TechSpot

Can't Get ride of Malware Redirects

By JoeFarrelly
Oct 17, 2014
  1. I recently purchased an ASUS computer with Windows8, and upgraded it to 8.1 But almost since I purchased it, I have been unable to get rid of a nagging redirect malware that affects both both IE and Firefox. Sometimes Malwarebytes or AVG will find something and I'll clean it off, only to have it return again son after (especially after a reboot). I have tried other programs including Adware Cleaner, tdsskiller, Junkware Removal Tool, and Advanced System Care 7. My antivrus never finds it but often the other cleaner programs find something (but sometimes they don't), but no matter what I do, the redirects keep coming back. I just finished cleaning off Firefox again for about the 50th time, and opened it up and it worked fine for two clicks, then when I clocked to open a link, a redirect to a porn advertising page popped up. When I tried using RogueKiller, it found pum_dns and I clicked to remove it, but then afterward neither IE or Firefox would surf anywhere until I rebooted the computer (which just brought the rogue program behavior back).
    Can someone help me get rid of this very annoying malware for good?
     
  2. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =================================

    [​IMG] Uninstall Advanced System Care
    Registry cleaners/optimizers are not recommended for several reasons:

    • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

      The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
    • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
    • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
    • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
    • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results".
    Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


    [​IMG] Please download Malwarebytes Anti-Malware to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.

    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
      • Launch Malwarebytes Anti-Malware
      • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.


    If you already have MBAM 2.0 installed:

    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.

    How to get logs:
    (Export log to save as txt)


    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.


    (Copy to clipboard for pasting into forum replies or tickets)

    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the scan log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Create new restore point before proceeding with the next step....
    How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

    Download [​IMG] Malwarebytes Anti-Rootkit to your desktop.
    • Warning! Malwarebytes Anti-Rootkit needs to be run from an account with administrator rights.
    • Double click on downloaded file. OK self extracting prompt.
    • MBAR will start. Click "Next" to continue.
    • Click in the following screen "Update" to obtain the latest malware definitions.
    • Once the update is complete select "Next" and click "Scan".
    • When the scan is finished and no malware has been found select "Exit".
    • If malware was detected, make sure to check all the items and click "Cleanup". Reboot your computer.
    • Open the MBAR folder located on your Desktop and paste the content of the following files in your next reply:
      • "mbar-log-{date} (xx-xx-xx).txt"
      • "system-log.txt"
     
  3. JoeFarrelly

    JoeFarrelly TS Rookie Topic Starter Posts: 62

    Ok, I have uninstalled Advanced System Care
    I ran malwarebytes but it found nothing
    I downloaded Roguekilelr (only after a few false redirects to other pages popped up). and it found the PUM.dns thing it has found before.
    I haven't gone any farther yet. Waiting to hear from you after posting this report.
    Should I go on to the next step?
    Thanks
    Joe


    Here's the report:

    Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
    Started in : Normal mode
    User : Joe [Administrator]
    Mode : Delete -- Date : 10/18/2014 17:34:09

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 6 ¤¤¤
    [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2038336361-186143559-2188733059-1002\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.scc.losrios.edu/facultystaff/ -> Not selected
    [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2038336361-186143559-2188733059-1002\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.scc.losrios.edu/facultystaff/ -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 104.131.192.211 107.170.168.61 66.60.130.158 -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 104.131.192.211 107.170.168.61 66.60.130.158 -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8BB88EB3-0967-4520-B639-BAFDDAC10BED} | DhcpNameServer : 104.131.192.211 107.170.168.61 66.60.130.158 -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8BB88EB3-0967-4520-B639-BAFDDAC10BED} | DhcpNameServer : 104.131.192.211 107.170.168.61 66.60.130.158 -> Not selected

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 23 (Driver: Not loaded [0xc000036b]) ¤¤¤
    [IAT:Addr] (firefox.exe @ WINMMBASE.dll) api-ms-win-devices-config-l1-1-1.dll - CM_Get_DevNode_Status : C:\WINDOWS\SYSTEM32\cfgmgr32.dll @ 0x756d684f
    [IAT:Addr] (firefox.exe @ DEVOBJ.dll) api-ms-win-devices-config-l1-1-1.dll - CM_Set_Class_Registry_PropertyW : C:\WINDOWS\SYSTEM32\cfgmgr32.dll @ 0x756f96a1
    [IAT:Addr] (firefox.exe @ DEVOBJ.dll) api-ms-win-devices-config-l1-1-1.dll - CM_Get_Class_Registry_PropertyW : C:\WINDOWS\SYSTEM32\cfgmgr32.dll @ 0x756f88f4
    [IAT:Addr] (firefox.exe @ DEVOBJ.dll) api-ms-win-devices-config-l1-1-1.dll - CM_Get_Device_IDW : C:\WINDOWS\SYSTEM32\cfgmgr32.dll @ 0x756dd590
    [IAT:Addr] (firefox.exe @ DEVOBJ.dll) api-ms-win-devices-query-l1-1-1.dll - DevCloseObjectQuery : C:\WINDOWS\SYSTEM32\cfgmgr32.dll @ 0x756dfdc1
    [IAT:Addr] (firefox.exe @ DEVOBJ.dll) api-ms-win-devices-query-l1-1-1.dll - DevCreateObjectQuery : C:\WINDOWS\SYSTEM32\cfgmgr32.dll @ 0x756e0420
    [IAT:Addr] (firefox.exe @ xul.dll) NETAPI32.dll - NetApiBufferFree : C:\WINDOWS\SYSTEM32\netutils.dll @ 0x71fa12d4
    [IAT:Addr] (firefox.exe @ xul.dll) NETAPI32.dll - NetUserGetInfo : C:\WINDOWS\SYSTEM32\SAMCLI.DLL @ 0x682e1a6e
    [IAT:Addr] (firefox.exe @ profapi.dll) api-ms-win-devices-config-l1-1-1.dll - CM_Get_DevNode_Status : C:\WINDOWS\SYSTEM32\cfgmgr32.dll @ 0x756d684f
    [IAT:Addr] (firefox.exe @ Wpc.dll) NETAPI32.dll - NetUserGetInfo : C:\WINDOWS\SYSTEM32\SAMCLI.DLL @ 0x682e1a6e
    [IAT:Addr] (firefox.exe @ Wpc.dll) NETAPI32.dll - NetApiBufferFree : C:\WINDOWS\SYSTEM32\netutils.dll @ 0x71fa12d4
    [IAT:Addr] (firefox.exe @ Wpc.dll) NETAPI32.dll - NetUserGetLocalGroups : C:\WINDOWS\SYSTEM32\SAMCLI.DLL @ 0x682e2ba3
    [IAT:Addr] (firefox.exe @ Wpc.dll) NETAPI32.dll - NetQueryDisplayInformation : C:\WINDOWS\SYSTEM32\SAMCLI.DLL @ 0x682e3aad
    [IAT:Addr] (firefox.exe @ ondemandconnroutehelper.dll) api-ms-win-appmodel-runtime-l1-1-1.dll - GetCurrentApplicationUserModelId : C:\WINDOWS\SYSTEM32\kernel.appcore.dll @ 0x74c321ba
    [IAT:Addr] (firefox.exe @ mfplat.dll) api-ms-win-devices-config-l1-1-1.dll - CM_Get_Device_Interface_List_SizeW : C:\WINDOWS\SYSTEM32\cfgmgr32.dll @ 0x756d4301
    [IAT:Addr] (firefox.exe @ mfplat.dll) api-ms-win-devices-config-l1-1-1.dll - CM_Get_Device_Interface_ListW : C:\WINDOWS\SYSTEM32\cfgmgr32.dll @ 0x756d40c0
    [IAT:Addr] (firefox.exe @ mfplat.dll) api-ms-win-devices-config-l1-1-1.dll - CM_Unregister_Notification : C:\WINDOWS\SYSTEM32\cfgmgr32.dll @ 0x756ddaba
    [IAT:Addr] (firefox.exe @ mfplat.dll) api-ms-win-devices-config-l1-1-1.dll - CM_Register_Notification : C:\WINDOWS\SYSTEM32\cfgmgr32.dll @ 0x756de251
    [IAT:Addr] (firefox.exe @ mfplat.dll) api-ms-win-devices-config-l1-1-1.dll - CM_MapCrToWin32Err : C:\WINDOWS\SYSTEM32\cfgmgr32.dll @ 0x756de838
    [IAT:Addr] (firefox.exe @ mfplat.dll) api-ms-win-devices-config-l1-1-1.dll - CM_Open_Device_Interface_KeyW : C:\WINDOWS\SYSTEM32\cfgmgr32.dll @ 0x756e4239
    [IAT:Addr] (firefox.exe @ Bcp47Langs.dll) api-ms-win-appmodel-runtime-l1-1-0.dll - GetCurrentPackageFamilyName : C:\WINDOWS\SYSTEM32\kernel.appcore.dll @ 0x74c321ea
    [IAT:Addr] (firefox.exe @ msmpeg2vdec.dll) MFPlat.DLL - MFLockWorkQueue : C:\WINDOWS\SYSTEM32\RTWorkQ.DLL @ 0x66a128bf
    [IAT:Addr] (firefox.exe @ msmpeg2vdec.dll) MFPlat.DLL - MFUnlockWorkQueue : C:\WINDOWS\SYSTEM32\RTWorkQ.DLL @ 0x66a140f5

    ¤¤¤ Web browsers : 1 ¤¤¤
    [PUM.HomePage][FIREFX:Config] opl6nkhe.default-1412148437805 : user_pref("browser.startup.homepage", "http://www.sierracollege.edu/"); -> Not selected

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: TOSHIBA DT01ACA300 SATA Disk Device +++++
    --- User ---
    [MBR] a5481faec59db231593ac8fa1705db04
    [BSP] 94918ec8d719b535ed893b610f517544 : Empty MBR Code
    Partition table:
    0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097151 MB
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive1: Generic- Multi-Card USB Device +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )


    ============================================
    RKreport_DEL_10012014_004116.log - RKreport_DEL_10112014_234859.log - RKreport_DEL_10172014_003905.log - RKreport_DEL_10172014_005934.log
    RKreport_SCN_10012014_004103.log - RKreport_SCN_10112014_234819.log - RKreport_SCN_10172014_003830.log - RKreport_SCN_10172014_005837.log
    RKreport_SCN_10172014_010923.log - RKreport_SCN_10182014_173109.log
     
  4. JoeFarrelly

    JoeFarrelly TS Rookie Topic Starter Posts: 62

    Also, while I am at it, my laptop has the same issues, so I followed the same steps on my laptop.
    I got ride of Advanced System care there, too. But on the laptop, Malware Bytes did find some adware and removed it, Then Rogue Killer found the same PUM.dns. Here are the logs for the laptop, too:
    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 10/18/2014
    Scan Time: 5:22:44 PM
    Logfile: malbam log 10-18-14.txt
    Administrator: Yes

    Version: 2.00.2.1012
    Malware Database: v2014.10.18.07
    Rootkit Database: v2014.10.17.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 7 Service Pack 1
    CPU: x64
    File System: NTFS
    User: Elena

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 315167
    Time Elapsed: 16 min, 30 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Warn
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 3
    PUP.Optional.OptimunInstaller, C:\Users\Elena\Downloads\Setup (1).exe, Quarantined, [38f7f620196394a201d0d970d32d9b65],
    PUP.Optional.OptimunInstaller, C:\Users\Elena\Downloads\Setup (2).exe, Quarantined, [8da29d79d6a6320439982227986811ef],
    PUP.Optional.OptimunInstaller, C:\Users\Elena\Downloads\Setup.exe, Quarantined, [76b9ed293745c6702ca51a2f4fb14bb5],

    Physical Sectors: 0
    (No malicious items detected)


    (end)

    RogueKiller V10.0.2.0 [Oct 16 2014] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
    Started in : Normal mode
    User : Elena [Administrator]
    Mode : Delete -- Date : 10/18/2014 18:31:37

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 10 ¤¤¤
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 66.60.130.158 -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 66.60.130.158 -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 66.60.130.158 -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{9C4A059A-41B6-4278-A7E9-D74E6423457C} | DhcpNameServer : 66.60.130.158 -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{9C4A059A-41B6-4278-A7E9-D74E6423457C} | DhcpNameServer : 66.60.130.158 -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{9C4A059A-41B6-4278-A7E9-D74E6423457C} | DhcpNameServer : 66.60.130.158 -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1 -> Not selected
    [PUM.DesktopIcons] (X86) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {59031a47-3f72-44a7-89c5-5595fe6b30ee} : 1 -> Not selected

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

    ¤¤¤ Web browsers : 1 ¤¤¤
    [PUM.HomePage][FIREFX:Config] 45ne04a1.default : user_pref("browser.startup.homepage", "http://www.sierracollege.edu/|http:...:33:05&v=18.0.5.292&pid=safeguard&sg=0&sap=hp"); -> Not selected

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: ST950032 5AS SATA Disk Device +++++
    --- User ---
    [MBR] bcfe65277bf1f61eac161628fdd705bc
    [BSP] 6f441a22259b545355caf5aba44c2ce2 : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 200 MB
    1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 411648 | Size: 431938 MB
    2 - [XXXXXX] EXTEN-LBA (0xf) [VISIBLE] Offset (sectors): 885020672 | Size: 29692 MB
    3 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 945829888 | Size: 15109 MB
    User = LL1 ... OK
    User = LL2 ... OK


    ============================================
    RKreport_DEL_10062014_205204.log - RKreport_SCN_10062014_204704.log - RKreport_SCN_10182014_182841.log
     
  5. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    One computer per topic please, so you have to select one for this topic.
    Create new topic for second computer.


    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.

    [​IMG] Please download Farbar Recovery Scan Tool and save it to your Desktop.

    Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
    • Double-click to run it. When the tool opens click Yes to disclaimer.
    • Press Scan button.
    • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
    • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
     
  6. JoeFarrelly

    JoeFarrelly TS Rookie Topic Starter Posts: 62

    I ran Adware cleaner and Junkware removal, and they found nothing. Here is the log got FRST

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-10-2014 01
    Ran by Joe at 2014-10-18 21:56:23
    Running from C:\Users\Joe\Desktop
    Boot Mode: Normal
    ==========================================================


    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: AVG AntiVirus Free Edition 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    8GadgetPack (HKLM-x32\...\{180B50DF-B2C8-43A1-AB97-2101AA62DDD3}) (Version: 12.0.0 - Helmut Buhler)
    Adobe Reader X (10.1.12) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.12 - Adobe Systems Incorporated)
    AI Suite II (HKLM-x32\...\{34D3688E-A737-44C5-9E2A-FF73618728E1}) (Version: 2.01.01 - ASUSTeK Computer Inc.)
    AMD Accelerated Video Transcoding (Version: 12.10.100.30322 - Advanced Micro Devices, Inc.) Hidden
    AMD Catalyst Control Center (x32 Version: 2014.0704.2133.36938 - Advanced Micro Devices, Inc.) Hidden
    AMD Catalyst Install Manager (HKLM\...\{DD86C046-D5AB-954F-EBB7-592EB36BD196}) (Version: 8.0.911.0 - Advanced Micro Devices, Inc.)
    AMD Fuel (Version: 2013.0322.413.5642 - Advanced Micro Devices, Inc.) Hidden
    AMD Fuel (Version: 2014.0704.2133.36938 - Advanced Micro Devices, Inc.) Hidden
    AMD VISION Engine Control Center (x32 Version: 2013.0322.413.5642 - Advanced Micro Devices, Inc.) Hidden
    ASUS Easy Update (HKLM-x32\...\{E7AA854E-6756-424E-84C2-4E47D5729AFF}) (Version: 2.00.30 - ASUSTeK Computer Inc)
    ASUS Launcher (HKLM-x32\...\{40376CD0-67E0-4190-86CA-8BD8CBAC331C}) (Version: 1.00.12 - ASUSTeK Computer Inc.)
    ASUS Music Maker (HKLM-x32\...\MAGIX_{AB515018-7F9D-4047-B0C0-F26BAC30F3E1}) (Version: 18.0.3.3 - MAGIX AG)
    ASUS Music Maker (Version: 18.0.3.3 - MAGIX AG) Hidden
    ASUS MX Suite (HKLM-x32\...\MAGIX_{CFA9C800-9B0B-42E3-92E7-08B5AF2E192E}) (Version: 1.13.0.121 - MAGIX AG)
    ASUS MX Suite (Version: 1.13.0.121 - MAGIX AG) Hidden
    ASUS USB-AC53 WLAN Card Utilities/Driver (HKLM-x32\...\{242E1F53-6A2F-4173-89CE-8CD5D6A02EEC}) (Version: 2.0.5.9 - ASUS)
    ASUS Video easy (HKLM-x32\...\MAGIX_{E3185090-8796-46FB-A27F-6C844F106DAC}) (Version: 4.0.1.90 - MAGIX AG)
    ASUS Video easy (Version: 4.0.1.90 - MAGIX AG) Hidden
    ASUS WebStorage Sync Agent (HKLM-x32\...\ASUS WebStorage) (Version: 1.1.18.159 - ASUS Cloud Corporation)
    ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4127.52 - CyberLink Corp.)
    ASUSDVD (x32 Version: 10.0.4127.52 - CyberLink Corp.) Hidden
    AsusVibe2.0 (HKLM-x32\...\Asus Vibe2.0) (Version: 2.0.12.309 - ASUSTEK)
    AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4765 - AVG Technologies)
    AVG 2014 (Version: 14.0.4040 - AVG Technologies) Hidden
    AVG 2014 (Version: 14.0.4765 - AVG Technologies) Hidden
    Bing Bar (HKLM-x32\...\{16793295-2366-40F7-A045-A3E42A81365E}) (Version: 7.1.362.0 - Microsoft Corporation)
    Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
    Catalyst Control Center InstallProxy (x32 Version: 2013.0322.413.5642 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center InstallProxy (x32 Version: 2014.0704.2133.36938 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Localization All (x32 Version: 2013.0322.413.5642 - Advanced Micro Devices, Inc.) Hidden
    Catalyst Control Center Localization All (x32 Version: 2014.0704.2133.36938 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Chinese Standard (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Chinese Standard (x32 Version: 2014.0704.2132.36938 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Chinese Traditional (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Chinese Traditional (x32 Version: 2014.0704.2132.36938 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Czech (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Czech (x32 Version: 2014.0704.2132.36938 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Danish (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Danish (x32 Version: 2014.0704.2132.36938 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Dutch (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Dutch (x32 Version: 2014.0704.2132.36938 - Advanced Micro Devices, Inc.) Hidden
    CCC Help English (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
    CCC Help English (x32 Version: 2014.0704.2132.36938 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Finnish (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Finnish (x32 Version: 2014.0704.2132.36938 - Advanced Micro Devices, Inc.) Hidden
    CCC Help French (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
    CCC Help French (x32 Version: 2014.0704.2132.36938 - Advanced Micro Devices, Inc.) Hidden
    CCC Help German (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
    CCC Help German (x32 Version: 2014.0704.2132.36938 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Greek (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Greek (x32 Version: 2014.0704.2132.36938 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Hungarian (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Hungarian (x32 Version: 2014.0704.2132.36938 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Italian (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Italian (x32 Version: 2014.0704.2132.36938 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Japanese (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Japanese (x32 Version: 2014.0704.2132.36938 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Korean (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Korean (x32 Version: 2014.0704.2132.36938 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Norwegian (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Norwegian (x32 Version: 2014.0704.2132.36938 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Polish (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Polish (x32 Version: 2014.0704.2132.36938 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Portuguese (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Portuguese (x32 Version: 2014.0704.2132.36938 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Russian (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Russian (x32 Version: 2014.0704.2132.36938 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Spanish (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Spanish (x32 Version: 2014.0704.2132.36938 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Swedish (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Swedish (x32 Version: 2014.0704.2132.36938 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Thai (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Thai (x32 Version: 2014.0704.2132.36938 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Turkish (x32 Version: 2013.0322.0412.5642 - Advanced Micro Devices, Inc.) Hidden
    CCC Help Turkish (x32 Version: 2014.0704.2132.36938 - Advanced Micro Devices, Inc.) Hidden
    ccc-utility64 (Version: 2013.0322.413.5642 - Advanced Micro Devices, Inc.) Hidden
    ccc-utility64 (Version: 2014.0704.2133.36938 - Advanced Micro Devices, Inc.) Hidden
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{650DE870-ECA3-4E63-8D77-778512BE5D4C}) (Version: - Microsoft)
    eManual (HKLM-x32\...\{0C84E634-EB68-4A54-B21E-A05EC87A4CC5}) (Version: 1.00.06 - ASUSTeK Computer Inc.)
    Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{39AB2E37-1A55-4292-A5D3-971E9F70D0F8}) (Version: 2.1.32.0 - MAGIX AG)
    Firestorm-Release (remove only) (HKLM-x32\...\Firestorm-Release) (Version: 4.6.7.42398 - The Phoenix Firestorm Project, Inc.)
    Fotogalerie (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Freemake Video Converter version 4.1.5 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.5 - Ellora Assets Corporation)
    Galeria de Fotografias (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Galería de fotos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Galerie de photos (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 3.3.9.2622 - IObit)
    iSEEK AnswerWorks English Runtime (HKLM-x32\...\{18A8E78B-9EF2-496E-B310-BCD8E4C1DAB3}) (Version: 010.000.0101 - Vantage Linguistics)
    Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
    KeePass Password Safe 1.27 (HKLM-x32\...\KeePass Password Safe_is1) (Version: 1.27 - Dominik Reichl)
    Malwarebytes Anti-Malware version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
    Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
    Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISER) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
    Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
    Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
    Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
    Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
    Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Mozilla Firefox 33.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 33.0 (x86 en-US)) (Version: 33.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 32.0.3 - Mozilla)
    MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
    MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
    MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
    MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
    MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
    Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Photo Gallery (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Quicken 2012 (HKLM-x32\...\{0A1E0BDA-5E8F-436d-8BE5-7E97C5CB899D}) (Version: 21.1.7.18 - Intuit)
    Raccolta foto (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.10.1226.2012 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6865 - Realtek Semiconductor Corp.)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
    Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
    Surfing Protection (HKLM-x32\...\IObit Surfing Protection_is1) (Version: 1.0 - IObit)
    Ulead Drop Spot 1.0 (HKLM-x32\...\{3BCC5640-5360-11D4-A44A-0000E86D2305}) (Version: - )
    Ulead PhotoImpact 8 (HKLM-x32\...\InstallShield_{F101C58C-15CC-42B3-83D1-536CFB960634}) (Version: 8.0 - Ulead System)
    Ulead PhotoImpact 8 (x32 Version: 8.0 - Ulead System) Hidden
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
    Update for Microsoft Excel 2010 (KB2889836) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9179FC17-97A8-4D98-9E09-05720AF5D44E}) (Version: - Microsoft)
    Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
    Update for Microsoft Filter Pack 2.0 (KB2878281) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{302A8FE3-EBF5-486C-A431-16A1CD914443}) (Version: - Microsoft)
    Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
    Update for Microsoft Office 2007 Help for Common Features (KB963673) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{AB365889-0395-4FAD-B702-CA5985D53D42}) (Version: - Microsoft)
    Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{A024FC7B-77DE-45DE-A058-1C049A17BFB3}) (Version: - Microsoft)
    Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISER_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
    Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{CB68A5B0-3508-4193-AEB9-AF636DAECE0F}) (Version: - Microsoft)
    Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{E9A82945-BA29-4EE8-8F2A-2F49545E9CF2}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2687502) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{7DE7DF97-82FE-4B3A-AB8D-1621F9CC464A}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2825635) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F1A20C69-9FE5-40FD-9CD5-84EABC2EF64A}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2837581) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{334FB202-28D7-4BA4-8BC9-4FE4AB233EA0}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2837606) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0D672F7-883E-4279-8E75-D97A5445AB46}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2878252) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B0DB9F71-E0F7-4FE6-8925-35B860CAC0C4}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{089DBFD7-8211-43B2-AAAE-5BDD8C23E3A8}) (Version: - Microsoft)
    Update for Microsoft Office 2010 (KB2881028) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{794A0574-4E2F-4D58-B2A0-D7460ACDC85C}) (Version: - Microsoft)
    Update for Microsoft Office Access 2007 Help (KB963663) (HKLM-x32\...\{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISER_{6B76A18A-AA1E-42AB-A7AD-6C84BBB43987}) (Version: - Microsoft)
    Update for Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISER_{199DF7B6-169C-448C-B511-1054101BE9C9}) (Version: - Microsoft)
    Update for Microsoft Office Infopath 2007 Help (KB963662) (HKLM-x32\...\{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISER_{716B81B8-B13C-41DF-8EAC-7A2F656CAB63}) (Version: - Microsoft)
    Update for Microsoft Office OneNote 2007 Help (KB963670) (HKLM-x32\...\{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISER_{2744EF05-38E1-4D5D-B333-E021EDAEA245}) (Version: - Microsoft)
    Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{ED38F8A3-4F61-494E-8BCA-E3AC7760C924}) (Version: - Microsoft)
    Update for Microsoft Office Outlook 2007 (KB2863811) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{53DEC068-4690-4F6B-9946-7D21EF02236B}) (Version: - Microsoft)
    Update for Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISER_{0451F231-E3E3-4943-AB9F-58EB96171784}) (Version: - Microsoft)
    Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2899475) 32-Bit Edition (HKLM-x32\...\{91120000-0030-0000-0000-0000000FF1CE}_ENTERPRISER_{23AE87D8-AB2F-4539-935C-442BC976F469}) (Version: - Microsoft)
    Update for Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISER_{397B1D4F-ED7B-4ACA-A637-43B670843876}) (Version: - Microsoft)
    Update for Microsoft Office Publisher 2007 Help (KB963667) (HKLM-x32\...\{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISER_{2E40DE55-B289-4C8B-8901-5D369B16814F}) (Version: - Microsoft)
    Update for Microsoft Office Script Editor Help (KB963671) (HKLM-x32\...\{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISER_{CD11C6A2-FFC6-4271-8EAB-79C3582F505C}) (Version: - Microsoft)
    Update for Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISER_{80E762AA-C921-4839-9D7D-DB62A72C0726}) (Version: - Microsoft)
    Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
    Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
    Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft)
    Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
    Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{334AA0A1-2BB1-4D74-B66A-2B2C4D9C2C87}) (Version: - Microsoft)
    Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)
    Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
    Update for Microsoft Visio 2010 (KB2880526) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{7B29D8B8-6A87-496C-A65E-B935E740448A}) (Version: - Microsoft)
    Update for Microsoft Visio Viewer 2010 (KB2837587) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{38CF30E4-3348-4BD1-A859-B630C355A56F}) (Version: - Microsoft)
    Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
    Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    Why ASUS PC (HKLM-x32\...\{5648F9D9-299E-408C-AC1F-59DC75894A1F}) (Version: 1.00.02 - ASUSTeK Computer Inc.)
    Windows Live (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Windows Live Communications Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
    Windows Live Essentials (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Windows Live Installer (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Windows Live Photo Common (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Windows Live PIMT Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Windows Live SOXE (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Windows Live SOXE Definitions (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Windows Live UX Platform (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Windows Live UX Platform Language Pack (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Windows Live 程式集 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Windows Live 软件包 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    Συλλογή φωτογραφιών (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    影像中心 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
    照片库 (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden

    ==================== Custom CLSID (selected items): ==========================

    (If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


    ==================== Restore Points =========================

    08-10-2014 20:11:10 Scheduled Checkpoint
    11-10-2014 05:48:19 Removed Camtasia Studio 8
    13-10-2014 07:10:00 Checkpoint by HitmanPro
    16-10-2014 08:59:23 Windows Update
    19-10-2014 00:57:19 Oct 18 after running roguekiller

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 06:25 - 2013-08-22 06:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

    Task: {00EC0AE5-87E4-4BD3-B4C6-BDA99922111F} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Scheduled Start With Network => Sc.exe start wuauserv
    Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
    Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
    Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
    Task: {294F4419-A11C-4262-9B47-24E51F8E0E45} - System32\Tasks\ASUS\ASUS Easy Update => C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe [2012-11-19] (ASUSTeK Computer Inc.)
    Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
    Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-21] (Microsoft Corporation)
    Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
    Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
    Task: {4BF4E684-1C07-402F-8F24-62AD41D26AE0} - System32\Tasks\AsusVibeSchedule => C:\Program Files (x86)\Asus\AsusVibe\AsusVibeLauncher.exe [2012-09-27] ()
    Task: {530F2B22-7EFF-4270-929C-908F6EAA662C} - System32\Tasks\ASUS\ASUS AI Suite II Execute => C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe [2012-03-13] (ASUSTeK Computer Inc.)
    Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
    Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
    Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
    Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
    Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
    Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
    Task: {8FC588EF-7FD6-43D3-B892-E6855388D2CF} - System32\Tasks\Microsoft\Windows\Shell\FamilySafetyUpload
    Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
    Task: {A7C6FF8D-7A7A-42B5-832C-21353E322119} - System32\Tasks\USBAC53WLANMGR => C:\Program Files (x86)\ASUS\USB-AC53 WLAN Card Utilities\WlanMgr.exe [2013-08-20] (ASUS)
    Task: {BF58E14B-1069-43E0-80DD-BB525A2FD9CD} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics
    Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
    Task: {D08F1AB1-8F5E-4779-937E-7A750E734C77} - System32\Tasks\Microsoft\Windows\DiskCleanup\SilentCleanup => C:\Windows\system32\cleanmgr.exe [2014-03-18] (Microsoft Corporation)
    Task: {D254A978-07F3-41AE-B459-AC9BBEE0EA06} - System32\Tasks\ASUS\ASUS Launcher Helper => C:\Program Files (x86)\ASUS\ASUS Launcher\Launcher.exe [2013-04-23] (Microsoft)
    Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
    Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
    Task: {E19444A0-A53F-4D23-9C25-4F732028ED4D} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-08-22] (IObit)
    Task: {E2ACF668-4308-4463-9ECA-B3DD4467FB01} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Validation
    Task: {E3BDCA69-0278-4D27-AE94-D673C4802877} - System32\Tasks\Microsoft\Windows\WOF\WIM-Hash-Management
    Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
    Task: {F0C6427B-E55D-4900-8396-C7F1B2266332} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2014-10-16] (Microsoft Corporation)
    Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe

    ==================== Loaded Modules (whitelisted) =============

    2014-07-04 21:33 - 2014-07-04 21:33 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
    2013-05-15 13:01 - 2013-03-14 00:33 - 00920736 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
    2012-12-18 23:10 - 2012-12-18 23:10 - 00072192 _____ () C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
    2014-08-28 16:39 - 2008-06-26 20:09 - 00167936 _____ () C:\Program Files (x86)\FRYS\FR-300USB revA\WlanWpsSvc.exe
    2014-07-04 21:33 - 2014-07-04 21:33 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
    2013-05-15 13:01 - 2014-10-17 20:28 - 00026112 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.19\PEbiosinterface32.dll
    2013-05-15 13:01 - 2010-06-28 19:58 - 00104448 ____R () C:\Program Files (x86)\ASUS\AXSP\1.00.19\ATKEX.dll
    2014-08-28 16:39 - 2009-08-06 17:15 - 00376832 _____ () C:\Program Files (x86)\FRYS\FR-300USB revA\WlanDll.dll
    2014-10-15 01:20 - 2014-10-15 01:20 - 03649648 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

    ==================== Alternate Data Streams (whitelisted) =========

    (If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)

    AlternateDataStreams: C:\Users\Joe\OneDrive:ms-properties

    ==================== Safe Mode (whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""

    ==================== EXE Association (whitelisted) =============

    (If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


    ==================== MSCONFIG/TASK MANAGER disabled items =========

    (Currently there is no automatic fix for this section.)

    HKCU\...\StartupApproved\Run: => "Itibiti.exe"

    ========================= Accounts: ==========================

    Administrator (S-1-5-21-2038336361-186143559-2188733059-500 - Administrator - Enabled) => C:\Users\Administrator
    Farrellyfamily (S-1-5-21-2038336361-186143559-2188733059-1003 - Limited - Enabled) => C:\Users\Farrellyfamily
    Guest (S-1-5-21-2038336361-186143559-2188733059-501 - Limited - Disabled)
    Joe (S-1-5-21-2038336361-186143559-2188733059-1002 - Administrator - Enabled) => C:\Users\Joe

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================

    System errors:
    =============
    Error: (10/18/2014 09:56:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The BCM42RLY service failed to start due to the following error:
    %%2

    Error: (10/18/2014 09:56:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The BCM42RLY service failed to start due to the following error:
    %%2

    Error: (10/18/2014 09:56:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The BCM42RLY service failed to start due to the following error:
    %%2

    Error: (10/18/2014 09:56:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The BCM42RLY service failed to start due to the following error:
    %%2

    Error: (10/18/2014 09:56:22 PM) (Source: DCOM) (EventID: 10010) (User: JOE2014)
    Description: {9AA46009-3CE0-458A-A354-715610A075E6}

    Error: (10/18/2014 09:56:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The BCM42RLY service failed to start due to the following error:
    %%2

    Error: (10/18/2014 09:56:20 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The BCM42RLY service failed to start due to the following error:
    %%2

    Error: (10/18/2014 09:56:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The BCM42RLY service failed to start due to the following error:
    %%2

    Error: (10/18/2014 09:56:14 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The BCM42RLY service failed to start due to the following error:
    %%2

    Error: (10/18/2014 09:56:08 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The BCM42RLY service failed to start due to the following error:
    %%2


    Microsoft Office Sessions:
    =========================

    ==================== Memory info ===========================

    Processor: AMD A10-6700 APU with Radeon(tm) HD Graphics
    Percentage of memory in use: 15%
    Total physical RAM: 15560.3 MB
    Available physical RAM: 13168.92 MB
    Total Pagefile: 17864.3 MB
    Available Pagefile: 15492.52 MB
    Total Virtual: 131072 MB
    Available Virtual: 131071.79 MB

    ==================== Drives ================================

    Drive c: (Windows) (Fixed) (Total:149.56 GB) (Free:94.1 GB) NTFS
    Drive d: (Data) (Fixed) (Total:2624.58 GB) (Free:2247.4 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 2794.5 GB) (Disk ID: C1AD3473)

    Partition: GPT Partition Type.

    ==================== End Of Log ============================
     
  7. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    I still need FRST.txt log.
     
  8. JoeFarrelly

    JoeFarrelly TS Rookie Topic Starter Posts: 62

    Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-10-2014 01
    Ran by Joe (administrator) on JOE2014 on 18-10-2014 21:55:57
    Running from C:\Users\Joe\Desktop
    Loaded Profile: Joe (Available profiles: Joe & Farrellyfamily & Administrator)
    Platform: Windows 8.1 (X64) OS Language: English (United States)
    Internet Explorer Version 11
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Microsoft Corporation) C:\Windows\System32\wlanext.exe
    (Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
    () C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe
    () C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe
    (Microsoft Corporation) C:\Windows\System32\dasHost.exe
    () C:\Program Files (x86)\FRYS\FR-300USB revA\WlanWpsSvc.exe
    (Microsoft Corporation) C:\Windows\System32\alg.exe
    (MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
    (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\SeaPort.EXE
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Easy Update\ALU.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
    (Microsoft) C:\Program Files (x86)\ASUS\ASUS Launcher\Launcher.exe
    (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
    (ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (FRYS Corp.) C:\Program Files (x86)\FRYS\FR-300USB revA\wirelesscm.exe
    (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
    (ASUSTek Computer Inc.) C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe
    (Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
    (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
    (CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgui.exe
    (ASUS) C:\Program Files (x86)\ASUS\USB-AC53 WLAN Card Utilities\WlanMgr.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgrsa.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG2014\avgcsrva.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13427784 2013-03-17] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1278024 2013-03-08] (Realtek Semiconductor)
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766688 2014-07-04] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [ASUS AiChargerPlus Execute] => C:\Program Files (x86)\InstallShield Installation Information\{E6931688-DA2B-4E16-8539-3D323D69C677}\AiChargerPlus.exe [550272 2012-08-20] (ASUSTek Computer Inc.)
    HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959176 2014-08-21] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [ASUSWebStorage] => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSPanel.exe [3576784 2012-12-18] (ASUS Cloud Corporation)
    HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
    HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\AVG2014\avgui.exe [5188112 2014-08-25] (AVG Technologies CZ, s.r.o.)
    HKU\S-1-5-21-2038336361-186143559-2188733059-1002\...\MountPoints2: {09f7f24e-4666-11e4-bea0-bcee7bd93de8} - "G:\VZW_Software_upgrade_assistant.exe"
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Wireless Connection Manager.lnk
    ShortcutTarget: Wireless Connection Manager.lnk -> C:\Program Files (x86)\FRYS\FR-300USB revA\wirelesscm.exe (FRYS Corp.)
    Startup: C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Sidebar66.lnk
    ShortcutTarget: Sidebar66.lnk -> C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
    ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
    ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
    ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7190} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
    ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D808} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
    ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D} => C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\ASUSWSShellExt64.dll (ASUS Cloud Corporation.)
    ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
    ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
    ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.scc.losrios.edu/facultystaff/
    BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
    BHO-x32: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
    BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll (Microsoft Corporation.)
    Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.362.0\BingExt.dll (Microsoft Corporation.)
    DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} http://support.asus.com/select/asusTek_sys_ctrl3.cab
    Tcpip\Parameters: [DhcpNameServer] 104.131.192.211 107.170.168.61 66.60.130.158

    FireFox:
    ========
    FF ProfilePath: C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\opl6nkhe.default-1412148437805
    FF Homepage: hxxp://www.sierracollege.edu/
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
    FF Extension: No Name - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\opl6nkhe.default-1412148437805\extensions\ascsurfingprotection@iobit.com [Not Found]
    FF Extension: No Name - C:\Program Files (x86)\IObit Apps Toolbar\FF [Not Found]

    Chrome:
    =======

    ==================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2014-07-04] (Advanced Micro Devices, Inc.) [File not signed]
    R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.19\atkexComSvc.exe [920736 2013-03-14] ()
    R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [951936 2013-03-14] (ASUSTeK Computer Inc.)
    R2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [149120 2013-03-14] (ASUSTeK Computer Inc.)
    R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [72192 2012-12-18] () [File not signed]
    R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3242000 2014-08-25] (AVG Technologies CZ, s.r.o.)
    R2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [289328 2014-08-25] (AVG Technologies CZ, s.r.o.)
    R2 Fabs; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [1858048 2012-01-23] (MAGIX AG) [File not signed]
    S3 FirebirdServerMAGIXInstance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2702848 2011-04-26] (MAGIX®) [File not signed]
    S3 KeyIso; C:\Windows\SysWOW64\keyiso.dll [44032 2013-08-21] (Microsoft Corporation)
    S3 lfsvc; C:\Windows\SysWOW64\GeofenceMonitorService.dll [357376 2014-08-29] (Microsoft Corporation)
    S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2282272 2014-08-19] (IObit)
    S3 Netlogon; C:\Windows\SysWOW64\netlogon.dll [688640 2014-08-29] (Microsoft Corporation)
    S3 smphost; C:\Windows\SysWOW64\smphost.dll [11776 2013-08-21] (Microsoft Corporation)
    S3 StorSvc; C:\Windows\SysWOW64\storsvc.dll [18944 2013-08-21] (Microsoft Corporation)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347880 2014-08-29] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2014-08-29] (Microsoft Corporation)
    R2 WlanWpsSvc; C:\Program Files (x86)\FRYS\FR-300USB revA\WlanWpsSvc.exe [167936 2008-06-26] () [File not signed]

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

    R3 AiChargerPlus; C:\Windows\SysWow64\drivers\AiChargerPlus.sys [14848 2012-04-19] (ASUSTek Computer Inc.)
    S2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices)
    R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2012-08-22] ()
    R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-02] ()
    R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [94208 2013-02-14] (Advanced Micro Devices)
    R3 AU8168; C:\Windows\system32\DRIVERS\au630x64.sys [792648 2013-09-23] (Realtek )
    S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [20496 2013-09-04] (AVG Technologies CZ, s.r.o.)
    R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [152344 2014-06-30] (AVG Technologies CZ, s.r.o.)
    R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [244504 2014-07-21] (AVG Technologies CZ, s.r.o.)
    R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [190744 2014-06-17] (AVG Technologies CZ, s.r.o.)
    R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [235800 2014-06-17] (AVG Technologies CZ, s.r.o.)
    R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [328984 2014-06-17] (AVG Technologies CZ, s.r.o.)
    R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123672 2014-08-06] (AVG Technologies CZ, s.r.o.)
    R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31512 2014-06-17] (AVG Technologies CZ, s.r.o.)
    R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [270104 2014-06-30] (AVG Technologies CZ, s.r.o.)
    R3 BCMH43XX; C:\Windows\system32\DRIVERS\bcmwlhigh63a.sys [2392240 2013-03-01] (Broadcom Corporation)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [34808 2014-10-18] ()
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123224 2014-08-29] (Microsoft Corporation)
    S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X]
    S3 e1edc438-f640-4184-a443-d2a7c37a01dc; \??\C:\OA30\690b33e1-0462-4e84-9bea-c7552b45432a.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
     
  9. JoeFarrelly

    JoeFarrelly TS Rookie Topic Starter Posts: 62

    ==================== One Month Created Files and Folders ========

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-10-18 21:55 - 2014-10-18 21:56 - 00013821 _____ () C:\Users\Joe\Desktop\FRST.txt
    2014-10-18 21:55 - 2014-10-18 21:55 - 00000000 ____D () C:\FRST
    2014-10-18 21:54 - 2014-10-18 21:54 - 02112000 _____ (Farbar) C:\Users\Joe\Desktop\FRST64.exe
    2014-10-18 21:49 - 2014-10-18 21:49 - 00000620 _____ () C:\Users\Joe\Desktop\JRT.txt
    2014-10-18 21:44 - 2014-10-18 21:44 - 01705698 _____ (Thisisu) C:\Users\Joe\Desktop\JRT.exe
    2014-10-18 21:34 - 2014-10-18 21:34 - 01976320 _____ () C:\Users\Joe\Desktop\adwcleaner_4.000.exe
    2014-10-18 21:25 - 2014-10-18 21:33 - 00000000 ____D () C:\Users\Joe\Desktop\mbar
    2014-10-18 21:25 - 2014-10-18 21:33 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
    2014-10-18 21:23 - 2014-10-18 21:23 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Joe\Downloads\mbar-1.07.0.1012.exe
    2014-10-18 18:43 - 2014-10-18 18:43 - 00000000 ____H () C:\Users\Joe\Documents\Default.rdp
    2014-10-18 17:59 - 2014-10-18 17:59 - 14349744 _____ (Malwarebytes Corp.) C:\Users\Joe\Desktop\mbar-1.07.0.1012.exe
    2014-10-18 17:34 - 2014-10-18 17:34 - 00006149 _____ () C:\Users\Joe\Desktop\RKreport_DEL_10182014_173409.log
    2014-10-18 17:24 - 2014-10-18 17:25 - 15725144 _____ () C:\Users\Joe\Desktop\RogueKiller.exe
    2014-10-18 17:23 - 2014-10-18 17:23 - 00000000 ____D () C:\WINDOWS\Tasks\ImCleanDisabled
    2014-10-17 01:21 - 2014-10-18 21:42 - 00000000 ____D () C:\AdwCleaner
    2014-10-16 02:02 - 2014-09-27 15:25 - 04183040 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
    2014-10-16 02:02 - 2014-09-25 15:50 - 13619200 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2014-10-16 02:02 - 2014-09-25 15:46 - 00243200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll
    2014-10-16 02:02 - 2014-09-25 15:46 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll
    2014-10-16 02:02 - 2014-09-25 15:43 - 11807232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2014-10-16 02:02 - 2014-09-25 15:32 - 02017280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
    2014-10-16 02:02 - 2014-09-25 15:31 - 02108416 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
    2014-10-16 02:02 - 2014-09-18 19:25 - 23631360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2014-10-16 02:02 - 2014-09-18 18:44 - 17484800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2014-10-16 02:02 - 2014-09-18 18:41 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2014-10-16 02:02 - 2014-09-18 18:40 - 00547328 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2014-10-16 02:02 - 2014-09-18 18:38 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll
    2014-10-16 02:02 - 2014-09-18 18:36 - 05829632 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2014-10-16 02:02 - 2014-09-18 18:25 - 04201472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2014-10-16 02:02 - 2014-09-18 18:25 - 00758272 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
    2014-10-16 02:02 - 2014-09-18 18:02 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2014-10-16 02:02 - 2014-09-18 18:00 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
    2014-10-16 02:02 - 2014-09-18 17:59 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll
    2014-10-16 02:02 - 2014-09-18 17:58 - 00289280 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
    2014-10-16 02:02 - 2014-09-18 17:55 - 02187264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2014-10-16 02:02 - 2014-09-18 17:42 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
    2014-10-16 02:02 - 2014-09-18 17:42 - 00710656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
    2014-10-16 02:02 - 2014-09-18 17:42 - 00363008 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
    2014-10-16 02:02 - 2014-09-18 17:33 - 02309632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2014-10-16 02:02 - 2014-09-18 17:20 - 00607744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
    2014-10-16 02:02 - 2014-09-18 17:20 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
    2014-10-16 02:02 - 2014-09-18 17:14 - 01447936 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2014-10-16 02:02 - 2014-09-18 16:59 - 01810944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2014-10-16 02:02 - 2014-09-18 16:59 - 00775168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
    2014-10-16 02:02 - 2014-09-18 16:53 - 01190400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2014-10-16 02:02 - 2014-09-18 16:52 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
    2014-10-16 02:02 - 2014-09-07 20:15 - 00054752 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
    2014-10-16 02:02 - 2014-09-07 18:46 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
    2014-10-16 02:02 - 2014-09-07 18:46 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
    2014-10-16 02:02 - 2014-09-07 17:08 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
    2014-10-16 02:02 - 2014-09-07 17:07 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
    2014-10-16 02:02 - 2014-09-07 17:05 - 03448320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2014-10-16 02:02 - 2014-09-07 17:04 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
    2014-10-16 02:02 - 2014-09-07 17:04 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
    2014-10-16 02:02 - 2014-09-07 17:03 - 01702400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
    2014-10-16 02:02 - 2014-09-07 17:03 - 00839680 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
    2014-10-16 02:02 - 2014-09-07 16:59 - 00123904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
    2014-10-16 02:02 - 2014-09-07 16:59 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
    2014-10-16 02:02 - 2014-09-07 16:56 - 00672256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
    2014-10-16 02:02 - 2014-09-07 16:56 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
    2014-10-16 02:02 - 2014-09-03 17:10 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
    2014-10-16 02:02 - 2014-09-03 16:57 - 00921600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
    2014-10-16 02:02 - 2014-09-03 16:49 - 00626688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
    2014-10-16 02:01 - 2014-09-12 23:29 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\packager.dll
    2014-10-16 02:01 - 2014-09-12 22:49 - 00068608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\packager.dll
    2014-10-16 02:01 - 2014-09-03 17:12 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
    2014-10-16 02:01 - 2014-09-03 17:01 - 00514048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
    2014-10-16 02:01 - 2014-08-15 21:08 - 21195616 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2014-10-16 02:01 - 2014-08-15 21:08 - 01507648 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
    2014-10-16 02:01 - 2014-08-15 21:01 - 01710184 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
    2014-10-16 02:01 - 2014-08-15 20:58 - 01112512 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
    2014-10-16 02:01 - 2014-08-15 20:57 - 02498880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
    2014-10-16 02:01 - 2014-08-15 20:57 - 00428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
    2014-10-16 02:01 - 2014-08-15 20:16 - 18722600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
    2014-10-16 02:01 - 2014-08-15 20:16 - 01205976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
    2014-10-16 02:01 - 2014-08-15 20:03 - 01467384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
    2014-10-16 02:01 - 2014-08-15 18:31 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
    2014-10-16 02:01 - 2014-08-15 18:04 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wldap32.dll
    2014-10-16 02:01 - 2014-08-15 17:58 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
    2014-10-16 02:01 - 2014-08-15 17:53 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
    2014-10-16 02:01 - 2014-08-15 17:46 - 00290816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityService.dll
    2014-10-16 02:01 - 2014-08-15 17:45 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
    2014-10-16 02:01 - 2014-08-15 17:43 - 00321024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Wldap32.dll
    2014-10-16 02:01 - 2014-08-15 17:43 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
    2014-10-16 02:01 - 2014-08-15 17:31 - 00914432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
    2014-10-16 02:01 - 2014-08-15 17:31 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcsvDevice.dll
    2014-10-16 02:01 - 2014-08-15 17:29 - 00249344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
    2014-10-16 02:01 - 2014-08-15 17:23 - 01106432 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
    2014-10-16 02:01 - 2014-08-15 17:22 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
    2014-10-16 02:01 - 2014-08-15 17:22 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
    2014-10-16 02:01 - 2014-08-15 17:19 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
    2014-10-16 02:01 - 2014-08-15 17:18 - 04758528 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
    2014-10-16 02:01 - 2014-08-15 17:17 - 08757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
    2014-10-16 02:01 - 2014-08-15 17:14 - 00265216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll
    2014-10-16 02:01 - 2014-08-15 17:13 - 06649344 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
    2014-10-16 02:01 - 2014-08-15 17:13 - 05902848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
    2014-10-16 02:01 - 2014-08-15 17:13 - 00840192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
    2014-10-16 02:01 - 2014-08-15 17:11 - 00920064 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
    2014-10-16 02:01 - 2014-08-15 17:10 - 01120768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
    2014-10-16 02:01 - 2014-08-15 17:08 - 05777408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
    2014-10-16 02:01 - 2014-08-15 17:07 - 00756224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
    2014-10-16 02:01 - 2014-07-31 16:22 - 00388729 _____ () C:\WINDOWS\system32\ApnDatabase.xml
    2014-10-16 01:59 - 2014-10-09 15:16 - 00678400 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepdu.dll
    2014-10-16 01:59 - 2014-10-08 15:09 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
    2014-10-16 01:59 - 2014-09-18 18:24 - 00527360 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
    2014-10-16 01:59 - 2014-09-12 23:02 - 02779648 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
    2014-10-16 01:59 - 2014-09-12 22:30 - 03117568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
    2014-10-16 01:59 - 2014-08-28 18:58 - 00109568 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
    2014-10-16 01:59 - 2014-08-28 16:56 - 02646016 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
    2014-10-16 01:59 - 2014-08-28 16:47 - 02321920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
    2014-10-15 23:28 - 2014-10-17 01:24 - 00007866 _____ () C:\WINDOWS\PFRO.log
    2014-10-15 01:20 - 2014-10-15 01:20 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
    2014-10-14 08:54 - 2014-10-15 23:11 - 00003970 _____ () C:\WINDOWS\setupact.log
    2014-10-14 08:54 - 2014-10-14 08:54 - 00000000 _____ () C:\WINDOWS\setuperr.log
    2014-10-13 09:54 - 2014-10-13 09:54 - 00001343 _____ () C:\Users\Public\Desktop\Freemake Video Converter.lnk
    2014-10-13 09:54 - 2014-10-13 09:54 - 00000000 ____D () C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
    2014-10-13 09:54 - 2014-10-13 09:54 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
    2014-10-13 09:54 - 2014-10-13 09:54 - 00000000 ____D () C:\ProgramData\Freemake
    2014-10-13 09:37 - 2014-10-13 09:54 - 00000000 ____D () C:\Users\Joe\Documents\Freemake
    2014-10-13 09:37 - 2014-10-13 09:54 - 00000000 ____D () C:\Program Files (x86)\Freemake
    2014-10-13 09:36 - 2014-10-13 09:36 - 00699016 _____ (CNET Download.com) C:\Users\Joe\Downloads\cbsidlm-cbsi213-Freemake_Video_Converter-ORG-75218346.exe
    2014-10-12 23:45 - 2014-10-13 00:10 - 00000000 ____D () C:\ProgramData\HitmanPro
    2014-10-11 08:50 - 2014-10-11 08:50 - 00000000 ___RD () C:\Users\Joe\AppData\Roaming\Brother
    2014-10-10 22:47 - 2014-10-10 22:47 - 00000000 ____D () C:\Users\Joe\Documents\Media
    2014-10-10 22:47 - 2014-10-10 22:47 - 00000000 ____D () C:\Users\Joe\Documents\Custom Production Presets 8.0
    2014-10-08 12:24 - 2014-10-08 12:24 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ProductData
    2014-10-02 16:36 - 2014-10-02 16:36 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Firestorm
    2014-10-02 16:36 - 2014-10-02 16:36 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Firestorm
    2014-10-01 10:45 - 2014-10-01 10:46 - 00000000 ____D () C:\Users\Administrator\AppData\Local\CrashDumps
    2014-10-01 00:54 - 2014-10-01 00:54 - 00000000 ____D () C:\WINDOWS\ERUNT
    2014-10-01 00:41 - 2014-10-18 17:29 - 00000000 ____D () C:\Users\Joe\Desktop\Utilities
    2014-10-01 00:30 - 2014-10-18 17:26 - 00034808 _____ () C:\WINDOWS\system32\Drivers\TrueSight.sys
    2014-10-01 00:30 - 2014-10-01 00:30 - 00000000 ____D () C:\ProgramData\RogueKiller
    2014-09-29 10:38 - 2014-10-17 00:45 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
    2014-09-29 10:38 - 2014-09-29 10:38 - 00001178 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2014-09-29 10:38 - 2014-09-29 10:38 - 00001166 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2014-09-27 10:08 - 2014-08-15 18:32 - 00446464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll
    2014-09-27 10:08 - 2014-08-15 18:25 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\JavaScriptCollectionAgent.dll
    2014-09-27 10:08 - 2014-08-15 18:11 - 00597504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
    2014-09-27 10:08 - 2014-08-15 18:03 - 00365056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll
    2014-09-27 10:08 - 2014-08-15 17:58 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JavaScriptCollectionAgent.dll
    2014-09-27 10:08 - 2014-05-30 02:28 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
    2014-09-27 10:08 - 2014-05-30 01:43 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
    2014-09-27 10:08 - 2014-02-06 04:30 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
    2014-09-27 10:08 - 2014-02-06 04:30 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
    2014-09-27 10:08 - 2014-02-06 04:07 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
    2014-09-27 10:08 - 2014-02-06 04:06 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
    2014-09-27 10:08 - 2014-02-06 03:56 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
    2014-09-27 10:08 - 2014-02-06 03:49 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
    2014-09-27 10:08 - 2014-02-06 03:48 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
    2014-09-27 10:08 - 2014-02-06 03:20 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
    2014-09-27 10:08 - 2014-02-06 03:17 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
    2014-09-27 10:08 - 2014-02-06 03:00 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
    2014-09-27 10:08 - 2014-02-06 02:52 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
    2014-09-27 10:08 - 2014-02-06 02:52 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
    2014-09-27 10:08 - 2014-02-06 02:47 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
    2014-09-27 10:08 - 2014-02-06 02:25 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
    2014-09-27 10:00 - 2014-09-27 10:00 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
    2014-09-27 09:53 - 2014-10-11 08:50 - 00000426 _____ () C:\WINDOWS\BRWMARK.INI
    2014-09-27 09:53 - 2014-09-27 09:53 - 00000034 _____ () C:\WINDOWS\SysWOW64\BD2140.DAT
    2014-09-26 23:24 - 2014-07-29 18:56 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDMon.dll
    2014-09-26 23:24 - 2014-07-28 22:22 - 00205824 _____ (Microsoft Corporation) C:\WINDOWS\system32\tcpmon.dll
    2014-09-26 23:23 - 2014-08-23 00:48 - 02374784 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
    2014-09-26 23:23 - 2014-08-23 00:13 - 02084520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
    2014-09-26 23:23 - 2014-08-22 23:10 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UXInit.dll
    2014-09-26 23:23 - 2014-08-22 22:32 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UXInit.dll
    2014-09-26 23:23 - 2014-08-22 21:44 - 02860032 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
    2014-09-26 23:23 - 2014-08-22 21:34 - 13423104 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
    2014-09-26 23:23 - 2014-08-22 21:33 - 00796672 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
    2014-09-26 23:23 - 2014-08-22 21:31 - 01038336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
    2014-09-26 23:23 - 2014-08-22 21:20 - 11818496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
    2014-09-26 23:23 - 2014-07-24 02:44 - 16874496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
    2014-09-26 23:22 - 2014-07-24 08:28 - 00468288 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
    2014-09-26 23:22 - 2014-07-24 08:28 - 00419648 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
    2014-09-26 23:22 - 2014-07-24 08:28 - 00412992 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
    2014-09-26 23:22 - 2014-07-24 08:28 - 00143680 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbccgp.sys
    2014-09-26 23:22 - 2014-07-24 08:23 - 01519488 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
    2014-09-26 23:22 - 2014-07-24 08:23 - 00125472 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
    2014-09-26 23:22 - 2014-07-24 08:20 - 00645592 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
    2014-09-26 23:22 - 2014-07-24 08:16 - 02574208 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL
    2014-09-26 23:22 - 2014-07-24 08:16 - 00211216 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVol.exe
    2014-09-26 23:22 - 2014-07-24 08:07 - 07424320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2014-09-26 23:22 - 2014-07-24 08:07 - 02009920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
    2014-09-26 23:22 - 2014-07-24 08:05 - 01660048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
    2014-09-26 23:22 - 2014-07-24 08:05 - 01519560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
    2014-09-26 23:22 - 2014-07-24 08:05 - 01488008 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
    2014-09-26 23:22 - 2014-07-24 08:05 - 01356840 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
    2014-09-26 23:22 - 2014-07-24 08:03 - 02141920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
    2014-09-26 23:22 - 2014-07-24 08:03 - 00882136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
    2014-09-26 23:22 - 2014-07-24 08:03 - 00818624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
    2014-09-26 23:22 - 2014-07-24 08:03 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
    2014-09-26 23:22 - 2014-07-24 08:03 - 00233888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
    2014-09-26 23:22 - 2014-07-24 08:03 - 00205512 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll
    2014-09-26 23:22 - 2014-07-24 07:57 - 00475968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
    2014-09-26 23:22 - 2014-07-24 06:48 - 02410976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL
    2014-09-26 23:22 - 2014-07-24 06:46 - 00477200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
    2014-09-26 23:22 - 2014-07-24 06:36 - 02145472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
    2014-09-26 23:22 - 2014-07-24 06:36 - 00707536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
    2014-09-26 23:22 - 2014-07-24 06:36 - 00674512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
    2014-09-26 23:22 - 2014-07-24 06:36 - 00355800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
    2014-09-26 23:22 - 2014-07-24 06:36 - 00180720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll
    2014-09-26 23:22 - 2014-07-24 04:46 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\IPMIDrv.sys
    2014-09-26 23:22 - 2014-07-24 04:45 - 00076800 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hdaudbus.sys
    2014-09-26 23:22 - 2014-07-24 04:44 - 00674816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
    2014-09-26 23:22 - 2014-07-24 04:43 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
    2014-09-26 23:22 - 2014-07-24 04:42 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
    2014-09-26 23:22 - 2014-07-24 04:42 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\NdisImPlatform.sys
    2014-09-26 23:22 - 2014-07-24 04:41 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
    2014-09-26 23:22 - 2014-07-24 04:05 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll
    2014-09-26 23:22 - 2014-07-24 04:05 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
    2014-09-26 23:22 - 2014-07-24 03:49 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersGPExt.dll
    2014-09-26 23:22 - 2014-07-24 03:20 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
    2014-09-26 23:22 - 2014-07-24 03:18 - 01089024 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpedit.dll
    2014-09-26 23:22 - 2014-07-24 03:10 - 01844224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
    2014-09-26 23:22 - 2014-07-24 03:10 - 00834560 _____ (Microsoft Corporation) C:\WINDOWS\system32\osk.exe
    2014-09-26 23:22 - 2014-07-24 03:10 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
    2014-09-26 23:22 - 2014-07-24 03:09 - 01057280 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll
    2014-09-26 23:22 - 2014-07-24 03:06 - 00438272 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
    2014-09-26 23:22 - 2014-07-24 03:05 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkFoldersShell.dll
    2014-09-26 23:22 - 2014-07-24 02:53 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\prnntfy.dll
    2014-09-26 23:22 - 2014-07-24 02:52 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
    2014-09-26 23:22 - 2014-07-24 02:39 - 00770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
    2014-09-26 23:22 - 2014-07-24 02:33 - 01741824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
    2014-09-26 23:22 - 2014-07-24 02:24 - 01817088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll
    2014-09-26 23:22 - 2014-07-24 02:23 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
    2014-09-26 23:22 - 2014-07-24 02:16 - 12730880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
    2014-09-26 23:22 - 2014-07-24 02:13 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\prnntfy.dll
    2014-09-26 23:22 - 2014-07-24 02:12 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
    2014-09-26 23:22 - 2014-07-24 02:11 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\conhost.exe
    2014-09-26 23:22 - 2014-07-24 02:10 - 00540672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
    2014-09-26 23:22 - 2014-07-24 02:03 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvsvc.dll
    2014-09-26 23:22 - 2014-07-24 02:02 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
    2014-09-26 23:22 - 2014-07-24 01:53 - 01261056 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
    2014-09-26 23:22 - 2014-07-24 01:53 - 00449536 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragsvc.dll
    2014-09-26 23:22 - 2014-07-24 01:49 - 01287680 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
    2014-09-26 23:22 - 2014-07-24 01:39 - 02397184 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
    2014-09-26 23:22 - 2014-07-24 01:38 - 00371200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
    2014-09-26 23:22 - 2014-07-24 01:32 - 01532416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
    2014-09-26 23:22 - 2014-07-24 01:30 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
    2014-09-26 23:22 - 2014-07-24 01:29 - 00439296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
    2014-09-26 23:22 - 2014-07-24 01:28 - 00595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
    2014-09-26 23:22 - 2014-07-24 01:23 - 01404416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
    2014-09-26 23:22 - 2014-07-24 01:22 - 00487936 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
    2014-09-26 23:22 - 2014-07-24 01:21 - 01231872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
    2014-09-26 23:22 - 2014-07-24 01:21 - 00302080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
    2014-09-26 23:22 - 2014-07-24 01:20 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll
    2014-09-26 23:22 - 2014-07-24 01:18 - 00795136 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
    2014-09-26 23:22 - 2014-07-24 01:16 - 00505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\VAN.dll
    2014-09-26 23:22 - 2014-07-24 01:16 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
    2014-09-26 23:22 - 2014-07-24 01:15 - 00721408 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
    2014-09-26 23:22 - 2014-07-24 01:10 - 01029632 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
    2014-09-26 23:22 - 2014-07-24 01:10 - 00889344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
    2014-09-26 23:22 - 2014-07-24 01:10 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
    2014-09-26 23:22 - 2014-07-24 01:10 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
    2014-09-26 23:22 - 2014-07-24 01:08 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll
    2014-09-26 23:22 - 2014-07-24 01:01 - 01992192 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsPrint.dll
    2014-09-26 23:22 - 2014-07-24 00:54 - 01290752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsPrint.dll
    2014-09-26 23:22 - 2014-07-24 00:50 - 01182208 _____ (Microsoft Corporation) C:\WINDOWS\system32\printui.dll
    2014-09-26 23:22 - 2014-07-24 00:49 - 00263680 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll
    2014-09-26 23:22 - 2014-07-24 00:47 - 00576512 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
    2014-09-26 23:22 - 2014-07-24 00:44 - 01057792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\printui.dll
    2014-09-26 23:22 - 2014-07-24 00:43 - 02696704 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
    2014-09-26 23:22 - 2014-07-24 00:33 - 03360768 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
    2014-09-26 23:22 - 2014-07-24 00:28 - 01600000 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
    2014-09-26 23:22 - 2014-07-23 21:11 - 00513544 _____ () C:\WINDOWS\SysWOW64\locale.nls
    2014-09-26 23:22 - 2014-07-23 21:11 - 00513544 _____ () C:\WINDOWS\system32\locale.nls
    2014-09-26 23:22 - 2014-07-11 22:55 - 00268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wisp.dll
    2014-09-26 23:22 - 2014-07-11 21:58 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wisp.dll
    2014-09-26 23:22 - 2014-07-11 21:13 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2014-09-26 23:22 - 2014-07-04 03:29 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSip.dll
    2014-09-26 23:22 - 2014-07-04 03:20 - 01656832 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
    2014-09-26 23:22 - 2014-07-04 03:06 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxSip.dll
    2014-09-26 23:22 - 2014-07-04 02:30 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
    2014-09-26 23:22 - 2014-07-04 02:27 - 00474112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
    2014-09-26 23:22 - 2014-06-26 23:22 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
    2014-09-26 23:22 - 2014-06-25 17:32 - 01029632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
    2014-09-26 23:22 - 2014-06-19 16:37 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
    2014-09-26 23:22 - 2014-06-18 19:13 - 00310080 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
    2014-09-26 23:22 - 2014-06-13 23:03 - 02389504 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
    2014-09-26 23:22 - 2014-06-13 22:46 - 02071552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
    2014-09-26 23:22 - 2014-06-05 07:00 - 01118040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
    2014-09-26 23:22 - 2014-06-05 03:18 - 01018368 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
    2014-09-26 23:22 - 2014-06-05 02:42 - 00889856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
    2014-09-26 23:22 - 2014-05-30 22:00 - 01463808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
    2014-09-26 23:22 - 2014-05-30 21:18 - 01319936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
    2014-09-26 23:22 - 2014-05-28 23:23 - 00427008 _____ (Microsoft Corporation) C:\WINDOWS\system32\clusapi.dll
    2014-09-26 23:22 - 2014-05-28 22:25 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\clusapi.dll
    2014-09-26 23:22 - 2014-05-10 03:12 - 00387896 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
    2014-09-26 23:22 - 2014-05-10 01:46 - 00335680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
    2014-09-26 23:22 - 2014-05-05 21:41 - 00486744 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfgx.dll
    2014-09-26 23:22 - 2014-05-05 17:55 - 00391000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcfgx.dll
    2014-09-26 23:22 - 2014-03-24 19:27 - 00160600 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmmbase.dll
    2014-09-26 23:22 - 2014-03-24 19:27 - 00123920 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmm.dll
    2014-09-26 23:22 - 2014-03-24 18:20 - 00128568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmm.dll
    2014-09-26 23:22 - 2014-03-24 18:20 - 00127544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmmbase.dll
    2014-09-26 23:21 - 2014-07-24 08:28 - 00280384 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
    2014-09-26 23:21 - 2014-07-24 08:20 - 00263400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
    2014-09-26 23:21 - 2014-07-24 06:50 - 00098048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
    2014-09-26 23:21 - 2014-07-24 06:48 - 00180208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SndVol.exe
    2014-09-26 23:21 - 2014-07-24 04:51 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRUM.DLL
    2014-09-26 23:21 - 2014-07-24 04:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDYAK.DLL
    2014-09-26 23:21 - 2014-07-24 04:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTT102.DLL
    2014-09-26 23:21 - 2014-07-24 04:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDTAT.DLL
    2014-09-26 23:21 - 2014-07-24 04:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRU1.DLL
    2014-09-26 23:21 - 2014-07-24 04:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDBASH.DLL
    2014-09-26 23:21 - 2014-07-24 04:51 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\KBDRU.DLL
    2014-09-26 23:21 - 2014-07-24 04:47 - 00132608 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
    2014-09-26 23:21 - 2014-07-24 04:22 - 00308736 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll
    2014-09-26 23:21 - 2014-07-24 04:06 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\system32\iasnap.dll
    2014-09-26 23:21 - 2014-07-24 03:52 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDYAK.DLL
    2014-09-26 23:21 - 2014-07-24 03:52 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDTT102.DLL
    2014-09-26 23:21 - 2014-07-24 03:52 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDTAT.DLL
    2014-09-26 23:21 - 2014-07-24 03:51 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRUM.DLL
    2014-09-26 23:21 - 2014-07-24 03:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRU1.DLL
    2014-09-26 23:21 - 2014-07-24 03:51 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDBASH.DLL
    2014-09-26 23:21 - 2014-07-24 03:51 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KBDRU.DLL
    2014-09-26 23:21 - 2014-07-24 03:33 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
    2014-09-26 23:21 - 2014-07-24 03:32 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\powercfg.cpl
    2014-09-26 23:21 - 2014-07-24 03:12 - 00878592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll
    2014-09-26 23:21 - 2014-07-24 03:10 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iasnap.dll
    2014-09-26 23:21 - 2014-07-24 02:42 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\powercfg.cpl
    2014-09-26 23:21 - 2014-07-24 02:40 - 00557056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintDialogs.dll
    2014-09-26 23:21 - 2014-07-24 02:32 - 01048064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpedit.dll
    2014-09-26 23:21 - 2014-07-24 02:27 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll
    2014-09-26 23:21 - 2014-07-24 02:27 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\osk.exe
    2014-09-26 23:21 - 2014-07-24 02:25 - 00832512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenter.dll
    2014-09-26 23:21 - 2014-07-24 02:21 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
    2014-09-26 23:21 - 2014-07-24 02:18 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
    2014-09-26 23:21 - 2014-07-24 02:14 - 00443904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
    2014-09-26 23:21 - 2014-07-24 02:11 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
    2014-09-26 23:21 - 2014-07-24 02:04 - 00492032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintDialogs.dll
    2014-09-26 23:21 - 2014-07-24 02:04 - 00183808 _____ (Microsoft Corp.) C:\WINDOWS\system32\Defrag.exe
    2014-09-26 23:21 - 2014-07-24 01:58 - 00105472 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
    2014-09-26 23:21 - 2014-07-24 01:49 - 01361408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
    2014-09-26 23:21 - 2014-07-24 01:49 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
    2014-09-26 23:21 - 2014-07-24 01:48 - 00659968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
    2014-09-26 23:21 - 2014-07-24 01:47 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
    2014-09-26 23:21 - 2014-07-24 01:43 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
    2014-09-26 23:21 - 2014-07-24 01:36 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
    2014-09-26 23:21 - 2014-07-24 01:18 - 01144320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
    2014-09-26 23:21 - 2014-07-24 01:15 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
    2014-09-26 23:21 - 2014-07-24 01:13 - 00226304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SndVolSSO.dll
    2014-09-26 23:21 - 2014-07-24 01:08 - 00321536 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
    2014-09-26 23:21 - 2014-07-24 01:05 - 00448000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VAN.dll
    2014-09-26 23:21 - 2014-07-24 01:00 - 02100736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
    2014-09-26 23:21 - 2014-07-24 00:58 - 00432640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
    2014-09-26 23:21 - 2014-07-24 00:58 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
    2014-09-26 23:21 - 2014-07-24 00:43 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll
    2014-09-26 23:21 - 2014-07-24 00:41 - 00459264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
    2014-09-26 23:21 - 2014-07-11 22:23 - 00436224 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll
    2014-09-26 23:21 - 2014-07-11 21:33 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll
    2014-09-26 23:21 - 2014-07-04 05:59 - 00295424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ks.sys
    2014-09-26 23:21 - 2014-07-04 03:00 - 01351168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
    2014-09-26 23:21 - 2014-06-25 17:29 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
    2014-09-26 23:21 - 2014-06-07 05:46 - 00216368 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
    2014-09-26 23:21 - 2014-06-07 03:20 - 00189016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
    2014-09-26 23:21 - 2014-05-28 22:20 - 00427520 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
    2014-09-26 23:21 - 2014-05-28 21:36 - 00344576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
    2014-09-26 23:21 - 2014-05-26 00:26 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
    2014-09-26 23:12 - 2014-08-14 17:36 - 00146752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpioclx.sys
    2014-09-26 23:08 - 2014-09-04 19:36 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
    2014-09-26 23:07 - 2014-08-01 17:18 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
    2014-09-26 23:05 - 2014-07-23 20:20 - 00875688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
    2014-09-26 23:05 - 2014-07-23 20:20 - 00869544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
    2014-09-26 18:08 - 2014-09-26 18:08 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Macromedia
    2014-09-26 17:59 - 2014-10-06 10:38 - 00003954 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D098047E-0B8A-478F-B8C8-A9C520121E18}
    2014-09-26 17:59 - 2014-09-26 17:59 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieUserList
    2014-09-26 17:59 - 2014-09-26 17:59 - 00000000 __SHD () C:\Users\Administrator\AppData\Local\EmieSiteList
    2014-09-25 00:20 - 2014-09-25 00:20 - 00000000 ____D () C:\Users\Administrator\Documents\CyberLink
    2014-09-25 00:20 - 2014-09-25 00:20 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\CyberLink
    2014-09-25 00:20 - 2014-09-25 00:20 - 00000000 _____ () C:\PDVDIPC.d2m
    2014-09-24 10:31 - 2014-10-06 10:47 - 00000000 ____D () C:\WTPLOG
    2014-09-22 17:41 - 2014-09-22 17:41 - 00262144 _____ () C:\WINDOWS\system32\config\sam.lbk
    2014-09-22 16:47 - 2014-10-03 18:43 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2038336361-186143559-2188733059-500
    2014-09-22 16:43 - 2014-09-22 16:43 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\AVG2014
    2014-09-22 16:43 - 2014-09-22 16:43 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ATI
    2014-09-22 16:43 - 2014-09-22 16:43 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\ASUS WebStorage
    2014-09-22 16:43 - 2014-09-22 16:43 - 00000000 ____D () C:\Users\Administrator\AppData\Local\VirtualStore
    2014-09-22 16:43 - 2014-09-22 16:43 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Avg2014
    2014-09-22 16:43 - 2014-09-22 16:43 - 00000000 ____D () C:\Users\Administrator\AppData\Local\ATI
    2014-09-22 16:43 - 2014-09-22 16:43 - 00000000 ____D () C:\Users\Administrator\AppData\Local\AMD
    2014-09-22 16:42 - 2014-10-03 14:11 - 00000000 ____D () C:\Users\Administrator
    2014-09-22 16:42 - 2014-09-22 16:44 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\IObit
    2014-09-22 16:42 - 2014-09-22 16:43 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Packages
    2014-09-22 16:42 - 2014-09-22 16:42 - 00001449 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
    2014-09-22 16:42 - 2014-09-22 16:42 - 00000020 ___SH () C:\Users\Administrator\ntuser.ini
    2014-09-22 16:42 - 2014-09-22 16:42 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Adobe
    2014-09-22 16:42 - 2014-08-29 18:11 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
    2014-09-22 16:42 - 2014-08-29 18:10 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2014-09-22 16:42 - 2014-08-29 17:33 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Microsoft Help
    2014-09-22 16:42 - 2014-03-18 03:13 - 00000369 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk
    2014-09-22 16:42 - 2014-03-18 03:13 - 00000369 _____ () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk
    2014-09-22 16:42 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    2014-09-22 16:42 - 2013-08-22 08:36 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
     
  10. JoeFarrelly

    JoeFarrelly TS Rookie Topic Starter Posts: 62

    ==================== One Month Modified Files and Folders =======

    (If an entry is included in the fixlist, the file\folder will be moved.)

    2014-10-18 21:53 - 2014-08-28 16:12 - 00003596 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2038336361-186143559-2188733059-1002
    2014-10-18 21:25 - 2014-08-31 15:36 - 00128728 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2014-10-18 21:25 - 2014-08-31 15:36 - 00092888 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
    2014-10-18 20:28 - 2014-08-29 17:26 - 01189048 _____ () C:\WINDOWS\WindowsUpdate.log
    2014-10-18 20:27 - 2014-08-29 18:25 - 00003914 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{3E6DA7E9-B22F-4F33-A068-FAC19750DF7B}
    2014-10-18 20:00 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\sru
    2014-10-18 17:32 - 2014-08-29 18:47 - 00000000 ____D () C:\ProgramData\MFAData
    2014-10-18 17:23 - 2014-08-29 19:07 - 00000000 ____D () C:\Program Files (x86)\IObit
    2014-10-17 20:50 - 2014-08-29 17:58 - 00000000 ___DO () C:\Users\Joe\OneDrive
    2014-10-17 20:32 - 2014-03-18 03:03 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
    2014-10-17 20:28 - 2013-08-22 07:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
    2014-10-17 20:28 - 2013-08-22 06:25 - 00524288 ___SH () C:\WINDOWS\system32\config\BBI
    2014-10-17 01:46 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\rescache
    2014-10-17 01:13 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
    2014-10-17 00:59 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
    2014-10-17 00:46 - 2013-08-22 07:44 - 00581144 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
    2014-10-17 00:44 - 2013-08-22 08:36 - 00000000 ___RD () C:\WINDOWS\ToastData
    2014-10-17 00:44 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\WinStore
    2014-10-17 00:44 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
    2014-10-17 00:44 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\FileManager
    2014-10-17 00:44 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\Camera
    2014-10-16 04:19 - 2012-07-26 00:59 - 00000000 ____D () C:\WINDOWS\CbsTemp
    2014-10-16 02:04 - 2014-08-28 18:07 - 00000000 ____D () C:\ProgramData\Microsoft Help
    2014-10-16 02:02 - 2014-08-29 01:47 - 00000000 ____D () C:\WINDOWS\system32\MRT
    2014-10-16 02:00 - 2014-08-29 01:47 - 103265616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2014-10-16 01:59 - 2014-09-01 08:02 - 00000000 ___SD () C:\WINDOWS\system32\CompatTel
    2014-10-15 23:27 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\Help
    2014-10-15 18:56 - 2013-08-22 06:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
    2014-10-13 09:52 - 2014-08-29 22:06 - 00000000 ____D () C:\Users\Joe\AppData\Local\CrashDumps
    2014-10-11 00:49 - 2014-08-29 21:44 - 00000000 ____D () C:\Users\Joe\AppData\Local\Firestorm
    2014-10-10 22:50 - 2014-08-29 17:29 - 00000000 ____D () C:\Users\Joe
    2014-10-03 17:36 - 2014-09-03 13:43 - 00000000 ____D () C:\Users\Farrellyfamily
    2014-09-29 15:45 - 2013-08-22 08:38 - 00706016 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2014-09-29 15:45 - 2013-08-22 08:38 - 00105440 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2014-09-28 13:10 - 2014-08-28 16:06 - 00000000 ____D () C:\Users\Joe\AppData\Local\Packages
    2014-09-27 13:53 - 2014-09-01 08:25 - 00000000 ____D () C:\Users\Joe\AppData\Local\Windows Live
    2014-09-27 11:50 - 2013-05-15 13:03 - 00002457 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
    2014-09-27 10:05 - 2014-03-18 02:45 - 00000000 ____D () C:\Program Files\Windows Journal
    2014-09-27 10:05 - 2013-08-22 08:36 - 00000000 ___RD () C:\WINDOWS\ImmersiveControlPanel
    2014-09-27 10:05 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
    2014-09-27 10:05 - 2013-08-22 08:36 - 00000000 ___RD () C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
    2014-09-27 10:05 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\setup
    2014-09-27 10:05 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\InputMethod
    2014-09-27 10:05 - 2013-08-22 08:36 - 00000000 ____D () C:\WINDOWS\system32\setup
    2014-09-27 10:05 - 2013-08-22 06:36 - 00000000 ____D () C:\WINDOWS\system32\oobe
    2014-09-26 21:16 - 2014-08-29 18:24 - 00000000 ___DC () C:\WINDOWS\Panther
    2014-09-25 00:18 - 2014-08-29 17:32 - 00001547 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    2014-09-24 11:52 - 2013-08-22 06:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
    2014-09-22 16:42 - 2014-08-29 17:57 - 00000000 ____D () C:\WINDOWS\System32\Tasks\WPD
    2014-09-22 16:37 - 2014-09-03 13:43 - 00000000 ____D () C:\Users\Farrellyfamily\AppData\Roaming\IObit

    Some content of TEMP:
    ====================
    C:\Users\Administrator\AppData\Local\Temp\COMAP.EXE
    C:\Users\Joe\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\Joe\AppData\Local\Temp\ReimagePackage.exe
    C:\Users\Joe\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\System32\winlogon.exe => File is digitally signed
    C:\Windows\System32\wininit.exe => File is digitally signed
    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\SysWOW64\explorer.exe => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\SysWOW64\svchost.exe => File is digitally signed
    C:\Windows\System32\services.exe => File is digitally signed
    C:\Windows\System32\User32.dll => File is digitally signed
    C:\Windows\SysWOW64\User32.dll => File is digitally signed
    C:\Windows\System32\userinit.exe => File is digitally signed
    C:\Windows\SysWOW64\userinit.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed
    C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2014-10-14 06:00

    ==================== End Of Log ============================
     
  11. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  12. JoeFarrelly

    JoeFarrelly TS Rookie Topic Starter Posts: 62

    Ok I downloaded the text file and both text files (FRST) and Fixlist.txt are on my desktop, so how do I run something? Neither was an executable file or script so I don't know what to do next. All I have are two text files on my desktop.
     
  13. JoeFarrelly

    JoeFarrelly TS Rookie Topic Starter Posts: 62

    Ok I got it. I ran it and here is the log.
    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-10-2014
    Ran by Joe at 2014-10-21 19:06:40 Run:1
    Running from C:\Users\Joe\Desktop
    Loaded Profiles: Joe & Farrellyfamily & Administrator (Available profiles: Joe & Farrellyfamily & Administrator)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    AlternateDataStreams: C:\Users\Joe\OneDrive:ms-properties
    ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
    ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
    ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
    ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
    ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
    ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
    Task: {E19444A0-A53F-4D23-9C25-4F732028ED4D} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-08-22] (IObit)
    Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
    BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
    C:\Program Files (x86)\IObit
    BHO-x32: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
    FF Extension: No Name - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\opl6nkhe.default-1412148437805\extensions\ascsurfingprotection@iobit.com [Not Found]
    FF Extension: No Name - C:\Program Files (x86)\IObit Apps Toolbar\FF [Not Found]
    S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2282272 2014-08-19] (IObit)
    S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X]
    S3 e1edc438-f640-4184-a443-d2a7c37a01dc; \??\C:\OA30\690b33e1-0462-4e84-9bea-c7552b45432a.sys [X]
    2014-09-22 16:42 - 2014-09-22 16:44 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\IObit
    2014-09-22 16:37 - 2014-09-03 13:43 - 00000000 ____D () C:\Users\Farrellyfamily\AppData\Roaming\IObit
    C:\Users\Administrator\AppData\Local\Temp\COMAP.EXE
    C:\Users\Joe\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\Joe\AppData\Local\Temp\ReimagePackage.exe
    C:\Users\Joe\AppData\Local\Temp\sqlite3.dll


    *****************

    C:\Users\Joe\OneDrive => ":ms-properties" ADS removed successfully.
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => Key deleted successfully.
    "HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" => Key not found.
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => Key deleted successfully.
    "HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" => Key not found.
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => Key deleted successfully.
    "HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}" => Key not found.
    "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => Key deleted successfully.
    "HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" => Key not found.
    "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => Key deleted successfully.
    "HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" => Key not found.
    "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => Key deleted successfully.
    "HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}" => Key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E19444A0-A53F-4D23-9C25-4F732028ED4D}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E19444A0-A53F-4D23-9C25-4F732028ED4D}" => Key deleted successfully.
    C:\Windows\System32\Tasks\Uninstaller_SkipUac_Administrator => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Uninstaller_SkipUac_Administrator" => Key deleted successfully.
    C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}" => Key deleted successfully.
    "HKCR\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}" => Key deleted successfully.
    C:\Program Files (x86)\IObit => Moved successfully.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}" => Key deleted successfully.
    "HKCR\Wow6432Node\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}" => Key deleted successfully.
    C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\opl6nkhe.default-1412148437805\extensions\ascsurfingprotection@iobit.com not found.
    C:\Program Files (x86)\IObit Apps Toolbar\FF not found.
    LiveUpdateSvc => Service deleted successfully.
    BCM42RLY => Service deleted successfully.
    e1edc438-f640-4184-a443-d2a7c37a01dc => Service deleted successfully.
    C:\Users\Administrator\AppData\Roaming\IObit => Moved successfully.
    C:\Users\Farrellyfamily\AppData\Roaming\IObit => Moved successfully.
    C:\Users\Administrator\AppData\Local\Temp\COMAP.EXE => Moved successfully.
    C:\Users\Joe\AppData\Local\Temp\dllnt_dump.dll => Moved successfully.
    C:\Users\Joe\AppData\Local\Temp\ReimagePackage.exe => Moved successfully.
    C:\Users\Joe\AppData\Local\Temp\sqlite3.dll => Moved successfully.

    ==== End of Fixlog ====
     
  14. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    How is computer doing?

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    • Make sure the following options are checked:
      • Internet Services
      • Windows Firewall
      • System Restore
      • Security Center
      • Windows Update
      • Windows Defender
      • Other Services
    • Press "Scan".
    • It will create a log (FSS.txt) in the same directory the tool is run.
    • Please copy and paste the log to your reply.

    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.

    [​IMG] Please run a free online scan with the ESET Online Scanner

    • Disable your antivirus program
    • Internet Explorer users - Click on this link to open ESET OnlineScan.
    • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
      • Click on ESET Smart Installer to download the ESET Smart Installer. Save it to your desktop.
      • Double click on the [img=[url]http://www.bleepstatic.com/fhost/uploads/0/esetsmartinstaller_enu.png][/url] icon on your desktop.
    • Check "YES, I accept the Terms of Use."
    • Click the Start button.
    • Accept any security warnings from your browser.[/*]
    • Check "Enable detection of potentially unwanted applications".
    • Click Advanced settings and make sure all 4 boxes are checkmarked (two of them are already checkmarked by default).
      Do NOT checkmark "Use custom proxy settings"
    • Click the Start button.
    • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
    • When the scan completes, click List Threats[/*]
    • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
    • Click the Back button.
    • Click the Finish button.
     
  15. JoeFarrelly

    JoeFarrelly TS Rookie Topic Starter Posts: 62

    Ok I got it. I ran it and here is the log.
    Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 21-10-2014
    Ran by Joe at 2014-10-21 19:06:40 Run:1
    Running from C:\Users\Joe\Desktop
    Loaded Profiles: Joe & Farrellyfamily & Administrator (Available profiles: Joe & Farrellyfamily & Administrator)
    Boot Mode: Normal
    ==============================================

    Content of fixlist:
    *****************
    AlternateDataStreams: C:\Users\Joe\OneDrive:ms-properties
    ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
    ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
    ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
    ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
    ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
    ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
    Task: {E19444A0-A53F-4D23-9C25-4F732028ED4D} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2014-08-22] (IObit)
    Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe
    BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll (IObit)
    C:\Program Files (x86)\IObit
    BHO-x32: Advanced SystemCare Browser Protection -> {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} -> C:\Program Files (x86)\IObit\Surfing Protection\BrowerProtect\ASCPlugin_Protection.dll (IObit)
    FF Extension: No Name - C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\opl6nkhe.default-1412148437805\extensions\ascsurfingprotection@iobit.com [Not Found]
    FF Extension: No Name - C:\Program Files (x86)\IObit Apps Toolbar\FF [Not Found]
    S2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2282272 2014-08-19] (IObit)
    S3 BCM42RLY; system32\drivers\BCM42RLY.sys [X]
    S3 e1edc438-f640-4184-a443-d2a7c37a01dc; \??\C:\OA30\690b33e1-0462-4e84-9bea-c7552b45432a.sys [X]
    2014-09-22 16:42 - 2014-09-22 16:44 - 00000000 ____D () C:\Users\Administrator\AppData\Roaming\IObit
    2014-09-22 16:37 - 2014-09-03 13:43 - 00000000 ____D () C:\Users\Farrellyfamily\AppData\Roaming\IObit
    C:\Users\Administrator\AppData\Local\Temp\COMAP.EXE
    C:\Users\Joe\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\Joe\AppData\Local\Temp\ReimagePackage.exe
    C:\Users\Joe\AppData\Local\Temp\sqlite3.dll


    *****************

    C:\Users\Joe\OneDrive => ":ms-properties" ADS removed successfully.
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => Key deleted successfully.
    "HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" => Key not found.
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => Key deleted successfully.
    "HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" => Key not found.
    "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => Key deleted successfully.
    "HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}" => Key not found.
    "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => Key deleted successfully.
    "HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}" => Key not found.
    "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => Key deleted successfully.
    "HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}" => Key not found.
    "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => Key deleted successfully.
    "HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}" => Key not found.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E19444A0-A53F-4D23-9C25-4F732028ED4D}" => Key deleted successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E19444A0-A53F-4D23-9C25-4F732028ED4D}" => Key deleted successfully.
    C:\Windows\System32\Tasks\Uninstaller_SkipUac_Administrator => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Uninstaller_SkipUac_Administrator" => Key deleted successfully.
    C:\WINDOWS\Tasks\Uninstaller_SkipUac_Administrator.job => Moved successfully.
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}" => Key deleted successfully.
    "HKCR\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}" => Key deleted successfully.
    C:\Program Files (x86)\IObit => Moved successfully.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}" => Key deleted successfully.
    "HKCR\Wow6432Node\CLSID\{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}" => Key deleted successfully.
    C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\opl6nkhe.default-1412148437805\extensions\ascsurfingprotection@iobit.com not found.
    C:\Program Files (x86)\IObit Apps Toolbar\FF not found.
    LiveUpdateSvc => Service deleted successfully.
    BCM42RLY => Service deleted successfully.
    e1edc438-f640-4184-a443-d2a7c37a01dc => Service deleted successfully.
    C:\Users\Administrator\AppData\Roaming\IObit => Moved successfully.
    C:\Users\Farrellyfamily\AppData\Roaming\IObit => Moved successfully.
    C:\Users\Administrator\AppData\Local\Temp\COMAP.EXE => Moved successfully.
    C:\Users\Joe\AppData\Local\Temp\dllnt_dump.dll => Moved successfully.
    C:\Users\Joe\AppData\Local\Temp\ReimagePackage.exe => Moved successfully.
    C:\Users\Joe\AppData\Local\Temp\sqlite3.dll => Moved successfully.

    ==== End of Fixlog ====
     
  16. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    You posted that log already.
    Please read my previous reply.
     
  17. JoeFarrelly

    JoeFarrelly TS Rookie Topic Starter Posts: 62

    Wow, I think you got it. I haven't had a redirect in more than an hour of websurfing. I downloaded and ran security check, FSS, and TFC. Logs pasted below. The ESET scanner found and cleaned what it said was a variant of a CNET downloader. I think things are good! Hurray. If so, I plan to make a donation and then post a new request to help clean my laptop. Thank you very much.
    Results of screen317's Security Check version 0.99.89
    x64 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    AVG AntiVirus Free Edition 2014
    Windows Defender
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Adobe Reader 10.1.12 Adobe Reader out of Date!
    Mozilla Firefox (33.0)
    ````````Process Check: objlist.exe by Laurent````````
    AVG avgwdsvc.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: %
    ````````````````````End of Log``````````````````````

    Farbar Service Scanner Version: 21-07-2014
    Ran by Joe (administrator) on 21-10-2014 at 19:57:47
    Running from "C:\Users\Joe\Downloads"
    Microsoft Windows 8.1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============


    Windows Update:
    ============
    wuauserv Service is not running. Checking service configuration:
    The start type of wuauserv service is set to Demand. The default start type is Auto.
    The ImagePath of wuauserv service is OK.
    The ServiceDll of wuauserv service is OK.


    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => File is digitally signed
    C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
    C:\Windows\System32\dhcpcore.dll => File is digitally signed
    C:\Windows\System32\drivers\afd.sys => File is digitally signed
    C:\Windows\System32\drivers\tdx.sys => File is digitally signed
    C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
    C:\Windows\System32\dnsrslvr.dll => File is digitally signed
    C:\Windows\System32\mpssvc.dll => File is digitally signed
    C:\Windows\System32\bfe.dll => File is digitally signed
    C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
    C:\Windows\System32\wscsvc.dll => File is digitally signed
    C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
    C:\Windows\System32\wuaueng.dll => File is digitally signed
    C:\Windows\System32\qmgr.dll => File is digitally signed
    C:\Windows\System32\es.dll => File is digitally signed
    C:\Windows\System32\cryptsvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
    C:\Windows\System32\ipnathlp.dll => File is digitally signed
    C:\Windows\System32\iphlpsvc.dll => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed


    **** End of log ****
     
  18. JoeFarrelly

    JoeFarrelly TS Rookie Topic Starter Posts: 62

    Results of screen317's Security Check version 0.99.89
    x64 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    AVG AntiVirus Free Edition 2014
    Windows Defender
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Adobe Reader 10.1.12 Adobe Reader out of Date!
    Mozilla Firefox (33.0)
    ````````Process Check: objlist.exe by Laurent````````
    AVG avgwdsvc.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: %
    ````````````````````End of Log``````````````````````
     
  19. JoeFarrelly

    JoeFarrelly TS Rookie Topic Starter Posts: 62

    Farbar Service Scanner Version: 21-07-2014
    Ran by Joe (administrator) on 21-10-2014 at 19:57:47
    Running from "C:\Users\Joe\Downloads"
    Microsoft Windows 8.1 (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Action Center:
    ============


    Windows Update:
    ============
    wuauserv Service is not running. Checking service configuration:
    The start type of wuauserv service is set to Demand. The default start type is Auto.
    The ImagePath of wuauserv service is OK.
    The ServiceDll of wuauserv service is OK.


    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => File is digitally signed
    C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
    C:\Windows\System32\dhcpcore.dll => File is digitally signed
    C:\Windows\System32\drivers\afd.sys => File is digitally signed
    C:\Windows\System32\drivers\tdx.sys => File is digitally signed
    C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
    C:\Windows\System32\dnsrslvr.dll => File is digitally signed
    C:\Windows\System32\mpssvc.dll => File is digitally signed
    C:\Windows\System32\bfe.dll => File is digitally signed
    C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
    C:\Windows\System32\wscsvc.dll => File is digitally signed
    C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
    C:\Windows\System32\wuaueng.dll => File is digitally signed
    C:\Windows\System32\qmgr.dll => File is digitally signed
    C:\Windows\System32\es.dll => File is digitally signed
    C:\Windows\System32\cryptsvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
    C:\Windows\System32\ipnathlp.dll => File is digitally signed
    C:\Windows\System32\iphlpsvc.dll => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed


    **** End of log ****
     
  20. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Update Adobe Reader

    You can download it from http://www.adobe.com/products/acrobat/readstep2.html
    After installing the latest Adobe Reader, uninstall all previous versions (if present).
    Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

    ================================

    Your computer is clean [​IMG]

    1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
    This is a very crucial step so make sure you don't skip it.
    Download [​IMG]DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

    Double-click Delfix.exe to start the tool.
    Make sure the following items are checked:
    • Activate UAC (optional; some users prefer to keep it off)
    • Remove disinfection tools
    • Create registry backup
    • Purge System Restore
    • Reset system settings
    Now click "Run" and wait patiently.
    Once finished a logfile will be created. You don't have to attach it to your next reply.

    2. Make sure Windows Updates are current.

    3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    4. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    11. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
    About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

    12. Please, let me know, how your computer is doing.
     
  21. JoeFarrelly

    JoeFarrelly TS Rookie Topic Starter Posts: 62

    I guess my computer isn't clean after all. Just now, when I clicked on the link you provided above to download Adobe reader, I got redirected to an insurance website.
    I had to type the URL manually to get my browser to go to the Adobe site and install the Reader.. I haven't run the cleaners yet. Maybe I still need to use some of those programs?
    Whatever this is, it sure is persistent. What do I do now?
     
  22. Broni

    Broni Malware Annihilator Posts: 52,898   +344

    Which browser?
    Did you check other browser(s)?
     
  23. JoeFarrelly

    JoeFarrelly TS Rookie Topic Starter Posts: 62

  24. JoeFarrelly

    JoeFarrelly TS Rookie Topic Starter Posts: 62

    And I just got one while posting the last reply asking "Are you a boy?"
    Please help me stop these things once and for all.
     
  25. JoeFarrelly

    JoeFarrelly TS Rookie Topic Starter Posts: 62

    I ran malware Bytes and found nothing but Roguekiller found the same programs I thought we had just gotten rid of. they're back. the PUM.dns. Here is the log:
    RogueKiller V10.0.3.0 (x64) [Oct 16 2014] by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/softwares/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 8.1 (6.3.9200 ) 64 bits version
    Started in : Normal mode
    User : Joe [Administrator]
    Mode : Delete -- Date : 10/23/2014 23:33:00

    ¤¤¤ Processes : 1 ¤¤¤
    [Suspicious.Path] explorer.exe -- C:\Windows\AsusLauncherContextMenu64.dll[-] -> Unloaded

    ¤¤¤ Registry : 10 ¤¤¤
    [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2038336361-186143559-2188733059-1002\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.scc.losrios.edu/facultystaff/ -> Not selected
    [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2038336361-186143559-2188733059-1002\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.scc.losrios.edu/facultystaff/ -> Not selected
    [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2038336361-186143559-2188733059-1003\Software\Microsoft\Internet Explorer\Main | Start Page : http://asus13.msn.com -> Not selected
    [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2038336361-186143559-2188733059-1003\Software\Microsoft\Internet Explorer\Main | Start Page : http://asus13.msn.com -> Not selected
    [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2038336361-186143559-2188733059-500\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.sierracollege.edu/ -> Not selected
    [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2038336361-186143559-2188733059-500\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.sierracollege.edu/ -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 104.131.192.211 107.170.168.61 66.60.130.158 -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 104.131.192.211 107.170.168.61 66.60.130.158 -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{8BB88EB3-0967-4520-B639-BAFDDAC10BED} | DhcpNameServer : 104.131.192.211 107.170.168.61 66.60.130.158 -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{8BB88EB3-0967-4520-B639-BAFDDAC10BED} | DhcpNameServer : 104.131.192.211 107.170.168.61 66.60.130.158 -> Not selected

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 3 (Driver: Not loaded [0x20]) ¤¤¤
    [IAT:Addr] (explorer.exe @ WSShared.dll) SLC.dll - SLClose : C:\WINDOWS\SYSTEM32\sppc.dll @ 0x7ff8a1f2566c
    [IAT:Addr] (explorer.exe @ WSShared.dll) SLC.dll - SLOpen : C:\WINDOWS\SYSTEM32\sppc.dll @ 0x7ff8a1f278e8
    [IAT:Addr] (explorer.exe @ Windows.UI.Xaml.dll) api-ms-win-core-winrt-robuffer-l1-1-0.dll - RoGetBufferMarshaler : C:\Windows\System32\WinTypes.dll @ 0x7ff88f41bf60

    ¤¤¤ Web browsers : 1 ¤¤¤
    [PUM.HomePage][FIREFX:Config] opl6nkhe.default-1412148437805 : user_pref("browser.startup.homepage", "http://www.sierracollege.edu/"); -> Not selected

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: TOSHIBA DT01ACA300 SATA Disk Device +++++
    --- User ---
    [MBR] a5481faec59db231593ac8fa1705db04
    [BSP] 94918ec8d719b535ed893b610f517544 : Empty MBR Code
    Partition table:
    0 - [XXXXXX] UNKNOWN (0x0) [VISIBLE] Offset (sectors): 1 | Size: 2097152 MB
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive1: Generic- Multi-Card USB Device +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )


    ============================================
    RKreport_DEL_10012014_004116.log - RKreport_DEL_10112014_234859.log - RKreport_DEL_10172014_003905.log - RKreport_DEL_10172014_005934.log
    RKreport_DEL_10182014_173409.log - RKreport_SCN_10012014_004103.log - RKreport_SCN_10112014_234819.log - RKreport_SCN_10172014_003830.log
    RKreport_SCN_10172014_005837.log - RKreport_SCN_10172014_010923.log - RKreport_SCN_10182014_173109.log - RKreport_SCN_10232014_232928.log
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...