Jump to content

Build Theme!
  •  
  • Unreplied Topics
  • Downloads
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 93098 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Suspected Google redirect [Closed]

Started by collfopp , Mar 10 2014 06:53 AM
google redirect malware ngix 404 not found

  • This topic is locked This topic is locked
29 replies to this topic

#1 collfopp

collfopp

    New Member

  • Authentic Member
  • Pip
  • 19 posts

Posted 10 March 2014 - 06:53 AM

Hello, I suspect that I have remnants of the google redirect virus but I am not sure. Periodically, and it seems random, I will try and load chrome and I get a message "404 Not Found" with a little ngix underneath. Other times I will get "Oops cannot load this page" message. When i try to go around that I will get another message that has a red lock with a slash through it and it says something like "cannot connect to the real google" Other times the normal google page will load as a secured site and everything seems fine. And still other time I will load a page that looks like google but I suspect to be an imposter site. It happens almost randomly. The real issue that I see is that any device connected to my network will randomly get the "404 Not Found" ngix message when google is loaded on the device. Internet explorer is also affected and cannot load google.  Any help would be greatly appreciated. Thanks.


    Advertisements

Register to Remove

#2 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 10 March 2014 - 07:18 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

Scan with FRST in normal mode

Please download Farbar's Recovery Scan Tool to your desktop: FRST 32bit or FRST 64bit (If not sure: Start --> Computer (right click) --> properties)

  • Run FRST.
  • Don´t change one of the checkboxes and hit Scan.
  • Logfiles are created on your desktop.
  • Poste the FRST.txt and (after the first scan only!) the Addition.txt.

 

 

 

 

Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.

  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )
  • Leave everything else as it is.
  • Close all other running programs as well as your Browser.
  • Click the Scan button & wait for it to finish.
  • Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop.
  • Please post the content of the ark.txt here.

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries


Proud Member of UNITE & TB
 

#3 collfopp

collfopp

    New Member

  • Authentic Member
  • Pip
  • 19 posts

Posted 10 March 2014 - 07:47 AM

Hello, Thank you. When i attempted to load the link to download FRST, a page loaded that said SSL Error: You attempted to reach www.bleepingcomputer.com, but instead you actually reached a server identifying itself as www.paypal.com. This may be caused by a misconfiguration on the server or by something more serious. An attacker on your network could be trying to get you to visit a fake (and potentially harmful) version of www.bleepingcomputer.com. You should not proceed, especially if you have never seen this message before. 

 

I searched for the program instead, and when I tried to save to desktop I received a message from windows that said "Windows SmartScreen prevented an unrecognized app from starting. Running this app might put you PC at risk."

 

Should I proceed anyway?


#4 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 10 March 2014 - 08:04 AM

Don´t download this program from anywhere else instead of bleepingcomputer.com.

Please try it on another browser.


Proud Member of UNITE & TB
 

#5 collfopp

collfopp

    New Member

  • Authentic Member
  • Pip
  • 19 posts

Posted 10 March 2014 - 08:07 AM

Okay here is the FRST.txt file:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 09-03-2014 02
Ran by Chris (administrator) on MYCOMPUTER on 10-03-2014 10:02:17
Running from C:\Users\Chris\Downloads
Windows 8.1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal
 
The only official download link for FRST:
Download link from any site other than Bleeping Computer is unpermitted or outdated.
 
==================== Processes (Whitelisted) =================
 
(AMD) C:\WINDOWS\system32\atiesrxx.exe
(AMD) C:\WINDOWS\system32\atieclxx.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
(Microsoft Corporation) C:\WINDOWS\system32\dashost.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Microsoft Corporation) C:\Windows\System32\skydrive.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe
(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe
() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\Support Center\GuaranaAgent.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13191824 2012-08-10] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)
HKLM\...\Run: [Bitcasa] - C:\Program Files\Bitcasa\Bitcasa.exe [3952128 2012-11-26] (Bitcasa, Inc)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2917688 2012-10-16] (Synaptics Incorporated)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642216 2012-09-12] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Norton Online Backup] - C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [2994880 2012-08-14] (Symantec Corporation)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [35736 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [843712 2012-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer_For_P2G8] - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
HKLM-x32\...\Run: [CLVirtualDrive] - C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [295512 2014-02-17] (RealNetworks, Inc.)
HKLM\...\Policies\Explorer\Run: [BtvStack] - C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [132736 2013-09-25] ( (Qualcomm®Atheros®))
SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://samsung13.msn.com
SearchScopes: HKLM - {30BE217D-B83F-436F-9EF7-93595A3D93EA} URL = http://www.bing.com/...E10TR&pc=MASMJS
SearchScopes: HKLM-x32 - {30BE217D-B83F-436F-9EF7-93595A3D93EA} URL = http://www.bing.com/...E10TR&pc=MASMJS
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {30BE217D-B83F-436F-9EF7-93595A3D93EA} URL = 
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
 
Chrome: 
=======
CHR HomePage: hxxp://www.google.com/
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.1.377\_platform_specific\win_x86\widevinecdmadapter.dll No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\pdf.dll ()
CHR Plugin: (Norton Identity Safe) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.7.3_0\npcoplgn.dll (Symantec Corporation)
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.510.13) - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
CHR Plugin: (Java™ Platform SE 7 U51) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
CHR Plugin: (RealPlayer Download Plugin) - C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2013) - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (RealNetworks™ RealDownloader Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks™ RealDownloader HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealNetworks™ RealDownloader PepperFlashVideoShim Plug-In (32-bit) ) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
CHR Plugin: (RealDownloader Plugin) - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
CHR Extension: (YouTube) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-02-17]
CHR Extension: (Google Search) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-02-17]
CHR Extension: (Norton Identity Protection) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-02-17]
CHR Extension: (Google Wallet) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-02-17]
CHR Extension: (Gmail) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-02-17]
CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]
CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crx [2014-02-09]
 
==================== Services (Whitelisted) =================
 
R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [172104 2013-01-26] (Adobe Systems Incorporated)
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [312448 2013-09-25] (Windows ® Win 7 DDK provider)
R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1591176 2012-11-30] (Samsung Electronics CO., LTD.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NIS; C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [144368 2013-05-21] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [3943104 2012-08-14] (Symantec Corporation)
R2 OfficeSvc; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [1907896 2013-10-31] (Microsoft Corporation)
R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()
R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3018800 2013-10-22] (Samsung Electronics CO., LTD.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [346872 2013-08-22] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23840 2013-08-22] (Microsoft Corporation)
R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2013-09-25] (Atheros)
S2 OutfoxTvService; C:\Program Files\OutfoxTV\OutfoxTvService.exe [X]
 
==================== Drivers (Whitelisted) ====================
 
S0 ADP80XX; C:\Windows\System32\drivers\ADP80XX.SYS [782176 2013-08-22] (PMC-Sierra)
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [35496 2012-07-09] (Advanced Micro Devices, Inc.)
S2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [199008 2012-06-22] (AppEx Networks Corporation)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdW86.sys [91648 2012-08-21] (Advanced Micro Devices)
S3 bcmfn2; C:\Windows\System32\drivers\bcmfn2.sys [17624 2013-08-12] (Windows ® Win 7 DDK provider)
R3 BHDrvx64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20140214.001\BHDrvx64.sys [1526488 2013-12-17] (Symantec Corporation)
R3 BTATH_HID; C:\Windows\system32\DRIVERS\btath_hid.sys [223432 2013-09-25] (Qualcomm Atheros)
R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2013-09-25] (Qualcomm Atheros)
R3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [224768 2013-08-22] (Microsoft Corporation)
R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [352456 2012-08-05] (EldoS Corporation)
R1 ccSet_NARA; C:\Windows\system32\drivers\NARAx64\0401000.00E\ccSetx64.sys [168608 2012-05-25] (Symantec Corporation)
R3 ccSet_NIS; C:\Windows\system32\drivers\NISx64\1404000.028\ccSetx64.sys [169048 2013-04-15] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-24] (CyberLink)
R3 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-12-25] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-12-25] (Symantec Corporation)
S3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [14872 2014-01-07] ()
S3 iaLPSSi_GPIO; C:\Windows\System32\drivers\iaLPSSi_GPIO.sys [24568 2013-07-30] (Intel Corporation)
S3 iaLPSSi_I2C; C:\Windows\System32\drivers\iaLPSSi_I2C.sys [99320 2013-07-25] (Intel Corporation)
S0 iaStorAV; C:\Windows\System32\drivers\iaStorAV.sys [651248 2013-08-09] (Intel Corporation)
R3 IDSVia64; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20140221.001\IDSvia64.sys [521944 2014-01-20] (Symantec Corporation)
R0 intelpep; C:\Windows\System32\drivers\intelpep.sys [39768 2014-02-13] (Microsoft Corporation)
S0 LSI_SAS3; C:\Windows\System32\drivers\lsi_sas3.sys [81760 2013-08-22] (LSI Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20140222.007\ENG64.SYS [126040 2013-12-25] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\VirusDefs\20140222.007\EX64.SYS [2099288 2013-12-25] (Symantec Corporation)
R3 NdisVirtualBus; C:\Windows\System32\drivers\NdisVirtualBus.sys [16384 2013-08-22] (Microsoft Corporation)
S3 netvsc; C:\Windows\system32\DRIVERS\netvsc63.sys [87040 2013-08-22] (Microsoft Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-09] (Corel Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows ® Win 7 DDK provider)
S3 ReFS; C:\Windows\System32\Drivers\ReFS.sys [924512 2013-08-22] (Microsoft Corporation)
S3 SerCx2; C:\Windows\System32\drivers\SerCx2.sys [146776 2014-02-13] (Microsoft Corporation)
S3 SRTSP; C:\Windows\System32\Drivers\NISx64\1404000.028\SRTSP64.SYS [796760 2013-05-16] (Symantec Corporation)
R3 SRTSPX; C:\Windows\system32\drivers\NISx64\1404000.028\SRTSPX64.SYS [36952 2013-03-04] (Symantec Corporation)
S0 stornvme; C:\Windows\System32\drivers\stornvme.sys [57176 2013-11-14] (Microsoft Corporation)
R3 SymDS; C:\Windows\system32\drivers\NISx64\1404000.028\SYMDS64.SYS [493656 2013-05-21] (Symantec Corporation)
R3 SymEFA; C:\Windows\system32\drivers\NISx64\1404000.028\SYMEFA64.SYS [1139800 2013-05-23] (Symantec Corporation)
S4 SymELAM; C:\Windows\system32\drivers\NISx64\1404000.028\SymELAM.sys [23448 2012-06-20] (Symantec Corporation)
R3 SymEvent; C:\windows\system32\Drivers\SYMEVENT64x86.SYS [177312 2013-12-27] (Symantec Corporation)
R3 SymIRON; C:\Windows\system32\drivers\NISx64\1404000.028\Ironx64.SYS [224416 2013-03-04] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NISx64\1404000.028\SYMNETS.SYS [433752 2013-04-24] (Symantec Corporation)
S3 UEFI; C:\Windows\System32\drivers\UEFI.sys [26976 2013-08-22] (Microsoft Corporation)
S3 vzandnetadb; C:\Windows\System32\Drivers\lgvzandnetadb.sys [31744 2013-05-08] (Google Inc)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [124256 2013-08-22] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2014-03-10 10:02 - 2014-03-10 10:02 - 00020676 _____ () C:\Users\Chris\Downloads\FRST.txt
2014-03-10 10:01 - 2014-03-10 10:02 - 00000000 ____D () C:\FRST
2014-03-10 09:44 - 2014-03-10 09:44 - 02157056 _____ (Farbar) C:\Users\Chris\Downloads\FRST64.exe
2014-03-10 09:33 - 2014-03-10 09:33 - 00144321 _____ () C:\Users\Chris\Desktop\Oops! Google Chrome could not connect to www.google.htm
2014-03-10 08:28 - 2014-03-10 08:28 - 00000000 ___RD () C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-03-08 14:08 - 2014-03-10 09:41 - 00282080 _____ () C:\WINDOWS\WindowsUpdate.log
2014-03-08 00:44 - 2014-03-08 00:44 - 04765152 _____ (Piriform Ltd) C:\Users\Chris\Downloads\ccsetup411.exe
2014-03-08 00:44 - 2014-03-08 00:44 - 00002772 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2014-03-08 00:44 - 2014-03-08 00:44 - 00000834 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-03-08 00:44 - 2014-03-08 00:44 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-08 00:24 - 2014-03-08 00:24 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_lgvzandnetadb_01005.Wdf
2014-03-07 17:04 - 2014-03-07 17:04 - 04110135 _____ () C:\Users\Chris\Downloads\tdsskiller (1).zip
2014-03-07 15:56 - 2014-03-07 15:56 - 00000000 ____D () C:\WINDOWS\Minidump
2014-03-06 19:40 - 2014-03-06 19:40 - 00002198 _____ () C:\Users\Chris\Desktop\SpyHunter.lnk
2014-03-06 19:38 - 2014-03-06 19:38 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Chris\Downloads\SpyHunter-Installer (1).exe
2014-03-06 19:33 - 2014-03-06 19:33 - 00991232 _____ () C:\Users\Chris\Downloads\MicrosoftFixit50267.msi
2014-02-24 19:49 - 2014-02-24 19:49 - 00000000 ____D () C:\ProgramData\Atheros
2014-02-24 19:48 - 2014-02-24 19:48 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Atheros
2014-02-23 20:13 - 2014-02-23 20:16 - 00000000 ____D () C:\Program Files\Common Files\QCA_Bluetooth
2014-02-23 20:13 - 2014-02-23 20:14 - 00000000 ____D () C:\Program Files (x86)\Bluetooth Suite
2014-02-23 20:11 - 2014-02-23 20:11 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp
2014-02-18 02:12 - 2014-02-18 02:12 - 10820032 _____ (SurfRight B.V.) C:\Users\Chris\Downloads\HitmanPro_x64.exe
2014-02-18 02:11 - 2014-02-18 02:11 - 25640672 _____ (Microsoft Corporation) C:\Users\Chris\Downloads\Windows-KB890830-x64-V5.9.exe
2014-02-18 01:46 - 2014-03-07 17:05 - 00000000 ____D () C:\Users\Chris\Desktop\Scanners
2014-02-18 01:30 - 2014-02-18 01:30 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-02-18 01:30 - 2014-02-18 01:30 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-02-18 00:36 - 2014-02-18 00:36 - 00000000 _____ () C:\autoexec.bat
2014-02-18 00:35 - 2014-03-06 19:40 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-02-18 00:35 - 2014-02-18 00:35 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-02-18 00:34 - 2014-03-06 19:40 - 00000000 ____D () C:\WINDOWS\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-02-18 00:27 - 2014-02-18 00:28 - 04102163 _____ () C:\Users\Chris\Downloads\tdsskiller.zip
2014-02-17 23:37 - 2014-02-17 23:37 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Chris\Downloads\tdsskiller.exe
2014-02-17 23:36 - 2014-02-17 23:36 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Chris\Downloads\SpyHunter-Installer.exe
2014-02-17 23:23 - 2014-02-17 23:23 - 01402880 _____ () C:\Users\Chris\Downloads\HijackThis.msi
2014-02-17 19:02 - 2014-02-17 19:02 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-02-17 16:46 - 2014-03-06 19:35 - 00000831 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.txt
2014-02-17 14:51 - 2014-03-08 00:59 - 00000000 ____D () C:\Users\Chris\AppData\Local\NPE
2014-02-17 09:58 - 2014-03-09 19:20 - 00003344 _____ () C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-82314938-1216361947-774549228-1001
2014-02-17 09:58 - 2014-03-09 19:20 - 00003286 _____ () C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-82314938-1216361947-774549228-1001
2014-02-17 09:58 - 2014-02-17 09:58 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\RealNetworks
2014-02-17 09:58 - 2014-02-17 09:58 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Google
2014-02-17 09:58 - 2014-02-17 09:58 - 00000000 ____D () C:\Users\Chris\AppData\Local\Real
2014-02-17 09:58 - 2014-02-17 09:58 - 00000000 ____D () C:\ProgramData\Google
2014-02-17 09:58 - 2014-02-17 09:58 - 00000000 ____D () C:\Program Files\Google
2014-02-17 09:58 - 2014-02-17 09:58 - 00000000 ____D () C:\Program Files (x86)\GUMFFE1.tmp
2014-02-17 09:57 - 2014-02-17 09:57 - 00000000 ____D () C:\ProgramData\RealNetworks
2014-02-17 09:57 - 2014-02-17 09:57 - 00000000 ____D () C:\Program Files (x86)\RealNetworks
2014-02-17 09:56 - 2014-02-17 10:03 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Real
2014-02-17 09:56 - 2014-02-17 09:57 - 00000000 ____D () C:\Program Files (x86)\Real
2014-02-17 09:56 - 2014-02-17 09:56 - 00272896 _____ (Progressive Networks) C:\WINDOWS\SysWOW64\pncrt.dll
2014-02-17 09:56 - 2014-02-17 09:56 - 00201872 _____ (RealNetworks, Inc.) C:\WINDOWS\SysWOW64\rmoc3260.dll
2014-02-17 09:56 - 2014-02-17 09:56 - 00006656 _____ (RealNetworks, Inc.) C:\WINDOWS\SysWOW64\pndx5016.dll
2014-02-17 09:56 - 2014-02-17 09:56 - 00005632 _____ (RealNetworks, Inc.) C:\WINDOWS\SysWOW64\pndx5032.dll
2014-02-17 09:55 - 2014-03-10 09:58 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-17 09:55 - 2014-03-10 08:29 - 00000914 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-17 09:55 - 2014-02-20 21:53 - 00003890 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-17 09:55 - 2014-02-20 21:53 - 00003654 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-17 09:54 - 2014-02-17 10:03 - 00000000 ____D () C:\ProgramData\Real
2014-02-16 23:48 - 2014-02-16 23:48 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Malwarebytes
2014-02-16 23:48 - 2014-02-16 23:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-16 23:48 - 2014-02-16 23:48 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-16 23:48 - 2013-04-04 15:50 - 00025928 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2014-02-16 19:13 - 2014-02-16 19:13 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\AVAST Software
2014-02-16 19:04 - 2014-02-16 19:04 - 00334136 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-02-16 19:04 - 2014-02-16 19:04 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-02-16 19:03 - 2014-02-16 19:03 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-02-16 19:03 - 2014-02-16 19:03 - 00000000 ____D () C:\Program Files\AVAST Software
2014-02-16 18:55 - 2014-02-16 18:55 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\TuneUp Software
2014-02-16 18:51 - 2014-02-16 22:56 - 00000000 ____D () C:\ProgramData\MFAData
2014-02-16 18:51 - 2014-02-16 18:51 - 00000000 ____D () C:\Users\Chris\AppData\Local\MFAData
2014-02-16 18:49 - 2014-02-16 18:49 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Image-Line
2014-02-16 18:48 - 2014-02-16 20:25 - 00000000 ____D () C:\Program Files (x86)\DSPRobotics
2014-02-16 18:48 - 2014-02-16 18:48 - 00000000 ____D () C:\Users\Chris\Documents\Image-Line
2014-02-16 18:48 - 2014-02-16 18:48 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2014-02-16 18:48 - 2014-02-16 18:48 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\FlowStone
2014-02-16 18:48 - 2014-02-16 18:48 - 00000000 ____D () C:\Program Files\Image-Line
2014-02-16 18:42 - 2014-02-16 18:48 - 00000000 ____D () C:\Program Files (x86)\Image-Line
2014-02-16 18:39 - 2014-02-17 02:19 - 00000000 ____D () C:\Program Files\Level Quality Watcher
2014-02-16 15:46 - 2014-03-10 09:49 - 00003934 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{71C90436-0DC2-4100-ADD3-85086799674D}
2014-02-15 18:02 - 2014-03-10 08:49 - 00004980 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for MYCOMPUTER-Chris MyComputer
2014-02-15 17:34 - 2014-02-15 17:34 - 00572088 _____ (Microsoft Corporation) C:\Users\Chris\Downloads\Setup.X86.en-US_HomeStudentRetail_91abd698-863c-4359-b33d-828201b7117f_TX_PR_.exe
2014-02-13 22:47 - 2014-02-13 22:47 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Norton Internet Security
2014-02-13 22:46 - 2014-03-10 08:27 - 00000000 __RDO () C:\Users\Chris\SkyDrive
2014-02-13 22:45 - 2014-02-13 22:45 - 00002060 _____ () C:\Users\Public\Desktop\Support Center.lnk
2014-02-13 22:39 - 2014-02-13 22:39 - 00001438 _____ () C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-13 22:38 - 2014-02-13 22:38 - 00000020 ___SH () C:\Users\Chris\ntuser.ini
2014-02-13 00:50 - 2014-03-08 00:45 - 00000000 ___DC () C:\WINDOWS\Panther
2014-02-13 00:50 - 2014-02-12 21:56 - 00000000 __SHD () C:\Recovery
2014-02-13 00:48 - 2014-02-13 00:48 - 01113040 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2014-02-13 00:48 - 2014-02-13 00:48 - 00835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2014-02-13 00:48 - 2014-02-13 00:48 - 00787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2014-02-13 00:48 - 2014-02-13 00:48 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdrm.dll
2014-02-13 00:48 - 2014-02-13 00:48 - 00548864 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-02-13 00:48 - 2014-02-13 00:48 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-02-13 00:48 - 2014-02-13 00:48 - 00444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdrm.dll
2014-02-13 00:48 - 2014-02-13 00:48 - 00393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2014-02-13 00:48 - 2014-02-13 00:48 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2014-02-13 00:48 - 2014-02-13 00:48 - 00075360 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2014-02-13 00:48 - 2014-02-13 00:48 - 00070680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2014-02-13 00:47 - 2014-02-13 00:47 - 03395920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2014-02-13 00:47 - 2014-02-13 00:47 - 00848384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-02-13 00:47 - 2014-02-13 00:47 - 00695808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-02-13 00:47 - 2014-02-13 00:47 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-02-13 00:47 - 2014-02-13 00:47 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2014-02-13 00:47 - 2014-02-13 00:47 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll
2014-02-13 00:47 - 2014-02-13 00:47 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-02-13 00:47 - 2014-02-13 00:47 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll
2014-02-13 00:47 - 2014-02-13 00:47 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll
2014-02-13 00:47 - 2014-02-13 00:47 - 00138240 _____ () C:\WINDOWS\system32\OEMLicense.dll
2014-02-13 00:47 - 2014-02-13 00:47 - 00103936 _____ () C:\WINDOWS\SysWOW64\OEMLicense.dll
2014-02-13 00:47 - 2014-02-13 00:47 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe
2014-02-13 00:47 - 2014-02-13 00:47 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe
2014-02-13 00:47 - 2014-02-13 00:47 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe
2014-02-13 00:46 - 2014-02-13 00:46 - 23170048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-02-13 00:46 - 2014-02-13 00:46 - 17103872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-02-13 00:46 - 2014-02-13 00:46 - 13051392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-02-13 00:46 - 2014-02-13 00:46 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-02-13 00:46 - 2014-02-13 00:46 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-02-13 00:46 - 2014-02-13 00:46 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-02-13 00:46 - 2014-02-13 00:46 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-02-13 00:46 - 2014-02-13 00:46 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-02-13 00:46 - 2014-02-13 00:46 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-02-13 00:46 - 2014-02-13 00:46 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-02-13 00:46 - 2014-02-13 00:46 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-02-13 00:46 - 2014-02-13 00:46 - 02041856 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-02-13 00:46 - 2014-02-13 00:46 - 01964032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-02-13 00:46 - 2014-02-13 00:46 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-02-13 00:46 - 2014-02-13 00:46 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-02-13 00:46 - 2014-02-13 00:46 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-02-13 00:46 - 2014-02-13 00:46 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-02-13 00:46 - 2014-02-13 00:46 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-02-13 00:46 - 2014-02-13 00:46 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-02-13 00:46 - 2014-02-13 00:46 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-02-13 00:46 - 2014-02-13 00:46 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2014-02-13 00:46 - 2014-02-13 00:46 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-02-13 00:46 - 2014-02-13 00:46 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-02-13 00:46 - 2014-02-13 00:46 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2014-02-13 00:46 - 2014-02-13 00:46 - 00240128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2014-02-13 00:46 - 2014-02-13 00:46 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-02-13 00:46 - 2014-02-13 00:46 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-02-13 00:46 - 2014-02-13 00:46 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-02-13 00:46 - 2014-02-13 00:46 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-02-13 00:46 - 2014-02-13 00:46 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-02-13 00:46 - 2014-02-13 00:46 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-02-13 00:46 - 2014-02-13 00:46 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-02-13 00:46 - 2014-02-13 00:46 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-02-13 00:46 - 2014-02-13 00:46 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-02-13 00:46 - 2014-02-13 00:46 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-02-13 00:46 - 2014-02-13 00:46 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-02-13 00:46 - 2014-02-13 00:46 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-02-13 00:46 - 2014-02-13 00:46 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-02-13 00:46 - 2014-02-13 00:46 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-02-13 00:46 - 2014-02-13 00:46 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-02-13 00:44 - 2014-02-13 00:44 - 13209088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-02-13 00:44 - 2014-02-13 00:44 - 11702272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-02-13 00:44 - 2014-02-13 00:44 - 07416832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2014-02-13 00:44 - 2014-02-13 00:44 - 04961792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2014-02-13 00:44 - 2014-02-13 00:44 - 04217344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-02-13 00:44 - 2014-02-13 00:44 - 02804224 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-02-13 00:44 - 2014-02-13 00:44 - 01462216 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2014-02-13 00:44 - 2014-02-13 00:44 - 01202888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2014-02-13 00:44 - 2014-02-13 00:44 - 01105408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2014-02-13 00:44 - 2014-02-13 00:44 - 01020928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-02-13 00:44 - 2014-02-13 00:44 - 00919040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-02-13 00:44 - 2014-02-13 00:44 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-02-13 00:44 - 2014-02-13 00:44 - 00830976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2014-02-13 00:44 - 2014-02-13 00:44 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-02-13 00:44 - 2014-02-13 00:44 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-02-13 00:44 - 2014-02-13 00:44 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
2014-02-13 00:44 - 2014-02-13 00:44 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-02-13 00:44 - 2014-02-13 00:44 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll
2014-02-13 00:44 - 2014-02-13 00:44 - 00009701 _____ () C:\WINDOWS\SysWOW64\connectedsearch-results.searchconnector-ms
2014-02-13 00:44 - 2014-02-13 00:44 - 00009701 _____ () C:\WINDOWS\system32\connectedsearch-results.searchconnector-ms
2014-02-13 00:43 - 2014-02-13 00:43 - 21196664 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 18642504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 18577920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 13925888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 04604416 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 04191232 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-02-13 00:43 - 2014-02-13 00:43 - 03936256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 03210528 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 02804528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 02617344 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 02551128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-02-13 00:43 - 2014-02-13 00:43 - 02397184 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 02142936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 02131120 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 02071552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 01928144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 01503232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 01415680 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 01399176 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 01374384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 01371312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 01227264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 01204968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 01119064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2014-02-13 00:43 - 2014-02-13 00:43 - 00980480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 00809872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 00764856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 00745336 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 00744448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 00669344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 00663680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 00637952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2014-02-13 00:43 - 2014-02-13 00:43 - 00589824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 00552624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 00513536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 00479744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2014-02-13 00:43 - 2014-02-13 00:43 - 00470016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 00403456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2014-02-13 00:43 - 2014-02-13 00:43 - 00385614 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-02-13 00:43 - 2014-02-13 00:43 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\msieftp.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msieftp.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 00263168 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 00218112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceregistration.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ipnat.sys
2014-02-13 00:43 - 2014-02-13 00:43 - 00142680 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2014-02-13 00:43 - 2014-02-13 00:43 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 00032088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ploptin.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\bi.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 00019456 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BtaMPM.sys
2014-02-13 00:41 - 2014-02-13 00:41 - 02152448 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2014-02-13 00:41 - 2014-02-13 00:41 - 01317376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2014-02-13 00:40 - 2014-02-13 00:40 - 07399256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2014-02-13 00:40 - 2014-02-13 00:40 - 02896896 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2014-02-13 00:40 - 2014-02-13 00:40 - 02570240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2014-02-13 00:40 - 2014-02-13 00:40 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2014-02-13 00:40 - 2014-02-13 00:40 - 02143744 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2014-02-13 00:40 - 2014-02-13 00:40 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2014-02-13 00:40 - 2014-02-13 00:40 - 01843712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2014-02-13 00:40 - 2014-02-13 00:40 - 01816576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll
2014-02-13 00:40 - 2014-02-13 00:40 - 01765384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2014-02-13 00:40 - 2014-02-13 00:40 - 01765376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2014-02-13 00:40 - 2014-02-13 00:40 - 01756160 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2014-02-13 00:40 - 2014-02-13 00:40 - 01642016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2014-02-13 00:40 - 2014-02-13 00:40 - 01530200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2014-02-13 00:40 - 2014-02-13 00:40 - 01506680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2014-02-13 00:40 - 2014-02-13 00:40 - 01476184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2014-02-13 00:40 - 2014-02-13 00:40 - 01391104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2014-02-13 00:40 - 2014-02-13 00:40 - 01345536 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2014-02-13 00:40 - 2014-02-13 00:40 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2014-02-13 00:40 - 2014-02-13 00:40 - 00922624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2014-02-13 00:40 - 2014-02-13 00:40 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2014-02-13 00:40 - 2014-02-13 00:40 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2014-02-13 00:40 - 2014-02-13 00:40 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2014-02-13 00:40 - 2014-02-13 00:40 - 00516496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2014-02-13 00:40 - 2014-02-13 00:40 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2014-02-13 00:40 - 2014-02-13 00:40 - 00382808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2014-02-13 00:40 - 2014-02-13 00:40 - 00372568 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2014-02-13 00:40 - 2014-02-13 00:40 - 00358896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2014-02-13 00:40 - 2014-02-13 00:40 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2014-02-13 00:40 - 2014-02-13 00:40 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2014-02-13 00:40 - 2014-02-13 00:40 - 00225792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2014-02-13 00:40 - 2014-02-13 00:40 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2014-02-13 00:40 - 2014-02-13 00:40 - 00146776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SerCx2.sys
2014-02-13 00:40 - 2014-02-13 00:40 - 00086872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2014-02-13 00:40 - 2014-02-13 00:40 - 00039768 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2014-02-13 00:40 - 2014-02-13 00:40 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialMigrationHandler.dll
2014-02-13 00:40 - 2014-02-13 00:40 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll
2014-02-13 00:39 - 2014-02-13 00:39 - 00262144 _____ () C:\WINDOWS\system32\config\userdiff
2014-02-13 00:37 - 2014-02-13 00:37 - 00000000 ____D () C:\Program Files\Reference Assemblies
2014-02-13 00:37 - 2014-02-13 00:37 - 00000000 ____D () C:\Program Files\MSBuild
2014-02-13 00:37 - 2014-02-13 00:37 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies
2014-02-13 00:37 - 2014-02-13 00:37 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-02-13 00:36 - 2013-08-03 00:48 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2014-02-13 00:36 - 2013-08-03 00:48 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2014-02-13 00:36 - 2013-08-03 00:48 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2014-02-13 00:36 - 2013-08-03 00:41 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2014-02-13 00:36 - 2013-08-03 00:41 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-02-13 00:36 - 2013-08-03 00:41 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2014-02-12 22:19 - 2014-02-12 22:19 - 00022744 _____ () C:\WINDOWS\system32\emptyregdb.dat
2014-02-12 22:01 - 2014-02-12 22:01 - 00000000 ____D () C:\WINDOWS\system32\config\bbimigrate
2014-02-12 22:00 - 2014-03-08 00:51 - 00000000 ____D () C:\Users\Chris
2014-02-12 22:00 - 2014-02-12 22:01 - 00000000 ___RD () C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-02-12 22:00 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-02-12 22:00 - 2013-08-22 11:36 - 00000000 ___RD () C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-02-12 22:00 - 2013-08-22 11:36 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2014-02-12 21:59 - 2014-02-12 22:20 - 00020958 _____ () C:\WINDOWS\diagwrn.xml
2014-02-12 21:59 - 2014-02-12 22:20 - 00020958 _____ () C:\WINDOWS\diagerr.xml
2014-02-12 21:54 - 2014-02-12 21:54 - 00000000 ____D () C:\WINDOWS\system32\SRSLabs
2014-02-12 21:53 - 2014-02-23 20:11 - 00000000 ____D () C:\WINDOWS\SysWOW64\RTCOM
2014-02-12 21:53 - 2014-02-12 21:53 - 00000264 _____ () C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job
2014-02-12 21:53 - 2014-02-12 21:53 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf
2014-02-12 21:53 - 2014-02-12 21:53 - 00000000 ____D () C:\Program Files\Synaptics
2014-02-12 21:53 - 2014-02-12 21:53 - 00000000 ____D () C:\Program Files\Realtek
2014-02-12 21:53 - 2014-02-12 21:53 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
2014-02-12 21:53 - 2014-02-12 21:53 - 00000000 ____D () C:\Program Files\AMD
2014-02-12 21:53 - 2014-02-12 21:53 - 00000000 ____D () C:\AMD
2014-02-12 21:53 - 2014-02-12 21:53 - 00000000 _____ () C:\WINDOWS\ativpsrm.bin
2014-02-08 20:48 - 2014-02-08 20:48 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-02-08 20:48 - 2014-02-08 20:48 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
 
==================== One Month Modified Files and Folders =======
 
2014-03-10 10:02 - 2014-03-10 10:02 - 00020676 _____ () C:\Users\Chris\Downloads\FRST.txt
2014-03-10 10:02 - 2014-03-10 10:01 - 00000000 ____D () C:\FRST
2014-03-10 10:00 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\sru
2014-03-10 09:58 - 2014-02-17 09:55 - 00000918 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-10 09:49 - 2014-02-16 15:46 - 00003934 _____ () C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{71C90436-0DC2-4100-ADD3-85086799674D}
2014-03-10 09:47 - 2013-03-19 23:20 - 00000360 _____ () C:\WINDOWS\Tasks\Xerox PhotoCafe Communicator.job
2014-03-10 09:44 - 2014-03-10 09:44 - 02157056 _____ (Farbar) C:\Users\Chris\Downloads\FRST64.exe
2014-03-10 09:41 - 2014-03-08 14:08 - 00282080 _____ () C:\WINDOWS\WindowsUpdate.log
2014-03-10 09:33 - 2014-03-10 09:33 - 00144321 _____ () C:\Users\Chris\Desktop\Oops! Google Chrome could not connect to www.google.htm
2014-03-10 09:33 - 2013-12-26 18:22 - 00000000 ____D () C:\Users\Chris\Desktop\Chris
2014-03-10 09:33 - 2013-11-14 03:28 - 00863592 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2014-03-10 08:57 - 2013-12-25 22:46 - 00003594 _____ () C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-82314938-1216361947-774549228-1001
2014-03-10 08:49 - 2014-02-15 18:02 - 00004980 _____ () C:\WINDOWS\System32\Tasks\Microsoft Office 15 Sync Maintenance for MYCOMPUTER-Chris MyComputer
2014-03-10 08:30 - 2013-03-19 23:06 - 00000000 ____D () C:\ProgramData\WinClon
2014-03-10 08:29 - 2014-02-17 09:55 - 00000914 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-10 08:28 - 2014-03-10 08:28 - 00000000 ___RD () C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2014-03-10 08:28 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\ELAM
2014-03-10 08:27 - 2014-02-13 22:46 - 00000000 __RDO () C:\Users\Chris\SkyDrive
2014-03-10 08:27 - 2013-08-22 10:45 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-03-10 08:26 - 2013-08-22 09:25 - 00262144 ___SH () C:\WINDOWS\system32\config\BBI
2014-03-10 08:19 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\AppReadiness
2014-03-09 19:20 - 2014-02-17 09:58 - 00003344 _____ () C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-82314938-1216361947-774549228-1001
2014-03-09 19:20 - 2014-02-17 09:58 - 00003286 _____ () C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-82314938-1216361947-774549228-1001
2014-03-08 00:59 - 2014-02-17 14:51 - 00000000 ____D () C:\Users\Chris\AppData\Local\NPE
2014-03-08 00:51 - 2014-02-12 22:00 - 00000000 ____D () C:\Users\Chris
2014-03-08 00:45 - 2014-02-13 00:50 - 00000000 ___DC () C:\WINDOWS\Panther
2014-03-08 00:45 - 2013-12-26 01:50 - 00000000 ____D () C:\Users\Chris\AppData\Local\CrashDumps
2014-03-08 00:44 - 2014-03-08 00:44 - 04765152 _____ (Piriform Ltd) C:\Users\Chris\Downloads\ccsetup411.exe
2014-03-08 00:44 - 2014-03-08 00:44 - 00002772 _____ () C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2014-03-08 00:44 - 2014-03-08 00:44 - 00000834 _____ () C:\Users\Public\Desktop\CCleaner.lnk
2014-03-08 00:44 - 2014-03-08 00:44 - 00000000 ____D () C:\Program Files\CCleaner
2014-03-08 00:24 - 2014-03-08 00:24 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_lgvzandnetadb_01005.Wdf
2014-03-07 17:05 - 2014-02-18 01:46 - 00000000 ____D () C:\Users\Chris\Desktop\Scanners
2014-03-07 17:04 - 2014-03-07 17:04 - 04110135 _____ () C:\Users\Chris\Downloads\tdsskiller (1).zip
2014-03-07 15:56 - 2014-03-07 15:56 - 00000000 ____D () C:\WINDOWS\Minidump
2014-03-06 19:40 - 2014-03-06 19:40 - 00002198 _____ () C:\Users\Chris\Desktop\SpyHunter.lnk
2014-03-06 19:40 - 2014-02-18 00:35 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2014-03-06 19:40 - 2014-02-18 00:34 - 00000000 ____D () C:\WINDOWS\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-03-06 19:38 - 2014-03-06 19:38 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Chris\Downloads\SpyHunter-Installer (1).exe
2014-03-06 19:35 - 2014-02-17 16:46 - 00000831 _____ () C:\WINDOWS\system32\Drivers\etc\hosts.txt
2014-03-06 19:33 - 2014-03-06 19:33 - 00991232 _____ () C:\Users\Chris\Downloads\MicrosoftFixit50267.msi
2014-02-28 13:34 - 2013-12-27 12:16 - 00000000 ____D () C:\Users\Chris\Desktop\36229
2014-02-24 19:49 - 2014-02-24 19:49 - 00000000 ____D () C:\ProgramData\Atheros
2014-02-24 19:48 - 2014-02-24 19:48 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Atheros
2014-02-23 20:16 - 2014-02-23 20:13 - 00000000 ____D () C:\Program Files\Common Files\QCA_Bluetooth
2014-02-23 20:14 - 2014-02-23 20:13 - 00000000 ____D () C:\Program Files (x86)\Bluetooth Suite
2014-02-23 20:11 - 2014-02-23 20:11 - 00000000 ____D () C:\WINDOWS\LastGood.Tmp
2014-02-23 20:11 - 2014-02-12 21:53 - 00000000 ____D () C:\WINDOWS\SysWOW64\RTCOM
2014-02-23 16:46 - 2013-03-19 23:08 - 00000000 ____D () C:\ProgramData\Adobe
2014-02-23 10:54 - 2013-12-25 22:40 - 00000000 ____D () C:\Users\Chris\AppData\Local\Adobe
2014-02-23 10:54 - 2013-12-25 22:37 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Adobe
2014-02-20 21:53 - 2014-02-17 09:55 - 00003890 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-20 21:53 - 2014-02-17 09:55 - 00003654 _____ () C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-18 02:16 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\NDF
2014-02-18 02:12 - 2014-02-18 02:12 - 10820032 _____ (SurfRight B.V.) C:\Users\Chris\Downloads\HitmanPro_x64.exe
2014-02-18 02:11 - 2014-02-18 02:11 - 25640672 _____ (Microsoft Corporation) C:\Users\Chris\Downloads\Windows-KB890830-x64-V5.9.exe
2014-02-18 01:31 - 2013-12-25 22:34 - 00000000 ____D () C:\Users\Chris\AppData\Local\VirtualStore
2014-02-18 01:30 - 2014-02-18 01:30 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2014-02-18 01:30 - 2014-02-18 01:30 - 00000000 ____D () C:\Program Files (x86)\Trend Micro
2014-02-18 00:48 - 2013-03-19 23:16 - 00000000 ____D () C:\ProgramData\PopCap Games
2014-02-18 00:36 - 2014-02-18 00:36 - 00000000 _____ () C:\autoexec.bat
2014-02-18 00:35 - 2014-02-18 00:35 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-02-18 00:28 - 2014-02-18 00:27 - 04102163 _____ () C:\Users\Chris\Downloads\tdsskiller.zip
2014-02-17 23:37 - 2014-02-17 23:37 - 02237968 _____ (Kaspersky Lab ZAO) C:\Users\Chris\Downloads\tdsskiller.exe
2014-02-17 23:36 - 2014-02-17 23:36 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Chris\Downloads\SpyHunter-Installer.exe
2014-02-17 23:23 - 2014-02-17 23:23 - 01402880 _____ () C:\Users\Chris\Downloads\HijackThis.msi
2014-02-17 19:02 - 2014-02-17 19:02 - 00000000 ____D () C:\ProgramData\boost_interprocess
2014-02-17 17:00 - 2013-08-22 11:38 - 00693240 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2014-02-17 17:00 - 2013-08-22 11:38 - 00105464 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-17 16:57 - 2013-12-26 00:59 - 00000000 ____D () C:\Users\Chris\AppData\Local\Google
2014-02-17 14:52 - 2013-03-19 22:57 - 00000000 ____D () C:\ProgramData\Norton
2014-02-17 10:03 - 2014-02-17 09:56 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Real
2014-02-17 10:03 - 2014-02-17 09:54 - 00000000 ____D () C:\ProgramData\Real
2014-02-17 09:58 - 2014-02-17 09:58 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\RealNetworks
2014-02-17 09:58 - 2014-02-17 09:58 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Google
2014-02-17 09:58 - 2014-02-17 09:58 - 00000000 ____D () C:\Users\Chris\AppData\Local\Real
2014-02-17 09:58 - 2014-02-17 09:58 - 00000000 ____D () C:\ProgramData\Google
2014-02-17 09:58 - 2014-02-17 09:58 - 00000000 ____D () C:\Program Files\Google
2014-02-17 09:58 - 2014-02-17 09:58 - 00000000 ____D () C:\Program Files (x86)\GUMFFE1.tmp
2014-02-17 09:58 - 2013-12-26 00:59 - 00000000 ____D () C:\Program Files (x86)\Google
2014-02-17 09:57 - 2014-02-17 09:57 - 00000000 ____D () C:\ProgramData\RealNetworks
2014-02-17 09:57 - 2014-02-17 09:57 - 00000000 ____D () C:\Program Files (x86)\RealNetworks
2014-02-17 09:57 - 2014-02-17 09:56 - 00000000 ____D () C:\Program Files (x86)\Real
2014-02-17 09:56 - 2014-02-17 09:56 - 00272896 _____ (Progressive Networks) C:\WINDOWS\SysWOW64\pncrt.dll
2014-02-17 09:56 - 2014-02-17 09:56 - 00201872 _____ (RealNetworks, Inc.) C:\WINDOWS\SysWOW64\rmoc3260.dll
2014-02-17 09:56 - 2014-02-17 09:56 - 00006656 _____ (RealNetworks, Inc.) C:\WINDOWS\SysWOW64\pndx5016.dll
2014-02-17 09:56 - 2014-02-17 09:56 - 00005632 _____ (RealNetworks, Inc.) C:\WINDOWS\SysWOW64\pndx5032.dll
2014-02-17 09:56 - 2013-03-19 23:16 - 00499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp71.dll
2014-02-17 09:56 - 2013-03-19 23:16 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr71.dll
2014-02-17 02:19 - 2014-02-16 18:39 - 00000000 ____D () C:\Program Files\Level Quality Watcher
2014-02-17 01:56 - 2013-12-28 00:47 - 00000000 ____D () C:\WINDOWS\system32\MRT
2014-02-17 01:54 - 2013-12-28 00:47 - 88567024 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2014-02-16 23:48 - 2014-02-16 23:48 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Malwarebytes
2014-02-16 23:48 - 2014-02-16 23:48 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-02-16 23:48 - 2014-02-16 23:48 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-16 22:56 - 2014-02-16 18:51 - 00000000 ____D () C:\ProgramData\MFAData
2014-02-16 22:54 - 2012-07-26 04:12 - 00000000 ___HD () C:\WINDOWS\ELAMBKUP
2014-02-16 20:29 - 2014-01-20 22:28 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-02-16 20:26 - 2014-01-25 23:21 - 00000085 _____ () C:\WINDOWS\wininit.ini
2014-02-16 20:25 - 2014-02-16 18:48 - 00000000 ____D () C:\Program Files (x86)\DSPRobotics
2014-02-16 19:46 - 2013-12-25 22:38 - 00000000 ___RD () C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-16 19:13 - 2014-02-16 19:13 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\AVAST Software
2014-02-16 19:04 - 2014-02-16 19:04 - 00334136 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2014-02-16 19:04 - 2014-02-16 19:04 - 00043152 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2014-02-16 19:03 - 2014-02-16 19:03 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-02-16 19:03 - 2014-02-16 19:03 - 00000000 ____D () C:\Program Files\AVAST Software
2014-02-16 19:01 - 2014-01-20 22:28 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-02-16 18:55 - 2014-02-16 18:55 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\TuneUp Software
2014-02-16 18:51 - 2014-02-16 18:51 - 00000000 ____D () C:\Users\Chris\AppData\Local\MFAData
2014-02-16 18:49 - 2014-02-16 18:49 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Image-Line
2014-02-16 18:48 - 2014-02-16 18:48 - 00000000 ____D () C:\Users\Chris\Documents\Image-Line
2014-02-16 18:48 - 2014-02-16 18:48 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2014-02-16 18:48 - 2014-02-16 18:48 - 00000000 ____D () C:\Users\Chris\AppData\Roaming\FlowStone
2014-02-16 18:48 - 2014-02-16 18:48 - 00000000 ____D () C:\Program Files\Image-Line
2014-02-16 18:48 - 2014-02-16 18:42 - 00000000 ____D () C:\Program Files (x86)\Image-Line
2014-02-15 17:44 - 2013-12-25 23:55 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-02-15 17:34 - 2014-02-15 17:34 - 00572088 _____ (Microsoft Corporation) C:\Users\Chris\Downloads\Setup.X86.en-US_HomeStudentRetail_91abd698-863c-4359-b33d-828201b7117f_TX_PR_.exe
2014-02-15 17:08 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\restore
2014-02-13 22:47 - 2014-02-13 22:47 - 00000000 ____D () C:\WINDOWS\System32\Tasks\Norton Internet Security
2014-02-13 22:46 - 2013-12-26 00:35 - 00000000 ___RD () C:\Users\Chris\SkyDrive.old
2014-02-13 22:46 - 2013-12-25 22:34 - 00000000 ____D () C:\Users\Chris\AppData\Local\Packages
2014-02-13 22:45 - 2014-02-13 22:45 - 00002060 _____ () C:\Users\Public\Desktop\Support Center.lnk
2014-02-13 22:39 - 2014-02-13 22:39 - 00001438 _____ () C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-02-13 22:39 - 2013-12-25 22:38 - 00000000 ___RD () C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-02-13 22:38 - 2014-02-13 22:38 - 00000020 ___SH () C:\Users\Chris\ntuser.ini
2014-02-13 22:38 - 2013-12-28 15:41 - 00003234 _____ () C:\WINDOWS\System32\Tasks\Norton WSC Integration
2014-02-13 00:49 - 2013-08-22 11:36 - 00262144 _____ () C:\WINDOWS\system32\config\BCD-Template
2014-02-13 00:48 - 2014-02-13 00:48 - 01113040 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2014-02-13 00:48 - 2014-02-13 00:48 - 00835584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2014-02-13 00:48 - 2014-02-13 00:48 - 00787968 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2014-02-13 00:48 - 2014-02-13 00:48 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdrm.dll
2014-02-13 00:48 - 2014-02-13 00:48 - 00548864 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2014-02-13 00:48 - 2014-02-13 00:48 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2014-02-13 00:48 - 2014-02-13 00:48 - 00444928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdrm.dll
2014-02-13 00:48 - 2014-02-13 00:48 - 00393216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPhoto.dll
2014-02-13 00:48 - 2014-02-13 00:48 - 00348160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPhoto.dll
2014-02-13 00:48 - 2014-02-13 00:48 - 00075360 _____ (Microsoft Corporation) C:\WINDOWS\system32\imagehlp.dll
2014-02-13 00:48 - 2014-02-13 00:48 - 00070680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\imagehlp.dll
2014-02-13 00:47 - 2014-02-13 00:47 - 03395920 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2014-02-13 00:47 - 2014-02-13 00:47 - 00848384 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSShared.dll
2014-02-13 00:47 - 2014-02-13 00:47 - 00695808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSShared.dll
2014-02-13 00:47 - 2014-02-13 00:47 - 00249856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-02-13 00:47 - 2014-02-13 00:47 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSClient.dll
2014-02-13 00:47 - 2014-02-13 00:47 - 00197120 _____ (Microsoft Corporation) C:\WINDOWS\system32\scrrun.dll
2014-02-13 00:47 - 2014-02-13 00:47 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-02-13 00:47 - 2014-02-13 00:47 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSClient.dll
2014-02-13 00:47 - 2014-02-13 00:47 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\scrrun.dll
2014-02-13 00:47 - 2014-02-13 00:47 - 00138240 _____ () C:\WINDOWS\system32\OEMLicense.dll
2014-02-13 00:47 - 2014-02-13 00:47 - 00103936 _____ () C:\WINDOWS\SysWOW64\OEMLicense.dll
2014-02-13 00:47 - 2014-02-13 00:47 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSCollect.exe
2014-02-13 00:47 - 2014-02-13 00:47 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe
2014-02-13 00:47 - 2014-02-13 00:47 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe
2014-02-13 00:47 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\WinStore
2014-02-13 00:46 - 2014-02-13 00:46 - 23170048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2014-02-13 00:46 - 2014-02-13 00:46 - 17103872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2014-02-13 00:46 - 2014-02-13 00:46 - 13051392 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2014-02-13 00:46 - 2014-02-13 00:46 - 11266048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2014-02-13 00:46 - 2014-02-13 00:46 - 05768704 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2014-02-13 00:46 - 2014-02-13 00:46 - 04244480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2014-02-13 00:46 - 2014-02-13 00:46 - 02765824 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2014-02-13 00:46 - 2014-02-13 00:46 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2014-02-13 00:46 - 2014-02-13 00:46 - 02724864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2014-02-13 00:46 - 2014-02-13 00:46 - 02334208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2014-02-13 00:46 - 2014-02-13 00:46 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2014-02-13 00:46 - 2014-02-13 00:46 - 02041856 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2014-02-13 00:46 - 2014-02-13 00:46 - 01964032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2014-02-13 00:46 - 2014-02-13 00:46 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2014-02-13 00:46 - 2014-02-13 00:46 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2014-02-13 00:46 - 2014-02-13 00:46 - 01156096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2014-02-13 00:46 - 2014-02-13 00:46 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2014-02-13 00:46 - 2014-02-13 00:46 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2014-02-13 00:46 - 2014-02-13 00:46 - 00703488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2014-02-13 00:46 - 2014-02-13 00:46 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2014-02-13 00:46 - 2014-02-13 00:46 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2014-02-13 00:46 - 2014-02-13 00:46 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2014-02-13 00:46 - 2014-02-13 00:46 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2014-02-13 00:46 - 2014-02-13 00:46 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2014-02-13 00:46 - 2014-02-13 00:46 - 00240128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2014-02-13 00:46 - 2014-02-13 00:46 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2014-02-13 00:46 - 2014-02-13 00:46 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll
2014-02-13 00:46 - 2014-02-13 00:46 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll
2014-02-13 00:46 - 2014-02-13 00:46 - 00139264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieUnatt.exe
2014-02-13 00:46 - 2014-02-13 00:46 - 00112128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieUnatt.exe
2014-02-13 00:46 - 2014-02-13 00:46 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollector.exe
2014-02-13 00:46 - 2014-02-13 00:46 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2014-02-13 00:46 - 2014-02-13 00:46 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iesetup.dll
2014-02-13 00:46 - 2014-02-13 00:46 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2014-02-13 00:46 - 2014-02-13 00:46 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieetwproxystub.dll
2014-02-13 00:46 - 2014-02-13 00:46 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwproxystub.dll
2014-02-13 00:46 - 2014-02-13 00:46 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2014-02-13 00:46 - 2014-02-13 00:46 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2014-02-13 00:46 - 2014-02-13 00:46 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iernonce.dll
2014-02-13 00:46 - 2014-02-13 00:46 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieetwcollectorres.dll
2014-02-13 00:44 - 2014-02-13 00:44 - 13209088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2014-02-13 00:44 - 2014-02-13 00:44 - 11702272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2014-02-13 00:44 - 2014-02-13 00:44 - 07416832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2014-02-13 00:44 - 2014-02-13 00:44 - 04961792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2014-02-13 00:44 - 2014-02-13 00:44 - 04217344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncEngine.dll
2014-02-13 00:44 - 2014-02-13 00:44 - 02804224 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2014-02-13 00:44 - 2014-02-13 00:44 - 01462216 _____ (Microsoft Corporation) C:\WINDOWS\system32\propsys.dll
2014-02-13 00:44 - 2014-02-13 00:44 - 01202888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\propsys.dll
2014-02-13 00:44 - 2014-02-13 00:44 - 01105408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2014-02-13 00:44 - 2014-02-13 00:44 - 01020928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2014-02-13 00:44 - 2014-02-13 00:44 - 00919040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2014-02-13 00:44 - 2014-02-13 00:44 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDrive.exe
2014-02-13 00:44 - 2014-02-13 00:44 - 00830976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2014-02-13 00:44 - 2014-02-13 00:44 - 00720384 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2014-02-13 00:44 - 2014-02-13 00:44 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2014-02-13 00:44 - 2014-02-13 00:44 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveShell.dll
2014-02-13 00:44 - 2014-02-13 00:44 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbici.dll
2014-02-13 00:44 - 2014-02-13 00:44 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SkyDriveShell.dll
2014-02-13 00:44 - 2014-02-13 00:44 - 00009701 _____ () C:\WINDOWS\SysWOW64\connectedsearch-results.searchconnector-ms
2014-02-13 00:44 - 2014-02-13 00:44 - 00009701 _____ () C:\WINDOWS\system32\connectedsearch-results.searchconnector-ms
2014-02-13 00:44 - 2013-08-22 11:36 - 00000000 ___RD () C:\WINDOWS\ToastData
2014-02-13 00:44 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\MediaViewer
2014-02-13 00:44 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\FileManager
2014-02-13 00:44 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\Camera
2014-02-13 00:43 - 2014-02-13 00:43 - 21196664 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 18642504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 18577920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 13925888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 04604416 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 04191232 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2014-02-13 00:43 - 2014-02-13 00:43 - 03936256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 03210528 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 02804528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 02617344 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 02551128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2014-02-13 00:43 - 2014-02-13 00:43 - 02397184 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 02142936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 02131120 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 02071552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 01928144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 01503232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 01415680 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 01399176 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 01374384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 01371312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 01227264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 01204968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 01119064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2014-02-13 00:43 - 2014-02-13 00:43 - 00980480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mispace.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 00834048 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 00809872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 00764856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 00745336 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 00744448 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 00669344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 00663680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 00637952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2014-02-13 00:43 - 2014-02-13 00:43 - 00589824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 00552624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleaut32.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 00513536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 00479744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2014-02-13 00:43 - 2014-02-13 00:43 - 00470016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\system32\XpsGdiConverter.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 00403456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2014-02-13 00:43 - 2014-02-13 00:43 - 00385614 _____ () C:\WINDOWS\system32\ApnDatabase.xml
2014-02-13 00:43 - 2014-02-13 00:43 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XpsGdiConverter.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\msieftp.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msieftp.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 00263168 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 00218112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Graphics.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceregistration.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ipnat.sys
2014-02-13 00:43 - 2014-02-13 00:43 - 00142680 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2014-02-13 00:43 - 2014-02-13 00:43 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 00032088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ploptin.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\bi.dll
2014-02-13 00:43 - 2014-02-13 00:43 - 00019456 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BtaMPM.sys
2014-02-13 00:43 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\Dism
2014-02-13 00:43 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\Dism
2014-02-13 00:41 - 2014-02-13 00:41 - 02152448 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2014-02-13 00:41 - 2014-02-13 00:41 - 01317376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2014-02-13 00:40 - 2014-02-13 00:40 - 07399256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2014-02-13 00:40 - 2014-02-13 00:40 - 02896896 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2014-02-13 00:40 - 2014-02-13 00:40 - 02570240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2014-02-13 00:40 - 2014-02-13 00:40 - 02266624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2014-02-13 00:40 - 2014-02-13 00:40 - 02143744 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2014-02-13 00:40 - 2014-02-13 00:40 - 02140888 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2014-02-13 00:40 - 2014-02-13 00:40 - 01843712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Display.dll
2014-02-13 00:40 - 2014-02-13 00:40 - 01816576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Display.dll
2014-02-13 00:40 - 2014-02-13 00:40 - 01765384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2014-02-13 00:40 - 2014-02-13 00:40 - 01765376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2014-02-13 00:40 - 2014-02-13 00:40 - 01756160 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2014-02-13 00:40 - 2014-02-13 00:40 - 01642016 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2014-02-13 00:40 - 2014-02-13 00:40 - 01530200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2014-02-13 00:40 - 2014-02-13 00:40 - 01506680 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2014-02-13 00:40 - 2014-02-13 00:40 - 01476184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2014-02-13 00:40 - 2014-02-13 00:40 - 01391104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2014-02-13 00:40 - 2014-02-13 00:40 - 01345536 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2014-02-13 00:40 - 2014-02-13 00:40 - 01302528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2014-02-13 00:40 - 2014-02-13 00:40 - 00922624 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2014-02-13 00:40 - 2014-02-13 00:40 - 00747008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2014-02-13 00:40 - 2014-02-13 00:40 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2014-02-13 00:40 - 2014-02-13 00:40 - 00544768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2014-02-13 00:40 - 2014-02-13 00:40 - 00516496 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2014-02-13 00:40 - 2014-02-13 00:40 - 00406400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2014-02-13 00:40 - 2014-02-13 00:40 - 00382808 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2014-02-13 00:40 - 2014-02-13 00:40 - 00372568 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2014-02-13 00:40 - 2014-02-13 00:40 - 00358896 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2014-02-13 00:40 - 2014-02-13 00:40 - 00325464 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2014-02-13 00:40 - 2014-02-13 00:40 - 00254464 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2014-02-13 00:40 - 2014-02-13 00:40 - 00225792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2014-02-13 00:40 - 2014-02-13 00:40 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2014-02-13 00:40 - 2014-02-13 00:40 - 00146776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\SerCx2.sys
2014-02-13 00:40 - 2014-02-13 00:40 - 00086872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2014-02-13 00:40 - 2014-02-13 00:40 - 00039768 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelpep.sys
2014-02-13 00:40 - 2014-02-13 00:40 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredentialMigrationHandler.dll
2014-02-13 00:40 - 2014-02-13 00:40 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredentialMigrationHandler.dll
2014-02-13 00:39 - 2014-02-13 00:39 - 00262144 _____ () C:\WINDOWS\system32\config\userdiff
2014-02-13 00:37 - 2014-02-13 00:37 - 00000000 ____D () C:\Program Files\Reference Assemblies
2014-02-13 00:37 - 2014-02-13 00:37 - 00000000 ____D () C:\Program Files\MSBuild
2014-02-13 00:37 - 2014-02-13 00:37 - 00000000 ____D () C:\Program Files (x86)\Reference Assemblies
2014-02-13 00:37 - 2014-02-13 00:37 - 00000000 ____D () C:\Program Files (x86)\MSBuild
2014-02-12 22:22 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\rescache
2014-02-12 22:20 - 2014-02-12 21:59 - 00020958 _____ () C:\WINDOWS\diagwrn.xml
2014-02-12 22:20 - 2014-02-12 21:59 - 00020958 _____ () C:\WINDOWS\diagerr.xml
2014-02-12 22:20 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\Registration
2014-02-12 22:19 - 2014-02-12 22:19 - 00022744 _____ () C:\WINDOWS\system32\emptyregdb.dat
2014-02-12 22:14 - 2013-08-22 11:36 - 00000000 __RSD () C:\WINDOWS\Media
2014-02-12 22:13 - 2013-08-22 11:36 - 00000000 __RHD () C:\Users\Public\Libraries
2014-02-12 22:10 - 2013-08-22 10:44 - 03487184 _____ () C:\WINDOWS\system32\FNTCACHE.DAT
2014-02-12 22:06 - 2013-11-14 03:14 - 00000000 ____D () C:\WINDOWS\SysWOW64\WCN
2014-02-12 22:06 - 2013-11-14 03:14 - 00000000 ____D () C:\WINDOWS\SysWOW64\sysprep
2014-02-12 22:06 - 2013-11-14 03:14 - 00000000 ____D () C:\WINDOWS\system32\WCN
2014-02-12 22:06 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\MUI
2014-02-12 22:06 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\migwiz
2014-02-12 22:06 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\IME
2014-02-12 22:06 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\WinBioPlugIns
2014-02-12 22:06 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\spool
2014-02-12 22:06 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\MUI
2014-02-12 22:06 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\IME
2014-02-12 22:06 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\SysWOW64\SMI
2014-02-12 22:06 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\Sysprep
2014-02-12 22:06 - 2013-08-22 09:36 - 00000000 ____D () C:\WINDOWS\system32\oobe
2014-02-12 22:06 - 2013-03-19 22:50 - 00000000 ____D () C:\WINDOWS\SysWOW64\sda
2014-02-12 22:06 - 2012-07-26 01:37 - 00000000 ____D () C:\Users\Default.migrated
2014-02-12 22:05 - 2014-01-26 19:15 - 00000000 ____D () C:\ProgramData\regid.1986-12.com.adobe
2014-02-12 22:05 - 2013-08-22 11:43 - 00000000 ____D () C:\WINDOWS\DigitalLocker
2014-02-12 22:05 - 2013-08-22 11:36 - 00000000 __SHD () C:\Program Files\Windows Sidebar
2014-02-12 22:05 - 2013-08-22 11:36 - 00000000 __SHD () C:\Program Files (x86)\Windows Sidebar
2014-02-12 22:05 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\PolicyDefinitions
2014-02-12 22:05 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\IME
2014-02-12 22:05 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\Help
2014-02-12 22:05 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Common Files\System
2014-02-12 22:05 - 2013-08-22 11:36 - 00000000 ____D () C:\Program Files\Common Files\microsoft shared
2014-02-12 22:05 - 2013-03-19 23:20 - 00000000 ____D () C:\WINDOWS\fr
2014-02-12 22:05 - 2013-03-19 23:20 - 00000000 ____D () C:\WINDOWS\es
2014-02-12 22:05 - 2013-03-19 23:19 - 00000000 ____D () C:\WINDOWS\en
2014-02-12 22:05 - 2012-08-05 17:11 - 00000000 ____D () C:\ProgramData\PRICache
2014-02-12 22:01 - 2014-02-12 22:01 - 00000000 ____D () C:\WINDOWS\system32\config\bbimigrate
2014-02-12 22:01 - 2014-02-12 22:00 - 00000000 ___RD () C:\Users\Chris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-02-12 22:01 - 2013-08-22 11:36 - 00000000 ____D () C:\WINDOWS\system32\Recovery
2014-02-12 21:56 - 2014-02-13 00:50 - 00000000 __SHD () C:\Recovery
2014-02-12 21:54 - 2014-02-12 21:54 - 00000000 ____D () C:\WINDOWS\system32\SRSLabs
2014-02-12 21:53 - 2014-02-12 21:53 - 00000264 _____ () C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job
2014-02-12 21:53 - 2014-02-12 21:53 - 00000000 ____H () C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01009.Wdf
2014-02-12 21:53 - 2014-02-12 21:53 - 00000000 ____D () C:\Program Files\Synaptics
2014-02-12 21:53 - 2014-02-12 21:53 - 00000000 ____D () C:\Program Files\Realtek
2014-02-12 21:53 - 2014-02-12 21:53 - 00000000 ____D () C:\Program Files\Common Files\ATI Technologies
2014-02-12 21:53 - 2014-02-12 21:53 - 00000000 ____D () C:\Program Files\AMD
2014-02-12 21:53 - 2014-02-12 21:53 - 00000000 ____D () C:\AMD
2014-02-12 21:53 - 2014-02-12 21:53 - 00000000 _____ () C:\WINDOWS\ativpsrm.bin
2014-02-12 21:51 - 2013-08-22 09:36 - 00000000 __RHD () C:\Users\Default
2014-02-12 20:51 - 2012-07-26 04:12 - 00000000 ____D () C:\WINDOWS\AUInstallAgent
2014-02-08 20:48 - 2014-02-08 20:48 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-02-08 20:48 - 2014-02-08 20:48 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
 
Files to move or delete:
====================
C:\ProgramData\MakeMarkerFile.exe
C:\Users\EasySurvey\EasySurvey.exe
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
 
LastRegBack: 2014-03-07 16:07
 
==================== End Of Log ============================

#6 collfopp

collfopp

    New Member

  • Authentic Member
  • Pip
  • 19 posts

Posted 10 March 2014 - 08:08 AM

Here is the addition.txt log:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 09-03-2014 02
Ran by Chris at 2014-03-10 10:03:23
Running from C:\Users\Chris\Downloads
Boot Mode: Normal
==========================================================
 
 
==================== Security Center ========================
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Norton Internet Security (Disabled - Out of date) {63DF5164-9100-186D-2187-8DC619EFD8BF}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton Internet Security (Disabled - Out of date) {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton Internet Security (Disabled) {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
 
==================== Installed Programs ======================
 
Adobe Photoshop Elements 11 (HKLM-x32\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 11 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Reader X (10.1.3) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.3 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 12.5.100.20912 - Advanced Micro Devices, Inc.) Hidden
AMD APP SDK Runtime (Version: 10.0.938.2 - Advanced Micro Devices Inc.) Hidden
AMD Catalyst Install Manager (HKLM\...\{403A4E7A-D239-04D8-6A3D-31DD203C018D}) (Version: 8.0.881.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 3.3.26.0 - AppEx Networks)
AMD VISION Engine Control Center (x32 Version: 2012.0912.1709.28839 - Advanced Micro Devices, Inc.) Hidden
Bitcasa version 0.9.20.4133 (HKLM\...\{EDA09459-AD7D-4434-BA0C-647F6703EA12}_is1) (Version: 0.9.20.4133 - Bitcasa Inc.)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2012.0912.1709.28839 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2012.0912.1709.28839 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2012.0912.1708.28839 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2012.0912.1708.28839 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2012.0912.1708.28839 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2012.0912.1708.28839 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2012.0912.1708.28839 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2012.0912.1708.28839 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2012.0912.1708.28839 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2012.0912.1708.28839 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2012.0912.1708.28839 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2012.0912.1708.28839 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2012.0912.1708.28839 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2012.0912.1708.28839 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2012.0912.1708.28839 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2012.0912.1708.28839 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2012.0912.1708.28839 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2012.0912.1708.28839 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2012.0912.1708.28839 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2012.0912.1708.28839 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2012.0912.1708.28839 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2012.0912.1708.28839 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2012.0912.1708.28839 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2012.0912.1708.28839 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2012.0912.1709.28839 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.1912 - CyberLink Corp.)
CyberLink Power2Go 8 (x32 Version: 8.0.0.1912 - CyberLink Corp.) Hidden
CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4421.02 - CyberLink Corp.)
CyberLink PowerDVD 10 (x32 Version: 10.0.4421.02 - CyberLink Corp.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Easy File Share (HKLM-x32\...\{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}) (Version: 1.3.6 - Samsung Electronics CO.,LTD.)
Elements 11 Organizer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.)
Galería de fotos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.146 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.4805.320 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
Help Desk (HKLM\...\{AEC9D273-E162-4614-83F1-722B8C74B185}) (Version: 1.0.96 - Samsung Electronics CO., LTD.)
HiJackThis (HKLM-x32\...\{45A66726-69BC-466B-A7A4-12FCBA4883D7}) (Version: 1.0.0 - Trend Micro)
Java 7 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417051FF}) (Version: 7.0.510 - Oracle)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217051FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
LG VZW United Drivers (HKLM-x32\...\{E86DE69E-A94E-41B6-8661-7372FCA1A83C}) (Version: 2.13.0 - LG Electronics)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Office 365 Home Premium - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4551.1512 - Microsoft Corporation)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4551.1512 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20913.0 - Microsoft Corporation)
Microsoft SkyDrive (HKCU\...\SkyDriveSetup.exe) (Version: 17.0.2015.0811 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1108.0727 - Microsoft) Hidden
Norton Internet Security (HKLM-x32\...\NIS) (Version: 20.4.0.40 - Symantec Corporation)
Norton Online Backup (HKLM-x32\...\{40A66DF6-22D3-44B5-A7D3-83B118A2C0DC}) (Version: 2.2.3.51 - Symantec Corporation)
Norton Online Backup ARA (x32 Version: 4.1.0.14 - Symantec Corporation) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4551.1512 - Microsoft Corporation) Hidden
Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
PSE11 STI Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.306 - Qualcomm Atheros Communications)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
RealDownloader (x32 Version: 1.3.3 - RealNetworks, Inc.) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
RealPlayer (HKLM-x32\...\RealPlayer 16.0) (Version: 16.0.3 - RealNetworks)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6702 - Realtek Semiconductor Corp.)
Realtek USB 2.0 Card Reader (HKLM-x32\...\{96AE7E41-E34E-47D0-AC07-1091A8127911}) (Version: 6.1.8400.39030 - Realtek Semiconductor Corp.)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Recovery (HKLM-x32\...\{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}) (Version: 6.0.10.0 - Samsung Electronics CO., LTD.)
S Agent (Version: 1.1.45 - Samsung Electronics CO., LTD.) Hidden
Settings (HKLM-x32\...\{8CB5C357-12E5-41B1-A024-D57D4E6F32D9}) (Version: 2.0.1 - Samsung Electronics CO., LTD.)
SpyHunter (HKLM\...\{ACF5FE1B-3772-4068-8B87-2D2A6EFD0A05}) (Version: 4.17.6.4336 - Enigma Software Group USA, LLC)
Support Center (HKLM\...\{843A1BDC-0879-4E5B-83E1-B81CC0CF3580}) (Version: 2.1.1201 - Samsung Electronics CO., LTD.)
Support Center FAQ (x32 Version: 1.0.11 - Samsung Electronics CO., LTD.) Hidden
SW Update (HKLM-x32\...\{DA06101F-FD76-4BF0-88BD-B26A197005E3}) (Version: 2.1.21 - Samsung Electronics CO., LTD.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 16.2.14.2 - Synaptics Incorporated)
TrueCrypt (HKLM-x32\...\TrueCrypt) (Version: 7.1a - TrueCrypt Foundation)
User Guide (HKLM-x32\...\{C7588111-1A12-4EFE-8CA0-DA4344480D92}) (Version: 1.4.00 - Samsung Electronics CO., LTD.)
Windows Live (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Communications Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden
Xerox PhotoCafe (HKLM-x32\...\Xerox PhotoCafe) (Version: 1.0.0.6162 - Xerox)
 
==================== Restore Points  =========================
 
18-02-2014 04:34:49 Installed SpyHunter
22-02-2014 22:48:11 Windows Update
07-03-2014 20:30:24 Scheduled Checkpoint
 
==================== Hosts content: ==========================
 
2014-03-06 19:40 - 2014-03-06 19:40 - 00000000 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
==================== Scheduled Tasks (whitelisted) =============
 
Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {1CA09CCC-A667-4B9B-A1DC-9B7DE545AD41} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-82314938-1216361947-774549228-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate
Task: {2FD46301-97F6-4475-87EA-8D342693E733} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-02-15] (Microsoft Corporation)
Task: {32A1F99D-5040-46DE-8489-0C86F9FCF97F} - System32\Tasks\Microsoft Office 15 Sync Maintenance for MYCOMPUTER-Chris MyComputer => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-02-15] (Microsoft Corporation)
Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation)
Task: {36FB3A21-26F6-4258-AFBB-CD98AF7D9657} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2012-11-30] (Samsung Electronics CO., LTD.)
Task: {3B306019-83AF-4D5C-8E0E-A5B15DDCC642} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\system32\tzsync.exe [2013-08-22] (Microsoft Corporation)
Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance
Task: {61CE24F2-A578-4C9B-A47A-792A2DDA04A7} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-10-31] (Microsoft Corporation)
Task: {64F5A0BD-F7B4-4FE3-AAC8-E84E97F0550E} - System32\Tasks\advRecovery => C:\Program Files\Samsung\Recovery\WCScheduler.exe [2013-08-23] (SEC)
Task: {6AA78402-C358-4CE7-B1FD-253E0B2A02B4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-17] (Google Inc.)
Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup
Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task
Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {79BCC31A-CCF3-4DB8-B801-B89D17708FD8} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-82314938-1216361947-774549228-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe [2013-08-14] (RealNetworks, Inc.)
Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task
Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask
Task: {96C93D04-93FF-4742-B8CF-28D5B31C6046} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-02-20] (Piriform Ltd)
Task: {9C500BC9-B962-49B8-9C57-758480F043ED} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-17] (Google Inc.)
Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work
Task: {B7145980-A40E-4BFC-8BC0-B3830A4BB61A} - System32\Tasks\Synaptics TouchPad Enhancements => \Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-10-16] (Synaptics Incorporated)
Task: {B983B3D1-3081-49C3-BCF9-CFC605C05E8E} - System32\Tasks\Xerox PhotoCafe Communicator => C:\ProgramData\Xerox PhotoCafe\MessageCheck.exe [2011-10-26] ()
Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask
Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization
Task: {DFC89976-E889-4F92-B953-7D1FDC9A5F7C} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\SymErr.exe [2013-06-03] (Symantec Corporation)
Task: {E268AC53-B8F6-40A4-BDBE-156A662CEF5F} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2013-10-16] (Samsung Electronics CO., LTD.)
Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE
Task: {F0979D06-CDCD-42E7-ADC0-7E4B8FA24E2F} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\WSCStub.exe [2013-06-04] (Symantec Corporation)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
Task: C:\WINDOWS\Tasks\Xerox PhotoCafe Communicator.job => C:\ProgramData\Xerox PhotoCafe\MessageCheck.exe
 
==================== Loaded Modules (whitelisted) =============
 
2014-01-16 13:18 - 2013-10-31 10:07 - 00377000 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2rui.dll
2014-01-16 13:18 - 2013-10-31 10:08 - 00520872 _____ () C:\Program Files\Microsoft Office 15\ClientX64\c2r64.dll
2014-01-16 13:18 - 2013-10-31 10:07 - 00618152 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2013-08-14 16:19 - 2013-08-14 16:19 - 00039056 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
2012-11-30 03:26 - 2012-11-30 03:26 - 00082312 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe
2014-01-14 18:59 - 2014-02-15 17:49 - 08866472 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2013-09-25 04:04 - 2013-09-25 04:04 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2013-09-25 04:01 - 2013-09-25 04:01 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll
2013-09-25 04:08 - 2013-09-25 04:08 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe
2013-10-16 23:15 - 2013-10-16 23:15 - 00088624 _____ () C:\Program Files\Samsung\S Agent\ToastX64.dll
2012-11-30 03:26 - 2012-11-30 03:26 - 00028792 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll
2012-11-30 03:26 - 2012-11-30 03:26 - 01068664 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll
2012-11-30 03:26 - 2012-11-30 03:26 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll
2012-11-30 03:26 - 2012-11-30 03:26 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll
2012-11-30 03:26 - 2012-11-30 03:26 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll
2012-11-30 03:26 - 2012-11-30 03:26 - 00026744 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll
2012-11-30 03:26 - 2012-11-30 03:26 - 00110712 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll
2012-11-30 03:26 - 2012-11-30 03:26 - 00060536 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll
2012-11-30 03:26 - 2012-11-30 03:26 - 00103032 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll
2013-03-19 23:18 - 2012-06-07 23:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-07 22:34 - 2012-06-07 22:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2013-12-27 23:24 - 2012-05-30 02:51 - 00699280 ____R () C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY\ENGINE\20.4.0.40\wincfi39.dll
2013-12-26 00:18 - 2014-02-15 17:50 - 00316584 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2014-01-14 18:59 - 2014-02-15 17:50 - 00359592 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\c2r32.dll
2014-03-05 19:01 - 2014-03-01 22:35 - 00051016 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\chrome_elf.dll
2014-03-05 19:01 - 2014-03-01 22:35 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\libglesv2.dll
2014-03-05 19:01 - 2014-03-01 22:35 - 00100168 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\libegl.dll
2014-03-05 19:01 - 2014-03-01 22:35 - 04061000 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\pdf.dll
2014-03-05 19:01 - 2014-03-01 22:35 - 00394568 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll
2014-03-05 19:01 - 2014-03-01 22:35 - 01647432 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ffmpegsumo.dll
2013-12-27 23:24 - 2012-05-30 02:51 - 00699280 ____R () C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\wincfi39.dll
2014-03-05 19:01 - 2014-03-01 22:35 - 13632840 _____ () C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (whitelisted) =========
 
AlternateDataStreams: C:\Users\Chris\SkyDrive:ms-properties
 
==================== Safe Mode (whitelisted) ===================
 
 
==================== Disabled items from MSCONFIG ==============
 
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/09/2014 00:51:54 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005
 
Error: (03/08/2014 02:28:07 PM) (Source: Customer Experience Improvement Program) (User: )
Description: 80070005
 
Error: (03/07/2014 04:11:15 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (03/07/2014 04:07:45 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"1".
Dependent Assembly rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.
 
Error: (03/07/2014 09:44:53 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: MYCOMPUTER)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (03/07/2014 09:42:48 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: MYCOMPUTER)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (03/07/2014 09:42:48 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: MYCOMPUTER)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (03/07/2014 09:42:48 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: MYCOMPUTER)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (03/07/2014 09:42:48 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: MYCOMPUTER)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (03/06/2014 07:34:14 PM) (Source: MsiInstaller) (User: MYCOMPUTER)
Description: Product: Microsoft Fix it 50267 -- This Microsoft Fix it does not apply to your operating system or application version.
 
 
System errors:
=============
Error: (03/10/2014 10:00:00 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (03/10/2014 08:27:22 AM) (Source: Service Control Manager) (User: )
Description: The OutfoxTvService service failed to start due to the following error: 
%%2
 
Error: (03/10/2014 08:27:13 AM) (Source: Service Control Manager) (User: )
Description: The AppEx Networks Accelerator LWF service failed to start due to the following error: 
%%31
 
Error: (03/10/2014 08:27:13 AM) (Source: APXACC) (User: )
Description: The NDIS6 LWF initialization has failed. (0xC0000001)
 
Error: (03/09/2014 00:34:54 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (03/08/2014 02:11:18 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (03/08/2014 00:52:44 AM) (Source: Service Control Manager) (User: )
Description: The OutfoxTvService service failed to start due to the following error: 
%%2
 
Error: (03/08/2014 00:52:35 AM) (Source: Service Control Manager) (User: )
Description: The AppEx Networks Accelerator LWF service failed to start due to the following error: 
%%31
 
Error: (03/08/2014 00:52:35 AM) (Source: APXACC) (User: )
Description: The NDIS6 LWF initialization has failed. (0xC0000001)
 
Error: (03/07/2014 03:56:46 PM) (Source: Service Control Manager) (User: )
Description: The OutfoxTvService service failed to start due to the following error: 
%%2
 
 
Microsoft Office Sessions:
=========================
Error: (03/09/2014 00:51:54 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005
 
Error: (03/08/2014 02:28:07 PM) (Source: Customer Experience Improvement Program)(User: )
Description: 80070005
 
Error: (03/07/2014 04:11:15 PM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe
 
Error: (03/07/2014 04:07:45 PM) (Source: SideBySide)(User: )
Description: rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0"C:\Windows\Installer\{C8E8D2E3-EF6A-4B1D-A09E-7B27EBE2F3CE}\recordingmanager.exe
 
Error: (03/07/2014 09:44:53 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: MYCOMPUTER)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927142
 
Error: (03/07/2014 09:42:48 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: MYCOMPUTER)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927142
 
Error: (03/07/2014 09:42:48 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: MYCOMPUTER)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927142
 
Error: (03/07/2014 09:42:48 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: MYCOMPUTER)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927142
 
Error: (03/07/2014 09:42:48 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: MYCOMPUTER)
Description: microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1-2144927142
 
Error: (03/06/2014 07:34:14 PM) (Source: MsiInstaller)(User: MYCOMPUTER)
Description: Product: Microsoft Fix it 50267 -- This Microsoft Fix it does not apply to your operating system or application version.(NULL)(NULL)(NULL)(NULL)(NULL)
 
 
==================== Memory info =========================== 
 
Percentage of memory in use: 48%
Total physical RAM: 3547.08 MB
Available physical RAM: 1838.44 MB
Total Pagefile: 8667.08 MB
Available Pagefile: 6756.22 MB
Total Virtual: 131072 MB
Available Virtual: 131071.79 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:667.56 GB) (Free:616.61 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 699 GB) (Disk ID: 834B9B22)
 
Partition: GPT Partition Type.
 
==================== End Of Log ============================

#7 collfopp

collfopp

    New Member

  • Authentic Member
  • Pip
  • 19 posts

Posted 10 March 2014 - 08:26 AM

ark.txt log:

 

GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-03-10 10:25:37
Windows 6.2.9200  x64 \Device\Harddisk0\DR0 -> \Device\0000001f TOSHIBA_MQ01ABD075 rev.AX002F 698.64GB
Running: zizvn77t.exe; Driver: C:\Users\Chris\AppData\Local\Temp\axloiuog.sys
 
 
---- Threads - GMER 2.1 ----
 
Thread   C:\WINDOWS\system32\csrss.exe [716:740]                                                                                                                                                                                                                 fffff960008dd4d0
Thread   C:\WINDOWS\system32\svchost.exe [1484:2868]                                                                                                                                                                                                             00007ffed0df4608
Thread   C:\WINDOWS\system32\svchost.exe [1484:2880]                                                                                                                                                                                                             00007ffed0dc1584
Thread   C:\WINDOWS\system32\svchost.exe [1484:3056]                                                                                                                                                                                                             00007ffed0aa1b30
Thread   C:\WINDOWS\Explorer.EXE [3044:4900]                                                                                                                                                                                                                     00000001800116c0
Thread   C:\WINDOWS\Explorer.EXE [3044:4904]                                                                                                                                                                                                                     00000001800116c0
Thread   C:\WINDOWS\Explorer.EXE [3044:2716]                                                                                                                                                                                                                     00007ffec8e98c54
Thread   C:\Windows\System32\SettingSyncHost.exe [5344:5440]                                                                                                                                                                                                     00007ffed1894b30
---- Processes - GMER 2.1 ----
 
Library  C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\mso.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE [4344]                                     000000006dc80000
Library  C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\csi.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE [4344]                                     0000000068860000
Library  C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\ACEOLEDB.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE [4344]                                0000000068810000
Library  C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\mso.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [4464]                                                                                      000000006dc80000
Library  C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\riched20.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [4464]                                                                                 0000000067ee0000
Library  C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\MSPTLS.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [4464]                                                                                   0000000067dc0000
Library  C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\csi.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [4464]                                                                                      0000000068860000
Library  C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE15\ACEOLEDB.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [4464]                                                                                 0000000068810000
Library  C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\ACECORE.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [4464]                                                                                  0000000068590000
Library  C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\1033\ACEWSTR.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [4464]                                                                             00000000684b0000
Library  C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\ACEES.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [4464]                                                                                    0000000068410000
Library  C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\VBAJET32.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [4464]                                                                                 0000000071800000
Library  C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\expsrv.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [4464]                                                                                   00000000683b0000
Library  C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\ACEERR.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [4464]                                                                                   0000000074400000
Library  C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\BASHDefs\20140214.001\BHEngine.dll (*** suspicious ***) @ C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [3656] (FILE NOT FOUND)  0000000065ab0000
Library  C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.0.24\Definitions\IPSDefs\20140221.001\IDSxpx86.dll (*** suspicious ***) @ C:\Program Files (x86)\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe [3656] (FILE NOT FOUND)   0000000065000000
 
---- Disk sectors - GMER 2.1 ----
 
Disk     \Device\Harddisk0\DR0                                                                                                                                                                                                                                   unknown MBR code
 
---- EOF - GMER 2.1 ----

#8 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 10 March 2014 - 08:49 AM

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.


Proud Member of UNITE & TB
 

#9 collfopp

collfopp

    New Member

  • Authentic Member
  • Pip
  • 19 posts

Posted 10 March 2014 - 09:15 AM

When attempting to run Combofix I receive a message "Combofix is not meant to run in compatibility mode"

I am running windows 8.1.


#10 collfopp

collfopp

    New Member

  • Authentic Member
  • Pip
  • 19 posts

Posted 10 March 2014 - 10:20 AM

The program will not run. Any suggestions. A quick search produced information that combofix does not currently run on windows 8.1.


    Advertisements

Register to Remove

#11 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 10 March 2014 - 10:23 AM

I´m sorry, I didn´t get you´re running 8.1.

 

 

Fix with FRST (normal mode)

  • Open notepad (Start =>All Programs => Accessories => Notepad).
  • Please copy the entire contents of the code box below.
    (To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
  • Save it to the same direction as frst.exe (or frst64.exe) as fixlist.txt.

    S2 OutfoxTvService; C:\Program Files\OutfoxTV\OutfoxTvService.exe [X]

C:\ProgramData\MakeMarkerFile.exe
C:\Users\EasySurvey
C:\Program Files\Level Quality Watcher
C:\Program Files\OutfoxTV

CMD: ipconfig /flushdns
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Run frst.exe (on 64bit, run frst64.exe) and press the Fix button just once and wait.
  • The tool will make a log (Fixlog.txt) which you find where you saved FRST. Please post it to your reply.

 

 

Full System Scan with Malwarebytes Antimalware

  • If not existing, please download Malwarebytes' Anti-Malware to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.


If the program is already installed:
  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

 

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 

#12 collfopp

collfopp

    New Member

  • Authentic Member
  • Pip
  • 19 posts

Posted 10 March 2014 - 10:33 AM

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 09-03-2014 02
Ran by Chris at 2014-03-10 12:33:05 Run:1
Running from C:\Users\Chris\Downloads
Boot Mode: Normal
==============================================
 
Content of fixlist:
*****************
S2 OutfoxTvService; C:\Program Files\OutfoxTV\OutfoxTvService.exe [X]
 
C:\ProgramData\MakeMarkerFile.exe
C:\Users\EasySurvey
C:\Program Files\Level Quality Watcher
C:\Program Files\OutfoxTV
 
CMD: ipconfig /flushdns
*****************
 
OutfoxTvService => Service deleted successfully.
C:\ProgramData\MakeMarkerFile.exe => Moved successfully.
C:\Users\EasySurvey => Moved successfully.
C:\Program Files\Level Quality Watcher => Moved successfully.
"C:\Program Files\OutfoxTV" => File/Directory not found.
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
==== End of Fixlog ====

#13 collfopp

collfopp

    New Member

  • Authentic Member
  • Pip
  • 19 posts

Posted 10 March 2014 - 02:30 PM

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.03.10.06
 
Windows 8 x64 NTFS
Internet Explorer 11.0.9600.16518
Chris :: MYCOMPUTER [administrator]
 
3/10/2014 1:41:53 PM
mbam-log-2014-03-10 (13-41-53).txt
 
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 372650
Time elapsed: 55 minute(s), 32 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)

#14 collfopp

collfopp

    New Member

  • Authentic Member
  • Pip
  • 19 posts

Posted 10 March 2014 - 05:25 PM

This is from ESET:

 

C:\Users\Chris\Downloads\ccsetup411.exe Win32/Bundled.Toolbar.Google.D potentially unsafe application


#15 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 11 March 2014 - 06:02 AM

 

C:\Users\Chris\Downloads\ccsetup411.exe

Delete this file.

 

 

 

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[S1].txt also

 

 

 

Delete junk with JRT

thisisujrt.gif Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


Proud Member of UNITE & TB
 

Related Topics

Back to Virus, Spyware & Malware Removal · Next Unread Topic →

Also tagged with one or more of these keywords: google, redirect, malware, ngix, 404 not found

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. What the Tech
  2. Spyware / Malware / Virus Removal
  3. Virus, Spyware & Malware Removal
  4. Privacy Policy
  5. Terms of Use ·