Solved Virus from .exe file

P

PhilM

Posts: 20   +0
Hi, I was searching for a pdf the other night and, obviously not paying enough due care and attention, I ran the file. It turns out it was some horrible malware that is highjacking my google searches and added loads of foreign processes on my laptop. I've made the log files you need through far bar recovery tool. Here they are, thank you for your help :)

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 19-05-2015
Ran by Phil is fiiiine (administrator) on M17X on 21-05-2015 15:41:24
Running from C:\Users\Phil is fiiiine\Desktop
Loaded Profiles: Phil is fiiiine (Available profiles: user & Phil is fiiiine)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 10 (Default browser path: "C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe" -- "%1")
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Sensible Vision ) C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
(ClaraLabs) C:\Program Files (x86)\Common Files\ClaraUpdater\ClaraUpdater.exe
() C:\Program Files\OSD\Service1.exe
(Scarlet.Crush Productions) C:\Program Files\Scarlet.Crush Productions\bin\ScpService.exe
(Web Bar Media) C:\Program Files\WebBar\2.0.5527.25142\wb.exe
() C:\Users\Phil is fiiiine\AppData\Local\4C4C4544-1432175666-3210-8032-38C04F373638\cnsq572E.tmp
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
() C:\Users\Phil is fiiiine\AppData\Roaming\4C4C4544-1432171864-3210-8032-38C04F373638\nsp473C.tmpfs
() C:\Users\Phil is fiiiine\AppData\Roaming\4C4C4544-1432171864-3210-8032-38C04F373638\jnsf7812.tmp
() C:\Users\Phil is fiiiine\AppData\Local\Temp\isdk3j2wYk7T\ISightHost.exe
() C:\Users\Phil is fiiiine\AppData\Roaming\4C4C4544-1432171864-3210-8032-38C04F373638\hnsk912F.tmp
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
() C:\Program Files (x86)\Coupoon\UpdateCheck.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
() C:\Users\Phil is fiiiine\AppData\Local\mbot_gb_571\upmbot_gb_571.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Alienware Corporation) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Flux Software LLC) C:\Users\Phil is fiiiine\AppData\Local\FluxSoftware\Flux\flux.exe
() C:\Users\Phil is fiiiine\AppData\Roaming\AceWebExtension\updater\ace_web_extension.exe
(Nosibay) C:\Users\Phil is fiiiine\AppData\Roaming\WTools\Selection Tools\Selection Tools.exe
(Sensible Vision ) C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
(Sensible Vision ) C:\Program Files\Alienware\Command Center\AlienSense\FATrayAlert.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe
() C:\Users\Phil is fiiiine\AppData\Roaming\SSN\ssn.exe
(Microsoft) C:\Program Files\OSD\OSD_Main.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
() C:\Program Files (x86)\mbot_gb_571\mbot_gb_571.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFXHook64Mngr.exe
() C:\Users\Phil is fiiiine\AppData\Local\4C4C4544-1432175529-3210-8032-38C04F373638\bnsp3970.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
() C:\Users\Phil is fiiiine\AppData\Local\Temp\nso9253.tmp
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Infonaut) C:\Program Files (x86)\Infonaut_1.10.0.14\Service\insvc.exe
() C:\Program Files\shopperz\Anneliese.exe
() C:\Program Files\shopperz\Brito.exe
() C:\Program Files\shopperz\csrcc.exe
() C:\Program Files\shopperz\Brito64.exe
() C:\Program Files\shopperz\Grubb.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Games Bot Inc.) C:\Program Files (x86)\Games Bot\GamesBotSvc.exe
(Games Bot Inc.) C:\Program Files (x86)\Games Bot\GamesBotSvc.exe
(Games Bot Inc.) C:\Program Files (x86)\Games Bot\GamesBotSvc.exe
(Cinema PlusV21.05) C:\Program Files (x86)\CinemaPlus-3.2cV21.05\78df016b-ac63-4392-aae4-fd25f2dab633-10.exe
(Cinema PlusV21.05) C:\Program Files (x86)\CinemaPlus-3.2cV21.05\78df016b-ac63-4392-aae4-fd25f2dab633-6.exe
() C:\Program Files (x86)\gmsd_us_598\gmsd_us_598.exe
() C:\Users\Phil is fiiiine\AppData\Local\gmsd_us_598\upgmsd_us_598.exe
(Cinema PlusV21.05) C:\Program Files (x86)\CinemaPlus-3.2cV21.05\78df016b-ac63-4392-aae4-fd25f2dab633-1-6.exe
() C:\Program Files (x86)\Consumer Input\Monitoring\dca-monitoring.exe
() C:\Program Files (x86)\Coupoon\UpdateCheck.exe
() C:\Users\Phil is fiiiine\AppData\Local\Temp\nsf645F.tmp
(The Chromium Authors) C:\Users\Phil is fiiiine\AppData\Local\Games Bot\Explore\Explore.exe
(The Chromium Authors) C:\Users\Phil is fiiiine\AppData\Local\Games Bot\Explore\Explore.exe
(The Chromium Authors) C:\Users\Phil is fiiiine\AppData\Local\Games Bot\Explore\Explore.exe
(The Chromium Authors) C:\Users\Phil is fiiiine\AppData\Local\Games Bot\Explore\Explore.exe
(The Chromium Authors) C:\Users\Phil is fiiiine\AppData\Local\Games Bot\Explore\Explore.exe
(The Chromium Authors) C:\Users\Phil is fiiiine\AppData\Local\Games Bot\Explore\Explore.exe
(The Chromium Authors) C:\Users\Phil is fiiiine\AppData\Local\Games Bot\Explore\Explore.exe
(The Chromium Authors) C:\Users\Phil is fiiiine\AppData\Local\Games Bot\Explore\Explore.exe
(The Chromium Authors) C:\Users\Phil is fiiiine\AppData\Local\Games Bot\Explore\Explore.exe
(The Chromium Authors) C:\Users\Phil is fiiiine\AppData\Local\Games Bot\Explore\Explore.exe
() C:\Program Files (x86)\Coupoon\UpdateCheck.exe
() C:\Program Files (x86)\Coupoon\UpdateCheck.exe
(The Chromium Authors) C:\Users\Phil is fiiiine\AppData\Local\Games Bot\Explore\Explore.exe
() C:\Program Files (x86)\Coupoon\UpdateCheck.exe
() C:\Program Files (x86)\Coupoon\UpdateCheck.exe
 
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

  • fixlist.txt
    1.8 KB · Views: 1
Did you mean the most recent FRST file or the one from the first scan? I'm going to bed now so I'll get back to you again tomorrow, thanks again =)
 
In your previous reply you said "It's important that both files, FRST and fixlist.txt are in the same location" and I took that to mean the FRST log file which I have two of from the two farbar scans. Do you mean the FRST program and fixlist.txt file have to be in the same location?
 
Not logs but program itself - FRST64.exe
You have it in correct location:
Running from C:\Users\Phil is fiiiine\Desktop
Click to expand...
Make sure "fixlist.txt" file is also on your Desktop.
 
Fix result of Farbar Recovery Scan Tool (x64) Version: 22-05-2015 01
Ran by Phil is fiiiine at 2015-05-25 00:44:25 Run:1
Running from C:\Users\Phil is fiiiine\Desktop
Loaded Profiles: Phil is fiiiine (Available Profiles: user & Phil is fiiiine)
Boot Mode: Normal
==============================================

fixlist content:
*****************
GroupPolicyUsers\S-1-5-21-2075418120-132197448-404415077-1003\User: Group Policy Restriction detected <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-2075418120-132197448-404415077-1003\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
BHO-x32: No Name -> {0347C33E-8762-4905-BF09-768834316C61} -> No File
BHO-x32: No Name -> {326E768D-4182-46FD-9C16-1449A49795F4} -> No File
BHO-x32: No Name -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> No File
BHO-x32: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
BHO-x32: No Name -> {DA5BCE70-D057-4D63-943D-5F3927EC59F1} -> No File
BHO-x32: No Name -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> No File
Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll No File
S3 ALSysIO; \??\C:\Users\user\AppData\Local\Temp\ALSysIO64.sys [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 wacommousefilter; system32\DRIVERS\wacommousefilter.sys [X]
S3 wacomvhid; system32\DRIVERS\wacomvhid.sys [X]
2013-07-07 13:11 - 2014-06-25 18:44 - 0003730 _____ () C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml
2013-08-11 17:41 - 2013-08-11 17:55 - 0001261 _____ () C:\ProgramData\hpzinstall.log
2015-05-21 13:47 - 2015-05-23 16:32 - 0000112 _____ () C:\ProgramData\kS2l7aocg.dat
2014-01-18 07:00 - 2014-01-18 07:00 - 0000040 _____ () C:\ProgramData\ra3.ini
C:\ProgramData\kS2l7aocg.dat
Task: {17C9A8CE-B0DA-4C96-8874-0105454D8FB9} - \Optimizer Pro Schedule No Task File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\TEMP:1CE11B51

*****************

C:\Windows\system32\GroupPolicyUsers\S-1-5-21-2075418120-132197448-404415077-1003\User => Moved successfully.
C:\Windows\system32\GroupPolicy\GPT.ini => Moved successfully.
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key Removed successfully
"HKU\S-1-5-21-2075418120-132197448-404415077-1003\SOFTWARE\Policies\Microsoft\Internet Explorer" => key Removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}" => key Removed successfully
HKCR\Wow6432Node\CLSID\{0347C33E-8762-4905-BF09-768834316C61} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}" => key Removed successfully
HKCR\Wow6432Node\CLSID\{326E768D-4182-46FD-9C16-1449A49795F4} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}" => key Removed successfully
"HKCR\Wow6432Node\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}" => key Removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}" => key Removed successfully
HKCR\Wow6432Node\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DA5BCE70-D057-4D63-943D-5F3927EC59F1}" => key Removed successfully
HKCR\Wow6432Node\CLSID\{DA5BCE70-D057-4D63-943D-5F3927EC59F1} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}" => key Removed successfully
HKCR\Wow6432Node\CLSID\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} => key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value Removed successfully
HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => key not found.
"HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect" => key Removed successfully
ALSysIO => Service Removed successfully
Synth3dVsc => Service Removed successfully
tsusbhub => Service Removed successfully
VGPU => Service Removed successfully
wacommousefilter => Service Removed successfully
wacomvhid => Service Removed successfully
C:\Program Files (x86)\Mozilla Firefoxavg-secure-search.xml => Moved successfully.
C:\ProgramData\hpzinstall.log => Moved successfully.
C:\ProgramData\kS2l7aocg.dat => Moved successfully.
C:\ProgramData\ra3.ini => Moved successfully.
"C:\ProgramData\kS2l7aocg.dat" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{17C9A8CE-B0DA-4C96-8874-0105454D8FB9}" => key Removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{17C9A8CE-B0DA-4C96-8874-0105454D8FB9}" => key Removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Optimizer Pro Schedule => key not found.
C:\ProgramData\TEMP => ":1CE11B51" ADS Removed successfully.


The system needed a reboot.

==== End of Fixlog 00:44:26 ====
 
Last scans...

redtarget.gif
Download Security Check from here or here and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


redtarget.gif
Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.

redtarget.gif
Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.

redtarget.gif
Download Sophos Free Virus Removal Tool and save it to your desktop.
  • Double click the icon and select Run
  • Click Next
  • Select I accept the terms in this license agreement, then click Next twice
  • Click Install
  • Click Finish to launch the program
  • Once the virus database has been updated click Start Scanning
  • If any threats are found click Details, then View log file... (bottom left hand corner)
  • Copy and paste the results in your reply
  • Close the Notepad document, close the Threat Details screen, then click Start cleanup
  • Click Exit to close the program
 
The sophos tool said, at the end of the start cleanup process, that there were still unresolved threats on the computer, is that ok? Here are the logs you requested.

Results of screen317's Security Check version 1.002
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Microsoft Security Essentials
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 8 Update 45
Adobe Flash Player 17.0.0.188
Adobe Reader XI
Mozilla Firefox (38.0.1)
Google Chrome (42.0.2311.152)
Google Chrome (43.0.2357.65)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
AVAST Software Avast ng vbox\AvastVBoxSVC.exe
AVAST Software Avast ng ngservice.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

Farbar Service Scanner Version: 17-01-2015
Ran by Phil is fiiiine (administrator) on 25-05-2015 at 12:17:55
Running from "C:\Users\Phil is fiiiine\Desktop"
Microsoft Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
 
Here's the sophos log, I forgot to paste that into the above reply.

2015-05-25 11:34:52.558 Sophos Virus Removal Tool version 2.5.4
2015-05-25 11:34:52.558 Copyright (c) 2009-2014 Sophos Limited. All rights reserved.

2015-05-25 11:34:52.558 This tool will scan your computer for viruses and other threats. If it finds any, it will give you the option to remove them.

2015-05-25 11:34:52.558 Windows version 6.1 SP 1.0 Service Pack 1 build 7601 SM=0x100 PT=0x1 WOW64
2015-05-25 11:34:52.558 Checking for updates...
2015-05-25 11:34:55.241 Update progress: proxy server not available
2015-05-25 11:35:24.911 Option all = no
2015-05-25 11:35:24.911 Option recurse = yes
2015-05-25 11:35:24.912 Option archive = no
2015-05-25 11:35:24.912 Option service = yes
2015-05-25 11:35:24.912 Option confirm = yes
2015-05-25 11:35:24.912 Option sxl = yes
2015-05-25 11:35:24.919 Option max-data-age = 35
2015-05-25 11:35:24.920 Option EnableSafeClean = yes
2015-05-25 11:35:27.462 Downloading updates...
2015-05-25 11:35:27.465 Update progress: [I96736] Looking for package C1A903B2-E63E-483b-982D-04BB9C457C60 1.0
2015-05-25 11:35:27.465 Update progress: [I49502] Found supplement SAVIW32 LATEST
2015-05-25 11:35:27.465 Update progress: [I49502] Found supplement IDE515 LATEST
2015-05-25 11:35:27.465 Update progress: [I49502] Found supplement IDE516 LATEST
2015-05-25 11:35:27.466 Update progress: [I49502] Found supplement IDE517 LATEST
2015-05-25 11:35:27.466 Update progress: [I19463] Syncing product C1A903B2-E63E-483b-982D-04BB9C457C60 1
2015-05-25 11:35:27.466 Update progress: [I19463] Syncing product SAVIW32 54
2015-05-25 11:35:28.330 Option vdl-logging = yes
2015-05-25 11:35:28.365 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2015-05-25 11:35:28.365 Machine ID: 18e19b199eb140da88ae346ab41b6f2e
2015-05-25 11:35:28.370 Component SVRTcli.exe version 2.5.4
2015-05-25 11:35:28.370 Component control.dll version 2.5.4
2015-05-25 11:35:28.371 Component SVRTservice.exe version 2.5.4
2015-05-25 11:35:28.372 Component engine\osdp.dll version 1.44.1.2200
2015-05-25 11:35:28.373 Component engine\veex.dll version 3.60.0.2200
2015-05-25 11:35:28.374 Component engine\savi.dll version 8.1.7.2200
2015-05-25 11:35:28.376 Component rkdisk.dll version 1.5.30.0
2015-05-25 11:35:28.376 Version info: Product version 2.5.4
2015-05-25 11:35:28.379 Version info: Detection engine 3.60.0
2015-05-25 11:35:28.379 Version info: Detection data 5.14
2015-05-25 11:35:28.379 Version info: Build date 28/04/2015
2015-05-25 11:35:28.379 Version info: Data files added 330
2015-05-25 11:35:28.379 Version info: Last successful update (not yet updated)
2015-05-25 11:35:36.315 Update progress: [I19463] Syncing product IDE515 171
2015-05-25 11:35:39.831 Installing updates...
2015-05-25 11:35:41.239 Error level 1
2015-05-25 11:35:41.321 Update progress: [I19463] Syncing product IDE516 163
2015-05-25 11:35:41.321 Update progress: [I19463] Syncing product IDE517 1
2015-05-25 11:36:07.330 Update successful
2015-05-25 11:36:34.944 Option all = no
2015-05-25 11:36:34.944 Option recurse = yes
2015-05-25 11:36:34.945 Option archive = no
2015-05-25 11:36:34.945 Option service = yes
2015-05-25 11:36:34.945 Option confirm = yes
2015-05-25 11:36:34.945 Option sxl = yes
2015-05-25 11:36:34.950 Option max-data-age = 35
2015-05-25 11:36:34.950 Option EnableSafeClean = yes
2015-05-25 11:36:35.132 Option vdl-logging = yes
2015-05-25 11:36:35.166 Customer ID: 094260ca9b3af99f9d4a3909fc47a743
2015-05-25 11:36:35.166 Machine ID: 18e19b199eb140da88ae346ab41b6f2e
2015-05-25 11:36:35.170 Component SVRTcli.exe version 2.5.4
2015-05-25 11:36:35.170 Component control.dll version 2.5.4
2015-05-25 11:36:35.171 Component SVRTservice.exe version 2.5.4
2015-05-25 11:36:35.172 Component engine\osdp.dll version 1.44.1.2200
2015-05-25 11:36:35.173 Component engine\veex.dll version 3.60.0.2200
2015-05-25 11:36:35.173 Component engine\savi.dll version 8.1.7.2200
2015-05-25 11:36:35.175 Component rkdisk.dll version 1.5.30.0
2015-05-25 11:36:35.176 Version info: Product version 2.5.4
2015-05-25 11:36:35.178 Version info: Detection engine 3.60.0
2015-05-25 11:36:35.178 Version info: Detection data 5.14G
2015-05-25 11:36:35.178 Version info: Build date 28/04/2015
2015-05-25 11:36:35.178 Version info: Data files added 330
2015-05-25 11:36:35.178 Version info: Last successful update 25/05/2015 12:36:07

2015-05-25 14:21:15.457 Could not open C:\hiberfil.sys
2015-05-25 14:21:15.467 Could not open C:\pagefile.sys
2015-05-25 14:44:59.129 >>> Virus 'Troj/Agent-AJTU' found in file C:\Program Files (x86)\Electronic Arts\The Sims 4\Game\Bin\rld.dll
2015-05-25 14:44:59.130 >>> Virus 'Troj/Agent-AJTU' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
2015-05-25 14:44:59.131 >>> Virus 'Troj/Agent-AJTU' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
2015-05-25 14:44:59.131 >>> Virus 'Troj/Agent-AJTU' found in file HKU\S-1-5-21-2075418120-132197448-404415077-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-05-25 14:44:59.132 >>> Virus 'Troj/Agent-AJTU' found in file HKU\S-1-5-21-2075418120-132197448-404415077-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-05-25 14:44:59.133 >>> Virus 'Troj/Agent-AJTU' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-05-25 14:45:17.407 >>> Virus 'Troj/Agent-AJTQ' found in file C:\Program Files (x86)\Electronic Arts\The Sims 4\Game\Bin\RldOrigin.dll
2015-05-25 14:45:17.407 >>> Virus 'Troj/Agent-AJTQ' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
2015-05-25 14:45:17.408 >>> Virus 'Troj/Agent-AJTQ' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
2015-05-25 14:45:17.409 >>> Virus 'Troj/Agent-AJTQ' found in file HKU\S-1-5-21-2075418120-132197448-404415077-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-05-25 14:45:17.409 >>> Virus 'Troj/Agent-AJTQ' found in file HKU\S-1-5-21-2075418120-132197448-404415077-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-05-25 14:45:17.410 >>> Virus 'Troj/Agent-AJTQ' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-05-25 15:01:52.464 Could not open C:\System Volume Information\{0ba9afdd-0219-11e5-8f85-0026b9ff2d03}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-05-25 15:01:52.465 Could not open C:\System Volume Information\{2beffc6d-02cc-11e5-a56b-0026b9ff2d03}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-05-25 15:01:52.466 Could not open C:\System Volume Information\{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-05-25 15:01:52.467 Could not open C:\System Volume Information\{d11a346e-0265-11e5-9a79-0026b9ff2d03}{3808876b-c176-4e48-b7ae-04046e6cc752}
2015-05-25 15:02:17.259 Could not open C:\Users\Phil is fiiiine\AppData\Local\Google\Chrome\User Data\Default\Current Session
2015-05-25 15:02:17.362 Could not check C:\Users\Phil is fiiiine\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOCK (virus scan failed)
2015-05-25 15:02:17.410 Could not check C:\Users\Phil is fiiiine\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOCK (virus scan failed)
2015-05-25 15:02:28.928 Could not check C:\Users\Phil is fiiiine\AppData\Local\Google\Chrome\User Data\Default\GCM Store\LOCK (virus scan failed)
2015-05-25 15:02:29.300 Could not check C:\Users\Phil is fiiiine\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\mfidmkgnfgnkihnjeklbekckimkipmoe\LOCK (virus scan failed)
2015-05-25 15:02:29.338 Could not check C:\Users\Phil is fiiiine\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\LOCK (virus scan failed)
2015-05-25 15:02:29.846 Could not check C:\Users\Phil is fiiiine\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOCK (virus scan failed)
2015-05-25 15:09:20.715 >>> Virus 'Troj/Agent-AJTU' found in file C:\Users\user\Desktop\Sims 4 Fix\Game\Bin\rld.dll
2015-05-25 15:09:20.716 >>> Virus 'Troj/Agent-AJTU' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
2015-05-25 15:09:20.716 >>> Virus 'Troj/Agent-AJTU' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
2015-05-25 15:09:20.717 >>> Virus 'Troj/Agent-AJTU' found in file HKU\S-1-5-21-2075418120-132197448-404415077-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-05-25 15:09:20.718 >>> Virus 'Troj/Agent-AJTU' found in file HKU\S-1-5-21-2075418120-132197448-404415077-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-05-25 15:09:20.718 >>> Virus 'Troj/Agent-AJTU' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-05-25 15:09:38.658 >>> Virus 'Troj/Agent-AJTQ' found in file C:\Users\user\Desktop\Sims 4 Fix\Game\Bin\RldOrigin.dll
2015-05-25 15:09:38.658 >>> Virus 'Troj/Agent-AJTQ' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
2015-05-25 15:09:38.659 >>> Virus 'Troj/Agent-AJTQ' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
2015-05-25 15:09:38.660 >>> Virus 'Troj/Agent-AJTQ' found in file HKU\S-1-5-21-2075418120-132197448-404415077-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-05-25 15:09:38.660 >>> Virus 'Troj/Agent-AJTQ' found in file HKU\S-1-5-21-2075418120-132197448-404415077-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-05-25 15:09:38.661 >>> Virus 'Troj/Agent-AJTQ' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-05-25 15:09:45.459 >>> Virus 'Mal/Scribble-D' found in file C:\Users\user\Desktop\Sims 4 Fix\Game\Bin\TS4.exe
2015-05-25 15:09:45.459 Disinfection not offered
2015-05-25 15:25:56.270 >>> Virus 'Troj/Agent-AJTQ' found in file C:\Users\user\Documents\Sims 4\TS4 Ultimate Fix\Game\Bin\RldOrigin.dll
2015-05-25 15:25:56.270 >>> Virus 'Troj/Agent-AJTQ' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
2015-05-25 15:25:56.271 >>> Virus 'Troj/Agent-AJTQ' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ConsentPromptBehaviorAdmin
2015-05-25 15:25:56.272 >>> Virus 'Troj/Agent-AJTQ' found in file HKU\S-1-5-21-2075418120-132197448-404415077-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-05-25 15:25:56.273 >>> Virus 'Troj/Agent-AJTQ' found in file HKU\S-1-5-21-2075418120-132197448-404415077-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-05-25 15:25:56.273 >>> Virus 'Troj/Agent-AJTQ' found in file HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WarnOnPostRedirect
2015-05-25 15:49:36.752 Could not open C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb
2015-05-25 15:49:36.757 Could not open C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb
2015-05-25 15:49:42.723 Could not open C:\Windows\System32\config\RegBack\DEFAULT
2015-05-25 15:49:42.727 Could not open C:\Windows\System32\config\RegBack\SAM
2015-05-25 15:49:42.732 Could not open C:\Windows\System32\config\RegBack\SECURITY
2015-05-25 15:49:42.735 Could not open C:\Windows\System32\config\RegBack\SOFTWARE
2015-05-25 15:49:42.739 Could not open C:\Windows\System32\config\RegBack\SYSTEM
2015-05-25 16:30:29.935 The following items will be cleaned up:
2015-05-25 16:30:29.935 Troj/Agent-AJTU
2015-05-25 16:30:29.935 Troj/Agent-AJTQ
2015-05-25 16:30:29.935 Mal/Scribble-D
 
Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download
51a5ce45263de-delfix.png
DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:
  • Activate UAC (optional; some users prefer to keep it off)
  • Remove disinfection tools
  • Create registry backup
  • Purge System Restore
  • Reset system settings
Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

12. Please, let me know, how your computer is doing.
 
Thank you so much for your time and your help, the laptop is running much better now =) I just wanted to pick your brains over a couple of issues. Firstly, I'm really not sure if any of the scans you asked me to do detected any trojans or rootkits, what should I do with regards to my passwords? Also, on my taskbar notification area (where you can customize what icons and notifications appear on your taskbar) some of those dodgey browser icons are still there. Here's a screenshot of what I mean
upload_2015-5-25_20-55-14.png

That bobrowser is there, is that not actually on my computer though? I'm sorry if I sound computer illiterate but that's confusing me. Thanks again
 
There were no rootkits or trojans.

To remove those leftover icons...

Create new restore point before proceeding with the next step....
How to: http://www.smartestcomputing.us.com/topic/63983-how-to-create-new-restore-point-all-windows/

Go Start and in "Start search" type:
regedit
Press Enter.
Registry editor will open.
Navigate to:
HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\TrayNotify
In the right pane you'll see following values:
IconStreams
PastIconsStream
Right click on each of them, click "Delete".

Restart computer.
 
I've done that and the icons are still there =/ Also, there's an application and a process running that I don't like the look of, ones called "work" (application) and the other "ssn.exe" (save serp now). Google tells me its malware, can you help me with this? Here's the screenshots
upload_2015-5-26_0-51-32.png

ssn.exe is the 4th process from the bottom

upload_2015-5-26_0-52-17.png
 
What are the names of icons you don't want to be there?

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure you checkmark Addition.txt box so both logs will be produced.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please copy and paste it to your reply.
 
The icons I don' t want there are the bobrowser and crossbrowse icons, along with the offending .exe file, "bubbledock.exe" and "3D bubble sound.exe". Can you sort out this bogus "work" application for me as well? It's hangin around my application list and when I shutdown the pc it says that this "work" program is preventing it from shutting down immediately and there's a bogus google search that comes up in the background. Here's the additional scans you requested...
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 25-05-2015
Ran by Phil is fiiiine (administrator) on M17X on 26-05-2015 13:56:27
Running from C:\Users\Phil is fiiiine\Desktop
Loaded Profiles: Phil is fiiiine (Available Profiles: user & Phil is fiiiine)
Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser not detected!)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Sensible Vision ) C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\WTabletServiceCon.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
() C:\Program Files\OSD\Service1.exe
(Scarlet.Crush Productions) C:\Program Files\Scarlet.Crush Productions\bin\ScpService.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\UI0Detect.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TabletUser.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Wacom Technology) C:\Program Files\Tablet\Pen\WacomHost.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_TouchUser.exe
(Wacom Technology, Corp.) C:\Program Files\Tablet\Pen\Pen_Tablet.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Alienware Corporation) C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe
(Microsoft Corporation) C:\Program Files\Microsoft Xbox 360 Accessories\XBoxStat.exe
(Flux Software LLC) C:\Users\Phil is fiiiine\AppData\Local\FluxSoftware\Flux\flux.exe
(Sensible Vision ) C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe
(Sensible Vision ) C:\Program Files\Alienware\Command Center\AlienSense\FATrayAlert.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe
(Microsoft) C:\Program Files\OSD\OSD_Main.exe
(Avast Software s.r.o.) C:\Program Files\AVAST Software\Avast\AvastUI.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFXHook32Mngr.exe
(Alienware) C:\Program Files\Alienware\Command Center\AlienFXHook64Mngr.exe
() C:\Users\Phil is fiiiine\AppData\Roaming\SSN\ssn.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\CompatTel\diagtrackrunner.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation)
HKLM\...\Run: [AlienFX Controller] => C:\Program Files\Alienware\Command Center\AlienwareAlienFXController.exe [63304 2010-05-21] (Alienware Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM\...\Run: [XboxStat] => C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe [825184 2009-09-30] (Microsoft Corporation)
HKLM\...\Run: [3D BubbleSound] => "C:\Program Files\BubbleSound\3D BubbleSound.exe"
HKLM-x32\...\Run: [FATrayAlert] => C:\Program Files\Alienware\Command Center\AlienSense\FATrayMon.exe [95560 2010-04-04] (Sensible Vision )
HKLM-x32\...\Run: [OSD] => c:\Program Files\OSD\Launch.exe [36864 2009-05-12] (HH)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [Adobe Photo Downloader] => C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\apdproxy.exe [67752 2006-12-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1075296 2013-04-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2691480 2014-03-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5515496 2015-05-23] (Avast Software s.r.o.)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-11-17] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-10] ()
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2014-11-20] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [FAStartup] => [X]
Winlogon\Notify\FastAccess: C:\Program Files\Alienware\Command Center\AlienSense\FALogNot.dll [2010-04-04] ()
HKU\S-1-5-21-2075418120-132197448-404415077-1003\...\Run: [Steam] => C:\Program Files (x86)\Steam\Steam.exe [2874048 2015-02-19] (Valve Corporation)
HKU\S-1-5-21-2075418120-132197448-404415077-1003\...\Run: [DAEMON Tools Lite] => C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3673184 2013-07-03] (Disc Soft Ltd)
HKU\S-1-5-21-2075418120-132197448-404415077-1003\...\Run: [F.lux] => C:\Users\Phil is fiiiine\AppData\Local\FluxSoftware\Flux\flux.exe [1016712 2013-10-16] (Flux Software LLC)
HKU\S-1-5-21-2075418120-132197448-404415077-1003\...\Run: [Save Serp Now] => C:\Users\Phil is fiiiine\AppData\Roaming\SSN\updssn.exe [26112 2014-11-21] ()
Lsa: [Notification Packages] scecli FAPassSync
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-05-23] (Avast Software s.r.o.)
BootExecute: autocheck autochk * bootdelete

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\S-1-5-21-2075418120-132197448-404415077-1003\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-05-23] (Avast Software s.r.o.)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\ssv.dll [2015-05-02] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\jp2ssv.dll [2015-05-02] (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\Phil is fiiiine\AppData\Roaming\Mozilla\Firefox\Profiles\ai80rkp0.default
FF DefaultSearchEngine: Wikipedia (en)
FF SelectedSearchEngine: Wikipedia (en)
FF Homepage: hxxp://www.google.co.uk/
FF NetworkProxy: "autoconfig_url", "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(shExpMatch(url%2C%20'https%3A%2F%2Fwww.daisuki.net*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fpiki.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.rdio.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fsecure.funimation.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fhtml5.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Flisten.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.grooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fpreview.grooveshark.com*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20(url.indexOf('youtube.com%2Fvideoplayback')%20!%3D%20-1%20%26%26%20url.indexOf('%26gcr%3Dus')%20!%3D%20-1%20%26%26%20url.indexOf('%26ptchn')%20!%3D%20-1)%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.crunchyroll.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fnew.songza.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fplay.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.spotify.com*')%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fdsc.discovery.com%2F*')%20%7C%7C%20shExpMatch(url%2C%20'https%3A%2F%2Faccount.beatsmusic.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.beatsmusic.com*')%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.last.fm*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fext.last.fm*')%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1)%20%7B%20return%20'PROXY%20us06.sq.proxmate.me%3A8000%3B%20PROXY%20us02.sq.proxmate.me%3A8000%3B%20PROXY%20us11.sq.proxmate.me%3A8000%3B%20PROXY%20us04.sq.proxmate.me%3A8000%3B%20PROXY%20us08.sq.proxmate.me%3A8000%3B%20PROXY%20us01.sq.proxmate.me%3A8000%3B%20PROXY%20us03.sq.proxmate.me%3A8000%3B%20PROXY%20us09.sq.proxmate.me%3A8000%3B%20PROXY%20us10.sq.proxmate.me%3A8000%3B%20PROXY%20us05.sq.proxmate.me%3A8000%3B%20PROXY%20us07.sq.proxmate.me%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-17] ()
FF Plugin: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2013-05-18] (Microsoft Corporation)
FF Plugin: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom)
FF Plugin: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\Win64Plugin\npAdobeExManDetectX64.dll [2013-12-02] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-17] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-16] (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-11-21] (DivX, LLC)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\dtplugin\npDeployJava1.dll [2015-05-02] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> C:\Program Files (x86)\Java\jre1.8.0_45\bin\plugin2\npjp2.dll [2015-05-02] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> C:\Windows\system32\Wat\npWatWeb.dll [2013-05-18] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-16] (Google Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.1.0.2 -> C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll [2012-05-23] (Wacom)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeExManDetect -> C:\Program Files (x86)\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll [2013-12-02] (Adobe Systems)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\CrazyTalk4Native.dll [2008-10-28] (C3D)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctdomemhelper.dll [2008-10-28] (Reallusion Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctframeplayerobject.dll [2008-10-28] (Reallusion Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\ctplayerobject.dll [2008-10-28] (Reallusion Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\imagickrt.dll [2008-10-28] (BEXTech)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-03-17] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npRLCT4Player.dll [2008-10-28] ( )
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\rlcontentclass.dll [2008-10-28] (Reallusion Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\RLMusicPacker.dll [2008-10-28] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\RLMusicUnpacker.dll [2008-10-28] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\RLVoicePacker.dll [2008-10-28] ()
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\RLVoiceUnpacker.dll [2008-10-28] ()
FF Extension: ProxMate - C:\Users\Phil is fiiiine\AppData\Roaming\Mozilla\Firefox\Profiles\ai80rkp0.default\Extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi [2013-09-25]
FF Extension: Flash Control - C:\Users\Phil is fiiiine\AppData\Roaming\Mozilla\Firefox\Profiles\ai80rkp0.default\Extensions\jid1-sNL73VCI4UB0Fw@jetpack.xpi [2015-03-19]
FF Extension: Adblock Plus - C:\Users\Phil is fiiiine\AppData\Roaming\Mozilla\Firefox\Profiles\ai80rkp0.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-07-16]
FF Extension: Greasemonkey - C:\Users\Phil is fiiiine\AppData\Roaming\Mozilla\Firefox\Profiles\ai80rkp0.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-09-22]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2013-07-06]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-08-11]
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

Chrome:
=======
CHR Profile: C:\Users\Phil is fiiiine\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Phil is fiiiine\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-07-05]
CHR Extension: (Google Drive) - C:\Users\Phil is fiiiine\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-07-05]
CHR Extension: (WOT) - C:\Users\Phil is fiiiine\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-05-25]
CHR Extension: (YouTube) - C:\Users\Phil is fiiiine\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-07-05]
CHR Extension: (Adblock Plus) - C:\Users\Phil is fiiiine\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2013-07-05]
CHR Extension: (Google Search) - C:\Users\Phil is fiiiine\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-07-05]
CHR Extension: (Session Buddy) - C:\Users\Phil is fiiiine\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko [2013-07-06]
CHR Extension: (Bookmark Manager) - C:\Users\Phil is fiiiine\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2015-04-29]
CHR Extension: (Avast Online Security) - C:\Users\Phil is fiiiine\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-01-16]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Phil is fiiiine\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-21]
CHR Extension: (FlashControl) - C:\Users\Phil is fiiiine\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe [2015-01-23]
CHR Extension: (Gmail) - C:\Users\Phil is fiiiine\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-07-05]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-05-23]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor5.0; C:\Program Files (x86)\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe [108712 2006-12-22] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [343336 2015-05-23] (Avast Software s.r.o.)
S3 AvastVBoxSvc; C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe [4034896 2015-05-23] (Avast Software)
R2 CustomSvc; C:\Program Files\OSD\Service1.exe [13312 2009-02-20] () []
R2 Ds3Service; C:\Program Files\Scarlet.Crush Productions\bin\ScpService.exe [388352 2013-05-05] (Scarlet.Crush Productions)
R2 FAService; C:\Program Files\Alienware\Command Center\AlienSense\FAService.exe [2409800 2010-04-04] (Sensible Vision )
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) []
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) []
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1037824 2009-09-20] (Hewlett-Packard Co.) []
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) []
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) []
R2 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [105448 2014-02-25] (Razer Inc.)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) []
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WTabletServiceCon; C:\Program Files\Tablet\Pen\WTabletServiceCon.exe [619904 2012-12-11] (Wacom Technology, Corp.)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29168 2015-05-23] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [89944 2015-05-23] (Avast Software s.r.o.)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-05-23] (Avast Software s.r.o.)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65736 2015-05-23] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1047320 2015-05-23] (Avast Software s.r.o.)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [442264 2015-05-23] (Avast Software s.r.o.)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [137288 2015-05-23] (Avast Software s.r.o.)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [272248 2015-05-23] ()
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50464 2014-06-25] (AVG Technologies)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283064 2013-07-06] (Disc Soft Ltd)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-07-12] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [136408 2015-05-23] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-05] (Scarlet.Crush Productions)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-05-23] ()
S3 t_mouse.sys; C:\Windows\System32\DRIVERS\t_mouse.sys [6144 2012-12-19] ()
R2 VBoxAswDrv; C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [273824 2015-05-23] (Avast Software)
R3 WinRing0_1_2_0; C:\Program Files\OSD\WinRing0x64.sys [14544 2008-07-25] (OpenLibSys.org)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-26 13:56 - 2015-05-26 13:57 - 00024856 _____ () C:\Users\Phil is fiiiine\Desktop\FRST.txt
2015-05-26 13:53 - 2015-05-26 13:56 - 00000000 ____D () C:\FRST
2015-05-26 13:52 - 2015-05-26 13:52 - 02108928 _____ (Farbar) C:\Users\Phil is fiiiine\Desktop\FRST64.exe
2015-05-26 01:29 - 2015-05-26 01:29 - 00000000 ____D () C:\Program Files (x86)\MSXML 4.0
2015-05-26 01:28 - 2015-05-26 01:29 - 00000000 ___SD () C:\Windows\system32\GWX
2015-05-26 01:28 - 2015-05-26 01:28 - 00000000 ___SD () C:\Windows\SysWOW64\GWX
2015-05-26 00:35 - 2015-04-21 17:26 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2015-05-26 00:35 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2015-05-26 00:35 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2015-05-26 00:35 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2015-05-26 00:35 - 2014-07-09 03:03 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2015-05-26 00:35 - 2014-07-09 03:03 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2015-05-26 00:35 - 2014-07-09 02:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2015-05-26 00:35 - 2014-07-09 02:31 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2015-05-26 00:35 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2015-05-26 00:35 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2015-05-26 00:35 - 2014-07-09 02:31 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2015-05-26 00:08 - 2015-05-26 00:08 - 00000000 ___SD () C:\Windows\system32\CompatTel
2015-05-26 00:08 - 2015-05-26 00:08 - 00000000 ____D () C:\Windows\system32\appraiser
2015-05-25 23:57 - 2015-01-09 00:44 - 00419936 _____ () C:\Windows\SysWOW64\locale.nls
2015-05-25 23:57 - 2015-01-09 00:43 - 00419936 _____ () C:\Windows\system32\locale.nls
2015-05-25 23:37 - 2015-05-25 23:37 - 24971776 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-05-25 23:37 - 2015-05-25 23:37 - 19691008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-05-25 23:37 - 2015-05-25 23:37 - 14401536 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-05-25 23:37 - 2015-05-25 23:37 - 12828672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-05-25 23:37 - 2015-05-25 23:37 - 06025728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-05-25 23:37 - 2015-05-25 23:37 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-05-25 23:37 - 2015-05-25 23:37 - 02885120 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-05-25 23:37 - 2015-05-25 23:37 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-05-25 23:37 - 2015-05-25 23:37 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-05-25 23:37 - 2015-05-25 23:37 - 02352128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-05-25 23:37 - 2015-05-25 23:37 - 02278400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-05-25 23:37 - 2015-05-25 23:37 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-05-25 23:37 - 2015-05-25 23:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-05-25 23:37 - 2015-05-25 23:37 - 01882112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-05-25 23:37 - 2015-05-25 23:37 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-05-25 23:37 - 2015-05-25 23:37 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2015-05-25 23:37 - 2015-05-25 23:37 - 01310208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-05-25 23:37 - 2015-05-25 23:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2015-05-25 23:37 - 2015-05-25 23:37 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2015-05-25 23:37 - 2015-05-25 23:37 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-05-25 23:37 - 2015-05-25 23:37 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2015-05-25 23:37 - 2015-05-25 23:37 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-05-25 23:37 - 2015-05-25 23:37 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2015-05-25 23:37 - 2015-05-25 23:37 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-05-25 23:37 - 2015-05-25 23:37 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2015-05-25 23:37 - 2015-05-25 23:37 - 00688640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-05-25 23:37 - 2015-05-25 23:37 - 00664576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-05-25 23:37 - 2015-05-25 23:37 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2015-05-25 23:37 - 2015-05-25 23:37 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-05-25 23:37 - 2015-05-25 23:37 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2015-05-25 23:37 - 2015-05-25 23:37 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2015-05-25 23:37 - 2015-05-25 23:37 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2015-05-25 23:37 - 2015-05-25 23:37 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-05-25 23:37 - 2015-05-25 23:37 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-05-25 23:37 - 2015-05-25 23:37 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-05-25 23:37 - 2015-05-25 23:37 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-05-25 23:37 - 2015-05-25 23:37 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-05-25 23:37 - 2015-05-25 23:37 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-05-25 23:37 - 2015-05-25 23:37 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-05-25 23:37 - 2015-05-25 23:37 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-05-25 23:37 - 2015-05-25 23:37 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-05-25 23:37 - 2015-05-25 23:37 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-05-25 23:37 - 2015-05-25 23:37 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-05-25 23:37 - 2015-05-25 23:37 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2015-05-25 23:37 - 2015-05-25 23:37 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2015-05-25 23:37 - 2015-05-25 23:37 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2015-05-25 23:37 - 2015-05-25 23:37 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2015-05-25 23:37 - 2015-05-25 23:37 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2015-05-25 23:37 - 2015-05-25 23:37 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2015-05-25 23:37 - 2015-05-25 23:37 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-05-25 23:37 - 2015-05-25 23:37 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2015-05-25 23:37 - 2015-05-25 23:37 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2015-05-25 23:37 - 2015-05-25 23:37 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-05-25 23:37 - 2015-05-25 23:37 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2015-05-25 23:37 - 2015-05-25 23:37 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2015-05-25 23:37 - 2015-05-25 23:37 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2015-05-25 23:37 - 2015-05-25 23:37 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
 
2015-05-25 23:37 - 2015-05-25 23:37 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2015-05-25 23:37 - 2015-05-25 23:37 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2015-05-25 23:37 - 2015-05-25 23:37 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2015-05-25 23:37 - 2015-05-25 23:37 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2015-05-25 23:37 - 2015-05-25 23:37 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2015-05-25 23:37 - 2015-05-25 23:37 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2015-05-25 23:37 - 2015-05-25 23:37 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2015-05-25 23:37 - 2015-05-25 23:37 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2015-05-25 23:37 - 2015-05-25 23:37 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2015-05-25 23:37 - 2015-05-25 23:37 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-05-25 23:37 - 2015-05-25 23:37 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2015-05-25 23:37 - 2015-05-25 23:37 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-05-25 23:37 - 2015-05-25 23:37 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2015-05-25 23:37 - 2015-05-25 23:37 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2015-05-25 23:37 - 2015-05-25 23:37 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2015-05-25 23:37 - 2015-05-25 23:37 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-05-25 23:37 - 2015-05-25 23:37 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2015-05-25 23:37 - 2015-05-25 23:37 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2015-05-25 23:37 - 2015-05-25 23:37 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2015-05-25 23:37 - 2015-05-25 23:37 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2015-05-25 23:37 - 2015-05-25 23:37 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-05-25 23:37 - 2015-05-25 23:37 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2015-05-25 23:37 - 2015-05-25 23:37 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2015-05-25 23:37 - 2015-05-25 23:37 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2015-05-25 23:37 - 2015-05-25 23:37 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-05-25 23:37 - 2015-05-25 23:37 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2015-05-25 23:37 - 2015-05-25 23:37 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2015-05-25 23:37 - 2015-05-25 23:37 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-05-25 23:37 - 2015-05-25 23:37 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2015-05-25 23:37 - 2015-05-25 23:37 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-05-25 23:37 - 2015-05-25 23:37 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2015-05-25 23:37 - 2015-05-25 23:37 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-05-25 23:37 - 2015-05-25 23:37 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2015-05-25 23:37 - 2015-05-25 23:37 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2015-05-25 23:37 - 2015-05-25 23:37 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2015-05-25 23:37 - 2015-05-25 23:37 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2015-05-25 23:37 - 2015-05-25 23:37 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2015-05-25 23:37 - 2015-05-25 23:37 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2015-05-25 23:37 - 2015-05-25 23:37 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-05-25 23:37 - 2015-05-25 23:37 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2015-05-25 23:37 - 2015-05-25 23:37 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2015-05-25 23:37 - 2015-05-25 23:37 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-05-25 23:37 - 2015-05-25 23:37 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-05-25 23:37 - 2015-05-25 23:37 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2015-05-25 23:37 - 2015-05-25 23:37 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2015-05-25 23:37 - 2015-05-25 23:37 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2015-05-25 23:37 - 2015-05-25 23:37 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2015-05-25 23:37 - 2015-05-25 23:37 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2015-05-25 23:37 - 2015-05-25 23:37 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2015-05-25 23:37 - 2015-05-25 23:37 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2015-05-25 23:33 - 2015-05-25 23:43 - 00010435 _____ () C:\Windows\IE11_main.log
2015-05-25 22:51 - 2015-05-25 22:57 - 00000000 ____D () C:\Windows\system32\MRT
2015-05-25 22:37 - 2015-05-25 23:31 - 00002077 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
2015-05-25 22:11 - 2015-05-26 01:29 - 00291014 _____ () C:\Windows\msxml4-KB954430-enu.LOG
2015-05-25 21:32 - 2015-05-01 14:17 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-05-25 21:32 - 2015-05-01 14:16 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-05-25 21:21 - 2014-06-27 03:08 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2015-05-25 21:21 - 2014-06-27 02:45 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2015-05-25 21:07 - 2014-06-30 23:24 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2015-05-25 21:07 - 2014-06-30 23:14 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2015-05-25 21:07 - 2014-06-06 07:16 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2015-05-25 21:07 - 2014-06-06 07:12 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2015-05-25 21:07 - 2014-03-09 22:48 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2015-05-25 21:07 - 2014-03-09 22:48 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2015-05-25 21:07 - 2014-03-09 22:47 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2015-05-25 21:07 - 2014-03-09 22:47 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll
2015-05-25 20:40 - 2015-01-09 04:14 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\perftrack.dll
2015-05-25 20:40 - 2015-01-09 04:14 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\wdi.dll
2015-05-25 20:40 - 2015-01-09 04:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\powertracker.dll
2015-05-25 20:40 - 2015-01-09 03:48 - 00076800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdi.dll
2015-05-25 20:38 - 2015-05-05 02:29 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-05-25 20:38 - 2015-05-05 02:12 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-05-25 20:38 - 2015-04-18 04:10 - 00460800 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-05-25 20:38 - 2015-04-18 03:56 - 00342016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-05-25 20:38 - 2015-04-13 04:28 - 00328704 _____ (Microsoft Corporation) C:\Windows\system32\services.exe
2015-05-25 20:38 - 2015-04-04 04:29 - 00155576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-05-25 20:38 - 2015-04-04 04:29 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-05-25 20:38 - 2015-04-04 04:22 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-05-25 20:38 - 2015-04-04 04:22 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-05-25 20:38 - 2015-04-04 04:22 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-05-25 20:38 - 2015-04-04 04:22 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-05-25 20:38 - 2015-04-04 04:22 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-05-25 20:38 - 2015-04-04 04:22 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-05-25 20:38 - 2015-04-04 04:22 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-05-25 20:38 - 2015-04-04 04:22 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-05-25 20:38 - 2015-04-04 04:22 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-05-25 20:38 - 2015-04-04 04:22 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-05-25 20:38 - 2015-04-04 04:20 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-05-25 20:38 - 2015-04-04 04:20 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-05-25 20:38 - 2015-04-04 04:17 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-05-25 20:38 - 2015-04-04 04:17 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-05-25 20:38 - 2015-04-04 04:15 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-05-25 20:38 - 2015-04-04 04:05 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-05-25 20:38 - 2015-04-04 04:05 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-05-25 20:38 - 2015-04-04 04:05 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-05-25 20:38 - 2015-04-04 04:05 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-05-25 20:38 - 2015-04-04 04:05 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-05-25 20:38 - 2015-04-04 04:05 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-05-25 20:38 - 2015-04-04 04:05 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-05-25 20:38 - 2015-04-04 04:04 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-05-25 20:38 - 2015-04-04 04:04 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-05-25 20:38 - 2015-04-04 04:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-05-25 20:38 - 2015-04-04 04:01 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-05-25 20:38 - 2015-04-04 03:59 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-05-25 20:38 - 2015-02-20 05:41 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2015-05-25 20:38 - 2015-02-20 05:40 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2015-05-25 20:38 - 2015-02-20 05:40 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2015-05-25 20:38 - 2015-02-20 05:40 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2015-05-25 20:38 - 2015-02-20 05:13 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2015-05-25 20:38 - 2015-02-20 05:13 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2015-05-25 20:38 - 2015-02-20 05:13 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2015-05-25 20:38 - 2015-02-20 05:12 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2015-05-25 20:38 - 2015-02-20 04:29 - 00372224 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2015-05-25 20:38 - 2015-02-20 04:09 - 00299008 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2015-05-25 20:38 - 2014-12-11 18:47 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe
2015-05-25 20:38 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2015-05-25 20:38 - 2013-10-30 03:32 - 00335360 _____ (Microsoft Corporation) C:\Windows\system32\msieftp.dll
2015-05-25 20:38 - 2013-10-30 03:19 - 00301568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msieftp.dll
2015-05-25 20:38 - 2013-07-04 13:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2015-05-25 20:38 - 2013-07-04 12:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2015-05-25 20:38 - 2013-03-19 06:53 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2015-05-25 20:38 - 2012-10-09 19:17 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcore6.dll
2015-05-25 20:38 - 2012-10-09 19:17 - 00055296 _____ (Microsoft Corporation) C:\Windows\system32\dhcpcsvc6.dll
2015-05-25 20:38 - 2012-10-09 18:40 - 00193536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcore6.dll
2015-05-25 20:38 - 2012-10-09 18:40 - 00044032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpcsvc6.dll
2015-05-25 20:37 - 2015-04-20 04:17 - 01647104 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2015-05-25 20:37 - 2015-04-20 04:17 - 01179136 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2015-05-25 20:37 - 2015-04-20 03:56 - 01250816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2015-05-25 20:37 - 2015-04-20 03:11 - 03204608 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-05-25 20:37 - 2014-08-01 12:53 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2015-05-25 20:37 - 2014-08-01 12:35 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2015-05-25 20:37 - 2014-04-25 03:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2015-05-25 20:37 - 2014-04-25 03:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2015-05-25 20:36 - 2015-02-03 04:34 - 00693176 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-05-25 20:36 - 2015-02-03 04:34 - 00094656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mountmgr.sys
2015-05-25 20:36 - 2015-02-03 04:33 - 00616360 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-05-25 20:36 - 2015-02-03 04:31 - 14632960 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2015-05-25 20:36 - 2015-02-03 04:31 - 04121600 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-05-25 20:36 - 2015-02-03 04:31 - 01574400 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2015-05-25 20:36 - 2015-02-03 04:31 - 00782848 _____ (Microsoft Corporation) C:\Windows\system32\wmdrmsdk.dll
2015-05-25 20:36 - 2015-02-03 04:31 - 00641024 _____ (Microsoft Corporation) C:\Windows\system32\msscp.dll
2015-05-25 20:36 - 2015-02-03 04:31 - 00500224 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2015-05-25 20:36 - 2015-02-03 04:31 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2015-05-25 20:36 - 2015-02-03 04:31 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2015-05-25 20:36 - 2015-02-03 04:31 - 00325632 _____ (Microsoft Corporation) C:\Windows\system32\msnetobj.dll
2015-05-25 20:36 - 2015-02-03 04:31 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2015-05-25 20:36 - 2015-02-03 04:31 - 00206848 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-05-25 20:36 - 2015-02-03 04:31 - 00188416 _____ (Microsoft Corporation) C:\Windows\system32\pcasvc.dll
2015-05-25 20:36 - 2015-02-03 04:31 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-05-25 20:36 - 2015-02-03 04:31 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\pcadm.dll
2015-05-25 20:36 - 2015-02-03 04:31 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\msmmsp.dll
2015-05-25 20:36 - 2015-02-03 04:31 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll
2015-05-25 20:36 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx
2015-05-25 20:36 - 2015-02-03 04:31 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll
2015-05-25 20:36 - 2015-02-03 04:30 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL
2015-05-25 20:36 - 2015-02-03 04:30 - 01480192 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2015-05-25 20:36 - 2015-02-03 04:30 - 01202176 _____ (Microsoft Corporation) C:\Windows\system32\drmv2clt.dll
2015-05-25 20:36 - 2015-02-03 04:30 - 01069056 _____ (Microsoft Corporation) C:\Windows\system32\cryptui.dll
2015-05-25 20:36 - 2015-02-03 04:30 - 00842240 _____ (Microsoft Corporation) C:\Windows\system32\blackbox.dll
2015-05-25 20:36 - 2015-02-03 04:30 - 00680960 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-05-25 20:36 - 2015-02-03 04:30 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2015-05-25 20:36 - 2015-02-03 04:30 - 00497664 _____ (Microsoft Corporation) C:\Windows\system32\drmmgrtn.dll
2015-05-25 20:36 - 2015-02-03 04:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-05-25 20:36 - 2015-02-03 04:30 - 00296448 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2015-05-25 20:36 - 2015-02-03 04:30 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\EncDump.dll
2015-05-25 20:36 - 2015-02-03 04:30 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2015-05-25 20:36 - 2015-02-03 04:30 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-05-25 20:36 - 2015-02-03 04:30 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2015-05-25 20:36 - 2015-02-03 04:30 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2015-05-25 20:36 - 2015-02-03 04:30 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\cryptsp.dll
2015-05-25 20:36 - 2015-02-03 04:30 - 00058880 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-05-25 20:36 - 2015-02-03 04:30 - 00055808 _____ (Microsoft Corporation) C:\Windows\system32\rrinstaller.exe
2015-05-25 20:36 - 2015-02-03 04:30 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-05-25 20:36 - 2015-02-03 04:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\mfpmp.exe
2015-05-25 20:36 - 2015-02-03 04:30 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-05-25 20:36 - 2015-02-03 04:30 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\pcawrk.exe
2015-05-25 20:36 - 2015-02-03 04:30 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\pcalua.exe
2015-05-25 20:36 - 2015-02-03 04:29 - 00008704 _____ (Microsoft Corporation) C:\Windows\system32\pcaevts.dll
2015-05-25 20:36 - 2015-02-03 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\mferror.dll
2015-05-25 20:36 - 2015-02-03 04:19 - 00663552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\PEAuth.sys
2015-05-25 20:36 - 2015-02-03 04:12 - 11411968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2015-05-25 20:36 - 2015-02-03 04:12 - 03209728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-05-25 20:36 - 2015-02-03 04:12 - 01329664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2015-05-25 20:36 - 2015-02-03 04:12 - 01174528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2015-05-25 20:36 - 2015-02-03 04:12 - 01005056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptui.dll
2015-05-25 20:36 - 2015-02-03 04:12 - 00988160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmv2clt.dll
2015-05-25 20:36 - 2015-02-03 04:12 - 00744960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\blackbox.dll
2015-05-25 20:36 - 2015-02-03 04:12 - 00617984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmdrmsdk.dll
2015-05-25 20:36 - 2015-02-03 04:12 - 00519680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2015-05-25 20:36 - 2015-02-03 04:12 - 00504320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msscp.dll
2015-05-25 20:36 - 2015-02-03 04:12 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2015-05-25 20:36 - 2015-02-03 04:12 - 00442880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AUDIOKSE.dll
2015-05-25 20:36 - 2015-02-03 04:12 - 00406016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\drmmgrtn.dll
2015-05-25 20:36 - 2015-02-03 04:12 - 00374784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioEng.dll
2015-05-25 20:36 - 2015-02-03 04:12 - 00354816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2015-05-25 20:36 - 2015-02-03 04:12 - 00265216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msnetobj.dll
2015-05-25 20:36 - 2015-02-03 04:12 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-05-25 20:36 - 2015-02-03 04:12 - 00179200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2015-05-25 20:36 - 2015-02-03 04:12 - 00143872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2015-05-25 20:36 - 2015-02-03 04:12 - 00103936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2015-05-25 20:36 - 2015-02-03 04:12 - 00103424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2015-05-25 20:36 - 2015-02-03 04:12 - 00081408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsp.dll
2015-05-25 20:36 - 2015-02-03 04:12 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-05-25 20:36 - 2015-02-03 04:12 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll
2015-05-25 20:36 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx
2015-05-25 20:36 - 2015-02-03 04:12 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll
2015-05-25 20:36 - 2015-02-03 04:11 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL
2015-05-25 20:36 - 2015-02-03 04:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rrinstaller.exe
2015-05-25 20:36 - 2015-02-03 04:11 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfpmp.exe
2015-05-25 20:36 - 2015-02-03 04:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mferror.dll
2015-05-25 20:36 - 2015-02-03 03:32 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-05-25 20:36 - 2014-12-19 04:06 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-05-25 20:36 - 2014-10-31 23:24 - 00619056 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-05-25 20:36 - 2014-06-28 01:21 - 00532176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-05-25 20:36 - 2014-06-28 01:21 - 00457400 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2015-05-25 20:36 - 2014-06-18 23:23 - 01943696 _____ (Microsoft Corporation) C:\Windows\system32\dfshim.dll
2015-05-25 20:36 - 2014-06-18 23:23 - 01131664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dfshim.dll
2015-05-25 20:36 - 2014-06-18 23:23 - 00156824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscorier.dll
2015-05-25 20:36 - 2014-06-18 23:23 - 00156312 _____ (Microsoft Corporation) C:\Windows\system32\mscorier.dll
2015-05-25 20:36 - 2014-06-18 23:23 - 00081560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mscories.dll
2015-05-25 20:36 - 2014-06-18 23:23 - 00073880 _____ (Microsoft Corporation) C:\Windows\system32\mscories.dll
 
2015-05-25 20:36 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2015-05-25 20:36 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2015-05-25 20:36 - 2013-10-19 03:18 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2015-05-25 20:36 - 2013-10-19 02:36 - 00159232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2015-05-25 20:35 - 2015-04-08 04:29 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-05-25 20:35 - 2015-04-08 04:29 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-05-25 20:35 - 2015-04-08 04:14 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-05-25 20:35 - 2015-03-25 04:24 - 03298816 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-05-25 20:35 - 2015-03-25 04:24 - 02553856 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-05-25 20:35 - 2015-03-25 04:24 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-05-25 20:35 - 2015-03-25 04:24 - 00191488 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-05-25 20:35 - 2015-03-25 04:24 - 00098304 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-05-25 20:35 - 2015-03-25 04:24 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-05-25 20:35 - 2015-03-25 04:24 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-05-25 20:35 - 2015-03-25 04:24 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-05-25 20:35 - 2015-03-25 04:23 - 00135168 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-05-25 20:35 - 2015-03-25 04:23 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-05-25 20:35 - 2015-03-25 04:23 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-05-25 20:35 - 2015-03-25 04:00 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-05-25 20:35 - 2015-03-25 04:00 - 00173056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-05-25 20:35 - 2015-03-25 04:00 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-05-25 20:35 - 2015-03-25 04:00 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-05-25 20:35 - 2015-03-25 04:00 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-05-25 20:35 - 2015-02-03 04:31 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\ubpm.dll
2015-05-25 20:35 - 2015-02-03 04:12 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ubpm.dll
2015-05-25 20:35 - 2015-01-29 04:19 - 02543104 _____ (Microsoft Corporation) C:\Windows\system32\wpdshext.dll
2015-05-25 20:35 - 2015-01-29 04:02 - 02311168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpdshext.dll
2015-05-25 20:35 - 2014-12-19 02:46 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2015-05-25 20:35 - 2014-12-06 05:17 - 00303616 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-05-25 20:35 - 2014-12-06 04:50 - 00156672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncsi.dll
2015-05-25 20:35 - 2014-12-06 04:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nlaapi.dll
2015-05-25 20:35 - 2014-10-14 03:13 - 00683520 _____ (Microsoft Corporation) C:\Windows\system32\termsrv.dll
2015-05-25 20:35 - 2014-06-24 04:29 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2015-05-25 20:35 - 2014-06-24 03:59 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2015-05-25 20:35 - 2014-06-18 03:18 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2015-05-25 20:35 - 2014-06-18 02:51 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2015-05-25 20:35 - 2014-04-05 03:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2015-05-25 20:35 - 2014-04-05 03:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2015-05-25 20:35 - 2014-03-26 15:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-05-25 20:35 - 2014-03-26 15:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2015-05-25 20:35 - 2014-03-26 15:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-05-25 20:35 - 2014-03-26 15:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2015-05-25 20:35 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2015-05-25 20:35 - 2013-10-04 03:16 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2015-05-25 20:35 - 2013-10-04 02:36 - 00230400 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2015-05-25 20:35 - 2013-08-05 03:25 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ataport.sys
2015-05-25 20:34 - 2015-03-23 04:25 - 00769536 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-05-25 20:34 - 2015-03-23 04:25 - 00726528 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-05-25 20:34 - 2015-03-23 04:24 - 00957952 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-05-25 20:34 - 2015-03-23 04:24 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-05-25 20:34 - 2015-03-23 04:24 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2015-05-25 20:34 - 2015-03-23 04:24 - 00192000 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2015-05-25 20:34 - 2015-03-23 04:24 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-05-25 20:34 - 2015-03-23 04:17 - 01111552 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-05-25 20:34 - 2015-03-05 06:12 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2015-05-25 20:34 - 2015-03-05 05:05 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2015-05-25 20:34 - 2015-02-13 06:26 - 12875264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-05-25 20:34 - 2015-02-13 06:22 - 14177280 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-05-25 20:34 - 2015-01-28 00:36 - 01239720 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2015-05-25 20:34 - 2014-11-11 02:46 - 00119296 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-05-25 20:34 - 2014-06-06 11:10 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2015-05-25 20:34 - 2014-06-06 10:44 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2015-05-25 20:34 - 2014-05-30 07:45 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-05-25 20:34 - 2013-12-04 03:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2015-05-25 20:34 - 2013-12-04 03:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2015-05-25 20:34 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2015-05-25 20:34 - 2013-12-04 03:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2015-05-25 20:34 - 2013-12-04 03:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2015-05-25 20:34 - 2013-12-04 03:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2015-05-25 20:34 - 2013-12-04 03:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2015-05-25 20:34 - 2013-12-04 03:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2015-05-25 20:34 - 2013-12-04 03:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2015-05-25 20:34 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll
2015-05-25 20:34 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll
2015-05-25 20:34 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll
2015-05-25 20:34 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll
2015-05-25 20:34 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll
2015-05-25 20:34 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe
2015-05-25 20:34 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe
2015-05-25 20:34 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe
2015-05-25 20:34 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe
2015-05-25 20:34 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2015-05-25 20:34 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2015-05-25 20:34 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2015-05-25 20:34 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2015-05-25 20:34 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2015-05-25 20:34 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys
2015-05-25 20:34 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2015-05-25 20:34 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2015-05-25 20:34 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2015-05-25 20:34 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2015-05-25 20:34 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2015-05-25 20:34 - 2013-07-25 10:25 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2015-05-25 20:34 - 2013-07-25 09:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2015-05-25 20:34 - 2013-07-12 11:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2015-05-25 20:34 - 2013-07-12 11:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2015-05-25 20:34 - 2013-07-04 13:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2015-05-25 20:34 - 2013-07-04 13:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2015-05-25 20:34 - 2013-07-04 12:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2015-05-25 20:34 - 2013-07-04 12:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2015-05-25 20:34 - 2013-07-03 05:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2015-05-25 20:34 - 2013-07-03 05:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2015-05-25 20:34 - 2013-07-03 05:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2015-05-25 20:34 - 2013-06-25 23:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2015-05-25 20:34 - 2013-04-26 00:30 - 01505280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2015-05-25 20:34 - 2013-03-31 23:52 - 01887232 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2015-05-25 20:34 - 2012-10-03 18:44 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\netcorehc.dll
2015-05-25 20:34 - 2012-10-03 18:44 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-05-25 20:34 - 2012-10-03 18:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\nlaapi.dll
2015-05-25 20:34 - 2012-10-03 18:44 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\netevent.dll
2015-05-25 20:34 - 2012-10-03 18:42 - 00569344 _____ (Microsoft Corporation) C:\Windows\system32\iphlpsvc.dll
2015-05-25 20:34 - 2012-10-03 17:42 - 00175104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcorehc.dll
2015-05-25 20:34 - 2012-10-03 17:42 - 00018944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netevent.dll
2015-05-25 20:34 - 2012-10-03 17:07 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpipreg.sys
2015-05-25 20:34 - 2012-08-22 19:12 - 00950128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-05-25 20:34 - 2012-07-04 21:26 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\RNDISMP.sys
2015-05-25 20:33 - 2014-03-04 10:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2015-05-25 20:33 - 2014-03-04 10:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2015-05-25 20:33 - 2014-03-04 10:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2015-05-25 20:33 - 2014-03-04 10:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2015-05-25 20:33 - 2014-03-04 10:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2015-05-25 20:33 - 2014-03-04 10:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2015-05-25 20:33 - 2014-03-04 10:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2015-05-25 20:33 - 2014-03-04 10:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2015-05-25 20:33 - 2014-03-04 10:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2015-05-25 20:33 - 2014-03-04 10:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2015-05-25 20:33 - 2014-03-04 10:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2015-05-25 20:33 - 2014-03-04 10:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2015-05-25 20:33 - 2014-03-04 10:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2015-05-25 20:33 - 2014-03-04 10:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2015-05-25 20:33 - 2012-08-21 22:01 - 00245760 _____ (Microsoft Corporation) C:\Windows\system32\OxpsConverter.exe
2015-05-25 20:32 - 2015-03-17 06:22 - 05557696 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-05-25 20:32 - 2015-03-17 06:19 - 01727904 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-05-25 20:32 - 2015-03-17 06:17 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-05-25 20:32 - 2015-03-17 06:17 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-05-25 20:32 - 2015-03-17 06:17 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-05-25 20:32 - 2015-03-17 06:16 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-05-25 20:32 - 2015-03-17 06:16 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-05-25 20:32 - 2015-03-17 06:16 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-05-25 20:32 - 2015-03-17 06:16 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-05-25 20:32 - 2015-03-17 06:16 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-05-25 20:32 - 2015-03-17 06:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-05-25 20:32 - 2015-03-17 06:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-05-25 20:32 - 2015-03-17 06:16 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-05-25 20:32 - 2015-03-17 06:16 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-05-25 20:32 - 2015-03-17 06:15 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-05-25 20:32 - 2015-03-17 06:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-05-25 20:32 - 2015-03-17 06:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-05-25 20:32 - 2015-03-17 06:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-05-25 20:32 - 2015-03-17 06:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-25 20:32 - 2015-03-17 06:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-25 20:32 - 2015-03-17 06:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-25 20:32 - 2015-03-17 06:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-05-25 20:32 - 2015-03-17 06:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-25 20:32 - 2015-03-17 06:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-05-25 20:32 - 2015-03-17 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-25 20:32 - 2015-03-17 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-25 20:32 - 2015-03-17 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-25 20:32 - 2015-03-17 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-05-25 20:32 - 2015-03-17 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-05-25 20:32 - 2015-03-17 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-25 20:32 - 2015-03-17 06:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-05-25 20:32 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-05-25 20:32 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-05-25 20:32 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-05-25 20:32 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-05-25 20:32 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-05-25 20:32 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-25 20:32 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-05-25 20:32 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-05-25 20:32 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-25 20:32 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-05-25 20:32 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-05-25 20:32 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-05-25 20:32 - 2015-03-17 06:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-05-25 20:32 - 2015-03-17 06:01 - 03976632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-05-25 20:32 - 2015-03-17 06:01 - 03920824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-05-25 20:32 - 2015-03-17 05:59 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-05-25 20:32 - 2015-03-17 05:57 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-05-25 20:32 - 2015-03-17 05:57 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-05-25 20:32 - 2015-03-17 05:56 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-05-25 20:32 - 2015-03-17 05:56 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-05-25 20:32 - 2015-03-17 05:56 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-05-25 20:32 - 2015-03-17 05:56 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-05-25 20:32 - 2015-03-17 05:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-05-25 20:32 - 2015-03-17 05:50 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-05-25 20:32 - 2015-03-17 05:50 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-05-25 20:32 - 2015-03-17 05:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-05-25 20:32 - 2015-03-17 05:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-05-25 20:32 - 2015-03-17 05:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-05-25 20:32 - 2015-03-17 05:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-05-25 20:32 - 2015-03-17 05:50 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-05-25 20:32 - 2015-03-17 05:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-05-25 20:32 - 2015-03-17 05:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-05-25 20:32 - 2015-03-17 05:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-05-25 20:32 - 2015-03-17 05:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-05-25 20:32 - 2015-03-17 05:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-05-25 20:32 - 2015-03-17 05:50 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-05-25 20:32 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-05-25 20:32 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-05-25 20:32 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-05-25 20:32 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-05-25 20:32 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-05-25 20:32 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-05-25 20:32 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-05-25 20:32 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-05-25 20:32 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-05-25 20:32 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-05-25 20:32 - 2015-03-17 05:50 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-05-25 20:32 - 2015-03-17 04:45 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-05-25 20:32 - 2015-03-17 04:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-05-25 20:32 - 2015-03-17 04:43 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-05-25 20:32 - 2015-03-17 04:43 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-05-25 20:32 - 2015-03-17 04:43 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-05-25 20:32 - 2015-03-17 04:43 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-05-25 20:32 - 2015-03-10 04:25 - 01882624 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-05-25 20:32 - 2015-03-10 04:21 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2015-05-25 20:32 - 2015-03-10 04:08 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-05-25 20:32 - 2015-03-10 04:05 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2015-05-25 20:32 - 2015-01-31 00:56 - 00459336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-05-25 20:32 - 2014-08-12 03:02 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\IMJP10K.DLL
2015-05-25 20:32 - 2014-08-12 02:36 - 00701440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IMJP10K.DLL
2015-05-25 20:32 - 2014-06-16 03:10 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2015-05-25 20:32 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2015-05-25 20:32 - 2013-11-22 23:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2015-05-25 20:32 - 2013-09-08 03:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2015-05-25 20:32 - 2013-09-08 03:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2015-05-25 20:32 - 2013-04-10 07:01 - 00265064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2015-05-25 20:32 - 2011-02-03 12:25 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2015-05-25 20:31 - 2015-02-18 08:06 - 00123904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\poqexec.exe
2015-05-25 20:31 - 2015-02-18 08:04 - 00142336 _____ (Microsoft Corporation) C:\Windows\system32\poqexec.exe
2015-05-25 20:31 - 2014-11-26 04:53 - 00861696 _____ (Microsoft Corporation) C:\Windows\system32\oleaut32.dll
2015-05-25 20:31 - 2014-11-26 04:32 - 00571904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\oleaut32.dll
2015-05-25 20:31 - 2014-11-11 04:08 - 00241152 _____ (Microsoft Corporation) C:\Windows\system32\pku2u.dll
2015-05-25 20:31 - 2014-11-11 03:44 - 00186880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pku2u.dll
2015-05-25 20:31 - 2013-08-29 03:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2015-05-25 20:31 - 2013-08-29 03:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2015-05-25 20:31 - 2013-08-29 02:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2015-05-25 20:31 - 2013-08-29 02:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2015-05-25 20:30 - 2015-02-25 04:18 - 00754688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\http.sys
2015-05-25 20:30 - 2015-02-03 04:31 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2015-05-25 20:30 - 2015-02-03 04:12 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2015-05-25 20:30 - 2015-01-31 04:48 - 01113088 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2015-05-25 20:30 - 2015-01-31 04:05 - 00162816 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2015-05-25 20:30 - 2015-01-31 04:04 - 00020992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpvideominiport.sys
2015-05-25 20:30 - 2015-01-17 03:48 - 01067520 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2015-05-25 20:30 - 2015-01-17 03:30 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2015-05-25 20:30 - 2014-10-30 03:03 - 00165888 _____ (Microsoft Corporation) C:\Windows\system32\charmap.exe
2015-05-25 20:30 - 2014-10-30 02:45 - 00155136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\charmap.exe
2015-05-25 20:30 - 2014-10-04 03:10 - 03722752 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2015-05-25 20:30 - 2014-10-04 02:42 - 03221504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2015-05-25 20:30 - 2014-10-04 02:42 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aaclient.dll
2015-05-25 20:30 - 2014-10-03 03:12 - 02020352 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2015-05-25 20:30 - 2014-10-03 03:12 - 00346624 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2015-05-25 20:30 - 2014-10-03 03:12 - 00310272 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2015-05-25 20:30 - 2014-10-03 03:12 - 00181248 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2015-05-25 20:30 - 2014-10-03 03:11 - 00266240 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2015-05-25 20:30 - 2014-10-03 02:45 - 01177088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2015-05-25 20:30 - 2014-10-03 02:45 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
 
2015-05-25 20:30 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2015-05-25 20:30 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2015-05-25 20:30 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2015-05-25 20:30 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2015-05-25 20:30 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2015-05-25 20:30 - 2014-02-04 03:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2015-05-25 20:30 - 2014-02-04 03:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2015-05-25 20:30 - 2014-02-04 03:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2015-05-25 20:30 - 2014-02-04 03:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2015-05-25 20:30 - 2014-02-04 03:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2015-05-25 20:30 - 2013-07-26 03:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2015-05-25 20:30 - 2013-07-26 02:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2015-05-25 20:30 - 2013-04-26 06:51 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2015-05-25 20:30 - 2013-04-26 05:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2015-05-25 20:29 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-05-25 20:29 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-05-25 20:29 - 2013-05-10 06:49 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2015-05-25 20:29 - 2013-05-10 04:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2015-05-25 20:28 - 2015-03-04 05:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-25 20:28 - 2015-03-04 05:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-25 20:28 - 2015-03-04 05:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-25 20:28 - 2015-03-04 05:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-25 20:28 - 2015-03-04 05:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-25 20:28 - 2015-03-04 05:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-25 20:28 - 2015-03-04 05:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-25 20:28 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2015-05-25 20:28 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2015-05-25 20:28 - 2014-07-17 03:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-05-25 20:28 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2015-05-25 20:28 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2015-05-25 20:28 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2015-05-25 20:28 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2015-05-25 20:28 - 2014-07-17 02:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2015-05-25 20:28 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2015-05-25 20:28 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2015-05-25 20:27 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-05-25 20:27 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-05-25 20:27 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-05-25 20:27 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-05-25 20:27 - 2014-06-03 11:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-05-25 20:27 - 2014-06-03 11:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-05-25 20:27 - 2014-06-03 11:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-05-25 20:27 - 2014-06-03 10:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-05-25 20:27 - 2014-06-03 10:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-05-25 20:27 - 2014-01-24 03:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2015-05-25 20:27 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2015-05-25 20:27 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2015-05-25 20:27 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2015-05-25 20:27 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2015-05-25 20:27 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2015-05-25 20:27 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2015-05-25 20:27 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2015-05-25 20:27 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2015-05-25 20:27 - 2013-05-13 06:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2015-05-25 20:27 - 2013-05-13 04:43 - 01192448 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2015-05-25 20:27 - 2013-05-13 04:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2015-05-25 20:27 - 2013-05-13 04:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2015-05-25 20:27 - 2013-02-27 06:47 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-05-25 20:26 - 2015-03-04 05:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-05-25 20:26 - 2015-03-04 05:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-05-25 20:26 - 2015-03-04 05:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-05-25 20:25 - 2015-02-04 04:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-05-25 20:25 - 2015-02-04 03:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-05-25 20:25 - 2014-07-14 03:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-05-25 20:25 - 2014-07-14 02:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-05-25 20:25 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2015-05-25 20:25 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2015-05-25 20:25 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2015-05-25 20:25 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2015-05-25 20:25 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2015-05-25 20:25 - 2013-08-28 02:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2015-05-25 19:53 - 2015-05-25 19:53 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-05-25 19:53 - 2015-05-25 19:53 - 00002047 _____ () C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-05-25 19:33 - 2015-05-25 19:34 - 00001913 _____ () C:\DelFix.txt
2015-05-25 19:33 - 2015-05-25 19:33 - 00000000 ____D () C:\Windows\ERUNT
2015-05-25 12:34 - 2015-05-25 12:35 - 00000000 ____D () C:\ProgramData\Sophos
2015-05-25 12:32 - 2015-05-25 12:32 - 00002759 _____ () C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2015-05-25 12:32 - 2015-05-25 12:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2015-05-25 12:31 - 2015-05-25 12:31 - 00000000 ____D () C:\Program Files (x86)\Sophos
2015-05-25 12:27 - 2015-05-25 12:28 - 121994912 _____ (Sophos Limited) C:\Users\Phil is fiiiine\Desktop\Sophos Virus Removal Tool.exe
2015-05-24 14:35 - 2015-05-24 14:35 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2015-05-24 14:35 - 2015-05-24 14:35 - 00000000 ____D () C:\Windows\system32\vbox
2015-05-23 22:23 - 2015-05-23 22:23 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-05-23 22:23 - 2015-05-23 22:23 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-05-23 20:58 - 2015-05-23 22:10 - 00000000 ____D () C:\Windows\erdnt
2015-05-23 17:11 - 2015-05-23 17:11 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-M17X-Windows-7-Ultimate-(64-bit).dat
2015-05-23 15:11 - 2015-05-23 15:12 - 00421896 _____ () C:\Users\Phil is fiiiine\Downloads\Unconfirmed 752093.crdownload
2015-05-23 15:11 - 2015-05-23 15:12 - 00421896 _____ () C:\Users\Phil is fiiiine\Downloads\Unconfirmed 704492.crdownload
2015-05-23 15:10 - 2015-05-23 15:12 - 00421896 _____ () C:\Users\Phil is fiiiine\Downloads\Unconfirmed 396237.crdownload
2015-05-23 14:26 - 2015-05-23 14:27 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Phil is fiiiine\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-23 14:08 - 2015-05-23 14:22 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-05-23 14:08 - 2015-05-23 14:08 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-05-22 14:17 - 2015-05-22 14:17 - 00000983 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-05-21 14:35 - 2015-05-23 16:29 - 00000000 ____D () C:\Program Files (x86)\b03f3eb2-ecf3-4ee9-848a-6804140d73f7
2015-05-21 14:35 - 2015-05-23 13:56 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-05-21 14:32 - 2015-05-21 14:32 - 00003638 _____ () C:\Windows\System32\Tasks\Norwood
2015-05-21 03:10 - 2015-05-26 00:05 - 00641386 _____ () C:\Windows\PFRO.log
2015-05-21 02:31 - 2009-06-10 22:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hp.bak
2015-05-21 02:29 - 2015-05-21 02:30 - 00000909 _____ () C:\Windows\SysWOW64\${LOGFILE}
2015-05-21 02:28 - 2015-05-21 02:28 - 00000000 ____D () C:\Users\Phil is fiiiine\AppData\Local\Geckofx
2015-05-21 02:27 - 2015-05-21 02:28 - 00000000 ____D () C:\Users\Phil is fiiiine\AppData\Roaming\SSN
2015-05-21 02:15 - 2015-05-21 02:15 - 00000000 ____D () C:\Users\Phil is fiiiine\Downloads\Warhammer 40K - 7th Edition - Codex Space Wolves
2015-05-20 20:40 - 2015-05-26 13:28 - 00001232 _____ () C:\Windows\setupact.log
2015-05-20 20:40 - 2015-05-20 20:40 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-19 11:51 - 2015-05-19 11:55 - 00000000 ____D () C:\Users\Phil is fiiiine\Downloads\Warhammer 40k - 7th Edition Codex - Grey Knights (New Version)
2015-05-19 11:43 - 2015-05-19 11:44 - 00000000 ____D () C:\Users\Phil is fiiiine\.ebookreader
2015-05-19 11:42 - 2015-05-19 11:42 - 17631232 _____ (Icecream Apps ) C:\Users\Phil is fiiiine\Downloads\ebook_reader_setup.exe
2015-05-19 11:42 - 2015-05-19 11:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Icecream Ebook Reader
2015-05-19 11:42 - 2015-05-19 11:42 - 00000000 ____D () C:\Program Files (x86)\Icecream Ebook Reader
2015-05-19 11:15 - 2015-05-19 11:46 - 00000000 ____D () C:\Users\Phil is fiiiine\Downloads\Warhammer 40k - 7th Edition Codex - Necrons
2015-05-17 02:34 - 2015-05-17 02:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-16 11:57 - 2015-05-26 13:46 - 01602921 _____ () C:\Windows\WindowsUpdate.log
2015-05-13 10:32 - 2015-05-25 19:55 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-05-05 15:31 - 2015-05-08 21:13 - 00000000 ____D () C:\Users\Phil is fiiiine\AppData\Local\Razer_Inc
2015-05-02 17:56 - 2015-05-02 17:56 - 00561248 _____ (Oracle Corporation) C:\Users\Phil is fiiiine\Downloads\jxpiinstall.exe
2015-05-02 11:38 - 2015-05-02 11:38 - 00000000 ____D () C:\Users\Phil is fiiiine\AppData\Roaming\hott notes 4
2015-04-27 00:23 - 2015-04-27 00:23 - 00002150 _____ () C:\Users\Phil is fiiiine\Desktop\Shadow Of Mordor.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-26 13:39 - 2013-07-05 10:26 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-26 13:38 - 2009-07-14 05:45 - 00022704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-26 13:38 - 2009-07-14 05:45 - 00022704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-26 13:37 - 2009-07-14 06:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-26 13:36 - 2013-07-05 23:54 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-05-26 13:35 - 2013-07-05 10:26 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-26 13:35 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2015-05-26 13:29 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-26 01:02 - 2015-03-20 00:37 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-26 00:22 - 2013-07-05 23:18 - 00001413 _____ () C:\Users\Phil is fiiiine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-26 00:21 - 2013-07-05 23:18 - 00000300 __RSH () C:\Users\Phil is fiiiine\ntuser.pol
2015-05-26 00:21 - 2013-07-05 23:18 - 00000000 ____D () C:\Users\Phil is fiiiine
2015-05-26 00:20 - 2009-07-14 05:45 - 05047224 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-26 00:15 - 2013-05-18 18:29 - 00000000 ____D () C:\Windows\Panther
2015-05-26 00:09 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-05-26 00:09 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-05-26 00:09 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-05-26 00:08 - 2009-07-14 08:46 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-26 00:08 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\Windows Defender
2015-05-26 00:08 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-05-26 00:08 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2015-05-26 00:08 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-26 00:01 - 2013-07-18 04:59 - 00766780 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-05-25 23:31 - 2013-05-18 11:20 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-05-25 23:30 - 2013-05-18 11:20 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-05-25 23:30 - 2013-05-18 11:20 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-05-25 22:41 - 2013-07-05 10:27 - 00002207 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-25 19:55 - 2013-10-11 23:52 - 00000000 ____D () C:\Users\Phil is fiiiine\AppData\Local\Adobe
2015-05-25 19:53 - 2013-07-05 11:51 - 00000000 ____D () C:\ProgramData\Adobe
2015-05-25 19:53 - 2013-07-05 11:51 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-05-25 00:44 - 2009-07-14 04:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-05-24 23:43 - 2013-07-06 07:23 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-05-23 22:23 - 2014-10-02 16:51 - 00137288 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-05-23 22:23 - 2014-10-02 16:51 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-05-23 22:23 - 2013-07-06 07:23 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-05-23 22:23 - 2013-07-06 07:23 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-05-23 22:23 - 2013-07-06 07:23 - 00272248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-05-23 22:23 - 2013-07-06 07:23 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-05-23 22:23 - 2013-07-06 07:23 - 00089944 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-05-23 22:23 - 2013-07-06 07:23 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-05-23 22:11 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-05-23 22:05 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-05-23 17:01 - 2014-07-12 21:19 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-23 14:28 - 2014-07-12 21:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-23 14:28 - 2014-07-12 21:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-22 14:31 - 2015-03-27 01:26 - 00000000 ____D () C:\Windows\system32\appmgmt
2015-05-22 13:08 - 2015-03-20 04:44 - 00000000 ____D () C:\Users\Phil is fiiiine\AppData\Roaming\.ACEStream
2015-05-22 13:08 - 2015-03-20 04:38 - 00000000 ____D () C:\Users\Phil is fiiiine\AppData\Roaming\ACEStream
2015-05-19 11:39 - 2015-04-10 22:04 - 00027005 _____ () C:\Users\Phil is fiiiine\Downloads\cr3.log
2015-05-19 11:39 - 2015-04-10 22:04 - 00000000 ____D () C:\Users\Phil is fiiiine\.cr3
2015-05-17 12:28 - 2015-03-20 00:37 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-05-17 12:28 - 2013-07-16 05:00 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-17 12:28 - 2013-07-16 05:00 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-17 12:27 - 2013-07-05 10:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-16 17:34 - 2013-07-05 10:26 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-16 17:34 - 2013-07-05 10:26 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-16 17:24 - 2015-03-22 15:01 - 00000000 ____D () C:\_acestream_cache_
2015-05-13 10:31 - 2013-07-16 05:00 - 00000000 ____D () C:\Users\Phil is fiiiine\AppData\Roaming\Adobe
2015-05-09 23:23 - 2015-03-19 23:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2015-05-09 23:23 - 2014-04-14 13:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2015-05-09 23:23 - 2014-04-14 13:28 - 00000000 ____D () C:\Program Files (x86)\Razer
2015-05-09 23:23 - 2013-11-17 12:56 - 00000000 ____D () C:\Users\TEMP
2015-05-09 23:23 - 2013-08-24 05:01 - 00000000 ____D () C:\Users\Phil is fiiiine\AppData\Roaming\DivX
2015-05-09 23:23 - 2013-08-24 04:55 - 00000000 ____D () C:\Program Files (x86)\DivX
2015-05-09 23:23 - 2013-08-14 04:36 - 00000000 ____D () C:\Program Files\DivX
2015-05-09 23:23 - 2013-08-14 04:33 - 00000000 ____D () C:\ProgramData\DivX
2015-05-09 23:23 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2015-05-09 23:22 - 2015-04-02 05:49 - 00000000 ____D () C:\Users\Phil is fiiiine\AppData\Local\Popcorn-Time
2015-05-09 23:22 - 2014-04-14 13:28 - 00000000 ____D () C:\ProgramData\Razer
2015-05-05 15:33 - 2013-07-18 05:01 - 00000000 ____D () C:\Users\Phil is fiiiine\AppData\Local\Razer
2015-05-05 15:31 - 2013-07-18 05:01 - 00000000 ____D () C:\Users\Phil is fiiiine\Documents\Razer
2015-05-02 17:58 - 2014-11-11 10:46 - 00000000 ____D () C:\Program Files (x86)\Java
2015-05-02 17:58 - 2014-05-02 22:46 - 00000000 ____D () C:\ProgramData\Oracle
2015-05-02 17:57 - 2014-11-11 10:46 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-05-01 23:46 - 2015-03-28 03:48 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab
2015-05-01 20:13 - 2009-07-14 06:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-30 10:07 - 2013-05-18 10:19 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-25 00:11

==================== End of log ============================
 
2015-05-25 20:30 - 2014-10-03 02:45 - 00214016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2015-05-25 20:30 - 2014-10-03 02:45 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2015-05-25 20:30 - 2014-10-03 02:44 - 00198656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2015-05-25 20:30 - 2014-09-04 06:23 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\rastls.dll
2015-05-25 20:30 - 2014-09-04 06:04 - 00372736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastls.dll
2015-05-25 20:30 - 2014-02-04 03:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2015-05-25 20:30 - 2014-02-04 03:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2015-05-25 20:30 - 2014-02-04 03:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2015-05-25 20:30 - 2014-02-04 03:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2015-05-25 20:30 - 2014-02-04 03:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2015-05-25 20:30 - 2013-07-26 03:24 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2015-05-25 20:30 - 2013-07-26 02:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shdocvw.dll
2015-05-25 20:30 - 2013-04-26 06:51 - 00751104 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2015-05-25 20:30 - 2013-04-26 05:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2015-05-25 20:29 - 2014-11-08 04:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2015-05-25 20:29 - 2014-11-08 03:45 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2015-05-25 20:29 - 2013-05-10 06:49 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2015-05-25 20:29 - 2013-05-10 04:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2015-05-25 20:28 - 2015-03-04 05:41 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-05-25 20:28 - 2015-03-04 05:41 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-05-25 20:28 - 2015-03-04 05:41 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-05-25 20:28 - 2015-03-04 05:41 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-05-25 20:28 - 2015-03-04 05:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-05-25 20:28 - 2015-03-04 05:10 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-05-25 20:28 - 2015-03-04 05:10 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-05-25 20:28 - 2014-10-25 02:57 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2015-05-25 20:28 - 2014-10-25 02:32 - 00067584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2015-05-25 20:28 - 2014-07-17 03:07 - 01118720 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe
2015-05-25 20:28 - 2014-07-17 03:07 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2015-05-25 20:28 - 2014-07-17 03:07 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\winsta.dll
2015-05-25 20:28 - 2014-07-17 03:07 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorekmts.dll
2015-05-25 20:28 - 2014-07-17 02:40 - 00157696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winsta.dll
2015-05-25 20:28 - 2014-07-17 02:39 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe
2015-05-25 20:28 - 2014-07-17 02:21 - 00212480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2015-05-25 20:28 - 2014-07-17 02:21 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2015-05-25 20:27 - 2014-12-08 04:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\system32\scesrv.dll
2015-05-25 20:27 - 2014-12-08 03:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll
2015-05-25 20:27 - 2014-10-14 03:13 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2015-05-25 20:27 - 2014-10-14 02:50 - 02363904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2015-05-25 20:27 - 2014-06-03 11:02 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-05-25 20:27 - 2014-06-03 11:02 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2015-05-25 20:27 - 2014-06-03 11:02 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2015-05-25 20:27 - 2014-06-03 10:29 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-05-25 20:27 - 2014-06-03 10:29 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2015-05-25 20:27 - 2014-01-24 03:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2015-05-25 20:27 - 2013-10-12 03:32 - 00150016 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2015-05-25 20:27 - 2013-10-12 03:31 - 00202752 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2015-05-25 20:27 - 2013-10-12 03:04 - 00121856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2015-05-25 20:27 - 2013-10-12 03:03 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2015-05-25 20:27 - 2013-10-12 02:33 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2015-05-25 20:27 - 2013-10-12 02:33 - 00156160 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2015-05-25 20:27 - 2013-10-12 02:15 - 00141824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2015-05-25 20:27 - 2013-10-12 02:15 - 00126976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2015-05-25 20:27 - 2013-05-13 06:50 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2015-05-25 20:27 - 2013-05-13 04:43 - 01192448 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2015-05-25 20:27 - 2013-05-13 04:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2015-05-25 20:27 - 2013-05-13 04:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2015-05-25 20:27 - 2013-02-27 06:47 - 00070144 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2015-05-25 20:26 - 2015-03-04 05:55 - 00367552 _____ (Microsoft Corporation) C:\Windows\system32\clfs.sys
2015-05-25 20:26 - 2015-03-04 05:41 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\clfsw32.dll
2015-05-25 20:26 - 2015-03-04 05:10 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\clfsw32.dll
2015-05-25 20:25 - 2015-02-04 04:16 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2015-05-25 20:25 - 2015-02-04 03:54 - 00417792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPhoto.dll
2015-05-25 20:25 - 2014-07-14 03:02 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-05-25 20:25 - 2014-07-14 02:40 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-05-25 20:25 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2015-05-25 20:25 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2015-05-25 20:25 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2015-05-25 20:25 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2015-05-25 20:25 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2015-05-25 20:25 - 2013-08-28 02:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2015-05-25 19:53 - 2015-05-25 19:53 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-05-25 19:53 - 2015-05-25 19:53 - 00002047 _____ () C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-05-25 19:33 - 2015-05-25 19:34 - 00001913 _____ () C:\DelFix.txt
2015-05-25 19:33 - 2015-05-25 19:33 - 00000000 ____D () C:\Windows\ERUNT
2015-05-25 12:34 - 2015-05-25 12:35 - 00000000 ____D () C:\ProgramData\Sophos
2015-05-25 12:32 - 2015-05-25 12:32 - 00002759 _____ () C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2015-05-25 12:32 - 2015-05-25 12:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2015-05-25 12:31 - 2015-05-25 12:31 - 00000000 ____D () C:\Program Files (x86)\Sophos
2015-05-25 12:27 - 2015-05-25 12:28 - 121994912 _____ (Sophos Limited) C:\Users\Phil is fiiiine\Desktop\Sophos Virus Removal Tool.exe
2015-05-24 14:35 - 2015-05-24 14:35 - 00000000 ____D () C:\Windows\SysWOW64\vbox
2015-05-24 14:35 - 2015-05-24 14:35 - 00000000 ____D () C:\Windows\system32\vbox
2015-05-23 22:23 - 2015-05-23 22:23 - 00364472 _____ (Avast Software s.r.o.) C:\Windows\system32\aswBoot.exe
2015-05-23 22:23 - 2015-05-23 22:23 - 00043112 _____ (Avast Software s.r.o.) C:\Windows\avastSS.scr
2015-05-23 20:58 - 2015-05-23 22:10 - 00000000 ____D () C:\Windows\erdnt
2015-05-23 17:11 - 2015-05-23 17:11 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-M17X-Windows-7-Ultimate-(64-bit).dat
2015-05-23 15:11 - 2015-05-23 15:12 - 00421896 _____ () C:\Users\Phil is fiiiine\Downloads\Unconfirmed 752093.crdownload
2015-05-23 15:11 - 2015-05-23 15:12 - 00421896 _____ () C:\Users\Phil is fiiiine\Downloads\Unconfirmed 704492.crdownload
2015-05-23 15:10 - 2015-05-23 15:12 - 00421896 _____ () C:\Users\Phil is fiiiine\Downloads\Unconfirmed 396237.crdownload
2015-05-23 14:26 - 2015-05-23 14:27 - 21546080 _____ (Malwarebytes Corporation ) C:\Users\Phil is fiiiine\Downloads\mbam-setup-2.1.6.1022.exe
2015-05-23 14:08 - 2015-05-23 14:22 - 00000000 ____D () C:\ProgramData\RogueKiller
2015-05-23 14:08 - 2015-05-23 14:08 - 00035064 _____ () C:\Windows\system32\Drivers\TrueSight.sys
2015-05-22 14:17 - 2015-05-22 14:17 - 00000983 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-05-21 14:35 - 2015-05-23 16:29 - 00000000 ____D () C:\Program Files (x86)\b03f3eb2-ecf3-4ee9-848a-6804140d73f7
2015-05-21 14:35 - 2015-05-23 13:56 - 00000004 _____ () C:\Windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-05-21 14:32 - 2015-05-21 14:32 - 00003638 _____ () C:\Windows\System32\Tasks\Norwood
2015-05-21 03:10 - 2015-05-26 00:05 - 00641386 _____ () C:\Windows\PFRO.log
2015-05-21 02:31 - 2009-06-10 22:00 - 00000824 _____ () C:\Windows\system32\Drivers\etc\hp.bak
2015-05-21 02:29 - 2015-05-21 02:30 - 00000909 _____ () C:\Windows\SysWOW64\${LOGFILE}
2015-05-21 02:28 - 2015-05-21 02:28 - 00000000 ____D () C:\Users\Phil is fiiiine\AppData\Local\Geckofx
2015-05-21 02:27 - 2015-05-21 02:28 - 00000000 ____D () C:\Users\Phil is fiiiine\AppData\Roaming\SSN
2015-05-21 02:15 - 2015-05-21 02:15 - 00000000 ____D () C:\Users\Phil is fiiiine\Downloads\Warhammer 40K - 7th Edition - Codex Space Wolves
2015-05-20 20:40 - 2015-05-26 13:28 - 00001232 _____ () C:\Windows\setupact.log
2015-05-20 20:40 - 2015-05-20 20:40 - 00000000 _____ () C:\Windows\setuperr.log
2015-05-19 11:51 - 2015-05-19 11:55 - 00000000 ____D () C:\Users\Phil is fiiiine\Downloads\Warhammer 40k - 7th Edition Codex - Grey Knights (New Version)
2015-05-19 11:43 - 2015-05-19 11:44 - 00000000 ____D () C:\Users\Phil is fiiiine\.ebookreader
2015-05-19 11:42 - 2015-05-19 11:42 - 17631232 _____ (Icecream Apps ) C:\Users\Phil is fiiiine\Downloads\ebook_reader_setup.exe
2015-05-19 11:42 - 2015-05-19 11:42 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Icecream Ebook Reader
2015-05-19 11:42 - 2015-05-19 11:42 - 00000000 ____D () C:\Program Files (x86)\Icecream Ebook Reader
2015-05-19 11:15 - 2015-05-19 11:46 - 00000000 ____D () C:\Users\Phil is fiiiine\Downloads\Warhammer 40k - 7th Edition Codex - Necrons
2015-05-17 02:34 - 2015-05-17 02:34 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2015-05-16 11:57 - 2015-05-26 13:46 - 01602921 _____ () C:\Windows\WindowsUpdate.log
2015-05-13 10:32 - 2015-05-25 19:55 - 00003886 _____ () C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-05-05 15:31 - 2015-05-08 21:13 - 00000000 ____D () C:\Users\Phil is fiiiine\AppData\Local\Razer_Inc
2015-05-02 17:56 - 2015-05-02 17:56 - 00561248 _____ (Oracle Corporation) C:\Users\Phil is fiiiine\Downloads\jxpiinstall.exe
2015-05-02 11:38 - 2015-05-02 11:38 - 00000000 ____D () C:\Users\Phil is fiiiine\AppData\Roaming\hott notes 4
2015-04-27 00:23 - 2015-04-27 00:23 - 00002150 _____ () C:\Users\Phil is fiiiine\Desktop\Shadow Of Mordor.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-05-26 13:39 - 2013-07-05 10:26 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-05-26 13:38 - 2009-07-14 05:45 - 00022704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-05-26 13:38 - 2009-07-14 05:45 - 00022704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-05-26 13:37 - 2009-07-14 06:13 - 00782470 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-05-26 13:36 - 2013-07-05 23:54 - 00000000 ____D () C:\Program Files (x86)\Steam
2015-05-26 13:35 - 2013-07-05 10:26 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-05-26 13:35 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2015-05-26 13:29 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-05-26 01:02 - 2015-03-20 00:37 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-05-26 00:22 - 2013-07-05 23:18 - 00001413 _____ () C:\Users\Phil is fiiiine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-05-26 00:21 - 2013-07-05 23:18 - 00000300 __RSH () C:\Users\Phil is fiiiine\ntuser.pol
2015-05-26 00:21 - 2013-07-05 23:18 - 00000000 ____D () C:\Users\Phil is fiiiine
2015-05-26 00:20 - 2009-07-14 05:45 - 05047224 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-05-26 00:15 - 2013-05-18 18:29 - 00000000 ____D () C:\Windows\Panther
2015-05-26 00:09 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-05-26 00:09 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-05-26 00:09 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-05-26 00:08 - 2009-07-14 08:46 - 00000000 ____D () C:\Program Files\Windows Journal
2015-05-26 00:08 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files\Windows Defender
2015-05-26 00:08 - 2009-07-14 06:32 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-05-26 00:08 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\tracing
2015-05-26 00:08 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\AdvancedInstallers
2015-05-26 00:01 - 2013-07-18 04:59 - 00766780 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2015-05-25 23:31 - 2013-05-18 11:20 - 00001945 _____ () C:\Windows\epplauncher.mif
2015-05-25 23:30 - 2013-05-18 11:20 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2015-05-25 23:30 - 2013-05-18 11:20 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2015-05-25 22:41 - 2013-07-05 10:27 - 00002207 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2015-05-25 19:55 - 2013-10-11 23:52 - 00000000 ____D () C:\Users\Phil is fiiiine\AppData\Local\Adobe
2015-05-25 19:53 - 2013-07-05 11:51 - 00000000 ____D () C:\ProgramData\Adobe
2015-05-25 19:53 - 2013-07-05 11:51 - 00000000 ____D () C:\Program Files (x86)\Adobe
2015-05-25 00:44 - 2009-07-14 04:20 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2015-05-24 23:43 - 2013-07-06 07:23 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2015-05-23 22:23 - 2014-10-02 16:51 - 00137288 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswStm.sys
2015-05-23 22:23 - 2014-10-02 16:51 - 00029168 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2015-05-23 22:23 - 2013-07-06 07:23 - 01047320 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSnx.sys
2015-05-23 22:23 - 2013-07-06 07:23 - 00442264 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswSP.sys
2015-05-23 22:23 - 2013-07-06 07:23 - 00272248 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2015-05-23 22:23 - 2013-07-06 07:23 - 00093528 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswRdr2.sys
2015-05-23 22:23 - 2013-07-06 07:23 - 00089944 _____ (Avast Software s.r.o.) C:\Windows\system32\Drivers\aswMonFlt.sys
2015-05-23 22:23 - 2013-07-06 07:23 - 00065736 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2015-05-23 22:11 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-05-23 22:05 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2015-05-23 17:01 - 2014-07-12 21:19 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-05-23 14:28 - 2014-07-12 21:19 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-05-23 14:28 - 2014-07-12 21:19 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-05-22 14:31 - 2015-03-27 01:26 - 00000000 ____D () C:\Windows\system32\appmgmt
2015-05-22 13:08 - 2015-03-20 04:44 - 00000000 ____D () C:\Users\Phil is fiiiine\AppData\Roaming\.ACEStream
2015-05-22 13:08 - 2015-03-20 04:38 - 00000000 ____D () C:\Users\Phil is fiiiine\AppData\Roaming\ACEStream
2015-05-19 11:39 - 2015-04-10 22:04 - 00027005 _____ () C:\Users\Phil is fiiiine\Downloads\cr3.log
2015-05-19 11:39 - 2015-04-10 22:04 - 00000000 ____D () C:\Users\Phil is fiiiine\.cr3
2015-05-17 12:28 - 2015-03-20 00:37 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2015-05-17 12:28 - 2013-07-16 05:00 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-05-17 12:28 - 2013-07-16 05:00 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-05-17 12:27 - 2013-07-05 10:31 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2015-05-16 17:34 - 2013-07-05 10:26 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-05-16 17:34 - 2013-07-05 10:26 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-05-16 17:24 - 2015-03-22 15:01 - 00000000 ____D () C:\_acestream_cache_
2015-05-13 10:31 - 2013-07-16 05:00 - 00000000 ____D () C:\Users\Phil is fiiiine\AppData\Roaming\Adobe
2015-05-09 23:23 - 2015-03-19 23:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DivX
2015-05-09 23:23 - 2014-04-14 13:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Razer
2015-05-09 23:23 - 2014-04-14 13:28 - 00000000 ____D () C:\Program Files (x86)\Razer
2015-05-09 23:23 - 2013-11-17 12:56 - 00000000 ____D () C:\Users\TEMP
2015-05-09 23:23 - 2013-08-24 05:01 - 00000000 ____D () C:\Users\Phil is fiiiine\AppData\Roaming\DivX
2015-05-09 23:23 - 2013-08-24 04:55 - 00000000 ____D () C:\Program Files (x86)\DivX
2015-05-09 23:23 - 2013-08-14 04:36 - 00000000 ____D () C:\Program Files\DivX
2015-05-09 23:23 - 2013-08-14 04:33 - 00000000 ____D () C:\ProgramData\DivX
2015-05-09 23:23 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2015-05-09 23:22 - 2015-04-02 05:49 - 00000000 ____D () C:\Users\Phil is fiiiine\AppData\Local\Popcorn-Time
2015-05-09 23:22 - 2014-04-14 13:28 - 00000000 ____D () C:\ProgramData\Razer
2015-05-05 15:33 - 2013-07-18 05:01 - 00000000 ____D () C:\Users\Phil is fiiiine\AppData\Local\Razer
2015-05-05 15:31 - 2013-07-18 05:01 - 00000000 ____D () C:\Users\Phil is fiiiine\Documents\Razer
2015-05-02 17:58 - 2014-11-11 10:46 - 00000000 ____D () C:\Program Files (x86)\Java
2015-05-02 17:58 - 2014-05-02 22:46 - 00000000 ____D () C:\ProgramData\Oracle
2015-05-02 17:57 - 2014-11-11 10:46 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-05-01 23:46 - 2015-03-28 03:48 - 00000000 ____D () C:\Program Files (x86)\SystemRequirementsLab
2015-05-01 20:13 - 2009-07-14 06:08 - 00032608 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-04-30 10:07 - 2013-05-18 10:19 - 140425016 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-05-25 00:11

==================== End of log ============================
 
Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

After restart let me know what is left.
 

Attachments

  • fixlist.txt
    366 bytes · Views: 1
I can't see that ssrp.exe program in my process list anymore which is good news =) I don't think that "work" program is there either. The customise taskbar area still shows that bobrowser and crossbrowse though, it still looks like this...
upload_2015-5-26_22-9-44.png
 
Here's the log you requested

Fix result of Farbar Recovery Scan Tool (x64) Version: 25-05-2015
Ran by Phil is fiiiine at 2015-05-26 21:54:18 Run:1
Running from C:\Users\Phil is fiiiine\Desktop
Loaded Profiles: Phil is fiiiine (Available Profiles: user & Phil is fiiiine)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM\...\Run: [3D BubbleSound] => "C:\Program Files\BubbleSound\3D BubbleSound.exe"
C:\Program Files\BubbleSound
HKLM-x32\...\Run: [FAStartup] => [X]
HKU\S-1-5-21-2075418120-132197448-404415077-1003\...\Run: [Save Serp Now] => C:\Users\Phil is fiiiine\AppData\Roaming\SSN\updssn.exe [26112 2014-11-21] ()
C:\Users\Phil is fiiiine\AppData\Roaming\SSN\updssn.exe

*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\3D BubbleSound => value Removed successfully
"C:\Program Files\BubbleSound" => File/Folder not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\FAStartup => value Removed successfully
HKU\S-1-5-21-2075418120-132197448-404415077-1003\Software\Microsoft\Windows\CurrentVersion\Run\\Save Serp Now => value Removed successfully
C:\Users\Phil is fiiiine\AppData\Roaming\SSN\updssn.exe => Moved successfully.

==== End of Fixlog 21:54:19 ====
 
Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64-bit users go HERE
  • Double-click SystemLook.exe to run it.
  • Vista users:: Right click on SystemLook.exe, click Run As Administrator
  • Copy the content of the following box and paste it into the main textfield:
Code: 
:regfind
crossbrowse*
bobrowser*
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
 
You must log in or register to reply here.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
796
uber_beetle
uber_beetle
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A
wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni

Latest posts

Back