Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 91819 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

Fake 'Flash Updater' from utube. [Solved]


  • This topic is locked This topic is locked
20 replies to this topic

#1 AlsoKnownAs

AlsoKnownAs

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 03 April 2014 - 02:01 PM

Hi, and Thank You for any help that may be offered.

 

So, I was on YouTube and in a momentary lapse of consciousness, Clicked the fake flash updater.

Then, when it dissapeared, I went back and clicked it again. :blush:

 

I ended up with a computer that wouldn't boot even to safe mode.

 

I have two laptops, so I researched with the good one and learned some things to try.

I had an emergency boot disc and was able to boot with it, and after much time and trials, seem to have the computer working... albeit with some glitches.

 

Mainly, none of my pictures will display in any 'microsoft' product. ie photo gallery, IE.

Photos will display in Firefox, and Paint -(which I guess is MS).

 

I have lots of photos and many other files which I wish to keep. So many that I'm not sure how to ensure that they are saved if I have to do a reinstall. Even though I have backed up to an external HD.

 

Anyway, I have searched for fix to photo gallery problems without success at restoring viewing functionality.

 

Is there any help for this problem?

 

Thank You

AKA


    Advertisements

Register to Remove


#2 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 04 April 2014 - 04:59 AM

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 

 

 

Scan with FRST (Recovery Environment)


To run FRST on Vista and Windows7:



Plug the flashdrive into the infected PC.

Enter System Recovery Options.


To enter System Recovery Options from the Advanced Boot Options:

  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.



To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Choose your language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.


On the System Recovery Options menu you will get the following options:

  • Startup Repair
  • System Restore
  • Windows Complete PC Restore
  • Windows Memory Diagnostic Tool
  • Command Prompt
  • Select Command Prompt


  • In the command window:
  • type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
  • Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.

It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.


Proud Member of UNITE & TB
 

#3 AlsoKnownAs

AlsoKnownAs

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 04 April 2014 - 09:08 AM

Hey Marius,

Thank You Very Much for your help.

 

I need to inform you that prior to utilizing this site, I performed a bunch of repair/removal attempts on my own.

I now know that it was wrong to run all these repair attempts unassisted. But I wanted to see if I could fix my own mistake on my own. All the 'help' sites have repair software at the top of their page which is tempting...

 

I have a couple sets of log files from OTL. 

One from the time I first got my computer to boot and run after problems began. I had run MBAM. 3-27-14

Another from the following day, after attempting more fixes. 3-28-14

Another, after attempting more fixes. 4-3-14

 

I also have a CBS SUR.rtf file. I think this was part of one of the repair programs.

 

Are you interested in these txt docs?

 

In addition to MBAM, I have run AVAST free, adwcleaner, AVG free, tweaking.comrepair, Combofix.

I ran update and installed a LOAD of updates that I had avoided due to a previous update problem.

I also ran some MS.fixit carp** from the microsoft site, thinking that they would have repairs for their own products.

 

Thank You again for offering to help with my problems on my computer.

KC

 



#4 AlsoKnownAs

AlsoKnownAs

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 04 April 2014 - 10:17 AM

FRST files...

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Human Bean (administrator) on HUMANBEAN-PC on 04-04-2014 12:04:24
Running from G:\
Windows Vista ™ Home Premium Service Pack 2 (X64) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Safe Mode (minimal)

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\cmd.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Windows Defender] - C:\Program Files\Windows Defender\MSASCui.exe [1584184 2008-01-20] (Microsoft Corporation)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - C:\Windows\KHALMNPR.EXE [242192 2008-02-29] (Logitech, Inc.)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [1840720 2007-04-03] (CANON INC.)
HKLM\...\Run: [WrtMon.exe] - C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe [20480 2006-09-20] ()
HKLM\...\Run: [Apoint] - C:\Program Files\DellTPad\Apoint.exe [384296 2010-04-05] (Alps Electric Co., Ltd.)
HKLM\...\Run: [SysTrayApp] - C:\Program Files\IDT\WDM\sttray64.exe [441344 2008-09-17] (IDT, Inc.)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [37296 2011-06-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SSBkgdUpdate] - C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [OpwareSE4] - C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe [79400 2007-02-04] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [417792 2009-09-05] (Apple Inc.)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [44128 2013-05-08] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [642664 2013-05-08] (Adobe Systems Inc.)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM-x32\...\Run: [AVG_UI] - C:\Program Files (x86)\AVG\AVG2014\avgui.exe [4971024 2014-03-19] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Runonce: [AvgUninstallURL] - cmd.exe /c start http://www.avg.com/w...0"&"ver=9.0.894 [X]
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-636150604-2833345171-3525813516-1000\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [138240 2008-01-20] (Microsoft Corporation)
HKU\S-1-5-21-636150604-2833345171-3525813516-1000\...\Run: [Akamai NetSession Interface] - "C:\Users\Human Bean\AppData\Local\Akamai\netsession_win.exe"
HKU\S-1-5-21-636150604-2833345171-3525813516-1000\...\Run: [RoboForm] - C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [160592 2013-01-16] (Siber Systems)
HKU\S-1-5-21-636150604-2833345171-3525813516-1000\...\MountPoints2: {0b84a374-c89d-11de-a731-806e6f6e6963} - H:\VZAccess_Manager.exe /z detect
HKU\S-1-5-21-636150604-2833345171-3525813516-1000\...\MountPoints2: {0b84a3f9-c89d-11de-a731-0023ae07b1e9} - G:\VZAccess_Manager.exe /z detect
HKU\S-1-5-21-636150604-2833345171-3525813516-1000\...\MountPoints2: {ef0015b5-cddf-11dd-b5b2-806e6f6e6963} - F:\setup.exe
Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)
Startup: C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dell Dock First Run.lnk
ShortcutTarget: Dell Dock First Run.lnk -> C:\Program Files\Dell\DellDock\DellDock.exe (Stardock Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.myway.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.c...rch/search.html
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...=ie&ar=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...B_PVER}&ar=home
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.co...=us&ibd=5081219
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {9D9717C4-F4E4-485E-980A-48BC1E790553} URL = http://search.yahoo....&p={searchTerms}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: No Name - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
BHO-x32: No Name - {CA6319C0-31B7-401E-A518-A07C3DB8F777} -  No File
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} -  No File
Toolbar: HKLM-x32 - &RoboForm - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files (x86)\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKCU - No Name - {724D43A0-0D85-11D4-9908-00400523E39A} -  No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
DPF: HKLM-x32 {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab
DPF: HKLM-x32 {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab
DPF: HKLM-x32 {C237A80A-4C55-4C68-BAA9-CBE4408D12B2} http://download.sp.f.../fslauncher.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} -  No File
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} -  No File
Handler-x32: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - C:\Program Files (x86)\Intuit\QuickBooks 2009\HelpAsyncPluggableProtocol.dll (Intuit, Inc.)
Handler-x32: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - C:\Windows\SysWOW64\mscoree.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Human Bean\AppData\Roaming\Mozilla\Firefox\Profiles\wbcsun6x.default
FF DefaultSearchEngine: Yahoo
FF SelectedSearchEngine: Yahoo
FF Homepage: hxxp://my.myway.com/
FF Keyword.URL: hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=937811&ilc=12&p=
FF NetworkProxy: "type", 2
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin-x32: @pack.google.com/Google Updater;version=14 - C:\Program Files (x86)\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Acrobat - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll (Apple Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)
FF Extension: Microsoft .NET Framework Assistant - C:\Users\Human Bean\AppData\Roaming\Mozilla\Firefox\Profiles\wbcsun6x.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2013-10-24]
FF HKLM\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
FF HKLM-x32\...\Firefox\Extensions: [{22119944-ED35-4ab1-910B-E619EA06A115}] - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox
FF Extension: AI Roboform Toolbar for Firefox - C:\Program Files (x86)\Siber Systems\AI RoboForm\Firefox [2009-01-15]
FF HKLM-x32\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []
FF HKLM-x32\...\Thunderbird\Extensions: [eplgTb@eset.com] - C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR DefaultSearchURL: {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR Extension: (YouTube) - C:\Users\Human Bean\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-03-15]
CHR Extension: (Google Search) - C:\Users\Human Bean\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-03-15]
CHR Extension: (avast! WebRep) - C:\Users\Human Bean\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda [2012-03-15]
CHR Extension: (Gmail) - C:\Users\Human Bean\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-03-15]

==================== Services (Whitelisted) =================

S2 AESTFilters; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_d14bcbef\AESTSr64.exe [86016 2008-09-17] (Andrea Electronics Corporation)
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG2014\avgidsagent.exe [3782672 2014-02-23] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG2014\avgwdsvc.exe [348008 2013-09-24] (AVG Technologies CZ, s.r.o.)
S2 GsServer; C:\Program Files\Siber Systems\GoodSync\Gs-Server.exe [5575896 2012-10-23] ()
S2 gupdate1ca30fbb9027130; C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [133104 2009-09-08] (Google Inc.)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-03-05] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [857912 2014-03-05] (Malwarebytes Corporation)
S3 NtmsSvc; C:\Windows\system32\ntmssvc.dll [521216 2008-01-20] (Microsoft Corporation)
S2 SNMP; C:\Windows\System32\snmp.exe [49664 2009-04-11] (Microsoft Corporation)
S2 SNMP; C:\Windows\SysWOW64\snmp.exe [47616 2009-04-10] (Microsoft Corporation)
S2 STacSV; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_d14bcbef\STacSV64.exe [251904 2008-09-17] (IDT, Inc.)
S2 VZWConfigService; C:\Program Files (x86)\Novatel Wireless\LTE Support\VZWMSConfig.exe [169472 2011-02-11] (Novatel Wireless Inc.)
S2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [427008 2010-04-21] (Microsoft Corporation)
S4 wltrysvc; C:\Windows\System32\bcmwltry.exe [2930688 2008-11-20] (Dell Inc.)
S2 yksvc; RUNDLL32.EXE ykx64coinst,serviceStartProc [X]

==================== Drivers (Whitelisted) ====================

U5 AppMgmt; C:\Windows\system32\svchost.exe [27648 2008-01-20] (Microsoft Corporation)
S1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [150808 2013-11-25] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [243480 2013-11-25] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [196376 2013-11-25] (AVG Technologies CZ, s.r.o.)
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [212280 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [294712 2013-10-31] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [123704 2013-10-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [31544 2013-09-10] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [251192 2013-08-01] (AVG Technologies CZ, s.r.o.)
S3 DFX11_1; C:\Windows\System32\drivers\dfx11_1x64.sys [28008 2012-12-13] (Windows ® Win 7 DDK provider)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-03-05] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63192 2014-03-05] (Malwarebytes Corporation)
S3 moufiltr; C:\Windows\System32\DRIVERS\moufiltr.sys [7168 2006-12-26] (Chic)
S2 npf; C:\Windows\System32\drivers\npf.sys [40464 2009-03-15] (CACE Technologies)
S3 NWRmNet_022; C:\Windows\System32\DRIVERS\NWRmNet_022.sys [295424 2011-03-01] (Novatel Wireless Inc.)
S3 NWUSBModem_022; C:\Windows\System32\DRIVERS\nwusbmdm_022.sys [217856 2011-03-01] (Novatel Wireless Inc.)
S3 NWUSBPort2_022; C:\Windows\System32\DRIVERS\nwusbser2_022.sys [217856 2011-03-01] (Novatel Wireless Inc.)
S3 NWUSBPort_022; C:\Windows\System32\DRIVERS\nwusbser_022.sys [217856 2011-03-01] (Novatel Wireless Inc.)
S3 OA009Ufd; C:\Windows\System32\DRIVERS\OA009Ufd.sys [169248 2008-10-06] (Creative Technology Ltd.)
S3 OA009Vid; C:\Windows\System32\DRIVERS\OA009Vid.sys [307456 2008-10-06] (Creative Technology Ltd.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 PTUMWBus; system32\DRIVERS\PTUMWBus.sys [X]
S3 PTUMWCSP; system32\DRIVERS\PTUMWCSP.sys [X]
S3 PTUMWFLT; system32\DRIVERS\PTUMWFLT.sys [X]
S3 PTUMWMdm; system32\DRIVERS\PTUMWMdm.sys [X]
S3 PTUMWNET; system32\DRIVERS\PTUMWNET.sys [X]
S3 PTUMWNSP; system32\DRIVERS\PTUMWNSP.sys [X]
S3 PTUMWVsp; system32\DRIVERS\PTUMWVsp.sys [X]

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2014-04-04 12:04 - 2014-04-04 12:04 - 00000000 ____D () C:\FRST
2014-04-04 11:11 - 2014-04-04 11:11 - 02157056 _____ (Farbar) C:\Users\Human Bean\Downloads\FRST64.exe
2014-04-01 17:15 - 2014-04-01 17:57 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2014-04-01 17:06 - 2014-04-01 17:06 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-HUMANBEAN-PC-Microsoft®-Windows-Vista™-Home-Premium-(64-bit).dat
2014-04-01 17:04 - 2014-04-01 17:04 - 00000000 ____D () C:\RegBackup
2014-04-01 17:00 - 2014-04-01 17:00 - 00117726 _____ () C:\Users\Human
2014-04-01 15:20 - 2014-04-01 15:20 - 00000000 ____D () C:\Program Files\7-Zip
2014-04-01 15:17 - 2014-04-01 15:18 - 01376768 _____ () C:\Users\Human Bean\Downloads\7z920-x64.msi
2014-04-01 13:25 - 2014-04-01 13:25 - 00001996 _____ () C:\Users\Human Bean\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-04-01 13:24 - 2014-04-01 13:24 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-03-31 23:20 - 2014-03-31 23:20 - 00000000 ____D () C:\Users\Human Bean\AppData\Local\{E53D6613-6B3D-438E-ACE0-31DE8CA53D33}
2014-03-31 16:42 - 2014-03-31 16:42 - 00000000 ____D () C:\Windows\en
2014-03-31 16:40 - 2014-03-31 16:40 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-03-31 16:39 - 2014-03-31 16:42 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-03-31 16:38 - 2014-03-31 16:39 - 00000000 ____D () C:\Program Files\Windows Live
2014-03-31 16:38 - 2014-03-31 16:38 - 00000000 ____D () C:\Windows\PCHEALTH
2014-03-31 15:49 - 2014-03-31 23:20 - 00000000 ____D () C:\Users\Human Bean\AppData\Local\Windows Live
2014-03-31 15:48 - 2009-08-04 04:12 - 01103872 _____ (Microsoft Corporation) C:\Windows\system32\webservices.dll
2014-03-31 15:48 - 2009-08-04 04:02 - 00754688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webservices.dll
2014-03-31 15:43 - 2014-04-01 17:42 - 00802402 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-03-31 15:36 - 2006-11-02 08:22 - 00525792 _____ (Microsoft Corporation) C:\Windows\system32\difxapi.dll
2014-03-31 13:49 - 2014-03-31 13:49 - 00000000 ____D () C:\Users\Human Bean\AppData\Local\Microsoft Corporation
2014-03-31 12:37 - 2012-06-02 10:57 - 00000003 _____ () C:\Windows\system32\Drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
2014-03-31 12:36 - 2012-07-25 23:08 - 00744448 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx.dll
2014-03-31 12:36 - 2012-07-25 23:08 - 00229888 _____ (Microsoft Corporation) C:\Windows\system32\WUDFHost.exe
2014-03-31 12:36 - 2012-07-25 23:08 - 00194048 _____ (Microsoft Corporation) C:\Windows\system32\WUDFPlatform.dll
2014-03-31 12:36 - 2012-07-25 23:08 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\WUDFSvc.dll
2014-03-31 12:36 - 2012-07-25 23:08 - 00045056 _____ (Microsoft Corporation) C:\Windows\system32\WUDFCoinstaller.dll
2014-03-31 12:36 - 2012-07-25 22:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFRd.sys
2014-03-31 12:36 - 2012-07-25 22:26 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WUDFPf.sys
2014-03-31 12:36 - 2009-07-14 08:19 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\winusb.dll
2014-03-31 12:36 - 2009-07-14 08:12 - 00016896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winusb.dll
2014-03-31 12:35 - 2013-04-17 09:04 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2014-03-31 12:35 - 2013-04-17 08:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2014-03-31 12:34 - 2012-11-22 00:22 - 00456192 _____ (Microsoft Corporation) C:\Windows\system32\shlwapi.dll
2014-03-31 12:34 - 2012-11-21 23:54 - 00353280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shlwapi.dll
2014-03-31 10:38 - 2014-03-31 10:49 - 00000000 ___SD () C:\ComboFix
2014-03-31 10:38 - 2014-03-31 10:38 - 00000000 ____D () C:\Qoobox
2014-03-31 10:38 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-03-31 10:38 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-03-31 10:38 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-03-31 10:38 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-03-31 10:38 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-03-31 10:38 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-03-31 10:38 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-03-31 10:38 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-03-31 10:36 - 2014-03-31 10:38 - 00000000 ___SD () C:\32788R22FWJFW
2014-03-31 10:36 - 2014-03-31 10:36 - 00000000 ____D () C:\Windows\erdnt
2014-03-31 10:33 - 2014-03-31 10:36 - 05192353 ____R (Swearware) C:\Users\Human Bean\Downloads\ComboFix.exe
2014-03-31 10:03 - 2014-03-31 13:37 - 00030337 _____ () C:\Windows\iis7.log
2014-03-31 10:00 - 2014-03-31 10:00 - 00000000 ____D () C:\Program Files\Windows Journal
2014-03-31 10:00 - 2014-03-31 10:00 - 00000000 ____D () C:\inetpub
2014-03-31 09:15 - 2014-03-31 09:15 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
2014-03-31 09:15 - 2014-03-31 09:15 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
2014-03-31 08:59 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_7.dll
2014-03-31 08:59 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_7.dll
2014-03-31 08:59 - 2010-06-02 04:55 - 00239960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_7.dll
2014-03-31 08:59 - 2010-06-02 04:55 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_7.dll
2014-03-31 08:59 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_5.dll
2014-03-31 08:59 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_5.dll
2014-03-31 08:59 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_43.dll
2014-03-31 08:59 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2014-03-31 08:59 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_43.dll
2014-03-31 08:59 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2014-03-31 08:59 - 2010-05-26 11:41 - 01907552 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_43.dll
2014-03-31 08:59 - 2010-05-26 11:41 - 01868128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_43.dll
2014-03-31 08:59 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2014-03-31 08:59 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2014-03-31 08:59 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2014-03-31 08:59 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2014-03-31 08:59 - 2010-02-04 10:01 - 00530776 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_6.dll
2014-03-31 08:59 - 2010-02-04 10:01 - 00528216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_6.dll
2014-03-31 08:59 - 2010-02-04 10:01 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_6.dll
2014-03-31 08:59 - 2010-02-04 10:01 - 00176984 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_6.dll
2014-03-31 08:59 - 2010-02-04 10:01 - 00078680 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_4.dll
2014-03-31 08:59 - 2010-02-04 10:01 - 00074072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_4.dll
2014-03-31 08:59 - 2010-02-04 10:01 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_7.dll
2014-03-31 08:59 - 2010-02-04 10:01 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_7.dll
2014-03-31 08:59 - 2009-09-04 17:44 - 00517960 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_5.dll
2014-03-31 08:59 - 2009-09-04 17:44 - 00515416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_5.dll
2014-03-31 08:59 - 2009-09-04 17:44 - 00238936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_5.dll
2014-03-31 08:59 - 2009-09-04 17:44 - 00176968 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_5.dll
2014-03-31 08:59 - 2009-09-04 17:44 - 00073544 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_3.dll
2014-03-31 08:59 - 2009-09-04 17:44 - 00069464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_3.dll
2014-03-31 08:59 - 2009-09-04 17:29 - 05554512 _____ (Microsoft Corporation) C:\Windows\system32\d3dcsx_42.dll
2014-03-31 08:59 - 2009-09-04 17:29 - 05501792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dcsx_42.dll
2014-03-31 08:59 - 2009-09-04 17:29 - 02582888 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_42.dll
2014-03-31 08:59 - 2009-09-04 17:29 - 02475352 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_42.dll
2014-03-31 08:59 - 2009-09-04 17:29 - 01974616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_42.dll
2014-03-31 08:59 - 2009-09-04 17:29 - 01892184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_42.dll
2014-03-31 08:59 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_42.dll
2014-03-31 08:59 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_42.dll
2014-03-31 08:59 - 2009-09-04 17:29 - 00285024 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_42.dll
2014-03-31 08:59 - 2009-09-04 17:29 - 00235344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_42.dll
2014-03-31 08:59 - 2009-03-16 14:18 - 00521560 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_4.dll
2014-03-31 08:59 - 2009-03-16 14:18 - 00517448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_4.dll
2014-03-31 08:59 - 2009-03-16 14:18 - 00235352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_4.dll
2014-03-31 08:59 - 2009-03-16 14:18 - 00174936 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_4.dll
2014-03-31 08:59 - 2009-03-16 14:18 - 00024920 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_6.dll
2014-03-31 08:59 - 2009-03-16 14:18 - 00022360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_6.dll
2014-03-31 08:59 - 2009-03-09 15:27 - 05425496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_41.dll
2014-03-31 08:59 - 2009-03-09 15:27 - 04178264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_41.dll
2014-03-31 08:59 - 2009-03-09 15:27 - 02430312 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_41.dll
2014-03-31 08:59 - 2009-03-09 15:27 - 01846632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_41.dll
2014-03-31 08:59 - 2009-03-09 15:27 - 00520544 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_41.dll
2014-03-31 08:59 - 2009-03-09 15:27 - 00453456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_41.dll
2014-03-31 08:59 - 2008-10-10 04:52 - 05631312 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_40.dll
2014-03-31 08:59 - 2008-10-10 04:52 - 04379984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_40.dll
2014-03-31 08:59 - 2008-10-10 04:52 - 02605920 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_40.dll
2014-03-31 08:59 - 2008-10-10 04:52 - 02036576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_40.dll
2014-03-31 08:59 - 2008-10-10 04:52 - 00519000 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_40.dll
2014-03-31 08:59 - 2008-10-10 04:52 - 00452440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_40.dll
2014-03-31 08:58 - 2008-10-27 10:04 - 00518480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_3.dll
2014-03-31 08:58 - 2008-10-27 10:04 - 00514384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_3.dll
2014-03-31 08:58 - 2008-10-27 10:04 - 00235856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_3.dll
2014-03-31 08:58 - 2008-10-27 10:04 - 00175440 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_3.dll
2014-03-31 08:58 - 2008-10-27 10:04 - 00074576 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_2.dll
2014-03-31 08:58 - 2008-10-27 10:04 - 00070992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_2.dll
2014-03-31 08:58 - 2008-10-27 10:04 - 00025936 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_5.dll
2014-03-31 08:58 - 2008-10-27 10:04 - 00023376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_5.dll
2014-03-31 08:58 - 2008-07-31 10:41 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_2.dll
2014-03-31 08:58 - 2008-07-31 10:41 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_2.dll
2014-03-31 08:58 - 2008-07-31 10:41 - 00072200 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_1.dll
2014-03-31 08:58 - 2008-07-31 10:41 - 00068616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_1.dll
2014-03-31 08:58 - 2008-07-31 10:40 - 00513544 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_2.dll
2014-03-31 08:58 - 2008-07-31 10:40 - 00509448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_2.dll
2014-03-31 08:58 - 2008-07-10 11:01 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_39.dll
2014-03-31 08:58 - 2008-07-10 11:00 - 04992520 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_39.dll
2014-03-31 08:58 - 2008-07-10 11:00 - 03851784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_39.dll
2014-03-31 08:58 - 2008-07-10 11:00 - 01942552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_39.dll
2014-03-31 08:58 - 2008-07-10 11:00 - 01493528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_39.dll
2014-03-31 08:58 - 2008-07-10 11:00 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_39.dll
2014-03-31 08:58 - 2008-05-30 14:19 - 00511496 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_1.dll
2014-03-31 08:58 - 2008-05-30 14:19 - 00507400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_1.dll
2014-03-31 08:58 - 2008-05-30 14:18 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_1.dll
2014-03-31 08:58 - 2008-05-30 14:18 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_1.dll
2014-03-31 08:58 - 2008-05-30 14:17 - 00068104 _____ (Microsoft Corporation) C:\Windows\system32\XAPOFX1_0.dll
2014-03-31 08:58 - 2008-05-30 14:17 - 00065032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAPOFX1_0.dll
2014-03-31 08:58 - 2008-05-30 14:17 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_4.dll
2014-03-31 08:58 - 2008-05-30 14:16 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_4.dll
2014-03-31 08:58 - 2008-05-30 14:11 - 04991496 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_38.dll
2014-03-31 08:58 - 2008-05-30 14:11 - 03850760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_38.dll
2014-03-31 08:58 - 2008-05-30 14:11 - 01941528 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_38.dll
2014-03-31 08:58 - 2008-05-30 14:11 - 01491992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_38.dll
2014-03-31 08:58 - 2008-05-30 14:11 - 00540688 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_38.dll
2014-03-31 08:58 - 2008-05-30 14:11 - 00467984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_38.dll
2014-03-31 08:58 - 2008-03-05 16:04 - 00489480 _____ (Microsoft Corporation) C:\Windows\system32\XAudio2_0.dll
2014-03-31 08:58 - 2008-03-05 16:03 - 00479752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\XAudio2_0.dll
2014-03-31 08:58 - 2008-03-05 16:03 - 00238088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine3_0.dll
2014-03-31 08:58 - 2008-03-05 16:03 - 00177672 _____ (Microsoft Corporation) C:\Windows\system32\xactengine3_0.dll
2014-03-31 08:58 - 2008-03-05 16:00 - 00028168 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_3.dll
2014-03-31 08:58 - 2008-03-05 16:00 - 00025608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_3.dll
2014-03-31 08:58 - 2008-03-05 15:56 - 04910088 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_37.dll
2014-03-31 08:58 - 2008-03-05 15:56 - 03786760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_37.dll
2014-03-31 08:58 - 2008-03-05 15:56 - 01860120 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_37.dll
2014-03-31 08:58 - 2008-03-05 15:56 - 01420824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_37.dll
2014-03-31 08:58 - 2008-02-05 23:07 - 00529424 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_37.dll
2014-03-31 08:58 - 2008-02-05 23:07 - 00462864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_37.dll
2014-03-31 08:58 - 2007-10-22 03:40 - 00411656 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_10.dll
2014-03-31 08:58 - 2007-10-22 03:39 - 00267272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_10.dll
2014-03-31 08:58 - 2007-10-22 03:37 - 00021000 _____ (Microsoft Corporation) C:\Windows\system32\X3DAudio1_2.dll
2014-03-31 08:58 - 2007-10-22 03:37 - 00017928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\X3DAudio1_2.dll
2014-03-31 08:58 - 2007-10-12 15:14 - 05081608 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_36.dll
2014-03-31 08:58 - 2007-10-12 15:14 - 03734536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_36.dll
2014-03-31 08:58 - 2007-10-12 15:14 - 02006552 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_36.dll
2014-03-31 08:58 - 2007-10-12 15:14 - 01374232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_36.dll
2014-03-31 08:58 - 2007-10-02 09:56 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_36.dll
2014-03-31 08:58 - 2007-10-02 09:56 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_36.dll
2014-03-31 08:58 - 2007-07-20 00:57 - 00411496 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_9.dll
2014-03-31 08:58 - 2007-07-20 00:57 - 00267112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_9.dll
2014-03-31 08:58 - 2007-07-19 18:14 - 05073256 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_35.dll
2014-03-31 08:58 - 2007-07-19 18:14 - 03727720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_35.dll
2014-03-31 08:58 - 2007-07-19 18:14 - 01985904 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_35.dll
2014-03-31 08:58 - 2007-07-19 18:14 - 01358192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_35.dll
2014-03-31 08:58 - 2007-07-19 18:14 - 00508264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_35.dll
2014-03-31 08:58 - 2007-07-19 18:14 - 00444776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_35.dll
2014-03-31 08:58 - 2007-06-20 20:49 - 00409960 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_8.dll
2014-03-31 08:58 - 2007-06-20 20:46 - 00266088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_8.dll
2014-03-31 08:58 - 2007-05-16 16:45 - 04496232 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_34.dll
2014-03-31 08:58 - 2007-05-16 16:45 - 03497832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_34.dll
2014-03-31 08:58 - 2007-05-16 16:45 - 01401200 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_34.dll
2014-03-31 08:58 - 2007-05-16 16:45 - 01124720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_34.dll
2014-03-31 08:58 - 2007-05-16 16:45 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_34.dll
2014-03-31 08:58 - 2007-05-16 16:45 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_34.dll
2014-03-31 08:58 - 2007-04-04 18:55 - 00403304 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_7.dll
2014-03-31 08:58 - 2007-04-04 18:55 - 00261480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_7.dll
2014-03-31 08:58 - 2007-04-04 18:54 - 00107368 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_3.dll
2014-03-31 08:58 - 2007-04-04 18:53 - 00081768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_3.dll
2014-03-31 08:58 - 2007-03-15 16:57 - 00506728 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_33.dll
2014-03-31 08:58 - 2007-03-15 16:57 - 00443752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_33.dll
2014-03-31 08:58 - 2007-03-12 16:42 - 04494184 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_33.dll
2014-03-31 08:58 - 2007-03-12 16:42 - 03495784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_33.dll
2014-03-31 08:58 - 2007-03-12 16:42 - 01400176 _____ (Microsoft Corporation) C:\Windows\system32\D3DCompiler_33.dll
2014-03-31 08:58 - 2007-03-12 16:42 - 01123696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DCompiler_33.dll
2014-03-31 08:58 - 2007-03-05 12:42 - 00017688 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_1.dll
2014-03-31 08:58 - 2007-03-05 12:42 - 00015128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_1.dll
2014-03-31 08:58 - 2007-01-24 15:27 - 00393576 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_6.dll
2014-03-31 08:58 - 2007-01-24 15:27 - 00255848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_6.dll
2014-03-31 08:58 - 2006-12-08 12:02 - 00251672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_5.dll
2014-03-31 08:58 - 2006-12-08 12:00 - 00390424 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_5.dll
2014-03-31 08:58 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_32.dll
2014-03-31 08:58 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_32.dll
2014-03-31 08:58 - 2006-11-29 13:06 - 00469264 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10.dll
2014-03-31 08:58 - 2006-11-29 13:06 - 00440080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10.dll
2014-03-31 08:58 - 2006-09-28 16:05 - 03977496 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_31.dll
2014-03-31 08:58 - 2006-09-28 16:05 - 02414360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_31.dll
2014-03-31 08:58 - 2006-09-28 16:05 - 00237848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_4.dll
2014-03-31 08:58 - 2006-09-28 16:04 - 00364824 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_4.dll
2014-03-31 08:58 - 2006-07-28 09:31 - 00083736 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_2.dll
2014-03-31 08:58 - 2006-07-28 09:30 - 00363288 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_3.dll
2014-03-31 08:58 - 2006-07-28 09:30 - 00236824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_3.dll
2014-03-31 08:58 - 2006-07-28 09:30 - 00062744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_2.dll
2014-03-31 08:58 - 2006-05-31 07:24 - 00230168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_2.dll
2014-03-31 08:58 - 2006-05-31 07:22 - 00354072 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_2.dll
2014-03-31 08:58 - 2006-03-31 12:41 - 03927248 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_30.dll
2014-03-31 08:58 - 2006-03-31 12:40 - 02388176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_30.dll
2014-03-31 08:58 - 2006-03-31 12:40 - 00352464 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_1.dll
2014-03-31 08:58 - 2006-03-31 12:39 - 00229584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_1.dll
2014-03-31 08:58 - 2006-03-31 12:39 - 00083664 _____ (Microsoft Corporation) C:\Windows\system32\xinput1_1.dll
2014-03-31 08:58 - 2006-03-31 12:39 - 00062672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xinput1_1.dll
2014-03-31 08:58 - 2006-02-03 08:43 - 03830992 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_29.dll
2014-03-31 08:58 - 2006-02-03 08:43 - 02332368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_29.dll
2014-03-31 08:58 - 2006-02-03 08:42 - 00355536 _____ (Microsoft Corporation) C:\Windows\system32\xactengine2_0.dll
2014-03-31 08:58 - 2006-02-03 08:42 - 00230096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\xactengine2_0.dll
2014-03-31 08:58 - 2006-02-03 08:41 - 00016592 _____ (Microsoft Corporation) C:\Windows\system32\x3daudio1_0.dll
2014-03-31 08:58 - 2006-02-03 08:41 - 00014032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\x3daudio1_0.dll
2014-03-31 08:58 - 2005-12-05 18:09 - 03815120 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_28.dll
2014-03-31 08:58 - 2005-12-05 18:09 - 02323664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_28.dll
2014-03-31 08:57 - 2014-03-31 23:09 - 00010849 _____ () C:\Windows\DirectX.log
2014-03-31 08:57 - 2005-07-22 19:59 - 03807440 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_27.dll
2014-03-31 08:57 - 2005-07-22 19:59 - 02319568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_27.dll
2014-03-31 08:57 - 2005-05-26 15:34 - 03767504 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_26.dll
2014-03-31 08:57 - 2005-05-26 15:34 - 02297552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_26.dll
2014-03-31 08:57 - 2005-03-18 17:19 - 03823312 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_25.dll
2014-03-31 08:57 - 2005-03-18 17:19 - 02337488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_25.dll
2014-03-31 08:57 - 2005-02-05 19:45 - 03544272 _____ (Microsoft Corporation) C:\Windows\system32\d3dx9_24.dll
2014-03-31 08:57 - 2005-02-05 19:45 - 02222800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx9_24.dll
2014-03-30 22:35 - 2014-03-31 08:59 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-03-30 22:35 - 2014-03-30 22:35 - 00292184 _____ (Microsoft Corporation) C:\Users\Human Bean\Downloads\dxwebsetup.exe
2014-03-30 22:33 - 2014-03-30 22:34 - 26437344 _____ (Microsoft Corporation) C:\Users\Human Bean\Downloads\Windows-KB890830-x64-V5.10(1).exe
2014-03-30 21:32 - 2014-03-30 22:23 - 08558080 _____ () C:\Users\Human Bean\Downloads\EMET Setup.msi
2014-03-30 21:12 - 2014-03-30 21:12 - 26437344 _____ (Microsoft Corporation) C:\Users\Human Bean\Downloads\Windows-KB890830-x64-V5.10.exe
2014-03-30 17:41 - 2014-03-30 17:41 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-30 17:41 - 2014-03-30 17:41 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-30 14:08 - 2014-03-30 14:08 - 00000000 ____D () C:\Users\Human Bean\AppData\Roaming\AVG2014
2014-03-30 14:06 - 2014-03-31 09:15 - 00000874 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-03-30 14:06 - 2014-03-30 14:06 - 00000000 ____D () C:\Users\Human Bean\AppData\Roaming\TuneUp Software
2014-03-30 14:04 - 2014-03-30 14:07 - 00000000 ____D () C:\ProgramData\AVG2014
2014-03-30 14:04 - 2014-03-30 14:04 - 00000000 ____D () C:\$AVG
2014-03-30 13:56 - 2014-03-30 17:44 - 00000000 ____D () C:\Users\Human Bean\AppData\Local\Avg2014
2014-03-30 13:56 - 2014-03-30 13:56 - 00000000 ____D () C:\Users\Human Bean\AppData\Local\MFAData
2014-03-30 13:01 - 2014-03-30 13:03 - 00000000 ____D () C:\AdwCleaner
2014-03-30 12:02 - 2014-03-30 12:02 - 00347816 _____ (Microsoft Corporation) C:\Users\Human Bean\Downloads\MicrosoftFixit.Pictures.FISC.15031962343152533.2.5.Run.exe
2014-03-30 12:00 - 2014-03-30 12:00 - 00347816 _____ (Microsoft Corporation) C:\Users\Human Bean\Downloads\MicrosoftFixit.WindowsFirewall.FISC.15031962343152533.2.4.Run.exe
2014-03-30 11:59 - 2014-03-30 11:59 - 00347816 _____ (Microsoft Corporation) C:\Users\Human Bean\Downloads\MicrosoftFixit.IEAddon.FISC.15031962343152533.2.3.Run.exe
2014-03-30 11:57 - 2014-03-30 11:56 - 00347816 _____ (Microsoft Corporation) C:\Users\Human Bean\Downloads\MicrosoftFixit.IEAddon.FISC.15031962343152533.2.2.Run.exe
2014-03-30 11:39 - 2014-03-30 11:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-30 11:20 - 2014-03-30 11:20 - 00347816 _____ (Microsoft Corporation) C:\Users\Human Bean\Downloads\MicrosoftFixit.IEPerformance.FISC.15031962343152533.2.1.Run.exe
2014-03-29 23:52 - 2014-03-29 23:52 - 00009748 _____ () C:\Users\Human Bean\Downloads\Default_MP4.reg
2014-03-28 22:51 - 2014-03-28 22:51 - 00000000 ____D () C:\Users\Human Bean\AppData\Local\Macromedia
2014-03-28 22:38 - 2014-03-28 22:38 - 01046528 _____ () C:\Users\Human Bean\Downloads\MicrosoftFixit51007.msi
2014-03-28 20:29 - 2014-03-28 20:29 - 36138288 _____ (Microsoft Corporation) C:\Users\Human Bean\Downloads\IE9-WindowsVista-x64-enu.exe
2014-03-28 19:13 - 2014-04-03 16:16 - 00000000 ____D () C:\Users\Human Bean\Desktop\MalWare
2014-03-28 13:11 - 2014-03-28 13:12 - 00000000 _____ () C:\Windows\system32\regedit
2014-03-27 17:51 - 2014-02-23 03:12 - 17847808 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-27 17:51 - 2014-02-23 02:54 - 02334720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-27 17:51 - 2014-02-23 02:52 - 10926592 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-27 17:51 - 2014-02-23 02:48 - 01392128 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-27 17:51 - 2014-02-23 02:48 - 01347072 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-27 17:51 - 2014-02-23 02:46 - 01494528 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-27 17:51 - 2014-02-23 02:46 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2014-03-27 17:51 - 2014-02-23 02:46 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-27 17:51 - 2014-02-23 02:45 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2014-03-27 17:51 - 2014-02-23 02:45 - 00599040 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-03-27 17:51 - 2014-02-23 02:45 - 00173056 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-27 17:51 - 2014-02-23 02:44 - 02382848 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-27 17:51 - 2014-02-23 02:44 - 02147840 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-27 17:51 - 2014-02-23 02:44 - 00729088 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-27 17:51 - 2014-02-23 02:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-03-27 17:51 - 2014-02-23 02:43 - 00248320 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-27 17:51 - 2014-02-23 01:50 - 12347904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-27 17:51 - 2014-02-23 01:47 - 01806848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-27 17:51 - 2014-02-23 01:43 - 09739264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-27 17:51 - 2014-02-23 01:41 - 01105408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-27 17:51 - 2014-02-23 01:40 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-27 17:51 - 2014-02-23 01:39 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-27 17:51 - 2014-02-23 01:38 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2014-03-27 17:51 - 2014-02-23 01:38 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-27 17:51 - 2014-02-23 01:38 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-27 17:51 - 2014-02-23 01:37 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-27 17:51 - 2014-02-23 01:37 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2014-03-27 17:51 - 2014-02-23 01:37 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-27 17:51 - 2014-02-23 01:37 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-03-27 17:51 - 2014-02-23 01:36 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-27 17:51 - 2014-02-23 01:36 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-03-27 17:51 - 2014-02-23 01:35 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-27 17:23 - 2014-03-27 17:25 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-27 17:13 - 2012-02-29 11:37 - 00005632 _____ (Microsoft Corporation) C:\Windows\system32\wmi.dll
2014-03-27 17:13 - 2012-02-29 11:11 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmi.dll
2014-03-27 17:13 - 2012-02-29 09:52 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fs_rec.sys
2014-03-27 17:00 - 2014-02-03 09:20 - 00619008 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-27 17:00 - 2014-02-03 06:37 - 00505344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-27 17:00 - 2013-10-11 00:23 - 00781824 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2014-03-27 17:00 - 2013-10-11 00:23 - 00462848 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2014-03-27 17:00 - 2013-10-10 22:29 - 00217074 _____ () C:\Windows\system32\WFP.TMF
2014-03-27 17:00 - 2013-10-10 22:07 - 00596480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2014-03-27 17:00 - 2013-08-02 10:06 - 01706496 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2014-03-27 17:00 - 2013-08-02 00:09 - 01548288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2014-03-27 17:00 - 2013-07-09 08:04 - 01585256 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2014-03-27 17:00 - 2013-07-09 08:04 - 01168088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2014-03-27 17:00 - 2013-07-08 00:51 - 04691904 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-03-27 17:00 - 2013-07-08 00:20 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-03-27 17:00 - 2013-07-08 00:18 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-03-27 17:00 - 2013-07-08 00:15 - 00234496 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-03-27 17:00 - 2013-07-08 00:14 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-03-27 17:00 - 2013-07-07 21:39 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-03-27 17:00 - 2013-07-07 21:39 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-03-27 17:00 - 2013-07-07 21:39 - 00002560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-03-27 17:00 - 2013-03-09 00:16 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2014-03-27 17:00 - 2013-03-08 21:48 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2014-03-27 17:00 - 2013-03-03 15:13 - 01513320 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-03-27 17:00 - 2012-11-08 00:26 - 01570816 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2014-03-27 17:00 - 2012-11-07 23:48 - 01314816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2014-03-27 17:00 - 2012-09-25 12:31 - 00091648 _____ (Microsoft Corporation) C:\Windows\system32\synceng.dll
2014-03-27 17:00 - 2012-09-25 12:19 - 00075776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\synceng.dll
2014-03-27 17:00 - 2012-05-01 10:29 - 00209920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rdpwd.sys
2014-03-27 17:00 - 2011-12-14 12:38 - 00621056 _____ (Microsoft Corporation) C:\Windows\system32\msvcrt.dll
2014-03-27 17:00 - 2011-12-14 12:17 - 00680448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcrt.dll
2014-03-27 16:59 - 2014-01-30 06:12 - 01111040 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-27 16:59 - 2014-01-30 03:46 - 00876032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-27 16:59 - 2013-12-05 00:48 - 01869824 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-03-27 16:59 - 2013-12-04 22:12 - 01248768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-03-27 16:59 - 2013-08-01 00:10 - 00901568 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-03-27 16:59 - 2013-07-31 23:37 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2014-03-27 16:59 - 2013-06-15 09:27 - 00020480 _____ (Microsoft Corporation) C:\Windows\system32\icaapi.dll
2014-03-27 16:59 - 2013-06-15 07:38 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2014-03-27 16:59 - 2013-04-23 22:10 - 01078272 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2014-03-27 16:59 - 2013-04-23 21:46 - 00812544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2014-03-27 16:59 - 2011-11-16 12:43 - 00442368 _____ (Microsoft Corporation) C:\Windows\system32\winhttp.dll
2014-03-27 16:59 - 2011-11-16 12:23 - 00377344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winhttp.dll
2014-03-27 16:58 - 2013-11-12 21:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-03-27 16:58 - 2013-11-12 20:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-03-27 16:58 - 2013-10-03 11:02 - 01278976 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2014-03-27 16:58 - 2013-10-03 08:45 - 00993792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2014-03-27 16:58 - 2013-08-26 23:39 - 01268224 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2014-03-27 16:58 - 2013-08-26 23:39 - 00327680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2014-03-27 16:58 - 2013-08-26 23:39 - 00287232 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2014-03-27 16:58 - 2013-08-26 23:39 - 00196096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2014-03-27 16:58 - 2013-08-26 22:47 - 01029120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10.dll
2014-03-27 16:58 - 2013-08-26 22:47 - 00219648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1core.dll
2014-03-27 16:58 - 2013-08-26 22:47 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10core.dll
2014-03-27 16:58 - 2013-08-26 22:47 - 00160768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10_1.dll
2014-03-27 16:58 - 2013-08-26 22:32 - 02002944 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-03-27 16:58 - 2013-08-26 22:30 - 00566272 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2014-03-27 16:58 - 2013-08-26 22:06 - 00834048 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2014-03-27 16:58 - 2013-08-26 22:00 - 01556480 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2014-03-27 16:58 - 2013-08-26 22:00 - 01149952 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2014-03-27 16:58 - 2013-08-26 21:52 - 01172480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-03-27 16:58 - 2013-08-26 21:50 - 00486400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2014-03-27 16:58 - 2013-08-26 21:32 - 00683008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2014-03-27 16:58 - 2013-08-26 21:28 - 01069056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DWrite.dll
2014-03-27 16:58 - 2013-07-10 05:47 - 00677888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-03-27 16:58 - 2013-07-10 05:42 - 01303552 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-03-27 16:58 - 2013-06-04 00:16 - 00048128 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2014-03-27 16:58 - 2013-06-04 00:16 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2014-03-27 16:58 - 2013-06-03 22:01 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2014-03-27 16:58 - 2013-06-03 21:49 - 00293376 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2014-03-27 16:58 - 2013-04-24 00:09 - 00050688 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2014-03-27 16:58 - 2013-04-24 00:00 - 00041984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2014-03-27 16:58 - 2012-11-20 00:22 - 00204288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-03-27 16:58 - 2012-11-20 00:21 - 00253952 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-03-27 16:58 - 2012-09-28 12:34 - 01210368 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-03-27 16:58 - 2012-09-28 12:13 - 00860160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-03-27 16:58 - 2012-02-01 11:30 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2014-03-27 16:58 - 2011-10-25 12:13 - 00352256 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2014-03-27 16:58 - 2011-10-25 11:58 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2014-03-27 16:57 - 2011-10-14 13:31 - 00211968 _____ (Microsoft Corporation) C:\Windows\system32\winmm.dll
2014-03-27 16:57 - 2011-10-14 13:27 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\mcicda.dll
2014-03-27 16:57 - 2011-10-14 13:27 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\mciwave.dll
2014-03-27 16:57 - 2011-10-14 13:27 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\mciseq.dll
2014-03-27 16:57 - 2011-10-14 12:03 - 00189952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmm.dll
2014-03-27 16:57 - 2011-10-14 12:00 - 00023552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mciseq.dll
2014-03-27 16:55 - 2013-07-16 05:25 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\themeui.dll
2014-03-27 16:55 - 2013-07-16 00:35 - 00615936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\themeui.dll
2014-03-27 16:55 - 2013-07-05 00:45 - 01423808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-03-27 16:55 - 2013-07-02 22:55 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2014-03-27 16:55 - 2013-07-02 22:22 - 00031616 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2014-03-27 16:55 - 2013-02-11 22:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2014-03-27 16:55 - 2012-08-21 07:50 - 00267648 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2014-03-27 16:55 - 2012-06-04 11:29 - 00516480 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-03-27 16:55 - 2012-06-01 20:22 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-03-27 16:55 - 2012-06-01 20:05 - 00077312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-03-27 16:55 - 2012-06-01 20:04 - 00278528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-03-27 16:55 - 2011-11-16 12:42 - 00094720 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-03-27 16:55 - 2011-11-16 12:41 - 01689600 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-03-27 16:55 - 2011-11-16 10:34 - 00011264 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-03-27 16:54 - 2013-10-22 05:31 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\imagehlp.dll
2014-03-27 16:54 - 2013-10-22 03:19 - 00158208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imagehlp.dll
2014-03-27 16:54 - 2013-10-11 00:27 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\wshom.ocx
2014-03-27 16:54 - 2013-10-11 00:26 - 00198656 _____ (Microsoft Corporation) C:\Windows\system32\scrrun.dll
2014-03-27 16:54 - 2013-10-10 22:19 - 00166912 _____ (Microsoft Corporation) C:\Windows\system32\wscript.exe
2014-03-27 16:54 - 2013-10-10 22:19 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\cscript.exe
2014-03-27 16:54 - 2013-10-10 22:08 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scrrun.dll
2014-03-27 16:54 - 2013-10-10 22:08 - 00131072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshom.ocx
2014-03-27 16:54 - 2013-10-10 22:08 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wshcon.dll
2014-03-27 16:54 - 2013-10-10 20:35 - 00155648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscript.exe
2014-03-27 16:54 - 2013-10-10 20:35 - 00135168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cscript.exe
2014-03-27 16:54 - 2013-10-03 11:03 - 00389632 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-03-27 16:54 - 2013-10-03 08:46 - 00304128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-03-27 16:54 - 2013-09-03 22:31 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-03-27 16:54 - 2013-07-20 06:45 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-03-27 16:54 - 2013-07-20 06:44 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-03-27 16:54 - 2013-07-08 00:20 - 00172544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wintrust.dll
2014-03-27 16:54 - 2013-07-08 00:16 - 00133120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2014-03-27 16:54 - 2013-07-08 00:16 - 00098304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2014-03-27 16:54 - 2013-07-08 00:15 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2014-03-27 16:54 - 2013-07-08 00:12 - 00174592 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2014-03-27 16:54 - 2013-07-08 00:12 - 00132096 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2014-03-27 16:54 - 2013-07-04 00:21 - 00532480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2014-03-27 16:54 - 2013-07-04 00:13 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2014-03-27 16:54 - 2012-11-02 06:47 - 01794560 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-03-27 16:54 - 2012-11-02 06:19 - 01400832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-03-27 16:53 - 2013-06-26 19:00 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2014-03-27 16:53 - 2013-06-26 19:00 - 00054376 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\WdfLdr.sys
2014-03-27 16:53 - 2013-06-26 19:00 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\Wdfres.dll
2014-03-27 16:53 - 2013-03-08 00:18 - 00451072 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2014-03-27 16:53 - 2012-06-29 12:20 - 00648192 _____ (Microsoft Corporation) C:\Windows\system32\netapi32.dll
2014-03-27 16:53 - 2012-06-29 12:01 - 00467968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netapi32.dll
2014-03-27 16:53 - 2012-05-11 12:34 - 00788480 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2014-03-27 16:53 - 2012-05-11 11:57 - 00623616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\localspl.dll
2014-03-27 16:39 - 2013-10-30 00:34 - 00374784 _____ (Microsoft Corporation) C:\Windows\system32\SysFxUI.dll
2014-03-27 16:39 - 2013-10-29 23:55 - 00122368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\drmk.sys
2014-03-27 16:39 - 2013-10-29 22:33 - 00218112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2014-03-27 16:38 - 2013-06-28 22:25 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2014-03-27 16:38 - 2013-06-28 22:25 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys
2014-03-27 16:38 - 2013-06-28 22:25 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys
2014-03-27 16:38 - 2013-06-28 22:25 - 00007552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys
2014-03-27 16:38 - 2013-03-08 00:17 - 02425344 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2014-03-27 16:38 - 2013-03-07 23:52 - 02067968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2014-03-27 16:38 - 2012-03-20 19:34 - 00072576 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\partmgr.sys
2014-03-27 16:38 - 2011-11-18 14:07 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\packager.dll
2014-03-27 16:38 - 2011-11-18 13:47 - 00066560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\packager.dll
2014-03-27 16:38 - 2011-05-05 10:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys
2014-03-27 16:38 - 2011-05-05 10:17 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys
2014-03-27 16:35 - 2013-05-02 00:16 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2014-03-27 16:35 - 2013-05-02 00:04 - 00443904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2014-03-27 16:35 - 2013-05-02 00:03 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\printcom.dll
2014-03-27 16:33 - 2014-02-07 08:11 - 02776064 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-27 16:27 - 2012-06-08 13:59 - 12899840 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-03-27 16:27 - 2012-06-08 13:47 - 11586048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-03-27 16:22 - 2012-11-02 06:45 - 00477696 _____ (Microsoft Corporation) C:\Windows\system32\dpnet.dll
2014-03-27 16:22 - 2012-11-02 06:45 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\dpnathlp.dll
2014-03-27 16:22 - 2012-11-02 06:18 - 00376320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2014-03-27 16:22 - 2012-11-02 04:59 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\dpnsvr.exe
2014-03-27 16:22 - 2012-11-02 04:26 - 00023040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpnsvr.exe
2014-03-27 16:10 - 2012-01-09 12:16 - 00708096 _____ (Microsoft Corporation) C:\Windows\system32\rdpencom.dll
2014-03-27 16:10 - 2012-01-09 11:54 - 00613376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdpencom.dll
2014-03-27 15:06 - 2014-03-27 15:06 - 414020683 _____ () C:\Windows\MEMORY.DMP
2014-03-27 14:49 - 2012-06-02 18:19 - 02428952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-03-27 14:49 - 2012-06-02 18:19 - 00057880 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-03-27 14:49 - 2012-06-02 18:19 - 00044056 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-03-27 14:49 - 2012-06-02 18:15 - 02622464 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-03-27 14:05 - 2012-06-02 18:19 - 00701976 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-03-27 14:05 - 2012-06-02 18:19 - 00577048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-03-27 14:05 - 2012-06-02 18:19 - 00038424 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-03-27 14:05 - 2012-06-02 18:19 - 00035864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-03-27 14:05 - 2012-06-02 18:15 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-03-27 14:05 - 2012-06-02 18:12 - 00088576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-03-27 14:05 - 2012-06-02 15:19 - 00186752 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-03-27 14:05 - 2012-06-02 15:19 - 00171904 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-03-27 14:05 - 2012-06-02 15:15 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-03-27 14:05 - 2012-06-02 15:12 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-03-27 12:35 - 2014-04-04 11:41 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-03-27 12:35 - 2014-03-30 10:49 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-27 12:35 - 2014-03-27 12:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-27 12:35 - 2014-03-27 12:35 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-03-27 12:35 - 2014-03-05 09:26 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-27 12:35 - 2014-03-05 09:26 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

==================== One Month Modified Files and Folders =======

2014-04-04 12:04 - 2014-04-04 12:04 - 00000000 ____D () C:\FRST
2014-04-04 12:02 - 2006-11-02 08:46 - 00802402 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-04 11:56 - 2008-12-19 11:21 - 02017760 _____ () C:\Windows\WindowsUpdate.log
2014-04-04 11:56 - 2006-11-02 11:42 - 00032520 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-04-04 11:56 - 2006-11-02 11:42 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-04 11:56 - 2006-11-02 11:22 - 00003744 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-04 11:56 - 2006-11-02 11:22 - 00003744 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-04 11:41 - 2014-03-27 12:35 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-04-04 11:25 - 2009-09-08 23:27 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-04 11:11 - 2014-04-04 11:11 - 02157056 _____ (Farbar) C:\Users\Human Bean\Downloads\FRST64.exe
2014-04-04 10:24 - 2010-10-16 18:41 - 00000000 ____D () C:\ProgramData\MFAData
2014-04-04 10:18 - 2009-09-08 23:13 - 00000880 _____ () C:\Windows\Tasks\Google Software Updater.job
2014-04-04 01:55 - 2011-06-16 21:29 - 00003722 _____ () C:\Windows\System32\Tasks\User_Feed_Synchronization-{185FCA8C-4833-4911-ADED-9C13DAB07106}
2014-04-03 20:24 - 2009-09-08 23:27 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-03 16:16 - 2014-03-28 19:13 - 00000000 ____D () C:\Users\Human Bean\Desktop\MalWare
2014-04-02 16:09 - 2009-01-26 01:33 - 00000000 ___RD () C:\Users\Human Bean\Desktop\Top Level File
2014-04-02 16:08 - 2012-07-15 14:21 - 00000000 ____D () C:\Users\Human Bean\Desktop\YTD Video Files
2014-04-02 15:36 - 2006-11-02 11:07 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-04-02 09:32 - 2009-12-03 17:11 - 00000000 ____D () C:\Windows\system32\NtmsData
2014-04-01 23:59 - 2013-01-18 11:49 - 00000000 ____D () C:\Users\Human Bean\AppData\Roaming\vlc
2014-04-01 18:15 - 2009-01-14 23:37 - 00147304 _____ () C:\Users\Human Bean\AppData\Local\GDIPFONTCACHEV1.DAT
2014-04-01 18:00 - 2006-11-02 11:21 - 00509336 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-04-01 17:59 - 2008-01-20 23:26 - 01055718 _____ () C:\Windows\PFRO.log
2014-04-01 17:57 - 2014-04-01 17:15 - 00181064 _____ (Sysinternals) C:\Windows\PSEXESVC.EXE
2014-04-01 17:49 - 2006-11-02 08:34 - 00000180 _____ () C:\Windows\win.ini
2014-04-01 17:42 - 2014-03-31 15:43 - 00802402 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-04-01 17:42 - 2009-01-15 00:27 - 00000440 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-04-01 17:06 - 2014-04-01 17:06 - 00000207 _____ () C:\Windows\tweaking.com-regbackup-HUMANBEAN-PC-Microsoft®-Windows-Vista™-Home-Premium-(64-bit).dat
2014-04-01 17:04 - 2014-04-01 17:04 - 00000000 ____D () C:\RegBackup
2014-04-01 17:00 - 2014-04-01 17:00 - 00117726 _____ () C:\Users\Human
2014-04-01 16:16 - 2006-11-02 09:33 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-01 15:20 - 2014-04-01 15:20 - 00000000 ____D () C:\Program Files\7-Zip
2014-04-01 15:18 - 2014-04-01 15:17 - 01376768 _____ () C:\Users\Human Bean\Downloads\7z920-x64.msi
2014-04-01 13:25 - 2014-04-01 13:25 - 00001996 _____ () C:\Users\Human Bean\Desktop\Tweaking.com - Windows Repair (All in One).lnk
2014-04-01 13:24 - 2014-04-01 13:24 - 00000000 ____D () C:\Program Files (x86)\Tweaking.com
2014-03-31 23:20 - 2014-03-31 23:20 - 00000000 ____D () C:\Users\Human Bean\AppData\Local\{E53D6613-6B3D-438E-ACE0-31DE8CA53D33}
2014-03-31 23:20 - 2014-03-31 15:49 - 00000000 ____D () C:\Users\Human Bean\AppData\Local\Windows Live
2014-03-31 23:09 - 2014-03-31 08:57 - 00010849 _____ () C:\Windows\DirectX.log
2014-03-31 22:38 - 2013-02-21 12:48 - 00000000 ___RD () C:\Users\Human Bean\Desktop\Pics
2014-03-31 18:02 - 2006-11-02 09:33 - 00000000 ____D () C:\Windows\rescache
2014-03-31 16:42 - 2014-03-31 16:42 - 00000000 ____D () C:\Windows\en
2014-03-31 16:42 - 2014-03-31 16:39 - 00000000 ____D () C:\Program Files (x86)\Windows Live
2014-03-31 16:40 - 2014-03-31 16:40 - 00000000 ____D () C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2014-03-31 16:39 - 2014-03-31 16:38 - 00000000 ____D () C:\Program Files\Windows Live
2014-03-31 16:38 - 2014-03-31 16:38 - 00000000 ____D () C:\Windows\PCHEALTH
2014-03-31 16:38 - 2006-11-02 09:33 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-03-31 15:42 - 2006-11-02 09:34 - 00000000 ____D () C:\Windows\system32\inetsrv
2014-03-31 15:36 - 2008-12-19 17:44 - 00000000 ____D () C:\Program Files (x86)\Intel
2014-03-31 15:35 - 2009-01-14 23:35 - 00000000 ____D () C:\Users\Human Bean
2014-03-31 14:15 - 2010-04-11 23:34 - 00001905 _____ () C:\Windows\diagwrn.xml
2014-03-31 14:15 - 2010-04-11 23:34 - 00001905 _____ () C:\Windows\diagerr.xml
2014-03-31 14:15 - 2009-11-07 01:54 - 00002792 _____ () C:\Windows\setupact.log
2014-03-31 14:11 - 2009-11-07 01:54 - 00000000 _____ () C:\Windows\setuperr.log
2014-03-31 13:49 - 2014-03-31 13:49 - 00000000 ____D () C:\Users\Human Bean\AppData\Local\Microsoft Corporation
2014-03-31 13:37 - 2014-03-31 10:03 - 00030337 _____ () C:\Windows\iis7.log
2014-03-31 13:32 - 2006-11-02 09:34 - 00000000 ____D () C:\Windows\SysWOW64\inetsrv
2014-03-31 10:49 - 2014-03-31 10:38 - 00000000 ___SD () C:\ComboFix
2014-03-31 10:38 - 2014-03-31 10:38 - 00000000 ____D () C:\Qoobox
2014-03-31 10:38 - 2014-03-31 10:36 - 00000000 ___SD () C:\32788R22FWJFW
2014-03-31 10:36 - 2014-03-31 10:36 - 00000000 ____D () C:\Windows\erdnt
2014-03-31 10:36 - 2014-03-31 10:33 - 05192353 ____R (Swearware) C:\Users\Human Bean\Downloads\ComboFix.exe
2014-03-31 10:00 - 2014-03-31 10:00 - 00000000 ____D () C:\Program Files\Windows Journal
2014-03-31 10:00 - 2014-03-31 10:00 - 00000000 ____D () C:\inetpub
2014-03-31 10:00 - 2006-11-02 11:15 - 00000000 ____D () C:\Windows\system32\0409
2014-03-31 10:00 - 2006-11-02 11:07 - 00000000 ____D () C:\Windows\ShellNew
2014-03-31 10:00 - 2006-11-02 09:33 - 00000000 ____D () C:\Windows\Help
2014-03-31 09:15 - 2014-03-31 09:15 - 00000000 ____D () C:\Users\Default\AppData\Roaming\TuneUp Software
2014-03-31 09:15 - 2014-03-31 09:15 - 00000000 ____D () C:\Users\Default User\AppData\Roaming\TuneUp Software
2014-03-31 09:15 - 2014-03-30 14:06 - 00000874 _____ () C:\Users\Public\Desktop\AVG 2014.lnk
2014-03-31 08:59 - 2014-03-30 22:35 - 00000000 ____D () C:\Windows\SysWOW64\directx
2014-03-30 22:35 - 2014-03-30 22:35 - 00292184 _____ (Microsoft Corporation) C:\Users\Human Bean\Downloads\dxwebsetup.exe
2014-03-30 22:34 - 2014-03-30 22:33 - 26437344 _____ (Microsoft Corporation) C:\Users\Human Bean\Downloads\Windows-KB890830-x64-V5.10(1).exe
2014-03-30 22:23 - 2014-03-30 21:32 - 08558080 _____ () C:\Users\Human Bean\Downloads\EMET Setup.msi
2014-03-30 21:12 - 2014-03-30 21:12 - 26437344 _____ (Microsoft Corporation) C:\Users\Human Bean\Downloads\Windows-KB890830-x64-V5.10.exe
2014-03-30 20:19 - 2009-09-08 23:27 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-30 20:19 - 2009-09-08 23:27 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-30 17:44 - 2014-03-30 13:56 - 00000000 ____D () C:\Users\Human Bean\AppData\Local\Avg2014
2014-03-30 17:42 - 2009-01-15 16:43 - 00000000 ____D () C:\Users\Human Bean\AppData\Local\Adobe
2014-03-30 17:41 - 2014-03-30 17:41 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-30 17:41 - 2014-03-30 17:41 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-30 14:08 - 2014-03-30 14:08 - 00000000 ____D () C:\Users\Human Bean\AppData\Roaming\AVG2014
2014-03-30 14:07 - 2014-03-30 14:04 - 00000000 ____D () C:\ProgramData\AVG2014
2014-03-30 14:06 - 2014-03-30 14:06 - 00000000 ____D () C:\Users\Human Bean\AppData\Roaming\TuneUp Software
2014-03-30 14:04 - 2014-03-30 14:04 - 00000000 ____D () C:\$AVG
2014-03-30 14:01 - 2009-03-10 19:34 - 00000000 ____D () C:\Program Files (x86)\AVG
2014-03-30 13:56 - 2014-03-30 13:56 - 00000000 ____D () C:\Users\Human Bean\AppData\Local\MFAData
2014-03-30 13:49 - 2012-03-15 22:30 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-03-30 13:05 - 2013-10-24 23:08 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-30 13:05 - 2012-03-24 08:41 - 00007464 _____ () C:\Windows\system32\spsys.log
2014-03-30 13:03 - 2014-03-30 13:01 - 00000000 ____D () C:\AdwCleaner
2014-03-30 12:02 - 2014-03-30 12:02 - 00347816 _____ (Microsoft Corporation) C:\Users\Human Bean\Downloads\MicrosoftFixit.Pictures.FISC.15031962343152533.2.5.Run.exe
2014-03-30 12:00 - 2014-03-30 12:00 - 00347816 _____ (Microsoft Corporation) C:\Users\Human Bean\Downloads\MicrosoftFixit.WindowsFirewall.FISC.15031962343152533.2.4.Run.exe
2014-03-30 11:59 - 2014-03-30 11:59 - 00347816 _____ (Microsoft Corporation) C:\Users\Human Bean\Downloads\MicrosoftFixit.IEAddon.FISC.15031962343152533.2.3.Run.exe
2014-03-30 11:56 - 2014-03-30 11:57 - 00347816 _____ (Microsoft Corporation) C:\Users\Human Bean\Downloads\MicrosoftFixit.IEAddon.FISC.15031962343152533.2.2.Run.exe
2014-03-30 11:40 - 2014-03-30 11:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-30 11:20 - 2014-03-30 11:20 - 00347816 _____ (Microsoft Corporation) C:\Users\Human Bean\Downloads\MicrosoftFixit.IEPerformance.FISC.15031962343152533.2.1.Run.exe
2014-03-30 10:49 - 2014-03-27 12:35 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-03-30 10:14 - 2006-11-02 11:07 - 00000000 ____D () C:\Windows\SysWOW64\XPSViewer
2014-03-29 23:52 - 2014-03-29 23:52 - 00009748 _____ () C:\Users\Human Bean\Downloads\Default_MP4.reg
2014-03-28 22:51 - 2014-03-28 22:51 - 00000000 ____D () C:\Users\Human Bean\AppData\Local\Macromedia
2014-03-28 22:38 - 2014-03-28 22:38 - 01046528 _____ () C:\Users\Human Bean\Downloads\MicrosoftFixit51007.msi
2014-03-28 21:48 - 2008-12-19 17:41 - 00000000 ____D () C:\Program Files (x86)\InstallShield Installation Information
2014-03-28 20:30 - 2011-06-15 23:13 - 00005841 _____ () C:\Windows\IE9_main.log
2014-03-28 20:29 - 2014-03-28 20:29 - 36138288 _____ (Microsoft Corporation) C:\Users\Human Bean\Downloads\IE9-WindowsVista-x64-enu.exe
2014-03-28 19:24 - 2009-01-18 20:24 - 00000000 ____D () C:\Users\Human Bean\AppData\Roaming\GoodSync
2014-03-28 16:47 - 2009-12-14 02:59 - 00000000 ____D () C:\Users\Guest
2014-03-28 16:47 - 2006-11-02 08:33 - 84934656 _____ () C:\Windows\system32\config\software_previous
2014-03-28 16:46 - 2006-11-02 09:34 - 00000000 ____D () C:\Windows\system32\spool
2014-03-28 16:46 - 2006-11-02 09:34 - 00000000 ____D () C:\Windows\system32\Msdtc
2014-03-28 16:46 - 2006-11-02 09:33 - 00000000 __RSD () C:\Windows\Media
2014-03-28 16:45 - 2009-01-26 06:31 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-28 16:45 - 2008-12-19 17:48 - 00000000 ____D () C:\Program Files (x86)\Microsoft Works
2014-03-28 16:44 - 2006-11-02 08:33 - 35389440 _____ () C:\Windows\system32\config\system_previous
2014-03-28 16:43 - 2006-11-02 09:33 - 00000000 ____D () C:\Windows\registration
2014-03-28 16:27 - 2006-11-02 08:33 - 61079552 _____ () C:\Windows\system32\config\components_previous
2014-03-28 16:27 - 2006-11-02 08:33 - 00262144 _____ () C:\Windows\system32\config\sam_previous
2014-03-28 15:35 - 2006-11-02 08:33 - 01806336 _____ () C:\Windows\system32\config\SYSTEM.SAV
2014-03-28 13:12 - 2014-03-28 13:11 - 00000000 _____ () C:\Windows\system32\regedit
2014-03-28 03:00 - 2006-11-02 08:33 - 00262144 _____ () C:\Windows\system32\config\security_previous
2014-03-28 03:00 - 2006-11-02 08:33 - 00262144 _____ () C:\Windows\system32\config\default_previous
2014-03-28 02:03 - 2006-11-02 11:21 - 00021504 _____ () C:\Windows\system32\umstartup.etl
2014-03-28 01:39 - 2012-03-15 22:30 - 00000000 ____D () C:\Program Files\AVAST Software(31)
2014-03-28 00:31 - 2012-03-15 22:30 - 00000000 ____D () C:\Program Files\AVAST Software(112)
2014-03-27 17:25 - 2014-03-27 17:23 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-27 15:59 - 2010-03-04 23:11 - 00000000 ____D () C:\ProgramData\LumaPix
2014-03-27 15:58 - 2010-03-04 23:11 - 00000000 ____D () C:\Users\Human Bean\Documents\My Collages
2014-03-27 15:06 - 2014-03-27 15:06 - 414020683 _____ () C:\Windows\MEMORY.DMP
2014-03-27 14:32 - 2012-03-15 22:32 - 00000000 _____ () C:\Windows\SysWOW64\config.nt
2014-03-27 12:49 - 2013-08-15 15:19 - 00000000 ____D () C:\ProgramData\YTD Video Downloader
2014-03-27 12:35 - 2014-03-27 12:35 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-03-27 12:35 - 2014-03-27 12:35 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-03-27 12:18 - 2009-01-30 03:29 - 00000000 ___RD () C:\Users\Human Bean\Desktop\Working Files
2014-03-22 13:40 - 2013-08-13 15:40 - 00000000 ____D () C:\Users\Human Bean\Desktop\Re WW Twnshp
2014-03-13 09:24 - 2013-11-11 01:11 - 00000903 _____ () C:\Users\Public\Desktop\VLC media player.lnk
2014-03-05 09:26 - 2014-03-27 12:35 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-03-05 09:26 - 2014-03-27 12:35 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

LastRegBack: 2014-04-02 15:42

==================== End Of Log ============================

 

 

 

 

Addnl...

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Human Bean at 2014-04-04 12:06:32
Running from G:\
Boot Mode: Safe Mode (minimal)
==========================================================

==================== Security Center ========================

AV: AVG AntiVirus 2014 (Enabled - Up to date) {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
AS: AVG AntiVirus 2014 (Enabled - Up to date) {B5F5C120-2089-702E-0001-553BB0D5A664}

==================== Installed Programs ======================

64 Bit HP CIO Components Installer (Version: 2.2.6 - Hewlett-Packard) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat 9 Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}) (Version: 9.5.5 - Adobe Systems)
Adobe Acrobat 9 Pro - English, Français, Deutsch (x32 Version: 9.5.5 - Adobe Systems) Hidden
Adobe Acrobat 9.5.5 - CPSID_83708 (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000004}_955) (Version:  - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.1.0.4880 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.1.0.4880 - Adobe Systems Incorporated) Hidden
Adobe Connect Add-in (HKCU\...\Adobe Connect Add-in) (Version:  - )
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader 9.1.3 (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-A91000000001}) (Version: 9.1.3 - Adobe Systems Incorporated)
AI RoboForm (All Users) (HKLM-x32\...\AI RoboForm) (Version:  - )
Apple Application Support (HKLM-x32\...\{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}) (Version: 2.3.4 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVG 2014 (HKLM\...\AVG) (Version: 2014.0.4355 - AVG Technologies)
AVG 2014 (Version: 14.0.3722 - AVG Technologies) Hidden
AVG 2014 (Version: 14.0.4355 - AVG Technologies) Hidden
Browser Address Error Redirector (HKLM-x32\...\{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}) (Version:  - )
Browser Address Error Redirector (HKLM-x32\...\{62230596-37E5-4618-A329-0D21F529A86F}) (Version: 1.00.0000 - Dell)
Canon MP Navigator EX 1.0 (HKLM-x32\...\MP Navigator EX 1.0) (Version:  - )
Canon MP560 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP560_series) (Version:  - )
Canon MX300 series (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX300_series) (Version:  - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version:  - )
CDDRV_Installer (Version: 4.60 - Logitech) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{6D3963B0-E13B-4FC3-B0FF-506A304BB043}) (Version: 2.1.3 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{83770D14-21B9-44B3-8689-F7B523F94560}) (Version: 1.0.12 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{669C7BD8-DAA2-49B6-966C-F1E2AAE6B17E}) (Version: 1.0.13 - Cisco Systems, Inc.)
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6425.1000 - Microsoft Corporation)
Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.)
Corel® Migration Manager (HKLM-x32\...\{1C733D44-B2BF-11D5-B723-00902713F081}) (Version: 1.0.0 - Corel Corporation)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Debugging Tools for Windows (x64) (HKLM\...\{7F2E5C3B-DBDF-469D-AD8D-F686D3B71176}) (Version: 6.11.1.404 - Microsoft Corporation)
Dell Dock (HKLM\...\{F6CB42B9-F033-4152-8813-FF11DA8E6A78}) (Version: 1.0.0 - Dell)
Dell Getting Started Guide (HKLM-x32\...\{7DB9F1E5-9ACB-410D-A7DC-7A3D023CE045}) (Version: 1.00.0000 - Dell Inc.)
Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.1107.115.102 - ALPS ELECTRIC CO., LTD.)
Dell Video Chat (remove only) (HKLM-x32\...\Dell Video Chat) (Version: 6.0 (6551) - SightSpeed Inc.)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version:  - )
Dell Wireless WLAN Card Utility (HKLM\...\Broadcom 802.11b Network Adapter) (Version: 4.170.77.17 - Dell Inc.)
DesignPro 5.4 Limited Edition (HKLM-x32\...\InstallShield_{71F6DF7D-B639-4FAD-BA93-E6DF267AA44D}) (Version: 5.2.1201 - Avery Dennison)
DesignPro 5.4 Limited Edition (x32 Version: 5.2.1201 - Avery Dennison) Hidden
erLT (x32 Version: 1.12.0117 - Logitech, Inc.) Hidden
FotoFusion v4 (HKLM-x32\...\{E2B31B67-9795-4EF9-9AC6-B683E7B11BE6}_is1) (Version:  - LumaPix)
Free Mp3 Wma Converter V 1.8.0 (HKLM-x32\...\Free Mp3 Wma Converter_is1) (Version:  - )
GoodSync (HKLM\...\{B26B00DA-2E5D-4CF2-83C5-911198C0F009}) (Version: 9.3.5.5 - Siber Systems)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Google Updater (HKLM-x32\...\Google Updater) (Version: 2.4.2432.1652 - Google Inc.)
Integrated Webcam Driver (1.01.01.1007)   (HKLM\...\Creative OA009) (Version:  - )
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.5.0.1029 - Intel Corporation)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
iTunes (HKLM\...\{76FF0F03-B707-4332-B5D1-A56C8303514E}) (Version: 11.0.4.4 - Apple Inc.)
J2SE Runtime Environment 5.0 Update 3 (HKLM-x32\...\{3248F0A8-6813-11D6-A77B-00B0D0150030}) (Version: 1.5.0.30 - Sun Microsystems, Inc.)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KhalInstallWrapper (Version: 4.60.122 - Logitech) Hidden
K-Lite Codec Pack 5.9.0 (Full) (HKLM-x32\...\KLiteCodecPack_is1) (Version: 5.9.0 - )
Logitech SetPoint (HKLM-x32\...\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}) (Version: 4.60 - Logitech)
Malwarebytes Anti-Malware version 2.00.0.1000 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.00.0.1000 - Malwarebytes Corporation)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Easy Assist v2 (HKLM-x32\...\{326957C7-83FD-4550-A59A-849B7B4297DE}) (Version: 8.1.6416.0 - Microsoft Corporation)
Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6425.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Works (HKLM-x32\...\{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}) (Version: 9.7.0621 - Microsoft Corporation)
MiFi4510 Mobile Broadband Drivers (HKLM-x32\...\{CBA640FF-4754-4DB7-AC90-64D007FA8ACD}) (Version: 1.02.001.001.13 - Novatel Wireless)
Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT_amd64 (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Napster (HKLM-x32\...\{BBBCAE4B-B416-4182-A6F2-438180894A81}) (Version: 4.5.1.1 - Napster)
Napster Burn Engine (x32 Version: 3.5.0000 - Roxio) Hidden
PhoneBrowse 2.0.3 (HKLM-x32\...\{6A4F3A46-FC4A-4B5C-917C-B9BAAB99FE01}}_is1) (Version: 2.0.3 - iMobie Inc.)
PixiePack Codec Pack (HKLM-x32\...\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}) (Version: 1.0.100.0 - None)
Presto! PageManager 7.15.16 (HKLM-x32\...\{D2D6B9EB-C6DC-4DAA-B4DE-BB7D9735E7DA}) (Version: 7.15.16 - NewSoft Technology Corporation)
QuickBooks (x32 Version: 19.0.4008.703 - Intuit Inc.) Hidden
QuickBooks Pro 2009 (HKLM-x32\...\{9A2F0810-3622-4E86-9072-973FBE1679C5}) (Version: 19.0.4008.703 - Intuit Inc.)
Quickset (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 9.2.10 - Dell Inc.)
QuickTime (HKLM-x32\...\{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}) (Version: 7.64.17.73 - Apple Inc.)
Roxio Creator Audio (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator Copy (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator Data (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator DE (HKLM-x32\...\{09760D42-E223-42AD-8C3E-55B47D0DDAC3}) (Version: 10.1 - Roxio)
Roxio Creator DE (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Creator Tools (x32 Version: 3.7.0 - Roxio) Hidden
Roxio Express Labeler 3 (x32 Version: 3.2.1 - Roxio) Hidden
Roxio Update Manager (x32 Version: 6.0.0 - Roxio) Hidden
ScanSoft OmniPage SE 4 (HKLM-x32\...\{B2F3DBD9-A9D2-4838-B45D-C917DAB32BC3}) (Version: 15.2.0020 - Nuance Communications, Inc.)
ScanSoft PaperPort Viewer 7.0 (HKLM-x32\...\ScanSoft PaperPort Viewer 7.0) (Version:  - )
Segoe UI (x32 Version: 15.4.2271.0615 - Microsoft Corp) Hidden
Sony Image Data Suite (HKLM-x32\...\{359FCAA7-B544-4147-AE3B-8C8A526E2427}) (Version: 3.0.00.08270 - Sony Corporation)
Sony RAW Driver (HKLM-x32\...\{166FCF01-AC98-4288-A01C-90BEB808C059}) (Version: 2.0.00.08130 - Sony Corporation)
Spelling Dictionaries Support For Adobe Reader 9 (HKLM-x32\...\{AC76BA86-7AD7-5464-3428-900000000004}) (Version: 9.0.0 - Adobe Systems Incorporated)
SupportSoft Assisted Service (HKLM-x32\...\{5A3F6A80-7913-475E-8B96-477A952CFA43}) (Version: 15 - SupportSoft)
Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.5.1 - Tweaking.com)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM-x32\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
VC 9.0 Runtime (x32 Version: 1.0.0 - Check Point Software Technologies Ltd) Hidden
Visioneer 6100 USB Scanner Driver (HKLM-x32\...\Visioneer 6100 USB Scanner Driver) (Version:  - )
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{021C4C4F-C93C-4425-BFFD-C2D16776BFAE}) (Version: 8.0.0.35 - GRISOFT, s.r.o.)
Visual C++ 8.0 Runtime Setup Package (x64) (HKLM-x32\...\{2FDBBCEA-62DB-45F4-B6E5-0E1FB2A1F29D}) (Version: 9.0.0.623 - AVG Technologies CZ, s.r.o.)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
VUPlayer (HKLM-x32\...\VUPlayer) (Version:  - )
Vuze (HKLM-x32\...\8461-7759-5462-8226) (Version: 4.6 - Vuze Inc.)
Winamp (HKLM-x32\...\Winamp) (Version: 5.552  - Nullsoft, Inc)
Windows Live Communications Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4232.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Language Selector (Version: 15.4.3555.0308 - Microsoft Corporation) Hidden
Windows Live Mail (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Windows Live MIME IFilter (Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Movie Maker (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Photo Gallery (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Remote Client (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Client Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live Remote Service Resources (Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 15.4.3508.1109 - Microsoft Corporation) Hidden
Windows Live Writer (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows Live Writer Resources (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Windows NT Backup - Restore Utility (HKLM\...\{B3E699B5-7EEE-4AB1-A7BB-A43B7B4D94ED}) (Version: 1.0 - Microsoft Corporation)
winpcap-nmap 4.02 (HKLM-x32\...\winpcap-nmap) (Version:  - )
WordPerfect Office 12 (HKLM-x32\...\{AF19F291-F22F-4798-9662-525305AE9E48}) (Version: 12.0.0.238 - Corel Corporation)
YTD Video Downloader 4.5 (HKLM-x32\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.5 - GreenTree Applications SRL)

==================== Restore Points  =========================

31-03-2014 07:47:58 Scheduled Checkpoint
31-03-2014 12:55:46 Installed DirectX
31-03-2014 13:56:58 Windows Modules Installer
31-03-2014 16:36:09 Windows Update
31-03-2014 17:28:51 Windows Update
31-03-2014 17:43:11 Installed Windows 7 Upgrade Advisor
31-03-2014 17:45:50 Installed Windows 7 Upgrade Advisor
31-03-2014 19:23:31 Windows Update
01-04-2014 03:08:44 Installed DirectX
01-04-2014 03:09:44 Installed DirectX
01-04-2014 03:17:59 Removed Windows 7 Upgrade Advisor
01-04-2014 03:35:50 Windows Update
01-04-2014 19:19:47 Installed 7-Zip 9.20 (x64 edition)
01-04-2014 21:03:42 Tweaking.com - Windows Repair
02-04-2014 13:32:11 Windows Backup
03-04-2014 04:59:23 Scheduled Checkpoint
03-04-2014 19:38:42 OTL Restore Point - 4/3/2014 3:38:42 PM

==================== Hosts content: ==========================

2006-11-02 08:34 - 2014-04-01 17:49 - 00000855 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {0210961D-4C47-478B-895C-A94BF483724C} - System32\Tasks\Go to RoboForm Install page => Rundll32.exe url.dll,FileProtocolHandler "http://www.roboform....NNICMJNDJCMKJBJ"
Task: {0AEAFAF6-F116-4A60-AFB4-C8B755A6E975} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {16C44F1D-0589-41DB-9148-390A6449FC51} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-09-08] (Google Inc.)
Task: {192DDA2D-5815-47B8-983F-65744FEEC03A} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {254095AE-FB97-48EA-94A5-D8BF2AB79714} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {40827E10-4ABE-4587-AECE-03CF3E932457} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-636150604-2833345171-3525813516-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {536D5C9F-2122-4AFD-82C2-E7847B15CDBA} - System32\Tasks\Google Software Updater => C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-10-04] (Google)
Task: {5AC7AA47-C023-45DB-BCD7-A13A9B5038AD} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-636150604-2833345171-3525813516-1000 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe
Task: {673FBB69-F559-429F-BE7D-EF3CDC16874C} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {7C638E5B-ECE5-4424-A7E5-2C913CA682E9} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {AE6B4418-04F0-4620-A91E-DF6813A90BA5} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-09-08] (Google Inc.)
Task: {AE6E7C55-9369-476F-92FE-772FB5B43CA9} - System32\Tasks\Microsoft\Windows\Tcpip\WSHReset => C:\Windows\system32\netsh.exe [2006-11-02] (Microsoft Corporation)
Task: {CFBA873F-2795-401A-8DF0-C5EE7FEC98B0} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe [2013-01-16] (Siber Systems)
Task: {DA7B0AB2-9DA8-4972-BE0C-0034B85EF8C2} - System32\Tasks\Microsoft\Windows\WindowsCalendar\Reminders - Human Bean => C:\Program Files\Windows Calendar\wincal.exe [2008-01-20] (Microsoft Corporation)
Task: {E91D6474-70CC-42BE-80FF-8BED8AF557ED} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: C:\Windows\Tasks\Google Software Updater.job => C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

==================== Alternate Data Streams (whitelisted) =========

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\PEVSystemStart => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\procexp90.Sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="1"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "UseAlternateShell"="1"

==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: AESTFilters => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: avg8emc => 2
MSCONFIG\Services: avg8wd => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: DockLoginService => 2
MSCONFIG\Services: FLEXnet Licensing Service => 3
MSCONFIG\Services: IAANTMON => 2
MSCONFIG\Services: LBTServ => 3
MSCONFIG\Services: STacSV => 2
MSCONFIG\Services: stllssvr => 3
MSCONFIG\Services: wltrysvc => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Logitech SetPoint.lnk => C:\Windows\pss\Logitech SetPoint.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk => C:\Windows\pss\QuickBooks Update Agent.lnk.CommonStartup
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe Acrobat Speed Launcher => "C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Reader Speed Launcher => "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
MSCONFIG\startupreg: Apoint => C:\Program Files\DellTPad\Apoint.exe
MSCONFIG\startupreg: AVG8_TRAY => C:\PROGRA~2\AVG\AVG8\avgtray.exe
MSCONFIG\startupreg: Broadcom Wireless Manager UI => C:\Windows\system32\WLTRAY.exe
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonSolutionMenu => "C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" /logon
MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell.exe" /mode2
MSCONFIG\startupreg: ehTray.exe => C:\Windows\ehome\ehTray.exe
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IAAnotif => "C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe"
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: Intuit SyncManager => C:\Program Files (x86)\Common Files\Intuit\Sync\IntuitSyncManager.exe  startup
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Kernel and Hardware Abstraction Layer => KHALMNPR.EXE
MSCONFIG\startupreg: NapsterShell => "C:\Program Files (x86)\Napster\napster.exe" /systray
MSCONFIG\startupreg: OpwareSE4 => "C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe"
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: QuickSet => C:\Program Files\Dell\QuickSet\QuickSet.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: RoboForm => "C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe"
MSCONFIG\startupreg: SSBkgdUpdate => "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
MSCONFIG\startupreg: SysTrayApp => %ProgramFiles%\IDT\WDM\sttray64.exe
MSCONFIG\startupreg: TkBellExe => "C:\Program Files (x86)\Common Files\Real\Update_OB\realsched.exe"  -osboot
MSCONFIG\startupreg: Windows Defender => %ProgramFiles%\Windows Defender\MSASCui.exe -hide
MSCONFIG\startupreg: WMPNSCFG => C:\Program Files (x86)\Windows Media Player\WMPNSCFG.exe
MSCONFIG\startupreg: WordPerfect Office 1215 => "C:\Program Files (x86)\WordPerfect Office 12\Programs\Registration.exe" /title="WordPerfect Office 12" /date=013009 serial=wo12wrx-0000043-sgj lang=EN
MSCONFIG\startupreg: WrtMon.exe => C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (04/04/2014 11:58:26 AM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/03/2014 02:41:59 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/02/2014 03:37:24 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/01/2014 06:16:42 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifest.

Error: (04/01/2014 06:10:22 PM) (Source: Application Hang) (User: )
Description: The program Explorer.EXE version 6.0.6002.18005 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Problem Reports and Solutions control panel.
Process ID: 564
Start Time: 01cf4df5d1f2fb87
Termination Time: 15

Error: (04/01/2014 06:00:28 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"1".
Dependent Assembly Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (04/01/2014 05:55:37 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error RegOpenKeyExW(-2147483648,APPID\{56BE716B-2F76-4dfa-8702-67AE10044F0B},...).  hr = 0x80070005.

Error: (04/01/2014 05:55:37 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine IEventSystem::Store.  hr = 0x80070005.

Error: (04/01/2014 05:55:31 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine IEventSystem::Store.  hr = 0x80070005.

Error: (04/01/2014 05:55:28 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error RegOpenKeyExW(-2147483648,APPID\{56BE716B-2F76-4dfa-8702-67AE10044F0B},...).  hr = 0x80070005.

System errors:
=============
Error: (04/04/2014 11:59:11 AM) (Source: Service Control Manager) (User: )
Description: AFD
Avgdiska
AVGIDSDriver
Avgldx64
Avgtdia
DfsC
NetBIOS
netbt
nsiproxy
PSched
RasAcd
rdbss
Smb
spldr
tdx
Wanarpv6
ws2ifsl

Error: (04/04/2014 11:59:11 AM) (Source: Service Control Manager) (User: )
Description: Network List ServiceNetwork Location Awareness%%1068

Error: (04/04/2014 11:59:11 AM) (Source: Service Control Manager) (User: )
Description: Network Location AwarenessNetwork Store Interface Service%%1068

Error: (04/04/2014 11:59:11 AM) (Source: Service Control Manager) (User: )
Description: IP HelperNetwork Store Interface Service%%1068

Error: (04/04/2014 11:59:11 AM) (Source: Service Control Manager) (User: )
Description: AVGIDSAgentAVGIDSDriver%%31

Error: (04/04/2014 11:59:11 AM) (Source: Service Control Manager) (User: )
Description: WebClientWebDav Client Redirector Driver%%1068

Error: (04/04/2014 11:59:11 AM) (Source: Service Control Manager) (User: )
Description: SMB 2.0 MiniRedirectorSMB MiniRedirector Wrapper and Engine%%1068

Error: (04/04/2014 11:59:11 AM) (Source: Service Control Manager) (User: )
Description: SMB 1.x MiniRedirectorSMB MiniRedirector Wrapper and Engine%%1068

Error: (04/04/2014 11:59:11 AM) (Source: Service Control Manager) (User: )
Description: SMB MiniRedirector Wrapper and EngineRedirected Buffering Sub Sysytem%%31

Error: (04/04/2014 11:59:11 AM) (Source: Service Control Manager) (User: )
Description: WebDav Client Redirector DriverRedirected Buffering Sub Sysytem%%31

Microsoft Office Sessions:
=========================
Error: (04/04/2014 11:58:26 AM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"C:\Windows\System32\BCMLogon.dll

Error: (04/03/2014 02:41:59 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"C:\Windows\system32\BCMWLCPL.CPL

Error: (04/02/2014 03:37:24 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"C:\Windows\System32\BCMLogon.dll

Error: (04/01/2014 06:16:42 PM) (Source: SideBySide)(User: )
Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_1509f852f40ee5cd.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3.manifestC:\Program Files (x86)\Adobe\Acrobat 9.0\Designer 8.2\FormDesigner.exe

Error: (04/01/2014 06:10:22 PM) (Source: Application Hang)(User: )
Description: Explorer.EXE6.0.6002.1800556401cf4df5d1f2fb8715

Error: (04/01/2014 06:00:28 PM) (Source: SideBySide)(User: )
Description: Microsoft.VC80.MFC,processorArchitecture="amd64",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50727.762"C:\Windows\System32\BCMLogon.dll

Error: (04/01/2014 05:55:37 PM) (Source: VSS)(User: )
Description: RegOpenKeyExW(-2147483648,APPID\{56BE716B-2F76-4dfa-8702-67AE10044F0B},...)0x80070005

Error: (04/01/2014 05:55:37 PM) (Source: VSS)(User: )
Description: IEventSystem::Store0x80070005

Error: (04/01/2014 05:55:31 PM) (Source: VSS)(User: )
Description: IEventSystem::Store0x80070005

Error: (04/01/2014 05:55:28 PM) (Source: VSS)(User: )
Description: RegOpenKeyExW(-2147483648,APPID\{56BE716B-2F76-4dfa-8702-67AE10044F0B},...)0x80070005

CodeIntegrity Errors:
===================================
  Date: 2014-04-04 12:06:18.273
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-04 12:06:18.039
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-04 12:06:17.805
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-04 12:06:17.571
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-04 12:06:17.337
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-04 12:06:17.103
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-04 12:06:16.869
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-04 12:06:16.635
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mwac.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-04 12:06:16.198
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2014-04-04 12:06:15.979
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Percentage of memory in use: 18%
Total physical RAM: 4057.45 MB
Available physical RAM: 3293.2 MB
Total Pagefile: 8290.15 MB
Available Pagefile: 7677.27 MB
Total Virtual: 8192 MB
Available Virtual: 8191.84 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:198.76 GB) (Free:22.3 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (New Volume) (Fixed) (Total:89.52 GB) (Free:23.07 GB) NTFS
Drive e: (RECOVERY) (Fixed) (Total:9.77 GB) (Free:2.29 GB) NTFS
Drive g: () (Removable) (Total:3.65 GB) (Free:3.27 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 298 GB) (Disk ID: C147FFE0)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 4 GB) (Disk ID: C3072E18)

Partition: GPT Partition Type.

==================== End Of Log ============================



#5 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 07 April 2014 - 04:46 AM

Please post up C:\combofix.txt... :whistling:


Proud Member of UNITE & TB
 

#6 AlsoKnownAs

AlsoKnownAs

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 07 April 2014 - 12:04 PM

Hey There,

Thank You again for your help.

 

As it turns out, I think I actually did Not run Combofix. I only downloaded it and saved it.

I Think I ran Tweaking.com All in one windows fixer.

I have the CBS SUR for that.

I have 3 OTL files as well.

 

Should I put up what I have and let you decide what is of help...

 

Sorry for the extra complication...



#7 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 08 April 2014 - 08:23 AM

 

2014-03-31 10:38 - 2014-03-31 10:49 - 00000000 ___SD () C:\ComboFix
2014-03-31 10:38 - 2014-03-31 10:38 - 00000000 ____D () C:\Qoobox
2014-03-31 10:38 - 2011-06-26 02:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-03-31 10:38 - 2010-11-07 13:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-03-31 10:38 - 2009-04-20 00:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-03-31 10:38 - 2000-08-30 20:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-03-31 10:38 - 2000-08-30 20:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-03-31 10:38 - 2000-08-30 20:00 - 00098816 _____ () C:\Windows\sed.exe
2014-03-31 10:38 - 2000-08-30 20:00 - 00080412 _____ () C:\Windows\grep.exe
2014-03-31 10:38 - 2000-08-30 20:00 - 00068096 _____ () C:\Windows\zip.exe
2014-03-31 10:36 - 2014-03-31 10:38 - 00000000 ___SD () C:\32788R22FWJFW
2014-03-31 10:36 - 2014-03-31 10:36 - 00000000 ____D () C:\Windows\erdnt
2014-03-31 10:33 - 2014-03-31 10:36 - 05192353 ____R (Swearware) C:\Users\Human Bean\Downloads\ComboFix.exe

Combofix was run on this machine several days ago. Please post up C:\combofix.txt or tell me what happened when combofix was run...


Proud Member of UNITE & TB
 

#8 AlsoKnownAs

AlsoKnownAs

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 08 April 2014 - 01:14 PM

I'm sorry sir. I know I'm a Dolt.

 

I downloaded the program but I didn't think I had ran it.

I just performed a windows search for "combofix.txt" and do not find it.

Perhaps I deleted it.

 

There is a 'Combofix icon' in my C folder in windows explorer tree. It contains a 65mb file of another index of my explorer tree for 'my computer'... But no "combofix.txt"

 

Should I run the program again?

 

 



#9 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 09 April 2014 - 02:50 AM

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe


When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.


Proud Member of UNITE & TB
 

#10 AlsoKnownAs

AlsoKnownAs

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 09 April 2014 - 08:21 AM

Hi,

Thank You.

Here is the combofix.txt from today.

 

 

ComboFix 14-04-09.02 - Human Bean 04/09/2014   9:02.2.2 - x64
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.4057.2531 [GMT -4:00]
Running from: c:\users\Human Bean\Desktop\ComboFix.exe
AV: AVG AntiVirus 2014 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG AntiVirus 2014 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
.
.
(((((((((((((((((((((((((   Files Created from 2014-03-09 to 2014-04-09  )))))))))))))))))))))))))))))))
.
.
2014-04-09 13:19 . 2014-04-09 13:19    --------    d-----w-    c:\users\Human Bean\AppData\Local\temp
2014-04-09 13:19 . 2014-04-09 13:19    --------    d-----w-    c:\users\Guest\AppData\Local\temp
2014-04-09 13:19 . 2014-04-09 13:19    --------    d-----w-    c:\users\Default\AppData\Local\temp
2014-04-04 16:04 . 2014-04-04 16:09    --------    d-----w-    C:\FRST
2014-04-01 22:00 . 2014-04-04 16:12    --------    d-----w-    c:\windows\system32\catroot2
2014-04-01 21:43 . 2014-04-09 12:51    --------    d-----w-    c:\windows\system32\wbem\repository
2014-04-01 21:42 . 2014-04-01 21:42    --------    d-----w-    c:\windows\SysWow64\wbem\Performance
2014-04-01 21:15 . 2014-04-01 21:57    181064    ----a-w-    c:\windows\PSEXESVC.EXE
2014-04-01 21:04 . 2014-04-01 21:04    --------    d-----w-    C:\RegBackup
2014-04-01 19:20 . 2014-04-01 19:20    --------    d-----w-    c:\program files\7-Zip
2014-04-01 17:24 . 2014-04-01 17:24    --------    d-----w-    c:\program files (x86)\Tweaking.com
2014-03-31 20:42 . 2014-03-31 20:42    --------    d-----w-    c:\windows\en
2014-03-31 20:40 . 2014-03-31 20:40    --------    d-----w-    c:\program files (x86)\Microsoft SQL Server Compact Edition
2014-03-31 20:39 . 2014-03-31 20:42    --------    d-----w-    c:\program files (x86)\Windows Live
2014-03-31 20:38 . 2014-03-31 20:38    --------    d-----w-    c:\windows\PCHEALTH
2014-03-31 20:38 . 2014-03-31 20:39    --------    d-----w-    c:\program files\Windows Live
2014-03-31 19:49 . 2014-04-01 03:20    --------    d-----w-    c:\users\Human Bean\AppData\Local\Windows Live
2014-03-31 19:49 . 2014-03-31 19:49    --------    d-----w-    c:\program files (x86)\Common Files\Windows Live
2014-03-31 19:48 . 2009-08-04 08:12    1103872    ----a-w-    c:\windows\system32\webservices.dll
2014-03-31 19:48 . 2009-08-04 08:02    754688    ----a-w-    c:\windows\SysWow64\webservices.dll
2014-03-31 19:39 . 2014-03-31 19:39    --------    d-----w-    c:\windows\Migration
2014-03-31 19:36 . 2006-11-02 12:22    525792    ----a-w-    c:\windows\system32\difxapi.dll
2014-03-31 17:49 . 2014-03-31 17:49    --------    d-----w-    c:\users\Human Bean\AppData\Local\Microsoft Corporation
2014-03-31 16:36 . 2009-07-14 12:19    20480    ----a-w-    c:\windows\system32\winusb.dll
2014-03-31 16:36 . 2012-07-26 02:26    87040    ----a-w-    c:\windows\system32\drivers\WUDFPf.sys
2014-03-31 16:36 . 2012-07-26 02:26    198656    ----a-w-    c:\windows\system32\drivers\WUDFRd.sys
2014-03-31 16:36 . 2009-07-14 12:12    16896    ----a-w-    c:\windows\SysWow64\winusb.dll
2014-03-31 16:36 . 2012-07-26 03:08    84992    ----a-w-    c:\windows\system32\WUDFSvc.dll
2014-03-31 16:36 . 2012-07-26 03:08    194048    ----a-w-    c:\windows\system32\WUDFPlatform.dll
2014-03-31 16:36 . 2012-07-26 04:47    2560    ----a-w-    c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2014-03-31 16:36 . 2012-07-26 03:08    229888    ----a-w-    c:\windows\system32\WUDFHost.exe
2014-03-31 16:36 . 2012-07-26 03:08    744448    ----a-w-    c:\windows\system32\WUDFx.dll
2014-03-31 16:36 . 2012-07-26 03:08    45056    ----a-w-    c:\windows\system32\WUDFCoinstaller.dll
2014-03-31 16:35 . 2012-03-01 11:01    2409784    ----a-w-    c:\program files (x86)\Windows Mail\OESpamFilter.dat
2014-03-31 16:35 . 2012-03-01 11:01    2409784    ----a-w-    c:\program files\Windows Mail\OESpamFilter.dat
2014-03-31 16:35 . 2013-04-17 13:04    30720    ----a-w-    c:\windows\system32\cryptdlg.dll
2014-03-31 16:35 . 2013-04-17 12:30    24576    ----a-w-    c:\windows\SysWow64\cryptdlg.dll
2014-03-31 16:34 . 2012-11-22 04:22    456192    ----a-w-    c:\windows\system32\shlwapi.dll
2014-03-31 14:00 . 2014-03-31 14:00    --------    d-----w-    c:\program files\Windows Journal
2014-03-31 14:00 . 2014-03-31 14:00    --------    d-----w-    C:\inetpub
2014-03-31 13:15 . 2014-03-31 13:15    --------    d-----w-    c:\users\Default\AppData\Roaming\TuneUp Software
2014-03-31 12:58 . 2008-10-27 14:04    518480    ----a-w-    c:\windows\system32\XAudio2_3.dll
2014-03-31 12:57 . 2005-07-22 23:59    3807440    ----a-w-    c:\windows\system32\d3dx9_27.dll
2014-03-31 12:57 . 2005-05-26 19:34    3767504    ----a-w-    c:\windows\system32\d3dx9_26.dll
2014-03-31 12:57 . 2005-05-26 19:34    2297552    ----a-w-    c:\windows\SysWow64\d3dx9_26.dll
2014-03-31 12:57 . 2005-03-18 21:19    3823312    ----a-w-    c:\windows\system32\d3dx9_25.dll
2014-03-31 12:57 . 2005-02-05 23:45    3544272    ----a-w-    c:\windows\system32\d3dx9_24.dll
2014-03-30 21:41 . 2014-03-30 21:41    71048    ----a-w-    c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-03-30 21:41 . 2014-03-30 21:41    692616    ----a-w-    c:\windows\SysWow64\FlashPlayerApp.exe
2014-03-30 18:08 . 2014-03-30 18:08    --------    d-----w-    c:\users\Human Bean\AppData\Roaming\AVG2014
2014-03-30 18:06 . 2014-03-30 18:06    --------    d-----w-    c:\users\Human Bean\AppData\Roaming\TuneUp Software
2014-03-30 18:04 . 2014-03-30 18:07    --------    d-----w-    c:\programdata\AVG2014
2014-03-30 18:04 . 2014-03-30 18:04    --------    d-----w-    C:\$AVG
2014-03-30 17:56 . 2014-03-30 21:44    --------    d-----w-    c:\users\Human Bean\AppData\Local\Avg2014
2014-03-30 17:56 . 2014-03-30 17:56    --------    d-----w-    c:\users\Human Bean\AppData\Local\MFAData
2014-03-30 17:44 . 2014-03-30 17:44    --------    d-s---w-    c:\windows\SysWow64\Microsoft
2014-03-30 17:01 . 2014-03-30 17:03    --------    d-----w-    C:\AdwCleaner
2014-03-29 06:29 . 2014-03-07 04:43    10521840    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{78B12A7B-FCA3-4FDC-90D4-45907109CF2C}\mpengine.dll
2014-03-29 02:51 . 2014-03-29 02:51    --------    d-----w-    c:\users\Human Bean\AppData\Local\Macromedia
2014-03-27 21:23 . 2014-03-27 21:25    --------    d-----w-    c:\windows\system32\MRT
2014-03-27 21:13 . 2012-02-29 15:37    5632    ----a-w-    c:\windows\system32\wmi.dll
2014-03-27 21:13 . 2012-02-29 15:11    5120    ----a-w-    c:\windows\SysWow64\wmi.dll
2014-03-27 21:13 . 2012-02-29 13:52    16384    ----a-w-    c:\windows\system32\drivers\fs_rec.sys
2014-03-27 20:59 . 2011-11-16 16:43    442368    ----a-w-    c:\windows\system32\winhttp.dll
2014-03-27 20:59 . 2011-11-16 16:23    377344    ----a-w-    c:\windows\SysWow64\winhttp.dll
2014-03-27 20:59 . 2014-01-30 10:12    1111040    ----a-w-    c:\windows\system32\wer.dll
2014-03-27 20:59 . 2014-01-30 07:46    876032    ----a-w-    c:\windows\SysWow64\wer.dll
2014-03-27 20:59 . 2013-12-05 04:48    1869824    ----a-w-    c:\windows\system32\msxml3.dll
2014-03-27 20:59 . 2013-12-05 02:12    1248768    ----a-w-    c:\windows\SysWow64\msxml3.dll
2014-03-27 20:59 . 2013-08-01 04:10    901568    ----a-w-    c:\windows\system32\drivers\dxgkrnl.sys
2014-03-27 20:59 . 2013-08-01 03:37    47104    ----a-w-    c:\windows\system32\cdd.dll
2014-03-27 20:59 . 2013-06-15 13:27    20480    ----a-w-    c:\windows\system32\icaapi.dll
2014-03-27 20:59 . 2013-06-15 11:38    29184    ----a-w-    c:\windows\system32\drivers\tssecsrv.sys
2014-03-27 20:59 . 2013-04-24 02:10    1078272    ----a-w-    c:\windows\system32\certutil.exe
2014-03-27 20:59 . 2013-04-24 01:46    812544    ----a-w-    c:\windows\SysWow64\certutil.exe
2014-03-27 20:57 . 2011-10-14 17:31    211968    ----a-w-    c:\windows\system32\winmm.dll
2014-03-27 20:57 . 2011-10-14 17:27    28672    ----a-w-    c:\windows\system32\mciwave.dll
2014-03-27 20:57 . 2011-10-14 17:27    28160    ----a-w-    c:\windows\system32\mciseq.dll
2014-03-27 20:57 . 2011-10-14 17:27    48128    ----a-w-    c:\windows\system32\mcicda.dll
2014-03-27 20:57 . 2011-10-14 16:03    189952    ----a-w-    c:\windows\SysWow64\winmm.dll
2014-03-27 20:57 . 2011-10-14 16:00    23552    ----a-w-    c:\windows\SysWow64\mciseq.dll
2014-03-27 20:54 . 2013-10-11 04:27    144384    ----a-w-    c:\windows\system32\wshom.ocx
2014-03-27 20:53 . 2012-05-11 16:34    788480    ----a-w-    c:\windows\system32\localspl.dll
2014-03-27 20:53 . 2012-05-11 15:57    623616    ----a-w-    c:\windows\SysWow64\localspl.dll
2014-03-27 20:53 . 2013-06-26 23:00    9728    ----a-w-    c:\windows\system32\Wdfres.dll
2014-03-27 20:53 . 2013-06-26 23:00    54376    ----a-w-    c:\windows\system32\drivers\WdfLdr.sys
2014-03-27 20:53 . 2013-06-26 23:00    785624    ----a-w-    c:\windows\system32\drivers\Wdf01000.sys
2014-03-27 20:53 . 2012-06-29 16:20    648192    ----a-w-    c:\windows\system32\netapi32.dll
2014-03-27 20:53 . 2013-03-08 04:18    451072    ----a-w-    c:\windows\system32\winsrv.dll
2014-03-27 20:39 . 2013-10-30 04:34    374784    ----a-w-    c:\windows\system32\SysFxUI.dll
2014-03-27 20:39 . 2013-10-30 03:55    122368    ----a-w-    c:\windows\system32\drivers\drmk.sys
2014-03-27 20:39 . 2013-10-30 02:33    218112    ----a-w-    c:\windows\system32\drivers\portcls.sys
2014-03-27 20:38 . 2011-11-18 18:07    76800    ----a-w-    c:\windows\system32\packager.dll
2014-03-27 20:38 . 2011-11-18 17:47    66560    ----a-w-    c:\windows\SysWow64\packager.dll
2014-03-27 20:38 . 2013-06-29 02:25    274944    ----a-w-    c:\windows\system32\drivers\usbhub.sys
2014-03-27 20:38 . 2013-06-29 02:25    95744    ----a-w-    c:\windows\system32\drivers\usbccgp.sys
2014-03-27 20:38 . 2013-06-29 02:25    259584    ----a-w-    c:\windows\system32\drivers\usbport.sys
2014-03-27 20:38 . 2013-06-29 02:25    7552    ----a-w-    c:\windows\system32\drivers\usbd.sys
2014-03-27 20:38 . 2011-05-05 14:17    49664    ----a-w-    c:\windows\system32\drivers\usbehci.sys
2014-03-27 20:38 . 2011-05-05 14:17    29184    ----a-w-    c:\windows\system32\drivers\usbuhci.sys
2014-03-27 20:38 . 2012-03-20 23:34    72576    ----a-w-    c:\windows\system32\drivers\partmgr.sys
2014-03-27 20:38 . 2013-03-08 04:17    2425344    ----a-w-    c:\windows\system32\mstscax.dll
2014-03-27 20:38 . 2013-03-08 03:52    2067968    ----a-w-    c:\windows\SysWow64\mstscax.dll
2014-03-27 20:35 . 2013-05-02 04:16    686080    ----a-w-    c:\windows\system32\win32spl.dll
2014-03-27 20:35 . 2013-05-02 04:04    443904    ----a-w-    c:\windows\SysWow64\win32spl.dll
2014-03-27 20:35 . 2013-05-02 04:03    37376    ----a-w-    c:\windows\SysWow64\printcom.dll
2014-03-27 20:33 . 2014-02-07 12:11    2776064    ----a-w-    c:\windows\system32\win32k.sys
2014-03-27 20:27 . 2012-06-08 17:59    12899840    ----a-w-    c:\windows\system32\shell32.dll
2014-03-27 20:22 . 2012-11-02 10:45    477696    ----a-w-    c:\windows\system32\dpnet.dll
2014-03-27 20:22 . 2012-11-02 10:45    68096    ----a-w-    c:\windows\system32\dpnathlp.dll
2014-03-27 20:22 . 2012-11-02 10:18    376320    ----a-w-    c:\windows\SysWow64\dpnet.dll
2014-03-27 20:22 . 2012-11-02 08:59    26112    ----a-w-    c:\windows\system32\dpnsvr.exe
2014-03-27 20:22 . 2012-11-02 08:26    23040    ----a-w-    c:\windows\SysWow64\dpnsvr.exe
2014-03-27 20:10 . 2012-01-09 16:16    708096    ----a-w-    c:\windows\system32\rdpencom.dll
2014-03-27 20:10 . 2012-01-09 15:54    613376    ----a-w-    c:\windows\SysWow64\rdpencom.dll
2014-03-27 18:49 . 2012-06-02 22:19    57880    ----a-w-    c:\windows\system32\wuauclt.exe
2014-03-27 18:49 . 2012-06-02 22:19    44056    ----a-w-    c:\windows\system32\wups2.dll
2014-03-27 18:49 . 2012-06-02 22:19    2428952    ----a-w-    c:\windows\system32\wuaueng.dll
2014-03-27 18:49 . 2012-06-02 22:15    2622464    ----a-w-    c:\windows\system32\wucltux.dll
2014-03-27 18:05 . 2012-06-02 22:19    38424    ----a-w-    c:\windows\system32\wups.dll
2014-03-27 18:05 . 2012-06-02 22:19    701976    ----a-w-    c:\windows\system32\wuapi.dll
2014-03-27 18:05 . 2012-06-02 22:19    577048    ----a-w-    c:\windows\SysWow64\wuapi.dll
2014-03-27 18:05 . 2012-06-02 22:15    99840    ----a-w-    c:\windows\system32\wudriver.dll
2014-03-27 18:05 . 2012-06-02 22:12    88576    ----a-w-    c:\windows\SysWow64\wudriver.dll
2014-03-27 18:05 . 2012-06-02 22:19    35864    ----a-w-    c:\windows\SysWow64\wups.dll
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-03-31 20:38 . 2011-03-28 22:36    22240    ----a-w-    c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-03-02 18:05 . 2006-11-02 12:35    90015360    ----a-w-    c:\windows\system32\mrt.exe
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"RoboForm"="c:\program files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2013-01-16 160592]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
"SSBkgdUpdate"="c:\program files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2009-09-05 417792]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2013-05-08 44128]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2013-05-08 642664]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-05-31 152392]
"AVG_UI"="c:\program files (x86)\AVG\AVG2014\avgui.exe" [2014-03-20 4971024]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2008-9-24 1295656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_d14bcbef\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_d14bcbef\AESTSr64.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs    REG_MULTI_SZ       w3svc was
apphost    REG_MULTI_SZ       apphostsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
Themes
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{B2C3BB6B-E005-4246-B8E5-DF0A4D073CDC}]
2008-06-18 19:04    8192    ----a-w-    c:\program files (x86)\PixiePack Codec Pack\InstallerHelper.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-04-08 c:\windows\Tasks\Google Software Updater.job
- c:\program files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-09 02:00]
.
2014-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-09-09 03:14]
.
2014-04-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-09-09 03:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 242192]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1840720]
"WrtMon.exe"="c:\windows\system32\spool\drivers\x64\3\WrtMon.exe" [2006-09-20 20480]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-04-05 384296]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://my.myway.com/
mDefault_Page_URL = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk&channel=us&ibd=5081219
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*http://www.yahoo.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Human Bean\AppData\Roaming\Mozilla\Firefox\Profiles\wbcsun6x.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://my.myway.com/
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=937811&ilc=12&p=
FF - prefs.js: network.proxy.type - 2
FF - ExtSQL: !HIDDEN! 2011-11-23 03:26; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
------- File Associations -------
.
JSEFile=c:\windows\SysWOW64\WScript.exe "%1" %*
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-Akamai NetSession Interface - c:\users\Human Bean\AppData\Local\Akamai\netsession_win.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
HKLM-Run-SysTrayApp - c:\program files (x86)\IDT\WDM\sttray64.exe
AddRemove-8461-7759-5462-8226 - c:\program files (x86)\Vuze\uninstall.exe
AddRemove-{1a413f37-ed88-4fec-9666-5c48dc4b7bb7} - c:\program files (x86)\GreenTree Applications\YTD Video Downloader\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
   00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
Completion time: 2014-04-09  09:25:52
ComboFix-quarantined-files.txt  2014-04-09 13:25
.
Pre-Run: 26,812,993,536 bytes free
Post-Run: 26,879,737,856 bytes free
.
- - End Of File - - 0E42B3F5F0D6A632E0CFF9421D1E6E5A
 


    Advertisements

Register to Remove


#11 AlsoKnownAs

AlsoKnownAs

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 09 April 2014 - 09:16 AM

Ummm, Hey Marius,

Could I ask an ancillary question...

 

What precautions should I take, now that I have posted the amount of sensitive data about my computer, in a public forum...

 

Thank You Very Much for your Help.

AKA



#12 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 10 April 2014 - 04:15 AM

Nobody could harm you with these informations.

 

 

Full System Scan with Malwarebytes Antimalware

  • If not existing, please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:

    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

  • Click Finish.


If the program is already installed:
  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.


  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.

 

 

 

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click Scan
  • Wait for the scan to finish
  • If any threats were found, click the 'List of found threats' , then click Export to text file....
  • Save it to your desktop, then please copy and paste that log as a reply to this topic.


Proud Member of UNITE & TB
 

#13 AlsoKnownAs

AlsoKnownAs

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 10 April 2014 - 11:29 AM

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 4/10/2014
Scan Time: 10:00:27 AM
Logfile: MBAM 4-10.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.04.10.04
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows Vista Service Pack 2
CPU: x64
File System: NTFS
User: Human Bean

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 322989
Time Elapsed: 38 min, 23 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 3
PUP.Optional.OpenCandy, C:\Users\Human Bean\Desktop\Top Level File\Vista Software\winzip155.exe, Quarantined, [58a81ee2946c12eef26e53ecd034718f],
PUP.Optional.Spigot.A, C:\Users\Human Bean\Desktop\Top Level File\Vista Software\YTDSetup.exe, Quarantined, [a45c80802cd4926eadcd70b69e62936d],
PUP.Optional.Spigot.A, C:\Users\Human Bean\Desktop\Top Level File\Vista Software\Green Tree software You Tube Downloader\YTDSetup.exe, Quarantined, [d03012ee12ee26da354567bf748cbf41],

Physical Sectors: 0
(No malicious items detected)


(end)

 

 

------------------------------------------------------------------------------

ESET 4-10;

 

C:\Users\Human Bean\Desktop\Top Level File\Vista Software\Setup_Freemp3Converter.exe    Win32/Toolbar.Widgi potentially unwanted application
 

 

 

-------------------------------------------------------------------------------



#14 ----------------

----------------

    SuperMember

  • Authentic Member
  • PipPipPipPipPip
  • 1,095 posts

Posted 11 April 2014 - 07:45 AM

Then we can do the cleanup - if you are facing any issues, report that immediately.

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[S1].txt also


SecurityCheck

Please download SecurityCheck: LINK1 LINK2

  • Save it to your desktop, start it and follow the instructions in the window.
  • After the scan finished the (checkup.txt) will open. Copy its content to your thread.


Proud Member of UNITE & TB
 

#15 AlsoKnownAs

AlsoKnownAs

    Authentic Member

  • Authentic Member
  • PipPip
  • 22 posts

Posted 11 April 2014 - 04:47 PM

Marius,

Thank You

 

The documents from the scans...

 

# AdwCleaner v3.023 - Report created 11/04/2014 at 12:47:46
# Updated 01/04/2014 by Xplode
# Operating System : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# Username : Human Bean - HUMANBEAN-PC
# Running from : C:\Users\Human Bean\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16545


-\\ Mozilla Firefox v28.0 (en-US)

[ File : C:\Users\Human Bean\AppData\Roaming\Mozilla\Firefox\Profiles\wbcsun6x.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\Human Bean\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2710 octets] - [30/03/2014 13:01:24]
AdwCleaner[R1].txt - [1116 octets] - [11/04/2014 12:44:27]
AdwCleaner[S0].txt - [2563 octets] - [30/03/2014 13:03:24]
AdwCleaner[S1].txt - [1040 octets] - [11/04/2014 12:47:46]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1100 octets] ##########
 

 

----------------------------------------------------------------------------

 

 Results of screen317's Security Check version 0.99.81  
 Windows Vista Service Pack 2 x64 (UAC is enabled)  
 Internet Explorer 9  
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
AVG AntiVirus 2014   
 Antivirus out of date!  
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Flash Player     12.0.0.77  
 Adobe Reader 9 Adobe Reader out of Date!
 Mozilla Firefox (28.0)
````````Process Check: objlist.exe by Laurent````````  
 AVG avgwdsvc.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
 

 

------------------------------------------------------------------------------------------


Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users