TechSpot

Audio not working after reclaiming ownership of system32 files

By Chairreadycase
Apr 21, 2015
  1. For no particular reason my audio stopped working a few days ago. When I click on the sound icon in right end of my desktop tool bar and go to "playback devices", the speakers' status is unplugged (I'm on a laptop with built-in speakers) and digital audio is the device available. However, there is no audible sound coming from anywhere even though digital audio volume levels fluctuate as though sound is being produced. I have stopped and restarted my audio driver, deleted audio driver and restarted the system so the driver would re-install, I've even refreshed my laptop, but there is still no sound coming from anywhere not even through other devices I connect to my laptop.

    When the audio first stopped working a few days ago, I noticed malware type behavior going on with my Chrome browser. Well it was more like addware. Randomly highlighted words (links) on every page with adds that popped up when the cursor hovered over the links. Also, TrustedInstall randomly assumed ownership of several folders, blocking me from making certain changes. I took ownership of the folders back, ran malwarebytes and antivirus software.


    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-04-2015
    Ran by Chris (administrator) on JARVISMOBILE on 20-04-2015 23:40:32
    Running from C:\Users\Chris\Downloads
    Loaded Profiles: Chris & (Available profiles: Chris & Administrator)
    Platform: Windows 8 (X64) OS Language: English (United States)
    Internet Explorer Version 10 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
    (Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
    (Dritek System Inc.) C:\Program Files (x86)\Acer\Device Control\DeviceCtrlSvc64.exe
    (Microsoft Corporation) C:\Windows\System32\dasHost.exe
    (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    (Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
    (Acer Incorporated) C:\Program Files\Acer\Acer Instant Service\Sleep Memory Optimizer\FFSService.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
    (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Dritek System INC.) C:\Windows\RfBtnSvc64.exe
    (Atheros) C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
    (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
    (acer) C:\Program Files (x86)\Acer\WTTouchApplicationSuite\AcerRing\AcerRing.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    () C:\Program Files (x86)\Acer Incorporated\HID Monitor\HIDMonitor.exe
    (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
    (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
    (Intel Corporation) C:\Windows\System32\igfxext.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
    (Dritek System Inc.) C:\Program Files (x86)\Acer\Device Control\ADevCtrl64.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Dritek System Inc.) C:\Program Files (x86)\Acer\Device Control\AdWmiSvc64.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
    (Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
    (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
    () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
    (Acer Incorporated) C:\Program Files\Acer\Acer Theft Shield\USecuAppClient.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
    (Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avcenter.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avscan.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avscan.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [BtPreLoad] => C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe [64640 2012-08-31] ()
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2912056 2012-08-10] (Synaptics Incorporated)
    HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    HKLM-x32\...\Run: [LManager] => [X]
    HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504 2012-08-16] (Intel Corporation)
    HKLM-x32\...\Run: [ADevCtrl] => C:\Program Files (x86)\Acer\Device Control\ADevCtrl64.exe [342128 2012-09-06] (Dritek System Inc.)
    HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [130048 2015-04-10] (Avira Operations GmbH & Co. KG)
    HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [726320 2015-03-24] (Avira Operations GmbH & Co. KG)
    Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
    HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
    HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
    HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
    HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
    HKU\S-1-5-21-1328069008-3100469584-2353180222-1001\...\Run: [GoogleChromeAutoLaunch_4E6299B33FA0592A57BB7C6E94F010D2] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [812872 2015-04-13] (Google Inc.)
    HKU\S-1-5-21-1328069008-3100469584-2353180222-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleChromeAutoLaunch_4E6299B33FA0592A57BB7C6E94F010D2] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [812872 2015-04-13] (Google Inc.)
    HKU\S-1-5-21-1328069008-3100469584-2353180222-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleChromeAutoLaunch_4E6299B33FA0592A57BB7C6E94F010D2] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [812872 2015-04-13] (Google Inc.)
    HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Backup Manager Tray.lnk [2012-09-13]
    ShortcutTarget: Acer Backup Manager Tray.lnk -> C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
    ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Chris\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll [2015-04-20] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Chris\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll [2015-04-20] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Chris\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll [2015-04-20] (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Chris\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll [2015-04-20] (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Chris\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll [2015-04-20] (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Chris\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll [2015-04-20] (Microsoft Corporation)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-1328069008-3100469584-2353180222-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer13.msn.com
    HKU\S-1-5-21-1328069008-3100469584-2353180222-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com
    HKU\S-1-5-21-1328069008-3100469584-2353180222-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer13.msn.com
    HKU\S-1-5-21-1328069008-3100469584-2353180222-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com
    HKU\S-1-5-21-1328069008-3100469584-2353180222-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com
    SearchScopes: HKU\S-1-5-21-1328069008-3100469584-2353180222-1001 -> DefaultScope {B3792E71-6D55-4E19-97BE-2250374FEA0D} URL =
    SearchScopes: HKU\S-1-5-21-1328069008-3100469584-2353180222-1001 -> {B3792E71-6D55-4E19-97BE-2250374FEA0D} URL =
    SearchScopes: HKU\S-1-5-21-1328069008-3100469584-2353180222-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {B3792E71-6D55-4E19-97BE-2250374FEA0D} URL =
    SearchScopes: HKU\S-1-5-21-1328069008-3100469584-2353180222-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {B3792E71-6D55-4E19-97BE-2250374FEA0D} URL =
    SearchScopes: HKU\S-1-5-21-1328069008-3100469584-2353180222-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {B3792E71-6D55-4E19-97BE-2250374FEA0D} URL =
    SearchScopes: HKU\S-1-5-21-1328069008-3100469584-2353180222-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {B3792E71-6D55-4E19-97BE-2250374FEA0D} URL =
    BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-08-31] (Qualcomm Atheros Commnucations)
    BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
    BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
    Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
    Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
    Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
    Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\GQ1yFlmv.default
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-19] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-19] (Google Inc.)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-11] ()
    FF Extension: Segurança do navegador Avira - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\GQ1yFlmv.default\Extensions\abs@avira.com [2015-04-20]
    FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
    FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2012-09-13]

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.google.com
    CHR StartupUrls: Default -> "hxxp://www.google.com", "https://isearch.avg.com/?cid={08AE2...ad35b87ef&lang=en&ds=ft011&pr=sa&d=2012-09-07 17:01:48&v=12.2.0.5&sap=hp", "hxxp://isearch.avg.com/?cid={08AE2A35-024E-48ED-8824-5306B49A6FD2}&mid=67f6dcc02f4d47d098d9d154345af490-2ab41f9c794caf0c686476de24f04efad35b87ef&lang=en&ds=ft011&pr=sa&d=2012-09-07 17:01:48&v=14.0.2.14&pid=avg&sg=&sap=hp", "hxxp://www.google.com/"
    CHR Profile: C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-19]
    CHR Extension: (Entanglement Web App) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2015-04-19]
    CHR Extension: (Clip to OneNote) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\akmphbadflhibamnhbgofnmogplllabh [2015-04-19]
    CHR Extension: (Beatlab) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\alnfdikmbdfgkcbdodjcbmedanjinmkk [2015-04-19]
    CHR Extension: (Google Docs) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-19]
    CHR Extension: (Google Drive) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-19]
    CHR Extension: (Translator) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\baphblbjhblgjocinamnmbpceogpfedo [2015-04-19]
    CHR Extension: (YouTube) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-19]
    CHR Extension: (Facebook) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2015-04-19]
    CHR Extension: (Google Search) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-19]
    CHR Extension: (Google Sheets) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-19]
    CHR Extension: (Readium) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\fepbnnnkkadjhjahcafoaglimekefifl [2015-04-19]
    CHR Extension: (Pin It Button) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-04-19]
    CHR Extension: (Wolfram
    Alpha (Official)) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\icncamkooinmbehmkeilcccmoljfkdhp [2015-04-19]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-19]
    CHR Extension: (Poppit!) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2015-04-19]
    CHR Extension: (Google Wallet) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-19]
    CHR Extension: (Gmail) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-19]
    CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-04-19]
    CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-04-19]
    CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [815920 2015-03-24] (Avira Operations GmbH & Co. KG)
    R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [434424 2015-03-24] (Avira Operations GmbH & Co. KG)
    R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [434424 2015-03-24] (Avira Operations GmbH & Co. KG)
    S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1004280 2015-03-24] (Avira Operations GmbH & Co. KG)
    R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [216192 2012-08-31] (Qualcomm Atheros Commnucations) [File not signed]
    R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [205104 2015-04-10] (Avira Operations GmbH & Co. KG)
    R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2435728 2012-08-23] (Acer Incorporated)
    S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [468624 2012-08-22] (Acer Incorporated)
    R2 DsiDeviceControlService; C:\Program Files (x86)\Acer\Device Control\DeviceCtrlSvc64.exe [68688 2012-04-23] (Dritek System Inc.)
    R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-08-22] (Acer Incorporated)
    R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-03-30] (Diskeeper Corporation)
    R2 FFSOpzSvc; C:\Program Files\Acer\Acer Instant Service\Sleep Memory Optimizer\FFSService.exe [161384 2012-03-12] (Acer Incorporated)
    R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-08-16] (Intel Corporation) [File not signed]
    R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
    R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)
    S3 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-29] (Intel Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
    R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [155368 2015-02-19] (McAfee, Inc.)
    R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-08-23] (NTI Corporation)
    R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-10-28] (Dritek System INC.)
    S3 USecuAppSvc; C:\Program Files\Acer\Acer Theft Shield\USecuAppSvc.exe [345744 2012-09-16] (Acer Incorporated)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16024 2015-01-31] (Microsoft Corporation)
    R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe [81536 2012-08-27] (Atheros) [File not signed]
     
  2. Chairreadycase

    Chairreadycase TS Rookie Topic Starter Posts: 22

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-04-2015
    Ran by Chris at 2015-04-20 23:43:40
    Running from C:\Users\Chris\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Acer Backup Manager (HKLM-x32\...\InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}) (Version: 4.0.0.0059 - NTI Corporation)
    Acer Device Control Lite (HKLM-x32\...\ADevCtrl) (Version: 1.10.2004.120905 - Acer Inc.)
    Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3007 - Acer Incorporated)
    Acer Instant Update Service (HKLM\...\{8215A318-CC27-435E-B3EA-2E3443C8998C}) (Version: 1.00.3013 - Acer Incorporated)
    Acer PicEvermore (HKLM-x32\...\InstallShield_{25F6C1CB-C8F0-4BAE-996B-9C16F97B82F3}) (Version: 1.0.0.0035 - NTI Corporation)
    Acer PicEvermore (x32 Version: 1.0.0.0035 - NTI Corporation) Hidden
    Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3006 - Acer Incorporated)
    Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3011 - Acer Incorporated)
    Acer Theft Shield (HKLM\...\{8ADB0CD2-4E5A-452F-BB3B-3A2984CAC749}) (Version: 1.01.3003 - Acer Incorporated)
    Acer USB Charge Manager (HKLM\...\{07E867C5-0C48-40FF-A013-DDAF4565AD47}) (Version: 2.00.3001 - Acer Incorporated)
    AcerCloud (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.01.3115 - Acer Incorporated)
    AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.00.3201 - Acer Incorporated)
    Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Avira (HKLM-x32\...\{d8490d5d-0f24-4000-b2e4-4b500a9a704d}) (Version: 1.1.35.25717 - Avira Operations GmbH & Co. KG)
    Avira (x32 Version: 1.1.35.25717 - Avira Operations GmbH & Co. KG) Hidden
    Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.9.504 - Avira Operations GmbH & Co. KG)
    Backup Manager v4 (x32 Version: 4.0.0.0059 - NTI Corporation) Hidden
    Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
    clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.01.3108 - Acer Incorporated)
    clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.01.3108 - Acer Incorporated)
    clear.fi SDK - Video 2 (x32 Version: 2.1.1925 - CyberLink Corp.) Hidden
    clear.fi SDK- Movie 2 (x32 Version: 2.1.2008 - CyberLink Corp.) Hidden
    Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
    Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
    CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3103_44819 - CyberLink Corp.)
    Delicious: Emily's True Love Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
    eBay Worldwide (HKLM-x32\...\{A694AF57-9891-4D62-824C-7E55A1361A14}) (Version: 2.3.0630 - OEM)
    ExpressCache (HKLM\...\{2EBEFDA8-F905-4C39-AC1C-D5ABE7B3E0AE}) (Version: 1.0.86 - Diskeeper Corporation)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
    HID Monitor (HKLM-x32\...\{1C8D89D8-6B60-4034-9934-3AE90101CB22}) (Version: 1.1.3 - Acer Incorporated)
    Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Acer Incorporated)
    Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2843 - Intel Corporation)
    Intel(R) Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 2.1.0.1002 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation)
    Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
    Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.4 - Acer Inc.)
    Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3004 - Acer Incorporated)
    Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
    McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.2.194 - McAfee, Inc.)
    Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
    Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-1328069008-3100469584-2353180222-1001\...\OneDriveSetup.exe) (Version: 17.3.4726.0226 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-1328069008-3100469584-2353180222-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\OneDriveSetup.exe) (Version: 17.3.4726.0226 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
    MyWinLocker (Version: 4.0.14.35 - Egis Technology Inc.) Hidden
    MyWinLocker 4 (x32 Version: 4.0.14.35 - Egis Technology Inc.) Hidden
    MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.24 - Egis Technology Inc.)
    MyWinLocker Suite (x32 Version: 4.0.14.24 - Egis Technology Inc.) Hidden
    NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9008 - NTI Corporation)
    NTI Media Maker 9 (x32 Version: 9.0.2.9008 - NTI Corporation) Hidden
    Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.01.3200 - Acer)
    Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.208 - Qualcomm Atheros Communications)
    Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.11 - Qualcomm Atheros)
    Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.28123 - Realtek Semiconductor Corp.)
    Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
    Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
    Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
    Sleep Memory Optimizer (HKLM\...\{BF63C2C3-9A5B-4366-AA5F-015292B919F0}) (Version: 1.01.3000 - Acer Incorporated)
    Smart Timer (HKLM-x32\...\{89DB52FC-EA72-468F-A0C7-150AF8B7AB74}) (Version: 1.00.3007 - Acer Incorporated)
    Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.9.6 - Synaptics Incorporated)
    Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
    Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
    Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
    Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
    Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
    WD Discovery (HKLM-x32\...\{A80AE043-EF68-4B64-9C6F-088405FED315}) (Version: 102.0.1.10 - Western Digital Technologies, Inc.)
    WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
    WildTangent Games App (x32 Version: 4.0.9.3 - WildTangent) Hidden
    WTTouchApplicationSuite (HKLM-x32\...\{D6D6EB59-35DB-4056-A0D3-01ABF7904E84}) (Version: 2.00.3004 - Acer Incorporated.)
    Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-1328069008-3100469584-2353180222-1001_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\Chris\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-1328069008-3100469584-2353180222-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Chris\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-1328069008-3100469584-2353180222-1001_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\Chris\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-1328069008-3100469584-2353180222-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Chris\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-1328069008-3100469584-2353180222-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Chris\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-1328069008-3100469584-2353180222-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Chris\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-1328069008-3100469584-2353180222-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Chris\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncApi64.dll (Microsoft Corporation)

    ==================== Restore Points =========================

    20-04-2015 14:16:31 Windows Modules Installer

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2012-07-26 00:26 - 2012-07-26 00:26 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {1F6C0E04-248E-45D4-87DC-6CBB6FD6AA7C} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2012-06-21] ()
    Task: {39D82BFB-C5E9-4F77-8CAD-CC140774C44E} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-08-22] (Acer Incorporated)
    Task: {4A6F31EE-56D9-4094-8694-8C250F357276} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-07-04] (CyberLink)
    Task: {74E0A12E-8D93-4140-BA94-DDF76E026D8F} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2012-07-31] (Acer Incorporated)
    Task: {79B00955-D172-4F51-A61D-E2EC8F4FC9D0} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2012-07-11] (Egis Technology Inc.)
    Task: {8517B8EB-4422-4F32-97DB-32E3A345F616} - System32\Tasks\AcerRingSchedule => C:\Program Files\Acer\WTTouchApplicationSuite\AcerRing\AcerRing.exe
    Task: {8B41D776-D05F-44C9-B707-DC3B78320AA4} - System32\Tasks\iuEmailOutlookAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe [2012-08-22] ()
    Task: {97444074-3D08-4575-BB51-2E1C1D523660} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2012-07-11] (Egis Technology Inc.)
    Task: {A22B3FE0-709E-425D-BADD-862980B7E01C} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2012-08-29] ()
    Task: {A2C8577D-ACEF-4815-AB4F-41EF923F2BBF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-19] (Google Inc.)
    Task: {B00537F1-1D0D-43F3-AE98-56FCA80F2894} - System32\Tasks\Microsoft\WINRE\WinRE-Repair => C:\windows\System32\reagentc.exe [2012-10-23] (Microsoft Corporation)
    Task: {C19755DE-13C1-4F8A-A308-CDECBC227251} - System32\Tasks\Theft Shield\AcerTheftShieldTask => C:\Program Files\Acer\Acer Theft Shield\USecuAppLauncher.exe [2012-09-16] (Acer Incorporated)
    Task: {C7D8767B-05B4-471D-9A01-32979E726A1B} - System32\Tasks\Smart Timer Task Scheduler => C:\Program Files\Smart Timer\Smart_Timer.exe [2012-06-22] (Acer Incorporated)
    Task: {D084830C-3571-48C9-BCFA-3B8BDF564314} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-19] (Google Inc.)
    Task: {EBBC54DF-E1E3-4CC1-BF97-6BD56383D428} - System32\Tasks\iuBrowserIEAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe [2012-08-22] ()
    Task: {FF1AED70-040D-44B3-85FE-6EBBBB33C601} - System32\Tasks\HIDMonitor => C:\Program Files\Acer Incorporated\HID Monitor\HIDMonitor.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) ==============

    2012-08-23 16:02 - 2012-08-23 16:02 - 00030640 _____ () C:\Program Files (x86)\Acer Incorporated\HID Monitor\HIDMonitor.exe
    2012-07-26 02:58 - 2012-07-26 02:53 - 00170864 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
    2012-09-19 01:24 - 2012-08-29 13:06 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
    2012-09-13 04:28 - 2012-03-14 04:55 - 00097872 _____ () C:\Program Files (x86)\Acer\Device Control\WlanMonitor64.dll
    2012-08-31 18:44 - 2012-08-31 18:44 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
    2012-08-22 17:04 - 2012-08-22 17:04 - 00025232 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
    2012-08-22 17:04 - 2012-08-22 17:04 - 00044176 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
    2012-08-23 01:26 - 2012-08-23 01:26 - 00465384 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
    2012-08-23 01:25 - 2012-08-23 01:25 - 00125504 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
    2012-08-23 01:26 - 2012-08-23 01:26 - 00155712 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\VolumeSnapshot.dll
    2012-08-23 01:25 - 2012-08-23 01:25 - 00118336 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\Online.dll
    2012-08-23 01:25 - 2012-08-23 01:25 - 01081408 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
    2012-08-23 01:25 - 2012-08-23 01:25 - 00052288 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OsSettingPort.dll
    2012-08-23 01:26 - 2012-08-23 01:26 - 00727616 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OutlookShadow.dll
    2012-10-28 16:45 - 2012-06-25 12:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
    2012-08-23 16:02 - 2012-08-23 16:02 - 00034736 _____ () C:\Program Files (x86)\Acer Incorporated\HID Monitor\ElanTPAPI.dll
    2015-04-19 02:06 - 2015-04-13 16:55 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libglesv2.dll
    2015-04-19 02:06 - 2015-04-13 16:55 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libegl.dll
    2015-04-19 02:06 - 2015-04-13 16:55 - 14980424 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\PepperFlash\pepflashplayer.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\Users\Chris\OneDrive:ms-properties

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

    ==================== EXE Association (whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, the associated entry will be removed from the registry.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1328069008-3100469584-2353180222-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
    HKU\S-1-5-21-1328069008-3100469584-2353180222-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
    HKU\S-1-5-21-1328069008-3100469584-2353180222-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
    DNS Servers: 192.168.1.1

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1328069008-3100469584-2353180222-500 - Administrator - Disabled) => C:\Users\Administrator
    Chris (S-1-5-21-1328069008-3100469584-2353180222-1001 - Administrator - Enabled) => C:\Users\Chris
    Chris_2 (S-1-5-21-1328069008-3100469584-2353180222-1006 - Limited - Enabled)
    Guest (S-1-5-21-1328069008-3100469584-2353180222-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-1328069008-3100469584-2353180222-1005 - Limited - Enabled)

    ==================== Faulty Device Manager Devices =============

    Name: Bluetooth USB Module
    Description: Bluetooth USB Module
    Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
    Manufacturer: Qualcomm Atheros Communications
    Service: BTHUSB
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (04/20/2015 03:20:52 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: JARVISMOBILE)
    Description: App microsoft.microsoftskydrive_8wekyb3d8bbwe!Microsoft.MicrosoftSkyDrive did not launch within its allotted time.

    Error: (04/20/2015 03:20:51 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JARVISMOBILE)
    Description: Activation of app microsoft.microsoftskydrive_8wekyb3d8bbwe!Microsoft.MicrosoftSkyDrive failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (04/19/2015 00:53:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program Explorer.EXE version 6.2.9200.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: a70

    Start Time: 01d07ac936ab6a1f

    Termination Time: 0

    Application Path: C:\WINDOWS\Explorer.EXE

    Report Id: f62638f4-e6bc-11e4-be74-089e01258960

    Faulting package full name:

    Faulting package-relative application ID:

    Error: (04/18/2015 09:32:02 PM) (Source: McLogEvent) (EventID: 5022) (User: NT AUTHORITY)
    Description: 1

    Error: (04/18/2015 08:51:32 PM) (Source: ESENT) (EventID: 454) (User: )
    Description: services (732) Database recovery/restore failed with unexpected error -1216.

    Error: (04/18/2015 08:51:32 PM) (Source: ESENT) (EventID: 494) (User: )
    Description: services (732) Database recovery failed with error -1216 because it encountered references to a database, 'C:\WINDOWS\Security\Database\secedit.sdb', which is no longer present. The database was not brought to a Clean Shutdown state before it was removed (or possibly moved or renamed). The database engine will not permit recovery to complete for this instance until the missing database is re-instated. If the database is truly no longer available and no longer required, procedures for recovering from this error are available in the Microsoft Knowledge Base or by following the "more information" link at the bottom of this message.


    System errors:
    =============
    Error: (04/19/2015 05:38:57 PM) (Source: volsnap) (EventID: 36) (User: )
    Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

    Error: (04/19/2015 01:12:23 PM) (Source: DCOM) (EventID: 10010) (User: JARVISMOBILE)
    Description: {209500FC-6B45-4693-8871-6296C4843751}

    Error: (04/19/2015 01:11:53 PM) (Source: DCOM) (EventID: 10010) (User: JARVISMOBILE)
    Description: {209500FC-6B45-4693-8871-6296C4843751}

    Error: (04/19/2015 00:48:56 PM) (Source: DCOM) (EventID: 10010) (User: JARVISMOBILE)
    Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

    Error: (04/19/2015 02:51:44 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
    Description: The Windows Update service did not shut down properly after receiving a preshutdown control.

    Error: (04/19/2015 02:20:23 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
    Description: {209500FC-6B45-4693-8871-6296C4843751}

    Error: (04/19/2015 02:20:19 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the mcpltsvc service.


    Microsoft Office Sessions:
    =========================
    Error: (04/20/2015 03:20:52 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: JARVISMOBILE)
    Description: microsoft.microsoftskydrive_8wekyb3d8bbwe!Microsoft.MicrosoftSkyDrive

    Error: (04/20/2015 03:20:51 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JARVISMOBILE)
    Description: microsoft.microsoftskydrive_8wekyb3d8bbwe!Microsoft.MicrosoftSkyDrive-2144927142

    Error: (04/19/2015 00:53:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Explorer.EXE6.2.9200.16384a7001d07ac936ab6a1f0C:\WINDOWS\Explorer.EXEf62638f4-e6bc-11e4-be74-089e01258960

    Error: (04/18/2015 09:32:02 PM) (Source: McLogEvent) (EventID: 5022) (User: NT AUTHORITY)
    Description: 1

    Error: (04/18/2015 08:51:32 PM) (Source: ESENT) (EventID: 454) (User: )
    Description: services732-1216

    Error: (04/18/2015 08:51:32 PM) (Source: ESENT) (EventID: 494) (User: )
    Description: services732-1216C:\WINDOWS\Security\Database\secedit.sdb


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i5-3317U CPU @ 1.70GHz
    Percentage of memory in use: 53%
    Total physical RAM: 5959.27 MB
    Available physical RAM: 2773.05 MB
    Total Pagefile: 10055.27 MB
    Available Pagefile: 6064.16 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.78 MB

    ==================== Drives ================================

    Drive c: (Acer) (Fixed) (Total:447.67 GB) (Free:379.28 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 465.8 GB) (Disk ID: 4CF96237)

    Partition: GPT Partition Type.

    ========================================================
    Disk: 1 (Size: 18.6 GB) (Disk ID: 3B3488D6)

    Partition: GPT Partition Type.

    ==================== End Of Log ============================
     
  3. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ==============================

    FRST.txt log is incomplete (Lower part is missing).
    So far I don't see anything malicious.

    What exactly do you mean by "refreshing" laptop?
     
  4. Chairreadycase

    Chairreadycase TS Rookie Topic Starter Posts: 22

    The lower part of FRST.txt wouldn't fit but I can definitely repost the entire report again in sections.

    And by refresh I mean I went to cmnd and entered shutdown /r /o and clicked the option to refresh computer instead a resetting the system and losing everything I have.
     
  5. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    This is what our instructions say in case some log doesn't fit into one reply.
     
  6. Chairreadycase

    Chairreadycase TS Rookie Topic Starter Posts: 22

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 20-04-2015
    Ran by Chris at 2015-04-20 23:43:40
    Running from C:\Users\Chris\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Acer Backup Manager (HKLM-x32\...\InstallShield_{9DDDF20E-9FD1-4434-A43E-E7889DBC9420}) (Version: 4.0.0.0059 - NTI Corporation)
    Acer Device Control Lite (HKLM-x32\...\ADevCtrl) (Version: 1.10.2004.120905 - Acer Inc.)
    Acer Device Fast-lane (HKLM\...\{3F62D2FD-13C1-49A2-8B5D-47623D9460D7}) (Version: 1.00.3007 - Acer Incorporated)
    Acer Instant Update Service (HKLM\...\{8215A318-CC27-435E-B3EA-2E3443C8998C}) (Version: 1.00.3013 - Acer Incorporated)
    Acer PicEvermore (HKLM-x32\...\InstallShield_{25F6C1CB-C8F0-4BAE-996B-9C16F97B82F3}) (Version: 1.0.0.0035 - NTI Corporation)
    Acer PicEvermore (x32 Version: 1.0.0.0035 - NTI Corporation) Hidden
    Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.3006 - Acer Incorporated)
    Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.3011 - Acer Incorporated)
    Acer Theft Shield (HKLM\...\{8ADB0CD2-4E5A-452F-BB3B-3A2984CAC749}) (Version: 1.01.3003 - Acer Incorporated)
    Acer USB Charge Manager (HKLM\...\{07E867C5-0C48-40FF-A013-DDAF4565AD47}) (Version: 2.00.3001 - Acer Incorporated)
    AcerCloud (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 2.01.3115 - Acer Incorporated)
    AcerCloud Docs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.00.3201 - Acer Incorporated)
    Agatha Christie - Death on the Nile (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Avira (HKLM-x32\...\{d8490d5d-0f24-4000-b2e4-4b500a9a704d}) (Version: 1.1.35.25717 - Avira Operations GmbH & Co. KG)
    Avira (x32 Version: 1.1.35.25717 - Avira Operations GmbH & Co. KG) Hidden
    Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.9.504 - Avira Operations GmbH & Co. KG)
    Backup Manager v4 (x32 Version: 4.0.0.0059 - NTI Corporation) Hidden
    Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
    clear.fi Media (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.01.3108 - Acer Incorporated)
    clear.fi Photo (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 2.01.3108 - Acer Incorporated)
    clear.fi SDK - Video 2 (x32 Version: 2.1.1925 - CyberLink Corp.) Hidden
    clear.fi SDK- Movie 2 (x32 Version: 2.1.2008 - CyberLink Corp.) Hidden
    Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
    Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
    CyberLink MediaEspresso 6.5 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.5.3103_44819 - CyberLink Corp.)
    Delicious: Emily's True Love Premium Edition (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Dora's World Adventure (x32 Version: 2.2.0.95 - WildTangent) Hidden
    eBay Worldwide (HKLM-x32\...\{A694AF57-9891-4D62-824C-7E55A1361A14}) (Version: 2.3.0630 - OEM)
    ExpressCache (HKLM\...\{2EBEFDA8-F905-4C39-AC1C-D5ABE7B3E0AE}) (Version: 1.0.86 - Diskeeper Corporation)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 42.0.2311.90 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.26.9 - Google Inc.) Hidden
    HID Monitor (HKLM-x32\...\{1C8D89D8-6B60-4034-9934-3AE90101CB22}) (Version: 1.1.3 - Acer Incorporated)
    Identity Card (HKLM-x32\...\{3D9CB654-99AD-4301-89C6-0D12A790767C}) (Version: 2.00.3004 - Acer Incorporated)
    Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2843 - Intel Corporation)
    Intel(R) Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 2.1.0.1002 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.4.1001 - Intel Corporation)
    Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
    Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Launch Manager (HKLM-x32\...\LManager) (Version: 7.0.4 - Acer Inc.)
    Live Updater (HKLM-x32\...\{EE26E302-876A-48D9-9058-3129E5B99999}) (Version: 2.00.3004 - Acer Incorporated)
    Malwarebytes Anti-Malware version 2.1.4.1018 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.4.1018 - Malwarebytes Corporation)
    McAfee SiteAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 3.7.2.194 - McAfee, Inc.)
    Microsoft Office (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.6120.5004 - Microsoft Corporation)
    Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-1328069008-3100469584-2353180222-1001\...\OneDriveSetup.exe) (Version: 17.3.4726.0226 - Microsoft Corporation)
    Microsoft OneDrive (HKU\S-1-5-21-1328069008-3100469584-2353180222-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\OneDriveSetup.exe) (Version: 17.3.4726.0226 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
    MyWinLocker (Version: 4.0.14.35 - Egis Technology Inc.) Hidden
    MyWinLocker 4 (x32 Version: 4.0.14.35 - Egis Technology Inc.) Hidden
    MyWinLocker Suite (HKLM-x32\...\InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}) (Version: 4.0.14.24 - Egis Technology Inc.)
    MyWinLocker Suite (x32 Version: 4.0.14.24 - Egis Technology Inc.) Hidden
    NTI Media Maker 9 (HKLM-x32\...\InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}) (Version: 9.0.2.9008 - NTI Corporation)
    NTI Media Maker 9 (x32 Version: 9.0.2.9008 - NTI Corporation) Hidden
    Office Addin (HKLM-x32\...\{6D2BBE1D-E600-4695-BA37-0B0E605542CC}) (Version: 2.01.3200 - Acer)
    Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Polar Golfer (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.208 - Qualcomm Atheros Communications)
    Qualcomm Atheros WiFi Driver Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 11.11 - Qualcomm Atheros)
    Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.28123 - Realtek Semiconductor Corp.)
    Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
    Shredder (Version: 2.0.8.9 - Egis Technology Inc.) Hidden
    Shredder (x32 Version: 2.0.8.9 - Egis Technology Inc.) Hidden
    Sleep Memory Optimizer (HKLM\...\{BF63C2C3-9A5B-4366-AA5F-015292B919F0}) (Version: 1.01.3000 - Acer Incorporated)
    Smart Timer (HKLM-x32\...\{89DB52FC-EA72-468F-A0C7-150AF8B7AB74}) (Version: 1.00.3007 - Acer Incorporated)
    Spotify (HKLM-x32\...\Spotify) (Version: 0.8.4.99.ga249b5f1 - Spotify AB)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.9.6 - Synaptics Incorporated)
    Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
    Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
    Visual Studio 2005 Tools for Office Second Edition Runtime (HKLM-x32\...\Microsoft Visual Studio 2005 Tools for Office Runtime) (Version: - Microsoft Corporation)
    Visual Studio Tools for the Office system 3.0 Runtime (HKLM-x32\...\Visual Studio Tools for the Office system 3.0 Runtime) (Version: - Microsoft Corporation)
    Visual Studio Tools for the Office system 3.0 Runtime Service Pack 1 (KB949258) (HKLM-x32\...\{8FB53850-246A-3507-8ADE-0060093FFEA6}.KB949258) (Version: 1 - Microsoft Corporation)
    WD Discovery (HKLM-x32\...\{A80AE043-EF68-4B64-9C6F-088405FED315}) (Version: 102.0.1.10 - Western Digital Technologies, Inc.)
    WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.3.0 - WildTangent)
    WildTangent Games App (x32 Version: 4.0.9.3 - WildTangent) Hidden
    WTTouchApplicationSuite (HKLM-x32\...\{D6D6EB59-35DB-4056-A0D3-01ABF7904E84}) (Version: 2.00.3004 - Acer Incorporated.)
    Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)

    CustomCLSID: HKU\S-1-5-21-1328069008-3100469584-2353180222-1001_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\Chris\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-1328069008-3100469584-2353180222-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Chris\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-1328069008-3100469584-2353180222-1001_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\Chris\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-1328069008-3100469584-2353180222-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Chris\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-1328069008-3100469584-2353180222-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Chris\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-1328069008-3100469584-2353180222-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Chris\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-1328069008-3100469584-2353180222-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Chris\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncApi64.dll (Microsoft Corporation)

    ==================== Restore Points =========================

    20-04-2015 14:16:31 Windows Modules Installer

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2012-07-26 00:26 - 2012-07-26 00:26 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
     
  7. Chairreadycase

    Chairreadycase TS Rookie Topic Starter Posts: 22

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {1F6C0E04-248E-45D4-87DC-6CBB6FD6AA7C} - System32\Tasks\ALUAgent => C:\Program Files (x86)\Acer\Live Updater\liveupdater_agent.exe [2012-06-21] ()
    Task: {39D82BFB-C5E9-4F77-8CAD-CC140774C44E} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTray.exe [2012-08-22] (Acer Incorporated)
    Task: {4A6F31EE-56D9-4094-8694-8C250F357276} - System32\Tasks\DeviceDetector => C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe [2012-07-04] (CyberLink)
    Task: {74E0A12E-8D93-4140-BA94-DDF76E026D8F} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2012-07-31] (Acer Incorporated)
    Task: {79B00955-D172-4F51-A61D-E2EC8F4FC9D0} - System32\Tasks\EgisUpdate => C:\Program Files\EgisTec IPS\EgisUpdate.exe [2012-07-11] (Egis Technology Inc.)
    Task: {8517B8EB-4422-4F32-97DB-32E3A345F616} - System32\Tasks\AcerRingSchedule => C:\Program Files\Acer\WTTouchApplicationSuite\AcerRing\AcerRing.exe
    Task: {8B41D776-D05F-44C9-B707-DC3B78320AA4} - System32\Tasks\iuEmailOutlookAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe [2012-08-22] ()
    Task: {97444074-3D08-4575-BB51-2E1C1D523660} - System32\Tasks\PMMUpdate => C:\Program Files\EgisTec IPS\PMMUpdate.exe [2012-07-11] (Egis Technology Inc.)
    Task: {A22B3FE0-709E-425D-BADD-862980B7E01C} - System32\Tasks\ALU => C:\Program Files (x86)\Acer\Live Updater\updater.exe [2012-08-29] ()
    Task: {A2C8577D-ACEF-4815-AB4F-41EF923F2BBF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-19] (Google Inc.)
    Task: {B00537F1-1D0D-43F3-AE98-56FCA80F2894} - System32\Tasks\Microsoft\WINRE\WinRE-Repair => C:\windows\System32\reagentc.exe [2012-10-23] (Microsoft Corporation)
    Task: {C19755DE-13C1-4F8A-A308-CDECBC227251} - System32\Tasks\Theft Shield\AcerTheftShieldTask => C:\Program Files\Acer\Acer Theft Shield\USecuAppLauncher.exe [2012-09-16] (Acer Incorporated)
    Task: {C7D8767B-05B4-471D-9A01-32979E726A1B} - System32\Tasks\Smart Timer Task Scheduler => C:\Program Files\Smart Timer\Smart_Timer.exe [2012-06-22] (Acer Incorporated)
    Task: {D084830C-3571-48C9-BCFA-3B8BDF564314} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-19] (Google Inc.)
    Task: {EBBC54DF-E1E3-4CC1-BF97-6BD56383D428} - System32\Tasks\iuBrowserIEAgent => C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe [2012-08-22] ()
    Task: {FF1AED70-040D-44B3-85FE-6EBBBB33C601} - System32\Tasks\HIDMonitor => C:\Program Files\Acer Incorporated\HID Monitor\HIDMonitor.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (whitelisted) ==============

    2012-08-23 16:02 - 2012-08-23 16:02 - 00030640 _____ () C:\Program Files (x86)\Acer Incorporated\HID Monitor\HIDMonitor.exe
    2012-07-26 02:58 - 2012-07-26 02:53 - 00170864 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
    2012-09-19 01:24 - 2012-08-29 13:06 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll
    2012-09-13 04:28 - 2012-03-14 04:55 - 00097872 _____ () C:\Program Files (x86)\Acer\Device Control\WlanMonitor64.dll
    2012-08-31 18:44 - 2012-08-31 18:44 - 00384128 _____ () C:\Program Files (x86)\Bluetooth Suite\ContactsApi.dll
    2012-08-22 17:04 - 2012-08-22 17:04 - 00025232 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
    2012-08-22 17:04 - 2012-08-22 17:04 - 00044176 _____ () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
    2012-08-23 01:26 - 2012-08-23 01:26 - 00465384 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
    2012-08-23 01:25 - 2012-08-23 01:25 - 00125504 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\MailConverter32.dll
    2012-08-23 01:26 - 2012-08-23 01:26 - 00155712 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\VolumeSnapshot.dll
    2012-08-23 01:25 - 2012-08-23 01:25 - 00118336 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\Online.dll
    2012-08-23 01:25 - 2012-08-23 01:25 - 01081408 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\ACE.dll
    2012-08-23 01:25 - 2012-08-23 01:25 - 00052288 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OsSettingPort.dll
    2012-08-23 01:26 - 2012-08-23 01:26 - 00727616 _____ () C:\Program Files (x86)\NTI\Acer Backup Manager\OutlookShadow.dll
    2012-10-28 16:45 - 2012-06-25 12:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
    2012-08-23 16:02 - 2012-08-23 16:02 - 00034736 _____ () C:\Program Files (x86)\Acer Incorporated\HID Monitor\ElanTPAPI.dll
    2015-04-19 02:06 - 2015-04-13 16:55 - 01252680 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libglesv2.dll
    2015-04-19 02:06 - 2015-04-13 16:55 - 00080712 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\libegl.dll
    2015-04-19 02:06 - 2015-04-13 16:55 - 14980424 _____ () C:\Program Files (x86)\Google\Chrome\Application\42.0.2311.90\PepperFlash\pepflashplayer.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\Users\Chris\OneDrive:ms-properties

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

    ==================== EXE Association (whitelisted) ===============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, the associated entry will be removed from the registry.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1328069008-3100469584-2353180222-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
    HKU\S-1-5-21-1328069008-3100469584-2353180222-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
    HKU\S-1-5-21-1328069008-3100469584-2353180222-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
    DNS Servers: 192.168.1.1

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1328069008-3100469584-2353180222-500 - Administrator - Disabled) => C:\Users\Administrator
    Chris (S-1-5-21-1328069008-3100469584-2353180222-1001 - Administrator - Enabled) => C:\Users\Chris
    Chris_2 (S-1-5-21-1328069008-3100469584-2353180222-1006 - Limited - Enabled)
    Guest (S-1-5-21-1328069008-3100469584-2353180222-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-1328069008-3100469584-2353180222-1005 - Limited - Enabled)

    ==================== Faulty Device Manager Devices =============

    Name: Bluetooth USB Module
    Description: Bluetooth USB Module
    Class Guid: {e0cbf06c-cd8b-4647-bb8a-263b43f0f974}
    Manufacturer: Qualcomm Atheros Communications
    Service: BTHUSB
    Problem: : This device is disabled. (Code 22)
    Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (04/20/2015 03:20:52 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: JARVISMOBILE)
    Description: App microsoft.microsoftskydrive_8wekyb3d8bbwe!Microsoft.MicrosoftSkyDrive did not launch within its allotted time.

    Error: (04/20/2015 03:20:51 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JARVISMOBILE)
    Description: Activation of app microsoft.microsoftskydrive_8wekyb3d8bbwe!Microsoft.MicrosoftSkyDrive failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (04/19/2015 00:53:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program Explorer.EXE version 6.2.9200.16384 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: a70

    Start Time: 01d07ac936ab6a1f

    Termination Time: 0

    Application Path: C:\WINDOWS\Explorer.EXE

    Report Id: f62638f4-e6bc-11e4-be74-089e01258960

    Faulting package full name:

    Faulting package-relative application ID:

    Error: (04/18/2015 09:32:02 PM) (Source: McLogEvent) (EventID: 5022) (User: NT AUTHORITY)
    Description: 1

    Error: (04/18/2015 08:51:32 PM) (Source: ESENT) (EventID: 454) (User: )
    Description: services (732) Database recovery/restore failed with unexpected error -1216.

    Error: (04/18/2015 08:51:32 PM) (Source: ESENT) (EventID: 494) (User: )
    Description: services (732) Database recovery failed with error -1216 because it encountered references to a database, 'C:\WINDOWS\Security\Database\secedit.sdb', which is no longer present. The database was not brought to a Clean Shutdown state before it was removed (or possibly moved or renamed). The database engine will not permit recovery to complete for this instance until the missing database is re-instated. If the database is truly no longer available and no longer required, procedures for recovering from this error are available in the Microsoft Knowledge Base or by following the "more information" link at the bottom of this message.


    System errors:
    =============
    Error: (04/19/2015 05:38:57 PM) (Source: volsnap) (EventID: 36) (User: )
    Description: The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

    Error: (04/19/2015 01:12:23 PM) (Source: DCOM) (EventID: 10010) (User: JARVISMOBILE)
    Description: {209500FC-6B45-4693-8871-6296C4843751}

    Error: (04/19/2015 01:11:53 PM) (Source: DCOM) (EventID: 10010) (User: JARVISMOBILE)
    Description: {209500FC-6B45-4693-8871-6296C4843751}

    Error: (04/19/2015 00:48:56 PM) (Source: DCOM) (EventID: 10010) (User: JARVISMOBILE)
    Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

    Error: (04/19/2015 02:51:44 AM) (Source: Service Control Manager) (EventID: 7043) (User: )
    Description: The Windows Update service did not shut down properly after receiving a preshutdown control.

    Error: (04/19/2015 02:20:23 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
    Description: {209500FC-6B45-4693-8871-6296C4843751}

    Error: (04/19/2015 02:20:19 AM) (Source: Service Control Manager) (EventID: 7011) (User: )
    Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the mcpltsvc service.


    Microsoft Office Sessions:
    =========================
    Error: (04/20/2015 03:20:52 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2486) (User: JARVISMOBILE)
    Description: microsoft.microsoftskydrive_8wekyb3d8bbwe!Microsoft.MicrosoftSkyDrive

    Error: (04/20/2015 03:20:51 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JARVISMOBILE)
    Description: microsoft.microsoftskydrive_8wekyb3d8bbwe!Microsoft.MicrosoftSkyDrive-2144927142

    Error: (04/19/2015 00:53:21 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: Explorer.EXE6.2.9200.16384a7001d07ac936ab6a1f0C:\WINDOWS\Explorer.EXEf62638f4-e6bc-11e4-be74-089e01258960

    Error: (04/18/2015 09:32:02 PM) (Source: McLogEvent) (EventID: 5022) (User: NT AUTHORITY)
    Description: 1

    Error: (04/18/2015 08:51:32 PM) (Source: ESENT) (EventID: 454) (User: )
    Description: services732-1216

    Error: (04/18/2015 08:51:32 PM) (Source: ESENT) (EventID: 494) (User: )
    Description: services732-1216C:\WINDOWS\Security\Database\secedit.sdb


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i5-3317U CPU @ 1.70GHz
    Percentage of memory in use: 53%
    Total physical RAM: 5959.27 MB
    Available physical RAM: 2773.05 MB
    Total Pagefile: 10055.27 MB
    Available Pagefile: 6064.16 MB
    Total Virtual: 8192 MB
    Available Virtual: 8191.78 MB

    ==================== Drives ================================

    Drive c: (Acer) (Fixed) (Total:447.67 GB) (Free:379.28 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 465.8 GB) (Disk ID: 4CF96237)

    Partition: GPT Partition Type.

    ========================================================
    Disk: 1 (Size: 18.6 GB) (Disk ID: 3B3488D6)

    Partition: GPT Partition Type.

    ==================== End Of Log ============================
     
  8. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    No. I need complete FRST.txt log not Addition.txt.
     
  9. Chairreadycase

    Chairreadycase TS Rookie Topic Starter Posts: 22

    Oh sorry, I was rushing to get out the door.


    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 20-04-2015
    Ran by Chris (administrator) on JARVISMOBILE on 20-04-2015 23:40:32
    Running from C:\Users\Chris\Downloads
    Loaded Profiles: Chris & (Available profiles: Chris & Administrator)
    Platform: Windows 8 (X64) OS Language: English (United States)
    Internet Explorer Version 10 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
    (Acer Incorporated) C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe
    (Dritek System Inc.) C:\Program Files (x86)\Acer\Device Control\DeviceCtrlSvc64.exe
    (Microsoft Corporation) C:\Windows\System32\dasHost.exe
    (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe
    (Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
    (Acer Incorporated) C:\Program Files\Acer\Acer Instant Service\Sleep Memory Optimizer\FFSService.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
    (McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
    (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
    (Microsoft Corporation) C:\Windows\System32\rundll32.exe
    (Dritek System INC.) C:\Windows\RfBtnSvc64.exe
    (Atheros) C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.26.9\GoogleCrashHandler64.exe
    (Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMutilps32.exe
    (acer) C:\Program Files (x86)\Acer\WTTouchApplicationSuite\AcerRing\AcerRing.exe
    (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
    () C:\Program Files (x86)\Acer Incorporated\HID Monitor\HIDMonitor.exe
    (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe
    (Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exe
    (Intel Corporation) C:\Windows\System32\igfxext.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (NTI Corporation) C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
    (Dritek System Inc.) C:\Program Files (x86)\Acer\Device Control\ADevCtrl64.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Dritek System Inc.) C:\Program Files (x86)\Acer\Device Control\AdWmiSvc64.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe
    (Qualcomm Atheros) C:\Program Files (x86)\Bluetooth Suite\BtTray.exe
    (Qualcomm Atheros Commnucations) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuEmailOutlookAgent.exe
    () C:\Program Files\Acer\Acer Instant Service\InstantUpdate\iuBrowserIEAgent.exe
    (Acer Incorporated) C:\Program Files\Acer\Acer Theft Shield\USecuAppClient.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Egis Technology Inc.) C:\Program Files\EgisTec IPS\PmmUpdate.exe
    (Egis Technology Inc.) C:\Program Files\EgisTec IPS\EgisUpdate.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avgnt.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\sched.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avcenter.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avguard.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avshadow.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avscan.exe
    (Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Antivirus\avscan.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [BtPreLoad] => C:\Program Files (x86)\Bluetooth Suite\BtPreLoad.exe [64640 2012-08-31] ()
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2912056 2012-08-10] (Synaptics Incorporated)
    HKLM-x32\...\Run: [mcui_exe] => "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
    HKLM-x32\...\Run: [LManager] => [X]
    HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504 2012-08-16] (Intel Corporation)
    HKLM-x32\...\Run: [ADevCtrl] => C:\Program Files (x86)\Acer\Device Control\ADevCtrl64.exe [342128 2012-09-06] (Dritek System Inc.)
    HKLM-x32\...\Run: [Avira Systray] => C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe [130048 2015-04-10] (Avira Operations GmbH & Co. KG)
    HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\Antivirus\avgnt.exe [726320 2015-03-24] (Avira Operations GmbH & Co. KG)
    Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
    HKU\S-1-5-19\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
    HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
    HKU\S-1-5-20\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
    HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
    HKU\S-1-5-21-1328069008-3100469584-2353180222-1001\...\Run: [GoogleChromeAutoLaunch_4E6299B33FA0592A57BB7C6E94F010D2] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [812872 2015-04-13] (Google Inc.)
    HKU\S-1-5-21-1328069008-3100469584-2353180222-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleChromeAutoLaunch_4E6299B33FA0592A57BB7C6E94F010D2] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [812872 2015-04-13] (Google Inc.)
    HKU\S-1-5-21-1328069008-3100469584-2353180222-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleChromeAutoLaunch_4E6299B33FA0592A57BB7C6E94F010D2] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [812872 2015-04-13] (Google Inc.)
    HKU\S-1-5-18\...\RunOnce: [IsMyWinLockerReboot] => msiexec.exe /qn /x{voidguid}
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Acer Backup Manager Tray.lnk [2012-09-13]
    ShortcutTarget: Acer Backup Manager Tray.lnk -> C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
    ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Chris\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll [2015-04-20] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Chris\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll [2015-04-20] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Chris\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\amd64\FileSyncShell64.dll [2015-04-20] (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Chris\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll [2015-04-20] (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Chris\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll [2015-04-20] (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Chris\AppData\Local\Microsoft\OneDrive\17.3.4726.0226\FileSyncShell.dll [2015-04-20] (Microsoft Corporation)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKU\S-1-5-21-1328069008-3100469584-2353180222-1001\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer13.msn.com
    HKU\S-1-5-21-1328069008-3100469584-2353180222-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com
    HKU\S-1-5-21-1328069008-3100469584-2353180222-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = http://acer13.msn.com
    HKU\S-1-5-21-1328069008-3100469584-2353180222-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com
    HKU\S-1-5-21-1328069008-3100469584-2353180222-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com
    SearchScopes: HKU\S-1-5-21-1328069008-3100469584-2353180222-1001 -> DefaultScope {B3792E71-6D55-4E19-97BE-2250374FEA0D} URL =
    SearchScopes: HKU\S-1-5-21-1328069008-3100469584-2353180222-1001 -> {B3792E71-6D55-4E19-97BE-2250374FEA0D} URL =
    SearchScopes: HKU\S-1-5-21-1328069008-3100469584-2353180222-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {B3792E71-6D55-4E19-97BE-2250374FEA0D} URL =
    SearchScopes: HKU\S-1-5-21-1328069008-3100469584-2353180222-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {B3792E71-6D55-4E19-97BE-2250374FEA0D} URL =
    SearchScopes: HKU\S-1-5-21-1328069008-3100469584-2353180222-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {B3792E71-6D55-4E19-97BE-2250374FEA0D} URL =
    SearchScopes: HKU\S-1-5-21-1328069008-3100469584-2353180222-500-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {B3792E71-6D55-4E19-97BE-2250374FEA0D} URL =
    BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll [2012-08-31] (Qualcomm Atheros Commnucations)
    BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
    BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
    Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
    Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
    Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
    Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
    Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
    Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2015-01-28] (McAfee, Inc.)
    Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

    FireFox:
    ========
    FF ProfilePath: C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\GQ1yFlmv.default
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-19] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.26.9\npGoogleUpdate3.dll [2015-04-19] (Google Inc.)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2012-05-11] ()
    FF Extension: Segurança do navegador Avira - C:\Users\Chris\AppData\Roaming\Mozilla\Firefox\Profiles\GQ1yFlmv.default\Extensions\abs@avira.com [2015-04-20]
    FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
    FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2012-09-13]

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.google.com
    CHR StartupUrls: Default -> "hxxp://www.google.com", "https://isearch.avg.com/?cid={08AE2...ad35b87ef&lang=en&ds=ft011&pr=sa&d=2012-09-07 17:01:48&v=12.2.0.5&sap=hp", "hxxp://isearch.avg.com/?cid={08AE2A35-024E-48ED-8824-5306B49A6FD2}&mid=67f6dcc02f4d47d098d9d154345af490-2ab41f9c794caf0c686476de24f04efad35b87ef&lang=en&ds=ft011&pr=sa&d=2012-09-07 17:01:48&v=14.0.2.14&pid=avg&sg=&sap=hp", "hxxp://www.google.com/"
    CHR Profile: C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-19]
    CHR Extension: (Entanglement Web App) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aciahcmjmecflokailenpkdchphgkefd [2015-04-19]
    CHR Extension: (Clip to OneNote) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\akmphbadflhibamnhbgofnmogplllabh [2015-04-19]
    CHR Extension: (Beatlab) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\alnfdikmbdfgkcbdodjcbmedanjinmkk [2015-04-19]
    CHR Extension: (Google Docs) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-19]
    CHR Extension: (Google Drive) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-19]
    CHR Extension: (Translator) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\baphblbjhblgjocinamnmbpceogpfedo [2015-04-19]
    CHR Extension: (YouTube) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-19]
    CHR Extension: (Facebook) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\boeajhmfdjldchidhphikilcgdacljfm [2015-04-19]
    CHR Extension: (Google Search) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-19]
    CHR Extension: (Google Sheets) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-19]
    CHR Extension: (Readium) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\fepbnnnkkadjhjahcafoaglimekefifl [2015-04-19]
    CHR Extension: (Pin It Button) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-04-19]
    CHR Extension: (Wolfram
    Alpha (Official)) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\icncamkooinmbehmkeilcccmoljfkdhp [2015-04-19]
    CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-19]
    CHR Extension: (Poppit!) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbkbpnkkkipelfledbfocopglifcfmi [2015-04-19]
    CHR Extension: (Google Wallet) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-19]
    CHR Extension: (Gmail) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-19]
    CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-04-19]
    CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-04-19]
    CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    S2 AntiVirMailService; C:\Program Files (x86)\Avira\Antivirus\avmailc7.exe [815920 2015-03-24] (Avira Operations GmbH & Co. KG)
    R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\Antivirus\sched.exe [434424 2015-03-24] (Avira Operations GmbH & Co. KG)
    R2 AntiVirService; C:\Program Files (x86)\Avira\Antivirus\avguard.exe [434424 2015-03-24] (Avira Operations GmbH & Co. KG)
    S2 AntiVirWebService; C:\Program Files (x86)\Avira\Antivirus\avwebg7.exe [1004280 2015-03-24] (Avira Operations GmbH & Co. KG)
    R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [216192 2012-08-31] (Qualcomm Atheros Commnucations) [File not signed]
    R2 Avira.OE.ServiceHost; C:\Program Files (x86)\Avira\My Avira\Avira.OE.ServiceHost.exe [205104 2015-04-10] (Avira Operations GmbH & Co. KG)
    R2 CCDMonitorService; C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe [2435728 2012-08-23] (Acer Incorporated)
    S3 DeviceFastLaneService; C:\Program Files\Acer\Acer Device Fast-lane\DeviceFastLaneSvc.exe [468624 2012-08-22] (Acer Incorporated)
    R2 DsiDeviceControlService; C:\Program Files (x86)\Acer\Device Control\DeviceCtrlSvc64.exe [68688 2012-04-23] (Dritek System Inc.)
    R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [658576 2012-08-22] (Acer Incorporated)
    R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-03-30] (Diskeeper Corporation)
    R2 FFSOpzSvc; C:\Program Files\Acer\Acer Instant Service\Sleep Memory Optimizer\FFSService.exe [161384 2012-03-12] (Acer Incorporated)
    R2 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-08-16] (Intel Corporation) [File not signed]
    R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-13] (Realsil Microelectronics Inc.) [File not signed]
    R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-17] (Intel Corporation)
    S3 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [193576 2012-07-29] (Intel Corporation)
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-17] (Intel Corporation)
    R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-03-17] (Malwarebytes Corporation)
    R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-03-17] (Malwarebytes Corporation)
    R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [155368 2015-02-19] (McAfee, Inc.)
    R2 NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [259136 2012-08-23] (NTI Corporation)
    R2 RfButtonDriverService; C:\Windows\RfBtnSvc64.exe [93296 2012-10-28] (Dritek System INC.)
    S3 USecuAppSvc; C:\Program Files\Acer\Acer Theft Shield\USecuAppSvc.exe [345744 2012-09-16] (Acer Incorporated)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16024 2015-01-31] (Microsoft Corporation)
    R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Qualcomm Atheros\Ath_WlanAgent.exe [81536 2012-08-27] (Atheros) [File not signed]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R3 AcerKBVDMini; C:\Windows\System32\drivers\AcerKBVD.sys [15632 2012-06-05] (Acer Incorporated)
    R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [128536 2015-03-24] (Avira Operations GmbH & Co. KG)
    R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132120 2015-03-24] (Avira Operations GmbH & Co. KG)
    R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2015-03-24] (Avira Operations GmbH & Co. KG)
    R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-03-24] (Avira Operations GmbH & Co. KG)
    S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [76952 2012-08-31] (Qualcomm Atheros)
    S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
    R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2012-03-30] (Diskeeper Corporation)
    R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [95024 2012-03-30] (Diskeeper Corporation)
    R3 irstrtdv; C:\Windows\System32\drivers\irstrtdv.sys [43800 2012-07-29] (Intel Corporation)
    R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-03-17] (Malwarebytes Corporation)
    R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [136408 2015-04-20] (Malwarebytes Corporation)
    R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-03-17] (Malwarebytes Corporation)
    R3 Ps2Kb2Hid; C:\Windows\System32\drivers\aPs2Kb2Hid.sys [26736 2012-10-28] (Dritek System Inc.)
    S3 QRDCIO; C:\Windows\System32\drivers\QRDCIO.sys [9728 2009-10-20] (QUANTA)
    R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [43832 2012-08-10] (Synaptics Incorporated)
    S3 IntcAzAudAddService; \SystemRoot\system32\drivers\RTKVHD64.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-04-20 23:40 - 2015-04-20 23:40 - 00025049 _____ () C:\Users\Chris\Downloads\FRST.txt
    2015-04-20 23:40 - 2015-04-20 23:40 - 00000000 ____D () C:\FRST
    2015-04-20 23:37 - 2015-04-20 23:37 - 02099712 _____ (Farbar) C:\Users\Chris\Downloads\FRST64.exe
    2015-04-20 23:20 - 2015-04-20 23:20 - 00000000 ___SH () C:\DkHyperbootSync
    2015-04-20 23:09 - 2015-04-20 23:09 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Mozilla
    2015-04-20 23:09 - 2015-04-20 23:09 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Avira
    2015-04-20 23:07 - 2015-03-24 14:59 - 00132120 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
    2015-04-20 23:07 - 2015-03-24 14:59 - 00128536 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
    2015-04-20 23:07 - 2015-03-24 14:59 - 00043576 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avnetflt.sys
    2015-04-20 23:07 - 2015-03-24 14:59 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avkmgr.sys
    2015-04-20 23:05 - 2015-04-20 23:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
    2015-04-20 23:05 - 2015-04-20 23:07 - 00000000 ____D () C:\ProgramData\Avira
    2015-04-20 23:05 - 2015-04-20 23:07 - 00000000 ____D () C:\Program Files (x86)\Avira
    2015-04-20 23:05 - 2015-04-20 23:05 - 00001211 _____ () C:\Users\Public\Desktop\Avira.lnk
    2015-04-20 23:05 - 2015-04-20 23:05 - 00000000 ____D () C:\ProgramData\Package Cache
    2015-04-20 23:04 - 2015-04-20 23:04 - 04636584 _____ (Avira Operations GmbH & Co. KG) C:\Users\Chris\Downloads\avira_en_av_5535cc5067ca1__ws.exe
    2015-04-20 16:21 - 2015-04-20 16:21 - 00281624 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
    2015-04-20 16:19 - 2015-04-13 17:07 - 00791520 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2015-04-20 16:19 - 2015-04-13 17:07 - 00177632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2015-04-20 16:16 - 2015-04-20 16:16 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
    2015-04-20 16:16 - 2015-04-20 16:16 - 00000000 ____D () C:\WINDOWS\system32\appraiser
    2015-04-20 15:45 - 2014-10-08 23:00 - 01519104 _____ (Microsoft Corporation) C:\WINDOWS\system32\vssapi.dll
    2015-04-20 15:45 - 2014-10-08 23:00 - 01484288 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
    2015-04-20 15:45 - 2014-10-08 23:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\vsstrace.dll
    2015-04-20 15:45 - 2014-10-08 22:59 - 01195520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vssapi.dll
    2015-04-20 15:45 - 2014-10-08 22:59 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vsstrace.dll
    2015-04-20 15:45 - 2012-09-20 01:31 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\eventcls.dll
    2015-04-20 15:45 - 2012-09-20 00:53 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\eventcls.dll
    2015-04-20 15:26 - 2015-04-20 15:26 - 38808920 _____ (Microsoft Corporation) C:\Users\Chris\Downloads\FileFormatConverters.exe
    2015-04-20 15:24 - 2015-04-20 15:26 - 00000000 ____D () C:\Program Files (x86)\MSECache
    2015-04-20 15:24 - 2015-04-20 15:24 - 00002671 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Word Viewer 2003.lnk
    2015-04-20 15:23 - 2015-04-20 15:23 - 25685128 _____ (Microsoft Corporation) C:\Users\Chris\Downloads\wordview_en-us.exe
    2015-04-20 15:11 - 2015-01-09 01:43 - 00951808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
    2015-04-20 15:11 - 2015-01-09 00:03 - 00601088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Globalization.dll
    2015-04-20 15:11 - 2015-01-08 18:52 - 00478296 _____ () C:\WINDOWS\SysWOW64\locale.nls
    2015-04-20 15:11 - 2015-01-08 18:52 - 00478296 _____ () C:\WINDOWS\system32\locale.nls
    2015-04-20 15:08 - 2015-04-20 15:08 - 00002227 _____ () C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2015-04-20 15:08 - 2015-04-20 15:08 - 00002209 _____ () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2015-04-20 15:08 - 2015-04-20 15:08 - 00000000 ____D () C:\ProgramData\Microsoft OneDrive
    2015-04-20 15:08 - 2015-04-20 15:08 - 00000000 ____D () C:\Program Files (x86)\Microsoft OneDrive
    2015-04-20 15:08 - 2015-04-20 15:07 - 07137440 _____ (Microsoft Corporation) C:\Users\Chris\Downloads\OneDriveSetup.exe
    2015-04-20 14:21 - 2014-06-10 17:44 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
    2015-04-20 14:21 - 2014-06-10 17:43 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
    2015-04-20 14:15 - 2015-03-23 00:19 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
    2015-04-20 14:15 - 2015-03-23 00:17 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
    2015-04-20 14:15 - 2015-03-23 00:17 - 00769024 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
    2015-04-20 14:15 - 2015-03-23 00:17 - 00419328 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
    2015-04-20 14:15 - 2015-03-23 00:17 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
    2015-04-20 14:15 - 2015-03-23 00:17 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
    2015-04-20 14:15 - 2015-03-22 17:04 - 01111552 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
    2015-04-20 14:15 - 2015-02-25 23:35 - 04063232 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
    2015-04-20 14:15 - 2014-12-02 20:48 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
    2015-04-20 14:14 - 2015-03-17 02:00 - 06971712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2015-04-20 14:14 - 2015-01-15 06:43 - 01282560 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2015-04-20 14:14 - 2014-12-11 01:51 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWbPrxy.exe
    2015-04-20 14:14 - 2014-06-04 20:12 - 00678600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120_clr0400.dll
    2015-04-20 14:14 - 2014-06-03 18:12 - 00536776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp120_clr0400.dll
    2015-04-20 14:13 - 2015-03-17 01:52 - 01822696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
    2015-04-20 14:13 - 2015-03-16 23:45 - 01409496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
    2015-04-20 14:13 - 2015-03-06 02:39 - 00588800 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
    2015-04-20 14:13 - 2015-03-06 00:48 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
    2015-04-20 14:13 - 2015-02-20 08:59 - 00046080 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
    2015-04-20 14:13 - 2015-02-20 06:56 - 00366592 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
    2015-04-20 14:13 - 2015-02-20 03:10 - 00035328 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
    2015-04-20 14:13 - 2015-02-20 02:24 - 00304128 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
    2015-04-20 14:13 - 2015-02-02 18:18 - 00569712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
    2015-04-20 14:13 - 2015-01-15 06:44 - 01043968 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
    2015-04-20 14:13 - 2015-01-15 05:00 - 00961536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
    2015-04-20 14:13 - 2015-01-15 04:38 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\adtschema.dll
    2015-04-20 14:13 - 2015-01-15 04:09 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adtschema.dll
    2015-04-20 14:13 - 2012-11-07 23:24 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
    2015-04-20 14:13 - 2012-11-07 23:24 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
    2015-04-20 14:13 - 2012-11-07 23:20 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
    2015-04-20 14:13 - 2012-11-07 23:20 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
    2015-04-20 14:13 - 2012-11-07 23:02 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
    2015-04-20 14:13 - 2012-11-07 23:01 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
    2015-04-20 14:12 - 2015-01-31 08:48 - 00044024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys
    2015-04-20 14:12 - 2015-01-31 00:55 - 00275712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys
    2015-04-20 14:12 - 2014-02-05 18:41 - 01257984 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
    2015-04-20 14:12 - 2014-02-05 18:19 - 00974848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kernel32.dll
    2015-04-20 14:11 - 2014-09-13 01:24 - 02233152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
    2015-04-20 14:10 - 2014-09-02 21:48 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpchttp.dll
    2015-04-20 14:10 - 2014-09-02 21:22 - 00188928 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpchttp.dll
    2015-04-20 14:10 - 2014-08-28 23:17 - 02043392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
    2015-04-20 14:10 - 2014-08-28 23:17 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmWmiPl.dll
    2015-04-20 14:10 - 2014-08-28 23:04 - 02837504 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
    2015-04-20 14:10 - 2014-08-28 23:04 - 00309248 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmWmiPl.dll
    2015-04-20 14:10 - 2014-08-28 01:04 - 00499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FXSCOMEX.dll
    2015-04-20 14:10 - 2014-08-28 01:04 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FXSAPI.dll
    2015-04-20 14:10 - 2014-08-28 00:59 - 00616448 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSAPI.dll
    2015-04-20 14:10 - 2014-08-28 00:59 - 00609280 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSCOMEX.dll
    2015-04-20 14:10 - 2014-08-28 00:59 - 00432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSTIFF.dll
    2015-04-20 14:10 - 2014-08-28 00:59 - 00254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXST30.dll
    2015-04-20 14:10 - 2014-07-24 08:12 - 00328512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Classpnp.sys
    2015-04-20 14:09 - 2015-02-24 02:58 - 00861696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
    2015-04-20 14:09 - 2014-12-08 01:48 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\scesrv.dll
    2015-04-20 14:09 - 2014-12-08 00:04 - 00318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scesrv.dll
    2015-04-20 14:09 - 2014-08-09 03:30 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
    2015-04-20 14:09 - 2014-08-09 03:29 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\tssdisai.dll
    2015-04-20 14:09 - 2013-07-05 17:02 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbcir.sys
    2015-04-20 14:09 - 2013-07-05 17:01 - 00210560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbvideo.sys
    2015-04-20 14:09 - 2013-06-22 00:45 - 00785624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Wdf01000.sys
    2015-04-20 14:09 - 2013-06-22 00:45 - 00054488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdfLdr.sys
    2015-04-20 14:08 - 2013-04-09 00:33 - 00489576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
    2015-04-20 14:08 - 2013-04-09 00:33 - 00446792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
    2015-04-20 14:08 - 2013-04-09 00:33 - 00253544 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
    2015-04-20 14:08 - 2013-04-09 00:20 - 00306952 _____ (Microsoft Corporation) C:\WINDOWS\system32\kd_02_10ec.dll
    2015-04-20 14:08 - 2013-04-09 00:20 - 00086280 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet.dll
    2015-04-20 14:08 - 2013-04-09 00:18 - 00077960 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdvm.dll
    2015-04-20 14:08 - 2013-04-09 00:14 - 01455880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
    2015-04-20 14:08 - 2013-04-08 23:52 - 00816128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
    2015-04-20 14:08 - 2013-04-08 23:52 - 00804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
    2015-04-20 14:08 - 2013-04-08 23:52 - 00373760 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
    2015-04-20 14:08 - 2013-04-08 23:52 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFilterHost.exe
    2015-04-20 14:08 - 2013-04-08 23:52 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Robocopy.exe
    2015-04-20 14:08 - 2013-04-08 23:51 - 14267904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
    2015-04-20 14:08 - 2013-04-08 23:51 - 03552768 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
    2015-04-20 14:08 - 2013-04-08 23:51 - 00595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
    2015-04-20 14:08 - 2013-04-08 23:51 - 00523264 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
    2015-04-20 14:08 - 2013-04-08 23:51 - 00456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
    2015-04-20 14:08 - 2013-04-08 23:51 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
    2015-04-20 14:08 - 2013-04-08 23:51 - 00367616 _____ (Microsoft Corporation) C:\WINDOWS\system32\conhost.exe
    2015-04-20 14:08 - 2013-04-08 23:51 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
    2015-04-20 14:08 - 2013-04-08 23:50 - 02107904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
    2015-04-20 14:08 - 2013-04-08 23:50 - 01285632 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
    2015-04-20 14:08 - 2013-04-08 23:50 - 00745984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssvp.dll
    2015-04-20 14:08 - 2013-04-08 23:50 - 00435200 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssph.dll
    2015-04-20 14:08 - 2013-04-08 23:50 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\GenuineCenter.dll
    2015-04-20 14:08 - 2013-04-08 23:50 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
    2015-04-20 14:08 - 2013-04-08 23:50 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msscntrs.dll
    2015-04-20 14:08 - 2013-04-08 23:50 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\msshooks.dll
    2015-04-20 14:08 - 2013-04-08 23:49 - 01444864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAudDecMFT.dll
    2015-04-20 14:08 - 2013-04-08 23:49 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
    2015-04-20 14:08 - 2013-04-08 23:49 - 00281088 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
    2015-04-20 14:08 - 2013-04-08 23:49 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhengine.dll
    2015-04-20 14:08 - 2013-04-08 23:49 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll
    2015-04-20 14:08 - 2013-04-08 23:49 - 00196096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmvdsitf.dll
    2015-04-20 14:08 - 2013-04-08 23:49 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmredir.dll
    2015-04-20 14:08 - 2013-04-08 23:49 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\fmifs.dll
    2015-04-20 14:08 - 2013-04-08 21:34 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbth.sys
    2015-04-20 14:08 - 2013-04-08 21:33 - 00623104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
    2015-04-20 14:08 - 2013-04-08 21:33 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndproxy.sys
    2015-04-20 14:08 - 2013-04-08 21:32 - 00805376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\PEAuth.sys
    2015-04-20 14:08 - 2013-04-08 21:31 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
    2015-04-20 14:08 - 2013-04-08 21:31 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wanarp.sys
    2015-04-20 14:08 - 2013-04-08 18:44 - 00123880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
    2015-04-20 14:08 - 2013-04-08 18:37 - 00426024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
    2015-04-20 14:08 - 2013-04-08 18:37 - 00324368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
    2015-04-20 14:08 - 2013-04-08 16:52 - 11878912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
    2015-04-20 14:08 - 2013-04-08 16:52 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
    2015-04-20 14:08 - 2013-04-08 16:52 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
    2015-04-20 14:08 - 2013-04-08 16:52 - 00302592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
    2015-04-20 14:08 - 2013-04-08 16:52 - 00171008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFilterHost.exe
    2015-04-20 14:08 - 2013-04-08 16:52 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Robocopy.exe
    2015-04-20 14:08 - 2013-04-08 16:51 - 02767360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
    2015-04-20 14:08 - 2013-04-08 16:51 - 01593344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
    2015-04-20 14:08 - 2013-04-08 16:51 - 01113600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAudDecMFT.dll
    2015-04-20 14:08 - 2013-04-08 16:51 - 00659456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssvp.dll
    2015-04-20 14:08 - 2013-04-08 16:51 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
    2015-04-20 14:08 - 2013-04-08 16:51 - 00403968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssph.dll
    2015-04-20 14:08 - 2013-04-08 16:51 - 00361984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
    2015-04-20 14:08 - 2013-04-08 16:51 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
     
  10. Chairreadycase

    Chairreadycase TS Rookie Topic Starter Posts: 22

    2015-04-20 14:08 - 2013-04-08 16:51 - 00214528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
    2015-04-20 14:08 - 2013-04-08 16:51 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssphtb.dll
    2015-04-20 14:08 - 2013-04-08 16:51 - 00155648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmvdsitf.dll
    2015-04-20 14:08 - 2013-04-08 16:51 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fmifs.dll
    2015-04-20 14:08 - 2013-04-08 16:51 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssprxy.dll
    2015-04-20 14:08 - 2013-04-08 16:51 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msshooks.dll
    2015-04-20 14:08 - 2013-04-04 18:30 - 00503080 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
    2015-04-20 14:08 - 2013-03-30 13:16 - 01403784 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
    2015-04-20 14:08 - 2013-03-30 13:16 - 01267424 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
    2015-04-20 14:08 - 2013-03-28 17:09 - 01217328 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
    2015-04-20 14:08 - 2013-03-28 17:09 - 01093880 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
    2015-04-20 14:08 - 2013-03-15 17:05 - 00298456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
    2015-04-20 14:08 - 2013-03-15 17:05 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
    2015-04-20 14:08 - 2013-03-02 05:39 - 00069864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
    2015-04-20 14:08 - 2013-02-02 03:40 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsRasterService.dll
    2015-04-20 14:08 - 2013-02-02 03:23 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsRasterService.dll
    2015-04-20 14:08 - 2013-01-09 20:40 - 00303848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
    2015-04-20 14:08 - 2012-12-12 23:00 - 00002048 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
    2015-04-20 14:08 - 2012-12-12 22:59 - 00002048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tzres.dll
    2015-04-20 14:08 - 2012-11-19 23:54 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidi2c.sys
    2015-04-20 14:08 - 2012-11-06 00:00 - 00463768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
    2015-04-20 14:08 - 2012-10-11 00:44 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssphtb.dll
    2015-04-20 14:08 - 2012-10-11 00:44 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssitlb.dll
    2015-04-20 14:08 - 2012-10-11 00:06 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssitlb.dll
    2015-04-20 14:08 - 2012-10-11 00:06 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msscntrs.dll
    2015-04-20 14:08 - 2012-09-20 01:33 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhmanagew.exe
    2015-04-20 14:08 - 2012-09-20 01:33 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ndptsp.tsp
    2015-04-20 14:08 - 2012-09-20 01:33 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\kmddsp.tsp
    2015-04-20 14:08 - 2012-09-20 01:32 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascfg.dll
    2015-04-20 14:08 - 2012-09-20 01:32 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdiag.dll
    2015-04-20 14:08 - 2012-09-20 01:32 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmxs.dll
    2015-04-20 14:08 - 2012-09-20 01:32 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasser.dll
    2015-04-20 14:08 - 2012-09-20 01:32 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\system32\spwmp.dll
    2015-04-20 14:08 - 2012-09-20 01:32 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdxm.ocx
    2015-04-20 14:08 - 2012-09-20 01:32 - 00006144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxmasf.dll
    2015-04-20 14:08 - 2012-09-20 01:31 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcfg.dll
    2015-04-20 14:08 - 2012-09-20 01:31 - 00280576 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcat.dll
    2015-04-20 14:08 - 2012-09-20 01:31 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhshl.dll
    2015-04-20 14:08 - 2012-09-20 01:31 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsvc.dll
    2015-04-20 14:08 - 2012-09-20 01:31 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsrchapi.dll
    2015-04-20 14:08 - 2012-09-20 01:31 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhevents.dll
    2015-04-20 14:08 - 2012-09-20 01:31 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsrchph.dll
    2015-04-20 14:08 - 2012-09-20 01:31 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhlisten.dll
    2015-04-20 14:08 - 2012-09-20 01:31 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhautoplay.dll
    2015-04-20 14:08 - 2012-09-20 01:31 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhcleanup.dll
    2015-04-20 14:08 - 2012-09-20 01:31 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhtask.dll
    2015-04-20 14:08 - 2012-09-20 01:31 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsvcctl.dll
    2015-04-20 14:08 - 2012-09-20 01:12 - 09374208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmploc.DLL
    2015-04-20 14:08 - 2012-09-20 01:09 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndistapi.sys
    2015-04-20 14:08 - 2012-09-20 00:55 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ndptsp.tsp
    2015-04-20 14:08 - 2012-09-20 00:55 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kmddsp.tsp
    2015-04-20 14:08 - 2012-09-20 00:54 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rascfg.dll
    2015-04-20 14:08 - 2012-09-20 00:54 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdiag.dll
    2015-04-20 14:08 - 2012-09-20 00:54 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasmxs.dll
    2015-04-20 14:08 - 2012-09-20 00:54 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasser.dll
    2015-04-20 14:08 - 2012-09-20 00:54 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spwmp.dll
    2015-04-20 14:08 - 2012-09-20 00:54 - 00004608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdxm.ocx
    2015-04-20 14:08 - 2012-09-20 00:54 - 00004608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxmasf.dll
    2015-04-20 14:08 - 2012-09-20 00:32 - 09374208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmploc.DLL
    2015-04-20 14:07 - 2014-07-23 22:33 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
    2015-04-20 14:07 - 2014-07-23 22:33 - 00869544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
    2015-04-20 14:06 - 2014-10-08 22:59 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
    2015-04-20 14:06 - 2014-10-08 22:59 - 00212992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
    2015-04-20 14:06 - 2014-10-08 22:58 - 00458240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
    2015-04-20 14:06 - 2014-09-22 00:38 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
    2015-04-20 14:06 - 2014-09-21 22:56 - 00513536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
    2015-04-20 14:06 - 2013-07-01 17:14 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbprint.sys
    2015-04-20 14:06 - 2013-06-28 22:08 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidparse.sys
    2015-04-20 14:06 - 2013-06-28 22:07 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
    2015-04-20 14:06 - 2013-05-04 02:58 - 00120736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
    2015-04-20 14:06 - 2013-05-04 02:34 - 00284416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
    2015-04-20 14:06 - 2013-05-04 01:59 - 13644288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
    2015-04-20 14:06 - 2013-05-04 01:59 - 00812544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Magnify.exe
    2015-04-20 14:06 - 2013-05-04 01:58 - 01332736 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
    2015-04-20 14:06 - 2013-05-04 01:58 - 00470528 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofmsvc.dll
    2015-04-20 14:06 - 2013-05-04 01:58 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
    2015-04-20 14:06 - 2013-05-04 01:58 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
    2015-04-20 14:06 - 2013-05-04 01:58 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
    2015-04-20 14:06 - 2013-05-04 01:58 - 00151552 _____ (Microsoft Corporation) C:\WINDOWS\system32\netprofm.dll
    2015-04-20 14:06 - 2013-05-04 01:58 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
    2015-04-20 14:06 - 2013-05-04 01:57 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
    2015-04-20 14:06 - 2013-05-04 01:57 - 00708096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
    2015-04-20 14:06 - 2013-05-04 01:57 - 00560640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
    2015-04-20 14:06 - 2013-05-04 01:57 - 00501760 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
    2015-04-20 14:06 - 2013-05-04 01:57 - 00389120 _____ (Microsoft Corporation) C:\WINDOWS\system32\BCP47Langs.dll
    2015-04-20 14:06 - 2013-05-04 01:57 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
    2015-04-20 14:06 - 2013-05-04 01:57 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\biwinrt.dll
    2015-04-20 14:06 - 2013-05-04 01:57 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\muifontsetup.dll
    2015-04-20 14:06 - 2013-05-04 01:56 - 00419840 _____ (Microsoft Corporation) C:\WINDOWS\system32\intl.cpl
    2015-04-20 14:06 - 2013-05-03 23:58 - 00758784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Magnify.exe
    2015-04-20 14:06 - 2013-05-03 23:57 - 10788864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
    2015-04-20 14:06 - 2013-05-03 23:57 - 00303616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
    2015-04-20 14:06 - 2013-05-03 23:57 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ubpm.dll
    2015-04-20 14:06 - 2013-05-03 23:57 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netplwiz.dll
    2015-04-20 14:06 - 2013-05-03 23:57 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netprofm.dll
    2015-04-20 14:06 - 2013-05-03 23:57 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\npmproxy.dll
    2015-04-20 14:06 - 2013-05-03 23:57 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\muifontsetup.dll
    2015-04-20 14:06 - 2013-05-03 23:56 - 00449536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
    2015-04-20 14:06 - 2013-05-03 23:56 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
    2015-04-20 14:06 - 2013-05-03 23:56 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BCP47Langs.dll
    2015-04-20 14:06 - 2013-05-03 23:56 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\biwinrt.dll
    2015-04-20 14:06 - 2013-05-03 23:55 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\intl.cpl
    2015-04-20 14:06 - 2013-05-03 23:51 - 00014848 _____ (Microsoft) C:\WINDOWS\system32\rars.rs
    2015-04-20 14:06 - 2013-05-03 23:48 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidusb.sys
    2015-04-20 14:06 - 2013-05-03 23:47 - 00427520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
    2015-04-20 14:06 - 2013-05-03 23:10 - 00014848 _____ (Microsoft) C:\WINDOWS\SysWOW64\rars.rs
    2015-04-20 14:06 - 2013-03-01 21:45 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskhost.exe
    2015-04-20 14:06 - 2013-03-01 21:45 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskhostex.exe
    2015-04-20 14:06 - 2013-02-02 03:39 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlmproxy.dll
    2015-04-20 14:06 - 2013-02-02 03:39 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlmsprep.dll
    2015-04-20 14:06 - 2012-10-11 00:19 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WSDScan.sys
    2015-04-20 14:05 - 2015-01-29 03:05 - 01627648 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
    2015-04-20 14:05 - 2015-01-29 01:19 - 01339392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
    2015-04-20 14:05 - 2013-05-14 21:25 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\autochk.exe
    2015-04-20 14:05 - 2013-05-14 21:25 - 00542208 _____ (Microsoft Corporation) C:\WINDOWS\system32\untfs.dll
    2015-04-20 14:05 - 2013-05-14 21:24 - 00793088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\autochk.exe
    2015-04-20 14:05 - 2013-05-14 21:24 - 00482816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\untfs.dll
    2015-04-20 14:05 - 2013-04-23 18:13 - 01013248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certutil.exe
    2015-04-20 14:05 - 2013-04-23 18:12 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptnet.dll
    2015-04-20 14:05 - 2013-04-23 17:56 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\system32\certutil.exe
    2015-04-20 14:05 - 2013-04-23 17:55 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptnet.dll
    2015-04-20 14:04 - 2014-07-07 00:53 - 01125376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
    2015-04-20 14:04 - 2014-07-07 00:52 - 00724992 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
    2015-04-20 14:04 - 2014-07-07 00:52 - 00300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsta.dll
    2015-04-20 14:04 - 2014-07-07 00:51 - 05982208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
    2015-04-20 14:04 - 2014-07-06 23:01 - 01049600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstsc.exe
    2015-04-20 14:04 - 2014-07-06 23:01 - 00233472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winsta.dll
    2015-04-20 14:04 - 2014-07-06 23:00 - 05095424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
    2015-04-20 14:04 - 2014-07-06 22:59 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aaclient.dll
    2015-04-20 14:04 - 2013-03-02 05:57 - 00332520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
    2015-04-20 14:04 - 2013-03-02 05:57 - 00077544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storahci.sys
    2015-04-20 14:04 - 2013-03-02 05:45 - 00194792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
    2015-04-20 14:04 - 2013-03-02 05:45 - 00148712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
    2015-04-20 14:04 - 2013-03-02 05:45 - 00125160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
    2015-04-20 14:04 - 2013-03-02 05:39 - 00495336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
    2015-04-20 14:04 - 2013-03-02 03:23 - 00893952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
    2015-04-20 14:04 - 2013-03-02 03:23 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
    2015-04-20 14:04 - 2013-03-02 03:23 - 00356352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
    2015-04-20 14:04 - 2013-03-02 03:23 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncInfo.dll
    2015-04-20 14:04 - 2013-03-02 03:22 - 00850944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
    2015-04-20 14:04 - 2013-03-02 03:22 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll
    2015-04-20 14:04 - 2013-03-02 03:21 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvstore.dll
    2015-04-20 14:04 - 2013-03-02 03:21 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\powercfg.cpl
    2015-04-20 14:04 - 2013-03-02 03:21 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevDispItemProvider.dll
    2015-04-20 14:04 - 2013-03-01 21:45 - 01161728 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
    2015-04-20 14:04 - 2013-03-01 21:45 - 01149952 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
    2015-04-20 14:04 - 2013-03-01 21:45 - 01101824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
    2015-04-20 14:04 - 2013-03-01 21:45 - 00645120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
    2015-04-20 14:04 - 2013-03-01 21:45 - 00245248 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll
    2015-04-20 14:04 - 2013-03-01 21:45 - 00240640 _____ (Microsoft Corporation) C:\WINDOWS\system32\fsquirt.exe
    2015-04-20 14:04 - 2013-03-01 21:45 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
    2015-04-20 14:04 - 2013-03-01 21:45 - 00171008 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerServer.dll
    2015-04-20 14:04 - 2013-03-01 21:45 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
    2015-04-20 14:04 - 2013-03-01 21:45 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDPrintProxy.DLL
    2015-04-20 14:04 - 2013-03-01 21:44 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
    2015-04-20 14:04 - 2013-03-01 21:44 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvstore.dll
    2015-04-20 14:04 - 2013-03-01 21:44 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll
    2015-04-20 14:04 - 2013-03-01 21:44 - 00448512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
    2015-04-20 14:04 - 2013-03-01 21:44 - 00150016 _____ (Microsoft Corporation) C:\WINDOWS\system32\discan.dll
    2015-04-20 14:04 - 2013-03-01 21:44 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncInfo.dll
    2015-04-20 14:04 - 2013-03-01 21:44 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\NdisImPlatform.dll
    2015-04-20 14:04 - 2013-03-01 21:44 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevDispItemProvider.dll
    2015-04-20 14:04 - 2013-03-01 21:43 - 00156160 _____ (Microsoft Corporation) C:\WINDOWS\system32\powercfg.cpl
    2015-04-20 14:04 - 2013-03-01 21:15 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouhid.sys
    2015-04-20 14:04 - 2013-02-28 23:56 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
    2015-04-20 14:04 - 2013-02-28 23:56 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\monitor.sys
    2015-04-20 14:04 - 2013-02-28 23:55 - 01175040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
    2015-04-20 14:04 - 2013-01-08 22:59 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
    2015-04-20 14:04 - 2013-01-08 22:58 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
    2015-04-20 14:03 - 2015-03-14 03:07 - 01120256 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
    2015-04-20 14:03 - 2015-03-14 01:33 - 00891904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
    2015-04-20 14:03 - 2015-03-04 02:29 - 00361280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
    2015-04-20 14:03 - 2015-03-04 01:39 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\clfsw32.dll
    2015-04-20 14:03 - 2015-03-03 23:52 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clfsw32.dll
    2015-04-20 14:03 - 2014-06-02 17:33 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\system32\InkEd.dll
    2015-04-20 14:02 - 2012-08-30 19:53 - 00017888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr100_clr0400.dll
    2015-04-20 14:02 - 2012-08-30 19:52 - 00017888 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr100_clr0400.dll
    2015-04-20 14:00 - 2015-03-10 00:28 - 02237952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2015-04-20 14:00 - 2015-03-10 00:27 - 19292672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2015-04-20 14:00 - 2015-03-10 00:27 - 15409152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2015-04-20 14:00 - 2015-03-10 00:27 - 03959296 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2015-04-20 14:00 - 2015-03-09 22:49 - 14373376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2015-04-20 14:00 - 2015-03-09 22:49 - 02864640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2015-04-20 14:00 - 2015-03-09 22:49 - 01763328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2015-04-20 14:00 - 2015-03-09 22:48 - 13767680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2015-04-20 14:00 - 2015-02-23 05:50 - 02656256 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2015-04-20 14:00 - 2015-02-21 00:30 - 02055680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2015-04-20 13:59 - 2015-03-10 00:28 - 01409024 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2015-04-20 13:59 - 2015-03-10 00:28 - 00600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2015-04-20 13:59 - 2015-03-10 00:27 - 00949760 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
    2015-04-20 13:59 - 2015-03-10 00:27 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
    2015-04-20 13:59 - 2015-03-10 00:27 - 00603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
    2015-04-20 13:59 - 2015-03-09 22:49 - 01181696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2015-04-20 13:59 - 2015-03-09 22:49 - 00737280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
    2015-04-20 13:59 - 2015-03-09 22:49 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
    2015-04-20 13:59 - 2015-03-09 22:49 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2015-04-20 13:59 - 2015-03-09 22:49 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
    2015-04-20 13:59 - 2015-02-23 05:52 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
    2015-04-20 13:59 - 2015-02-23 05:51 - 00915968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
    2015-04-20 13:59 - 2015-02-23 05:51 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
    2015-04-20 13:59 - 2015-02-23 05:51 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
    2015-04-20 13:59 - 2015-02-23 05:50 - 00451584 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
    2015-04-20 13:59 - 2015-02-23 05:50 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
    2015-04-20 13:59 - 2015-02-23 05:50 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
    2015-04-20 13:59 - 2015-02-23 05:50 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesysprep.dll
    2015-04-20 13:59 - 2015-02-23 05:50 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
    2015-04-20 13:59 - 2015-02-23 05:50 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
    2015-04-20 13:59 - 2015-02-23 05:50 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
    2015-04-20 13:59 - 2015-02-23 05:50 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
    2015-04-20 13:59 - 2015-02-23 05:49 - 01509376 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
    2015-04-20 13:59 - 2015-02-23 04:17 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
    2015-04-20 13:59 - 2015-02-23 04:15 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\INETRES.dll
    2015-04-20 13:59 - 2015-02-23 03:51 - 00441856 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec
    2015-04-20 13:59 - 2015-02-21 00:31 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
    2015-04-20 13:59 - 2015-02-21 00:30 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
    2015-04-20 13:59 - 2015-02-21 00:30 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
    2015-04-20 13:59 - 2015-02-21 00:30 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesysprep.dll
    2015-04-20 13:59 - 2015-02-21 00:30 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
    2015-04-20 13:59 - 2015-02-21 00:30 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
    2015-04-20 13:59 - 2015-02-21 00:30 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
    2015-04-20 13:59 - 2015-02-21 00:30 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
    2015-04-20 13:59 - 2015-02-21 00:29 - 01441280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
    2015-04-20 13:59 - 2015-02-21 00:29 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
    2015-04-20 13:59 - 2015-02-21 00:29 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
    2015-04-20 13:59 - 2015-02-21 00:09 - 02706432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
    2015-04-20 13:59 - 2015-02-21 00:07 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\INETRES.dll
    2015-04-20 13:59 - 2015-02-20 23:42 - 00361984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec
    2015-04-20 13:59 - 2015-02-20 22:00 - 00534528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
    2015-04-20 13:59 - 2014-10-11 02:45 - 10115072 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
    2015-04-20 13:59 - 2014-10-11 02:44 - 02885632 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
    2015-04-20 13:59 - 2014-10-11 02:44 - 00393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\msihnd.dll
    2015-04-20 13:59 - 2014-10-11 02:43 - 02307072 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
    2015-04-20 13:59 - 2014-10-11 00:58 - 08858624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
    2015-04-20 13:59 - 2014-10-11 00:57 - 02416640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
    2015-04-20 13:59 - 2014-10-11 00:57 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msihnd.dll
    2015-04-20 13:59 - 2014-10-11 00:56 - 02037760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
    2015-04-20 13:59 - 2014-09-24 18:29 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
    2015-04-20 13:59 - 2014-09-24 18:29 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
    2015-04-20 13:59 - 2014-09-24 18:01 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
    2015-04-20 13:59 - 2014-09-24 18:01 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
    2015-04-20 13:59 - 2014-08-21 18:56 - 01418752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
    2015-04-20 13:59 - 2014-08-21 18:27 - 01845760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
    2015-04-20 13:59 - 2014-06-12 18:34 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
    2015-04-20 13:59 - 2014-06-12 18:29 - 02146304 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
    2015-04-20 13:59 - 2013-07-01 20:41 - 00447320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
    2015-04-20 13:59 - 2013-07-01 20:41 - 00337752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
    2015-04-20 13:59 - 2013-07-01 20:41 - 00213336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UCX01000.SYS
    2015-04-20 13:59 - 2013-06-30 20:42 - 00623448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
    2015-04-20 13:59 - 2013-06-30 20:42 - 00498008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbport.sys
    2015-04-20 13:59 - 2013-06-30 20:42 - 00079192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbehci.sys
    2015-04-20 13:59 - 2013-06-30 20:42 - 00021848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
    2015-04-20 13:59 - 2013-06-28 22:07 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
    2015-04-20 13:59 - 2013-06-28 22:06 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys
    2015-04-20 13:59 - 2012-11-19 23:56 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbohci.sys
    2015-04-20 13:59 - 2012-10-31 23:21 - 00002048 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3r.dll
    2015-04-20 13:59 - 2012-10-31 23:20 - 00002048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3r.dll
    2015-04-20 13:58 - 2014-11-08 06:21 - 00827904 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
    2015-04-20 13:58 - 2014-11-08 01:56 - 00666624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
    2015-04-20 13:58 - 2014-10-11 03:35 - 00171840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
    2015-04-20 13:58 - 2014-10-11 00:41 - 00146944 _____ (Microsoft Corporation) C:\WINDOWS\system32\msaudite.dll
    2015-04-20 13:58 - 2014-10-11 00:05 - 00146944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msaudite.dll
    2015-04-20 13:58 - 2014-05-29 18:02 - 00439808 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
    2015-04-20 13:58 - 2014-04-12 04:10 - 00578048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
    2015-04-20 13:58 - 2014-04-12 04:09 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdigest.dll
    2015-04-20 13:58 - 2014-04-12 04:09 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
    2015-04-20 13:58 - 2014-04-12 04:08 - 00318464 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
    2015-04-20 13:58 - 2014-04-12 04:07 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\credssp.dll
    2015-04-20 13:58 - 2014-04-12 02:23 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
    2015-04-20 13:58 - 2014-04-12 02:23 - 00178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdigest.dll
    2015-04-20 13:58 - 2014-04-12 02:23 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TSpkg.dll
    2015-04-20 13:58 - 2014-04-12 02:22 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credssp.dll
    2015-04-20 13:58 - 2014-04-12 01:58 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\workerdd.dll
    2015-04-20 13:58 - 2013-04-11 17:30 - 01421312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
    2015-04-20 13:58 - 2013-04-11 17:22 - 01838080 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
    2015-04-20 13:57 - 2014-11-08 06:22 - 00238080 _____ (Microsoft Corporation) C:\WINDOWS\system32\pku2u.dll
    2015-04-20 13:57 - 2014-11-08 01:57 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pku2u.dll
    2015-04-20 13:57 - 2014-10-23 07:47 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll
    2015-04-20 13:57 - 2014-10-23 06:04 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll
    2015-04-20 13:57 - 2014-06-19 18:35 - 01312768 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
    2015-04-20 13:57 - 2014-06-19 17:24 - 00694272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
    2015-04-20 13:57 - 2013-05-04 01:59 - 02842112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
    2015-04-20 13:57 - 2013-05-03 23:57 - 02620928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
    2015-04-20 13:56 - 2015-01-24 01:43 - 00420864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
    2015-04-20 13:56 - 2015-01-24 00:00 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
    2015-04-20 13:56 - 2014-12-06 02:52 - 00384000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
    2015-04-20 13:56 - 2014-12-06 02:52 - 00357376 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
    2015-04-20 13:56 - 2014-12-06 02:52 - 00072192 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlaapi.dll
    2015-04-20 13:56 - 2014-12-06 01:09 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nlaapi.dll
    2015-04-20 13:56 - 2014-06-05 12:56 - 00112984 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
    2015-04-20 13:56 - 2014-05-29 17:24 - 00576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
    2015-04-20 13:56 - 2014-01-12 18:30 - 02238976 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
    2015-04-20 13:56 - 2014-01-12 18:30 - 02032640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
    2015-04-20 13:56 - 2013-11-19 19:15 - 03842560 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
    2015-04-20 13:56 - 2013-11-19 18:57 - 03288576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
    2015-04-20 13:56 - 2013-07-19 17:13 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
    2015-04-20 13:56 - 2013-07-19 17:13 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
     
  11. Chairreadycase

    Chairreadycase TS Rookie Topic Starter Posts: 22

    2015-04-20 13:56 - 2013-03-06 01:29 - 00070144 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
    2015-04-20 13:56 - 2012-11-09 23:23 - 00132608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
    2015-04-20 13:56 - 2012-11-09 23:22 - 00126976 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDWebAI.dll
    2015-04-20 13:56 - 2012-11-09 23:22 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmHostAI.dll
    2015-04-20 13:56 - 2012-11-09 23:20 - 00135680 _____ (Microsoft Corporation) C:\WINDOWS\system32\appserverai.dll
    2015-04-20 13:56 - 2012-10-31 23:41 - 01802240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
    2015-04-20 13:56 - 2012-10-31 23:40 - 02361344 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
    2015-04-20 13:56 - 2012-10-23 22:25 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
    2015-04-20 13:56 - 2012-10-23 22:24 - 00405504 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcasvc.dll
    2015-04-20 13:56 - 2012-10-23 22:24 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcadm.dll
    2015-04-20 13:56 - 2012-10-23 22:05 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaevts.dll
    2015-04-20 13:55 - 2014-12-06 02:53 - 00458240 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
    2015-04-20 13:55 - 2014-12-06 02:53 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFaultSecure.exe
    2015-04-20 13:55 - 2014-12-06 02:51 - 00370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Faultrep.dll
    2015-04-20 13:55 - 2014-12-06 02:51 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
    2015-04-20 13:55 - 2014-12-06 02:50 - 00783872 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
    2015-04-20 13:55 - 2014-12-06 01:10 - 00355840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
    2015-04-20 13:55 - 2014-12-06 01:10 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFaultSecure.exe
    2015-04-20 13:55 - 2014-12-06 01:09 - 00332800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Faultrep.dll
    2015-04-20 13:55 - 2014-10-02 20:21 - 00522728 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
    2015-04-20 13:55 - 2014-10-02 17:29 - 00169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
    2015-04-20 13:55 - 2014-06-06 09:06 - 00596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
    2015-04-20 13:55 - 2014-06-06 05:17 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
    2015-04-20 13:55 - 2013-07-13 01:18 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
    2015-04-20 13:55 - 2013-07-13 01:16 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptsvc.dll
    2015-04-20 13:55 - 2013-07-13 01:15 - 00124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
    2015-04-20 13:55 - 2013-07-13 01:15 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
    2015-04-20 13:55 - 2013-07-12 23:24 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
    2015-04-20 13:55 - 2013-07-12 23:23 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
    2015-04-20 13:55 - 2013-07-12 23:23 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
    2015-04-20 13:55 - 2013-07-09 01:18 - 00439488 _____ (Microsoft Corporation) C:\WINDOWS\system32\WerFault.exe
    2015-04-20 13:55 - 2013-07-08 23:25 - 00385768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WerFault.exe
    2015-04-20 13:55 - 2013-03-02 04:59 - 00411880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
    2015-04-20 13:55 - 2013-02-05 17:29 - 00370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
    2015-04-20 13:55 - 2013-02-05 17:28 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
    2015-04-20 13:55 - 2013-02-02 06:19 - 00061672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\crashdmp.sys
    2015-04-20 13:55 - 2013-02-02 05:54 - 01933544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
    2015-04-20 13:55 - 2013-02-02 05:28 - 00993512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
    2015-04-20 13:55 - 2013-02-02 03:40 - 00410624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlroamextension.dll
    2015-04-20 13:55 - 2013-02-02 03:40 - 00370688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
    2015-04-20 13:55 - 2013-02-02 03:40 - 00197632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
    2015-04-20 13:55 - 2013-02-02 03:40 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tasklist.exe
    2015-04-20 13:55 - 2013-02-02 03:40 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskkill.exe
    2015-04-20 13:55 - 2013-02-02 03:39 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mbsmsapi.dll
    2015-04-20 13:55 - 2013-02-02 03:38 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\duser.dll
    2015-04-20 13:55 - 2013-02-02 03:24 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskkill.exe
    2015-04-20 13:55 - 2013-02-02 03:24 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\tasklist.exe
    2015-04-20 13:55 - 2013-02-02 03:23 - 00611840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpd_ci.dll
    2015-04-20 13:55 - 2013-02-02 03:23 - 00543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlroamextension.dll
    2015-04-20 13:55 - 2013-02-02 03:23 - 00475136 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
    2015-04-20 13:55 - 2013-02-02 03:23 - 00293376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
    2015-04-20 13:55 - 2013-02-02 03:23 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wersvc.dll
    2015-04-20 13:55 - 2013-02-02 03:21 - 00225280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mbsmsapi.dll
    2015-04-20 13:55 - 2013-02-02 03:20 - 00729600 _____ (Microsoft Corporation) C:\WINDOWS\system32\duser.dll
    2015-04-20 13:55 - 2013-02-02 03:20 - 00260096 _____ (Microsoft Corporation) C:\WINDOWS\system32\hotspotauth.dll
    2015-04-20 13:55 - 2013-02-02 02:25 - 00297984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
    2015-04-20 13:55 - 2013-02-02 02:25 - 00037632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthAvrcpTg.sys
    2015-04-20 13:55 - 2012-11-26 22:57 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BtaMPM.sys
    2015-04-20 13:55 - 2012-11-26 22:55 - 00029952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthhfHid.sys
    2015-04-20 13:55 - 2012-11-03 00:26 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
    2015-04-20 13:55 - 2012-11-03 00:26 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
    2015-04-20 13:55 - 2012-11-03 00:24 - 00463872 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
    2015-04-20 13:55 - 2012-11-03 00:24 - 00375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
    2015-04-20 13:55 - 2012-11-03 00:24 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
    2015-04-20 13:55 - 2012-11-03 00:24 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
    2015-04-20 13:55 - 2012-11-03 00:24 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
    2015-04-20 13:55 - 2012-11-03 00:24 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
    2015-04-20 13:55 - 2012-11-03 00:24 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
    2015-04-20 13:55 - 2012-11-03 00:24 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
    2015-04-20 13:55 - 2012-11-03 00:04 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnlobby.dll
    2015-04-20 13:55 - 2012-11-03 00:04 - 00003584 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnaddr.dll
    2015-04-20 13:55 - 2012-11-03 00:00 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnlobby.dll
    2015-04-20 13:55 - 2012-11-03 00:00 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnaddr.dll
    2015-04-20 13:55 - 2012-10-31 23:21 - 00002048 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6r.dll
    2015-04-20 13:55 - 2012-10-31 23:20 - 00002048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6r.dll
    2015-04-20 13:54 - 2015-02-17 01:54 - 19777536 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2015-04-20 13:54 - 2015-02-17 00:13 - 17561600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
    2015-04-20 13:54 - 2015-01-23 23:31 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
    2015-04-20 13:54 - 2014-10-11 02:44 - 03248640 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
    2015-04-20 13:54 - 2013-10-10 04:32 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cscript.exe
    2015-04-20 13:54 - 2013-10-10 04:30 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrobj.dll
    2015-04-20 13:54 - 2013-10-10 04:30 - 00156160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll
    2015-04-20 13:54 - 2013-10-10 04:24 - 00143872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx
    2015-04-20 13:54 - 2013-10-10 04:23 - 00146944 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscript.exe
    2015-04-20 13:54 - 2013-10-10 04:22 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrobj.dll
    2015-04-20 13:54 - 2013-10-10 04:22 - 00194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll
    2015-04-20 13:54 - 2013-09-27 22:35 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
    2015-04-20 13:54 - 2013-04-27 00:20 - 00733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
    2015-04-20 13:54 - 2013-04-02 18:37 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptdlg.dll
    2015-04-20 13:54 - 2013-04-02 18:12 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptdlg.dll
    2015-04-20 13:54 - 2013-02-11 19:17 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023.sys
    2015-04-20 13:54 - 2013-02-02 00:41 - 01437184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
    2015-04-20 13:54 - 2013-02-02 00:31 - 01690624 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
    2015-04-20 13:54 - 2012-10-12 03:08 - 00027880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdpvideominiport.sys
    2015-04-20 13:54 - 2012-10-12 01:14 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\rfxvmt.dll
    2015-04-20 13:54 - 2012-10-11 00:45 - 00370176 _____ (Microsoft Corporation) C:\WINDOWS\system32\SysFxUI.dll
    2015-04-20 13:54 - 2012-10-11 00:19 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\drmkaud.sys
    2015-04-20 13:54 - 2012-10-11 00:18 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\drmk.sys
    2015-04-20 13:53 - 2014-12-18 23:35 - 00142336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
    2015-04-20 13:53 - 2014-12-18 03:51 - 00096576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys
    2015-04-20 13:53 - 2014-12-18 01:52 - 00889344 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
    2015-04-20 13:53 - 2014-12-18 01:51 - 01160192 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
    2015-04-20 13:53 - 2014-12-18 01:50 - 00723968 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
    2015-04-20 13:53 - 2014-12-18 01:20 - 00702464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
    2015-04-20 13:53 - 2013-06-10 14:15 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
    2015-04-20 13:53 - 2013-06-10 14:10 - 00245248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
    2015-04-20 13:53 - 2013-03-06 01:31 - 00222208 _____ (Microsoft Corporation) C:\WINDOWS\system32\shdocvw.dll
    2015-04-20 13:53 - 2013-03-06 00:03 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shdocvw.dll
    2015-04-20 13:53 - 2012-10-05 23:53 - 02893824 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
    2015-04-20 13:53 - 2012-10-05 23:15 - 02400256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
    2015-04-20 13:52 - 2014-12-19 01:48 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
    2015-04-20 13:52 - 2014-11-26 01:43 - 00778240 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
    2015-04-20 13:52 - 2014-11-25 23:50 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
    2015-04-20 13:52 - 2014-03-10 22:25 - 00100184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecdd.sys
    2015-04-20 13:52 - 2014-03-10 19:41 - 00559104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\objsel.dll
    2015-04-20 13:52 - 2014-03-10 19:41 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dimsroam.dll
    2015-04-20 13:52 - 2014-03-10 19:39 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsass.exe
    2015-04-20 13:52 - 2014-03-10 19:38 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
    2015-04-20 13:52 - 2014-03-10 19:38 - 00684032 _____ (Microsoft Corporation) C:\WINDOWS\system32\objsel.dll
    2015-04-20 13:52 - 2014-03-10 19:38 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
    2015-04-20 13:52 - 2014-03-10 19:38 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
    2015-04-20 13:52 - 2014-03-10 19:38 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\dimsroam.dll
    2015-04-20 13:52 - 2014-03-10 19:38 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspisrv.dll
    2015-04-20 13:52 - 2014-03-09 22:05 - 00668160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
    2015-04-20 13:52 - 2014-03-09 20:27 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
    2015-04-20 13:52 - 2013-11-01 00:38 - 00312320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msieftp.dll
    2015-04-20 13:52 - 2013-10-31 22:49 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msieftp.dll
    2015-04-20 13:52 - 2013-08-23 02:22 - 02062848 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
    2015-04-20 13:52 - 2013-08-22 20:44 - 01711616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
    2015-04-20 13:52 - 2012-10-23 22:25 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgentc.exe
    2015-04-20 13:52 - 2012-10-23 21:48 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgentc.exe
    2015-04-20 13:51 - 2015-02-12 18:18 - 00396419 _____ () C:\WINDOWS\system32\ApnDatabase.xml
    2015-04-20 13:51 - 2014-07-15 18:03 - 01300992 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
    2015-04-20 13:51 - 2014-07-11 21:36 - 01023488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
    2015-04-20 13:51 - 2013-12-04 18:43 - 00583680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdrm.dll
    2015-04-20 13:51 - 2013-12-04 18:37 - 00451072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdrm.dll
    2015-04-20 13:51 - 2013-03-21 22:49 - 02382336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
    2015-04-20 13:51 - 2013-03-21 17:47 - 02851840 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
    2015-04-20 13:51 - 2013-03-02 03:23 - 00375808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
    2015-04-20 13:51 - 2013-03-01 21:44 - 01011200 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
    2015-04-20 13:51 - 2012-12-14 23:55 - 00443392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
    2015-04-20 13:51 - 2012-11-03 00:26 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysreset.exe
    2015-04-20 13:51 - 2012-11-03 00:25 - 00945152 _____ (Microsoft Corporation) C:\WINDOWS\system32\resetengmig.dll
    2015-04-20 13:38 - 2014-10-30 02:20 - 01890816 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
    2015-04-20 13:38 - 2014-10-30 00:22 - 01569792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
    2015-04-20 13:16 - 2015-04-20 13:16 - 00000117 _____ () C:\WINDOWS\system32\netcfg-86384187.txt
    2015-04-19 18:19 - 2015-04-19 18:19 - 00000117 _____ () C:\WINDOWS\system32\netcfg-18138750.txt
    2015-04-19 16:59 - 2015-04-19 16:59 - 00000117 _____ () C:\WINDOWS\system32\netcfg-13358828.txt
    2015-04-19 16:59 - 2015-04-19 16:59 - 00000117 _____ () C:\WINDOWS\system32\netcfg-13356375.txt
    2015-04-19 13:17 - 2015-04-19 13:17 - 00000117 _____ () C:\WINDOWS\system32\netcfg-25562.txt
    2015-04-19 13:16 - 2015-04-19 13:16 - 00000117 _____ () C:\WINDOWS\system32\netcfg-557343.txt
    2015-04-19 13:07 - 2015-04-19 13:07 - 00000117 _____ () C:\WINDOWS\system32\netcfg-22812.txt
    2015-04-19 13:07 - 2015-04-19 13:07 - 00000117 _____ () C:\WINDOWS\system32\netcfg-188000.txt
    2015-04-19 13:04 - 2015-04-19 13:04 - 00000117 _____ () C:\WINDOWS\system32\netcfg-22890.txt
    2015-04-19 13:03 - 2015-04-19 13:03 - 00000117 _____ () C:\WINDOWS\system32\netcfg-304875.txt
    2015-04-19 12:59 - 2015-04-19 12:59 - 00000117 _____ () C:\WINDOWS\system32\netcfg-21421.txt
    2015-04-19 12:55 - 2015-04-19 12:55 - 00000117 _____ () C:\WINDOWS\system32\netcfg-355890.txt
    2015-04-19 12:49 - 2015-04-19 12:49 - 00000117 _____ () C:\WINDOWS\system32\netcfg-26109.txt
    2015-04-19 12:48 - 2015-04-19 12:48 - 00000117 _____ () C:\WINDOWS\system32\netcfg-964515.txt
    2015-04-19 12:34 - 2015-04-19 12:34 - 00000117 _____ () C:\WINDOWS\system32\netcfg-67390.txt
    2015-04-19 12:32 - 2015-04-19 12:32 - 00000117 _____ () C:\WINDOWS\system32\netcfg-34840078.txt
    2015-04-19 12:14 - 2015-04-19 12:14 - 00000117 _____ () C:\WINDOWS\system32\netcfg-33767531.txt
    2015-04-19 12:14 - 2015-04-19 12:14 - 00000117 _____ () C:\WINDOWS\system32\netcfg-33763562.txt
    2015-04-19 03:59 - 2015-04-19 03:59 - 00000000 ____D () C:\Users\Chris\AppData\Local\Western_Digital_Technolog
    2015-04-19 03:58 - 2015-04-19 03:58 - 00001190 _____ () C:\Users\Public\Desktop\WD Discovery.lnk
    2015-04-19 03:58 - 2015-04-19 03:58 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital
    2015-04-19 03:58 - 2015-04-19 03:58 - 00000000 ____D () C:\Program Files (x86)\Western Digital
    2015-04-19 02:52 - 2015-04-19 02:52 - 00000117 _____ () C:\WINDOWS\system32\netcfg-53843.txt
    2015-04-19 02:51 - 2015-04-19 02:51 - 00000117 _____ () C:\WINDOWS\system32\netcfg-1871937.txt
    2015-04-19 02:22 - 2015-04-19 02:22 - 00000117 _____ () C:\WINDOWS\system32\netcfg-88296.txt
    2015-04-19 02:19 - 2015-04-19 02:19 - 00000117 _____ () C:\WINDOWS\system32\netcfg-19775921.txt
    2015-04-19 02:06 - 2015-04-20 23:11 - 00000922 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2015-04-19 02:06 - 2015-04-20 22:54 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2015-04-19 02:06 - 2015-04-19 02:07 - 00000000 ____D () C:\Users\Chris\AppData\Local\Google
    2015-04-19 02:06 - 2015-04-19 02:06 - 00003894 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
    2015-04-19 02:06 - 2015-04-19 02:06 - 00003658 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
    2015-04-19 02:06 - 2015-04-19 02:06 - 00002263 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
    2015-04-19 02:06 - 2015-04-19 02:06 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2015-04-19 02:06 - 2015-04-19 02:06 - 00000000 ____D () C:\Program Files (x86)\Google
    2015-04-19 02:05 - 2015-04-20 23:03 - 00136408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2015-04-19 02:05 - 2015-04-19 02:05 - 00001110 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2015-04-19 02:05 - 2015-04-19 02:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-04-19 02:05 - 2015-04-19 02:05 - 00000000 ____D () C:\ProgramData\Malwarebytes
    2015-04-19 02:05 - 2015-04-19 02:05 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-04-19 02:05 - 2015-03-17 06:15 - 00107736 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
    2015-04-19 02:05 - 2015-03-17 06:15 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
    2015-04-19 02:05 - 2015-03-17 06:15 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
    2015-04-19 01:59 - 2015-04-19 02:06 - 00000000 ____D () C:\Users\Chris\AppData\Local\Deployment
    2015-04-19 01:59 - 2015-04-19 01:59 - 00000000 ____D () C:\Users\Chris\AppData\Local\Apps\2.0
    2015-04-19 01:55 - 2015-04-19 01:55 - 00000117 _____ () C:\WINDOWS\system32\netcfg-18305828.txt
    2015-04-18 21:49 - 2015-04-18 21:27 - 00000000 ____D () C:\Windows.old
    2015-04-18 21:47 - 2015-04-18 21:47 - 00000117 _____ () C:\WINDOWS\system32\netcfg-3410000.txt
    2015-04-18 21:27 - 2015-04-18 21:27 - 00262144 _____ () C:\WINDOWS\system32\config\userdiff
    2015-04-18 21:11 - 2015-04-18 21:11 - 31048957 _____ () C:\Users\Chris\Desktop\20396898_4e08601e613f3fc6fc04ff53c01bfd80527645ad.cab
    2015-04-18 21:10 - 2015-04-18 21:21 - 00000000 ___HD () C:\$SysReset
    2015-04-18 21:08 - 2015-04-19 13:27 - 00003600 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1328069008-3100469584-2353180222-1001
    2015-04-18 21:07 - 2015-04-18 21:07 - 00000000 ___HD () C:\ProgramData\CanonBJ
    2015-04-18 21:07 - 2012-03-26 07:00 - 00389120 _____ (CANON INC.) C:\WINDOWS\system32\CNMLMB8.DLL
    2015-04-18 21:06 - 2015-04-18 21:06 - 00000000 ____D () C:\Users\Chris\AppData\Local\EgisTec IPS
    2015-04-18 21:03 - 2015-04-18 21:03 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Intel Corporation
    2015-04-18 21:03 - 2015-04-18 21:03 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Atheros
    2015-04-18 21:02 - 2015-04-18 21:02 - 00005266 _____ () C:\Users\Chris\Desktop\Removed Apps.html
    2015-04-18 21:02 - 2015-04-18 21:02 - 00000000 ____D () C:\WINDOWS\System32\Tasks\WPD
    2015-04-18 21:02 - 2015-04-18 21:02 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Synaptics
    2015-04-18 21:01 - 2015-04-18 21:02 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\lm
    2015-04-18 21:01 - 2015-04-18 21:01 - 00002609 _____ () C:\Users\Public\Desktop\eBay.lnk
    2015-04-18 21:01 - 2015-04-18 21:01 - 00002156 _____ () C:\Users\Chris\Desktop\McAfee Anti-Theft.lnk
    2015-04-18 21:01 - 2015-04-18 21:01 - 00001958 _____ () C:\Users\Public\Desktop\Netflix.lnk
    2015-04-18 21:01 - 2015-04-18 21:01 - 00001736 _____ () C:\Users\Public\Desktop\Buy Online.lnk
    2015-04-18 21:01 - 2015-04-18 21:01 - 00001438 _____ () C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2015-04-18 21:01 - 2015-04-18 21:01 - 00000000 ____D () C:\ProgramData\OEM_E471269A730D
    2015-04-18 21:01 - 2015-04-18 21:01 - 00000000 ____D () C:\Program Files\Preload
    2015-04-18 21:01 - 2015-04-18 21:01 - 00000000 ____D () C:\Program Files\Accessory Store
    2015-04-18 21:01 - 2015-04-18 21:01 - 00000000 ____D () C:\Program Files (x86)\OEM
    2015-04-18 20:59 - 2015-04-18 20:59 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Macromedia
    2015-04-18 20:59 - 2015-04-18 20:59 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Adobe
    2015-04-18 20:59 - 2015-04-18 20:59 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Acer
    2015-04-18 20:56 - 2015-04-18 20:56 - 00000020 ___SH () C:\Users\Chris\ntuser.ini
    2015-04-18 20:56 - 2015-04-18 20:56 - 00000000 ____D () C:\Users\Chris\AppData\Local\VirtualStore
    2015-04-18 20:54 - 2014-05-19 21:33 - 00059416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
    2015-04-18 20:54 - 2014-05-19 18:45 - 00629248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
    2015-04-18 20:54 - 2014-05-19 18:45 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
    2015-04-18 20:54 - 2014-05-19 18:24 - 03286528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2015-04-18 20:54 - 2014-05-19 18:24 - 01623040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
    2015-04-18 20:54 - 2014-05-19 18:24 - 00773632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
    2015-04-18 20:54 - 2014-05-19 18:24 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
    2015-04-18 20:54 - 2014-05-19 18:24 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
    2015-04-18 20:54 - 2014-05-19 18:24 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
    2015-04-18 20:54 - 2014-05-14 17:43 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
    2015-04-18 20:54 - 2014-05-14 17:43 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
    2015-04-18 20:54 - 2014-05-14 17:42 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
    2015-04-18 20:54 - 2014-05-14 17:42 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
    2015-04-18 20:54 - 2013-08-16 00:21 - 00049664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
    2015-04-18 20:54 - 2013-08-15 17:43 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
    2015-04-18 20:53 - 2015-04-20 23:21 - 01171354 _____ () C:\WINDOWS\WindowsUpdate.log
    2015-04-18 20:53 - 2015-04-18 20:53 - 00000266 _____ () C:\Users\Administrator\AppData\Local\Application.xml
    2015-04-18 20:53 - 2013-08-16 00:21 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
    2015-04-18 20:53 - 2012-11-05 23:20 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaext.dll
    2015-04-18 20:53 - 2012-11-05 23:00 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wushareduxresources.dll
    2015-04-18 20:52 - 2015-04-18 21:02 - 00000000 ____D () C:\Users\Chris
    2015-04-18 20:52 - 2015-04-18 20:53 - 00000117 _____ () C:\WINDOWS\system32\netcfg-156203.txt
    2015-04-18 20:52 - 2015-04-18 20:52 - 00022863 _____ () C:\WINDOWS\diagwrn.xml
    2015-04-18 20:52 - 2015-04-18 20:52 - 00022863 _____ () C:\WINDOWS\diagerr.xml
    2015-04-18 20:52 - 2015-04-18 20:52 - 00000117 _____ () C:\WINDOWS\system32\netcfg-151531.txt
    2015-04-18 20:52 - 2012-07-26 03:13 - 00000000 ___RD () C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2015-04-18 20:52 - 2012-07-26 03:13 - 00000000 ___RD () C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    2015-04-18 20:52 - 2012-07-26 03:13 - 00000000 ___RD () C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
    2015-04-18 20:52 - 2012-07-26 03:13 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
    2015-04-18 20:51 - 2015-04-18 20:51 - 00000117 _____ () C:\WINDOWS\system32\netcfg-86718.txt
    2015-04-18 20:07 - 2015-04-18 20:07 - 00000000 ____D () C:\$WINDOWS.~BT
    2015-04-18 17:29 - 2015-04-18 21:01 - 00000000 ____D () C:\Users\Chris\AppData\Local\Packages
    2015-04-02 02:31 - 2015-04-02 08:46 - 00000000 ____D () C:\Users\Chris\Documents\THD

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2015-04-20 23:00 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\system32\sru
    2015-04-20 22:53 - 2012-07-26 02:28 - 00850046 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
    2015-04-20 22:49 - 2012-09-13 03:31 - 00017280 _____ () C:\WINDOWS\PFRO.log
    2015-04-20 22:49 - 2012-07-26 02:22 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2015-04-20 22:48 - 2012-07-26 00:26 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
    2015-04-20 16:20 - 2012-07-26 00:37 - 00000000 ____D () C:\WINDOWS\servicing
    2015-04-20 16:16 - 2012-07-26 03:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2015-04-20 16:16 - 2012-07-26 03:12 - 00000000 ____D () C:\Program Files\Windows Defender
    2015-04-20 16:16 - 2012-07-26 03:12 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
    2015-04-20 16:15 - 2012-07-26 03:12 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
    2015-04-20 16:15 - 2012-07-26 02:52 - 00000000 ____D () C:\Program Files\Windows Journal
    2015-04-20 16:14 - 2012-07-26 03:12 - 00000000 ___RD () C:\WINDOWS\ToastData
    2015-04-20 16:13 - 2012-07-26 03:12 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
    2015-04-20 16:13 - 2012-07-26 03:12 - 00000000 ____D () C:\Program Files\Windows Photo Viewer
    2015-04-20 16:13 - 2012-07-26 03:12 - 00000000 ____D () C:\Program Files (x86)\Windows Photo Viewer
    2015-04-20 16:13 - 2012-07-26 00:38 - 00000000 ____D () C:\WINDOWS\SysWOW64\Dism
    2015-04-20 16:13 - 2012-07-26 00:38 - 00000000 ____D () C:\WINDOWS\system32\Dism
    2015-04-20 16:12 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\WinStore
    2015-04-20 16:12 - 2012-07-26 00:38 - 00000000 ____D () C:\WINDOWS\system32\oobe
    2015-04-20 16:08 - 2012-07-26 02:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
    2015-04-20 15:26 - 2012-10-28 17:18 - 00000000 ____D () C:\Program Files (x86)\Microsoft Office
    2015-04-20 15:22 - 2014-11-23 20:38 - 00000000 __RDO () C:\Users\Chris\OneDrive
    2015-04-20 14:44 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent
    2015-04-19 14:03 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\rescache
    2015-04-19 13:20 - 2012-10-28 16:49 - 00000000 ____D () C:\Dolby PCEE4
    2015-04-19 13:17 - 2012-09-13 03:48 - 00000000 ____D () C:\ProgramData\McAfee
    2015-04-19 13:17 - 2012-09-13 03:48 - 00000000 ____D () C:\Program Files\Common Files\mcafee
    2015-04-19 13:17 - 2012-09-13 03:48 - 00000000 ____D () C:\Program Files (x86)\McAfee
    2015-04-19 13:17 - 2012-07-26 02:21 - 00032329 _____ () C:\WINDOWS\setupact.log
    2015-04-19 13:16 - 2012-10-28 16:48 - 00000000 ___HD () C:\Program Files (x86)\Temp
    2015-04-19 13:16 - 2012-10-28 16:43 - 00000000 ____D () C:\Program Files (x86)\Realtek
    2015-04-19 13:13 - 2012-07-26 03:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
    2015-04-19 13:05 - 2012-09-13 03:48 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
    2015-04-19 03:57 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\system32\restore
    2015-04-19 02:26 - 2012-07-26 00:26 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
    2015-04-19 02:20 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\L2Schemas
    2015-04-18 21:49 - 2012-07-26 03:13 - 00262144 _____ () C:\WINDOWS\system32\config\BCD-Template
    2015-04-18 21:08 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\system32\FxsTmp
    2015-04-18 21:06 - 2012-09-13 03:50 - 00000000 ____D () C:\ProgramData\EgisTec IPS
    2015-04-18 21:02 - 2012-09-13 04:28 - 00000000 ___HD () C:\OEM
    2015-04-18 21:01 - 2012-09-13 03:49 - 00000000 ____D () C:\ProgramData\OEM
    2015-04-18 20:57 - 2012-07-26 03:12 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
    2015-04-18 20:53 - 2012-07-26 03:12 - 00000000 ____D () C:\WINDOWS\system32\Recovery
    2015-04-18 20:53 - 2012-07-26 00:37 - 00000000 __RHD () C:\Users\Default
    2015-04-18 20:52 - 2012-09-13 04:30 - 00000000 ____D () C:\WINDOWS\Panther
    2015-04-18 20:52 - 2012-07-26 03:12 - 00000000 __RHD () C:\Users\Public\Libraries
    2015-04-18 20:51 - 2012-09-13 03:32 - 00000000 ____D () C:\Users\Administrator
    2015-04-18 15:43 - 2015-03-14 11:09 - 00000000 ___RD () C:\Users\Chris\iCloudDrive
    2015-04-01 08:51 - 2014-11-10 20:29 - 00094720 ___SH () C:\Users\Chris\Desktop\Thumbs.db

    ==================== Files in the root of some directories =======

    2012-10-28 16:49 - 2012-10-28 16:49 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

    Some content of TEMP:
    ====================
    C:\Users\Chris\AppData\Local\Temp\avgnt.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2012-09-13 03:31

    ==================== End Of Log ============================
     
  12. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    So far I don't see much.

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.

    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
      • Launch Malwarebytes Anti-Malware
      • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.


    If you already have MBAM 2.0 installed:

    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.

    How to get logs:
    (Export log to save as txt)


    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.


    (Copy to clipboard for pasting into forum replies or tickets)

    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
  13. Chairreadycase

    Chairreadycase TS Rookie Topic Starter Posts: 22

    So perhaps my problem is not stemming from any malicious software. If so, I could try another forum.




    RogueKiller V10.6.0.0 [Apr 17 2015] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 8 (6.2.9200 ) 64 bits version
    Started in : Normal mode
    User : Chris [Administrator]
    Started from : C:\Users\Chris\Downloads\RogueKiller.exe
    Mode : Scan -- Date : 04/21/2015 21:27:33

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 8 ¤¤¤
    [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-1328069008-3100469584-2353180222-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://acer13.msn.com -> Found
    [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-1328069008-3100469584-2353180222-1001\Software\Microsoft\Internet Explorer\Main | Start Page : http://acer13.msn.com -> Found
    [VT.Unknown|PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{612E2278-7CA2-4AFD-944F-3D63EB154B21} | DhcpNameServer : 40.32.1.201 40.32.1.202 [UNITED STATES (US)][UNITED STATES (US)] -> Found
    [VT.Unknown|PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{612E2278-7CA2-4AFD-944F-3D63EB154B21} | DhcpNameServer : 40.32.1.201 40.32.1.202 [UNITED STATES (US)][UNITED STATES (US)] -> Found
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Found
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Found

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: WDC WD5000LPVT-22G33T0 +++++
    --- User ---
    [MBR] 826bc62660ff7328f67528e8a472d96f
    [BSP] 921a8c5b8ec9e97d13e8dd9c2b37f5b0 : Empty|VT.Unknown MBR Code
    Partition table:
    0 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 400 MB
    1 - [MAN-MOUNT] EFI system partition | Offset (sectors): 821248 | Size: 300 MB
    2 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 1435648 | Size: 128 MB
    3 - Basic data partition | Offset (sectors): 1697792 | Size: 458415 MB
    4 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 940531712 | Size: 450 MB
    5 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 941453312 | Size: 350 MB
    6 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 942170112 | Size: 16896 MB
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive1: SATA SSD +++++
    --- User ---
    [MBR] 5193ea11145e427da22cd827f998bd5b
    [BSP] d09fbedd3e5e58e8328d4f1a46d5d9b7 : Empty|VT.Unknown MBR Code
    Partition table:
    0 - [MAN-MOUNT] Basic data partition | Offset (sectors): 2048 | Size: 3826 MB
    1 - Basic data partition | Offset (sectors): 7837696 | Size: 15260 MB
    User = LL1 ... OK
    User = LL2 ... OK
     
  14. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Possibly but give me those three more logs.
     
  15. Chairreadycase

    Chairreadycase TS Rookie Topic Starter Posts: 22

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 6.6.0 (04.20.2015:1)
    OS: Windows 8 x64
    Ran by Chris on Tue 04/21/2015 at 21:57:00.13
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Tasks

    Successfully deleted: [Task] C:\WINDOWS\system32\tasks\iuBrowserIEAgent
    Successfully deleted: [Task] C:\WINDOWS\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-1328069008-3100469584-2353180222-1001
    Successfully deleted: [Task] C:\WINDOWS\system32\tasks\Optimize Start Menu Cache Files-S-1-5-21-1328069008-3100469584-2353180222-500



    ~~~ Registry Values



    ~~~ Registry Keys



    ~~~ Files



    ~~~ Folders





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Tue 04/21/2015 at 21:59:47.23
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  16. Chairreadycase

    Chairreadycase TS Rookie Topic Starter Posts: 22

    # AdwCleaner v4.201 - Logfile created 21/04/2015 at 21:52:45
    # Updated 08/04/2015 by Xplode
    # Database : 2015-04-21.3 [Server]
    # Operating system : Windows 8 (x64)
    # Username : Chris - JARVISMOBILE
    # Running from : C:\Users\Chris\Downloads\adwcleaner_4.201.exe
    # Option : Cleaning

    ***** [ Services ] *****

    [#] Service Deleted : 0274041429663963mcinstcleanup

    ***** [ Files / Folders ] *****

    File Deleted : C:\Users\Public\Desktop\eBay.lnk

    ***** [ Scheduled tasks ] *****


    ***** [ Shortcuts ] *****


    ***** [ Registry ] *****

    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk
    Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\flliilndjeohchalpbbcdekjklbdgfkk
    Key Deleted : HKCU\Software\Local AppWizard-Generated Applications
    Key Deleted : HKU\.DEFAULT\Software\Local AppWizard-Generated Applications

    ***** [ Web browsers ] *****

    -\\ Internet Explorer v10.0.9200.17267


    -\\ Mozilla Firefox v


    -\\ Google Chrome v42.0.2311.90

    [C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
    [C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.booking.com/searchresults.en-us.html?si=ai%2Cco%2Cci%2Cre%2Cdi;ss={searchTerms};label=opensearch-plugin
    [C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxp://www.ask.com/web?q={searchTerms}
    [C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Web Data] - Deleted [Search Provider] : hxxps://isearch.avg.com/search?cid={08AE2A35-024E-48ED-8824-5306B49A6FD2}&mid=&lang=&ds=&pr=&d=&v=&sap=dsp&q={searchTerms}
    [C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Extension] : flliilndjeohchalpbbcdekjklbdgfkk
    [C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] - Deleted [Startup_URLs] : hxxp://www.google.com", "hxxps://isearch.avg.com/?cid={08AE2A35-024E-48ED-8824-5306B49A6FD2}&mid=67f6dcc02f4d47d098d9d154345af490-2ab41f9c794caf0c686476de24f04efad35b87ef&lang=en&ds=ft011&pr=sa&d=2012-09-07 17:01:48&v=12.2.0.5&sap=hp

    *************************

    AdwCleaner[R0].txt - [2451 bytes] - [21/04/2015 21:49:53]
    AdwCleaner[S0].txt - [2328 bytes] - [21/04/2015 21:52:45]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2387 bytes] ##########
     
  17. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    MBAM?
     
  18. Chairreadycase

    Chairreadycase TS Rookie Topic Starter Posts: 22

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 4/21/2015
    Scan Time: 10:07:15 PM
    Logfile:
    Administrator: Yes

    Version: 2.01.4.1018
    Malware Database: v2015.04.21.07
    Rootkit Database: v2015.04.21.01
    License: Trial
    Malware Protection: Enabled
    Malicious Website Protection: Enabled
    Self-protection: Enabled

    OS: Windows 8
    CPU: x64
    File System: NTFS
    User: Chris

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 380696
    Time Elapsed: 22 min, 13 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     
  19. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    Yeah, nothing serious there.
    Create new topic in Windows forum.

    Good luck :)
     
  20. Chairreadycase

    Chairreadycase TS Rookie Topic Starter Posts: 22

    Ok thanks for taking a look
     
  21. Broni

    Broni Malware Annihilator Posts: 52,890   +344

    No problem :)
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...