktop\Sandboxie Control.lnk
2015-07-05 00:12 - 2015-07-07 16:37 - 00002088 _____ C:\Windows\Sandboxie.ini
2015-07-05 00:12 - 2015-07-05 00:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2015-07-05 00:12 - 2015-07-05 00:12 - 00000000 ____D C:\Program Files\Sandboxie
2015-07-05 00:09 - 2015-07-05 00:09 - 00000000 ____D C:\Users\93\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux
2015-07-05 00:09 - 2015-07-05 00:09 - 00000000 ____D C:\Users\93\AppData\Local\FluxSoftware
2015-07-05 00:07 - 2015-07-05 00:07 - 00448512 _____ (OldTimer Tools) C:\Users\93\Desktop\TFC.exe
2015-07-05 00:04 - 2013-10-01 19:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys
2015-07-05 00:04 - 2013-10-01 19:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe
2015-07-05 00:04 - 2013-10-01 19:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-07-05 00:04 - 2013-10-01 18:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll
2015-07-05 00:04 - 2013-10-01 18:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll
2015-07-05 00:04 - 2013-10-01 18:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2015-07-05 00:04 - 2013-10-01 18:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll
2015-07-05 00:04 - 2013-10-01 17:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2015-07-05 00:04 - 2013-10-01 17:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll
2015-07-05 00:04 - 2013-10-01 17:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll
2015-07-05 00:04 - 2013-10-01 17:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe
2015-07-05 00:04 - 2013-10-01 16:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2015-07-05 00:04 - 2013-10-01 16:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-07-05 00:04 - 2013-10-01 16:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2015-07-05 00:04 - 2013-10-01 15:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2015-07-04 23:57 - 2015-07-04 23:57 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2015-07-04 23:57 - 2015-07-04 23:57 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2015-07-04 23:52 - 2015-05-01 06:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-07-04 23:52 - 2015-05-01 06:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-07-04 23:40 - 2014-03-04 02:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2015-07-04 23:40 - 2014-03-04 02:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2015-07-04 23:40 - 2014-03-04 02:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2015-07-04 23:40 - 2014-03-04 02:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2015-07-04 23:40 - 2014-03-04 02:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2015-07-04 23:40 - 2014-03-04 02:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2015-07-04 23:40 - 2014-03-04 02:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2015-07-04 23:40 - 2014-03-04 02:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2015-07-04 23:40 - 2014-03-04 02:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2015-07-04 23:40 - 2014-03-04 02:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2015-07-04 23:40 - 2014-03-04 02:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2015-07-04 23:40 - 2014-03-04 02:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2015-07-04 23:40 - 2014-03-04 02:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2015-07-04 23:40 - 2014-03-04 02:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2015-07-04 23:39 - 2013-11-26 18:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2015-07-04 23:39 - 2013-11-26 18:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2015-07-04 23:39 - 2013-11-26 18:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2015-07-04 23:39 - 2013-11-26 18:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2015-07-04 23:39 - 2013-11-26 18:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2015-07-04 23:39 - 2013-11-26 18:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2015-07-04 23:39 - 2013-11-26 18:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2015-07-04 23:39 - 2013-10-03 19:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2015-07-04 23:39 - 2013-10-03 18:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2015-07-04 23:38 - 2015-07-09 05:49 - 00000000 ____D C:\ContaCam
2015-07-04 23:38 - 2015-07-04 23:38 - 00000000 ____D C:\Users\93\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ContaCam
2015-07-04 23:38 - 2015-07-04 23:38 - 00000000 ____D C:\Users\93\AppData\Roaming\Contaware
2015-07-04 23:38 - 2015-07-04 23:38 - 00000000 ____D C:\Program Files (x86)\ContaCam
2015-07-04 23:36 - 2015-07-04 23:37 - 06215723 _____ (Contaware.com) C:\Users\93\Downloads\ContaCam-5.0.0-Setup.exe
2015-07-04 23:36 - 2015-07-04 23:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2015-07-04 23:36 - 2015-07-04 23:36 - 00000000 ____D C:\ProgramData\Licenses
2015-07-04 23:36 - 2009-03-24 12:52 - 00129872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSSTDFMT.DLL
2015-07-04 23:35 - 2015-07-09 05:46 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2015-07-04 23:31 - 2009-07-13 21:54 - 00001280 _____ C:\Users\93\Desktop\Command Prompt.lnk
2015-07-04 23:31 - 2009-07-13 21:49 - 00000262 _____ C:\Users\93\Desktop\Run.lnk
2015-07-04 23:28 - 2015-07-04 23:33 - 00000000 ____D C:\Users\93\AppData\Roaming\Skype
2015-07-04 23:28 - 2015-07-04 23:28 - 00000000 ____D C:\Users\93\AppData\Local\Skype
2015-07-04 23:27 - 2015-07-04 23:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft LifeCam
2015-07-04 23:27 - 2015-07-04 23:27 - 00000000 ____D C:\Program Files\Microsoft LifeCam
2015-07-04 23:27 - 2015-07-04 23:27 - 00000000 ____D C:\Program Files (x86)\Microsoft LifeCam
2015-07-04 23:10 - 2014-03-26 07:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-07-04 23:10 - 2014-03-26 07:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-07-04 23:10 - 2014-03-26 07:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-07-04 23:10 - 2014-03-26 07:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-07-04 23:10 - 2013-12-03 19:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2015-07-04 23:10 - 2013-12-03 19:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2015-07-04 23:10 - 2013-12-03 19:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2015-07-04 23:10 - 2013-12-03 19:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2015-07-04 23:10 - 2013-12-03 19:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2015-07-04 23:10 - 2013-12-03 19:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2015-07-04 23:10 - 2013-12-03 19:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2015-07-04 23:10 - 2013-12-03 19:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2015-07-04 23:10 - 2013-12-03 19:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2015-07-04 23:10 - 2013-12-03 19:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2015-07-04 23:10 - 2013-12-03 19:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2015-07-04 23:10 - 2013-12-03 19:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2015-07-04 23:10 - 2013-12-03 19:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2015-07-04 23:10 - 2013-12-03 19:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2015-07-04 23:10 - 2013-12-03 18:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2015-07-04 23:10 - 2013-12-03 18:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2015-07-04 23:10 - 2013-12-03 18:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2015-07-04 23:10 - 2013-12-03 18:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2015-07-04 23:09 - 2015-07-04 23:09 - 00003118 _____ C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2015-07-04 23:09 - 2015-07-04 23:09 - 00003092 _____ C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2015-07-04 23:09 - 2015-07-04 23:09 - 00003090 _____ C:\Windows\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2015-07-04 23:09 - 2015-07-04 23:09 - 00003062 _____ C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2015-07-04 23:09 - 2015-07-04 23:09 - 00003060 _____ C:\Windows\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2015-07-04 23:08 - 2015-07-04 23:08 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_point64_01011.Wdf
2015-07-04 23:08 - 2015-07-04 23:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
2015-07-04 23:08 - 2015-07-04 23:08 - 00000000 ____D C:\Program Files\Microsoft Mouse and Keyboard Center
2015-07-04 23:03 - 2015-03-09 20:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-07-04 23:03 - 2015-03-09 20:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-07-04 23:03 - 2015-03-09 20:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-07-04 23:03 - 2015-03-09 20:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-07-04 23:03 - 2014-08-11 19:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2015-07-04 23:03 - 2014-08-11 18:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2015-07-04 23:03 - 2014-06-15 19:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2015-07-04 23:03 - 2013-11-26 01:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2015-07-04 23:03 - 2013-11-22 15:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-07-04 23:00 - 2015-01-30 16:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-07-04 22:59 - 2015-05-25 10:08 - 03206144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-07-04 22:51 - 2015-02-18 00:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-07-04 22:51 - 2015-02-18 00:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-07-04 22:51 - 2014-11-25 20:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-07-04 22:51 - 2014-11-25 20:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-07-04 22:49 - 2014-11-10 20:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-07-04 22:49 - 2014-11-10 19:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2015-07-04 22:48 - 2015-07-04 22:54 - 00113880 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-07-04 22:48 - 2015-07-04 22:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-04 22:48 - 2015-07-04 22:52 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-04 22:48 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-07-04 22:48 - 2015-06-18 08:41 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-07-04 22:48 - 2015-04-10 20:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
2015-07-04 22:48 - 2015-02-24 20:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-07-04 22:48 - 2014-10-29 19:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2015-07-04 22:48 - 2014-10-29 18:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2015-07-04 22:48 - 2014-02-03 19:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2015-07-04 22:48 - 2014-02-03 19:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2015-07-04 22:48 - 2014-02-03 19:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2015-07-04 22:48 - 2014-02-03 19:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2015-07-04 22:48 - 2014-02-03 19:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2015-07-04 22:46 - 2015-02-02 20:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-07-04 22:46 - 2015-02-02 20:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-07-04 22:46 - 2015-01-16 19:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-07-04 22:46 - 2015-01-16 19:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-07-04 22:46 - 2014-11-07 20:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-07-04 22:46 - 2014-11-07 19:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-07-04 22:46 - 2014-10-02 19:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2015-07-04 22:46 - 2014-10-02 19:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2015-07-04 22:46 - 2014-10-02 19:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2015-07-04 22:46 - 2014-10-02 19:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2015-07-04 22:46 - 2014-10-02 19:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2015-07-04 22:46 - 2014-10-02 18:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2015-07-04 22:46 - 2014-10-02 18:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2015-07-04 22:46 - 2014-10-02 18:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2015-07-04 22:46 - 2014-10-02 18:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2015-07-04 22:46 - 2014-10-02 18:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2015-07-04 22:46 - 2014-09-03 22:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2015-07-04 22:46 - 2014-09-03 22:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2015-07-04 22:45 - 2015-03-03 21:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-07-04 22:45 - 2015-03-03 21:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-07-04 22:45 - 2015-03-03 21:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-07-04 22:45 - 2015-03-03 21:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-07-04 22:45 - 2015-03-03 21:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-07-04 22:45 - 2015-03-03 21:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-07-04 22:45 - 2015-03-03 21:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-07-04 22:45 - 2014-10-24 18:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2015-07-04 22:45 - 2014-10-24 18:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2015-07-04 22:45 - 2014-07-16 19:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2015-07-04 22:45 - 2014-07-16 19:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2015-07-04 22:45 - 2014-07-16 19:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2015-07-04 22:45 - 2014-07-16 18:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2015-07-04 22:45 - 2014-07-16 18:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2015-07-04 22:45 - 2014-07-16 18:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2015-07-04 22:44 - 2014-12-07 20:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-07-04 22:44 - 2014-12-07 19:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-07-04 22:44 - 2014-10-13 19:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-07-04 22:44 - 2014-10-13 18:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-07-04 22:44 - 2014-01-23 19:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2015-07-04 22:44 - 2013-10-11 19:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2015-07-04 22:44 - 2013-10-11 19:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2015-07-04 22:44 - 2013-10-11 19:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2015-07-04 22:44 - 2013-10-11 19:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2015-07-04 22:44 - 2013-10-11 18:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2015-07-04 22:44 - 2013-10-11 18:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2015-07-04 22:44 - 2013-10-11 18:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2015-07-04 22:44 - 2013-10-11 18:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2015-07-04 22:43 - 2015-02-03 20:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-07-04 22:43 - 2015-02-03 19:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-07-04 22:43 - 2014-07-13 19:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-07-04 22:43 - 2014-07-13 18:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-07-04 22:21 - 2015-07-04 22:22 - 00000000 ____D C:\Windows\TempF557102D-152E-62A5-F388-7DC92BE60855-Signatures
2015-07-04 22:15 - 2015-07-04 23:32 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-07-04 22:15 - 2015-07-04 22:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-07-04 22:11 - 2014-06-30 15:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2015-07-04 22:11 - 2014-06-30 15:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2015-07-04 22:11 - 2014-03-09 14:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2015-07-04 22:11 - 2014-03-09 14:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2015-07-04 22:11 - 2014-03-09 14:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2015-07-04 22:11 - 2014-03-09 14:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2015-07-04 22:10 - 2014-06-05 23:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2015-07-04 22:10 - 2014-06-05 23:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2015-07-04 22:09 - 2015-06-01 12:16 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-07-04 22:09 - 2015-06-01 11:07 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-07-04 22:09 - 2015-05-27 07:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-07-04 22:09 - 2015-05-27 07:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-07-04 22:09 - 2015-05-22 20:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-07-04 22:09 - 2015-05-22 20:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-07-04 22:09 - 2015-05-22 20:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-07-04 22:09 - 2015-05-22 20:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-07-04 22:09 - 2015-05-22 20:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-07-04 22:09 - 2015-05-22 20:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-07-04 22:09 - 2015-05-22 20:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-07-04 22:09 - 2015-05-22 20:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-07-04 22:09 - 2015-05-22 20:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-07-04 22:09 - 2015-05-22 20:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-07-04 22:09 - 2015-05-22 20:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-07-04 22:09 - 2015-05-22 20:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-07-04 22:09 - 2015-05-22 20:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-07-04 22:09 - 2015-05-22 19:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-07-04 22:09 - 2015-05-22 19:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-07-04 22:09 - 2015-05-22 19:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-07-04 22:09 - 2015-05-22 19:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-07-04 22:09 - 2015-05-22 19:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-07-04 22:09 - 2015-05-22 19:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-07-04 22:09 - 2015-05-22 19:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-07-04 22:09 - 2015-05-22 19:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-07-04 22:09 - 2015-05-22 19:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-07-04 22:09 - 2015-05-22 19:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-07-04 22:09 - 2015-05-22 19:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-07-04 22:09 - 2015-05-22 19:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-07-04 22:09 - 2015-05-22 19:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-07-04 22:09 - 2015-05-22 12:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-07-04 22:09 - 2015-05-22 12:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-07-04 22:09 - 2015-05-22 12:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-07-04 22:09 - 2015-05-22 12:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-07-04 22:09 - 2015-05-22 12:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-07-04 22:09 - 2015-05-22 12:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-07-04 22:09 - 2015-05-22 12:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-07-04 22:09 - 2015-05-22 11:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-07-04 22:09 - 2015-05-22 11:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-07-04 22:09 - 2015-05-22 11:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-07-04 22:09 - 2015-05-22 11:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-07-04 22:09 - 2015-05-22 11:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-07-04 22:09 - 2015-05-22 11:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-07-04 22:09 - 2015-05-22 11:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-07-04 22:09 - 2015-05-22 11:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2015-07-04 22:09 - 2015-05-22 11:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-07-04 22:09 - 2015-05-22 11:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-07-04 22:09 - 2015-05-22 11:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-07-04 22:09 - 2015-05-22 11:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-07-04 22:09 - 2015-05-22 11:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-07-04 22:09 - 2015-05-22 11:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-07-04 22:09 - 2015-05-22 11:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-07-04 22:09 - 2015-05-22 11:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-07-04 22:09 - 2015-05-22 11:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-07-04 22:09 - 2015-05-22 11:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-07-04 22:09 - 2015-05-22 11:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-07-04 22:09 - 2015-05-22 10:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-07-04 22:09 - 2015-05-22 10:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-07-04 22:09 - 2015-05-22 10:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-07-04 22:09 - 2015-05-22 10:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-07-04 21:50 - 2015-05-08 20:27 - 03147776 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-07-04 21:50 - 2015-05-08 20:27 - 02589184 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-07-04 21:50 - 2015-05-08 20:27 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-07-04 21:50 - 2015-05-08 20:27 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-07-04 21:50 - 2015-05-08 20:27 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-07-04 21:50 - 2015-05-08 20:27 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-07-04 21:50 - 2015-05-08 20:27 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-07-04 21:50 - 2015-05-08 20:26 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-07-04 21:50 - 2015-05-08 20:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-07-04 21:50 - 2015-05-08 20:26 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-07-04 21:50 - 2015-05-08 20:26 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-07-04 21:50 - 2015-05-08 20:14 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-07-04 21:50 - 2015-05-08 20:14 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-07-04 21:50 - 2015-05-08 20:14 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-07-04 21:50 - 2015-05-08 20:14 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-07-04 21:50 - 2015-05-08 20:13 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-07-04 21:50 - 2015-04-27 12:23 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-07-04 21:50 - 2015-04-27 12:23 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-07-04 21:50 - 2015-04-27 12:23 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-07-04 21:50 - 2015-04-27 12:23 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-07-04 21:50 - 2015-04-27 12:05 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-07-04 21:50 - 2015-04-27 12:04 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-07-04 21:50 - 2015-04-27 12:04 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-07-04 21:50 - 2015-04-27 12:04 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-07-04 21:30 - 2015-05-09 11:26 - 00493504 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-07-04 21:26 - 2014-06-18 15:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2015-07-04 21:26 - 2014-06-18 15:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2015-07-04 21:26 - 2014-06-18 15:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2015-07-04 21:26 - 2014-06-18 15:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2015-07-04 21:26 - 2014-06-18 15:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2015-07-04 21:26 - 2014-06-18 15:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
2015-07-04 21:24 - 2015-03-13 20:21 - 01632768 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2015-07-04 21:24 - 2015-03-13 20:21 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\dwmapi.dll
2015-07-04 21:24 - 2015-03-13 20:04 - 01372160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2015-07-04 21:24 - 2015-03-13 20:04 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmapi.dll
2015-07-04 21:18 - 2015-07-03 02:29 - 01586896 _____ C:\Users\93\Documents\bookmarks.html
2015-07-04 21:10 - 2015-07-04 21:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-07-04 21:09 - 2015-07-04 21:09 - 00000000 ____D C:\Windows\PCHEALTH
2015-07-04 21:08 - 2015-07-04 21:08 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2015-07-04 21:07 - 2015-07-04 21:07 - 00000000 ____D C:\Program Files\Microsoft Office
2015-07-04 21:06 - 2015-07-05 01:02 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-07-04 21:06 - 2015-07-04 21:10 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-07-04 21:06 - 2015-07-04 21:06 - 00000000 __RHD C:\MSOCache
2015-07-04 21:06 - 2015-07-04 21:06 - 00000000 ____D C:\Users\93\AppData\Local\Microsoft Help
2015-07-04 21:06 - 2015-07-04 21:06 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services
2015-06-17 00:23 - 2015-06-17 00:23 - 00094208 _____ (Apple Inc.) C:\Windows\SysWOW64\QuickTimeVR.qtx
2015-06-17 00:23 - 2015-06-17 00:23 - 00069632 _____ (Apple Inc.) C:\Windows\SysWOW64\QuickTime.qts

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-10 05:13 - 2013-11-21 03:45 - 01388773 _____ C:\Windows\WindowsUpdate.log
2015-07-10 05:09 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-07-10 05:08 - 2009-07-13 21:45 - 00022064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-07-10 05:08 - 2009-07-13 21:45 - 00022064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-07-10 05:04 - 2009-07-13 22:13 - 00783606 _____ C:\Windows\system32\PerfStringBackup.INI
2015-07-09 05:46 - 2013-11-21 15:48 - 00000000 ____D C:\ProgramData\TEMP
2015-07-08 13:12 - 2013-11-21 03:45 - 00000000 ____D C:\Users\93
2015-07-05 08:46 - 2013-11-21 12:12 - 00775728 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-07-05 06:03 - 2013-11-21 12:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2015-07-05 05:50 - 2013-11-21 12:55 - 00000000 ____D C:\Users\93\.gimp-2.8
2015-07-05 05:49 - 2013-11-21 12:24 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-07-05 05:47 - 2013-11-21 12:34 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
2015-07-05 05:47 - 2013-11-21 12:32 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-07-05 05:45 - 2013-11-21 12:32 - 00000000 ____D C:\ProgramData\Apple
2015-07-05 05:23 - 2013-11-21 12:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-07-05 05:23 - 2013-11-21 12:25 - 00000000 ____D C:\Program Files\CCleaner
2015-07-05 05:18 - 2013-11-21 12:29 - 00000000 ____D C:\Users\93\AppData\Local\Google
2015-07-05 05:17 - 2013-11-21 12:29 - 00000000 ____D C:\Program Files (x86)\Google
2015-07-05 05:10 - 2013-11-21 12:53 - 00000000 ____D C:\Users\93\AppData\Local\Adobe
2015-07-05 05:01 - 2009-07-13 20:20 - 00000000 __RSD C:\Windows\Media
2015-07-05 03:08 - 2010-11-20 20:27 - 00300704 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2015-07-05 01:29 - 2013-11-22 15:00 - 00086552 _____ C:\Users\93\AppData\Local\GDIPFONTCACHEV1.DAT
2015-07-05 01:01 - 2013-11-22 14:59 - 00342352 _____ C:\Windows\system32\FNTCACHE.DAT
2015-07-05 00:58 - 2011-04-12 01:28 - 00000000 ____D C:\Program Files\Windows Journal
2015-07-05 00:58 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\SysWOW64\Dism
2015-07-05 00:58 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\Dism
2015-07-05 00:58 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
2015-07-05 00:52 - 2013-11-21 13:06 - 00000000 ____D C:\Windows\system32\MRT
2015-07-05 00:14 - 2013-11-21 14:00 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-07-05 00:14 - 2013-11-21 14:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-07-04 23:51 - 2013-11-21 14:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-07-04 23:32 - 2013-11-21 12:35 - 00000000 ____D C:\ProgramData\Skype
2015-07-04 23:00 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-07-04 22:48 - 2013-11-21 12:58 - 00000000 ____D C:\Users\93\AppData\Roaming\Malwarebytes
2015-07-04 22:48 - 2013-11-21 12:34 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-07-04 22:22 - 2013-11-21 13:44 - 00002117 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-07-04 22:22 - 2013-11-21 13:44 - 00001945 _____ C:\Windows\epplauncher.mif
2015-07-04 22:22 - 2013-11-21 13:44 - 00000000 ____D C:\Program Files\Microsoft Security Client
2015-07-04 22:22 - 2013-11-21 13:44 - 00000000 ____D C:\Program Files (x86)\Microsoft Security Client
2015-07-04 21:50 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache
2015-07-04 21:08 - 2009-07-13 20:20 - 00000000 ____D C:\Program Files\Common Files\Microsoft Shared
2015-07-04 21:06 - 2011-04-12 01:28 - 00000000 ____D C:\Windows\ShellNew
2015-07-04 20:58 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\Msdtc
2015-06-18 08:41 - 2013-11-21 12:34 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

Some files in TEMP:
====================
C:\Users\93\AppData\Local\Temp\Quarantine.exe
C:\Users\93\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-04 21:42

==================== End of log ============================

Thank you
 

Attachments

T
#5 ·
PS after doing the above it's doing the making every tab the same as the last opened and not doing links again.

Also, by mistake I downloaded AdwCleaner to downloads. I've deleted it from downloads. Will that be OK?
 
#6 ·
Hello tierra.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

Emergency Backup Procedure - Tech Support Forum

Also, if you haven't done so already, create a system repair disc. It's really easy and quick.

How To Create a Windows 7 System Repair Disc [Easy]

------------------------------------------------------

Also, by mistake I downloaded AdwCleaner to downloads. I've deleted it from downloads. Will that be OK?
Click to expand...
You'll have to redownload it in order to uninstall its quarantine folder, but you can download it to your desktop.

PS after doing the above it's doing the making every tab the same as the last opened and not doing links again
Click to expand...
Not sure what you are saying here. FRST didn't make any changes. And AdwCleaner didn't make any changes to Firefox.

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe
  • If asked to change 'Encoding:' to 'Unicode:', please agree and save it.

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code: 
    start
createrestorepoint:
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\ProgramData\TEMP:8C35AEA7
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
S3 ALSysIO; \??\C:\Users\93\AppData\Local\Temp\ALSysIO64.sys [X]
S3 cpuz135; \??\C:\Users\93\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [X]
S3 cpuz136; \??\C:\Users\93\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
S3 GPU-Z; \??\C:\Users\93\AppData\Local\Temp\GPU-Z.sys [X]
EmptyTemp:
end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
 
Save
Like Like
T
#7 ·
Hi chemist,

Please see screen shot as I can't find FRST64.exe to save next to fixlist.txt (do you mean to save next to on the desktop or in the FRST64.exe on the desktop - or should I be looking elsewhere?).

When I switched accounts this morning got a lot of horizontal lines (like old fashioned tv).

I was wondering how, where, and what I picked up while restoring? I updated from original manufacturer sites, etc.

BTW, I have no cell phone, pad, or second computer. I noticed that you had me make a windows 7 system repair disc. If there's a chance that my computer won't come back up or won't connect to the internet after something please let me know what to do (I'm housebound and can't get to another computer).

Why didn't ESET online or any of my other programs not find whatever it is that is infecting my computer?

How can I find out if my latest discs of documents and pictures are infected?

Could the windows 7 system repair disc be infected?

Thank you.
 

Attachments

T
#8 · (Edited)
PS some of the PUP MS updates (win10 adware) that I hid are showing up again to be downloaded. Not sure if because infected or MS.

Also, forgot to ask if library books I've been downloading to my kindle (go through several per week, and many coming in the last several days - holds that are only good for 3 days) from my computer (via USB) could have infected my kindle or those files?

Thank you.
 
#9 ·
Hello again, tierra. You're very welcome.

My earlier post mentioned infection, but that is just part of my usual speeches I give before running tools.

I don't think you are infected, so I hope that answers most of your questions.

The FRST fix is mostly 'tidying up' so to speak, not removing malware.

I can't find FRST64.exe to save next to fixlist.txt
Click to expand...
You are running FRST64.exe from your desktop:

Running from C:\Users\93\Desktop
Click to expand...
Just save fixlist.txt to your desktop, and follow the rest of the instructions for running the FRST fix. It doesn't have to physically be right next to FRST64.exe in order to work.

When I switched accounts this morning got a lot of horizontal lines
Click to expand...
Why would you switch accounts? Please stay in your 93 account until we are done here. Thanks.

------------------------------------------------------

PS some of the PUP MS updates (win10 adware) that I hid are showing up again to be downloaded. Not sure if because infected or MS
Click to expand...
Who told you those were PUPs/adware? Although I can see how some can see those as such.

Again, you are not infected; its just a push from MS. Just hide them again, or ignore them.

------------------------------------------------------
 
Save
Like Like
T
#10 ·
Hi chemist,

Thank you, once again for all of your help.

On booting up the horizontal old fashioned tv lines are back. I haven't switched accounts (yesterday was to go from admin (for this) to general account to pick up email, etc. Now, the lines are there on booting and rebooting.

Fix result of Farbar Recovery Scan Tool (x64) Version:11-07-2015
Ran by 93 at 2015-07-12 04:51:10 Run:1
Running from C:\Users\93\Desktop
Loaded Profiles: 93 (Available Profiles: 93 & 4)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
createrestorepoint:
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
AlternateDataStreams: C:\ProgramData\TEMP:8C35AEA7
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
S3 ALSysIO; \??\C:\Users\93\AppData\Local\Temp\ALSysIO64.sys [X]
S3 cpuz135; \??\C:\Users\93\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [X]
S3 cpuz136; \??\C:\Users\93\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
S3 GPU-Z; \??\C:\Users\93\AppData\Local\Temp\GPU-Z.sys [X]
EmptyTemp:
end
*****************

Restore point was successfully created.
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully.
C:\ProgramData\TEMP => ":8C35AEA7" ADS removed successfully.
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
ALSysIO => Service removed successfully
cpuz135 => Service removed successfully
cpuz136 => Service removed successfully
GPU-Z => Service removed successfully
EmptyTemp: => 32.1 MB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 04:51:44 ====

Thank you.
 
#11 ·
Hello again, tierra. You're very welcome. You will have to go back to your other thread for help with the horizontal lines problem once we are done here.

------------------------------------------------------

Please download ComboFix and Save it to your Desktop.

**Note: It is important that it is saved directly to your desktop**

* Ensure you have disabled all antivirus and antimalware programs so they do not interfere with the running of ComboFix.

Get help here

Double-click ComboFix.exe and follow the prompts to run it.

Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.

When finished, it shall produce a log for you. Please post that log, C:\ComboFix.txt, in your next reply.

Please re-enable your antivirus before posting the ComboFix.txt log.

Note: If you get an 'Illegal operation attempted on a Registry key which has been marked for deletion' error message, please open Task Manager and 'End Process' on explorer.exe

Next, go File > New Task(Run...) and type explorer then press 'Enter'.

------------------------------------------------------
 
Save
Like Like
T
#12 ·
ComboFix 15-07-12.01 - 93 07/13/2015 12:00:58.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7104.5588 [GMT -7:00]
Running from: c:\users\93\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Skype\Phone\Skype.exe
.
.
((((((((((((((((((((((((( Files Created from 2015-06-13 to 2015-07-13 )))))))))))))))))))))))))))))))
.
.
2015-07-13 19:04 . 2015-07-13 19:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-07-13 18:47 . 2015-06-24 08:22 12221144 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9A87E571-B453-4EFF-B245-33E1EBA63DD8}\mpengine.dll
2015-07-13 02:27 . 2015-06-24 08:22 12221144 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-07-11 13:12 . 2015-07-11 13:12 -------- d-----w- c:\programdata\Canneverbe Limited
2015-07-10 21:29 . 2015-06-24 22:00 1190000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0F2A7DCC-759B-469A-8423-8E66C4E5FE02}\gapaengine.dll
2015-07-10 12:12 . 2015-07-12 11:53 -------- d-----w- C:\FRST
2015-07-10 12:06 . 2015-07-10 12:08 -------- d-----w- C:\AdwCleaner
2015-07-09 21:47 . 2015-07-09 21:49 -------- d-----w- c:\users\93\AppData\Local\Microsoft Games
2015-07-08 14:11 . 2013-08-19 21:25 313391 ----a-w- c:\users\93\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ActivateReminder.exe
2015-07-05 20:36 . 2015-07-05 20:36 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2015-07-05 14:58 . 2015-07-07 23:37 -------- d-----r- C:\Sandbox
2015-07-05 13:11 . 2015-07-05 13:11 -------- d-----w- c:\program files (x86)\ESET
2015-07-05 12:53 . 2015-07-12 11:51 -------- d-----w- c:\users\93\AppData\Roaming\WinPatrol
2015-07-05 12:53 . 2015-07-05 12:53 -------- d-----w- c:\programdata\InstallMate
2015-07-05 12:53 . 2015-07-05 12:53 -------- d-----w- c:\program files (x86)\Ruiware
2015-07-05 12:47 . 2015-07-05 12:48 -------- d-----w- c:\program files\iTunes
2015-07-05 12:47 . 2015-07-05 12:47 -------- d-----w- c:\program files (x86)\iTunes
2015-07-05 12:47 . 2015-07-05 12:47 -------- d-----w- c:\program files\iPod
2015-07-05 12:33 . 2015-07-05 12:33 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2015-07-05 12:33 . 2015-07-05 12:33 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2015-07-05 12:33 . 2015-07-05 12:33 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2015-07-05 12:33 . 2015-07-05 12:33 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2015-07-05 12:33 . 2015-07-05 12:33 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2015-07-05 12:33 . 2015-07-05 12:33 -------- d-----w- c:\program files (x86)\QuickTime
2015-07-05 12:20 . 2015-07-05 12:20 -------- d-----w- c:\users\93\AppData\Local\Macromedia
2015-07-05 12:19 . 2015-07-05 12:19 -------- d-----w- c:\users\93\AppData\Roaming\Canneverbe Limited
2015-07-05 12:19 . 2015-07-05 12:19 -------- d-----w- c:\program files (x86)\CDBurnerXP
2015-07-05 12:09 . 2015-07-09 04:11 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-07-05 12:09 . 2015-07-09 04:11 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-07-05 12:01 . 2014-01-21 20:15 336896 ----a-w- c:\windows\SysWow64\CNC_C9L.dll
2015-07-05 12:01 . 2008-08-26 01:02 15872 ----a-w- c:\windows\SysWow64\CNHMCA.dll
2015-07-05 11:59 . 2015-07-05 11:59 -------- d-----w- c:\programdata\CanonIJWSpt
2015-07-05 11:56 . 2015-07-05 12:01 -------- d-----w- c:\program files\Canon
2015-07-05 11:55 . 2015-07-05 11:55 -------- d--h--w- c:\programdata\CanonBJ
2015-07-05 11:55 . 2014-03-18 12:00 30208 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPDC9.DLL
2015-07-05 11:55 . 2014-03-18 12:00 102912 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPPC9.DLL
2015-07-05 11:55 . 2014-02-04 22:29 316928 ----a-w- c:\windows\system32\CNC_C9C.dll
2015-07-05 11:55 . 2014-02-04 22:29 105984 ----a-w- c:\windows\system32\CNC_C9I.dll
2015-07-05 11:55 . 2014-01-21 20:16 369664 ----a-w- c:\windows\system32\CNC_C9L.dll
2015-07-05 11:55 . 2008-08-26 01:02 17920 ----a-w- c:\windows\system32\CNHMCA6.dll
2015-07-05 11:55 . 2014-03-18 12:00 406016 ----a-w- c:\windows\system32\CNMLMC9.DLL
2015-07-05 11:30 . 2015-07-05 11:30 -------- d-----w- c:\users\93\AppData\Roaming\Canon_Inc_IC
2015-07-05 11:30 . 2015-07-05 12:02 -------- d-----w- c:\program files (x86)\Canon
2015-07-05 11:29 . 2015-07-05 11:29 -------- d-----w- c:\program files (x86)\Common Files\Canon_Inc_IC
2015-07-05 11:28 . 2015-07-05 12:03 -------- d-----w- c:\users\93\AppData\Roaming\canon
2015-07-05 11:28 . 2015-07-05 11:28 -------- d-----w- c:\programdata\Canon_Inc_IC
2015-07-05 11:24 . 2015-07-05 11:24 -------- d-----w- c:\program files\DIFX
2015-07-05 11:23 . 2015-07-05 11:23 -------- d-----w- C:\Temp
2015-07-05 08:46 . 2014-09-05 02:11 6584320 ----a-w- c:\windows\system32\mstscax.dll
2015-07-05 08:45 . 2014-06-24 03:29 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2015-07-05 08:45 . 2014-06-24 02:59 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2015-07-05 08:45 . 2015-01-31 03:48 3179520 ----a-w- c:\windows\system32\rdpcorets.dll
2015-07-05 08:45 . 2015-01-31 03:48 16384 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2015-07-05 08:45 . 2015-01-30 23:56 243200 ----a-w- c:\windows\system32\rdpudd.dll
2015-07-05 08:45 . 2015-04-18 03:10 460800 ----a-w- c:\windows\system32\certcli.dll
2015-07-05 08:45 . 2015-04-18 02:56 342016 ----a-w- c:\windows\SysWow64\certcli.dll
2015-07-05 08:45 . 2015-04-20 03:17 1647104 ----a-w- c:\windows\system32\DWrite.dll
2015-07-05 08:45 . 2015-04-20 03:17 1179136 ----a-w- c:\windows\system32\FntCache.dll
2015-07-05 08:45 . 2015-04-20 02:56 1250816 ----a-w- c:\windows\SysWow64\DWrite.dll
2015-07-05 08:45 . 2014-10-14 02:13 683520 ----a-w- c:\windows\system32\termsrv.dll
2015-07-05 08:43 . 2014-12-06 04:17 303616 ----a-w- c:\windows\system32\nlasvc.dll
2015-07-05 08:43 . 2014-12-06 03:50 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll
2015-07-05 08:43 . 2014-12-06 03:50 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2015-07-05 08:43 . 2013-10-30 02:32 335360 ----a-w- c:\windows\system32\msieftp.dll
2015-07-05 08:43 . 2013-10-30 02:19 301568 ----a-w- c:\windows\SysWow64\msieftp.dll
2015-07-05 08:42 . 2014-12-19 03:06 210432 ----a-w- c:\windows\system32\profsvc.dll
2015-07-05 08:42 . 2014-01-29 02:32 484864 ----a-w- c:\windows\system32\wer.dll
2015-07-05 08:42 . 2014-01-29 02:06 381440 ----a-w- c:\windows\SysWow64\wer.dll
2015-07-05 08:42 . 2014-12-19 01:46 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2015-07-05 08:27 . 2015-07-05 08:29 -------- d-s---w- c:\windows\system32\GWX
2015-07-05 08:27 . 2015-07-05 08:27 -------- d-s---w- c:\windows\SysWow64\GWX
2015-07-05 08:27 . 2015-07-05 08:27 -------- d-----w- c:\windows\Migration
2015-07-05 08:17 . 2014-06-27 02:08 2777088 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2015-07-05 08:17 . 2014-06-27 01:45 2285056 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2015-07-05 07:35 . 2013-10-19 02:18 81408 ----a-w- c:\windows\system32\imagehlp.dll
2015-07-05 07:35 . 2013-10-19 01:36 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2015-07-05 07:35 . 2014-06-03 10:02 112064 ----a-w- c:\windows\system32\consent.exe
2015-07-05 07:35 . 2014-06-03 10:02 504320 ----a-w- c:\windows\system32\msihnd.dll
2015-07-05 07:35 . 2014-06-03 10:02 1941504 ----a-w- c:\windows\system32\authui.dll
2015-07-05 07:35 . 2014-06-03 09:29 337408 ----a-w- c:\windows\SysWow64\msihnd.dll
2015-07-05 07:35 . 2014-06-03 09:29 1805824 ----a-w- c:\windows\SysWow64\authui.dll
2015-07-05 07:35 . 2014-05-30 06:45 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2015-07-05 07:35 . 2014-06-06 10:10 624128 ----a-w- c:\windows\system32\qedit.dll
2015-07-05 07:35 . 2014-06-06 09:44 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2015-07-05 07:16 . 2015-07-05 07:17 -------- d-----w- c:\users\4
2015-07-05 07:12 . 2015-07-05 07:12 -------- d-----w- c:\program files\Sandboxie
2015-07-05 07:09 . 2015-07-05 07:09 -------- d-----w- c:\users\93\AppData\Local\FluxSoftware
2015-07-05 06:57 . 2015-07-05 06:57 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2015-07-05 06:52 . 2015-05-01 13:17 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-07-05 06:52 . 2015-05-01 13:16 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-07-05 06:39 . 2013-10-04 02:16 116736 ----a-w- c:\windows\system32\drivers\drmk.sys
2015-07-05 06:39 . 2013-10-04 01:36 230400 ----a-w- c:\windows\system32\drivers\portcls.sys
2015-07-05 06:39 . 2013-11-27 01:41 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2015-07-05 06:39 . 2013-11-27 01:41 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2015-07-05 06:39 . 2013-11-27 01:41 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys
2015-07-05 06:39 . 2013-11-27 01:41 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2015-07-05 06:39 . 2013-11-27 01:41 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2015-07-05 06:39 . 2013-11-27 01:41 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2015-07-05 06:39 . 2013-11-27 01:41 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2015-07-05 06:38 . 2015-07-09 12:49 -------- d-----w- C:\ContaCam
2015-07-05 06:38 . 2015-07-05 06:38 -------- d-----w- c:\users\93\AppData\Roaming\Contaware
2015-07-05 06:38 . 2015-07-05 06:38 -------- d-----w- c:\program files (x86)\ContaCam
2015-07-05 06:36 . 2015-07-05 06:36 -------- d-----w- c:\programdata\Licenses
2015-07-05 06:36 . 2009-03-24 19:52 129872 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL
2015-07-05 06:35 . 2015-07-09 12:46 -------- d-----w- c:\program files (x86)\SpywareBlaster
2015-07-05 06:28 . 2015-07-05 06:28 -------- d-----w- c:\users\93\AppData\Local\Skype
2015-07-05 06:28 . 2015-07-05 06:33 -------- d-----w- c:\users\93\AppData\Roaming\Skype
2015-07-05 06:27 . 2015-07-05 06:27 -------- d-----w- c:\program files (x86)\Microsoft LifeCam
2015-07-05 06:27 . 2015-07-05 06:27 -------- d-----w- c:\program files\Microsoft LifeCam
2015-07-05 06:08 . 2015-07-05 06:08 -------- d-----w- c:\program files\Microsoft Mouse and Keyboard Center
2015-07-05 06:03 . 2014-08-12 02:02 878080 ----a-w- c:\windows\system32\IMJP10K.DLL
2015-07-05 06:03 . 2014-08-12 01:36 701440 ----a-w- c:\windows\SysWow64\IMJP10K.DLL
2015-07-05 06:03 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2015-07-05 06:03 . 2013-11-22 22:48 3928064 ----a-w- c:\windows\system32\d2d1.dll
2015-07-05 06:03 . 2015-03-10 03:25 1882624 ----a-w- c:\windows\system32\msxml3.dll
2015-07-05 06:03 . 2015-03-10 03:21 2048 ----a-w- c:\windows\system32\msxml3r.dll
2015-07-05 06:03 . 2015-03-10 03:08 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll
2015-07-05 06:03 . 2015-03-10 03:05 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2015-07-05 06:03 . 2014-06-16 02:10 985536 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2015-07-05 06:00 . 2015-01-30 23:56 459336 ----a-w- c:\windows\system32\drivers\cng.sys
2015-07-05 05:59 . 2015-05-25 17:08 3206144 ----a-w- c:\windows\system32\win32k.sys
2015-07-05 05:51 . 2014-11-26 03:53 861696 ----a-w- c:\windows\system32\oleaut32.dll
2015-07-05 05:51 . 2014-11-26 03:32 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2015-07-05 05:51 . 2015-02-18 07:06 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2015-07-05 05:51 . 2015-02-18 07:04 142336 ----a-w- c:\windows\system32\poqexec.exe
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-05 10:08 . 2010-11-21 03:27 300704 ------w- c:\windows\system32\MpSigStub.exe
2015-06-18 15:41 . 2013-11-21 19:34 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-05-27 07:04 . 2013-11-21 20:06 140135120 ----a-w- c:\windows\system32\MRT.exe
2015-05-25 18:01 . 2015-07-05 08:46 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"f.lux"="c:\users\93\AppData\Local\FluxSoftware\Flux\flux.exe" [2013-10-23 1017224]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2015-06-23 787592]
"WinPatrol"="c:\program files (x86)\Ruiware\WinPatrol\winpatrol.exe" [2015-06-26 1244296]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-06-01 8358680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-04-26 292848]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2015-05-15 60712]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"CanonQuickMenu"="c:\program files (x86)\Canon\Quick Menu\CNQMMAIN.EXE" [2014-01-17 1284680]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]
.
c:\users\93\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ActivateReminder.exe [2013-8-19 313391]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ImageBrowser EX Agent.lnk - c:\program files (x86)\Canon\ImageBrowser EX\MFManager.exe [2015-7-5 69120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S3 e1dexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver D;c:\windows\system32\DRIVERS\e1d62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1d62x64.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys;c:\windows\SYSNATIVE\Drivers\nx6000.sys [x]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-07-07 23:20 991048 ----a-w- c:\program files (x86)\Google\Chrome\Application\43.0.2357.132\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-07-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-05 04:11]
.
2015-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-07-05 12:14]
.
2015-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-07-05 12:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-11-20 6846096]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2013-01-31 36352]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-09-06 165872]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-09-06 407536]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-09-06 444400]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-30 1337000]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-06-30 170280]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.pugetsystems.com/welcome.php?oid=117561
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
FF - ProfilePath - c:\users\93\AppData\Roaming\Mozilla\Firefox\Profiles\syowip1a.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.pugetsystems.com/welcome.php?oid=117561
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-07-13 12:06:32
ComboFix-quarantined-files.txt 2015-07-13 19:06
.
Pre-Run: 693,544,357,888 bytes free
Post-Run: 693,370,417,152 bytes free
.
- - End Of File - - 67556112CDFF33268EBE02CD0F9CECE3
A36C5E4F47E84449FF07ED3517B43A31


PS will run again as forgot to stop winpatrol and post that.

Thank you.
 
T
#13 ·
Hi Chemist,

The first time I didn't undo winpatrol but MSE. This time I did both; however, it kept saying MSE wasn't turned off, even with it being turned off.

Thank you.

ComboFix 15-07-12.01 - 93 07/13/2015 12:16:06.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.7104.5667 [GMT -7:00]
Running from: c:\users\93\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Enabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2015-06-13 to 2015-07-13 )))))))))))))))))))))))))))))))
.
.
2015-07-13 19:20 . 2015-07-13 19:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2015-07-13 19:07 . 2015-06-24 08:22 12221144 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{199E9326-35E9-4910-9C5D-D298917709BC}\mpengine.dll
2015-07-13 02:27 . 2015-06-24 08:22 12221144 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-07-11 13:12 . 2015-07-11 13:12 -------- d-----w- c:\programdata\Canneverbe Limited
2015-07-10 21:29 . 2015-06-24 22:00 1190000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0F2A7DCC-759B-469A-8423-8E66C4E5FE02}\gapaengine.dll
2015-07-10 12:12 . 2015-07-12 11:53 -------- d-----w- C:\FRST
2015-07-10 12:06 . 2015-07-10 12:08 -------- d-----w- C:\AdwCleaner
2015-07-09 21:47 . 2015-07-09 21:49 -------- d-----w- c:\users\93\AppData\Local\Microsoft Games
2015-07-08 14:11 . 2013-08-19 21:25 313391 ----a-w- c:\users\93\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ActivateReminder.exe
2015-07-05 20:36 . 2015-07-05 20:36 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2015-07-05 14:58 . 2015-07-07 23:37 -------- d-----r- C:\Sandbox
2015-07-05 13:11 . 2015-07-05 13:11 -------- d-----w- c:\program files (x86)\ESET
2015-07-05 12:53 . 2015-07-12 11:51 -------- d-----w- c:\users\93\AppData\Roaming\WinPatrol
2015-07-05 12:53 . 2015-07-05 12:53 -------- d-----w- c:\programdata\InstallMate
2015-07-05 12:53 . 2015-07-05 12:53 -------- d-----w- c:\program files (x86)\Ruiware
2015-07-05 12:47 . 2015-07-05 12:48 -------- d-----w- c:\program files\iTunes
2015-07-05 12:47 . 2015-07-05 12:47 -------- d-----w- c:\program files (x86)\iTunes
2015-07-05 12:47 . 2015-07-05 12:47 -------- d-----w- c:\program files\iPod
2015-07-05 12:33 . 2015-07-05 12:33 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll
2015-07-05 12:33 . 2015-07-05 12:33 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll
2015-07-05 12:33 . 2015-07-05 12:33 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll
2015-07-05 12:33 . 2015-07-05 12:33 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll
2015-07-05 12:33 . 2015-07-05 12:33 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll
2015-07-05 12:33 . 2015-07-05 12:33 -------- d-----w- c:\program files (x86)\QuickTime
2015-07-05 12:20 . 2015-07-05 12:20 -------- d-----w- c:\users\93\AppData\Local\Macromedia
2015-07-05 12:19 . 2015-07-05 12:19 -------- d-----w- c:\users\93\AppData\Roaming\Canneverbe Limited
2015-07-05 12:19 . 2015-07-05 12:19 -------- d-----w- c:\program files (x86)\CDBurnerXP
2015-07-05 12:09 . 2015-07-09 04:11 778416 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2015-07-05 12:09 . 2015-07-09 04:11 142512 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2015-07-05 12:01 . 2014-01-21 20:15 336896 ----a-w- c:\windows\SysWow64\CNC_C9L.dll
2015-07-05 12:01 . 2008-08-26 01:02 15872 ----a-w- c:\windows\SysWow64\CNHMCA.dll
2015-07-05 11:59 . 2015-07-05 11:59 -------- d-----w- c:\programdata\CanonIJWSpt
2015-07-05 11:56 . 2015-07-05 12:01 -------- d-----w- c:\program files\Canon
2015-07-05 11:55 . 2015-07-05 11:55 -------- d--h--w- c:\programdata\CanonBJ
2015-07-05 11:55 . 2014-03-18 12:00 30208 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPDC9.DLL
2015-07-05 11:55 . 2014-03-18 12:00 102912 ----a-w- c:\windows\system32\Spool\prtprocs\x64\CNMPPC9.DLL
2015-07-05 11:55 . 2014-02-04 22:29 316928 ----a-w- c:\windows\system32\CNC_C9C.dll
2015-07-05 11:55 . 2014-02-04 22:29 105984 ----a-w- c:\windows\system32\CNC_C9I.dll
2015-07-05 11:55 . 2014-01-21 20:16 369664 ----a-w- c:\windows\system32\CNC_C9L.dll
2015-07-05 11:55 . 2008-08-26 01:02 17920 ----a-w- c:\windows\system32\CNHMCA6.dll
2015-07-05 11:55 . 2014-03-18 12:00 406016 ----a-w- c:\windows\system32\CNMLMC9.DLL
2015-07-05 11:30 . 2015-07-05 11:30 -------- d-----w- c:\users\93\AppData\Roaming\Canon_Inc_IC
2015-07-05 11:30 . 2015-07-05 12:02 -------- d-----w- c:\program files (x86)\Canon
2015-07-05 11:29 . 2015-07-05 11:29 -------- d-----w- c:\program files (x86)\Common Files\Canon_Inc_IC
2015-07-05 11:28 . 2015-07-05 12:03 -------- d-----w- c:\users\93\AppData\Roaming\canon
2015-07-05 11:28 . 2015-07-05 11:28 -------- d-----w- c:\programdata\Canon_Inc_IC
2015-07-05 11:24 . 2015-07-05 11:24 -------- d-----w- c:\program files\DIFX
2015-07-05 11:23 . 2015-07-05 11:23 -------- d-----w- C:\Temp
2015-07-05 08:46 . 2014-09-05 02:11 6584320 ----a-w- c:\windows\system32\mstscax.dll
2015-07-05 08:45 . 2014-06-24 03:29 2565120 ----a-w- c:\windows\system32\d3d10warp.dll
2015-07-05 08:45 . 2014-06-24 02:59 1987584 ----a-w- c:\windows\SysWow64\d3d10warp.dll
2015-07-05 08:45 . 2015-01-31 03:48 3179520 ----a-w- c:\windows\system32\rdpcorets.dll
2015-07-05 08:45 . 2015-01-31 03:48 16384 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll
2015-07-05 08:45 . 2015-01-30 23:56 243200 ----a-w- c:\windows\system32\rdpudd.dll
2015-07-05 08:45 . 2015-04-18 03:10 460800 ----a-w- c:\windows\system32\certcli.dll
2015-07-05 08:45 . 2015-04-18 02:56 342016 ----a-w- c:\windows\SysWow64\certcli.dll
2015-07-05 08:45 . 2015-04-20 03:17 1647104 ----a-w- c:\windows\system32\DWrite.dll
2015-07-05 08:45 . 2015-04-20 03:17 1179136 ----a-w- c:\windows\system32\FntCache.dll
2015-07-05 08:45 . 2015-04-20 02:56 1250816 ----a-w- c:\windows\SysWow64\DWrite.dll
2015-07-05 08:45 . 2014-10-14 02:13 683520 ----a-w- c:\windows\system32\termsrv.dll
2015-07-05 08:43 . 2014-12-06 04:17 303616 ----a-w- c:\windows\system32\nlasvc.dll
2015-07-05 08:43 . 2014-12-06 03:50 52224 ----a-w- c:\windows\SysWow64\nlaapi.dll
2015-07-05 08:43 . 2014-12-06 03:50 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2015-07-05 08:43 . 2013-10-30 02:32 335360 ----a-w- c:\windows\system32\msieftp.dll
2015-07-05 08:43 . 2013-10-30 02:19 301568 ----a-w- c:\windows\SysWow64\msieftp.dll
2015-07-05 08:42 . 2014-12-19 03:06 210432 ----a-w- c:\windows\system32\profsvc.dll
2015-07-05 08:42 . 2014-01-29 02:32 484864 ----a-w- c:\windows\system32\wer.dll
2015-07-05 08:42 . 2014-01-29 02:06 381440 ----a-w- c:\windows\SysWow64\wer.dll
2015-07-05 08:42 . 2014-12-19 01:46 141312 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2015-07-05 08:27 . 2015-07-05 08:29 -------- d-s---w- c:\windows\system32\GWX
2015-07-05 08:27 . 2015-07-05 08:27 -------- d-s---w- c:\windows\SysWow64\GWX
2015-07-05 08:27 . 2015-07-05 08:27 -------- d-----w- c:\windows\Migration
2015-07-05 08:17 . 2014-06-27 02:08 2777088 ----a-w- c:\windows\system32\msmpeg2vdec.dll
2015-07-05 08:17 . 2014-06-27 01:45 2285056 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll
2015-07-05 07:35 . 2013-10-19 02:18 81408 ----a-w- c:\windows\system32\imagehlp.dll
2015-07-05 07:35 . 2013-10-19 01:36 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2015-07-05 07:35 . 2014-06-03 10:02 112064 ----a-w- c:\windows\system32\consent.exe
2015-07-05 07:35 . 2014-06-03 10:02 504320 ----a-w- c:\windows\system32\msihnd.dll
2015-07-05 07:35 . 2014-06-03 10:02 1941504 ----a-w- c:\windows\system32\authui.dll
2015-07-05 07:35 . 2014-06-03 09:29 337408 ----a-w- c:\windows\SysWow64\msihnd.dll
2015-07-05 07:35 . 2014-06-03 09:29 1805824 ----a-w- c:\windows\SysWow64\authui.dll
2015-07-05 07:35 . 2014-05-30 06:45 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2015-07-05 07:35 . 2014-06-06 10:10 624128 ----a-w- c:\windows\system32\qedit.dll
2015-07-05 07:35 . 2014-06-06 09:44 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2015-07-05 07:16 . 2015-07-05 07:17 -------- d-----w- c:\users\4
2015-07-05 07:12 . 2015-07-05 07:12 -------- d-----w- c:\program files\Sandboxie
2015-07-05 07:09 . 2015-07-05 07:09 -------- d-----w- c:\users\93\AppData\Local\FluxSoftware
2015-07-05 06:57 . 2015-07-05 06:57 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2015-07-05 06:52 . 2015-05-01 13:17 124112 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-07-05 06:52 . 2015-05-01 13:16 102608 ----a-w- c:\windows\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-07-05 06:39 . 2013-10-04 02:16 116736 ----a-w- c:\windows\system32\drivers\drmk.sys
2015-07-05 06:39 . 2013-10-04 01:36 230400 ----a-w- c:\windows\system32\drivers\portcls.sys
2015-07-05 06:39 . 2013-11-27 01:41 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2015-07-05 06:39 . 2013-11-27 01:41 99840 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2015-07-05 06:39 . 2013-11-27 01:41 53248 ----a-w- c:\windows\system32\drivers\usbehci.sys
2015-07-05 06:39 . 2013-11-27 01:41 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2015-07-05 06:39 . 2013-11-27 01:41 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2015-07-05 06:39 . 2013-11-27 01:41 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2015-07-05 06:39 . 2013-11-27 01:41 7808 ----a-w- c:\windows\system32\drivers\usbd.sys
2015-07-05 06:38 . 2015-07-09 12:49 -------- d-----w- C:\ContaCam
2015-07-05 06:38 . 2015-07-05 06:38 -------- d-----w- c:\users\93\AppData\Roaming\Contaware
2015-07-05 06:38 . 2015-07-05 06:38 -------- d-----w- c:\program files (x86)\ContaCam
2015-07-05 06:36 . 2015-07-05 06:36 -------- d-----w- c:\programdata\Licenses
2015-07-05 06:36 . 2009-03-24 19:52 129872 ----a-w- c:\windows\SysWow64\MSSTDFMT.DLL
2015-07-05 06:35 . 2015-07-09 12:46 -------- d-----w- c:\program files (x86)\SpywareBlaster
2015-07-05 06:28 . 2015-07-05 06:28 -------- d-----w- c:\users\93\AppData\Local\Skype
2015-07-05 06:28 . 2015-07-05 06:33 -------- d-----w- c:\users\93\AppData\Roaming\Skype
2015-07-05 06:27 . 2015-07-05 06:27 -------- d-----w- c:\program files (x86)\Microsoft LifeCam
2015-07-05 06:27 . 2015-07-05 06:27 -------- d-----w- c:\program files\Microsoft LifeCam
2015-07-05 06:08 . 2015-07-05 06:08 -------- d-----w- c:\program files\Microsoft Mouse and Keyboard Center
2015-07-05 06:03 . 2014-08-12 02:02 878080 ----a-w- c:\windows\system32\IMJP10K.DLL
2015-07-05 06:03 . 2014-08-12 01:36 701440 ----a-w- c:\windows\SysWow64\IMJP10K.DLL
2015-07-05 06:03 . 2013-11-26 08:16 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2015-07-05 06:03 . 2013-11-22 22:48 3928064 ----a-w- c:\windows\system32\d2d1.dll
2015-07-05 06:03 . 2015-03-10 03:25 1882624 ----a-w- c:\windows\system32\msxml3.dll
2015-07-05 06:03 . 2015-03-10 03:21 2048 ----a-w- c:\windows\system32\msxml3r.dll
2015-07-05 06:03 . 2015-03-10 03:08 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll
2015-07-05 06:03 . 2015-03-10 03:05 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2015-07-05 06:03 . 2014-06-16 02:10 985536 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2015-07-05 06:00 . 2015-01-30 23:56 459336 ----a-w- c:\windows\system32\drivers\cng.sys
2015-07-05 05:59 . 2015-05-25 17:08 3206144 ----a-w- c:\windows\system32\win32k.sys
2015-07-05 05:51 . 2014-11-26 03:53 861696 ----a-w- c:\windows\system32\oleaut32.dll
2015-07-05 05:51 . 2014-11-26 03:32 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2015-07-05 05:51 . 2015-02-18 07:06 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2015-07-05 05:51 . 2015-02-18 07:04 142336 ----a-w- c:\windows\system32\poqexec.exe
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-07-05 10:08 . 2010-11-21 03:27 300704 ------w- c:\windows\system32\MpSigStub.exe
2015-06-18 15:41 . 2013-11-21 19:34 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2015-05-27 07:04 . 2013-11-21 20:06 140135120 ----a-w- c:\windows\system32\MRT.exe
2015-05-25 18:01 . 2015-07-05 08:46 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"f.lux"="c:\users\93\AppData\Local\FluxSoftware\Flux\flux.exe" [2013-10-23 1017224]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2015-06-23 787592]
"CCleaner Monitoring"="c:\program files\CCleaner\CCleaner64.exe" [2015-06-01 8358680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2013-04-26 292848]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2015-05-15 60712]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"CanonQuickMenu"="c:\program files (x86)\Canon\Quick Menu\CNQMMAIN.EXE" [2014-01-17 1284680]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2014-12-19 1022152]
.
c:\users\93\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ActivateReminder.exe [2013-8-19 313391]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ImageBrowser EX Agent.lnk - c:\program files (x86)\Canon\ImageBrowser EX\MFManager.exe [2015-7-5 69120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S2 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe;c:\program files (x86)\ASUS\AXSP\1.01.01\atkexComSvc.exe [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S3 e1dexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver D;c:\windows\system32\DRIVERS\e1d62x64.sys;c:\windows\SYSNATIVE\DRIVERS\e1d62x64.sys [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 iusb3hub;Intel(R) USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys;c:\windows\SYSNATIVE\Drivers\nx6000.sys [x]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-07-07 23:20 991048 ----a-w- c:\program files (x86)\Google\Chrome\Application\43.0.2357.132\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2015-07-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-05 04:11]
.
2015-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-07-05 12:14]
.
2015-07-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2015-07-05 12:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-11-20 6846096]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2013-01-31 36352]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2013-09-06 165872]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2013-09-06 407536]
"Persistence"="c:\windows\system32\igfxpers.exe" [2013-09-06 444400]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2015-04-30 1337000]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2015-06-30 170280]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.pugetsystems.com/welcome.php?oid=117561
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~3\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
FF - ProfilePath - c:\users\93\AppData\Roaming\Mozilla\Firefox\Profiles\syowip1a.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.pugetsystems.com/welcome.php?oid=117561
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2015-07-13 12:21:35
ComboFix-quarantined-files.txt 2015-07-13 19:21
ComboFix2.txt 2015-07-13 19:06
.
Pre-Run: 693,439,094,784 bytes free
Post-Run: 693,363,032,064 bytes free
.
- - End Of File - - 424C44BE83149940DDD4FA5B6006F96B
A36C5E4F47E84449FF07ED3517B43A31
 
#15 ·
Hello again, tierra. You're very welcome. It appears ComboFix quarantined a file it shouldn't have.

We will restore it shortly. First...

Please go to: VirusTotal
  • Click the Choose File button.
  • Please copy/paste the following bolded text into the 'File name:' box:

    C:\Qoobox\Quarantine\C\program files (x86)\Skype\Phone\Skype.exe.vir

  • Click Open then click the Scan it! button just below.
  • This will scan the file. Please be patient.
  • If you get a message saying File already analysed: click Reanalyse
  • Once scanned, copy and paste the URL from your browser address bar in your next reply.
------------------------------------------------------
 
Save
Like Like
#17 ·
Hello again, tierra. OK, let's do this:

Open Notepad and copy/paste the entire contents of the codebox below, into Notepad:

Code: 
@echo off
for %%g in (
"C:\Qoobox\Quarantine\C\program files (x86)\Skype\Phone\Skype.exe.vir"
) do zip Files_for_submission %%g
del %0
Save this as submit.bat Choose to Save type as - All Files to your desktop then close the Notepad file.
It should look like this:
Image


Right-click on submit.bat and choose 'Run as administrator' to allow it to run. This batchfile will create a Files_for_submission.zip file in the same location where the batchfile was saved.

Please submit it to this site ==> Submit Malware Sample

and include this link in the message:

http://www.techsupportforum.com/forums/f50/glitches-after-reinstall-1014746.html#post6461866

Please let me know if you successfully submitted the file. Thanks.

------------------------------------------------------
 
Save
Like Like
#21 · (Edited)
Hello again, tierra. You're welcome. OK, let's do this:

Please download the Suspicious File Packer and Save it to your Desktop.

  • Unzip it to the desktop and run it.
  • Copy/paste the following list of files into the Suspicious File Packer window:

    "C:\Qoobox\Quarantine\C\program files (x86)\Skype\Phone\Skype.exe.vir"​
  • Allow SFP to pack the files by clicking Continue
  • This will generate a CAB archive on your desktop named requested-files[Date/Time].cab
  • Please submit it to this site ==> Submit Malware Sample
  • and include this link in the message->> http://www.techsupportforum.com/forums/f50/glitches-after-reinstall-1014746.html#post6461866
  • You can then delete the requested-files.cab file from your desktop, once you have uploaded it to the above recipient.
  • Please let me know you submitted the file.
------------------------------------------------------
 
Save
Like Like
#23 ·
Hello again, tierra. You're welcome. Unfortunately, the file isn't showing as uploaded to the site requested.

Please try again. Thanks.

------------------------------------------------------
 
Save
Like Like
Status
Not open for further replies.
You have insufficient privileges to reply here.
Tech Support Forum
  • 4.7M posts
  • 965K members
  • Since 2002
A forum community dedicated to tech experts and enthusiasts. Come join the discussion about articles, computer security, Mac, Microsoft, Linux, hardware, networking, gaming, reviews, accessories, and more!
Full Forum Listing
Explore Our Forums
Windows 7 , Windows Vista Support Motherboards, Bios|UEFI & CPU Networking Support Laptop Support Video Card Support