mom26gr8kids
Posts: 574 +0
My SAS found a trojan during its scan last night. The trojan is found in a program that I downloaded a few weeks ago from a safe application. This is how the SAS listed it:
Trojan.Agent/Gen-Qudamah
C:\PROGRAM FILES (X86)\HOSPITAL HUSTLE\HOSPITAL HUSTLE.EXE
C:\Windows\Prefetch\HOSPITAL HUSTLE.EXE-6FFD58FD.pf
FRST log
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-06-2015 01
Ran by songe_000 (administrator) on MOMSPC on 23-06-2015 01:02:39
Running from C:\Users\songe_000\Downloads
Loaded Profiles: songe_000 & (Available Profiles: songe_000)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Soluto) C:\Program Files\Soluto\SolutoLauncherService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Touch Tools\TouchToolsLaunchSvc.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(TODO: <Company name>) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(Soluto) C:\Program Files\Soluto\Soluto.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Spotify Ltd) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QuickAccess.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerWinMonitor.exe
(CompSoft) C:\Program Files (x86)\DoroPDFWriter\DoroServer.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
(Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Screen Grasp\GestureDetection.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Screen Grasp\Launch Screen Grasp.exe
(Soluto) C:\Program Files\Soluto\SolutoService.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672304 2014-03-18] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-13] (Apple Inc.)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1427648 2015-06-11] (COMODO)
HKLM-x32\...\Run: [BacKGround Agent] => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [66304 2015-05-12] (Acer Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [730416 2015-06-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [DoroServer] => C:\Program Files (x86)\DoroPDFWriter\DoroServer.exe [204800 2015-01-05] (CompSoft)
HKLM-x32\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe [92928 2015-05-12] ()
HKLM\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-02-25] (Qualcomm®Atheros®)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AviraSpeedup] => C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe [7611640 2014-12-11] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-634217685-3676121620-3412417090-1001\...\Run: [Spotify Web Helper] => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe [1168896 2014-07-31] (Spotify Ltd)
HKU\S-1-5-21-634217685-3676121620-3412417090-1001\...\Run: [AviraSpeedup] => C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe [7611640 2014-12-11] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-634217685-3676121620-3412417090-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7799576 2015-06-14] (SUPERAntiSpyware)
HKU\S-1-5-21-634217685-3676121620-3412417090-1001\...\Run: [HP Officejet 6700 (NET)] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-634217685-3676121620-3412417090-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify Web Helper] => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe [1168896 2014-07-31] (Spotify Ltd)
HKU\S-1-5-21-634217685-3676121620-3412417090-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AviraSpeedup] => C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe [7611640 2014-12-11] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-634217685-3676121620-3412417090-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7799576 2015-06-14] (SUPERAntiSpyware)
HKU\S-1-5-21-634217685-3676121620-3412417090-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [HP Officejet 6700 (NET)] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-18\...\Run: [AviraSpeedup] => C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe [7611640 2014-12-11] (Avira Operations GmbH & Co. KG)
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-05-06] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-05-06] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-05-06] (Acer Incorporated)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-634217685-3676121620-3412417090-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com/?pc=ACJB
HKU\S-1-5-21-634217685-3676121620-3412417090-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com/?pc=ACJB
SearchScopes: HKU\S-1-5-21-634217685-3676121620-3412417090-1001 -> {40336561-029C-4454-9B88-ABBC02A37CD8} URL = https://search.yahoo.com/search?fr=mcafee&type=B010US662D20141022&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-634217685-3676121620-3412417090-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {40336561-029C-4454-9B88-ABBC02A37CD8} URL = https://search.yahoo.com/search?fr=mcafee&type=B010US662D20141022&p={SearchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll [2015-06-04] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll [2015-06-04] (McAfee, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll [2015-06-04] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll [2015-06-04] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{35E41C0F-2342-4FB7-AC06-AE79D8DBCF9B}: [NameServer] 156.154.70.22,156.154.71.22
Tcpip\..\Interfaces\{DEE13008-C737-4AC5-9444-F2960207D42F}: [NameServer] 156.154.70.22,156.154.71.22
FireFox:
========
FF ProfilePath: C:\Users\songe_000\AppData\Roaming\Mozilla\Firefox\Profiles\2lsg6gue.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Keyword.URL: https://search.yahoo.com/search?fr=mcafee&type=B110US662D20141022&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-06-04] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-04] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-11-03] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-07-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-634217685-3676121620-3412417090-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\songe_000\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-10-08] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-634217685-3676121620-3412417090-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\songe_000\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-10-08] (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2015-01-04]
FF Extension: Avira Browser Safety - C:\Users\songe_000\AppData\Roaming\Mozilla\Firefox\Profiles\2lsg6gue.default\Extensions\abs@avira.com [2015-06-03]
FF Extension: WOT - C:\Users\songe_000\AppData\Roaming\Mozilla\Firefox\Profiles\2lsg6gue.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-06-04]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-05-16]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
Chrome:
=======
CHR Profile: C:\Users\songe_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\songe_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-22]
CHR Extension: (Google Docs) - C:\Users\songe_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-22]
CHR Extension: (Google Drive) - C:\Users\songe_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-22]
CHR Extension: (WOT) - C:\Users\songe_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-10-25]
CHR Extension: (YouTube) - C:\Users\songe_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-22]
CHR Extension: (Google Search) - C:\Users\songe_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-22]
CHR Extension: (Avira SafeSearch) - C:\Users\songe_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\eglgfnfolcgijipffhlhbbnefdcbjbml [2014-10-25]
CHR Extension: (Google Sheets) - C:\Users\songe_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-22]
CHR Extension: (SiteAdvisor) - C:\Users\songe_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-11-21]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\songe_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
CHR Extension: (Google Wallet) - C:\Users\songe_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-22]
CHR Extension: (Gmail) - C:\Users\songe_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-22]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-06-13]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-06-13]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827184 2015-06-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [450808 2015-06-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [450808 2015-06-16] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1188360 2015-06-16] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-02-12] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [319104 2014-02-25] (Windows (R) Win 7 DDK provider) [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2015-03-20] (Microsoft Corporation)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2839296 2015-05-12] (Acer Incorporated)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2736824 2015-04-07] (Microsoft Corporation)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5541960 2015-06-11] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265792 2015-06-11] (COMODO)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573544 2014-03-21] (Acer Incorporated)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [235008 2013-07-16] (TODO: <Company name>) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-18] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [459496 2014-03-17] (Acer Incorporate)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; c:\Program Files (x86)\McAfee\siteadvisor\mcsacore.exe [155368 2015-06-04] (McAfee, Inc.)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [457960 2014-03-21] (Acer Incorporate)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [449768 2014-03-21] (Acer Incorporate)
R2 SolutoLauncherService; C:\Program Files\Soluto\SolutoLauncherService.exe [221728 2013-12-18] (Soluto)
S3 SolutoRemoteService; C:\Program Files\Soluto\SolutoRemoteService.exe [1942016 2013-12-18] (GlavSoft LLC.) [File not signed]
R2 TouchToolsLaunchService; C:\Program Files\Acer\Acer Touch Tools\TouchToolsLaunchSvc.exe [250624 2014-01-08] (Acer Incorporated)
R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [222952 2014-01-25] (acer)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-03-11] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-03-11] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3888640 2014-02-14] (Qualcomm Atheros Communications, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [153256 2015-06-16] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132656 2015-06-16] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2015-06-16] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-04-09] (Avira Operations GmbH & Co. KG)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-02-25] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20672 2015-06-05] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [820928 2015-06-05] (COMODO)
R1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [35056 2015-06-05] (COMODO)
R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [99320 2013-10-03] (Intel Corporation)
R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [126696 2015-06-05] (COMODO)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [466136 2014-01-14] (Realsil Semiconductor Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [42224 2014-02-19] (Synaptics Incorporated)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-02-03] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-03-11] (Microsoft Corporation)
R3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-23 01:02 - 2015-06-23 01:03 - 00024301 _____ C:\Users\songe_000\Downloads\FRST.txt
2015-06-23 00:59 - 2015-06-23 01:02 - 00000000 ____D C:\FRST
2015-06-23 00:59 - 2015-06-23 00:59 - 02109952 _____ (Farbar) C:\Users\songe_000\Downloads\FRST64.exe
2015-06-16 11:47 - 2015-06-16 11:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-06-14 11:52 - 2015-06-14 11:52 - 00000000 ____D C:\Users\songe_000\AppData\Local\GWX
2015-06-14 11:09 - 2015-06-14 11:09 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-14 11:09 - 2015-06-14 11:09 - 01020928 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-14 11:09 - 2015-06-14 11:09 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-14 11:09 - 2015-06-14 11:09 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-14 11:09 - 2015-06-14 11:09 - 00422912 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-14 11:09 - 2015-06-14 11:09 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-14 11:09 - 2015-06-14 11:09 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-14 11:09 - 2015-06-14 11:09 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-10 17:18 - 2015-06-10 17:18 - 03633664 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2015-06-10 17:18 - 2015-06-10 17:18 - 03097600 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-06-10 17:18 - 2015-06-10 17:18 - 02749952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2015-06-10 17:18 - 2015-06-10 17:18 - 02551808 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2015-06-10 17:18 - 2015-06-10 17:18 - 02483712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-06-10 17:18 - 2015-06-10 17:18 - 01920000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2015-06-10 17:18 - 2015-06-10 17:18 - 01430528 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-10 17:18 - 2015-06-10 17:18 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2015-06-10 17:18 - 2015-06-10 17:18 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-06-10 17:18 - 2015-06-10 17:18 - 01018880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2015-06-10 17:18 - 2015-06-10 17:18 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2015-06-10 17:18 - 2015-06-10 17:18 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2015-06-10 17:18 - 2015-06-10 17:18 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2015-06-10 17:18 - 2015-06-10 17:18 - 00699392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2015-06-10 17:18 - 2015-06-10 17:18 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2015-06-10 17:18 - 2015-06-10 17:18 - 00468480 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2015-06-10 17:18 - 2015-06-10 17:18 - 00391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2015-06-10 17:18 - 2015-06-10 17:18 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2015-06-10 17:18 - 2015-06-10 17:18 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2015-06-10 17:18 - 2015-06-10 17:18 - 00325464 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2015-06-10 17:18 - 2015-06-10 17:18 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\compstui.dll
2015-06-10 17:18 - 2015-06-10 17:18 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\authz.dll
2015-06-10 17:18 - 2015-06-10 17:18 - 00272896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2015-06-10 17:18 - 2015-06-10 17:18 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2015-06-10 17:18 - 2015-06-10 17:18 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\rastapi.dll
2015-06-10 17:18 - 2015-06-10 17:18 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastapi.dll
2015-06-10 17:18 - 2015-06-10 17:18 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authz.dll
2015-06-10 17:18 - 2015-06-10 17:18 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rgb9rast.dll
2015-06-10 17:18 - 2015-06-10 17:18 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-10 17:18 - 2015-04-08 16:07 - 00410336 _____ C:\Windows\system32\ApnDatabase.xml
2015-06-09 19:05 - 2015-06-09 19:05 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-09 19:05 - 2015-06-09 19:05 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-09 19:05 - 2015-06-09 19:05 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-09 19:05 - 2015-06-09 19:05 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-09 19:05 - 2015-06-09 19:05 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-09 19:05 - 2015-06-09 19:05 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-09 19:05 - 2015-06-09 19:05 - 00549888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 04177920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-09 19:04 - 2015-06-09 19:04 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-09 19:04 - 2015-06-09 19:04 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-09 19:04 - 2015-06-09 19:04 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 01042944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-09 19:04 - 2015-05-22 21:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-09 19:04 - 2015-05-22 13:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-09 18:43 - 2015-06-09 18:43 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-06-09 18:43 - 2015-06-09 18:43 - 00002071 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-06-04 19:10 - 2015-06-04 19:10 - 01124544 _____ (Adobe Systems Incorporated) C:\Users\songe_000\Downloads\flashplayer17au_ha_install.exe
2015-06-04 00:24 - 2015-06-05 00:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-01 15:20 - 2015-06-01 15:20 - 00000000 ____D C:\Users\songe_000\AppData\Roaming\GameInvest
2015-06-01 15:16 - 2015-06-01 15:16 - 00002114 _____ C:\Users\Public\Desktop\Play Shop-N-Spree Family Fortune.lnk
2015-06-01 15:16 - 2015-06-01 15:16 - 00001284 _____ C:\Users\Public\Desktop\More Great Games.lnk
2015-06-01 15:15 - 2015-06-01 15:16 - 00000000 ____D C:\Program Files (x86)\Shop-N-Spree Family Fortune
2015-06-01 15:15 - 2015-06-01 15:15 - 00000000 ____D C:\Users\songe_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shop-N-Spree Family Fortune
2015-06-01 15:15 - 2015-06-01 15:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shop-N-Spree Family Fortune
2015-06-01 15:13 - 2015-06-01 15:13 - 00002018 _____ C:\Users\Public\Desktop\Play Antique Road Trip USA.lnk
2015-06-01 15:13 - 2015-06-01 15:13 - 00000000 ____D C:\Users\songe_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antique Road Trip USA
2015-06-01 15:13 - 2015-06-01 15:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antique Road Trip USA
2015-06-01 15:13 - 2015-06-01 15:13 - 00000000 ____D C:\Program Files (x86)\Antique Road Trip USA
2015-05-31 16:22 - 2015-05-31 16:22 - 00002123 _____ C:\Users\Public\Desktop\Play Jojo's Fashion Show - World Tour.lnk
2015-05-31 16:22 - 2015-05-31 16:22 - 00000000 ____D C:\Users\songe_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jojo's Fashion Show - World Tour
2015-05-31 16:22 - 2015-05-31 16:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jojo's Fashion Show - World Tour
2015-05-31 16:22 - 2015-05-31 16:22 - 00000000 ____D C:\Program Files (x86)\Jojo's Fashion Show - World Tour
2015-05-31 16:20 - 2015-05-31 16:20 - 00237568 _____ (Big Fish Games) C:\Users\songe_000\Downloads\bigfishgames_p236180967_s1_l1.exe
2015-05-31 16:18 - 2015-05-31 16:18 - 00001988 _____ C:\Users\Public\Desktop\Play Hospital Hustle.lnk
2015-05-31 16:17 - 2015-06-22 01:30 - 00000000 ____D C:\Program Files (x86)\Hospital Hustle
2015-05-31 16:17 - 2015-05-31 16:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hospital Hustle
2015-05-25 13:37 - 2015-05-25 13:37 - 00000887 _____ C:\Users\songe_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ableton Live 9 Lite.lnk
2015-05-25 13:27 - 2015-05-25 13:33 - 718458996 _____ C:\Users\songe_000\Downloads\ableton_live_lite_9.1.8_32.zip
2015-05-25 13:23 - 2015-05-25 13:25 - 00000000 ____D C:\Users\songe_000\Documents\Ableton
2015-05-25 13:19 - 2015-05-25 13:53 - 00000000 ____D C:\Users\songe_000\AppData\Roaming\Ableton
2015-05-25 13:13 - 2015-05-25 13:38 - 00000000 ____D C:\ProgramData\Ableton
2015-05-25 13:13 - 2015-05-25 13:13 - 00000901 _____ C:\Users\songe_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ableton Live 9 Trial.lnk
2015-05-25 12:52 - 2015-05-25 13:03 - 718450804 _____ C:\Users\songe_000\Downloads\ableton_live_trial_9.1.8_32 (1).zip
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-23 01:02 - 2014-10-22 22:11 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-23 01:01 - 2014-10-25 16:29 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-23 01:00 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\system32\sru
2015-06-23 00:56 - 2014-10-22 21:47 - 01197267 _____ C:\Windows\WindowsUpdate.log
2015-06-22 19:15 - 2014-10-22 22:04 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-634217685-3676121620-3412417090-1001
2015-06-22 19:10 - 2014-10-22 22:11 - 00002207 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-22 17:34 - 2015-02-02 22:21 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-22 17:34 - 2015-02-02 22:20 - 00001118 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-22 17:34 - 2015-02-02 22:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-22 17:34 - 2015-02-02 22:20 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-22 17:34 - 2014-11-03 00:22 - 00004980 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for MOMSPC-songe_000 Momspc
2015-06-22 17:33 - 2014-10-22 22:11 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-22 10:22 - 2014-10-22 22:01 - 00000000 ___DO C:\Users\songe_000\OneDrive
2015-06-22 01:50 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\AppReadiness
2015-06-21 21:14 - 2014-10-22 22:09 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{1FC5DB9F-BE6B-48AE-BFCD-CB104919ACD0}
2015-06-21 21:13 - 2013-08-22 08:46 - 00058269 _____ C:\Windows\setupact.log
2015-06-18 00:12 - 2013-08-22 08:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-18 00:11 - 2013-08-22 07:25 - 00524288 ___SH C:\Windows\system32\config\BBI
2015-06-17 22:41 - 2014-12-15 01:11 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-17 22:41 - 2014-10-31 20:19 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-16 13:16 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\rescache
2015-06-16 12:54 - 2013-08-22 09:20 - 00000000 ____D C:\Windows\CbsTemp
2015-06-16 12:48 - 2014-03-18 04:03 - 01167098 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-16 11:47 - 2015-05-07 15:01 - 00002056 _____ C:\Users\Public\Desktop\Avira Antivirus.lnk
2015-06-16 11:46 - 2014-10-25 17:52 - 00153256 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-06-16 11:46 - 2014-10-25 17:52 - 00132656 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-06-16 11:46 - 2014-10-25 17:52 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-06-14 11:54 - 2014-11-09 14:57 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-06-14 11:26 - 2014-03-18 03:54 - 00390272 _____ C:\Windows\PFRO.log
2015-06-14 11:25 - 2014-11-10 21:44 - 00060942 _____ C:\Windows\system32\Drivers\fvstore.dat
2015-06-14 11:20 - 2014-10-22 23:09 - 00001963 _____ C:\Users\Public\Desktop\COMODO Firewall.lnk
2015-06-13 23:49 - 2014-07-31 04:24 - 00000000 ____D C:\ProgramData\Temp
2015-06-13 23:10 - 2014-05-16 07:43 - 00000000 ____D C:\Program Files (x86)\McAfee
2015-06-13 23:08 - 2013-08-22 09:36 - 00000000 ___RD C:\Windows\ToastData
2015-06-13 16:54 - 2013-08-22 08:44 - 00497840 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-13 16:50 - 2014-10-25 19:59 - 00000000 ____D C:\Windows\system32\MRT
2015-06-13 16:50 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-13 16:45 - 2014-10-25 19:59 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-13 16:42 - 2014-10-22 21:57 - 00000000 ____D C:\Users\songe_000
2015-06-13 16:41 - 2014-11-04 01:36 - 01345536 ___SH C:\Users\songe_000\Downloads\Thumbs.db
2015-06-10 17:18 - 2014-03-18 03:59 - 02473472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2015-06-09 19:05 - 2015-04-21 12:28 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-09 19:05 - 2015-04-21 12:28 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-09 18:51 - 2014-10-27 18:07 - 00000000 ____D C:\Users\songe_000\AppData\Local\Adobe
2015-06-09 18:44 - 2014-12-31 00:44 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-06-09 18:43 - 2014-05-16 07:40 - 00000000 ____D C:\ProgramData\Adobe
2015-06-09 18:43 - 2014-05-16 07:40 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-06-05 18:22 - 2014-12-30 22:53 - 00000000 ____D C:\BigFishCache
2015-06-05 07:36 - 2014-04-16 22:13 - 00820928 _____ (COMODO) C:\Windows\system32\Drivers\cmdguard.sys
2015-06-05 07:36 - 2014-04-16 22:13 - 00126696 _____ (COMODO) C:\Windows\system32\Drivers\inspect.sys
2015-06-05 07:36 - 2014-04-16 22:13 - 00035056 _____ (COMODO) C:\Windows\system32\Drivers\cmdhlp.sys
2015-06-05 07:36 - 2014-04-16 22:13 - 00020672 _____ (COMODO) C:\Windows\system32\Drivers\cmderd.sys
2015-06-05 07:34 - 2014-03-25 20:22 - 00576824 _____ (COMODO) C:\Windows\system32\guard64.dll
2015-06-05 07:34 - 2014-03-25 20:22 - 00444448 _____ (COMODO) C:\Windows\SysWOW64\guard32.dll
2015-06-05 07:34 - 2014-03-25 20:22 - 00041224 _____ (COMODO) C:\Windows\system32\cmdcsr.dll
2015-06-05 07:33 - 2014-03-25 20:22 - 00358080 _____ (COMODO) C:\Windows\system32\cmdvrt64.dll
2015-06-05 07:32 - 2014-03-25 20:22 - 00045760 _____ (COMODO) C:\Windows\system32\cmdkbd64.dll
2015-06-05 07:31 - 2014-03-25 20:22 - 00288448 _____ (COMODO) C:\Windows\SysWOW64\cmdvrt32.dll
2015-06-05 07:31 - 2014-03-25 20:22 - 00040640 _____ (COMODO) C:\Windows\SysWOW64\cmdkbd32.dll
2015-06-05 00:59 - 2014-10-23 15:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-04 18:54 - 2014-10-25 16:29 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-01 15:16 - 2014-12-30 22:58 - 00000000 ____D C:\ProgramData\Big Fish
2015-06-01 15:15 - 2014-05-16 07:30 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-05-26 11:05 - 2013-08-22 09:36 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2015-05-26 10:59 - 2015-04-11 17:53 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-05-26 10:59 - 2015-04-11 17:53 - 00000000 ___SD C:\Windows\system32\GWX
==================== Files in the root of some directories =======
2015-02-12 15:54 - 2015-02-12 15:54 - 0000000 _____ () C:\Users\songe_000\AppData\Local\{57E7CF6A-D32F-4B89-AC9B-E9DF5CA836F1}
2015-02-09 23:34 - 2015-02-09 23:34 - 0000098 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
Some files in TEMP:
====================
C:\Users\songe_000\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-06-14 11:13
==================== End of log ============================
Trojan.Agent/Gen-Qudamah
C:\PROGRAM FILES (X86)\HOSPITAL HUSTLE\HOSPITAL HUSTLE.EXE
C:\Windows\Prefetch\HOSPITAL HUSTLE.EXE-6FFD58FD.pf
FRST log
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-06-2015 01
Ran by songe_000 (administrator) on MOMSPC on 23-06-2015 01:02:39
Running from C:\Users\songe_000\Downloads
Loaded Profiles: songe_000 & (Available Profiles: songe_000)
Platform: Windows 8.1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\AdminService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Soluto) C:\Program Files\Soluto\SolutoLauncherService.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Touch Tools\TouchToolsLaunchSvc.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cavwp.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QASvc.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\RMSvc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe
(TODO: <Company name>) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cistray.exe
(Soluto) C:\Program Files\Soluto\Soluto.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAEvent.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Spotify Ltd) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QAMsg.exe
(Acer Incorporate) C:\Program Files\Acer\Acer Quick Access\QuickAccess.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cis.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerWinMonitor.exe
(CompSoft) C:\Program Files (x86)\DoroPDFWriter\DoroServer.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
(Acer) C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe
() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Screen Grasp\GestureDetection.exe
(Acer Incorporated) C:\Program Files (x86)\Acer\Screen Grasp\Launch Screen Grasp.exe
(Soluto) C:\Program Files\Soluto\SolutoService.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13672304 2014-03-18] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-04-13] (Apple Inc.)
HKLM\...\Run: [COMODO Internet Security] => C:\Program Files\COMODO\COMODO Internet Security\cistray.exe [1427648 2015-06-11] (COMODO)
HKLM-x32\...\Run: [BacKGround Agent] => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [66304 2015-05-12] (Acer Incorporated)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [730416 2015-06-16] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [DoroServer] => C:\Program Files (x86)\DoroPDFWriter\DoroServer.exe [204800 2015-01-05] (CompSoft)
HKLM-x32\...\Run: [abDocsDllLoader] => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe [92928 2015-05-12] ()
HKLM\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe,c:\program files\soluto\soluto.exe /userinit
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\BtvStack.exe [134784 2014-02-25] (Qualcomm®Atheros®)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AviraSpeedup] => C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe [7611640 2014-12-11] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-634217685-3676121620-3412417090-1001\...\Run: [Spotify Web Helper] => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe [1168896 2014-07-31] (Spotify Ltd)
HKU\S-1-5-21-634217685-3676121620-3412417090-1001\...\Run: [AviraSpeedup] => C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe [7611640 2014-12-11] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-634217685-3676121620-3412417090-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7799576 2015-06-14] (SUPERAntiSpyware)
HKU\S-1-5-21-634217685-3676121620-3412417090-1001\...\Run: [HP Officejet 6700 (NET)] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-21-634217685-3676121620-3412417090-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Spotify Web Helper] => C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe [1168896 2014-07-31] (Spotify Ltd)
HKU\S-1-5-21-634217685-3676121620-3412417090-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [AviraSpeedup] => C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe [7611640 2014-12-11] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-634217685-3676121620-3412417090-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7799576 2015-06-14] (SUPERAntiSpyware)
HKU\S-1-5-21-634217685-3676121620-3412417090-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [HP Officejet 6700 (NET)] => C:\Program Files\HP\HP Officejet 6700\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
HKU\S-1-5-18\...\Run: [AviraSpeedup] => C:\Program Files (x86)\Avira\AviraSpeedup\avira_system_speedup.exe [7611640 2014-12-11] (Avira Operations GmbH & Co. KG)
ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-05-06] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-05-06] (Acer Incorporated)
ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2015-05-06] (Acer Incorporated)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\S-1-5-21-634217685-3676121620-3412417090-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com/?pc=ACJB
HKU\S-1-5-21-634217685-3676121620-3412417090-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer13.msn.com/?pc=ACJB
SearchScopes: HKU\S-1-5-21-634217685-3676121620-3412417090-1001 -> {40336561-029C-4454-9B88-ABBC02A37CD8} URL = https://search.yahoo.com/search?fr=mcafee&type=B010US662D20141022&p={SearchTerms}
SearchScopes: HKU\S-1-5-21-634217685-3676121620-3412417090-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {40336561-029C-4454-9B88-ABBC02A37CD8} URL = https://search.yahoo.com/search?fr=mcafee&type=B010US662D20141022&p={SearchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-03-10] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll [2015-06-04] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll [2015-06-04] (McAfee, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\x64\McIEPlg.dll [2015-06-04] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\siteadvisor\McIEPlg.dll [2015-06-04] (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{35E41C0F-2342-4FB7-AC06-AE79D8DBCF9B}: [NameServer] 156.154.70.22,156.154.71.22
Tcpip\..\Interfaces\{DEE13008-C737-4AC5-9444-F2960207D42F}: [NameServer] 156.154.70.22,156.154.71.22
FireFox:
========
FF ProfilePath: C:\Users\songe_000\AppData\Roaming\Mozilla\Firefox\Profiles\2lsg6gue.default
FF DefaultSearchEngine: Google
FF DefaultSearchEngine.US: Google
FF Keyword.URL: https://search.yahoo.com/search?fr=mcafee&type=B110US662D20141022&p=
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-06-04] ()
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-06-04] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-11-03] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-07-12] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-634217685-3676121620-3412417090-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\songe_000\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-10-08] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-634217685-3676121620-3412417090-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\songe_000\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-10-08] (Unity Technologies ApS)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2015-01-04]
FF Extension: Avira Browser Safety - C:\Users\songe_000\AppData\Roaming\Mozilla\Firefox\Profiles\2lsg6gue.default\Extensions\abs@avira.com [2015-06-03]
FF Extension: WOT - C:\Users\songe_000\AppData\Roaming\Mozilla\Firefox\Profiles\2lsg6gue.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-06-04]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-05-16]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
Chrome:
=======
CHR Profile: C:\Users\songe_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\songe_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2014-10-22]
CHR Extension: (Google Docs) - C:\Users\songe_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-10-22]
CHR Extension: (Google Drive) - C:\Users\songe_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-10-22]
CHR Extension: (WOT) - C:\Users\songe_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2014-10-25]
CHR Extension: (YouTube) - C:\Users\songe_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-10-22]
CHR Extension: (Google Search) - C:\Users\songe_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-22]
CHR Extension: (Avira SafeSearch) - C:\Users\songe_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\eglgfnfolcgijipffhlhbbnefdcbjbml [2014-10-25]
CHR Extension: (Google Sheets) - C:\Users\songe_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2014-10-22]
CHR Extension: (SiteAdvisor) - C:\Users\songe_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2014-11-21]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\songe_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-12]
CHR Extension: (Google Wallet) - C:\Users\songe_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-22]
CHR Extension: (Gmail) - C:\Users\songe_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-10-22]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-06-13]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2015-06-13]
==================== Services (Whitelisted) =================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [827184 2015-06-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [450808 2015-06-16] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [450808 2015-06-16] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1188360 2015-06-16] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-02-12] (Apple Inc.)
R2 AtherosSvc; C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\adminservice.exe [319104 2014-02-25] (Windows (R) Win 7 DDK provider) [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [324608 2015-03-20] (Microsoft Corporation)
R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2839296 2015-05-12] (Acer Incorporated)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2736824 2015-04-07] (Microsoft Corporation)
R2 CmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [5541960 2015-06-11] (COMODO)
S3 cmdvirth; C:\Program Files\COMODO\COMODO Internet Security\cmdvirth.exe [2265792 2015-06-11] (COMODO)
R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573544 2014-03-21] (Acer Incorporated)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [235008 2013-07-16] (TODO: <Company name>) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89352 2014-09-15] (Hewlett-Packard Company)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-18] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation)
R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [459496 2014-03-17] (Acer Incorporate)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 McAfee SiteAdvisor Service; c:\Program Files (x86)\McAfee\siteadvisor\mcsacore.exe [155368 2015-06-04] (McAfee, Inc.)
R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [457960 2014-03-21] (Acer Incorporate)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
R3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [449768 2014-03-21] (Acer Incorporate)
R2 SolutoLauncherService; C:\Program Files\Soluto\SolutoLauncherService.exe [221728 2013-12-18] (Soluto)
S3 SolutoRemoteService; C:\Program Files\Soluto\SolutoRemoteService.exe [1942016 2013-12-18] (GlavSoft LLC.) [File not signed]
R2 TouchToolsLaunchService; C:\Program Files\Acer\Acer Touch Tools\TouchToolsLaunchSvc.exe [250624 2014-01-08] (Acer Incorporated)
R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [222952 2014-01-25] (acer)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366520 2015-03-11] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23792 2015-03-11] (Microsoft Corporation)
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [3888640 2014-02-14] (Qualcomm Atheros Communications, Inc.)
R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [153256 2015-06-16] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [132656 2015-06-16] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [28600 2015-06-16] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\system32\DRIVERS\avnetflt.sys [43576 2015-04-09] (Avira Operations GmbH & Co. KG)
S3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-02-25] (Qualcomm Atheros)
S3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [226304 2014-03-18] (Microsoft Corporation)
R1 cmderd; C:\Windows\System32\DRIVERS\cmderd.sys [20672 2015-06-05] (COMODO)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [820928 2015-06-05] (COMODO)
R1 cmdhlp; C:\Windows\system32\DRIVERS\cmdhlp.sys [35056 2015-06-05] (COMODO)
R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [99320 2013-10-03] (Intel Corporation)
R1 inspect; C:\Windows\system32\DRIVERS\inspect.sys [126696 2015-06-05] (COMODO)
R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [64216 2015-04-14] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation)
R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [466136 2014-01-14] (Realsil Semiconductor Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SynRMIHID; C:\Windows\system32\DRIVERS\SynRMIHID.sys [42224 2014-02-19] (Synaptics Incorporated)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-02-03] ()
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114496 2015-03-11] (Microsoft Corporation)
R3 cpuz136; \??\C:\Windows\TEMP\cpuz136\cpuz136_x64.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-23 01:02 - 2015-06-23 01:03 - 00024301 _____ C:\Users\songe_000\Downloads\FRST.txt
2015-06-23 00:59 - 2015-06-23 01:02 - 00000000 ____D C:\FRST
2015-06-23 00:59 - 2015-06-23 00:59 - 02109952 _____ (Farbar) C:\Users\songe_000\Downloads\FRST64.exe
2015-06-16 11:47 - 2015-06-16 11:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-06-14 11:52 - 2015-06-14 11:52 - 00000000 ____D C:\Users\songe_000\AppData\Local\GWX
2015-06-14 11:09 - 2015-06-14 11:09 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-06-14 11:09 - 2015-06-14 11:09 - 01020928 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-06-14 11:09 - 2015-06-14 11:09 - 00756736 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-06-14 11:09 - 2015-06-14 11:09 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-06-14 11:09 - 2015-06-14 11:09 - 00422912 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-06-14 11:09 - 2015-06-14 11:09 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-06-14 11:09 - 2015-06-14 11:09 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-06-14 11:09 - 2015-06-14 11:09 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-06-10 17:18 - 2015-06-10 17:18 - 03633664 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2015-06-10 17:18 - 2015-06-10 17:18 - 03097600 _____ (Microsoft Corporation) C:\Windows\system32\msftedit.dll
2015-06-10 17:18 - 2015-06-10 17:18 - 02749952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2015-06-10 17:18 - 2015-06-10 17:18 - 02551808 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2015-06-10 17:18 - 2015-06-10 17:18 - 02483712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msftedit.dll
2015-06-10 17:18 - 2015-06-10 17:18 - 01920000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2015-06-10 17:18 - 2015-06-10 17:18 - 01430528 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2015-06-10 17:18 - 2015-06-10 17:18 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2015-06-10 17:18 - 2015-06-10 17:18 - 01091072 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2015-06-10 17:18 - 2015-06-10 17:18 - 01018880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2015-06-10 17:18 - 2015-06-10 17:18 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\SearchIndexer.exe
2015-06-10 17:18 - 2015-06-10 17:18 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\mssvp.dll
2015-06-10 17:18 - 2015-06-10 17:18 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchIndexer.exe
2015-06-10 17:18 - 2015-06-10 17:18 - 00699392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssvp.dll
2015-06-10 17:18 - 2015-06-10 17:18 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\puiobj.dll
2015-06-10 17:18 - 2015-06-10 17:18 - 00468480 _____ (Microsoft Corporation) C:\Windows\system32\mssph.dll
2015-06-10 17:18 - 2015-06-10 17:18 - 00391680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssph.dll
2015-06-10 17:18 - 2015-06-10 17:18 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\puiobj.dll
2015-06-10 17:18 - 2015-06-10 17:18 - 00337408 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2015-06-10 17:18 - 2015-06-10 17:18 - 00325464 ____C (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2015-06-10 17:18 - 2015-06-10 17:18 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\compstui.dll
2015-06-10 17:18 - 2015-06-10 17:18 - 00275968 _____ (Microsoft Corporation) C:\Windows\system32\authz.dll
2015-06-10 17:18 - 2015-06-10 17:18 - 00272896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2015-06-10 17:18 - 2015-06-10 17:18 - 00248832 _____ (Microsoft Corporation) C:\Windows\system32\mssphtb.dll
2015-06-10 17:18 - 2015-06-10 17:18 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\rastapi.dll
2015-06-10 17:18 - 2015-06-10 17:18 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastapi.dll
2015-06-10 17:18 - 2015-06-10 17:18 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authz.dll
2015-06-10 17:18 - 2015-06-10 17:18 - 00158720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rgb9rast.dll
2015-06-10 17:18 - 2015-06-10 17:18 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll
2015-06-10 17:18 - 2015-04-08 16:07 - 00410336 _____ C:\Windows\system32\ApnDatabase.xml
2015-06-09 19:05 - 2015-06-09 19:05 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-06-09 19:05 - 2015-06-09 19:05 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-06-09 19:05 - 2015-06-09 19:05 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-06-09 19:05 - 2015-06-09 19:05 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-06-09 19:05 - 2015-06-09 19:05 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-06-09 19:05 - 2015-06-09 19:05 - 00653824 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-06-09 19:05 - 2015-06-09 19:05 - 00549888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 04177920 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-06-09 19:04 - 2015-06-09 19:04 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 02865152 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-06-09 19:04 - 2015-06-09 19:04 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-06-09 19:04 - 2015-06-09 19:04 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 01042944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 00374272 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 00327168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-06-09 19:04 - 2015-06-09 19:04 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-06-09 19:04 - 2015-05-22 21:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-06-09 19:04 - 2015-05-22 13:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-06-09 18:43 - 2015-06-09 18:43 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-06-09 18:43 - 2015-06-09 18:43 - 00002071 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-06-04 19:10 - 2015-06-04 19:10 - 01124544 _____ (Adobe Systems Incorporated) C:\Users\songe_000\Downloads\flashplayer17au_ha_install.exe
2015-06-04 00:24 - 2015-06-05 00:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-06-01 15:20 - 2015-06-01 15:20 - 00000000 ____D C:\Users\songe_000\AppData\Roaming\GameInvest
2015-06-01 15:16 - 2015-06-01 15:16 - 00002114 _____ C:\Users\Public\Desktop\Play Shop-N-Spree Family Fortune.lnk
2015-06-01 15:16 - 2015-06-01 15:16 - 00001284 _____ C:\Users\Public\Desktop\More Great Games.lnk
2015-06-01 15:15 - 2015-06-01 15:16 - 00000000 ____D C:\Program Files (x86)\Shop-N-Spree Family Fortune
2015-06-01 15:15 - 2015-06-01 15:15 - 00000000 ____D C:\Users\songe_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Shop-N-Spree Family Fortune
2015-06-01 15:15 - 2015-06-01 15:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Shop-N-Spree Family Fortune
2015-06-01 15:13 - 2015-06-01 15:13 - 00002018 _____ C:\Users\Public\Desktop\Play Antique Road Trip USA.lnk
2015-06-01 15:13 - 2015-06-01 15:13 - 00000000 ____D C:\Users\songe_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antique Road Trip USA
2015-06-01 15:13 - 2015-06-01 15:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Antique Road Trip USA
2015-06-01 15:13 - 2015-06-01 15:13 - 00000000 ____D C:\Program Files (x86)\Antique Road Trip USA
2015-05-31 16:22 - 2015-05-31 16:22 - 00002123 _____ C:\Users\Public\Desktop\Play Jojo's Fashion Show - World Tour.lnk
2015-05-31 16:22 - 2015-05-31 16:22 - 00000000 ____D C:\Users\songe_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Jojo's Fashion Show - World Tour
2015-05-31 16:22 - 2015-05-31 16:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jojo's Fashion Show - World Tour
2015-05-31 16:22 - 2015-05-31 16:22 - 00000000 ____D C:\Program Files (x86)\Jojo's Fashion Show - World Tour
2015-05-31 16:20 - 2015-05-31 16:20 - 00237568 _____ (Big Fish Games) C:\Users\songe_000\Downloads\bigfishgames_p236180967_s1_l1.exe
2015-05-31 16:18 - 2015-05-31 16:18 - 00001988 _____ C:\Users\Public\Desktop\Play Hospital Hustle.lnk
2015-05-31 16:17 - 2015-06-22 01:30 - 00000000 ____D C:\Program Files (x86)\Hospital Hustle
2015-05-31 16:17 - 2015-05-31 16:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hospital Hustle
2015-05-25 13:37 - 2015-05-25 13:37 - 00000887 _____ C:\Users\songe_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ableton Live 9 Lite.lnk
2015-05-25 13:27 - 2015-05-25 13:33 - 718458996 _____ C:\Users\songe_000\Downloads\ableton_live_lite_9.1.8_32.zip
2015-05-25 13:23 - 2015-05-25 13:25 - 00000000 ____D C:\Users\songe_000\Documents\Ableton
2015-05-25 13:19 - 2015-05-25 13:53 - 00000000 ____D C:\Users\songe_000\AppData\Roaming\Ableton
2015-05-25 13:13 - 2015-05-25 13:38 - 00000000 ____D C:\ProgramData\Ableton
2015-05-25 13:13 - 2015-05-25 13:13 - 00000901 _____ C:\Users\songe_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ableton Live 9 Trial.lnk
2015-05-25 12:52 - 2015-05-25 13:03 - 718450804 _____ C:\Users\songe_000\Downloads\ableton_live_trial_9.1.8_32 (1).zip
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2015-06-23 01:02 - 2014-10-22 22:11 - 00000920 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-23 01:01 - 2014-10-25 16:29 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-06-23 01:00 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\system32\sru
2015-06-23 00:56 - 2014-10-22 21:47 - 01197267 _____ C:\Windows\WindowsUpdate.log
2015-06-22 19:15 - 2014-10-22 22:04 - 00003596 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-634217685-3676121620-3412417090-1001
2015-06-22 19:10 - 2014-10-22 22:11 - 00002207 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-06-22 17:34 - 2015-02-02 22:21 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-06-22 17:34 - 2015-02-02 22:20 - 00001118 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-06-22 17:34 - 2015-02-02 22:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-06-22 17:34 - 2015-02-02 22:20 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-06-22 17:34 - 2014-11-03 00:22 - 00004980 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for MOMSPC-songe_000 Momspc
2015-06-22 17:33 - 2014-10-22 22:11 - 00000916 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-22 10:22 - 2014-10-22 22:01 - 00000000 ___DO C:\Users\songe_000\OneDrive
2015-06-22 01:50 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\AppReadiness
2015-06-21 21:14 - 2014-10-22 22:09 - 00003934 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{1FC5DB9F-BE6B-48AE-BFCD-CB104919ACD0}
2015-06-21 21:13 - 2013-08-22 08:46 - 00058269 _____ C:\Windows\setupact.log
2015-06-18 00:12 - 2013-08-22 08:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-06-18 00:11 - 2013-08-22 07:25 - 00524288 ___SH C:\Windows\system32\config\BBI
2015-06-17 22:41 - 2014-12-15 01:11 - 00000000 ____D C:\Windows\system32\appraiser
2015-06-17 22:41 - 2014-10-31 20:19 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-06-16 13:16 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\rescache
2015-06-16 12:54 - 2013-08-22 09:20 - 00000000 ____D C:\Windows\CbsTemp
2015-06-16 12:48 - 2014-03-18 04:03 - 01167098 _____ C:\Windows\system32\PerfStringBackup.INI
2015-06-16 11:47 - 2015-05-07 15:01 - 00002056 _____ C:\Users\Public\Desktop\Avira Antivirus.lnk
2015-06-16 11:46 - 2014-10-25 17:52 - 00153256 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avgntflt.sys
2015-06-16 11:46 - 2014-10-25 17:52 - 00132656 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avipbb.sys
2015-06-16 11:46 - 2014-10-25 17:52 - 00028600 _____ (Avira Operations GmbH & Co. KG) C:\Windows\system32\Drivers\avkmgr.sys
2015-06-14 11:54 - 2014-11-09 14:57 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-06-14 11:26 - 2014-03-18 03:54 - 00390272 _____ C:\Windows\PFRO.log
2015-06-14 11:25 - 2014-11-10 21:44 - 00060942 _____ C:\Windows\system32\Drivers\fvstore.dat
2015-06-14 11:20 - 2014-10-22 23:09 - 00001963 _____ C:\Users\Public\Desktop\COMODO Firewall.lnk
2015-06-13 23:49 - 2014-07-31 04:24 - 00000000 ____D C:\ProgramData\Temp
2015-06-13 23:10 - 2014-05-16 07:43 - 00000000 ____D C:\Program Files (x86)\McAfee
2015-06-13 23:08 - 2013-08-22 09:36 - 00000000 ___RD C:\Windows\ToastData
2015-06-13 16:54 - 2013-08-22 08:44 - 00497840 _____ C:\Windows\system32\FNTCACHE.DAT
2015-06-13 16:50 - 2014-10-25 19:59 - 00000000 ____D C:\Windows\system32\MRT
2015-06-13 16:50 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2015-06-13 16:45 - 2014-10-25 19:59 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2015-06-13 16:42 - 2014-10-22 21:57 - 00000000 ____D C:\Users\songe_000
2015-06-13 16:41 - 2014-11-04 01:36 - 01345536 ___SH C:\Users\songe_000\Downloads\Thumbs.db
2015-06-10 17:18 - 2014-03-18 03:59 - 02473472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PrintConfig.dll
2015-06-09 19:05 - 2015-04-21 12:28 - 00792568 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-06-09 19:05 - 2015-04-21 12:28 - 00178168 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-06-09 18:51 - 2014-10-27 18:07 - 00000000 ____D C:\Users\songe_000\AppData\Local\Adobe
2015-06-09 18:44 - 2014-12-31 00:44 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-06-09 18:43 - 2014-05-16 07:40 - 00000000 ____D C:\ProgramData\Adobe
2015-06-09 18:43 - 2014-05-16 07:40 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-06-05 18:22 - 2014-12-30 22:53 - 00000000 ____D C:\BigFishCache
2015-06-05 07:36 - 2014-04-16 22:13 - 00820928 _____ (COMODO) C:\Windows\system32\Drivers\cmdguard.sys
2015-06-05 07:36 - 2014-04-16 22:13 - 00126696 _____ (COMODO) C:\Windows\system32\Drivers\inspect.sys
2015-06-05 07:36 - 2014-04-16 22:13 - 00035056 _____ (COMODO) C:\Windows\system32\Drivers\cmdhlp.sys
2015-06-05 07:36 - 2014-04-16 22:13 - 00020672 _____ (COMODO) C:\Windows\system32\Drivers\cmderd.sys
2015-06-05 07:34 - 2014-03-25 20:22 - 00576824 _____ (COMODO) C:\Windows\system32\guard64.dll
2015-06-05 07:34 - 2014-03-25 20:22 - 00444448 _____ (COMODO) C:\Windows\SysWOW64\guard32.dll
2015-06-05 07:34 - 2014-03-25 20:22 - 00041224 _____ (COMODO) C:\Windows\system32\cmdcsr.dll
2015-06-05 07:33 - 2014-03-25 20:22 - 00358080 _____ (COMODO) C:\Windows\system32\cmdvrt64.dll
2015-06-05 07:32 - 2014-03-25 20:22 - 00045760 _____ (COMODO) C:\Windows\system32\cmdkbd64.dll
2015-06-05 07:31 - 2014-03-25 20:22 - 00288448 _____ (COMODO) C:\Windows\SysWOW64\cmdvrt32.dll
2015-06-05 07:31 - 2014-03-25 20:22 - 00040640 _____ (COMODO) C:\Windows\SysWOW64\cmdkbd32.dll
2015-06-05 00:59 - 2014-10-23 15:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-06-04 18:54 - 2014-10-25 16:29 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-06-01 15:16 - 2014-12-30 22:58 - 00000000 ____D C:\ProgramData\Big Fish
2015-06-01 15:15 - 2014-05-16 07:30 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-05-26 11:05 - 2013-08-22 09:36 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2015-05-26 10:59 - 2015-04-11 17:53 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2015-05-26 10:59 - 2015-04-11 17:53 - 00000000 ___SD C:\Windows\system32\GWX
==================== Files in the root of some directories =======
2015-02-12 15:54 - 2015-02-12 15:54 - 0000000 _____ () C:\Users\songe_000\AppData\Local\{57E7CF6A-D32F-4B89-AC9B-E9DF5CA836F1}
2015-02-09 23:34 - 2015-02-09 23:34 - 0000098 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.351.64.bc
Some files in TEMP:
====================
C:\Users\songe_000\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-06-14 11:13
==================== End of log ============================