TechSpot

ESET cleaning error

By tebo173
Jun 28, 2015
  1. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-06-2015
    Ran by user (administrator) on USER-PC on 28-06-2015 05:19:39
    Running from C:\Users\user\Downloads
    Loaded Profiles: user (Available Profiles: user)
    Platform: Microsoft Windows 7 Home Premium Service Pack 1 (X86) OS Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (SRS Labs, Inc.) C:\Program Files\SRS Labs\SRS Audio Essentials\AENotifier.exe
    (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
    (WordWeb Software) C:\Program Files\WordWeb\wweb32.exe
    (Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
    (Microsoft Corporation) C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    (Intel Corporation) C:\Windows\System32\igfxsrvc.exe
    (Microsoft Corporation) C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    (ESET) C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\mdm.exe
    (SRS Labs, Inc.) C:\Program Files\Common Files\SRS Labs\SRS HD Audio Lab Service\SRSAudioLabService.exe
    (Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
    (Research In Motion) C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
    (Research In Motion) C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.AutoUpdate.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    (Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\RIMDeviceManager\RIMDeviceManager.exe
    (Research In Motion Limited) C:\Program Files\Common Files\Research In Motion\USB Drivers\BbDevMgr.exe
    (VideoLAN) C:\Program Files\VideoLAN\VLC\vlc.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
    (Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
    (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe
    (Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_18_0_0_194.exe


    ==================== Registry (Whitelisted) ==================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7744032 2009-11-23] (Realtek Semiconductor)
    HKLM\...\Run: [GrooveMonitor] => C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [31016 2006-10-27] (Microsoft Corporation)
    HKLM\...\Run: [SRSAENotifier] => C:\Program Files\SRS Labs\SRS Audio Essentials\AENotifier.exe [528216 2011-08-24] (SRS Labs, Inc.)
    HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
    HKLM\...\Run: [egui] => C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [5088456 2015-01-28] (ESET)
    HKU\S-1-5-21-1061790985-3839154058-3968913689-1000\...\Run: [WordWeb] => C:\Program Files\WordWeb\wweb32.exe [65216 2009-11-08] (WordWeb Software)
    HKU\S-1-5-21-1061790985-3839154058-3968913689-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [17877168 2012-11-09] (Skype Technologies S.A.)
    HKU\S-1-5-21-1061790985-3839154058-3968913689-1000\...\MountPoints2: {d305889b-1663-11e5-b70e-00e04c30adea} - E:\NokiaPCIA_Autorun.exe
    CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...hid=15171216277421762971&lg=EN&cc=GH&unqvl=90
    HKU\S-1-5-21-1061790985-3839154058-3968913689-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?Lin...hid=15171216277421762971&lg=EN&cc=GH&unqvl=90
    HKU\S-1-5-21-1061790985-3839154058-3968913689-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
    SearchScopes: HKLM -> DefaultScope {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.hotsearches.info/?...hid=15171216277421762971&lg=EN&cc=GH&unqvl=90
    SearchScopes: HKLM -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.hotsearches.info/?...hid=15171216277421762971&lg=EN&cc=GH&unqvl=90
    SearchScopes: HKU\S-1-5-21-1061790985-3839154058-3968913689-1000 -> {BB82DE59-BC4C-4172-9AC4-73315F71CFFE} URL = http://websearch.hotsearches.info/?...hid=15171216277421762971&lg=EN&cc=GH&unqvl=90
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2006-10-27] (Microsoft Corporation)
    BHO: Skype Browser Helper -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-03-21] (Microsoft Corporation)
    BHO: DVDVideoSoft IE Extension -> {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} -> C:\Program Files\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll [2015-03-01] (DVDVideoSoft Ltd.)
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll [2006-10-27] (Microsoft Corporation)
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2014-03-21] (Microsoft Corporation)
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll [2011-11-03] (Skype Technologies)
    Tcpip\..\Interfaces\{B22C037F-AC6F-40E7-BB03-261638E38505}: [NameServer] 41.66.193.149 8.8.8.8

    FireFox:
    ========
    FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\9wkgew88.default
    FF NewTab: chrome://LVD-SAE/content/unpackedcrx/newtab/newtab.html
    FF DefaultSearchEngine: Ask Search
    FF DefaultSearchEngine,S: WebSearch
    FF DefaultSearchUrl: hxxp://websearch.hotsearches.info/?pid=24389&r=2015/06/19&hid=15171216277421762971&lg=EN&cc=GH&unqvl=90&l=1&q=
    FF SearchEngineOrder.1: WebSearch
    FF SearchEngineOrder.1,S: WebSearch
    FF SelectedSearchEngine: WebSearch
    FF SelectedSearchEngine,S: WebSearch
    FF Homepage: hxxp://www.google.com/
    FF Keyword.URL: hxxp://websearch.hotsearches.info/?pid=24389&r=2015/06/19&hid=15171216277421762971&lg=EN&cc=GH&unqvl=90&l=1&q=
    FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_194.dll [2015-06-24] ()
    FF Plugin: @microsoft.com/GENUINE -> disabled No File
    FF Plugin: @RIM.com/WebSLLauncher,version=1.0 -> C:\Program Files\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll [2010-08-03] ()
    FF Plugin: @videolan.org/vlc,version=2.0.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
    FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2014-02-05] (VideoLAN)
    FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
    FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\9wkgew88.default\searchplugins\ask-search.xml [2015-06-19]
    FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\9wkgew88.default\searchplugins\Ask.xml [2014-05-27]
    FF SearchPlugin: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\9wkgew88.default\searchplugins\WebSearch.xml [2015-06-19]
    FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\Ask.xml [2014-05-27]
    FF Extension: PriCeMinus - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\9wkgew88.default\Extensions\2@HmY.net [2015-06-19]
    FF Extension: Avira Browser Safety - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\9wkgew88.default\Extensions\abs@avira.com [2015-06-24]
    FF Extension: PriceeMinus - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\9wkgew88.default\Extensions\mQLoDabbp@W.com [2015-06-19]
    FF Extension: PRiCeMMinus - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\9wkgew88.default\Extensions\N@pUy.com [2015-06-19]
    FF Extension: bestadblocker - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\9wkgew88.default\Extensions\wfy8c@ps.net [2015-06-19]
    FF Extension: Ask New Tabs - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\9wkgew88.default\Extensions\{10AC039D-1073-3BCA-E76F-EB60607D86B8} [2014-05-27]
    FF Extension: iLivid - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\9wkgew88.default\Extensions\LVD-SAE@iacsearchandmedia.com.xpi [2015-06-19]
    FF Extension: DVDVideoSoft YouTube MP3 and Video Download - C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\9wkgew88.default\Extensions\{B64D9B05-48E1-4CEB-BF58-E0643994E900}.xpi [2015-03-04]
    FF Extension: Skype Click to Call - C:\Program Files\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2014-08-02]

    Chrome:
    =======
    CHR dev: Chrome dev build detected! <======= ATTENTION
    CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - https://clients2.google.com/service/update2/crx

    ========================== Services (Whitelisted) =================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 c2cautoupdatesvc; C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1390720 2014-04-11] (Microsoft Corporation)
    R2 c2cpnrsvc; C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1764992 2014-04-11] (Microsoft Corporation)
    R2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [1349576 2015-01-28] (ESET)
    R2 MDM; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [335872 2006-10-26] (Microsoft Corporation) [File not signed]
    R2 SRSHDAudioService; C:\Program Files\Common Files\SRS Labs\SRS HD Audio Lab Service\SRSAudioLabService.exe [12648 2011-08-24] (SRS Labs, Inc.)
    R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [680960 2013-05-27] (Microsoft Corporation)

    ==================== Drivers (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [193464 2015-01-30] (ESET)
    R1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [135808 2015-01-30] (ESET)
    R2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [123424 2015-01-30] (ESET)
    R3 SRS_AE_Service; C:\Windows\System32\drivers\SRS_AE_i386.sys [404256 2011-08-01] ()
    R1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [31848 2015-05-27] (Avira Operations GmbH & Co. KG)
    R3 efavdrv; \??\C:\Windows\system32\drivers\efavdrv.sys [X]

    ========================== Drivers MD5 =======================

    C:\Windows\system32\drivers\1394ohci.sys ==> MD5 is legit
    C:\Windows\System32\drivers\ACPI.sys ==> MD5 is legit
    C:\Windows\system32\drivers\acpipmi.sys ==> MD5 is legit
    C:\Windows\system32\drivers\adp94xx.sys ==> MD5 is legit
    C:\Windows\system32\drivers\adpahci.sys ==> MD5 is legit
    C:\Windows\system32\drivers\adpu320.sys ==> MD5 is legit
    C:\Windows\system32\drivers\afd.sys 9876CB32F95AB3E7B56A86B8465399BE
    C:\Windows\system32\drivers\agp440.sys ==> MD5 is legit
    C:\Windows\system32\drivers\djsvs.sys ==> MD5 is legit
    C:\Windows\system32\drivers\aliide.sys ==> MD5 is legit
    C:\Windows\system32\drivers\amdagp.sys ==> MD5 is legit
    C:\Windows\system32\drivers\amdide.sys ==> MD5 is legit
    C:\Windows\system32\drivers\amdk8.sys ==> MD5 is legit
    C:\Windows\system32\drivers\amdppm.sys ==> MD5 is legit
    C:\Windows\system32\drivers\amdsata.sys D320BF87125326F996D4904FE24300FC
    C:\Windows\system32\drivers\amdsbs.sys ==> MD5 is legit
    C:\Windows\System32\drivers\amdxata.sys 46387FB17B086D16DEA267D5BE23A2F2
    C:\Windows\system32\drivers\appid.sys DF1FD3855004E4731D16C207E5EEECB0
    C:\Windows\system32\drivers\arc.sys ==> MD5 is legit
    C:\Windows\system32\drivers\arcsas.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
    C:\Windows\System32\drivers\atapi.sys ==> MD5 is legit
    C:\Windows\system32\drivers\bxvbdx.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\b57nd60x.sys ==> MD5 is legit
    C:\Windows\system32\Drivers\Beep.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\bowser.sys ==> MD5 is legit
    C:\Windows\system32\drivers\BrFiltLo.sys ==> MD5 is legit
    C:\Windows\system32\drivers\BrFiltUp.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
    C:\Windows\system32\drivers\bthmodem.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\cdrom.sys ==> MD5 is legit
    C:\Windows\system32\drivers\circlass.sys ==> MD5 is legit
    C:\Windows\System32\CLFS.sys 33A60554882FDF59CDA3E1806370BBA1
    C:\Windows\System32\DRIVERS\CmBatt.sys ==> MD5 is legit
    C:\Windows\system32\drivers\cmdide.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\cng.sys 8ADF8A3E63601BD185DE6BB459AF47F5
    C:\Windows\System32\DRIVERS\compbatt.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
    C:\Windows\system32\drivers\crcdisk.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\dfsc.sys B44B9746261B23087690BF18821BA187
    C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
    C:\Windows\System32\drivers\disk.sys ==> MD5 is legit
    C:\Windows\system32\drivers\drmkaud.sys ==> MD5 is legit
    C:\Windows\System32\drivers\dxgkrnl.sys 3583A5A8CC2E682BFFBD4630D0FEC08B
    C:\Windows\System32\DRIVERS\eamonm.sys A7021E11D4FED8B9892BA54DC6C65157
    C:\Windows\system32\drivers\evbdx.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\ehdrv.sys 88D88D92AEB363EA76D750CF17E91265
    C:\Windows\system32\drivers\elxstor.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\epfwwfpr.sys A565648CAEE1769D3F7957844128C39A
    C:\Windows\system32\drivers\errdev.sys ==> MD5 is legit
    C:\Windows\system32\Drivers\exfat.sys ==> MD5 is legit
    C:\Windows\system32\Drivers\fastfat.sys ==> MD5 is legit
    C:\Windows\system32\drivers\fdc.sys ==> MD5 is legit
    C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
    C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
    C:\Windows\system32\drivers\flpydisk.sys ==> MD5 is legitB
    C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
    C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
    C:\Windows\system32\Drivers\Fs_Rec.sys 7DAE5EBCC80E45D3253F4923DC424D05
    C:\Windows\System32\DRIVERS\fvevol.sys E306A24D9694C724FA2491278BF50FDB
    C:\Windows\system32\drivers\gagp30kx.sys ==> MD5 is legit
    C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
    C:\Windows\System32\drivers\HdAudio.sys A5EF29D5315111C80A5C1ABAD14C8972
    C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
    C:\Windows\system32\drivers\HidBatt.sys ==> MD5 is legit
    C:\Windows\system32\drivers\hidbth.sys ==> MD5 is legit
    C:\Windows\system32\drivers\hidir.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
    C:\Windows\system32\drivers\HpSAMD.sys ==> MD5 is legit
    C:\Windows\System32\drivers\HTTP.sys 487569E5DA56A5A432FF8AF6D3599CF9
    C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
    C:\Windows\system32\drivers\iaStorV.sys 5CD5F9A5444E6CDCB0AC89BD62D8B76E
    C:\Windows\System32\DRIVERS\igdkmd32.sys 9467514EA189475A6E7FDC5D7BDE9D3F
    C:\Windows\system32\drivers\iirsp.sys ==> MD5 is legit
    C:\Windows\System32\drivers\RTKVHDA.sys DB96B8BD676BB24BD4F1DC53CA1F182C
    C:\Windows\System32\drivers\intelide.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
    C:\Windows\system32\drivers\IPMIDrv.sys ==> MD5 is legit
    C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
    C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
    C:\Windows\system32\drivers\isapnp.sys ==> MD5 is legit
    C:\Windows\system32\drivers\msiscsi.sys EB34CE31FABD4DC4343FD2AD16D2CAF9
    C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
    C:\Windows\system32\drivers\kbdhid.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\ksecdd.sys 17920ED7800719A18630003C80EC0F70
    C:\Windows\System32\Drivers\ksecpkg.sys 48D00D913540F177C67D11302FDDA0D3
    C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
    C:\Windows\system32\drivers\lsi_fc.sys ==> MD5 is legit
    C:\Windows\system32\drivers\lsi_sas.sys ==> MD5 is legit
    C:\Windows\system32\drivers\lsi_sas2.sys ==> MD5 is legit
    C:\Windows\system32\drivers\lsi_scsi.sys ==> MD5 is legit
    C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
    C:\Windows\system32\drivers\megasas.sys ==> MD5 is legit
    C:\Windows\system32\drivers\MegaSR.sys ==> MD5 is legit
    C:\Windows\System32\drivers\modem.sys C6A81F138F297CC7E653EFC059CCA033
    C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
    C:\Windows\System32\drivers\mountmgr.sys 644905A19D0F37F2233DFCE53BC4BC19
    C:\Windows\system32\drivers\mpio.sys ==> MD5 is legit
    C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
    C:\Windows\system32\drivers\mrxdav.sys 1C3EBF74425637371DD208B67381A949
    C:\Windows\System32\DRIVERS\mrxsmb.sys CE706AA66B6D94DB8892C5FC114E0F85
    C:\Windows\System32\DRIVERS\mrxsmb10.sys 876F0811A1FB5BADB63EC54DE0AE0F2E
    C:\Windows\System32\DRIVERS\mrxsmb20.sys F450602C329F3E7A828931E7EBBF2F27
    C:\Windows\system32\drivers\msahci.sys ==> MD5 is legit
    C:\Windows\system32\drivers\msdsm.sys ==> MD5 is legit
    C:\Windows\system32\Drivers\Msfs.sys ==> MD5 is legit
    C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
    C:\Windows\System32\drivers\msisadrv.sys ==> MD5 is legit
    C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
    C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
    C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
    C:\Windows\system32\Drivers\MsRPC.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\mssmbios.sys ==> MD5 is legit
    C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
    C:\Windows\system32\drivers\MTConfig.sys ==> MD5 is legit
    C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
    C:\Windows\System32\drivers\ndis.sys 8C9C922D71F1CD4DEF73F186416B7896
    C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\ndisuio.sys 520B68DD11C0749D5B9A7F736CB6DE5E
    C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
    C:\Windows\system32\Drivers\NDProxy.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\netr28.sys 652881F65B35564575255A0E05E23C55
    C:\Windows\system32\drivers\nfrd960.sys ==> MD5 is legit
    C:\Windows\system32\Drivers\Npfs.sys ==> MD5 is legit
    C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
    C:\Windows\system32\Drivers\Ntfs.sys 90EE3C4BD199287D2630C5232F459367
    C:\Windows\system32\Drivers\Null.sys ==> MD5 is legit
    C:\Windows\system32\drivers\nvraid.sys B3E25EE28883877076E0E1FF877D02E0
    C:\Windows\system32\drivers\nvstor.sys 4380E59A170D88C4F1022EFF6719A8A4
    C:\Windows\system32\drivers\nv_agp.sys ==> MD5 is legit
    C:\Windows\system32\drivers\ohci1394.sys ==> MD5 is legit
    C:\Windows\system32\drivers\parport.sys ==> MD5 is legit
    C:\Windows\System32\drivers\partmgr.sys 3F34A1B4C5F6475F320C275E63AFCE9B
    C:\Windows\system32\drivers\parvdm.sys ==> MD5 is legit
    C:\Windows\System32\drivers\pci.sys ==> MD5 is legit
    C:\Windows\system32\drivers\pciide.sys ==> MD5 is legit
    C:\Windows\system32\drivers\pcmcia.sys ==> MD5 is legit
    C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
    C:\Windows\System32\drivers\peauth.sys AEBC369F7DC72AB3F5B9BDF34FA0D43F
    C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
    C:\Windows\system32\drivers\processr.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
    C:\Windows\system32\drivers\ql2300.sys ==> MD5 is legit
    C:\Windows\system32\drivers\ql40xx.sys ==> MD5 is legit
    C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\rdbss.sys B53320316C5819D711A9ED0DAE379CE8
    C:\Windows\system32\drivers\rdpbus.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\RDPCDD.sys ==> MD5 is legit
    C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
    C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
    C:\Windows\system32\Drivers\RDPWD.sys CD9214A6AE17D188D17C3CF8CB9CC693
    C:\Windows\System32\drivers\rdyboost.sys 12DB635221AF40AD8ED316F07AC7844B
    C:\Windows\System32\Drivers\RimUsb.sys F17713D108ACA124A139FDE877EEF68A
    C:\Windows\System32\DRIVERS\RimSerial.sys 2C4FB2E9F039287767C384E46EE91030
    C:\Windows\System32\Drivers\RootMdm.sys 564297827D213F52C7A3A2FF749568CA
    C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\Rt86win7.sys 7DFD48E24479B68B258D8770121155A0
    C:\Windows\system32\drivers\sbp2port.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\scfilter.sys ==> MD5 is legit
    C:\Windows\system32\Drivers\secdrv.sys ==> MD5 is legit
    C:\Windows\system32\drivers\serenum.sys ==> MD5 is legit
    C:\Windows\system32\drivers\serial.sys ==> MD5 is legit
    C:\Windows\system32\drivers\sermouse.sys ==> MD5 is legit
    C:\Windows\system32\drivers\sffdisk.sys ==> MD5 is legit
    C:\Windows\system32\drivers\sffp_mmc.sys ==> MD5 is legit
    C:\Windows\system32\drivers\sffp_sd.sys ==> MD5 is legit
    C:\Windows\system32\drivers\sfloppy.sys ==> MD5 is legit
    C:\Windows\system32\drivers\sisagp.sys ==> MD5 is legit
    C:\Windows\system32\drivers\SiSRaid2.sys ==> MD5 is legit
    C:\Windows\system32\drivers\sisraid4.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
    C:\Windows\system32\Drivers\spldr.sys ==> MD5 is legit
    C:\Windows\System32\drivers\SRS_AE_i386.sys 3EED76A0C1412F52860F7E7EAB5AECCA
    C:\Windows\System32\DRIVERS\srv.sys 18F3BEE76568CDB5EFC82E8A3FD33E7E
    C:\Windows\System32\DRIVERS\srv2.sys AE3C2D8A41FAC898CEC1C368C0495F98
    C:\Windows\System32\DRIVERS\srvnet.sys BE6BD660CAA6F291AE06A718A4FA8ABC
    C:\Windows\System32\DRIVERS\ssmdrv.sys 424566865D82AA4BD8D6546C1F2065FA
    C:\Windows\system32\drivers\stexstor.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\swenum.sys ==> MD5 is legit
    C:\Windows\System32\drivers\tcpip.sys EA47AB18E289333AB94397D77CA6E3A1
    C:\Windows\System32\DRIVERS\tcpip.sys EA47AB18E289333AB94397D77CA6E3A1
    C:\Windows\System32\drivers\tcpipreg.sys 3EEBD3BD93DA46A26E89893C7AB2FF3B
    C:\Windows\System32\drivers\tdpipe.sys ==> MD5 is legit
    C:\Windows\System32\drivers\tdtcp.sys 2C2C5AFE7EE4F620D69C23C0617651A8
    C:\Windows\System32\DRIVERS\tdx.sys 7FE680A3DFA421C4A8E4879AE4C5AAB0
    C:\Windows\System32\DRIVERS\termdd.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\tssecsrv.sys E10601CF12F9E619BC16A40E962954E9
    C:\Windows\System32\drivers\tsusbflt.sys ==> MD5 is legit
    C:\Windows\system32\drivers\TsUsbGD.sys 01246F0BAAD7B68EC0F472AA41E33282
    C:\Windows\System32\DRIVERS\tunnel.sys ==> MD5 is legit
    C:\Windows\system32\drivers\uagp35.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\udfs.sys ==> MD5 is legit
    C:\Windows\system32\drivers\uliagpkx.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\umbus.sys ==> MD5 is legit
    C:\Windows\system32\drivers\umpass.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\usbccgp.sys 0803FBA9FE829D61AE26EC0BCC910C46
    C:\Windows\system32\drivers\usbcir.sys 2352AB5F9F8F097BF9D41D5A4718A041
    C:\Windows\System32\DRIVERS\usbehci.sys D40855F89B69305140BBD7E9A3BA2DA6
    C:\Windows\System32\DRIVERS\usbhub.sys EDF2DF71C4F1E13A6AC75F5224DE655A
    C:\Windows\system32\drivers\usbohci.sys E185D44FAC515A18D9DEDDC23C2CDF44
    C:\Windows\system32\drivers\usbprint.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\USBSTOR.SYS 353FBF4AE9EF467BE8A2FDA7935F63CB
    C:\Windows\System32\DRIVERS\usbuhci.sys 800AABFD625EEFF899F7E5496BDE37AB
    C:\Windows\System32\Drivers\usbvideo.sys DE014425522610BEDCA3821BB8C0F1D5
    C:\Windows\System32\drivers\vdrvroot.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
    C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
    C:\Windows\system32\drivers\vhdmp.sys ==> MD5 is legit
    C:\Windows\system32\drivers\viaagp.sys ==> MD5 is legit
    C:\Windows\system32\drivers\viac7.sys ==> MD5 is legit
    C:\Windows\system32\drivers\viaide.sys ==> MD5 is legit
    C:\Windows\System32\drivers\volmgr.sys ==> MD5 is legit
    C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
    C:\Windows\System32\drivers\volsnap.sys 4EDEF8AB59B089925CF9A6CFC74A4109
    C:\Windows\system32\drivers\vsmraid.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\vwifibus.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\vwififlt.sys 484F0E7A0CF612E5D9DFE2049F582FE3
    C:\Windows\system32\drivers\wacompen.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\wanarp.sys ==> MD5 is legit
    C:\Windows\system32\drivers\wd.sys ==> MD5 is legit
    C:\Windows\System32\drivers\Wdf01000.sys CF68C54937BACCC0DA9A056FFA2A3988
    C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
    C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
    C:\Windows\System32\DRIVERS\WinUsb.sys A67E5F9A400F3BD1BE3D80613B45F708
    C:\Windows\system32\drivers\wmiacpi.sys ==> MD5 is legit
    C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
    C:\Windows\System32\drivers\WudfPf.sys 06E6F32C8D0A3F66D956F57B43A2E070
    C:\Windows\System32\DRIVERS\WUDFRd.sys 867C301E8B790040AE9CF6486E8041DF
     
  2. tebo173

    tebo173 TS Rookie Topic Starter

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-06-28 05:19 - 2015-06-28 05:22 - 00027218 _____ C:\Users\user\Downloads\FRST.txt
    2015-06-28 05:18 - 2015-06-28 05:20 - 00000000 ____D C:\FRST
    2015-06-28 05:15 - 2015-06-28 05:15 - 01636352 _____ (Farbar) C:\Users\user\Downloads\FRST.exe
    2015-06-28 04:39 - 2015-06-28 04:43 - 51812576 _____ (Microsoft Corporation) C:\Users\user\Downloads\Windows-KB890830-V5.25.exe
    2015-06-27 22:31 - 2015-06-27 22:35 - 02273880 _____ (ESET) C:\Users\user\Downloads\ERARemover_x86.exe
    2015-06-27 21:42 - 2015-06-27 21:42 - 00000000 ____D C:\Users\user\AppData\Local\GWX
    2015-06-27 21:39 - 2015-06-27 21:39 - 00000000 ____D C:\Users\user\AppData\Local\ESET
    2015-06-27 11:55 - 2015-06-27 11:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
    2015-06-27 11:54 - 2015-06-28 04:12 - 00000000 ____D C:\ProgramData\ESET
    2015-06-27 11:54 - 2015-06-27 11:54 - 00000000 ____D C:\Program Files\ESET
    2015-06-27 11:33 - 2015-06-27 11:35 - 01761992 _____ (ESET) C:\Users\user\Downloads\eset_nod32_antivirus_live_installer_.exe
    2015-06-24 07:25 - 2015-05-27 13:08 - 00031848 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\ssmdrv.sys
    2015-06-23 23:14 - 2015-06-27 14:27 - 00000000 ____D C:\Program Files\Avira
    2015-06-23 19:01 - 2015-06-27 14:27 - 00000000 ____D C:\ProgramData\Avira
    2015-06-20 01:56 - 2015-06-27 12:25 - 00000000 __SHD C:\Users\user\AppData\Local\EmieBrowserModeList
    2015-06-19 19:35 - 2015-06-20 19:42 - 00000000 ____D C:\Program Files\PRiCeMMinus
    2015-06-19 19:21 - 2015-06-23 18:54 - 00000000 ____D C:\Program Files\Common Files\AV
    2015-06-19 10:36 - 2015-02-24 04:23 - 00246920 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
    2015-06-19 10:13 - 2015-06-19 22:02 - 00000000 ____D C:\Program Files\PriceeMinus
    2015-06-19 10:04 - 2015-06-19 10:14 - 00000000 ____D C:\Program Files\CutterGeneration
    2015-06-19 10:03 - 2015-06-19 21:56 - 00000000 ____D C:\Program Files\Add to Fashiolista
    2015-06-19 10:02 - 2015-06-19 21:57 - 00000000 ____D C:\Program Files\bestadblocker
    2015-06-19 10:00 - 2015-06-19 22:02 - 00000000 ____D C:\Program Files\PriCeMinus
    2015-06-19 10:00 - 2015-06-19 19:35 - 00000000 ____D C:\ProgramData\7116189937336669353
    2015-06-19 09:59 - 2015-06-19 22:00 - 00000000 ____D C:\ProgramData\{2128713e-a4dc-793a-2128-8713ea4dc4fa}
    2015-06-19 09:42 - 2015-06-23 18:56 - 00000000 ____D C:\Users\user\AppData\Local\Avg2015
    2015-06-19 09:27 - 2015-06-19 09:27 - 04928968 _____ (AVG Technologies) C:\Users\user\Downloads\avg_free_stb_all_5961p1_177.exe
    2015-06-19 09:15 - 2015-06-02 20:35 - 00342728 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
    2015-06-19 09:15 - 2015-05-23 04:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
    2015-06-19 09:15 - 2015-05-23 04:28 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
    2015-06-19 09:15 - 2015-05-23 04:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
    2015-06-19 09:15 - 2015-05-23 04:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
    2015-06-19 09:15 - 2015-05-23 04:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
    2015-06-19 09:15 - 2015-05-23 04:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
    2015-06-19 09:15 - 2015-05-23 04:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
    2015-06-19 09:15 - 2015-05-23 04:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
    2015-06-19 09:15 - 2015-05-23 04:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
    2015-06-19 09:15 - 2015-05-23 04:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
    2015-06-19 09:15 - 2015-05-23 04:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
    2015-06-19 09:15 - 2015-05-23 04:05 - 00102912 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
    2015-06-19 09:15 - 2015-05-23 04:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
    2015-06-19 09:15 - 2015-05-23 04:00 - 00667648 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
    2015-06-19 09:15 - 2015-05-23 03:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
    2015-06-19 09:15 - 2015-05-23 03:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
    2015-06-19 09:15 - 2015-05-23 03:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
    2015-06-19 09:15 - 2015-05-23 03:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
    2015-06-19 09:15 - 2015-05-23 03:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
    2015-06-19 09:15 - 2015-05-23 03:38 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
    2015-06-19 09:15 - 2015-05-23 03:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
    2015-06-19 09:15 - 2015-05-23 03:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
    2015-06-19 09:15 - 2015-05-23 03:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
    2015-06-19 09:15 - 2015-05-23 03:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
    2015-06-19 09:15 - 2015-05-23 03:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
    2015-06-19 09:14 - 2015-05-27 15:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
    2015-06-19 09:14 - 2015-05-23 04:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
    2015-06-19 09:14 - 2015-05-23 04:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
    2015-06-19 09:14 - 2015-05-23 03:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
    2015-06-19 09:14 - 2015-05-23 03:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
    2015-06-19 09:14 - 2015-05-23 03:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
    2015-06-18 16:19 - 2010-02-11 08:14 - 53855084 _____ C:\Users\user\Desktop\Video- Moving- Busta Rhymes Performance At SOS _ Nas & Damian Marley Perform (Help For Haiti).mp4
    2015-06-15 22:41 - 2015-06-15 22:41 - 00000000 ____D C:\Windows\system32\appraiser
    2015-06-15 22:40 - 2015-06-19 09:05 - 00000000 ___SD C:\Windows\system32\GWX
    2015-06-15 22:20 - 2015-05-01 14:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2015-06-13 11:05 - 2015-05-09 04:14 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
    2015-06-13 11:05 - 2015-05-09 04:13 - 00868352 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
    2015-06-13 11:05 - 2015-05-09 04:13 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
    2015-06-13 11:05 - 2015-05-09 04:12 - 00271360 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
    2015-06-13 11:05 - 2015-05-09 04:08 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
    2015-06-13 11:05 - 2015-05-09 04:08 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
    2015-06-13 11:05 - 2015-05-09 04:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
    2015-06-13 11:05 - 2015-05-09 04:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
    2015-06-13 11:05 - 2015-05-09 04:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
    2015-06-13 11:05 - 2015-05-09 04:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
    2015-06-13 11:05 - 2015-05-09 04:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
    2015-06-13 11:05 - 2015-05-09 04:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
    2015-06-13 11:05 - 2015-05-09 04:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
    2015-06-13 11:05 - 2015-05-09 04:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
    2015-06-13 11:05 - 2015-05-09 04:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
    2015-06-13 11:05 - 2015-05-09 04:08 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
    2015-06-13 11:05 - 2015-05-09 04:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
    2015-06-13 11:05 - 2015-05-09 04:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
    2015-06-13 11:05 - 2015-05-09 04:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
    2015-06-13 11:05 - 2015-05-09 04:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
    2015-06-13 11:05 - 2015-05-09 04:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
    2015-06-13 11:05 - 2015-05-09 04:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
    2015-06-13 11:05 - 2015-05-09 04:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
    2015-06-13 11:05 - 2015-05-09 04:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
    2015-06-13 11:05 - 2015-05-09 04:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
    2015-06-13 11:05 - 2015-05-09 04:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
    2015-06-13 11:04 - 2015-05-09 04:08 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
    2015-06-13 11:04 - 2015-05-09 04:08 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
    2015-06-13 11:04 - 2015-05-09 02:59 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
    2015-06-13 11:04 - 2015-05-09 02:59 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2015-06-13 11:04 - 2015-05-09 02:59 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2015-06-13 11:04 - 2015-05-09 02:59 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
    2015-06-13 11:04 - 2015-02-04 03:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
    2015-06-13 11:04 - 2015-02-03 04:16 - 00078784 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
    2015-06-13 11:04 - 2015-02-03 04:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
    2015-06-13 11:04 - 2015-02-03 04:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
    2015-06-13 11:04 - 2015-02-03 04:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
    2015-06-13 11:04 - 2015-02-03 04:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
    2015-06-13 11:04 - 2015-02-03 04:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
    2015-06-13 11:04 - 2015-02-03 04:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
    2015-06-13 11:04 - 2015-02-03 04:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
    2015-06-13 11:04 - 2015-02-03 04:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
    2015-06-13 11:04 - 2015-02-03 04:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
    2015-06-13 11:04 - 2015-02-03 04:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
    2015-06-13 11:04 - 2015-02-03 04:12 - 00475136 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
    2015-06-13 11:04 - 2015-02-03 04:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
    2015-06-13 11:04 - 2015-02-03 04:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
    2015-06-13 11:04 - 2015-02-03 04:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
    2015-06-13 11:04 - 2015-02-03 04:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
    2015-06-13 11:04 - 2015-02-03 04:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
    2015-06-13 11:04 - 2015-02-03 04:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
    2015-06-13 11:04 - 2015-02-03 04:12 - 00157184 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
    2015-06-13 11:04 - 2015-02-03 04:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
    2015-06-13 11:04 - 2015-02-03 04:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
    2015-06-13 11:04 - 2015-02-03 04:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
    2015-06-13 11:04 - 2015-02-03 04:12 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
    2015-06-13 11:04 - 2015-02-03 04:11 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
    2015-06-13 11:04 - 2015-02-03 04:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
    2015-06-13 11:04 - 2015-02-03 04:00 - 00593920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
    2015-06-13 11:04 - 2015-01-31 00:58 - 00370488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
    2015-06-13 11:03 - 2015-02-03 04:12 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
    2015-06-13 11:03 - 2015-02-03 04:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
    2015-06-13 11:03 - 2015-02-03 04:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
    2015-06-13 11:03 - 2015-02-03 04:12 - 00010752 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
    2015-06-13 11:03 - 2015-02-03 04:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
    2015-06-13 11:03 - 2015-02-03 04:11 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
    2015-06-13 11:03 - 2015-02-03 04:11 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
    2015-06-13 11:03 - 2015-02-03 04:10 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
    2015-06-13 11:03 - 2015-02-03 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
    2015-06-13 11:02 - 2015-05-22 19:03 - 00571392 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
    2015-06-13 11:02 - 2015-05-22 19:02 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
    2015-06-13 11:02 - 2015-05-22 19:02 - 00621568 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
    2015-06-13 11:02 - 2015-05-22 19:02 - 00333824 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
    2015-06-13 11:02 - 2015-05-22 19:02 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
    2015-06-13 11:02 - 2015-05-22 18:58 - 00901120 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
    2015-06-13 11:02 - 2015-05-21 14:20 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
    2015-06-13 11:02 - 2015-02-03 04:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
    2015-06-13 11:02 - 2015-01-29 04:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
    2015-06-13 11:02 - 2015-01-28 00:36 - 01167520 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
    2015-06-13 11:01 - 2015-05-22 19:02 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
    2015-06-13 10:58 - 2015-05-25 18:04 - 02393088 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
    2015-06-13 10:57 - 2015-04-11 04:07 - 00054656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys
    2015-06-13 10:57 - 2015-03-04 05:16 - 00249784 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
    2015-06-13 10:57 - 2015-03-04 05:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
    2015-06-13 10:54 - 2015-01-17 03:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
    2015-06-13 10:52 - 2015-05-25 19:12 - 03994560 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
    2015-06-13 10:52 - 2015-05-25 19:12 - 03939776 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
    2015-06-13 10:52 - 2015-05-25 19:12 - 00137664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
    2015-06-13 10:52 - 2015-05-25 19:12 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
    2015-06-13 10:52 - 2015-05-25 19:09 - 01307648 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
    2015-06-13 10:52 - 2015-05-25 19:07 - 01062912 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
    2015-06-13 10:52 - 2015-05-25 19:07 - 00635392 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
    2015-06-13 10:52 - 2015-05-25 19:07 - 00551936 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
    2015-06-13 10:52 - 2015-05-25 19:07 - 00400896 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
    2015-06-13 10:52 - 2015-05-25 19:07 - 00260096 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
    2015-06-13 10:52 - 2015-05-25 19:07 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
    2015-06-13 10:52 - 2015-05-25 19:07 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
    2015-06-13 10:52 - 2015-05-25 19:07 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
    2015-06-13 10:52 - 2015-05-25 19:07 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
    2015-06-13 10:52 - 2015-05-25 19:07 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
    2015-06-13 10:52 - 2015-05-25 19:07 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
    2015-06-13 10:52 - 2015-05-25 19:07 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
    2015-06-13 10:52 - 2015-05-25 19:07 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
    2015-06-13 10:52 - 2015-05-25 19:07 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
    2015-06-13 10:52 - 2015-05-25 19:06 - 00643072 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
    2015-06-13 10:52 - 2015-05-25 19:06 - 00262656 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
    2015-06-13 10:52 - 2015-05-25 19:06 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
    2015-06-13 10:52 - 2015-05-25 19:06 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
    2015-06-13 10:52 - 2015-05-25 19:06 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
    2015-06-13 10:52 - 2015-05-25 19:06 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
    2015-06-13 10:52 - 2015-05-25 19:06 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
    2015-06-13 10:52 - 2015-05-25 19:05 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
    2015-06-13 10:52 - 2015-05-25 19:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
    2015-06-13 10:52 - 2015-05-25 19:05 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
    2015-06-13 10:52 - 2015-05-25 19:05 - 00016896 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
    2015-06-13 10:52 - 2015-05-25 19:02 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
    2015-06-13 10:52 - 2015-05-25 19:02 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
    2015-06-13 10:52 - 2015-05-25 19:01 - 00853504 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
    2015-06-13 10:52 - 2015-05-25 19:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll
    2015-06-13 10:52 - 2015-05-25 19:00 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
    2015-06-13 10:52 - 2015-05-25 19:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe
    2015-06-13 10:52 - 2015-05-25 19:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe
    2015-06-13 10:52 - 2015-05-25 19:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe
    2015-06-13 10:52 - 2015-05-25 19:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe
    2015-06-13 10:52 - 2015-05-25 19:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe
    2015-06-13 10:52 - 2015-05-25 19:00 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
    2015-06-13 10:52 - 2015-05-25 18:10 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
    2015-06-13 10:52 - 2015-05-25 17:53 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
    2015-06-13 10:52 - 2015-03-19 00:37 - 00534816 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
    2015-06-13 10:52 - 2015-03-19 00:37 - 00470704 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
    2015-06-13 10:52 - 2015-03-05 05:06 - 00305152 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
    2015-06-13 10:51 - 2015-06-13 10:51 - 00000000 ____D C:\Users\user\AppData\Local\Bluestacks
    2015-06-13 10:50 - 2015-04-20 03:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
    2015-06-13 10:50 - 2015-04-20 03:56 - 00909312 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
    2015-06-13 10:50 - 2015-04-18 03:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
    2015-06-13 10:50 - 2015-02-13 06:01 - 12878336 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
    2015-06-13 10:49 - 2015-04-13 04:19 - 00259072 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
    2015-06-13 10:48 - 2015-03-04 05:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
    2015-06-13 10:48 - 2015-03-04 05:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
    2015-06-13 10:48 - 2015-03-04 05:10 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
    2015-06-13 10:48 - 2015-03-04 05:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
    2015-06-13 10:47 - 2015-06-13 10:49 - 14155832 _____ (BlueStack Systems Inc.) C:\Users\user\Downloads\BlueStacks-ThinInstaller.exe
    2015-06-13 10:47 - 2015-03-25 04:00 - 03088384 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
    2015-06-13 10:47 - 2015-03-25 04:00 - 02020864 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
    2015-06-13 10:47 - 2015-03-25 04:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
    2015-06-13 10:47 - 2015-03-25 04:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
    2015-06-13 10:47 - 2015-03-25 04:00 - 00131584 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
    2015-06-13 10:47 - 2015-03-25 04:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
    2015-06-13 10:47 - 2015-03-25 04:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
    2015-06-13 10:47 - 2015-03-25 04:00 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
    2015-06-13 10:47 - 2015-03-25 04:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
    2015-06-13 10:47 - 2015-03-25 04:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
    2015-06-13 10:47 - 2015-03-25 04:00 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
    2015-06-13 10:45 - 2015-02-03 04:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
    2015-06-13 10:44 - 2015-04-08 04:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
    2015-06-13 10:44 - 2015-04-08 04:14 - 00019968 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
    2015-06-13 10:44 - 2015-02-20 05:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
    2015-06-13 10:44 - 2015-02-20 05:13 - 00034304 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
    2015-06-13 10:44 - 2015-02-20 05:13 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
    2015-06-13 10:44 - 2015-02-20 05:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
    2015-06-13 10:44 - 2015-02-20 04:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
    2015-06-13 10:44 - 2015-02-18 08:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
    2015-06-13 10:42 - 2015-04-29 19:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
    2015-06-13 10:42 - 2015-02-25 04:03 - 00514560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
    2015-06-13 10:41 - 2015-04-29 19:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
    2015-06-13 10:41 - 2015-04-29 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
    2015-06-13 10:41 - 2015-04-29 19:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
    2015-06-13 10:41 - 2015-04-29 19:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
    2015-06-13 10:31 - 2015-04-24 18:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
    2015-06-13 10:31 - 2015-03-10 04:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
    2015-06-13 10:31 - 2015-03-10 04:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-06-28 05:13 - 2014-06-08 17:33 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
    2015-06-27 21:51 - 2009-07-14 05:34 - 00028528 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-06-27 21:51 - 2009-07-14 05:34 - 00028528 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-06-27 21:50 - 2015-03-04 23:19 - 00000000 ____D C:\Program Files\Opera
    2015-06-27 21:37 - 2014-03-25 16:09 - 01543616 _____ C:\Windows\WindowsUpdate.log
    2015-06-27 21:29 - 2010-11-20 22:01 - 00006166 _____ C:\Windows\system32\PerfStringBackup.INI
    2015-06-27 21:28 - 2009-07-14 05:39 - 00077338 _____ C:\Windows\setupact.log
    2015-06-27 21:27 - 2009-07-14 05:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
    2015-06-27 14:27 - 2010-11-20 22:48 - 00229200 _____ C:\Windows\PFRO.log
    2015-06-27 14:09 - 2014-05-20 19:10 - 00000000 ____D C:\Users\user\AppData\Roaming\vlc
    2015-06-27 12:25 - 2014-09-18 18:04 - 00000000 __SHD C:\Users\user\AppData\Local\EmieUserList
    2015-06-27 12:25 - 2014-09-18 18:04 - 00000000 __SHD C:\Users\user\AppData\Local\EmieSiteList
    2015-06-25 07:19 - 2015-02-17 10:51 - 00012868 _____ C:\Users\user\AppData\Roaming\Rim.Desktop.Exception.log
    2015-06-25 01:56 - 2014-05-14 21:07 - 00000000 ____D C:\Users\user\AppData\Roaming\Skype
    2015-06-24 23:22 - 2014-06-08 17:33 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
    2015-06-24 23:22 - 2014-06-08 17:33 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
    2015-06-23 18:56 - 2014-05-20 19:18 - 00000000 ____D C:\Program Files\AVG
    2015-06-23 18:56 - 2014-05-20 19:01 - 00000000 ____D C:\ProgramData\MFAData
    2015-06-20 19:32 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
    2015-06-20 03:13 - 2014-05-21 18:42 - 00000000 ____D C:\Windows\system32\MRT
    2015-06-19 10:26 - 2015-03-08 09:19 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
    2015-06-19 10:25 - 2015-03-08 09:19 - 00000000 ____D C:\Program Files\Common Files\Adobe
    2015-06-19 09:05 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\AppCompat
    2015-06-18 16:51 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET
    2015-06-15 22:45 - 2009-07-14 05:33 - 00410096 _____ C:\Windows\system32\FNTCACHE.DAT
    2015-06-15 22:41 - 2014-05-21 19:54 - 00000000 ___SD C:\Windows\system32\CompatTel
    2015-06-15 22:41 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\system32\AdvancedInstallers
    2015-06-15 22:40 - 2011-04-12 03:24 - 00000000 ____D C:\Program Files\Windows Journal
    2015-06-13 15:46 - 2014-06-21 20:26 - 00000000 ____D C:\Users\user\AppData\Local\Adobe
    2015-06-12 17:15 - 2015-04-25 19:43 - 00000000 ____D C:\Users\user\AppData\Roaming\dvdcss

    ==================== Files in the root of some directories =======

    2014-05-21 09:56 - 2014-05-21 09:56 - 4216840 _____ (Microsoft Corporation) C:\Program Files\Common Files\vcredist.exe
    2014-05-20 19:33 - 2015-02-28 16:06 - 0000000 _____ () C:\Users\user\AppData\Roaming\bitlord_log.txt
    2015-02-17 10:51 - 2015-06-25 07:19 - 0012868 _____ () C:\Users\user\AppData\Roaming\Rim.Desktop.Exception.log
    2014-05-14 21:13 - 2014-05-14 21:13 - 0000801 _____ () C:\Users\user\AppData\Roaming\Rim.Desktop.HttpServerSetup.log
    2014-06-25 21:04 - 2014-06-25 21:04 - 0000218 _____ () C:\Users\user\AppData\Local\recently-used.xbel

    Some files in TEMP:
    ====================
    C:\Users\user\AppData\Local\Temp\avgnt.exe
    C:\Users\user\AppData\Local\Temp\DseShExt-x86.dll
    C:\Users\user\AppData\Local\Temp\InstHelper.exe
    C:\Users\user\AppData\Local\Temp\SDShelEx-win32.dll
    C:\Users\user\AppData\Local\Temp\tmd_34019045.exe
    C:\Users\user\AppData\Local\Temp\vcredist_x86.exe
    C:\Users\user\AppData\Local\Temp\vlc-2.1.3-win32.exe


    ==================== Bamital & volsnap Check =================

    (There is no automatic fix for files that do not pass verification.)

    C:\Windows\explorer.exe => File is digitally signed
    C:\Windows\system32\winlogon.exe => File is digitally signed
    C:\Windows\system32\wininit.exe => File is digitally signed
    C:\Windows\system32\svchost.exe => File is digitally signed
    C:\Windows\system32\services.exe => File is digitally signed
    C:\Windows\system32\User32.dll => File is digitally signed
    C:\Windows\system32\userinit.exe => File is digitally signed
    C:\Windows\system32\rpcss.dll => File is digitally signed
    C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-06-25 10:40

    ==================== End of log ============================
     
  3. tebo173

    tebo173 TS Rookie Topic Starter

    Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-06-2015
    Ran by user at 2015-06-28 05:25:23
    Running from C:\Users\user\Downloads
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1061790985-3839154058-3968913689-500 - Administrator - Disabled)
    Guest (S-1-5-21-1061790985-3839154058-3968913689-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-1061790985-3839154058-3968913689-1003 - Limited - Enabled)
    user (S-1-5-21-1061790985-3839154058-3968913689-1000 - Administrator - Enabled) => C:\Users\user

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: ESET NOD32 Antivirus 8.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}

    ==================== Installed Programs ======================

    (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Flash Player 18 NPAPI (HKLM\...\Adobe Flash Player NPAPI) (Version: 18.0.0.194 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.11) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
    BitLord 2.2 (HKLM\...\BitLord) (Version: 2.2.1-150 - House of Life)
    BlackBerry Desktop Software 6.0 (HKLM\...\BlackBerry_Desktop) (Version: 6.0.0.40 - Research In Motion Ltd.)
    BlackBerry Desktop Software 6.0 (Version: 6.0.0.40 - Research In Motion Ltd.) Hidden
    ESET NOD32 Antivirus (HKLM\...\{B096B8AB-C3BD-4801-A731-D2B94643DA86}) (Version: 8.0.312.0 - ESET, spol s r. o.)
    Free Studio version 6.5.0.301 (HKLM\...\Free Studio_is1) (Version: 6.5.0.301 - DVDVideoSoft Ltd.)
    Free YouTube Download version 3.2.44.908 (HKLM\...\Free YouTube Download_is1) (Version: 3.2.44.908 - DVDVideoSoft Ltd.)
    Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version: 8.15.10.1930 - Intel Corporation)
    Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
    Microsoft Office Enterprise 2007 (HKLM\...\ENTERPRISE) (Version: 12.0.4518.1014 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Mozilla Firefox 36.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 36.0.1 (x86 en-US)) (Version: 36.0.1 - Mozilla)
    Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 36.0.1 - Mozilla)
    My Program version 1.5 (HKLM\...\My Program_is1) (Version: 1.5 - )
    Opera Stable 30.0.1835.88 (HKLM\...\Opera 30.0.1835.88) (Version: 30.0.1835.88 - Opera Software)
    PRiCeMMinus (HKLM\...\{06B99631-BFA2-3B7A-F58B-D067C2BA59B7}) (Version: - ) <==== ATTENTION
    Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5948 - Realtek Semiconductor Corp.)
    Skype Click to Call (HKLM\...\{BB285C9F-C821-4770-8970-56C4AB52C87E}) (Version: 7.2.15747.10003 - Microsoft Corporation)
    Skype™ 6.0 (HKLM\...\{EA17F4FC-FDBF-4CF8-A529-2D983132D053}) (Version: 6.0.126 - Skype Technologies S.A.)
    SRS Audio Essentials (HKLM\...\{FF28E4EC-A491-4A9B-8619-DD5CD80D4ADA}) (Version: 1.00.4400 - SRS Labs, Inc.)
    TeraCopy 2.27 (HKLM\...\TeraCopy_is1) (Version: - Code Sector)
    Video Performer (HKLM\...\Video Performer) (Version: - PerformerSoft LLC) <==== ATTENTION
    Visual Studio 2012 x86 Redistributables (HKLM\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    VLC media player 2.1.3 (HKLM\...\VLC media player) (Version: 2.1.3 - VideoLAN)
    WinRAR archiver (HKLM\...\WinRAR archiver) (Version: - )
    WordWeb (HKLM\...\WordWeb) (Version: 6 - WordWeb Software)
    XZip (HKLM\...\XZip) (Version: 1.4.72.4856 - Luftix Ltd)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-1061790985-3839154058-3968913689-1000_Classes\CLSID\{F28C2F70-47DE-4EA5-8F6D-7D1476CD1EF5}\localserver32 -> C:\Users\user\AppData\Local\Temp\9950\temp\affiliate_id=Hashmi313(2).exe No File

    ==================== Restore Points =========================

    27-06-2015 12:56:58 Removed Avira Browser Safety

    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-14 03:04 - 2009-06-10 22:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {220C85B5-62E5-474F-8A1E-609F65934389} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-24] (Adobe Systems Incorporated)
    Task: {2C42C306-AD26-41C9-BABE-B05E14F1882E} - System32\Tasks\Opera scheduled Autoupdate 1425508001 => C:\Program Files\Opera\launcher.exe [2015-06-19] (Opera Software)
    Task: {53AB5F2E-06A8-4210-B09F-AF8D07B04B68} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
    Task: {7AA7A747-1202-4C49-86C7-1BB951C11B47} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
    Task: {89ABF9DE-F910-4EE4-A4A0-A73D7A0C9B8A} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
    Task: {A43CF549-BFCB-4DF1-9C60-09E0A3CC89F0} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Time-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
    Task: {D8789E38-4CD5-456D-98B5-7F298BA4D5BE} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-10s => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation)
    Task: {FC7D11B6-2CF7-4207-A7D8-F24FA259B8BF} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

    ==================== Loaded Modules (Whitelisted) ==============

    2014-05-14 21:15 - 2009-08-03 15:58 - 00141312 _____ () C:\Program Files\WinRAR\rarext.dll
    2014-05-25 15:02 - 2011-10-26 17:41 - 00305664 _____ () C:\Program Files\TeraCopy\TeraCopyExt.dll
    2014-05-14 21:06 - 2009-08-19 20:59 - 00022736 ____N () C:\Program Files\WordWeb\WUCNT.dll
    2010-08-03 21:20 - 2010-08-03 21:20 - 00014168 _____ () C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.Services.Interfaces.dll
    2010-08-03 21:20 - 2010-08-03 21:20 - 00109912 _____ () C:\Program Files\Research In Motion\BlackBerry Desktop\Modules\Rim.Desktop.Services.DeviceManager.dll
    2010-08-03 21:20 - 2010-08-03 21:20 - 00098136 _____ () C:\Program Files\Research In Motion\BlackBerry Desktop\Modules\Rim.Desktop.Services.BesIntegration.dll
    2010-08-03 21:20 - 2010-08-03 21:20 - 00049496 _____ () C:\Program Files\Research In Motion\BlackBerry Desktop\Modules\Rim.Desktop.AddinSync.dll
    2014-02-05 02:31 - 2014-02-05 02:31 - 00113171 _____ () C:\Program Files\VideoLAN\VLC\libvlc.dll
    2014-02-05 02:32 - 2014-02-05 02:32 - 02396179 _____ () C:\Program Files\VideoLAN\VLC\libvlccore.dll
    2014-02-05 02:31 - 2014-02-05 02:31 - 00268307 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libdshow_plugin.dll
    2014-02-05 02:32 - 2014-02-05 02:32 - 00027667 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_output\libdirectsound_plugin.dll
    2014-02-05 02:32 - 2014-02-05 02:32 - 00031251 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_output\libwaveout_plugin.dll
    2014-02-05 02:31 - 2014-02-05 02:31 - 00066579 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirectdraw_plugin.dll
    2014-02-05 02:31 - 2014-02-05 02:31 - 02021395 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\liblibbluray_plugin.dll
    2014-02-05 02:31 - 2014-02-05 02:31 - 00100371 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_bd_plugin.dll
    2014-02-05 02:31 - 2014-02-05 02:31 - 00240659 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libdvdnav_plugin.dll
    2014-02-05 02:31 - 2014-02-05 02:31 - 00076307 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_vdr_plugin.dll
    2014-02-05 02:31 - 2014-02-05 02:31 - 00045587 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libfilesystem_plugin.dll
    2014-02-05 02:31 - 2014-02-05 02:31 - 00060947 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libsmooth_plugin.dll
    2014-02-05 02:31 - 2014-02-05 02:31 - 00531475 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libhttplive_plugin.dll
    2014-02-05 02:31 - 2014-02-05 02:31 - 00708627 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\libdash_plugin.dll
    2014-02-05 02:31 - 2014-02-05 02:31 - 00114195 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libzip_plugin.dll
    2014-02-05 02:31 - 2014-02-05 02:31 - 00040467 _____ () C:\Program Files\VideoLAN\VLC\plugins\access\libstream_filter_rar_plugin.dll
    2014-02-05 02:31 - 2014-02-05 02:31 - 00014867 _____ () C:\Program Files\VideoLAN\VLC\plugins\stream_filter\librecord_plugin.dll
    2014-02-05 02:31 - 2014-02-05 02:31 - 00133139 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libplaylist_plugin.dll
    2014-02-05 02:31 - 2014-02-05 02:31 - 01512467 _____ () C:\Program Files\VideoLAN\VLC\plugins\meta_engine\libtaglib_plugin.dll
    2014-02-05 02:31 - 2014-02-05 02:31 - 00296979 _____ () C:\Program Files\VideoLAN\VLC\plugins\lua\liblua_plugin.dll
    2014-02-05 02:31 - 2014-02-05 02:31 - 01248787 _____ () C:\Program Files\VideoLAN\VLC\plugins\misc\libxml_plugin.dll
    2014-02-05 02:31 - 2014-02-05 02:31 - 00189971 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libmp4_plugin.dll
    2014-02-05 02:32 - 2014-02-05 02:32 - 00054291 _____ () C:\Program Files\VideoLAN\VLC\plugins\control\libhotkeys_plugin.dll
    2014-02-05 02:32 - 2014-02-05 02:32 - 00038419 _____ () C:\Program Files\VideoLAN\VLC\plugins\control\libglobalhotkeys_plugin.dll
    2014-02-05 02:31 - 2014-02-05 02:31 - 00091667 _____ () C:\Program Files\VideoLAN\VLC\plugins\demux\libavi_plugin.dll
    2014-02-05 02:32 - 2014-02-05 02:32 - 11148307 _____ () C:\Program Files\VideoLAN\VLC\plugins\gui\libqt4_plugin.dll
    2014-02-05 02:31 - 2014-02-05 02:31 - 00036371 _____ () C:\Program Files\VideoLAN\VLC\plugins\meta_engine\libfolder_plugin.dll
    2014-02-05 02:31 - 2014-02-05 02:31 - 00383507 _____ () C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libupnp_plugin.dll
    2014-02-05 02:31 - 2014-02-05 02:31 - 00118803 _____ () C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libsap_plugin.dll
    2014-02-05 02:31 - 2014-02-05 02:31 - 00021011 _____ () C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libpodcast_plugin.dll
    2014-02-05 02:31 - 2014-02-05 02:31 - 00017427 _____ () C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libmediadirs_plugin.dll
    2014-02-05 02:31 - 2014-02-05 02:31 - 00014867 _____ () C:\Program Files\VideoLAN\VLC\plugins\services_discovery\libwindrive_plugin.dll
    2014-02-05 02:32 - 2014-02-05 02:32 - 00291859 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libpng_plugin.dll
    2014-02-05 02:32 - 2014-02-05 02:32 - 00017939 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libcdg_plugin.dll
    2014-02-05 02:32 - 2014-02-05 02:32 - 01280019 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libschroedinger_plugin.dll
    2014-02-05 02:32 - 2014-02-05 02:32 - 00018451 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libdts_plugin.dll
    2014-02-05 02:32 - 2014-02-05 02:32 - 00336403 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libtheora_plugin.dll
    2014-02-05 02:32 - 2014-02-05 02:32 - 00344595 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libfaad_plugin.dll
    2014-02-05 02:32 - 2014-02-05 02:32 - 00198675 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libflac_plugin.dll
    2014-02-05 02:32 - 2014-02-05 02:32 - 00027155 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libg711_plugin.dll
    2014-02-05 02:32 - 2014-02-05 02:32 - 00015891 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libaes3_plugin.dll
    2014-02-05 02:32 - 2014-02-05 02:32 - 01371667 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\liblibass_plugin.dll
    2014-02-05 02:32 - 2014-02-05 02:32 - 00146451 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libspeex_plugin.dll
    2014-02-05 02:32 - 2014-02-05 02:32 - 00022035 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\liblpcm_plugin.dll
    2014-02-05 02:32 - 2014-02-05 02:32 - 00733203 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll
    2014-02-05 02:32 - 2014-02-05 02:32 - 00018963 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libmpeg_audio_plugin.dll
    2014-02-05 02:32 - 2014-02-05 02:32 - 00026131 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libaraw_plugin.dll
    2014-02-05 02:32 - 2014-02-05 02:32 - 00171027 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libopus_plugin.dll
    2014-02-05 02:32 - 2014-02-05 02:32 - 00019475 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\liba52_plugin.dll
    2014-02-05 02:32 - 2014-02-05 02:32 - 00019987 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libspudec_plugin.dll
    2014-02-05 02:32 - 2014-02-05 02:32 - 10396179 _____ () C:\Program Files\VideoLAN\VLC\plugins\codec\libavcodec_plugin.dll
    2014-02-05 02:31 - 2014-02-05 02:31 - 00724499 _____ () C:\Program Files\VideoLAN\VLC\plugins\text_renderer\libfreetype_plugin.dll
    2014-02-05 02:32 - 2014-02-05 02:32 - 00013843 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_mixer\libfloat_mixer_plugin.dll
    2014-02-05 02:31 - 2014-02-05 02:31 - 00018963 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll
    2014-02-05 02:31 - 2014-02-05 02:31 - 00026643 _____ () C:\Program Files\VideoLAN\VLC\plugins\sse2\libi420_yuy2_sse2_plugin.dll
    2014-02-05 02:31 - 2014-02-05 02:31 - 00130579 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libmpgatofixed32_plugin.dll
    2014-02-05 02:31 - 2014-02-05 02:31 - 00168979 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libdtstofloat32_plugin.dll
    2014-02-05 02:31 - 2014-02-05 02:31 - 00019987 _____ () C:\Program Files\VideoLAN\VLC\plugins\mmx\libi420_yuy2_mmx_plugin.dll
    2014-02-05 02:31 - 2014-02-05 02:31 - 00058899 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\liba52tofloat32_plugin.dll
    2014-02-05 02:32 - 2014-02-05 02:32 - 00555027 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_filter\libswscale_plugin.dll
    2014-02-05 02:31 - 2014-02-05 02:31 - 01496083 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libsamplerate_plugin.dll
    2014-02-05 02:31 - 2014-02-05 02:31 - 00019475 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libsimple_channel_mixer_plugin.dll
    2014-02-05 02:31 - 2014-02-05 02:31 - 00013331 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\liba52tospdif_plugin.dll
    2014-02-05 02:31 - 2014-02-05 02:31 - 00014355 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libdtstospdif_plugin.dll
    2014-02-05 02:31 - 2014-02-05 02:31 - 00014867 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libdolby_surround_decoder_plugin.dll
    2014-02-05 02:31 - 2014-02-05 02:31 - 00113683 _____ () C:\Program Files\VideoLAN\VLC\plugins\sse2\libi420_rgb_sse2_plugin.dll
    2014-02-05 02:31 - 2014-02-05 02:31 - 00014355 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libugly_resampler_plugin.dll
    2014-02-05 02:31 - 2014-02-05 02:31 - 00027667 _____ () C:\Program Files\VideoLAN\VLC\plugins\sse2\libi422_yuy2_sse2_plugin.dll
    2014-02-05 02:31 - 2014-02-05 02:31 - 00015379 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libtrivial_channel_mixer_plugin.dll
    2014-02-05 02:31 - 2014-02-05 02:31 - 00019987 _____ () C:\Program Files\VideoLAN\VLC\plugins\mmx\libi422_yuy2_mmx_plugin.dll
    2014-02-05 02:31 - 2014-02-05 02:31 - 00025619 _____ () C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libaudio_format_plugin.dll
    2014-02-05 02:31 - 2014-02-05 02:31 - 00053779 _____ () C:\Program Files\VideoLAN\VLC\plugins\mmx\libi420_rgb_mmx_plugin.dll
    2014-02-05 02:31 - 2014-02-05 02:31 - 00016915 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuy2_i422_plugin.dll
    2014-02-05 02:31 - 2014-02-05 02:31 - 00015379 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libgrey_yuv_plugin.dll
    2014-02-05 02:31 - 2014-02-05 02:31 - 00032275 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_rgb_plugin.dll
    2014-02-05 02:31 - 2014-02-05 02:31 - 00018963 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi420_yuy2_plugin.dll
    2014-02-05 02:31 - 2014-02-05 02:31 - 00020499 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libyuy2_i420_plugin.dll
    2014-02-05 02:31 - 2014-02-05 02:31 - 00017427 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_plugin.dll
    2014-02-05 02:31 - 2014-02-05 02:31 - 00015379 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_i420_plugin.dll
    2014-02-05 02:32 - 2014-02-05 02:32 - 00015379 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_filter\libscale_plugin.dll
    2014-02-05 02:32 - 2014-02-05 02:32 - 00013843 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_filter\libyuvp_plugin.dll
    2014-02-05 02:31 - 2014-02-05 02:31 - 00067091 _____ () C:\Program Files\VideoLAN\VLC\plugins\video_output\libdirect3d_plugin.dll
    2015-06-24 23:21 - 2015-06-24 23:21 - 17321648 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_18_0_0_194.dll

    ==================== Alternate Data Streams (Whitelisted) =========
     
  4. tebo173

    tebo173 TS Rookie Topic Starter

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1061790985-3839154058-3968913689-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
    DNS Servers: 41.66.193.149 - 8.8.8.8

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)


    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{D9B39DBE-E49F-4128-BDC8-8E7FA152381C}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
    FirewallRules: [{124263BF-B8F5-4B12-A22F-79B173205A77}] => (Allow) C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
    FirewallRules: [{967AB26E-6440-4B3E-9EC7-9C5741506377}] => (Allow) C:\Program Files\Research In Motion\BlackBerry Desktop\Rim.Desktop.exe
    FirewallRules: [{18BF7214-C696-4B92-B3B4-980AC18322C9}] => (Allow) LPort=4481
    FirewallRules: [{70031506-2008-454E-B21E-89233BEB5C23}] => (Allow) LPort=4481
    FirewallRules: [{A429449C-0783-4EE9-AE8E-5A8DB5BD6A0F}] => (Allow) LPort=4482
    FirewallRules: [{DA9E1E85-1E92-4C44-90E2-A0C6ADC99D7F}] => (Allow) LPort=4482
    FirewallRules: [{91341BDC-D74B-41D4-B3AF-E9A25599E4E8}] => (Allow) C:\Program Files\AVG\AVG2014\avgmfapx.exe
    FirewallRules: [{BF2439DB-8A0F-498F-B7DA-AA43B2FDAB3C}] => (Allow) C:\Program Files\AVG\AVG2014\avgmfapx.exe
    FirewallRules: [{443D1D1B-F33E-4DDC-B687-414F01646D0F}] => (Allow) C:\Program Files\BitLord 2\Bitlord files\bitlord.exe
    FirewallRules: [{5BDEAFC6-4C6C-474E-9E33-716E5CC2DAB6}] => (Allow) C:\Program Files\BitLord 2\Bitlord files\bitlord.exe
    FirewallRules: [{3AC3D1F4-A064-4973-8341-5617050B6C8C}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    FirewallRules: [TCP Query User{44D9856B-B1DF-4911-AC13-406CA6D9078C}C:\program files\bitlord 2\bitlord files\bitlord.exe] => (Allow) C:\program files\bitlord 2\bitlord files\bitlord.exe
    FirewallRules: [UDP Query User{36F22A30-2E0D-4357-98A6-429CA3104895}C:\program files\bitlord 2\bitlord files\bitlord.exe] => (Allow) C:\program files\bitlord 2\bitlord files\bitlord.exe
    FirewallRules: [{D12FB0A9-1EE3-4AF6-850F-6D5CCFA657DC}] => (Allow) C:\Program Files\AVG\AVG2014\avgnsx.exe
    FirewallRules: [{7637B233-F221-4EB7-BFE7-CF4DA6C7464A}] => (Allow) C:\Program Files\AVG\AVG2014\avgnsx.exe
    FirewallRules: [{93622904-F26A-4E41-A577-2AB7465E5766}] => (Allow) C:\Program Files\AVG\AVG2014\avgdiagex.exe
    FirewallRules: [{59389CC0-E05B-4E6C-AA3D-2F32C1701B49}] => (Allow) C:\Program Files\AVG\AVG2014\avgdiagex.exe
    FirewallRules: [{3089C787-8722-40D0-AF2C-F297F4BCA4F0}] => (Allow) C:\Program Files\AVG\AVG2014\avgemcx.exe
    FirewallRules: [{F73956FA-86CA-4722-8F43-6E4E5DA2C878}] => (Allow) C:\Program Files\AVG\AVG2014\avgemcx.exe
    FirewallRules: [{A72D9E06-82AA-4A0D-B026-AA20834DFB7B}] => (Allow) C:\Program Files\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
    FirewallRules: [{829B97E2-59F5-4307-8D51-8FD2C802B11B}] => (Allow) C:\Program Files\DVDVideoSoft\Free Torrent Download\FreeTorrentDownload.exe
    FirewallRules: [{5C5C096B-ED11-4EF5-8D47-86773BD0F012}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [{703BE6B6-FF47-4453-9442-E94C780CE70F}] => (Allow) C:\Program Files\Mozilla Firefox\firefox.exe
    FirewallRules: [TCP Query User{198419FE-40B4-46D7-8B21-C46B0F0D915C}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
    FirewallRules: [UDP Query User{BB045621-DED5-4496-A9E0-99A3CDE6A45B}C:\program files\mozilla firefox\firefox.exe] => (Allow) C:\program files\mozilla firefox\firefox.exe
    FirewallRules: [{C3F0206D-9AFE-48D5-8BEB-5DB3D2F1226A}] => (Allow) C:\Program Files\AVG\AVG2015\avgnsx.exe
    FirewallRules: [{64360115-2B74-42F9-8F83-6F5E44D0D698}] => (Allow) C:\Program Files\AVG\AVG2015\avgnsx.exe
    FirewallRules: [{0582C253-D2A4-48B4-AD6C-592F7BDC167F}] => (Allow) C:\Program Files\AVG\AVG2015\avgdiagex.exe
    FirewallRules: [{926E82B2-8D1D-4AF4-BB15-E7BF49C2CFDC}] => (Allow) C:\Program Files\AVG\AVG2015\avgdiagex.exe
    FirewallRules: [{CD5A709F-CABE-42B5-897C-7FDE5577295D}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe
    FirewallRules: [{FF377108-D352-42D6-94BC-7D9FB906F918}] => (Allow) C:\Program Files\AVG\AVG2015\avgmfapx.exe
    FirewallRules: [{5F20E670-46EB-4EBA-B9DF-A4FF16EBAD41}] => (Allow) C:\Program Files\AVG\AVG2015\avgemcx.exe
    FirewallRules: [{0A00F77C-0462-4B6E-95B1-0611210BC136}] => (Allow) C:\Program Files\AVG\AVG2015\avgemcx.exe

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (06/27/2015 09:29:24 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3011) (User: NT AUTHORITY)
    Description: Unloading the performance counter strings for service WmiApRpl (WmiApRpl) failed. The first DWORD in the Data section contains the error code.

    Error: (06/27/2015 09:29:24 PM) (Source: Microsoft-Windows-LoadPerf) (EventID: 3012) (User: NT AUTHORITY)
    Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

    Error: (06/27/2015 09:28:44 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (06/27/2015 02:41:59 PM) (Source: RasClient) (EventID: 20227) (User: )
    Description: CoId={F513D30D-B3C9-463E-A0BB-F2ED7BDC6D36}: The user user-PC\user dialed a connection named TIGO-GH which has failed. The error code returned on failure is 692.

    Error: (06/27/2015 02:29:10 PM) (Source: WinMgmt) (EventID: 10) (User: )
    Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

    Error: (06/27/2015 01:04:40 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: plugin-container.exe, version: 36.0.1.5542, time stamp: 0x54f851c0
    Faulting module name: mozalloc.dll, version: 36.0.1.5542, time stamp: 0x54f8437e
    Exception code: 0x80000003
    Fault offset: 0x00001e02
    Faulting process id: 0x1334
    Faulting application start time: 0xplugin-container.exe0
    Faulting application path: plugin-container.exe1
    Faulting module path: plugin-container.exe2
    Report Id: plugin-container.exe3

    Error: (06/27/2015 01:04:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program firefox.exe version 36.0.1.5542 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 5b0

    Start Time: 01d0b0d03c6a6861

    Termination Time: 1541

    Application Path: C:\Program Files\Mozilla Firefox\firefox.exe

    Report Id: 8c91127e-1cc4-11e5-b39c-00e04c30adea

    Error: (06/27/2015 00:34:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program iexplore.exe version 11.0.9600.17840 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: ab4

    Start Time: 01d0b0cbb20bf2ad

    Termination Time: 296

    Application Path: C:\Program Files\Internet Explorer\iexplore.exe

    Report Id:

    Error: (06/27/2015 00:23:07 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: plugin-container.exe, version: 36.0.1.5542, time stamp: 0x54f851c0
    Faulting module name: mozalloc.dll, version: 36.0.1.5542, time stamp: 0x54f8437e
    Exception code: 0x80000003
    Fault offset: 0x00001e02
    Faulting process id: 0x12b0
    Faulting application start time: 0xplugin-container.exe0
    Faulting application path: plugin-container.exe1
    Faulting module path: plugin-container.exe2
    Report Id: plugin-container.exe3

    Error: (06/27/2015 00:23:04 PM) (Source: Application Hang) (EventID: 1002) (User: )
    Description: The program firefox.exe version 36.0.1.5542 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

    Process ID: 171c

    Start Time: 01d0b0bfee848759

    Termination Time: 2949

    Application Path: C:\Program Files\Mozilla Firefox\firefox.exe

    Report Id: c937ed39-1cbe-11e5-b39c-00e04c30adea


    System errors:
    =============
    Error: (06/27/2015 09:27:48 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    cdrom

    Error: (06/27/2015 09:27:03 PM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 2:42:16 PM on ‎6/‎27/‎2015 was unexpected.

    Error: (06/27/2015 02:31:01 PM) (Source: Disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk1\DR1.

    Error: (06/27/2015 02:28:18 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    cdrom

    Error: (06/27/2015 11:55:26 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
    Description: The ESET Service service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.

    Error: (06/27/2015 10:49:06 AM) (Source: Disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk1\DR8.

    Error: (06/27/2015 10:43:07 AM) (Source: Disk) (EventID: 11) (User: )
    Description: The driver detected a controller error on \Device\Harddisk1\DR8.

    Error: (06/27/2015 08:12:06 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    cdrom

    Error: (06/26/2015 07:02:11 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
    Description: The following boot-start or system-start driver(s) failed to load:
    cdrom

    Error: (06/26/2015 07:00:00 PM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 6:58:06 PM on ‎6/‎26/‎2015 was unexpected.


    Microsoft Office:
    =========================

    ==================== Memory info ===========================

    Processor: Intel(R) Atom(TM) CPU N270 @ 1.60GHz
    Percentage of memory in use: 87%
    Total physical RAM: 1014.12 MB
    Available physical RAM: 129.83 MB
    Total Pagefile: 2296.01 MB
    Available Pagefile: 366.87 MB
    Total Virtual: 2047.88 MB
    Available Virtual: 1894.47 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:39.06 GB) (Free:16.42 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
    Drive d: (New Volume) (Fixed) (Total:109.98 GB) (Free:17.03 GB) NTFS
    Drive e: (BOAT) (Removable) (Total:7.43 GB) (Free:4.39 GB) FAT32

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 149.1 GB) (Disk ID: 95A31CC3)
    Partition 1: (Active) - (Size=39.1 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=110 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (Size: 7.4 GB) (Disk ID: 00000000)

    Partition: GPT Partition Type.

    ==================== End of log ============================
     
  5. Broni

    Broni Malware Annihilator Posts: 52,915   +344

    Welcome aboard [​IMG]

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    ================================

    [​IMG] You're not saying what your computer issues are.

    [​IMG] Uninstall following unwanted programs:

    PRiCeMMinus
    Video Performer


    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2

    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

    [​IMG] Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.

    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
      • Launch Malwarebytes Anti-Malware
      • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.


    If you already have MBAM 2.0 installed:

    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.

    How to get logs:
    (Export log to save as txt)


    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.


    (Copy to clipboard for pasting into forum replies or tickets)

    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.

    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.

    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
Topic Status:
Not open for further replies.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...