Jump to content

Build Theme!
  •  
  • Infected?

WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. :D Join 92790 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!


Photo

wife's attempt to install things [Closed]


  • This topic is locked This topic is locked
17 replies to this topic

#1 shucky

shucky

    Authentic Member

  • Authentic Member
  • PipPip
  • 75 posts

Posted 12 September 2014 - 04:52 PM

Hi all

After the wife attempted to install who knows what I have had nothing but popup after popup with this machine, I have downloaded and ran MBAM please find the log attached. Edit reason tried to upload HJT report ( error you aren't permitted to upload this kind of file.)

cheers for the help.

Please note I can not get the HJT report to paste.

 

 

 

Attached Files


Edited by shucky, 12 September 2014 - 05:09 PM.

    Advertisements

Register to Remove


#2 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 12 September 2014 - 08:15 PM

Hi shucky,

My name is OCD. I would be more than happy to take a look at your log and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • I will be working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • Please continue to review my answers until I tell you your machine appears to be clear. Absence of symptoms does not mean that everything is clear.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • Copy and Paste logs directly into the reply window. DO NOT attach the logs unless specifically instructed to do so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.

DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your Operating System and losing all your programs and data.

Please stay with this topic until I let you know that your system appears to be "All Clear"

Important: All tools MUST be run from the Desktop.

=========================

The logs that will be produced should be saved in Notepad.

To access Notepad:
Start >> Programs >> Accessories >> Notepad

bullseye_zpse9eaf36e.gif Be Sure to Remove Word Wrap in Notepad

  • Click the Windows “Start” button.
  • Enter “Notepad” into the search box and double-click the application from the list of search results that appears. The Notepad application opens.
  • Click “Format” from the main menu in Notepad to display the formatting drop-down menu. You will see a check mark next to the words “Word Wrap,” which indicates that the Word Wrap feature is currently inserting line endings into your Notepad files.
  • Click “Word Wrap” to remove line endings. The check mark that used to appear next to “Word Wrap” disappears, indicating that you have successfully disabled this feature and removed all line endings from your document.

=========================

bullseye_zpse9eaf36e.gif Security Check

Download Security Check by screen317 from here or here.

  • Save it to your Desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

=========================

bullseye_zpse9eaf36e.gif aswMBR

Download aswMBR.exe and save it to your desktop.

    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • When asked if you want to download Avast's virus definitions please select Yes.
  • Click Scan
  • Upon completion of the scan, click Save log and save it to your desktop, and post that log in your next reply for review. Note - do NOT attempt any Fix yet.
  • You will also notice another file created on the desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) file. Attach that zipped file in your next reply as well.

=========================

bullseye_zpse9eaf36e.gif Download Farbar Recovery Scan Tool and save to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click and select "Run as Administrator" to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply

=========================

In your next post please provide the following:

  • checkup.txt
  • aswMBR.txt
  • attach MBR.zip
  • FRST.txt
  • Addition.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#3 shucky

shucky

    Authentic Member

  • Authentic Member
  • PipPip
  • 75 posts

Posted 12 September 2014 - 11:35 PM

Hi OCD

Please find attached the Addition log, I for some reason can not paste things into the thread.( word wrap if off, I have tried a couple different ways and no luck pasting.

aswMBR will not install I used the 64 bit version which is what my system is.

 

C:\user\users\downloads\aswMBR.exe is not a valid win32 application.?

Due to issues of pasting the log reports I have attached the files, I know you would like to have it all pasted but as I say I'm niot able to paste for some unknown reason.

cheers for the quick response too.

 

 

Attached Files



#4 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 13 September 2014 - 01:12 AM

Hi shucky,

If you run into problems being able to paste logs into the reply window, please click the toggle switch in the menu and retry. The menu will be greyed out when you can paste into the window.

WTTtoggleswitch_zpsd2b76942.gif

=========================

bullseye_zpse9eaf36e.gif Malwarebytes Anti-Rootkit
  • Download Malwarebytes Anti-Rootkit
  • Once the file has been downloaded, right click on the downloaded file and select the Extract all menu option.
  • Follow the instructions to extract the ZIP file to a folder called mbar-versionnumber on your desktop.
  • Once the ZIP file has been extracted, open the folder and when that folder opens, double-click on the mbar folder.
  • Double-click on the mbar.exe file to launch Malwarebytes Anti-Rootkit.
  • After you double-click on the mbar.exe file, you may receive a User Account Control (UAC) message if you are sure you wish to allow the program to run. Please allow to start Malwarebytes Anti-Rootkit correctly.
  • Malwarebytes Anti-Rootkit will now install necessary drivers that are required for the program to operate correctly.
  • If you receive a DDA driver message like could not load DDA driver, click on the Yes button and Malwarebytes Anti-Rootkit will now restart your computer and will start automatically.
MBAMAnti-Rootkit1_zps4613be8c.png
  • Please click by the introduction screen on the Next button to continue.
MBAMAnti-Rootkit2update_zpsf85fca28.png
  • Next you will see the Update Database screen.
  • Click on the Update button so Malwarebytes Anti-Rootkit can download the latest definition updates.
MBAMAnti-Rootkitupdatecomplete_zpscf9f4c
  • When the update has finished, click on the Next button.
MBAMAnti-Rootkitscan_zps9b346fe7.png
  • Next you can select some basic scanning options. Make sure the Drivers, Sectors, and System scan targets are selected before you click on the Scan button.
  • Malwarebytes Anti-Rootkit will now start scanning your computer for rootkits. This scan can take some time, so please be patient.
MBAMAnti-Rootkitscan-results_zps9f0fdf8e
  • When the scan with Malwarebytes Anti-Rootkit is finished, the program will display a screen with the results from the scan.
  • Make sure everything is selected and that the option to create a restore point is checked.
  • Next click on the Cleanup button. Malwarebytes Anti-Rootkit will then prompt you to reboot your computer.
  • Click on Yes button to restart your computer.
  • There will now be two log files created in the mbar folder called system-log.txt and one that starts with mbar-log.
  • The mbar-log file will always start with mbar-log, but the rest will be named using a timestamp indicating the time it was run.
    • For example, mbar-log-2012-11-12 (19-13-32).txt corresponds to mbar-log-year-month-day (hour-minute-second).txt.
  • The system-log.txt contains information about each time you have run MBAR and contains diagnostic information from the program.
=========================

bullseye_zpse9eaf36e.gif P2P - (Peer to Peer)

I see you have/had P2P software uTorrent installed on your machine. We are not here to pass judgment on file-sharing as a concept. However, we will warn you that engaging in this activity and having this kind of software installed on your machine will always make you more susceptible to re-infections and possibly Identity Theft. It likely contributed to your current situation. This page will give you further information.

Please note: Even if you are using a "safe" P2P program, it is only the program that is safe. You will be sharing files from uncertified sources, and these are often infected. The bad guys use P2P filesharing as a major conduit to spread their wares.

I would strongly recommend that you uninstall this now.

Click Start > Control Panel > Programs and Features. Locate and select the following that are present on the list and click the Remove button:
  • uTorrent
If you choose to not remove this programs please refrain from using it until we have finished cleaning your computer.

=========================

bullseye_zpse9eaf36e.gif FRST Fix Script

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt



Start
() C:\Program Files (x86)\CDC27E14-F7CE-431E-BBE0-76C7592FBEF6\etmajyzoqm64.exe
() C:\Program Files\005\cyycfhtzro64.exe
HKLM-x32\...\Run: [AnyProtect Scanner] => "C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe"
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fR3s5PAVMZpZbM61lWNTdgwQHuH_g0MJzNViGvhp0axsA_cgYOo1ebU32vS_LTIPiu5zep-GMNnHl7Pa6WmVEtfYO9Snbd5p5qvBkfRZbesLXTbOQ_zit1k2k7RCxEaTKT8qMqgGqzhMUzP-RIteoSRQmvgSLS8attFU3JHk&q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fR3s5PAVMZpZbM61lWNTdgwQHuH_g0MJzNViGvhp0axsA_cgYOo1ebU32vS_LTIPiu5zep-GMNnHl7Pa6WmVEtfYO9Snbd5p5qvBkfRZbesLXTbOQ_zit1k2k7RCxEaTKT8qMqgGqzhMUzP-RIteoSRQmvgSLS8attFU3JHk&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts=1409620504&from=cor&uid=TOSHIBAXMQ01ABD100_33N6PJEBTXX33N6PJEBT&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts=1409620504&from=cor&uid=TOSHIBAXMQ01ABD100_33N6PJEBTXX33N6PJEBT&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-page.com/web/?type=ds&ts=1409620504&from=cor&uid=TOSHIBAXMQ01ABD100_33N6PJEBTXX33N6PJEBT&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-page.com/web/?type=ds&ts=1409620504&from=cor&uid=TOSHIBAXMQ01ABD100_33N6PJEBTXX33N6PJEBT&q={searchTerms}
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = 
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fR3s5PAVMZpZbM61lWNTdgwQHuH_g0MJzNViGvhp0axsA_cgYOo1ebU32vS_LTIPiu5zep-GMNnHl7Pa6WmVEtfYO9Snbd5p5qvBkfRZbesLXTbOQ_zit1k2k7RCxEaTKT8qMqgGqzhMUzP-RIteoSRQmvgSLS8attFU3JHj&q={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.com/?p=mKO_AwFzXIpYRbPAMW02fR3s5PAVMZpZbM61lWNTdgwQHuH_g0MJzNViGvhp0axsA_cgYOo1ebU32vS_LTIPiu5zep-GMNnHl7Pa6WmVEtfYO9Snbd5p5qvBkfRZbesLXTbOQ_zit1k2k7RCxEaTKT8qMqgGqzhMUzP-RIteoSRQmvgSLS8attFU3JHk&q={searchTerms}
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} -  No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
Toolbar: HKCU - No Name - {4F524A2D-5350-4500-76A7-7A786E7484D7} -  No File
R2 AllDaySavingsService64; C:\Program Files (x86)\CDC27E14-F7CE-431E-BBE0-76C7592FBEF6\etmajyzoqm64.exe [172544 2014-08-01] () [File not signed]
R2 cyycfhtzro64; C:\Program Files\005\cyycfhtzro64.exe [709120 2014-09-02] () [File not signed]
2014-09-02 10:33 - 2014-09-11 19:43 - 00000000 ____D () C:\Program Files\AllDaySavings
Task: {2FA1357F-F40B-416F-A887-C27AF7C6E6B5} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {34EC50A6-64ED-419C-81CD-E3D9472451F6} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {A4214BCE-60A2-40B7-8FE3-496FC3BC03B6} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {ADD2AA23-E2F5-4990-AA5F-362A6CA7D495} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
EmptyTemp:
End
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

=========================

bullseye_zpse9eaf36e.gif AdwCleaner v3: Scan & Clean
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • Click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a log file report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that log file in your next reply.
  • A copy of that log file will also be saved in the C:\AdwCleaner folder.
=========================

bullseye_zpse9eaf36e.gif Junkware Removal Tool

Download Junkware Removal Tool to your desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Shut down your protection software now to avoid potential conflicts.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
=========================

bullseye_zpse9eaf36e.gif Re-run Farbar Recovery Scan Tool it should be on your desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • =========================

    In your next post please provide the following:
    • system-log.txt
    • mbar-log (year-month-day / hour-minute-second).txt
    • Fixlog.txt
    • AdwCleaner[s].txt
    • JRT.txt
    • FRST.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#5 shucky

shucky

    Authentic Member

  • Authentic Member
  • PipPip
  • 75 posts

Posted 13 September 2014 - 03:42 PM

Hi OCD

I am receiving a error when trying to download the malwarebytes anti root kit the error is saying ( the signature of this program is corrupt or invalid) I'm getting this error from both the link you have provided and right from MBAM's website as well? I'll pass it for now and go to the next step you're asking for.



#6 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 13 September 2014 - 07:53 PM

Hi shucky,

Try this Rootkit Scanner instead.

bullseye_zpse9eaf36e.gif GMER Rootkit Scanner

Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

Right-click gmer.exe. select "Run as Administrator" The program will begin to run.

GMER_Open.JPG

**Caution** These types of scans can produce false positives. Do NOT take any action on any "<--- ROOKIT" entries unless advised!

If possible rootkit activity is found, you will be asked if you would like to perform a full scan.
  • Click NO
  • In the right panel, you will see a bunch of boxes that have been checked ... leave everything checked and ensure the Show all box is un-checked.
  • Now click the Scan button.
    Once the scan is complete, you may receive another notice about rootkit activity.
  • Click OK.
  • GMER will produce a log. Click on the [Save..] button, and in the File name area, type in "GMER.txt"
  • Save it where you can easily find it, such as your desktop.
=========================

In your next post please provide the following:
  • GMER.txt
  • Other logs previously requested

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#7 shucky

shucky

    Authentic Member

  • Authentic Member
  • PipPip
  • 75 posts

Posted 14 September 2014 - 12:56 AM

Hi OCD
I'm hoping I've gotten what you're looking for here, I'm not real sure what you're talking about ( system-log.txt)? I've
pasted everything else from FRST, Adwcleaner, GMER, AND MBAM.
Cheers for the help and sorry for my late responces. Also I have just noticed I have gotten the trial version of MBAM and not the free one from what I see the trial version is not offering a clean up option. shall I uninstall it and find the free version?
GMER 2.1.19357 - http://www.gmer.net
Rootkit scan 2014-09-14 16:07:47
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000006e ATA_____ rev.1A__ 931.51GB
Running: GMER.exe; Driver: C:\Users\user\AppData\Local\Temp\uglyipod.sys


---- Threads - GMER 2.1 ----

Thread C:\Windows\System32\svchost.exe [6296:4896] 000007feeecb9688

---- EOF - GMER 2.1 ----

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 14/09/2014
Scan Time: 3:54:44 PM
Logfile:
Administrator: Yes

Version: 2.00.2.1012
Malware Database: v2014.09.14.03
Rootkit Database: v2014.09.13.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: user

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 310076
Time Elapsed: 7 min, 50 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 19
PUP.Optional.ArcadeGiant.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{4FD3B33A-372C-439E-BB87-017365EC693C}, , [8cffd6173a413ff71b829ce7be44966a],
PUP.Optional.ArcadeGiant.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{4FD3B33A-372C-439E-BB87-017365EC693C}, , [8cffd6173a413ff71b829ce7be44966a],
PUP.Optional.ArcadeGiant.A, HKU\S-1-5-21-137854066-446030056-4228977528-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{4FD3B33A-372C-439E-BB87-017365EC693C}, , [8cffd6173a413ff71b829ce7be44966a],
PUP.Optional.ArcadeGiant.A, HKU\S-1-5-21-137854066-446030056-4228977528-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{4FD3B33A-372C-439E-BB87-017365EC693C}, , [8cffd6173a413ff71b829ce7be44966a],
PUP.Optional.Neurowise.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{d08ab008-0647-4784-8e2c-5769cd4a7c3a}, , [7e0d9657fc7f2610eac1473b29d9c23e],
PUP.Optional.Neurowise.A, HKLM\SOFTWARE\CLASSES\TYPELIB\{724dd777-5654-4d06-b3bc-c2ff56615998}, , [7e0d9657fc7f2610eac1473b29d9c23e],
PUP.Optional.Neurowise.A, HKLM\SOFTWARE\CLASSES\INTERFACE\{E693A372-A8D4-4CBD-B011-66358BEA2F48}, , [7e0d9657fc7f2610eac1473b29d9c23e],
PUP.Optional.Neurowise.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{E693A372-A8D4-4CBD-B011-66358BEA2F48}, , [7e0d9657fc7f2610eac1473b29d9c23e],
PUP.Optional.Neurowise.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{724dd777-5654-4d06-b3bc-c2ff56615998}, , [7e0d9657fc7f2610eac1473b29d9c23e],
PUP.Optional.Neurowise.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{D08AB008-0647-4784-8E2C-5769CD4A7C3A}, , [7e0d9657fc7f2610eac1473b29d9c23e],
PUP.Optional.Neurowise.A, HKU\S-1-5-21-137854066-446030056-4228977528-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{D08AB008-0647-4784-8E2C-5769CD4A7C3A}, , [7e0d9657fc7f2610eac1473b29d9c23e],
PUP.Optional.Neurowise.A, HKU\S-1-5-21-137854066-446030056-4228977528-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{D08AB008-0647-4784-8E2C-5769CD4A7C3A}, , [7e0d9657fc7f2610eac1473b29d9c23e],
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{8a4d5a43-c64a-45ab-bdf4-804fe18ceafd}, , [93f868857cffd95df30d5b113acad729],
PUP.Optional.SearchProtect, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\APPCOMPATFLAGS\INSTALLEDSDB\{cf2797aa-b7ec-e311-8ed9-005056c00008}, , [3754ea03e19a5fd77a85313ad430e719],
PUP.Optional.BrowserGuard.A, HKLM\SOFTWARE\WOW6432NODE\Browser Guard, , [b4d72cc17cffce68103c6b9b09fa56aa],
PUP.Optional.SaveSense.A, HKLM\SOFTWARE\WOW6432NODE\SaveSense, , [6d1e7677fe7de452f26b1145f60e10f0],
PUP.Optional.Neurowise.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Update neurowise, , [97f4bb323843da5cbf3365a0fe0558a8],
PUP.Optional.Neurowise.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\Util neurowise, , [612add105e1db77f02f1bf4617ec5ba5],
PUP.Optional.SaveSense.A, HKU\S-1-5-21-137854066-446030056-4228977528-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\SaveSense, , [cfbc509d6318ee487fdb4115ab593fc1],

Registry Values: 1
PUP.Optional.FirstSeenToday.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|fst_au_200, , [2a61f0fd0f6c290da06ad84655aee917],

Registry Data: 0
(No malicious items detected)

Folders: 4
PUP.Optional.ArcadeGiant.A, C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArcadeGiant, , [1e6da548b3c862d4e7fef90f02010ff1],
PUP.Optional.SaveSense, C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense, , [2f5c4ca15e1dba7c94859e341be71ce4],
PUP.Optional.ArcadeGiant.A, C:\Users\user\AppData\Local\ArcadeGiant, , [bdcec22b5427c5714daf18d3c43efa06],
PUP.Optional.AllDaySavings.A, C:\Program Files (x86)\CDC27E14-F7CE-431E-BBE0-76C7592FBEF6, , [ccbf5895aecd85b1bd0cd02bc939c937],

Files: 12
PUP.Optional.ArcadeGiant.A, C:\Users\user\AppData\Local\ArcadeGiant\bkr.exe, , [d8b37d702f4cb284282d277d0ff207f9],
PUP.Optional.ArcadeGiant.A, C:\Users\user\AppData\Local\ArcadeGiant\updater.exe, , [206ba24babd0f14592c3adf7788921df],
PUP.Optional.Neurowise.A, C:\Windows\ServiceProfiles\LocalService\AppData\Local\~FontCache-System.dat, , [f695e60790eb47eff736595053ae49b7],
PUP.Optional.Proxy.A, C:\Users\user\AppData\Local\proxy.log, , [a5e639b42a51d1653d4d976d38cb718f],
PUP.Optional.ArcadeGiant.A, C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArcadeGiant\Play ArcadeGiant Games.url, , [1e6da548b3c862d4e7fef90f02010ff1],
PUP.Optional.ArcadeGiant.A, C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArcadeGiant\Uninstall.lnk, , [1e6da548b3c862d4e7fef90f02010ff1],
PUP.Optional.ArcadeGiant.A, C:\Windows\Tasks\ArcadeGiant Updater.job, , [c3c83eaf27541c1a8d59fd0b22e1f10f],
PUP.Optional.ArcadeGiant.A, C:\Windows\System32\Tasks\ArcadeGiant Updater, , [6f1c3bb2007bce683daa98708f74cd33],
PUP.Optional.SaveSense, C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense\SaveSense Help.url, , [2f5c4ca15e1dba7c94859e341be71ce4],
PUP.Optional.SaveSense, C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense\SaveSense.url, , [2f5c4ca15e1dba7c94859e341be71ce4],
PUP.Optional.SaveSense, C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense\Uninstall SaveSense.lnk, , [2f5c4ca15e1dba7c94859e341be71ce4],
PUP.Optional.ArcadeGiant.A, C:\Users\user\AppData\Local\ArcadeGiant\agnt.config, , [bdcec22b5427c5714daf18d3c43efa06],

Physical Sectors: 0
(No malicious items detected)


(end)
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by user on Sun 14/09/2014 at 13:30:55.01
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\systweak
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\systweak
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2e32cfe5-df92-4ae5-b0be-609ed0df74a6}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{2e32cfe5-df92-4ae5-b0be-609ed0df74a6}



~~~ Files



~~~ Folders

Failed to delete: [Folder] "C:\Users\user\AppData\Roaming\systweak"
Successfully deleted: [Folder] "C:\Program Files (x86)\savesense"
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{2B4082EB-946F-4412-AF21-5F0181053A96}
Successfully deleted: [Empty Folder] C:\Users\user\appdata\local\{EBE39319-5523-4C47-A630-DF335350652D}



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 14/09/2014 at 13:37:41.12
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# AdwCleaner v3.310 - Report created 14/09/2014 at 13:22:24
# Updated 12/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : user - HOUSE-LAPTOP
# Running from : C:\Users\user\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : IePluginServices
Service Deleted : netfilter64
Service Deleted : {9d5747ee-0448-4681-8337-1555de75a3b6}Gw64

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\374311380
Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\IePluginServices
Folder Deleted : C:\ProgramData\WindowsMangerProtect
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PepperZip
Folder Deleted : C:\Program Files (x86)\Bench
Folder Deleted : C:\Program Files (x86)\predm
Folder Deleted : C:\users\user\AppData\Local\SearchProtect
Folder Deleted : C:\users\user\AppData\Local\WeatherAlerts
Folder Deleted : C:\users\user\AppData\Roaming\ap_logs
Folder Deleted : C:\users\user\Documents\Optimizer Pro
File Deleted : C:\Users\Public\Desktop\eBay.lnk
File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
File Deleted : C:\Windows\System32\drivers\netfilter64.sys
File Deleted : C:\Windows\System32\drivers\{9d5747ee-0448-4681-8337-1555de75a3b6}Gw64.sys
File Deleted : C:\users\user\AppData\Roaming\aps.uninstall.scan.results

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****

Shortcut Disinfected : C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\DesktopWeatherAlertsApp_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\DesktopWeatherAlertsApp_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\IePluginServices
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Deleted : HKCU\Software\AnyProtect
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\SupHpUISoft
Key Deleted : HKCU\Software\TutoTag
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\AdvertisingSupport
Key Deleted : HKLM\SOFTWARE\AllDaySavings
Key Deleted : HKLM\SOFTWARE\FreeSoftToday
Key Deleted : HKLM\SOFTWARE\SupTab
Key Deleted : HKLM\SOFTWARE\supWindowsMangerProtect
Key Deleted : HKLM\SOFTWARE\supWPM
Key Deleted : HKLM\SOFTWARE\sweet-pageSoftware
Key Deleted : HKLM\SOFTWARE\Tutorials
Key Deleted : [x64] HKLM\SOFTWARE\AllDaySavings
Key Deleted : [x64] HKLM\SOFTWARE\AllDaySavings
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [Default_Search_URL]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Search [SearchAssistant]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\SearchUrl [Default]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]

*************************

AdwCleaner[R0].txt - [5849 octets] - [14/09/2014 13:21:20]
AdwCleaner[S0].txt - [4504 octets] - [14/09/2014 13:22:24]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [4564 octets] ##########

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by user (administrator) on HOUSE-LAPTOP on 14-09-2014 14:08:05
Running from C:\Users\user\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Hewlett-Packard Company) C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Systweak Software, (www.systweak.com)) C:\Program Files (x86)\DLCleaner\dlcleaner.exe
(Systweak Software, (www.systweak.com)) C:\Program Files (x86)\DLCleaner\DLCSystemCleaner.exe
(Systweak Software, (www.systweak.com)) C:\Program Files (x86)\DLCleaner\DLCPrivacyProtector.exe
(Systweak Software, (www.systweak.com)) C:\Program Files (x86)\DLCleaner\DLCDriverUpdater.exe
() C:\Program Files (x86)\neurowise\updateneurowise.exe
() C:\Program Files (x86)\neurowise\bin\utilneurowise.exe
(Systweak Software, (www.systweak.com)) C:\Program Files (x86)\DLCleaner\DLCRegClean.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2480936 2010-12-17] (Synaptics Incorporated)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2010-11-03] (Intel® Corporation)
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-07-22] (Hewlett-Packard Company)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2013-07-03] (IDT, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2010-12-31] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-18] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2010-11-25] (cyberlink)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [318520 2010-12-14] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [574008 2011-07-11] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-01] (Apple Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2011-10-31] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [fst_au_200] => [X]
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-09-02] (AVAST Software)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-08-19] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\Run: [Mobile Partner] => C:\Program Files (x86)\Optus Mini WiFi\Optus Mini WiFi Modem
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {004b935e-fc78-11e2-8da6-cc52af86b9e6} - I:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {0174174a-ab41-11e3-9629-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {017774e8-5081-11e3-a67b-806e6f6e6963} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {0177753f-5081-11e3-a67b-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {01777571-5081-11e3-a67b-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {05a738ee-41b2-11e3-9c9c-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {0814bce8-1592-11e3-9299-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {094e2e95-9389-11e3-91b8-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {0b1e62a9-1d73-11e3-9e35-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {0b1e6300-1d73-11e3-9e35-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {0b1e633e-1d73-11e3-9e35-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {0bc84667-3c9f-11e3-93a1-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {0ce730a5-4e65-11e3-89c1-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {0ebb70d7-acc3-11e3-ac5b-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {0ebb7181-acc3-11e3-ac5b-cc52af86b9e6} - I:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {135ba709-347e-11e3-b7dd-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {186ccf21-47a9-11e3-ba95-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {19125bf7-ef5b-11e2-86ef-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {1afcad3a-2abc-11e3-a60b-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {1b314d80-69d1-11e3-8fcf-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {1c685861-0b8f-11e3-9584-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {1eb2cdde-099e-11e3-89b7-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {1f1344ff-f264-11e2-a758-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {1f13453c-f264-11e2-a758-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {1f134616-f264-11e2-a758-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {1f1346e8-f264-11e2-a758-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {2535e59b-29b4-11e3-bcd1-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {25c34b36-7fa2-11e3-9f11-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {25f1207a-0756-11e3-91c2-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {26e02e56-503d-11e3-8ab1-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {26e02e67-503d-11e3-8ab1-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {2838ce3e-0390-11e3-8cff-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {28ddac65-7eb4-11e3-a017-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {2ac9ecd7-a957-11e3-8bd8-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {2b4a35bd-091d-11e3-aecb-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {2ba2a04a-f62c-11e2-a8a4-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {30bdbcc7-3e7a-11e3-85c0-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {34422324-6779-11e3-b741-cc52af86b9e6} - I:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {366b773d-71d5-11e3-983e-2c27d7a99e25} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {366b77ca-71d5-11e3-983e-2c27d7a99e25} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {3902737d-a0b7-11e3-9a7f-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {39399079-9aa2-11e3-bd86-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {3939909b-9aa2-11e3-bd86-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {3b305759-97fb-11e3-8f95-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {3b33a5b6-f3ec-11e2-a2a2-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {3b33a69d-f3ec-11e2-a2a2-cc52af86b9e6} - I:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {3c0ebc02-1d04-11e3-9193-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {3d9836b6-6ab1-11e3-96f3-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {42adb1ab-c857-11e3-acd4-cc52af86b9e6} - I:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {43f37a37-05ff-11e3-a3ea-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {43f4a81b-4974-11e3-9607-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {43f4a84b-4974-11e3-9607-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {445c8c21-3e5c-11e3-93af-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {445c8c7b-3e5c-11e3-93af-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {4c3a8231-1eed-11e3-bc4a-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {4c6cadf2-8dc4-11e3-a109-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {4c832dc6-34f5-11e3-8cd3-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {5012a9c2-2fa0-11e3-9782-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {50a1c17f-8316-11e3-8ca4-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {50a1c18e-8316-11e3-8ca4-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {50a1c1a0-8316-11e3-8ca4-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {50a1c1af-8316-11e3-8ca4-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {5145e900-023c-11e3-b26c-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {51dd592a-0b2f-11e3-8040-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {547ea097-2a14-11e3-a313-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {5608625b-58bd-11e3-96ba-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {5608626b-58bd-11e3-96ba-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {56380318-fd37-11e2-bc44-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {56380325-fd37-11e2-bc44-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {5dd271a3-4e25-11e3-83f6-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {5eb4e1cf-15f8-11e3-ae8a-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {5f9e2409-6b5e-11e3-90ea-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {5f9e2477-6b5e-11e3-90ea-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {5f9e24b4-6b5e-11e3-90ea-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {6475514f-336e-11e3-89e7-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {689de9b3-5e62-11e3-a1a8-cc52af86b9e6} - I:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {6919fdf5-7a31-11e3-a032-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {6a3731c8-faec-11e2-9306-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {6a3731f4-faec-11e2-9306-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {6a373265-faec-11e2-9306-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {6a593307-61cc-11e3-9b83-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {6a84cd87-48ed-11e3-98d0-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {6b9c1612-4be5-11e3-b53d-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {6c62cb5c-7ca6-11e3-a31a-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {730dd9c4-20e2-11e3-bbe6-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {74baedb1-3459-11e3-96c4-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {76cdc09d-0834-11e3-86d9-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {77adb30a-09f0-11e3-9b8e-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {7ab3a084-1093-11e3-866c-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {7ccc5f3f-7ef3-11e3-a665-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {7ce10bcd-1a50-11e3-8d28-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {7cede570-f0aa-11e2-8cf7-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {7cede6db-f0aa-11e2-8cf7-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {7eda9e83-3fb2-11e3-b8d6-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {7ef3a575-a426-11e3-b6ac-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {80187124-96f8-11e3-ac9b-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {80c36fff-8c32-11e3-a6e7-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {816dda89-fa39-11e2-a5f7-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {854f7185-8ab0-11e3-aecb-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {87cd9ce2-480e-11e3-8918-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {8893506a-5b80-11e3-9917-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {88e16850-150b-11e3-8b70-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {8c0ab00c-4835-11e3-a7af-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {8e063e34-2561-11e3-be07-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {8f9ccf57-9b0f-11e3-9232-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {97ce511d-0c3a-11e3-af23-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {99f6e97c-0352-11e3-84bf-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {9c7c84c4-4e49-11e3-b69a-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {a05b2f60-8cf7-11e3-88a8-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {a26134f9-198f-11e3-a9b3-2c27d7a99e25} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {a5f8786e-1ca6-11e3-bd36-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {aa79033c-fbd4-11e2-a785-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {afd8cf9f-17f9-11e3-a6bb-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {b0322736-d7a6-11e2-91d2-806e6f6e6963} - F:\InstallNavi.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {b0c9695c-8077-11e3-a943-2c27d7a99e25} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {b3b3211a-aa19-11e3-9b1b-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {b3b32123-aa19-11e3-9b1b-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {b460b663-4733-11e3-99d7-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {b48cbeb3-efd4-11e2-8a53-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {b6aafb24-5d12-11e3-a1ce-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {b87b4f17-9df5-11e3-8465-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {b908f011-127f-11e3-a392-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {bc3423ca-635e-11e3-a766-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {bc703434-2c5f-11e3-a5a6-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {bfd52565-5473-11e3-b348-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {c14d87ed-2d2e-11e3-8885-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {c80c8806-ff93-11e2-8259-806e6f6e6963} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {c80c886b-ff93-11e2-8259-2c27d7a99e25} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {c80c88b2-ff93-11e2-8259-2c27d7a99e25} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {c80c8966-ff93-11e2-8259-2c27d7a99e25} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {c893757d-2646-11e3-bbc2-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {cc34860d-310e-11e3-b1be-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {d0e3416e-59f6-11e3-bb1b-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {d0e341d0-59f6-11e3-bb1b-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {d4e273be-b772-11e3-89b6-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {d4e273e6-b772-11e3-89b6-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {d4e27416-b772-11e3-89b6-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {d4e27439-b772-11e3-89b6-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {e0ee20e9-2fae-11e3-87f7-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {e4912c48-b38b-11e3-b9d1-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {e4912c83-b38b-11e3-b9d1-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {e4bcd667-4295-11e3-83aa-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {e4bcd785-4295-11e3-83aa-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {eaf97a96-2d0a-11e3-a92e-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {eb4393ea-4608-11e3-9eb5-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {ed4305b5-95e6-11e3-a7da-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {f09caad1-79fe-11e3-973e-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {f0c843ae-2af1-11e3-9ed2-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {f1f7b2c7-b0a1-11e3-8d3f-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {f4bf476c-19c9-11e3-a641-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {f5e900a2-409a-11e3-a7ad-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {f5e90109-409a-11e3-a7ad-cc52af86b9e6} - I:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {f7b2b2e3-22b4-11e3-8960-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {f7b2b342-22b4-11e3-8960-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {f7e1fd12-6e5c-11e3-ad5a-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {f80829d3-f563-11e2-88ce-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {f9f31524-c09b-11e3-a1a8-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {f9f315bd-c09b-11e3-a1a8-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {fa321ff5-f879-11e2-a5fa-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {fa322067-f879-11e2-a5fa-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {faff9284-308a-11e3-9a8e-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {fddae537-f6ec-11e2-9ad9-cc52af86b9e6} - H:\AutoRun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish PictureMover.lnk
ShortcutTarget: Snapfish PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: 00Zecter -> {D25B32FE-CB96-491A-98FF-AD59DA382D69} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll (Versionate Inc.)
ShellIconOverlayIdentifiers: 01Zecter -> {EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll (Versionate Inc.)
ShellIconOverlayIdentifiers: 02Zecter -> {B3C78E40-6B64-47C3-AE34-60B770881EB8} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll (Versionate Inc.)
ShellIconOverlayIdentifiers: 03Zecter -> {622AFE52-33F6-4D9F-9966-E0BC52D7D69D} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll (Versionate Inc.)
ShellIconOverlayIdentifiers: 04Zecter -> {855156F0-2A0F-11DE-8C30-0800200C9A66} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll (Versionate Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ninemsn.com.au/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: ArcadeGiant Games -> {4FD3B33A-372C-439E-BB87-017365EC693C} -> C:\Users\user\AppData\Local\ArcadeGiant\agiantie.dll (ArcadeGiant)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: neurowise -> {d08ab008-0647-4784-8e2c-5769cd4a7c3a} -> C:\Program Files (x86)\neurowise\neurowisebho.dll (neurowise)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @TrendMicro.com/FFExtension -> C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-09-02]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-09-02]
CHR HKLM-x32\...\Chrome\Extension: [nhfpefkeidlhbjljfdojcnngjbddgein] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2010-11-18]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-09-02] (AVAST Software)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2010-11-25] (CyberLink)
S2 DLCDiskOptimizer; C:\Program Files (x86)\DLCleaner\DLCDefragSrv64.exe [276264 2013-10-24] (Systweak Software, (www.systweak.com))
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-15] ()
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1809720 2014-05-12] (Malwarebytes Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [860472 2014-05-12] (Malwarebytes Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-11-03] ()
R2 Update neurowise; C:\Program Files (x86)\neurowise\updateneurowise.exe [323360 2014-09-14] ()
R2 Util neurowise; C:\Program Files (x86)\neurowise\bin\utilneurowise.exe [323360 2014-09-14] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-09-02] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-09-02] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-09-02] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-09-02] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-09-02] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-09-02] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-09-02] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-09-02] ()
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-09-01] (Intel Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-05-12] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-05-12] (Malwarebytes Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2012-09-10] (Apple Inc.) [File not signed]
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 clwvd; system32\DRIVERS\clwvd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-14 13:37 - 2014-09-14 13:37 - 00001723 _____ () C:\Users\user\Desktop\JRT.txt
2014-09-14 13:32 - 2014-09-14 13:32 - 00003116 _____ () C:\Windows\System32\Tasks\ArcadeGiant Updater
2014-09-14 13:32 - 2014-09-14 13:32 - 00000256 _____ () C:\Windows\Tasks\ArcadeGiant Updater.job
2014-09-14 13:32 - 2014-09-14 13:32 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArcadeGiant
2014-09-14 13:32 - 2014-09-14 13:32 - 00000000 ____D () C:\Users\user\AppData\Local\ArcadeGiant
2014-09-14 13:31 - 2014-09-14 13:31 - 00003266 _____ () C:\Windows\System32\Tasks\DLC-DLCAutoCheckUpdate7Days
2014-09-14 13:31 - 2014-09-14 13:31 - 00003240 _____ () C:\Windows\System32\Tasks\DLC-DLCOneClickCare
2014-09-14 13:31 - 2014-09-14 13:31 - 00003100 _____ () C:\Windows\System32\Tasks\DLCleaner
2014-09-14 13:31 - 2014-09-14 13:31 - 00002948 _____ () C:\Windows\System32\Tasks\DLCService
2014-09-14 13:31 - 2014-09-14 13:31 - 00001330 _____ () C:\Users\Public\Desktop\DLCleaner Smart PC Care.lnk
2014-09-14 13:31 - 2014-09-14 13:31 - 00001256 _____ () C:\Users\Public\Desktop\DLCleaner.lnk
2014-09-14 13:31 - 2014-09-14 13:31 - 00000404 _____ () C:\Windows\Tasks\DLCService.job
2014-09-14 13:31 - 2014-09-14 13:31 - 00000398 _____ () C:\Windows\Tasks\DLC-DLCAutoCheckUpdate7Days.job
2014-09-14 13:31 - 2014-09-14 13:31 - 00000372 _____ () C:\Windows\Tasks\DLC-DLCOneClickCare.job
2014-09-14 13:31 - 2014-09-14 13:31 - 00000000 ____D () C:\Users\user\AppData\Roaming\Systweak
2014-09-14 13:31 - 2014-09-14 13:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DLCleaner
2014-09-14 13:31 - 2014-09-14 13:31 - 00000000 ____D () C:\Program Files (x86)\DLCleaner
2014-09-14 13:31 - 2013-10-24 16:49 - 00020264 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe
2014-09-14 13:30 - 2014-09-14 13:30 - 00000000 ____D () C:\Windows\ERUNT
2014-09-14 13:30 - 2014-09-14 13:30 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense
2014-09-14 13:30 - 2014-09-14 13:30 - 00000000 ____D () C:\Program Files (x86)\neurowise
2014-09-14 13:28 - 2014-09-14 13:28 - 00699016 _____ (CNET Download.com) C:\Users\user\Downloads\cbsidlm-cbsi213-Junkware_Removal_Tool-SEO-75910255.exe
2014-09-14 13:25 - 2014-09-14 13:25 - 00004672 _____ () C:\Users\user\Desktop\AdwCleaner[S0].txt
2014-09-14 13:21 - 2014-09-14 13:22 - 00000000 ____D () C:\AdwCleaner
2014-09-14 13:20 - 2014-09-14 13:20 - 01373475 _____ () C:\Users\user\Downloads\AdwCleaner.exe
2014-09-14 13:17 - 2014-09-14 13:17 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2014-09-13 14:56 - 2014-09-13 14:56 - 00086744 _____ () C:\Users\user\Desktop\FRST.txt
2014-09-13 14:46 - 2014-09-13 14:46 - 00032523 _____ () C:\Users\user\Desktop\Addition.txt
2014-09-13 14:42 - 2014-09-14 14:08 - 00039821 _____ () C:\Users\user\Downloads\FRST.txt
2014-09-13 14:42 - 2014-09-14 14:08 - 00000000 ____D () C:\FRST
2014-09-13 14:42 - 2014-09-13 14:43 - 00032523 _____ () C:\Users\user\Downloads\Addition.txt
2014-09-13 14:41 - 2014-09-13 14:41 - 02105856 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe
2014-09-13 14:34 - 2014-09-13 15:14 - 00001007 _____ () C:\Users\user\Desktop\checkup.txt
2014-09-13 14:29 - 2014-09-13 14:29 - 00854417 _____ () C:\Users\user\Downloads\SecurityCheck.exe
2014-09-13 08:31 - 2014-09-13 08:31 - 00003126 _____ () C:\Windows\System32\Tasks\{8585E23B-1834-44C6-8B35-112E2FB58358}
2014-09-13 08:30 - 2014-09-13 08:30 - 00016130 _____ () C:\Users\user\Downloads\hijackthis.log
2014-09-13 08:30 - 2014-09-13 08:30 - 00016130 _____ () C:\Users\user\Desktop\hijackthis.log
2014-09-13 08:25 - 2014-09-13 08:26 - 00388608 _____ (Trend Micro Inc.) C:\Users\user\Downloads\HiJackThis.exe
2014-09-13 07:30 - 2014-09-14 13:24 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-13 07:29 - 2014-09-13 07:29 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-13 07:29 - 2014-09-13 07:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-13 07:29 - 2014-09-13 07:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-13 07:29 - 2014-09-13 07:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-13 07:29 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-13 07:29 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-09-13 07:29 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-09-13 07:27 - 2014-09-13 07:27 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-13 05:22 - 2014-08-20 03:35 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-13 05:22 - 2014-08-20 03:09 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-13 05:22 - 2014-08-19 08:31 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-13 05:22 - 2014-08-19 07:59 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-13 05:22 - 2014-08-19 07:59 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-13 05:22 - 2014-08-19 07:56 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-13 05:22 - 2014-08-19 07:50 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-13 05:22 - 2014-08-19 07:49 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-13 05:22 - 2014-08-19 07:45 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-13 05:22 - 2014-08-19 07:45 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-13 05:22 - 2014-08-19 07:44 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-13 05:22 - 2014-08-19 07:44 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-13 05:22 - 2014-08-19 07:38 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-13 05:22 - 2014-08-19 07:38 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-13 05:22 - 2014-08-19 07:38 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-13 05:22 - 2014-08-19 07:35 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-13 05:22 - 2014-08-19 07:33 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-13 05:22 - 2014-08-19 07:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-13 05:22 - 2014-08-19 07:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-13 05:22 - 2014-08-19 07:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-13 05:22 - 2014-08-19 07:26 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-13 05:22 - 2014-08-19 07:21 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-13 05:22 - 2014-08-19 07:16 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-13 05:22 - 2014-08-19 07:15 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-13 05:22 - 2014-08-19 07:15 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-13 05:22 - 2014-08-19 07:14 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-13 05:22 - 2014-08-19 07:14 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-13 05:22 - 2014-08-19 07:12 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-13 05:22 - 2014-08-19 07:10 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-13 05:22 - 2014-08-19 07:09 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-13 05:22 - 2014-08-19 07:09 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-13 05:22 - 2014-08-19 07:09 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-13 05:22 - 2014-08-19 07:08 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-13 05:22 - 2014-08-19 07:07 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-13 05:22 - 2014-08-19 07:06 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-13 05:22 - 2014-08-19 07:05 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-13 05:22 - 2014-08-19 06:57 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-13 05:22 - 2014-08-19 06:55 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-13 05:22 - 2014-08-19 06:55 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-13 05:22 - 2014-08-19 06:53 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-13 05:22 - 2014-08-19 06:53 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-13 05:22 - 2014-08-19 06:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-13 05:22 - 2014-08-19 06:49 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-13 05:22 - 2014-08-19 06:47 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-13 05:22 - 2014-08-19 06:47 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-13 05:22 - 2014-08-19 06:46 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-13 05:22 - 2014-08-19 06:45 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-13 05:22 - 2014-08-19 06:45 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-13 05:22 - 2014-08-19 06:39 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-13 05:22 - 2014-08-19 06:38 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-13 05:22 - 2014-08-19 06:37 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-13 05:22 - 2014-08-19 06:25 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-13 05:22 - 2014-08-19 06:16 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-13 05:22 - 2014-08-19 06:08 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-13 05:22 - 2014-08-19 06:08 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-13 05:22 - 2014-08-19 06:06 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-13 05:18 - 2014-06-27 11:38 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-13 05:18 - 2014-06-27 11:15 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-11 19:32 - 2014-08-01 21:23 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-11 19:32 - 2014-08-01 21:05 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-11 19:29 - 2014-07-07 11:36 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-11 19:29 - 2014-07-07 11:36 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-11 19:29 - 2014-07-07 11:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-11 19:29 - 2014-07-07 11:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-11 19:29 - 2014-07-07 11:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-11 19:22 - 2014-06-24 12:59 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-11 19:22 - 2014-06-24 12:29 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-02 18:28 - 2014-09-02 18:28 - 00000854 _____ () C:\Users\user\Desktop\µTorrent.lnk
2014-09-02 18:26 - 2014-09-04 13:52 - 00000000 ____D () C:\Users\user\AppData\Roaming\uTorrent
2014-09-02 17:48 - 2014-09-02 17:48 - 00000000 ____D () C:\Users\user\AppData\Roaming\AVAST Software
2014-09-02 17:47 - 2014-09-10 11:57 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-02 17:47 - 2014-09-02 17:47 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-09-02 17:47 - 2014-09-02 17:47 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-09-02 17:47 - 2014-09-02 17:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-09-02 17:47 - 2014-09-02 17:46 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-09-02 17:47 - 2014-09-02 17:46 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-09-02 17:47 - 2014-09-02 17:46 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-09-02 17:47 - 2014-09-02 17:46 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-09-02 17:47 - 2014-09-02 17:46 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-09-02 17:46 - 2014-09-02 17:46 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-09-02 17:46 - 2014-09-02 17:46 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-09-02 17:46 - 2014-09-02 17:46 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-09-02 17:46 - 2014-09-02 17:46 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-09-02 17:40 - 2014-09-02 17:40 - 00000000 ____D () C:\Program Files\AVAST Software
2014-09-02 17:38 - 2014-09-02 17:40 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-09-02 17:38 - 2014-09-02 17:38 - 04862664 _____ (AVAST Software) C:\Users\user\Downloads\avast_free_antivirus_setup_online.exe
2014-09-02 17:33 - 2014-08-25 06:53 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-02 17:02 - 2014-09-02 17:02 - 00000584 _____ () C:\Windows\system32\TmInstall.log
2014-09-02 16:56 - 2014-09-02 16:56 - 00631728 _____ (ClickMeIn Limited) C:\Users\user\AppData\Local\nsi3FD6.tmp
2014-09-02 11:00 - 2014-09-13 05:18 - 00000000 ___HD () C:\Users\Public\Temp
2014-09-02 10:59 - 2014-09-02 10:59 - 00000000 ____D () C:\Users\user\AppData\Local\com
2014-09-02 10:58 - 2014-09-14 13:22 - 00001100 _____ () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-09-02 10:58 - 2014-09-02 17:06 - 00000003 _____ () C:\Users\user\AppData\Local\proxy.log
2014-09-02 10:51 - 2014-09-02 10:51 - 01942864 _____ (BitTorrent Inc.) C:\Users\user\Desktop\uTorrent.exe
2014-09-02 10:46 - 2014-09-02 10:46 - 00575544 _____ (ClickMeIn Limited) C:\Users\user\AppData\Local\nsbA256.tmp
2014-09-02 10:33 - 2014-09-14 07:36 - 00000000 ____D () C:\Program Files (x86)\CDC27E14-F7CE-431E-BBE0-76C7592FBEF6
2014-09-02 10:31 - 2014-09-14 07:36 - 00000000 ____D () C:\Program Files\005
2014-09-02 10:26 - 2014-09-02 10:26 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-09-02 10:26 - 2014-07-25 12:55 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-09-02 10:26 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-09-02 10:26 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-09-02 10:26 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-09-02 10:11 - 2014-08-23 11:37 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-09-02 10:11 - 2014-08-23 11:15 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-09-02 10:11 - 2014-08-23 10:29 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-09-01 10:22 - 2014-07-09 11:33 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-09-01 10:22 - 2014-07-09 11:33 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-09-01 10:22 - 2014-07-09 11:33 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-09-01 10:22 - 2014-07-09 11:33 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-09-01 10:22 - 2014-07-09 11:33 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-09-01 10:22 - 2014-07-09 11:01 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-09-01 10:22 - 2014-07-09 11:01 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-09-01 10:22 - 2014-07-09 11:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-09-01 10:22 - 2014-07-09 11:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-09-01 10:22 - 2014-07-09 11:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-09-01 10:22 - 2014-07-09 08:08 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-09-01 10:22 - 2014-07-09 08:00 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-09-01 10:22 - 2014-06-25 11:35 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-09-01 10:22 - 2014-06-25 11:11 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-09-01 10:17 - 2014-07-16 12:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-01 10:17 - 2014-07-16 12:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-01 10:17 - 2014-06-18 11:48 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-09-01 10:17 - 2014-06-18 11:21 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-09-01 10:17 - 2014-06-06 19:40 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-09-01 10:17 - 2014-06-06 19:14 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-09-01 10:17 - 2014-06-03 19:32 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-09-01 10:17 - 2014-06-03 19:32 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-09-01 10:17 - 2014-06-03 19:32 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-09-01 10:17 - 2014-06-03 19:32 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-09-01 10:17 - 2014-06-03 18:59 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-09-01 10:17 - 2014-06-03 18:59 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-09-01 10:17 - 2014-06-03 18:59 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-09-01 10:17 - 2014-05-30 16:15 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-09-01 10:15 - 2014-06-16 11:40 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-09-01 10:15 - 2014-05-30 17:38 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-09-01 10:15 - 2014-05-30 17:38 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-09-01 10:15 - 2014-05-30 17:38 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-09-01 10:15 - 2014-05-30 17:38 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-09-01 10:15 - 2014-05-30 17:38 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-09-01 10:15 - 2014-05-30 17:38 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-09-01 10:15 - 2014-05-30 17:22 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-09-01 10:15 - 2014-05-30 17:22 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-09-01 10:15 - 2014-05-30 17:22 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-09-01 10:15 - 2014-05-30 17:22 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-09-01 10:15 - 2014-05-30 17:22 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-09-01 10:15 - 2014-05-30 17:22 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-09-01 10:03 - 2014-07-14 11:32 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-09-01 10:03 - 2014-07-14 11:10 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-09-01 10:02 - 2014-08-07 11:36 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-01 10:02 - 2014-08-07 11:31 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-01 10:01 - 2014-05-15 01:53 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-09-01 10:01 - 2014-05-15 01:53 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-09-01 10:01 - 2014-05-15 01:53 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-09-01 10:01 - 2014-05-15 01:53 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-09-01 10:01 - 2014-05-15 01:53 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-09-01 10:01 - 2014-05-15 01:53 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-09-01 10:01 - 2014-05-15 01:53 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-09-01 10:01 - 2014-05-15 01:51 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-09-01 10:01 - 2014-05-15 01:50 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-09-01 10:01 - 2014-05-15 01:47 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-09-01 10:01 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-09-01 10:01 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-09-01 10:01 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-09-01 10:01 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-29 15:55 - 2014-07-01 07:54 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-29 15:55 - 2014-07-01 07:44 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-29 15:55 - 2014-06-06 15:46 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-29 15:55 - 2014-06-06 15:42 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-29 15:55 - 2014-03-10 07:18 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-29 15:55 - 2014-03-10 07:18 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-29 15:55 - 2014-03-10 07:17 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-29 15:55 - 2014-03-10 07:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-14 14:08 - 2014-09-13 14:42 - 00039821 _____ () C:\Users\user\Downloads\FRST.txt
2014-09-14 14:08 - 2014-09-13 14:42 - 00000000 ____D () C:\FRST
2014-09-14 13:43 - 2013-06-23 22:08 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-14 13:37 - 2014-09-14 13:37 - 00001723 _____ () C:\Users\user\Desktop\JRT.txt
2014-09-14 13:32 - 2014-09-14 13:32 - 00003116 _____ () C:\Windows\System32\Tasks\ArcadeGiant Updater
2014-09-14 13:32 - 2014-09-14 13:32 - 00000256 _____ () C:\Windows\Tasks\ArcadeGiant Updater.job
2014-09-14 13:32 - 2014-09-14 13:32 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArcadeGiant
2014-09-14 13:32 - 2014-09-14 13:32 - 00000000 ____D () C:\Users\user\AppData\Local\ArcadeGiant
2014-09-14 13:31 - 2014-09-14 13:31 - 00003266 _____ () C:\Windows\System32\Tasks\DLC-DLCAutoCheckUpdate7Days
2014-09-14 13:31 - 2014-09-14 13:31 - 00003240 _____ () C:\Windows\System32\Tasks\DLC-DLCOneClickCare
2014-09-14 13:31 - 2014-09-14 13:31 - 00003100 _____ () C:\Windows\System32\Tasks\DLCleaner
2014-09-14 13:31 - 2014-09-14 13:31 - 00002948 _____ () C:\Windows\System32\Tasks\DLCService
2014-09-14 13:31 - 2014-09-14 13:31 - 00001330 _____ () C:\Users\Public\Desktop\DLCleaner Smart PC Care.lnk
2014-09-14 13:31 - 2014-09-14 13:31 - 00001256 _____ () C:\Users\Public\Desktop\DLCleaner.lnk
2014-09-14 13:31 - 2014-09-14 13:31 - 00000404 _____ () C:\Windows\Tasks\DLCService.job
2014-09-14 13:31 - 2014-09-14 13:31 - 00000398 _____ () C:\Windows\Tasks\DLC-DLCAutoCheckUpdate7Days.job
2014-09-14 13:31 - 2014-09-14 13:31 - 00000372 _____ () C:\Windows\Tasks\DLC-DLCOneClickCare.job
2014-09-14 13:31 - 2014-09-14 13:31 - 00000000 ____D () C:\Users\user\AppData\Roaming\Systweak
2014-09-14 13:31 - 2014-09-14 13:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DLCleaner
2014-09-14 13:31 - 2014-09-14 13:31 - 00000000 ____D () C:\Program Files (x86)\DLCleaner
2014-09-14 13:31 - 2009-07-14 14:15 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-14 13:31 - 2009-07-14 14:15 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-14 13:30 - 2014-09-14 13:30 - 00000000 ____D () C:\Windows\ERUNT
2014-09-14 13:30 - 2014-09-14 13:30 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense
2014-09-14 13:30 - 2014-09-14 13:30 - 00000000 ____D () C:\Program Files (x86)\neurowise
2014-09-14 13:28 - 2014-09-14 13:28 - 00699016 _____ (CNET Download.com) C:\Users\user\Downloads\cbsidlm-cbsi213-Junkware_Removal_Tool-SEO-75910255.exe
2014-09-14 13:28 - 2009-07-14 14:43 - 00784326 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-14 13:27 - 2013-02-12 04:45 - 01584612 _____ () C:\Windows\WindowsUpdate.log
2014-09-14 13:25 - 2014-09-14 13:25 - 00004672 _____ () C:\Users\user\Desktop\AdwCleaner[S0].txt
2014-09-14 13:24 - 2014-09-13 07:30 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-14 13:24 - 2013-07-03 09:07 - 00000000 ____D () C:\Users\user\AppData\Roaming\Skype
2014-09-14 13:23 - 2013-07-08 12:49 - 00000439 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-09-14 13:23 - 2013-06-18 09:06 - 01078274 _____ () C:\Windows\setupact.log
2014-09-14 13:23 - 2013-02-12 05:10 - 01136676 _____ () C:\Windows\PFRO.log
2014-09-14 13:23 - 2009-07-14 14:38 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-14 13:22 - 2014-09-14 13:21 - 00000000 ____D () C:\AdwCleaner
2014-09-14 13:22 - 2014-09-02 10:58 - 00001100 _____ () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-09-14 13:20 - 2014-09-14 13:20 - 01373475 _____ () C:\Users\user\Downloads\AdwCleaner.exe
2014-09-14 13:17 - 2014-09-14 13:17 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2014-09-14 13:15 - 2014-08-14 16:08 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForuser.job
2014-09-14 08:27 - 2009-07-14 12:50 - 00000000 ____D () C:\Windows\rescache
2014-09-14 07:36 - 2014-09-02 10:33 - 00000000 ____D () C:\Program Files (x86)\CDC27E14-F7CE-431E-BBE0-76C7592FBEF6
2014-09-14 07:36 - 2014-09-02 10:31 - 00000000 ____D () C:\Program Files\005
2014-09-13 15:14 - 2014-09-13 14:34 - 00001007 _____ () C:\Users\user\Desktop\checkup.txt
2014-09-13 14:56 - 2014-09-13 14:56 - 00086744 _____ () C:\Users\user\Desktop\FRST.txt
2014-09-13 14:46 - 2014-09-13 14:46 - 00032523 _____ () C:\Users\user\Desktop\Addition.txt
2014-09-13 14:43 - 2014-09-13 14:42 - 00032523 _____ () C:\Users\user\Downloads\Addition.txt
2014-09-13 14:41 - 2014-09-13 14:41 - 02105856 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe
2014-09-13 14:29 - 2014-09-13 14:29 - 00854417 _____ () C:\Users\user\Downloads\SecurityCheck.exe
2014-09-13 08:31 - 2014-09-13 08:31 - 00003126 _____ () C:\Windows\System32\Tasks\{8585E23B-1834-44C6-8B35-112E2FB58358}
2014-09-13 08:30 - 2014-09-13 08:30 - 00016130 _____ () C:\Users\user\Downloads\hijackthis.log
2014-09-13 08:30 - 2014-09-13 08:30 - 00016130 _____ () C:\Users\user\Desktop\hijackthis.log
2014-09-13 08:26 - 2014-09-13 08:25 - 00388608 _____ (Trend Micro Inc.) C:\Users\user\Downloads\HiJackThis.exe
2014-09-13 08:26 - 2013-02-11 11:07 - 00000000 ____D () C:\Users\user\AppData\Local\VirtualStore
2014-09-13 07:29 - 2014-09-13 07:29 - 00001102 _____ () C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-09-13 07:29 - 2014-09-13 07:29 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-09-13 07:29 - 2014-09-13 07:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-13 07:29 - 2014-09-13 07:29 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-09-13 07:27 - 2014-09-13 07:27 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\user\Downloads\mbam-setup-2.0.2.1012.exe
2014-09-13 05:21 - 2013-07-24 00:25 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-13 05:21 - 2013-02-11 11:23 - 00768636 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-13 05:18 - 2014-09-02 11:00 - 00000000 ___HD () C:\Users\Public\Temp
2014-09-13 05:18 - 2013-06-21 14:53 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-10 11:58 - 2013-06-26 04:22 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-09-10 11:57 - 2014-09-02 17:47 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-10 11:57 - 2013-07-02 20:11 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-09-10 11:57 - 2013-06-23 22:08 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-10 11:57 - 2013-06-23 22:08 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-10 11:57 - 2013-06-23 22:08 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-07 11:17 - 2009-07-14 14:15 - 00268392 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-04 13:52 - 2014-09-02 18:26 - 00000000 ____D () C:\Users\user\AppData\Roaming\uTorrent
2014-09-04 13:43 - 2009-07-14 12:50 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-02 18:28 - 2014-09-02 18:28 - 00000854 _____ () C:\Users\user\Desktop\µTorrent.lnk
2014-09-02 17:48 - 2014-09-02 17:48 - 00000000 ____D () C:\Users\user\AppData\Roaming\AVAST Software
2014-09-02 17:47 - 2014-09-02 17:47 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-09-02 17:47 - 2014-09-02 17:47 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-09-02 17:47 - 2014-09-02 17:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-09-02 17:46 - 2014-09-02 17:47 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-09-02 17:46 - 2014-09-02 17:47 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-09-02 17:46 - 2014-09-02 17:47 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-09-02 17:46 - 2014-09-02 17:47 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-09-02 17:46 - 2014-09-02 17:47 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-09-02 17:46 - 2014-09-02 17:46 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-09-02 17:46 - 2014-09-02 17:46 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-09-02 17:46 - 2014-09-02 17:46 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-09-02 17:46 - 2014-09-02 17:46 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-09-02 17:40 - 2014-09-02 17:40 - 00000000 ____D () C:\Program Files\AVAST Software
2014-09-02 17:40 - 2014-09-02 17:38 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-09-02 17:38 - 2014-09-02 17:38 - 04862664 _____ (AVAST Software) C:\Users\user\Downloads\avast_free_antivirus_setup_online.exe
2014-09-02 17:16 - 2009-07-14 12:04 - 00000505 _____ () C:\Windows\win.ini
2014-09-02 17:06 - 2014-09-02 10:58 - 00000003 _____ () C:\Users\user\AppData\Local\proxy.log
2014-09-02 17:02 - 2014-09-02 17:02 - 00000584 _____ () C:\Windows\system32\TmInstall.log
2014-09-02 17:00 - 2013-06-21 14:13 - 00000000 ____D () C:\ProgramData\Trend Micro
2014-09-02 16:59 - 2013-06-21 14:18 - 00000000 ____D () C:\Users\user\AppData\Local\Trend Micro
2014-09-02 16:59 - 2013-06-21 14:16 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-09-02 16:56 - 2014-09-02 16:56 - 00631728 _____ (ClickMeIn Limited) C:\Users\user\AppData\Local\nsi3FD6.tmp
2014-09-02 10:59 - 2014-09-02 10:59 - 00000000 ____D () C:\Users\user\AppData\Local\com
2014-09-02 10:58 - 2013-07-02 11:18 - 00000000 ____D () C:\Users\user\AppData\Local\CrashDumps
2014-09-02 10:51 - 2014-09-02 10:51 - 01942864 _____ (BitTorrent Inc.) C:\Users\user\Desktop\uTorrent.exe
2014-09-02 10:46 - 2014-09-02 10:46 - 00575544 _____ (ClickMeIn Limited) C:\Users\user\AppData\Local\nsbA256.tmp
2014-09-02 10:33 - 2013-10-16 07:42 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-02 10:26 - 2014-09-02 10:26 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-09-02 10:26 - 2011-01-19 07:36 - 00000000 ____D () C:\Program Files (x86)\Java
2014-09-02 10:14 - 2009-07-14 12:50 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-09-02 10:14 - 2009-07-14 12:50 - 00000000 ____D () C:\Windows\system32\Dism
2014-09-02 10:14 - 2009-07-14 12:50 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-09-02 09:49 - 2014-06-01 14:35 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-01 18:21 - 2013-06-25 03:01 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-09-01 18:21 - 2013-06-25 03:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-09-01 17:53 - 2009-07-14 15:02 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-08-29 15:58 - 2013-06-25 03:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-08-25 06:53 - 2014-09-02 17:33 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-23 11:37 - 2014-09-02 10:11 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 11:15 - 2014-09-02 10:11 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 10:29 - 2014-09-02 10:11 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-20 03:35 - 2014-09-13 05:22 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-20 03:09 - 2014-09-13 05:22 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-19 08:31 - 2014-09-13 05:22 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-19 07:59 - 2014-09-13 05:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-19 07:59 - 2014-09-13 05:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-19 07:56 - 2014-09-13 05:22 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-19 07:50 - 2014-09-13 05:22 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-19 07:49 - 2014-09-13 05:22 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-19 07:45 - 2014-09-13 05:22 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-19 07:45 - 2014-09-13 05:22 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-19 07:44 - 2014-09-13 05:22 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-19 07:44 - 2014-09-13 05:22 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-19 07:38 - 2014-09-13 05:22 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-19 07:38 - 2014-09-13 05:22 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-19 07:38 - 2014-09-13 05:22 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-19 07:35 - 2014-09-13 05:22 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-19 07:33 - 2014-09-13 05:22 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-19 07:33 - 2014-09-13 05:22 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-19 07:33 - 2014-09-13 05:22 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-19 07:27 - 2014-09-13 05:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-19 07:26 - 2014-09-13 05:22 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-19 07:21 - 2014-09-13 05:22 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-19 07:16 - 2014-09-13 05:22 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-19 07:15 - 2014-09-13 05:22 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-19 07:15 - 2014-09-13 05:22 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-19 07:14 - 2014-09-13 05:22 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-19 07:14 - 2014-09-13 05:22 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-19 07:12 - 2014-09-13 05:22 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-19 07:10 - 2014-09-13 05:22 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-19 07:09 - 2014-09-13 05:22 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-19 07:09 - 2014-09-13 05:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-19 07:09 - 2014-09-13 05:22 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-19 07:08 - 2014-09-13 05:22 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-19 07:07 - 2014-09-13 05:22 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-19 07:06 - 2014-09-13 05:22 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-19 07:05 - 2014-09-13 05:22 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-19 06:57 - 2014-09-13 05:22 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-19 06:55 - 2014-09-13 05:22 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-19 06:55 - 2014-09-13 05:22 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-19 06:53 - 2014-09-13 05:22 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-19 06:53 - 2014-09-13 05:22 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-19 06:52 - 2014-09-13 05:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-19 06:49 - 2014-09-13 05:22 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-19 06:47 - 2014-09-13 05:22 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-19 06:47 - 2014-09-13 05:22 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-19 06:46 - 2014-09-13 05:22 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-19 06:45 - 2014-09-13 05:22 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-19 06:45 - 2014-09-13 05:22 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-19 06:39 - 2014-09-13 05:22 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-19 06:38 - 2014-09-13 05:22 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-19 06:37 - 2014-09-13 05:22 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-19 06:25 - 2014-09-13 05:22 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-19 06:16 - 2014-09-13 05:22 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-19 06:08 - 2014-09-13 05:22 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-19 06:08 - 2014-09-13 05:22 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-19 06:06 - 2014-09-13 05:22 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

Some content of TEMP:
====================
C:\Users\user\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-06 00:54

==================== End Of Log ============================
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-09-2014
Ran by user at 2014-09-14 07:26:26 Run:1
Running from C:\Users\user\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************

Start
() C:\Program Files (x86)\CDC27E14-F7CE-431E-BBE0-76C7592FBEF6\etmajyzoqm64.exe
() C:\Program Files\005\cyycfhtzro64.exe
HKLM-x32\...\Run: [AnyProtect Scanner] => "C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe"
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.snapdo.c...q={searchTerms}
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://feed.snapdo.c...q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-pag...q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-pag...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.sweet-pag...q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = http://www.sweet-pag...q={searchTerms}
SearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM - {2fa28606-de77-4029-af96-b231e3b8f827} URL = http://eu.ask.com/we...&l=dis&o=HPNTDF
SearchScopes: HKLM-x32 - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.c...q={searchTerms}
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKCU - {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = http://feed.snapdo.c...q={searchTerms}
Toolbar: HKLM - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKLM-x32 - No Name - {ae07101b-46d4-4a98-af68-0333ea26e113} - No File
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {4F524A2D-5350-4500-76A7-7A786E7484D7} - No File
R2 AllDaySavingsService64; C:\Program Files (x86)\CDC27E14-F7CE-431E-BBE0-76C7592FBEF6\etmajyzoqm64.exe [172544 2014-08-01] () [File not signed]
R2 cyycfhtzro64; C:\Program Files\005\cyycfhtzro64.exe [709120 2014-09-02] () [File not signed]
2014-09-02 10:33 - 2014-09-11 19:43 - 00000000 ____D () C:\Program Files\AllDaySavings
Task: {2FA1357F-F40B-416F-A887-C27AF7C6E6B5} - System32\Tasks\APSnotifierPP1 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {34EC50A6-64ED-419C-81CD-E3D9472451F6} - System32\Tasks\APSnotifierPP3 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: {A4214BCE-60A2-40B7-8FE3-496FC3BC03B6} - System32\Tasks\LaunchSignup => C:\Program Files (x86)\MyPC Backup\Signup Wizard.exe <==== ATTENTION
Task: {ADD2AA23-E2F5-4990-AA5F-362A6CA7D495} - System32\Tasks\APSnotifierPP2 => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP1.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP2.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
Task: C:\Windows\Tasks\APSnotifierPP3.job => C:\Program Files (x86)\AnyProtectEx\AnyProtect.exe <==== ATTENTION
EmptyTemp:
End

*****************

[2216] C:\Program Files (x86)\CDC27E14-F7CE-431E-BBE0-76C7592FBEF6\etmajyzoqm64.exe => Process closed successfully.
[2568] C:\Program Files\005\cyycfhtzro64.exe => Process closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\AnyProtect Scanner => value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Bar => value deleted successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Search_URL => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key deleted successfully.
"HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key deleted successfully.
"HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827}" => Key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}" => Key not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key deleted successfully.
"HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => Key not found.
"HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}" => Key deleted successfully.
"HKCR\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}" => Key not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} => value deleted successfully.
"HKCR\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}" => Key deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} => value deleted successfully.
"HKCR\Wow6432Node\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}" => Key deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value deleted successfully.
"HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}" => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4F524A2D-5350-4500-76A7-7A786E7484D7} => value deleted successfully.
"HKCR\CLSID\{4F524A2D-5350-4500-76A7-7A786E7484D7}" => Key not found.
AllDaySavingsService64 => Service deleted successfully.
cyycfhtzro64 => Service deleted successfully.
C:\Program Files\AllDaySavings => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2FA1357F-F40B-416F-A887-C27AF7C6E6B5}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2FA1357F-F40B-416F-A887-C27AF7C6E6B5}" => Key deleted successfully.
C:\Windows\System32\Tasks\APSnotifierPP1 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP1" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{34EC50A6-64ED-419C-81CD-E3D9472451F6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{34EC50A6-64ED-419C-81CD-E3D9472451F6}" => Key deleted successfully.
C:\Windows\System32\Tasks\APSnotifierPP3 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP3" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A4214BCE-60A2-40B7-8FE3-496FC3BC03B6}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A4214BCE-60A2-40B7-8FE3-496FC3BC03B6}" => Key deleted successfully.
C:\Windows\System32\Tasks\LaunchSignup => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\LaunchSignup" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ADD2AA23-E2F5-4990-AA5F-362A6CA7D495}" => Key deleted successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ADD2AA23-E2F5-4990-AA5F-362A6CA7D495}" => Key deleted successfully.
C:\Windows\System32\Tasks\APSnotifierPP2 => Moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\APSnotifierPP2" => Key deleted successfully.
C:\Windows\Tasks\APSnotifierPP1.job => Moved successfully.
C:\Windows\Tasks\APSnotifierPP2.job => Moved successfully.
C:\Windows\Tasks\APSnotifierPP3.job => Moved successfully.
EmptyTemp: => Removed 1.5 GB temporary data.


The system needed a reboot.

==== End of Fixlog ====

#8 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 14 September 2014 - 01:44 AM

Hi shucky ,

I asked you to run Malwarebytes Anti-Rootkit, not Malwarebytes' Anti-Malware. Please click on the link I provided in the instructions to run the anti-rootkit scan. Post the logs in your next reply.
 


OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#9 shucky

shucky

    Authentic Member

  • Authentic Member
  • PipPip
  • 75 posts

Posted 14 September 2014 - 02:54 AM

Here is root kit results, I was finally able to get it installed without error messages.

Malwarebytes Anti-Rootkit BETA 1.07.0.1012
www.malwarebytes.org

Database version: v2014.09.14.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.17280
user :: HOUSE-LAPTOP [administrator]

14/09/2014 6:06:33 PM
mbar-log-2014-09-14 (18-06-33).txt

Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled:
Objects scanned: 310975
Time elapsed: 8 minute(s), 10 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

Physical Sectors Detected: 0
(No malicious items detected)

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.07.0.1012

© Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 11.0.9600.17280

Java version: 1.6.0_22

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED, E:\ DRIVE_FIXED, G:\ DRIVE_FIXED
CPU speed: 1.995000 GHz
Memory total: 8535261184, free: 6088749056

Downloaded database version: v2014.09.14.03
Downloaded database version: v2014.09.13.01
=======================================
Initializing...
Done!
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 1D8E407E

Partition information:

Partition 0 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 2048 Numsec = 407552
Partition file system is NTFS
Partition is bootable

Partition 1 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 409600 Numsec = 1912066048

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 1912475648 Numsec = 40839168

Partition 3 type is Other (0xe)
Partition is NOT ACTIVE.
Partition starts at LBA: 1953314816 Numsec = 208304

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953505168-1953525168)...
Done!
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 105D21CC

Partition information:

Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 1465143296

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Disk Size: 750156374016 bytes
Sector size: 512 bytes

Done!
Scan finished
=======================================


Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\VBR-0-0-2048-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-1-r.mbam...
Removal finished

#10 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 14 September 2014 - 08:39 AM

Hi shucky ,

There are numerous MountPoints listed in your FRST log. Do you use a USB stick drive, and remove it frequently?

=========================

bullseye_zpse9eaf36e.gif FRST Fix Script

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt
 
Start
() C:\Program Files (x86)\neurowise\updateneurowise.exe
() C:\Program Files (x86)\neurowise\bin\utilneurowise.exe
(Systweak Software, (www.systweak.com)) C:\Program Files (x86)\DLCleaner\dlcleaner.exe
(Systweak Software, (www.systweak.com)) C:\Program Files (x86)\DLCleaner\DLCSystemCleaner.exe
(Systweak Software, (www.systweak.com)) C:\Program Files (x86)\DLCleaner\DLCPrivacyProtector.exe
(Systweak Software, (www.systweak.com)) C:\Program Files (x86)\DLCleaner\DLCDriverUpdater.exe
S2 DLCDiskOptimizer; C:\Program Files (x86)\DLCleaner\DLCDefragSrv64.exe [276264 2013-10-24] (Systweak Software, (www.systweak.com))
R2 Update neurowise; C:\Program Files (x86)\neurowise\updateneurowise.exe [323360 2014-09-14] ()
R2 Util neurowise; C:\Program Files (x86)\neurowise\bin\utilneurowise.exe [323360 2014-09-14] ()
2014-09-14 13:31 - 2014-09-14 13:31 - 00003266 _____ () C:\Windows\System32\Tasks\DLC-DLCAutoCheckUpdate7Days
2014-09-14 13:31 - 2014-09-14 13:31 - 00003240 _____ () C:\Windows\System32\Tasks\DLC-DLCOneClickCare
2014-09-14 13:31 - 2014-09-14 13:31 - 00003100 _____ () C:\Windows\System32\Tasks\DLCleaner
2014-09-14 13:31 - 2014-09-14 13:31 - 00002948 _____ () C:\Windows\System32\Tasks\DLCService
2014-09-14 13:31 - 2014-09-14 13:31 - 00001330 _____ () C:\Users\Public\Desktop\DLCleaner Smart PC Care.lnk
2014-09-14 13:31 - 2014-09-14 13:31 - 00001256 _____ () C:\Users\Public\Desktop\DLCleaner.lnk
2014-09-14 13:31 - 2014-09-14 13:31 - 00000404 _____ () C:\Windows\Tasks\DLCService.job
2014-09-14 13:31 - 2014-09-14 13:31 - 00000398 _____ () C:\Windows\Tasks\DLC-DLCAutoCheckUpdate7Days.job
2014-09-14 13:31 - 2014-09-14 13:31 - 00000372 _____ () C:\Windows\Tasks\DLC-DLCOneClickCare.job
2014-09-14 13:31 - 2014-09-14 13:31 - 00000000 ____D () C:\Users\user\AppData\Roaming\Systweak
2014-09-14 13:31 - 2014-09-14 13:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DLCleaner
2014-09-14 13:31 - 2014-09-14 13:31 - 00000000 ____D () C:\Program Files (x86)\DLCleaner
2014-09-14 13:31 - 2013-10-24 16:49 - 00020264 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe
2014-09-14 13:30 - 2014-09-14 13:30 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense
2014-09-14 13:30 - 2014-09-14 13:30 - 00000000 ____D () C:\Program Files (x86)\neurowise
EmptyTemp:
End
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

=========================

bullseye_zpse9eaf36e.gif Reboot

=========================

bullseye_zpse9eaf36e.gif Re- run AdwCleaner

It should be on your desktop
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a log file report (AdwCleaner[S1].txt) will open automatically.
  • Copy and paste the contents of that log file in your next reply.
  • A copy of that log file will also be saved in the C:\AdwCleaner folder.
=========================

bullseye_zpse9eaf36e.gif Re-run Farbar Recovery Scan Tool it should be on your desktop.
    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
=========================

In your next post please provide the following:
  • Fixlog.txt
  • AdwCleaner[S1].txt
  • new FRST.txt
  • How is the computer running at the moment?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.

    Advertisements

Register to Remove


#11 shucky

shucky

    Authentic Member

  • Authentic Member
  • PipPip
  • 75 posts

Posted 15 September 2014 - 01:35 AM

Hi OCD
here are the lastest set of log files, the computer is doing ok so far no popups and such as it was in the beginning, Yes I do use a portable hard drive which has a few things for work on it, I know for a fact its clean of any malware or viruses so that's not a worry to me. I'm seeing firefox and Chrome at the bottom of one of these logs I believe it maybe the ADwcleaner, that's not saying I have these 2 browsers installed is it? I only use IE.
Cheers
Reason for edit adding info.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 12-09-2014
Ran by user at 2014-09-15 06:07:09 Run:2
Running from C:\Users\user\Downloads
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
() C:\Program Files (x86)\neurowise\updateneurowise.exe
() C:\Program Files (x86)\neurowise\bin\utilneurowise.exe
(Systweak Software, (www.systweak.com)) C:\Program Files (x86)\DLCleaner\dlcleaner.exe
(Systweak Software, (www.systweak.com)) C:\Program Files (x86)\DLCleaner\DLCSystemCleaner.exe
(Systweak Software, (www.systweak.com)) C:\Program Files (x86)\DLCleaner\DLCPrivacyProtector.exe
(Systweak Software, (www.systweak.com)) C:\Program Files (x86)\DLCleaner\DLCDriverUpdater.exe
S2 DLCDiskOptimizer; C:\Program Files (x86)\DLCleaner\DLCDefragSrv64.exe [276264 2013-10-24] (Systweak Software, (www.systweak.com))
R2 Update neurowise; C:\Program Files (x86)\neurowise\updateneurowise.exe [323360 2014-09-14] ()
R2 Util neurowise; C:\Program Files (x86)\neurowise\bin\utilneurowise.exe [323360 2014-09-14] ()
2014-09-14 13:31 - 2014-09-14 13:31 - 00003266 _____ () C:\Windows\System32\Tasks\DLC-DLCAutoCheckUpdate7Days
2014-09-14 13:31 - 2014-09-14 13:31 - 00003240 _____ () C:\Windows\System32\Tasks\DLC-DLCOneClickCare
2014-09-14 13:31 - 2014-09-14 13:31 - 00003100 _____ () C:\Windows\System32\Tasks\DLCleaner
2014-09-14 13:31 - 2014-09-14 13:31 - 00002948 _____ () C:\Windows\System32\Tasks\DLCService
2014-09-14 13:31 - 2014-09-14 13:31 - 00001330 _____ () C:\Users\Public\Desktop\DLCleaner Smart PC Care.lnk
2014-09-14 13:31 - 2014-09-14 13:31 - 00001256 _____ () C:\Users\Public\Desktop\DLCleaner.lnk
2014-09-14 13:31 - 2014-09-14 13:31 - 00000404 _____ () C:\Windows\Tasks\DLCService.job
2014-09-14 13:31 - 2014-09-14 13:31 - 00000398 _____ () C:\Windows\Tasks\DLC-DLCAutoCheckUpdate7Days.job
2014-09-14 13:31 - 2014-09-14 13:31 - 00000372 _____ () C:\Windows\Tasks\DLC-DLCOneClickCare.job
2014-09-14 13:31 - 2014-09-14 13:31 - 00000000 ____D () C:\Users\user\AppData\Roaming\Systweak
2014-09-14 13:31 - 2014-09-14 13:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DLCleaner
2014-09-14 13:31 - 2014-09-14 13:31 - 00000000 ____D () C:\Program Files (x86)\DLCleaner
2014-09-14 13:31 - 2013-10-24 16:49 - 00020264 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe
2014-09-14 13:30 - 2014-09-14 13:30 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense
2014-09-14 13:30 - 2014-09-14 13:30 - 00000000 ____D () C:\Program Files (x86)\neurowise
EmptyTemp:
End
*****************

C:\Program Files (x86)\neurowise\updateneurowise.exe => No running process found
C:\Program Files (x86)\neurowise\bin\utilneurowise.exe => No running process found
(Systweak Software, (www.systweak.com)) C:\Program Files (x86)\DLCleaner\dlcleaner.exe => Error: No automatic fix found for this entry.
(Systweak Software, (www.systweak.com)) C:\Program Files (x86)\DLCleaner\DLCSystemCleaner.exe => Error: No automatic fix found for this entry.
(Systweak Software, (www.systweak.com)) C:\Program Files (x86)\DLCleaner\DLCPrivacyProtector.exe => Error: No automatic fix found for this entry.
(Systweak Software, (www.systweak.com)) C:\Program Files (x86)\DLCleaner\DLCDriverUpdater.exe => Error: No automatic fix found for this entry.
DLCDiskOptimizer => Service not found.
Update neurowise => Service deleted successfully.
Util neurowise => Service deleted successfully.
"C:\Windows\System32\Tasks\DLC-DLCAutoCheckUpdate7Days" => File/Directory not found.
"C:\Windows\System32\Tasks\DLC-DLCOneClickCare" => File/Directory not found.
"C:\Windows\System32\Tasks\DLCleaner" => File/Directory not found.
"C:\Windows\System32\Tasks\DLCService" => File/Directory not found.
"C:\Users\Public\Desktop\DLCleaner Smart PC Care.lnk" => File/Directory not found.
"C:\Users\Public\Desktop\DLCleaner.lnk" => File/Directory not found.
"C:\Windows\Tasks\DLCService.job" => File/Directory not found.
"C:\Windows\Tasks\DLC-DLCAutoCheckUpdate7Days.job" => File/Directory not found.
"C:\Windows\Tasks\DLC-DLCOneClickCare.job" => File/Directory not found.
C:\Users\user\AppData\Roaming\Systweak => Moved successfully.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DLCleaner" => File/Directory not found.
"C:\Program Files (x86)\DLCleaner" => File/Directory not found.
"C:\Windows\system32\roboot64.exe" => File/Directory not found.
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense => Moved successfully.
"C:\Program Files (x86)\neurowise" => File/Directory not found.
EmptyTemp: => Removed 124.5 MB temporary data.


The system needed a reboot.

==== End of Fixlog ====
# AdwCleaner v3.310 - Report created 15/09/2014 at 06:22:40
# Updated 12/09/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : user - HOUSE-LAPTOP
# Running from : C:\Users\user\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\users\user\AppData\Local\ArcadeGiant
Folder Deleted : C:\users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ArcadeGiant

***** [ Scheduled Tasks ] *****

Task Deleted : ArcadeGiant Updater

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{41829420-151B-4920-B8A5-16BE4601B42A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4FD3B33A-372C-439E-BB87-017365EC693C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B3B723CD-7242-4775-B10E-74DB7F4CB5A1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{62970E2F-A895-4848-B46C-FBD071192995}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4FD3B33A-372C-439E-BB87-017365EC693C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{41829420-151B-4920-B8A5-16BE4601B42A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{4FD3B33A-372C-439E-BB87-017365EC693C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{4FD3B33A-372C-439E-BB87-017365EC693C}
Key Deleted : HKCU\Software\SaveSense
Key Deleted : HKLM\SOFTWARE\SaveSense

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.17280


*************************

AdwCleaner[R0].txt - [5849 octets] - [14/09/2014 13:21:20]
AdwCleaner[R1].txt - [1969 octets] - [15/09/2014 06:10:40]
AdwCleaner[S0].txt - [4672 octets] - [14/09/2014 13:22:24]
AdwCleaner[S1].txt - [1875 octets] - [15/09/2014 06:22:40]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [1935 octets] ##########

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by user (administrator) on HOUSE-LAPTOP on 15-09-2014 16:54:05
Running from C:\Users\user\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Hewlett-Packard Company) C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_15_0_0_152_ActiveX.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2480936 2010-12-17] (Synaptics Incorporated)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2010-11-03] (Intel® Corporation)
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-07-22] (Hewlett-Packard Company)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2013-07-03] (IDT, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2010-12-31] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-18] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2010-11-25] (cyberlink)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [318520 2010-12-14] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [574008 2011-07-11] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-01] (Apple Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2011-10-31] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [fst_au_200] => [X]
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-09-02] (AVAST Software)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-08-19] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\Run: [Mobile Partner] => C:\Program Files (x86)\Optus Mini WiFi\Optus Mini WiFi Modem
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {004b935e-fc78-11e2-8da6-cc52af86b9e6} - I:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {0174174a-ab41-11e3-9629-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {017774e8-5081-11e3-a67b-806e6f6e6963} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {0177753f-5081-11e3-a67b-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {01777571-5081-11e3-a67b-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {05a738ee-41b2-11e3-9c9c-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {0814bce8-1592-11e3-9299-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {094e2e95-9389-11e3-91b8-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {0b1e62a9-1d73-11e3-9e35-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {0b1e6300-1d73-11e3-9e35-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {0b1e633e-1d73-11e3-9e35-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {0bc84667-3c9f-11e3-93a1-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {0ce730a5-4e65-11e3-89c1-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {0ebb70d7-acc3-11e3-ac5b-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {0ebb7181-acc3-11e3-ac5b-cc52af86b9e6} - I:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {135ba709-347e-11e3-b7dd-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {186ccf21-47a9-11e3-ba95-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {19125bf7-ef5b-11e2-86ef-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {1afcad3a-2abc-11e3-a60b-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {1b314d80-69d1-11e3-8fcf-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {1c685861-0b8f-11e3-9584-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {1eb2cdde-099e-11e3-89b7-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {1f1344ff-f264-11e2-a758-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {1f13453c-f264-11e2-a758-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {1f134616-f264-11e2-a758-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {1f1346e8-f264-11e2-a758-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {2535e59b-29b4-11e3-bcd1-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {25c34b36-7fa2-11e3-9f11-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {25f1207a-0756-11e3-91c2-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {26e02e56-503d-11e3-8ab1-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {26e02e67-503d-11e3-8ab1-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {2838ce3e-0390-11e3-8cff-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {28ddac65-7eb4-11e3-a017-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {2ac9ecd7-a957-11e3-8bd8-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {2b4a35bd-091d-11e3-aecb-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {2ba2a04a-f62c-11e2-a8a4-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {30bdbcc7-3e7a-11e3-85c0-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {34422324-6779-11e3-b741-cc52af86b9e6} - I:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {366b773d-71d5-11e3-983e-2c27d7a99e25} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {366b77ca-71d5-11e3-983e-2c27d7a99e25} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {3902737d-a0b7-11e3-9a7f-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {39399079-9aa2-11e3-bd86-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {3939909b-9aa2-11e3-bd86-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {3b305759-97fb-11e3-8f95-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {3b33a5b6-f3ec-11e2-a2a2-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {3b33a69d-f3ec-11e2-a2a2-cc52af86b9e6} - I:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {3c0ebc02-1d04-11e3-9193-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {3d9836b6-6ab1-11e3-96f3-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {42adb1ab-c857-11e3-acd4-cc52af86b9e6} - I:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {43f37a37-05ff-11e3-a3ea-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {43f4a81b-4974-11e3-9607-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {43f4a84b-4974-11e3-9607-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {445c8c21-3e5c-11e3-93af-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {445c8c7b-3e5c-11e3-93af-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {4c3a8231-1eed-11e3-bc4a-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {4c6cadf2-8dc4-11e3-a109-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {4c832dc6-34f5-11e3-8cd3-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {5012a9c2-2fa0-11e3-9782-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {50a1c17f-8316-11e3-8ca4-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {50a1c18e-8316-11e3-8ca4-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {50a1c1a0-8316-11e3-8ca4-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {50a1c1af-8316-11e3-8ca4-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {5145e900-023c-11e3-b26c-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {51dd592a-0b2f-11e3-8040-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {547ea097-2a14-11e3-a313-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {5608625b-58bd-11e3-96ba-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {5608626b-58bd-11e3-96ba-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {56380318-fd37-11e2-bc44-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {56380325-fd37-11e2-bc44-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {5dd271a3-4e25-11e3-83f6-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {5eb4e1cf-15f8-11e3-ae8a-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {5f9e2409-6b5e-11e3-90ea-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {5f9e2477-6b5e-11e3-90ea-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {5f9e24b4-6b5e-11e3-90ea-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {6475514f-336e-11e3-89e7-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {689de9b3-5e62-11e3-a1a8-cc52af86b9e6} - I:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {6919fdf5-7a31-11e3-a032-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {6a3731c8-faec-11e2-9306-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {6a3731f4-faec-11e2-9306-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {6a373265-faec-11e2-9306-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {6a593307-61cc-11e3-9b83-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {6a84cd87-48ed-11e3-98d0-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {6b9c1612-4be5-11e3-b53d-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {6c62cb5c-7ca6-11e3-a31a-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {730dd9c4-20e2-11e3-bbe6-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {74baedb1-3459-11e3-96c4-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {76cdc09d-0834-11e3-86d9-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {77adb30a-09f0-11e3-9b8e-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {7ab3a084-1093-11e3-866c-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {7ccc5f3f-7ef3-11e3-a665-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {7ce10bcd-1a50-11e3-8d28-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {7cede570-f0aa-11e2-8cf7-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {7cede6db-f0aa-11e2-8cf7-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {7eda9e83-3fb2-11e3-b8d6-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {7ef3a575-a426-11e3-b6ac-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {80187124-96f8-11e3-ac9b-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {80c36fff-8c32-11e3-a6e7-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {816dda89-fa39-11e2-a5f7-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {854f7185-8ab0-11e3-aecb-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {87cd9ce2-480e-11e3-8918-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {8893506a-5b80-11e3-9917-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {88e16850-150b-11e3-8b70-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {8c0ab00c-4835-11e3-a7af-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {8e063e34-2561-11e3-be07-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {8f9ccf57-9b0f-11e3-9232-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {97ce511d-0c3a-11e3-af23-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {99f6e97c-0352-11e3-84bf-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {9c7c84c4-4e49-11e3-b69a-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {a05b2f60-8cf7-11e3-88a8-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {a26134f9-198f-11e3-a9b3-2c27d7a99e25} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {a5f8786e-1ca6-11e3-bd36-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {aa79033c-fbd4-11e2-a785-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {afd8cf9f-17f9-11e3-a6bb-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {b0322736-d7a6-11e2-91d2-806e6f6e6963} - F:\InstallNavi.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {b0c9695c-8077-11e3-a943-2c27d7a99e25} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {b3b3211a-aa19-11e3-9b1b-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {b3b32123-aa19-11e3-9b1b-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {b460b663-4733-11e3-99d7-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {b48cbeb3-efd4-11e2-8a53-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {b6aafb24-5d12-11e3-a1ce-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {b87b4f17-9df5-11e3-8465-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {b908f011-127f-11e3-a392-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {bc3423ca-635e-11e3-a766-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {bc703434-2c5f-11e3-a5a6-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {bfd52565-5473-11e3-b348-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {c14d87ed-2d2e-11e3-8885-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {c80c8806-ff93-11e2-8259-806e6f6e6963} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {c80c886b-ff93-11e2-8259-2c27d7a99e25} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {c80c88b2-ff93-11e2-8259-2c27d7a99e25} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {c80c8966-ff93-11e2-8259-2c27d7a99e25} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {c893757d-2646-11e3-bbc2-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {cc34860d-310e-11e3-b1be-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {d0e3416e-59f6-11e3-bb1b-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {d0e341d0-59f6-11e3-bb1b-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {d4e273be-b772-11e3-89b6-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {d4e273e6-b772-11e3-89b6-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {d4e27416-b772-11e3-89b6-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {d4e27439-b772-11e3-89b6-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {e0ee20e9-2fae-11e3-87f7-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {e4912c48-b38b-11e3-b9d1-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {e4912c83-b38b-11e3-b9d1-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {e4bcd667-4295-11e3-83aa-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {e4bcd785-4295-11e3-83aa-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {eaf97a96-2d0a-11e3-a92e-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {eb4393ea-4608-11e3-9eb5-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {ed4305b5-95e6-11e3-a7da-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {f09caad1-79fe-11e3-973e-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {f0c843ae-2af1-11e3-9ed2-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {f1f7b2c7-b0a1-11e3-8d3f-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {f4bf476c-19c9-11e3-a641-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {f5e900a2-409a-11e3-a7ad-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {f5e90109-409a-11e3-a7ad-cc52af86b9e6} - I:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {f7b2b2e3-22b4-11e3-8960-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {f7b2b342-22b4-11e3-8960-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {f7e1fd12-6e5c-11e3-ad5a-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {f80829d3-f563-11e2-88ce-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {f9f31524-c09b-11e3-a1a8-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {f9f315bd-c09b-11e3-a1a8-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {fa321ff5-f879-11e2-a5fa-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {fa322067-f879-11e2-a5fa-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {faff9284-308a-11e3-9a8e-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {fddae537-f6ec-11e2-9ad9-cc52af86b9e6} - H:\AutoRun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish PictureMover.lnk
ShortcutTarget: Snapfish PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: 00Zecter -> {D25B32FE-CB96-491A-98FF-AD59DA382D69} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll (Versionate Inc.)
ShellIconOverlayIdentifiers: 01Zecter -> {EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll (Versionate Inc.)
ShellIconOverlayIdentifiers: 02Zecter -> {B3C78E40-6B64-47C3-AE34-60B770881EB8} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll (Versionate Inc.)
ShellIconOverlayIdentifiers: 03Zecter -> {622AFE52-33F6-4D9F-9966-E0BC52D7D69D} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll (Versionate Inc.)
ShellIconOverlayIdentifiers: 04Zecter -> {855156F0-2A0F-11DE-8C30-0800200C9A66} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll (Versionate Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ninemsn.com.au/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: No Name -> {d08ab008-0647-4784-8e2c-5769cd4a7c3a} -> No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @TrendMicro.com/FFExtension -> C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-09-02]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-09-02]
CHR HKLM-x32\...\Chrome\Extension: [nhfpefkeidlhbjljfdojcnngjbddgein] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2010-11-18]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-09-02] (AVAST Software)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2010-11-25] (CyberLink)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-15] ()
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-11-03] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-09-02] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-09-02] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-09-02] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-09-02] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-09-02] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-09-02] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-09-02] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-09-02] ()
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-09-01] (Intel Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2012-09-10] (Apple Inc.) [File not signed]
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 clwvd; system32\DRIVERS\clwvd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-15 06:39 - 2014-09-15 06:39 - 00002015 _____ () C:\Users\user\Desktop\AdwCleaner[S1] mon morn.txt
2014-09-14 18:06 - 2014-09-14 18:15 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-14 18:06 - 2014-09-14 18:06 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-14 18:05 - 2014-09-14 18:15 - 00000000 ____D () C:\Users\user\Desktop\mbar
2014-09-14 18:05 - 2014-09-14 18:05 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-14 18:04 - 2014-09-14 18:04 - 14349744 _____ (Malwarebytes Corp.) C:\Users\user\Downloads\mbar-1.07.0.1012.exe
2014-09-14 15:41 - 2014-09-14 15:41 - 00470608 _____ () C:\Windows\Minidump\091414-22542-01.dmp
2014-09-14 14:14 - 2014-09-14 14:14 - 00380416 _____ () C:\Users\user\Downloads\GMER.exe
2014-09-14 13:37 - 2014-09-14 13:37 - 00001723 _____ () C:\Users\user\Desktop\JRT.txt
2014-09-14 13:30 - 2014-09-14 13:30 - 00000000 ____D () C:\Windows\ERUNT
2014-09-14 13:28 - 2014-09-14 13:28 - 00699016 _____ (CNET Download.com) C:\Users\user\Downloads\cbsidlm-cbsi213-Junkware_Removal_Tool-SEO-75910255.exe
2014-09-14 13:25 - 2014-09-14 13:25 - 00004672 _____ () C:\Users\user\Desktop\AdwCleaner[S0].txt
2014-09-14 13:21 - 2014-09-15 06:22 - 00000000 ____D () C:\AdwCleaner
2014-09-14 13:20 - 2014-09-14 13:20 - 01373475 _____ () C:\Users\user\Downloads\AdwCleaner.exe
2014-09-13 14:56 - 2014-09-13 14:56 - 00086744 _____ () C:\Users\user\Desktop\FRST.txt
2014-09-13 14:46 - 2014-09-13 14:46 - 00032523 _____ () C:\Users\user\Desktop\Addition.txt
2014-09-13 14:42 - 2014-09-15 16:54 - 00038471 _____ () C:\Users\user\Downloads\FRST.txt
2014-09-13 14:42 - 2014-09-15 16:54 - 00000000 ____D () C:\FRST
2014-09-13 14:42 - 2014-09-13 14:43 - 00032523 _____ () C:\Users\user\Downloads\Addition.txt
2014-09-13 14:41 - 2014-09-13 14:41 - 02105856 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe
2014-09-13 14:34 - 2014-09-13 15:14 - 00001007 _____ () C:\Users\user\Desktop\checkup.txt
2014-09-13 14:29 - 2014-09-13 14:29 - 00854417 _____ () C:\Users\user\Downloads\SecurityCheck.exe
2014-09-13 08:31 - 2014-09-13 08:31 - 00003126 _____ () C:\Windows\System32\Tasks\{8585E23B-1834-44C6-8B35-112E2FB58358}
2014-09-13 08:30 - 2014-09-13 08:30 - 00016130 _____ () C:\Users\user\Downloads\hijackthis.log
2014-09-13 08:30 - 2014-09-13 08:30 - 00016130 _____ () C:\Users\user\Desktop\hijackthis.log
2014-09-13 08:25 - 2014-09-13 08:26 - 00388608 _____ (Trend Micro Inc.) C:\Users\user\Downloads\HiJackThis.exe
2014-09-13 07:29 - 2014-09-14 18:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-13 05:22 - 2014-08-20 03:35 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-13 05:22 - 2014-08-20 03:09 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-13 05:22 - 2014-08-19 08:31 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-13 05:22 - 2014-08-19 07:59 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-13 05:22 - 2014-08-19 07:59 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-13 05:22 - 2014-08-19 07:56 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-13 05:22 - 2014-08-19 07:50 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-13 05:22 - 2014-08-19 07:49 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-13 05:22 - 2014-08-19 07:45 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-13 05:22 - 2014-08-19 07:45 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-13 05:22 - 2014-08-19 07:44 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-13 05:22 - 2014-08-19 07:44 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-13 05:22 - 2014-08-19 07:38 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-13 05:22 - 2014-08-19 07:38 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-13 05:22 - 2014-08-19 07:38 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-13 05:22 - 2014-08-19 07:35 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-13 05:22 - 2014-08-19 07:33 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-13 05:22 - 2014-08-19 07:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-13 05:22 - 2014-08-19 07:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-13 05:22 - 2014-08-19 07:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-13 05:22 - 2014-08-19 07:26 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-13 05:22 - 2014-08-19 07:21 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-13 05:22 - 2014-08-19 07:16 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-13 05:22 - 2014-08-19 07:15 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-13 05:22 - 2014-08-19 07:15 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-13 05:22 - 2014-08-19 07:14 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-13 05:22 - 2014-08-19 07:14 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-13 05:22 - 2014-08-19 07:12 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-13 05:22 - 2014-08-19 07:10 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-13 05:22 - 2014-08-19 07:09 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-13 05:22 - 2014-08-19 07:09 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-13 05:22 - 2014-08-19 07:09 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-13 05:22 - 2014-08-19 07:08 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-13 05:22 - 2014-08-19 07:07 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-13 05:22 - 2014-08-19 07:06 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-13 05:22 - 2014-08-19 07:05 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-13 05:22 - 2014-08-19 06:57 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-13 05:22 - 2014-08-19 06:55 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-13 05:22 - 2014-08-19 06:55 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-13 05:22 - 2014-08-19 06:53 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-13 05:22 - 2014-08-19 06:53 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-13 05:22 - 2014-08-19 06:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-13 05:22 - 2014-08-19 06:49 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-13 05:22 - 2014-08-19 06:47 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-13 05:22 - 2014-08-19 06:47 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-13 05:22 - 2014-08-19 06:46 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-13 05:22 - 2014-08-19 06:45 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-13 05:22 - 2014-08-19 06:45 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-13 05:22 - 2014-08-19 06:39 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-13 05:22 - 2014-08-19 06:38 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-13 05:22 - 2014-08-19 06:37 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-13 05:22 - 2014-08-19 06:25 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-13 05:22 - 2014-08-19 06:16 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-13 05:22 - 2014-08-19 06:08 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-13 05:22 - 2014-08-19 06:08 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-13 05:22 - 2014-08-19 06:06 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-13 05:18 - 2014-06-27 11:38 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-13 05:18 - 2014-06-27 11:15 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-11 19:32 - 2014-08-01 21:23 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-11 19:32 - 2014-08-01 21:05 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-11 19:29 - 2014-07-07 11:36 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-11 19:29 - 2014-07-07 11:36 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-11 19:29 - 2014-07-07 11:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-11 19:29 - 2014-07-07 11:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-11 19:29 - 2014-07-07 11:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-11 19:22 - 2014-06-24 12:59 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-11 19:22 - 2014-06-24 12:29 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-02 18:28 - 2014-09-02 18:28 - 00000854 _____ () C:\Users\user\Desktop\µTorrent.lnk
2014-09-02 18:26 - 2014-09-04 13:52 - 00000000 ____D () C:\Users\user\AppData\Roaming\uTorrent
2014-09-02 17:48 - 2014-09-02 17:48 - 00000000 ____D () C:\Users\user\AppData\Roaming\AVAST Software
2014-09-02 17:47 - 2014-09-15 06:00 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-02 17:47 - 2014-09-02 17:47 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-09-02 17:47 - 2014-09-02 17:47 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-09-02 17:47 - 2014-09-02 17:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-09-02 17:47 - 2014-09-02 17:46 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-09-02 17:47 - 2014-09-02 17:46 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-09-02 17:47 - 2014-09-02 17:46 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-09-02 17:47 - 2014-09-02 17:46 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-09-02 17:47 - 2014-09-02 17:46 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-09-02 17:46 - 2014-09-02 17:46 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-09-02 17:46 - 2014-09-02 17:46 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-09-02 17:46 - 2014-09-02 17:46 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-09-02 17:46 - 2014-09-02 17:46 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-09-02 17:40 - 2014-09-02 17:40 - 00000000 ____D () C:\Program Files\AVAST Software
2014-09-02 17:38 - 2014-09-02 17:40 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-09-02 17:38 - 2014-09-02 17:38 - 04862664 _____ (AVAST Software) C:\Users\user\Downloads\avast_free_antivirus_setup_online.exe
2014-09-02 17:33 - 2014-08-25 06:53 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-02 17:02 - 2014-09-02 17:02 - 00000584 _____ () C:\Windows\system32\TmInstall.log
2014-09-02 16:56 - 2014-09-02 16:56 - 00631728 _____ (ClickMeIn Limited) C:\Users\user\AppData\Local\nsi3FD6.tmp
2014-09-02 11:00 - 2014-09-13 05:18 - 00000000 ___HD () C:\Users\Public\Temp
2014-09-02 10:59 - 2014-09-02 10:59 - 00000000 ____D () C:\Users\user\AppData\Local\com
2014-09-02 10:58 - 2014-09-14 13:22 - 00001100 _____ () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-09-02 10:58 - 2014-09-02 17:06 - 00000003 _____ () C:\Users\user\AppData\Local\proxy.log
2014-09-02 10:51 - 2014-09-02 10:51 - 01942864 _____ (BitTorrent Inc.) C:\Users\user\Desktop\uTorrent.exe
2014-09-02 10:46 - 2014-09-02 10:46 - 00575544 _____ (ClickMeIn Limited) C:\Users\user\AppData\Local\nsbA256.tmp
2014-09-02 10:33 - 2014-09-14 07:36 - 00000000 ____D () C:\Program Files (x86)\CDC27E14-F7CE-431E-BBE0-76C7592FBEF6
2014-09-02 10:31 - 2014-09-14 07:36 - 00000000 ____D () C:\Program Files\005
2014-09-02 10:26 - 2014-09-02 10:26 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-09-02 10:26 - 2014-07-25 12:55 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-09-02 10:26 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-09-02 10:26 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-09-02 10:26 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-09-02 10:11 - 2014-08-23 11:37 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-09-02 10:11 - 2014-08-23 11:15 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-09-02 10:11 - 2014-08-23 10:29 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-09-01 10:22 - 2014-07-09 11:33 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-09-01 10:22 - 2014-07-09 11:33 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-09-01 10:22 - 2014-07-09 11:33 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-09-01 10:22 - 2014-07-09 11:33 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-09-01 10:22 - 2014-07-09 11:33 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-09-01 10:22 - 2014-07-09 11:01 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-09-01 10:22 - 2014-07-09 11:01 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-09-01 10:22 - 2014-07-09 11:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-09-01 10:22 - 2014-07-09 11:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-09-01 10:22 - 2014-07-09 11:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-09-01 10:22 - 2014-07-09 08:08 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-09-01 10:22 - 2014-07-09 08:00 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-09-01 10:22 - 2014-06-25 11:35 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-09-01 10:22 - 2014-06-25 11:11 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-09-01 10:17 - 2014-07-16 12:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-01 10:17 - 2014-07-16 12:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-01 10:17 - 2014-06-18 11:48 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-09-01 10:17 - 2014-06-18 11:21 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-09-01 10:17 - 2014-06-06 19:40 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-09-01 10:17 - 2014-06-06 19:14 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-09-01 10:17 - 2014-06-03 19:32 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-09-01 10:17 - 2014-06-03 19:32 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-09-01 10:17 - 2014-06-03 19:32 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-09-01 10:17 - 2014-06-03 19:32 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-09-01 10:17 - 2014-06-03 18:59 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-09-01 10:17 - 2014-06-03 18:59 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-09-01 10:17 - 2014-06-03 18:59 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-09-01 10:17 - 2014-05-30 16:15 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-09-01 10:15 - 2014-06-16 11:40 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-09-01 10:15 - 2014-05-30 17:38 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-09-01 10:15 - 2014-05-30 17:38 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-09-01 10:15 - 2014-05-30 17:38 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-09-01 10:15 - 2014-05-30 17:38 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-09-01 10:15 - 2014-05-30 17:38 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-09-01 10:15 - 2014-05-30 17:38 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-09-01 10:15 - 2014-05-30 17:22 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-09-01 10:15 - 2014-05-30 17:22 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-09-01 10:15 - 2014-05-30 17:22 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-09-01 10:15 - 2014-05-30 17:22 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-09-01 10:15 - 2014-05-30 17:22 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-09-01 10:15 - 2014-05-30 17:22 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-09-01 10:03 - 2014-07-14 11:32 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-09-01 10:03 - 2014-07-14 11:10 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-09-01 10:02 - 2014-08-07 11:36 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-01 10:02 - 2014-08-07 11:31 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-01 10:01 - 2014-05-15 01:53 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-09-01 10:01 - 2014-05-15 01:53 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-09-01 10:01 - 2014-05-15 01:53 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-09-01 10:01 - 2014-05-15 01:53 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-09-01 10:01 - 2014-05-15 01:53 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-09-01 10:01 - 2014-05-15 01:53 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-09-01 10:01 - 2014-05-15 01:53 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-09-01 10:01 - 2014-05-15 01:51 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-09-01 10:01 - 2014-05-15 01:50 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-09-01 10:01 - 2014-05-15 01:47 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-09-01 10:01 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-09-01 10:01 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-09-01 10:01 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-09-01 10:01 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-29 15:55 - 2014-07-01 07:54 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-29 15:55 - 2014-07-01 07:44 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-29 15:55 - 2014-06-06 15:46 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-29 15:55 - 2014-06-06 15:42 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-29 15:55 - 2014-03-10 07:18 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-29 15:55 - 2014-03-10 07:18 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-29 15:55 - 2014-03-10 07:17 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-29 15:55 - 2014-03-10 07:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-15 16:54 - 2014-09-13 14:42 - 00038471 _____ () C:\Users\user\Downloads\FRST.txt
2014-09-15 16:54 - 2014-09-13 14:42 - 00000000 ____D () C:\FRST
2014-09-15 16:51 - 2013-06-23 22:08 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-15 06:39 - 2014-09-15 06:39 - 00002015 _____ () C:\Users\user\Desktop\AdwCleaner[S1] mon morn.txt
2014-09-15 06:39 - 2013-07-03 09:07 - 00000000 ____D () C:\Users\user\AppData\Roaming\Skype
2014-09-15 06:39 - 2013-02-12 04:45 - 01640360 _____ () C:\Windows\WindowsUpdate.log
2014-09-15 06:38 - 2009-07-14 14:43 - 00784326 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-15 06:36 - 2013-06-18 09:06 - 01078666 _____ () C:\Windows\setupact.log
2014-09-15 06:31 - 2009-07-14 14:15 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-15 06:31 - 2009-07-14 14:15 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-15 06:24 - 2013-07-08 12:49 - 00000439 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-09-15 06:23 - 2013-02-12 05:10 - 01144322 _____ () C:\Windows\PFRO.log
2014-09-15 06:23 - 2009-07-14 14:38 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-15 06:22 - 2014-09-14 13:21 - 00000000 ____D () C:\AdwCleaner
2014-09-15 06:00 - 2014-09-02 17:47 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-14 18:37 - 2009-07-14 15:02 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-09-14 18:15 - 2014-09-14 18:06 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-14 18:15 - 2014-09-14 18:05 - 00000000 ____D () C:\Users\user\Desktop\mbar
2014-09-14 18:06 - 2014-09-14 18:06 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-14 18:06 - 2014-09-13 07:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-14 18:05 - 2014-09-14 18:05 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-14 18:04 - 2014-09-14 18:04 - 14349744 _____ (Malwarebytes Corp.) C:\Users\user\Downloads\mbar-1.07.0.1012.exe
2014-09-14 15:41 - 2014-09-14 15:41 - 00470608 _____ () C:\Windows\Minidump\091414-22542-01.dmp
2014-09-14 15:41 - 2014-01-10 10:25 - 1112895121 _____ () C:\Windows\MEMORY.DMP
2014-09-14 15:41 - 2014-01-10 10:25 - 00000000 ____D () C:\Windows\Minidump
2014-09-14 14:14 - 2014-09-14 14:14 - 00380416 _____ () C:\Users\user\Downloads\GMER.exe
2014-09-14 13:37 - 2014-09-14 13:37 - 00001723 _____ () C:\Users\user\Desktop\JRT.txt
2014-09-14 13:30 - 2014-09-14 13:30 - 00000000 ____D () C:\Windows\ERUNT
2014-09-14 13:28 - 2014-09-14 13:28 - 00699016 _____ (CNET Download.com) C:\Users\user\Downloads\cbsidlm-cbsi213-Junkware_Removal_Tool-SEO-75910255.exe
2014-09-14 13:25 - 2014-09-14 13:25 - 00004672 _____ () C:\Users\user\Desktop\AdwCleaner[S0].txt
2014-09-14 13:22 - 2014-09-02 10:58 - 00001100 _____ () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-09-14 13:20 - 2014-09-14 13:20 - 01373475 _____ () C:\Users\user\Downloads\AdwCleaner.exe
2014-09-14 13:15 - 2014-08-14 16:08 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForuser.job
2014-09-14 08:27 - 2009-07-14 12:50 - 00000000 ____D () C:\Windows\rescache
2014-09-14 07:36 - 2014-09-02 10:33 - 00000000 ____D () C:\Program Files (x86)\CDC27E14-F7CE-431E-BBE0-76C7592FBEF6
2014-09-14 07:36 - 2014-09-02 10:31 - 00000000 ____D () C:\Program Files\005
2014-09-13 15:14 - 2014-09-13 14:34 - 00001007 _____ () C:\Users\user\Desktop\checkup.txt
2014-09-13 14:56 - 2014-09-13 14:56 - 00086744 _____ () C:\Users\user\Desktop\FRST.txt
2014-09-13 14:46 - 2014-09-13 14:46 - 00032523 _____ () C:\Users\user\Desktop\Addition.txt
2014-09-13 14:43 - 2014-09-13 14:42 - 00032523 _____ () C:\Users\user\Downloads\Addition.txt
2014-09-13 14:41 - 2014-09-13 14:41 - 02105856 _____ (Farbar) C:\Users\user\Downloads\FRST64.exe
2014-09-13 14:29 - 2014-09-13 14:29 - 00854417 _____ () C:\Users\user\Downloads\SecurityCheck.exe
2014-09-13 08:31 - 2014-09-13 08:31 - 00003126 _____ () C:\Windows\System32\Tasks\{8585E23B-1834-44C6-8B35-112E2FB58358}
2014-09-13 08:30 - 2014-09-13 08:30 - 00016130 _____ () C:\Users\user\Downloads\hijackthis.log
2014-09-13 08:30 - 2014-09-13 08:30 - 00016130 _____ () C:\Users\user\Desktop\hijackthis.log
2014-09-13 08:26 - 2014-09-13 08:25 - 00388608 _____ (Trend Micro Inc.) C:\Users\user\Downloads\HiJackThis.exe
2014-09-13 08:26 - 2013-02-11 11:07 - 00000000 ____D () C:\Users\user\AppData\Local\VirtualStore
2014-09-13 05:21 - 2013-07-24 00:25 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-13 05:21 - 2013-02-11 11:23 - 00768636 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-13 05:18 - 2014-09-02 11:00 - 00000000 ___HD () C:\Users\Public\Temp
2014-09-13 05:18 - 2013-06-21 14:53 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-10 11:58 - 2013-06-26 04:22 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-09-10 11:57 - 2013-07-02 20:11 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-09-10 11:57 - 2013-06-23 22:08 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-10 11:57 - 2013-06-23 22:08 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-10 11:57 - 2013-06-23 22:08 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-07 11:17 - 2009-07-14 14:15 - 00268392 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-04 13:52 - 2014-09-02 18:26 - 00000000 ____D () C:\Users\user\AppData\Roaming\uTorrent
2014-09-04 13:43 - 2009-07-14 12:50 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-02 18:28 - 2014-09-02 18:28 - 00000854 _____ () C:\Users\user\Desktop\µTorrent.lnk
2014-09-02 17:48 - 2014-09-02 17:48 - 00000000 ____D () C:\Users\user\AppData\Roaming\AVAST Software
2014-09-02 17:47 - 2014-09-02 17:47 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-09-02 17:47 - 2014-09-02 17:47 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-09-02 17:47 - 2014-09-02 17:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-09-02 17:46 - 2014-09-02 17:47 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-09-02 17:46 - 2014-09-02 17:47 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-09-02 17:46 - 2014-09-02 17:47 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-09-02 17:46 - 2014-09-02 17:47 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-09-02 17:46 - 2014-09-02 17:47 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-09-02 17:46 - 2014-09-02 17:46 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-09-02 17:46 - 2014-09-02 17:46 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-09-02 17:46 - 2014-09-02 17:46 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-09-02 17:46 - 2014-09-02 17:46 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-09-02 17:40 - 2014-09-02 17:40 - 00000000 ____D () C:\Program Files\AVAST Software
2014-09-02 17:40 - 2014-09-02 17:38 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-09-02 17:38 - 2014-09-02 17:38 - 04862664 _____ (AVAST Software) C:\Users\user\Downloads\avast_free_antivirus_setup_online.exe
2014-09-02 17:16 - 2009-07-14 12:04 - 00000505 _____ () C:\Windows\win.ini
2014-09-02 17:06 - 2014-09-02 10:58 - 00000003 _____ () C:\Users\user\AppData\Local\proxy.log
2014-09-02 17:02 - 2014-09-02 17:02 - 00000584 _____ () C:\Windows\system32\TmInstall.log
2014-09-02 17:00 - 2013-06-21 14:13 - 00000000 ____D () C:\ProgramData\Trend Micro
2014-09-02 16:59 - 2013-06-21 14:18 - 00000000 ____D () C:\Users\user\AppData\Local\Trend Micro
2014-09-02 16:59 - 2013-06-21 14:16 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-09-02 16:56 - 2014-09-02 16:56 - 00631728 _____ (ClickMeIn Limited) C:\Users\user\AppData\Local\nsi3FD6.tmp
2014-09-02 10:59 - 2014-09-02 10:59 - 00000000 ____D () C:\Users\user\AppData\Local\com
2014-09-02 10:58 - 2013-07-02 11:18 - 00000000 ____D () C:\Users\user\AppData\Local\CrashDumps
2014-09-02 10:51 - 2014-09-02 10:51 - 01942864 _____ (BitTorrent Inc.) C:\Users\user\Desktop\uTorrent.exe
2014-09-02 10:46 - 2014-09-02 10:46 - 00575544 _____ (ClickMeIn Limited) C:\Users\user\AppData\Local\nsbA256.tmp
2014-09-02 10:33 - 2013-10-16 07:42 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-02 10:26 - 2014-09-02 10:26 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-09-02 10:26 - 2011-01-19 07:36 - 00000000 ____D () C:\Program Files (x86)\Java
2014-09-02 10:14 - 2009-07-14 12:50 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-09-02 10:14 - 2009-07-14 12:50 - 00000000 ____D () C:\Windows\system32\Dism
2014-09-02 10:14 - 2009-07-14 12:50 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-09-02 09:49 - 2014-06-01 14:35 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-01 18:21 - 2013-06-25 03:01 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-09-01 18:21 - 2013-06-25 03:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-08-29 15:58 - 2013-06-25 03:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-08-25 06:53 - 2014-09-02 17:33 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-23 11:37 - 2014-09-02 10:11 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 11:15 - 2014-09-02 10:11 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 10:29 - 2014-09-02 10:11 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-20 03:35 - 2014-09-13 05:22 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-20 03:09 - 2014-09-13 05:22 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-19 08:31 - 2014-09-13 05:22 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-19 07:59 - 2014-09-13 05:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-19 07:59 - 2014-09-13 05:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-19 07:56 - 2014-09-13 05:22 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-19 07:50 - 2014-09-13 05:22 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-19 07:49 - 2014-09-13 05:22 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-19 07:45 - 2014-09-13 05:22 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-19 07:45 - 2014-09-13 05:22 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-19 07:44 - 2014-09-13 05:22 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-19 07:44 - 2014-09-13 05:22 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-19 07:38 - 2014-09-13 05:22 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-19 07:38 - 2014-09-13 05:22 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-19 07:38 - 2014-09-13 05:22 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-19 07:35 - 2014-09-13 05:22 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-19 07:33 - 2014-09-13 05:22 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-19 07:33 - 2014-09-13 05:22 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-19 07:33 - 2014-09-13 05:22 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-19 07:27 - 2014-09-13 05:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-19 07:26 - 2014-09-13 05:22 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-19 07:21 - 2014-09-13 05:22 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-19 07:16 - 2014-09-13 05:22 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-19 07:15 - 2014-09-13 05:22 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-19 07:15 - 2014-09-13 05:22 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-19 07:14 - 2014-09-13 05:22 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-19 07:14 - 2014-09-13 05:22 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-19 07:12 - 2014-09-13 05:22 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-19 07:10 - 2014-09-13 05:22 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-19 07:09 - 2014-09-13 05:22 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-19 07:09 - 2014-09-13 05:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-19 07:09 - 2014-09-13 05:22 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-19 07:08 - 2014-09-13 05:22 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-19 07:07 - 2014-09-13 05:22 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-19 07:06 - 2014-09-13 05:22 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-19 07:05 - 2014-09-13 05:22 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-19 06:57 - 2014-09-13 05:22 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-19 06:55 - 2014-09-13 05:22 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-19 06:55 - 2014-09-13 05:22 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-19 06:53 - 2014-09-13 05:22 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-19 06:53 - 2014-09-13 05:22 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-19 06:52 - 2014-09-13 05:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-19 06:49 - 2014-09-13 05:22 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-19 06:47 - 2014-09-13 05:22 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-19 06:47 - 2014-09-13 05:22 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-19 06:46 - 2014-09-13 05:22 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-19 06:45 - 2014-09-13 05:22 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-19 06:45 - 2014-09-13 05:22 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-19 06:39 - 2014-09-13 05:22 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-19 06:38 - 2014-09-13 05:22 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-19 06:37 - 2014-09-13 05:22 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-19 06:25 - 2014-09-13 05:22 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-19 06:16 - 2014-09-13 05:22 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-19 06:08 - 2014-09-13 05:22 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-19 06:08 - 2014-09-13 05:22 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-19 06:06 - 2014-09-13 05:22 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

Some content of TEMP:
====================
C:\Users\user\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-06 00:54

==================== End Of Log ============================

Edited by shucky, 15 September 2014 - 01:43 AM.


#12 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 15 September 2014 - 01:39 PM

Hi shucky,
 

I'm seeing firefox and Chrome at the bottom of one of these logs I believe it maybe the ADwcleaner, that's not saying I have these 2 browsers installed is it? I only use IE.

The items listed under Firefox and Chrome show in the logs because other programs that you use or have installed have plugins or extensions associated with them that are used by these browsers. They are installed when you install the program so that should you decide to use a different browser in the future the plug-in/extension will already be in place.

=========================

What did you decide with reference to the file sharing (P2P) program uTorrent you have installed?

=========================

Your log shows that you are running these tools from the Downloads folder. For optimum results the tools should be run from the Desktop, and the FRST scripts should be saved to the Desktop as well.

Running from C:\Users\user\Downloads

Please re-run the following script, but first move the FRST program to the Desktop.

=========================

bullseye_zpse9eaf36e.gif FRST Fix Script

Open notepad. Please copy the contents of the code box below. To do this highlight the contents of the box and right click on it. Paste this into the open notepad. Save it on the desktop as fixlist.txt
 

Start
() C:\Program Files (x86)\neurowise\updateneurowise.exe
() C:\Program Files (x86)\neurowise\bin\utilneurowise.exe
(Systweak Software, (www.systweak.com)) C:\Program Files (x86)\DLCleaner\dlcleaner.exe
(Systweak Software, (www.systweak.com)) C:\Program Files (x86)\DLCleaner\DLCSystemCleaner.exe
(Systweak Software, (www.systweak.com)) C:\Program Files (x86)\DLCleaner\DLCPrivacyProtector.exe
(Systweak Software, (www.systweak.com)) C:\Program Files (x86)\DLCleaner\DLCDriverUpdater.exe
S2 DLCDiskOptimizer; C:\Program Files (x86)\DLCleaner\DLCDefragSrv64.exe [276264 2013-10-24] (Systweak Software, (www.systweak.com))
R2 Update neurowise; C:\Program Files (x86)\neurowise\updateneurowise.exe [323360 2014-09-14] ()
R2 Util neurowise; C:\Program Files (x86)\neurowise\bin\utilneurowise.exe [323360 2014-09-14] ()
2014-09-14 13:31 - 2014-09-14 13:31 - 00003266 _____ () C:\Windows\System32\Tasks\DLC-DLCAutoCheckUpdate7Days
2014-09-14 13:31 - 2014-09-14 13:31 - 00003240 _____ () C:\Windows\System32\Tasks\DLC-DLCOneClickCare
2014-09-14 13:31 - 2014-09-14 13:31 - 00003100 _____ () C:\Windows\System32\Tasks\DLCleaner
2014-09-14 13:31 - 2014-09-14 13:31 - 00002948 _____ () C:\Windows\System32\Tasks\DLCService
2014-09-14 13:31 - 2014-09-14 13:31 - 00001330 _____ () C:\Users\Public\Desktop\DLCleaner Smart PC Care.lnk
2014-09-14 13:31 - 2014-09-14 13:31 - 00001256 _____ () C:\Users\Public\Desktop\DLCleaner.lnk
2014-09-14 13:31 - 2014-09-14 13:31 - 00000404 _____ () C:\Windows\Tasks\DLCService.job
2014-09-14 13:31 - 2014-09-14 13:31 - 00000398 _____ () C:\Windows\Tasks\DLC-DLCAutoCheckUpdate7Days.job
2014-09-14 13:31 - 2014-09-14 13:31 - 00000372 _____ () C:\Windows\Tasks\DLC-DLCOneClickCare.job
2014-09-14 13:31 - 2014-09-14 13:31 - 00000000 ____D () C:\Users\user\AppData\Roaming\Systweak
2014-09-14 13:31 - 2014-09-14 13:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DLCleaner
2014-09-14 13:31 - 2014-09-14 13:31 - 00000000 ____D () C:\Program Files (x86)\DLCleaner
2014-09-14 13:31 - 2013-10-24 16:49 - 00020264 _____ (Systweak Inc., (www.systweak.com)) C:\Windows\system32\roboot64.exe
2014-09-14 13:30 - 2014-09-14 13:30 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SaveSense
2014-09-14 13:30 - 2014-09-14 13:30 - 00000000 ____D () C:\Program Files (x86)\neurowise
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {004b935e-fc78-11e2-8da6-cc52af86b9e6} - I:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {0174174a-ab41-11e3-9629-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {017774e8-5081-11e3-a67b-806e6f6e6963} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {0177753f-5081-11e3-a67b-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {01777571-5081-11e3-a67b-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {05a738ee-41b2-11e3-9c9c-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {0814bce8-1592-11e3-9299-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {094e2e95-9389-11e3-91b8-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {0b1e62a9-1d73-11e3-9e35-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {0b1e6300-1d73-11e3-9e35-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {0b1e633e-1d73-11e3-9e35-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {0bc84667-3c9f-11e3-93a1-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {0ce730a5-4e65-11e3-89c1-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {0ebb70d7-acc3-11e3-ac5b-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {0ebb7181-acc3-11e3-ac5b-cc52af86b9e6} - I:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {135ba709-347e-11e3-b7dd-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {186ccf21-47a9-11e3-ba95-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {19125bf7-ef5b-11e2-86ef-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {1afcad3a-2abc-11e3-a60b-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {1b314d80-69d1-11e3-8fcf-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {1c685861-0b8f-11e3-9584-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {1eb2cdde-099e-11e3-89b7-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {1f1344ff-f264-11e2-a758-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {1f13453c-f264-11e2-a758-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {1f134616-f264-11e2-a758-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {1f1346e8-f264-11e2-a758-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {2535e59b-29b4-11e3-bcd1-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {25c34b36-7fa2-11e3-9f11-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {25f1207a-0756-11e3-91c2-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {26e02e56-503d-11e3-8ab1-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {26e02e67-503d-11e3-8ab1-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {2838ce3e-0390-11e3-8cff-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {28ddac65-7eb4-11e3-a017-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {2ac9ecd7-a957-11e3-8bd8-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {2b4a35bd-091d-11e3-aecb-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {2ba2a04a-f62c-11e2-a8a4-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {30bdbcc7-3e7a-11e3-85c0-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {34422324-6779-11e3-b741-cc52af86b9e6} - I:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {366b773d-71d5-11e3-983e-2c27d7a99e25} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {366b77ca-71d5-11e3-983e-2c27d7a99e25} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {3902737d-a0b7-11e3-9a7f-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {39399079-9aa2-11e3-bd86-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {3939909b-9aa2-11e3-bd86-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {3b305759-97fb-11e3-8f95-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {3b33a5b6-f3ec-11e2-a2a2-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {3b33a69d-f3ec-11e2-a2a2-cc52af86b9e6} - I:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {3c0ebc02-1d04-11e3-9193-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {3d9836b6-6ab1-11e3-96f3-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {42adb1ab-c857-11e3-acd4-cc52af86b9e6} - I:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {43f37a37-05ff-11e3-a3ea-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {43f4a81b-4974-11e3-9607-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {43f4a84b-4974-11e3-9607-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {445c8c21-3e5c-11e3-93af-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {445c8c7b-3e5c-11e3-93af-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {4c3a8231-1eed-11e3-bc4a-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {4c6cadf2-8dc4-11e3-a109-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {4c832dc6-34f5-11e3-8cd3-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {5012a9c2-2fa0-11e3-9782-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {50a1c17f-8316-11e3-8ca4-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {50a1c18e-8316-11e3-8ca4-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {50a1c1a0-8316-11e3-8ca4-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {50a1c1af-8316-11e3-8ca4-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {5145e900-023c-11e3-b26c-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {51dd592a-0b2f-11e3-8040-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {547ea097-2a14-11e3-a313-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {5608625b-58bd-11e3-96ba-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {5608626b-58bd-11e3-96ba-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {56380318-fd37-11e2-bc44-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {56380325-fd37-11e2-bc44-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {5dd271a3-4e25-11e3-83f6-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {5eb4e1cf-15f8-11e3-ae8a-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {5f9e2409-6b5e-11e3-90ea-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {5f9e2477-6b5e-11e3-90ea-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {5f9e24b4-6b5e-11e3-90ea-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {6475514f-336e-11e3-89e7-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {689de9b3-5e62-11e3-a1a8-cc52af86b9e6} - I:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {6919fdf5-7a31-11e3-a032-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {6a3731c8-faec-11e2-9306-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {6a3731f4-faec-11e2-9306-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {6a373265-faec-11e2-9306-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {6a593307-61cc-11e3-9b83-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {6a84cd87-48ed-11e3-98d0-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {6b9c1612-4be5-11e3-b53d-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {6c62cb5c-7ca6-11e3-a31a-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {730dd9c4-20e2-11e3-bbe6-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {74baedb1-3459-11e3-96c4-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {76cdc09d-0834-11e3-86d9-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {77adb30a-09f0-11e3-9b8e-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {7ab3a084-1093-11e3-866c-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {7ccc5f3f-7ef3-11e3-a665-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {7ce10bcd-1a50-11e3-8d28-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {7cede570-f0aa-11e2-8cf7-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {7cede6db-f0aa-11e2-8cf7-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {7eda9e83-3fb2-11e3-b8d6-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {7ef3a575-a426-11e3-b6ac-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {80187124-96f8-11e3-ac9b-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {80c36fff-8c32-11e3-a6e7-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {816dda89-fa39-11e2-a5f7-cc52af86b9e6} - H:\AutoRun.exe b
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {854f7185-8ab0-11e3-aecb-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {87cd9ce2-480e-11e3-8918-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {8893506a-5b80-11e3-9917-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {88e16850-150b-11e3-8b70-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {8c0ab00c-4835-11e3-a7af-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {8e063e34-2561-11e3-be07-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {8f9ccf57-9b0f-11e3-9232-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {97ce511d-0c3a-11e3-af23-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {99f6e97c-0352-11e3-84bf-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {9c7c84c4-4e49-11e3-b69a-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {a05b2f60-8cf7-11e3-88a8-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {a26134f9-198f-11e3-a9b3-2c27d7a99e25} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {a5f8786e-1ca6-11e3-bd36-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {aa79033c-fbd4-11e2-a785-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {afd8cf9f-17f9-11e3-a6bb-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {b0322736-d7a6-11e2-91d2-806e6f6e6963} - F:\InstallNavi.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {b0c9695c-8077-11e3-a943-2c27d7a99e25} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {b3b3211a-aa19-11e3-9b1b-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {b3b32123-aa19-11e3-9b1b-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {b460b663-4733-11e3-99d7-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {b48cbeb3-efd4-11e2-8a53-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {b6aafb24-5d12-11e3-a1ce-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {b87b4f17-9df5-11e3-8465-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {b908f011-127f-11e3-a392-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {bc3423ca-635e-11e3-a766-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {bc703434-2c5f-11e3-a5a6-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {bfd52565-5473-11e3-b348-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {c14d87ed-2d2e-11e3-8885-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {c80c8806-ff93-11e2-8259-806e6f6e6963} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {c80c886b-ff93-11e2-8259-2c27d7a99e25} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {c80c88b2-ff93-11e2-8259-2c27d7a99e25} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {c80c8966-ff93-11e2-8259-2c27d7a99e25} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {c893757d-2646-11e3-bbc2-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {cc34860d-310e-11e3-b1be-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {d0e3416e-59f6-11e3-bb1b-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {d0e341d0-59f6-11e3-bb1b-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {d4e273be-b772-11e3-89b6-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {d4e273e6-b772-11e3-89b6-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {d4e27416-b772-11e3-89b6-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {d4e27439-b772-11e3-89b6-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {e0ee20e9-2fae-11e3-87f7-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {e4912c48-b38b-11e3-b9d1-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {e4912c83-b38b-11e3-b9d1-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {e4bcd667-4295-11e3-83aa-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {e4bcd785-4295-11e3-83aa-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {eaf97a96-2d0a-11e3-a92e-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {eb4393ea-4608-11e3-9eb5-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {ed4305b5-95e6-11e3-a7da-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {f09caad1-79fe-11e3-973e-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {f0c843ae-2af1-11e3-9ed2-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {f1f7b2c7-b0a1-11e3-8d3f-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {f4bf476c-19c9-11e3-a641-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {f5e900a2-409a-11e3-a7ad-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {f5e90109-409a-11e3-a7ad-cc52af86b9e6} - I:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {f7b2b2e3-22b4-11e3-8960-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {f7b2b342-22b4-11e3-8960-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {f7e1fd12-6e5c-11e3-ad5a-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {f80829d3-f563-11e2-88ce-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {f9f31524-c09b-11e3-a1a8-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {f9f315bd-c09b-11e3-a1a8-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {fa321ff5-f879-11e2-a5fa-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {fa322067-f879-11e2-a5fa-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {faff9284-308a-11e3-9a8e-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {fddae537-f6ec-11e2-9ad9-cc52af86b9e6} - H:\AutoRun.exe
End

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST and press the Fix button just once and wait.
The tool will make a log (Fixlog.txt) please post it to your reply.

=========================

In your next post please provide the following:

  • Fixlog.txt
  • Answer to questions.
  • What symptoms are you still experiencing?

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#13 shucky

shucky

    Authentic Member

  • Authentic Member
  • PipPip
  • 75 posts

Posted 15 September 2014 - 02:27 PM

Hi OCD
Here is the FRST log you're looking for, the computer seems to be ok at the moment atleast we're not getting popups every other second, As for Utorrent I'll probably keep it as I am the only one that uses it and pretty much know what I'm doing with it I do scan anything that comes through it and do not leave it open when not using it.
cheers.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by user (administrator) on HOUSE-LAPTOP on 16-09-2014 05:26:23
Running from C:\Users\user\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Hewlett-Packard Company) C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2480936 2010-12-17] (Synaptics Incorporated)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2010-11-03] (Intel® Corporation)
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-07-22] (Hewlett-Packard Company)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2013-07-03] (IDT, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2010-12-31] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-18] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2010-11-25] (cyberlink)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [318520 2010-12-14] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [574008 2011-07-11] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-01] (Apple Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2011-10-31] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [fst_au_200] => [X]
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-09-02] (AVAST Software)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-08-19] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\Run: [Mobile Partner] => C:\Program Files (x86)\Optus Mini WiFi\Optus Mini WiFi Modem
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {004b935e-fc78-11e2-8da6-cc52af86b9e6} - I:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {0174174a-ab41-11e3-9629-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {017774e8-5081-11e3-a67b-806e6f6e6963} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {0177753f-5081-11e3-a67b-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {01777571-5081-11e3-a67b-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {05a738ee-41b2-11e3-9c9c-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {0814bce8-1592-11e3-9299-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {094e2e95-9389-11e3-91b8-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {0b1e62a9-1d73-11e3-9e35-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {0b1e6300-1d73-11e3-9e35-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {0b1e633e-1d73-11e3-9e35-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {0bc84667-3c9f-11e3-93a1-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {0ce730a5-4e65-11e3-89c1-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {0ebb70d7-acc3-11e3-ac5b-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {0ebb7181-acc3-11e3-ac5b-cc52af86b9e6} - I:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {135ba709-347e-11e3-b7dd-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {186ccf21-47a9-11e3-ba95-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {19125bf7-ef5b-11e2-86ef-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {1afcad3a-2abc-11e3-a60b-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {1b314d80-69d1-11e3-8fcf-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {1c685861-0b8f-11e3-9584-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {1eb2cdde-099e-11e3-89b7-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {1f1344ff-f264-11e2-a758-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {1f13453c-f264-11e2-a758-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {1f134616-f264-11e2-a758-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {1f1346e8-f264-11e2-a758-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {2535e59b-29b4-11e3-bcd1-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {25c34b36-7fa2-11e3-9f11-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {25f1207a-0756-11e3-91c2-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {26e02e56-503d-11e3-8ab1-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {26e02e67-503d-11e3-8ab1-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {2838ce3e-0390-11e3-8cff-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {28ddac65-7eb4-11e3-a017-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {2ac9ecd7-a957-11e3-8bd8-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {2b4a35bd-091d-11e3-aecb-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {2ba2a04a-f62c-11e2-a8a4-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {30bdbcc7-3e7a-11e3-85c0-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {34422324-6779-11e3-b741-cc52af86b9e6} - I:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {366b773d-71d5-11e3-983e-2c27d7a99e25} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {366b77ca-71d5-11e3-983e-2c27d7a99e25} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {3902737d-a0b7-11e3-9a7f-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {39399079-9aa2-11e3-bd86-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {3939909b-9aa2-11e3-bd86-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {3b305759-97fb-11e3-8f95-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {3b33a5b6-f3ec-11e2-a2a2-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {3b33a69d-f3ec-11e2-a2a2-cc52af86b9e6} - I:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {3c0ebc02-1d04-11e3-9193-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {3d9836b6-6ab1-11e3-96f3-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {42adb1ab-c857-11e3-acd4-cc52af86b9e6} - I:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {43f37a37-05ff-11e3-a3ea-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {43f4a81b-4974-11e3-9607-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {43f4a84b-4974-11e3-9607-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {445c8c21-3e5c-11e3-93af-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {445c8c7b-3e5c-11e3-93af-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {4c3a8231-1eed-11e3-bc4a-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {4c6cadf2-8dc4-11e3-a109-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {4c832dc6-34f5-11e3-8cd3-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {5012a9c2-2fa0-11e3-9782-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {50a1c17f-8316-11e3-8ca4-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {50a1c18e-8316-11e3-8ca4-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {50a1c1a0-8316-11e3-8ca4-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {50a1c1af-8316-11e3-8ca4-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {5145e900-023c-11e3-b26c-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {51dd592a-0b2f-11e3-8040-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {547ea097-2a14-11e3-a313-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {5608625b-58bd-11e3-96ba-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {5608626b-58bd-11e3-96ba-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {56380318-fd37-11e2-bc44-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {56380325-fd37-11e2-bc44-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {5dd271a3-4e25-11e3-83f6-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {5eb4e1cf-15f8-11e3-ae8a-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {5f9e2409-6b5e-11e3-90ea-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {5f9e2477-6b5e-11e3-90ea-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {5f9e24b4-6b5e-11e3-90ea-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {6475514f-336e-11e3-89e7-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {689de9b3-5e62-11e3-a1a8-cc52af86b9e6} - I:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {6919fdf5-7a31-11e3-a032-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {6a3731c8-faec-11e2-9306-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {6a3731f4-faec-11e2-9306-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {6a373265-faec-11e2-9306-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {6a593307-61cc-11e3-9b83-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {6a84cd87-48ed-11e3-98d0-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {6b9c1612-4be5-11e3-b53d-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {6c62cb5c-7ca6-11e3-a31a-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {730dd9c4-20e2-11e3-bbe6-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {74baedb1-3459-11e3-96c4-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {76cdc09d-0834-11e3-86d9-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {77adb30a-09f0-11e3-9b8e-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {7ab3a084-1093-11e3-866c-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {7ccc5f3f-7ef3-11e3-a665-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {7ce10bcd-1a50-11e3-8d28-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {7cede570-f0aa-11e2-8cf7-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {7cede6db-f0aa-11e2-8cf7-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {7eda9e83-3fb2-11e3-b8d6-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {7ef3a575-a426-11e3-b6ac-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {80187124-96f8-11e3-ac9b-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {80c36fff-8c32-11e3-a6e7-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {816dda89-fa39-11e2-a5f7-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {854f7185-8ab0-11e3-aecb-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {87cd9ce2-480e-11e3-8918-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {8893506a-5b80-11e3-9917-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {88e16850-150b-11e3-8b70-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {8c0ab00c-4835-11e3-a7af-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {8e063e34-2561-11e3-be07-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {8f9ccf57-9b0f-11e3-9232-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {97ce511d-0c3a-11e3-af23-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {99f6e97c-0352-11e3-84bf-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {9c7c84c4-4e49-11e3-b69a-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {a05b2f60-8cf7-11e3-88a8-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {a26134f9-198f-11e3-a9b3-2c27d7a99e25} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {a5f8786e-1ca6-11e3-bd36-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {aa79033c-fbd4-11e2-a785-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {afd8cf9f-17f9-11e3-a6bb-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {b0322736-d7a6-11e2-91d2-806e6f6e6963} - F:\InstallNavi.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {b0c9695c-8077-11e3-a943-2c27d7a99e25} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {b3b3211a-aa19-11e3-9b1b-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {b3b32123-aa19-11e3-9b1b-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {b460b663-4733-11e3-99d7-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {b48cbeb3-efd4-11e2-8a53-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {b6aafb24-5d12-11e3-a1ce-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {b87b4f17-9df5-11e3-8465-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {b908f011-127f-11e3-a392-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {bc3423ca-635e-11e3-a766-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {bc703434-2c5f-11e3-a5a6-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {bfd52565-5473-11e3-b348-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {c14d87ed-2d2e-11e3-8885-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {c80c8806-ff93-11e2-8259-806e6f6e6963} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {c80c886b-ff93-11e2-8259-2c27d7a99e25} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {c80c88b2-ff93-11e2-8259-2c27d7a99e25} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {c80c8966-ff93-11e2-8259-2c27d7a99e25} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {c893757d-2646-11e3-bbc2-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {cc34860d-310e-11e3-b1be-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {d0e3416e-59f6-11e3-bb1b-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {d0e341d0-59f6-11e3-bb1b-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {d4e273be-b772-11e3-89b6-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {d4e273e6-b772-11e3-89b6-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {d4e27416-b772-11e3-89b6-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {d4e27439-b772-11e3-89b6-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {e0ee20e9-2fae-11e3-87f7-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {e4912c48-b38b-11e3-b9d1-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {e4912c83-b38b-11e3-b9d1-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {e4bcd667-4295-11e3-83aa-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {e4bcd785-4295-11e3-83aa-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {eaf97a96-2d0a-11e3-a92e-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {eb4393ea-4608-11e3-9eb5-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {ed4305b5-95e6-11e3-a7da-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {f09caad1-79fe-11e3-973e-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {f0c843ae-2af1-11e3-9ed2-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {f1f7b2c7-b0a1-11e3-8d3f-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {f4bf476c-19c9-11e3-a641-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {f5e900a2-409a-11e3-a7ad-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {f5e90109-409a-11e3-a7ad-cc52af86b9e6} - I:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {f7b2b2e3-22b4-11e3-8960-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {f7b2b342-22b4-11e3-8960-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {f7e1fd12-6e5c-11e3-ad5a-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {f80829d3-f563-11e2-88ce-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {f9f31524-c09b-11e3-a1a8-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {f9f315bd-c09b-11e3-a1a8-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {fa321ff5-f879-11e2-a5fa-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {fa322067-f879-11e2-a5fa-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {faff9284-308a-11e3-9a8e-cc52af86b9e6} - H:\AutoRun.exe
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\MountPoints2: {fddae537-f6ec-11e2-9ad9-cc52af86b9e6} - H:\AutoRun.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish PictureMover.lnk
ShortcutTarget: Snapfish PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: 00Zecter -> {D25B32FE-CB96-491A-98FF-AD59DA382D69} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll (Versionate Inc.)
ShellIconOverlayIdentifiers: 01Zecter -> {EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll (Versionate Inc.)
ShellIconOverlayIdentifiers: 02Zecter -> {B3C78E40-6B64-47C3-AE34-60B770881EB8} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll (Versionate Inc.)
ShellIconOverlayIdentifiers: 03Zecter -> {622AFE52-33F6-4D9F-9966-E0BC52D7D69D} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll (Versionate Inc.)
ShellIconOverlayIdentifiers: 04Zecter -> {855156F0-2A0F-11DE-8C30-0800200C9A66} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll (Versionate Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ninemsn.com.au/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: No Name -> {d08ab008-0647-4784-8e2c-5769cd4a7c3a} -> No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @TrendMicro.com/FFExtension -> C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-09-02]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-09-02]
CHR HKLM-x32\...\Chrome\Extension: [nhfpefkeidlhbjljfdojcnngjbddgein] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2010-11-18]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-09-02] (AVAST Software)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2010-11-25] (CyberLink)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-15] ()
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-11-03] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-09-02] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-09-02] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-09-02] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-09-02] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-09-02] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-09-02] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-09-02] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-09-02] ()
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-09-01] (Intel Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2012-09-10] (Apple Inc.) [File not signed]
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 clwvd; system32\DRIVERS\clwvd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-16 05:26 - 2014-09-16 05:26 - 00038351 _____ () C:\Users\user\Desktop\FRST.txt
2014-09-16 05:25 - 2014-09-16 05:25 - 00022478 _____ () C:\Users\user\Desktop\fixlist.txt
2014-09-15 16:56 - 2014-09-15 16:56 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2014-09-15 16:55 - 2014-09-15 16:55 - 00077669 _____ () C:\Users\user\Downloads\FRST mon eve.txt
2014-09-14 18:06 - 2014-09-14 18:15 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-14 18:06 - 2014-09-14 18:06 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-14 18:05 - 2014-09-14 18:15 - 00000000 ____D () C:\Users\user\Desktop\mbar
2014-09-14 18:05 - 2014-09-14 18:05 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-14 18:04 - 2014-09-14 18:04 - 14349744 _____ (Malwarebytes Corp.) C:\Users\user\Downloads\mbar-1.07.0.1012.exe
2014-09-14 15:41 - 2014-09-14 15:41 - 00470608 _____ () C:\Windows\Minidump\091414-22542-01.dmp
2014-09-14 14:14 - 2014-09-14 14:14 - 00380416 _____ () C:\Users\user\Downloads\GMER.exe
2014-09-14 13:30 - 2014-09-14 13:30 - 00000000 ____D () C:\Windows\ERUNT
2014-09-14 13:28 - 2014-09-14 13:28 - 00699016 _____ (CNET Download.com) C:\Users\user\Downloads\cbsidlm-cbsi213-Junkware_Removal_Tool-SEO-75910255.exe
2014-09-14 13:21 - 2014-09-15 06:22 - 00000000 ____D () C:\AdwCleaner
2014-09-14 13:20 - 2014-09-14 13:20 - 01373475 _____ () C:\Users\user\Downloads\AdwCleaner.exe
2014-09-13 14:42 - 2014-09-16 05:26 - 00000000 ____D () C:\FRST
2014-09-13 14:42 - 2014-09-15 16:55 - 00077669 _____ () C:\Users\user\Downloads\FRST.txt
2014-09-13 14:42 - 2014-09-13 14:43 - 00032523 _____ () C:\Users\user\Downloads\Addition.txt
2014-09-13 14:41 - 2014-09-13 14:41 - 02105856 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2014-09-13 14:29 - 2014-09-13 14:29 - 00854417 _____ () C:\Users\user\Downloads\SecurityCheck.exe
2014-09-13 08:31 - 2014-09-13 08:31 - 00003126 _____ () C:\Windows\System32\Tasks\{8585E23B-1834-44C6-8B35-112E2FB58358}
2014-09-13 08:30 - 2014-09-13 08:30 - 00016130 _____ () C:\Users\user\Downloads\hijackthis.log
2014-09-13 08:25 - 2014-09-13 08:26 - 00388608 _____ (Trend Micro Inc.) C:\Users\user\Downloads\HiJackThis.exe
2014-09-13 07:29 - 2014-09-14 18:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-13 05:22 - 2014-08-20 03:35 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-13 05:22 - 2014-08-20 03:09 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-13 05:22 - 2014-08-19 08:31 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-13 05:22 - 2014-08-19 07:59 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-13 05:22 - 2014-08-19 07:59 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-13 05:22 - 2014-08-19 07:56 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-13 05:22 - 2014-08-19 07:50 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-13 05:22 - 2014-08-19 07:49 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-13 05:22 - 2014-08-19 07:45 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-13 05:22 - 2014-08-19 07:45 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-13 05:22 - 2014-08-19 07:44 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-13 05:22 - 2014-08-19 07:44 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-13 05:22 - 2014-08-19 07:38 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-13 05:22 - 2014-08-19 07:38 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-13 05:22 - 2014-08-19 07:38 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-13 05:22 - 2014-08-19 07:35 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-13 05:22 - 2014-08-19 07:33 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-13 05:22 - 2014-08-19 07:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-13 05:22 - 2014-08-19 07:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-13 05:22 - 2014-08-19 07:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-13 05:22 - 2014-08-19 07:26 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-13 05:22 - 2014-08-19 07:21 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-13 05:22 - 2014-08-19 07:16 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-13 05:22 - 2014-08-19 07:15 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-13 05:22 - 2014-08-19 07:15 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-13 05:22 - 2014-08-19 07:14 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-13 05:22 - 2014-08-19 07:14 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-13 05:22 - 2014-08-19 07:12 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-13 05:22 - 2014-08-19 07:10 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-13 05:22 - 2014-08-19 07:09 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-13 05:22 - 2014-08-19 07:09 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-13 05:22 - 2014-08-19 07:09 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-13 05:22 - 2014-08-19 07:08 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-13 05:22 - 2014-08-19 07:07 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-13 05:22 - 2014-08-19 07:06 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-13 05:22 - 2014-08-19 07:05 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-13 05:22 - 2014-08-19 06:57 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-13 05:22 - 2014-08-19 06:55 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-13 05:22 - 2014-08-19 06:55 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-13 05:22 - 2014-08-19 06:53 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-13 05:22 - 2014-08-19 06:53 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-13 05:22 - 2014-08-19 06:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-13 05:22 - 2014-08-19 06:49 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-13 05:22 - 2014-08-19 06:47 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-13 05:22 - 2014-08-19 06:47 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-13 05:22 - 2014-08-19 06:46 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-13 05:22 - 2014-08-19 06:45 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-13 05:22 - 2014-08-19 06:45 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-13 05:22 - 2014-08-19 06:39 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-13 05:22 - 2014-08-19 06:38 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-13 05:22 - 2014-08-19 06:37 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-13 05:22 - 2014-08-19 06:25 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-13 05:22 - 2014-08-19 06:16 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-13 05:22 - 2014-08-19 06:08 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-13 05:22 - 2014-08-19 06:08 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-13 05:22 - 2014-08-19 06:06 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-13 05:18 - 2014-06-27 11:38 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-13 05:18 - 2014-06-27 11:15 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-11 19:32 - 2014-08-01 21:23 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-11 19:32 - 2014-08-01 21:05 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-11 19:29 - 2014-07-07 11:36 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-11 19:29 - 2014-07-07 11:36 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-11 19:29 - 2014-07-07 11:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-11 19:29 - 2014-07-07 11:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-11 19:29 - 2014-07-07 11:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-11 19:22 - 2014-06-24 12:59 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-11 19:22 - 2014-06-24 12:29 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-02 18:28 - 2014-09-02 18:28 - 00000854 _____ () C:\Users\user\Desktop\µTorrent.lnk
2014-09-02 18:26 - 2014-09-04 13:52 - 00000000 ____D () C:\Users\user\AppData\Roaming\uTorrent
2014-09-02 17:48 - 2014-09-02 17:48 - 00000000 ____D () C:\Users\user\AppData\Roaming\AVAST Software
2014-09-02 17:47 - 2014-09-15 06:00 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-02 17:47 - 2014-09-02 17:47 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-09-02 17:47 - 2014-09-02 17:47 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-09-02 17:47 - 2014-09-02 17:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-09-02 17:47 - 2014-09-02 17:46 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-09-02 17:47 - 2014-09-02 17:46 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-09-02 17:47 - 2014-09-02 17:46 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-09-02 17:47 - 2014-09-02 17:46 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-09-02 17:47 - 2014-09-02 17:46 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-09-02 17:46 - 2014-09-02 17:46 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-09-02 17:46 - 2014-09-02 17:46 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-09-02 17:46 - 2014-09-02 17:46 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-09-02 17:46 - 2014-09-02 17:46 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-09-02 17:40 - 2014-09-02 17:40 - 00000000 ____D () C:\Program Files\AVAST Software
2014-09-02 17:38 - 2014-09-02 17:40 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-09-02 17:38 - 2014-09-02 17:38 - 04862664 _____ (AVAST Software) C:\Users\user\Downloads\avast_free_antivirus_setup_online.exe
2014-09-02 17:33 - 2014-08-25 06:53 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-02 17:02 - 2014-09-02 17:02 - 00000584 _____ () C:\Windows\system32\TmInstall.log
2014-09-02 16:56 - 2014-09-02 16:56 - 00631728 _____ (ClickMeIn Limited) C:\Users\user\AppData\Local\nsi3FD6.tmp
2014-09-02 11:00 - 2014-09-13 05:18 - 00000000 ___HD () C:\Users\Public\Temp
2014-09-02 10:59 - 2014-09-02 10:59 - 00000000 ____D () C:\Users\user\AppData\Local\com
2014-09-02 10:58 - 2014-09-14 13:22 - 00001100 _____ () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-09-02 10:58 - 2014-09-02 17:06 - 00000003 _____ () C:\Users\user\AppData\Local\proxy.log
2014-09-02 10:51 - 2014-09-02 10:51 - 01942864 _____ (BitTorrent Inc.) C:\Users\user\Desktop\uTorrent.exe
2014-09-02 10:46 - 2014-09-02 10:46 - 00575544 _____ (ClickMeIn Limited) C:\Users\user\AppData\Local\nsbA256.tmp
2014-09-02 10:33 - 2014-09-14 07:36 - 00000000 ____D () C:\Program Files (x86)\CDC27E14-F7CE-431E-BBE0-76C7592FBEF6
2014-09-02 10:31 - 2014-09-14 07:36 - 00000000 ____D () C:\Program Files\005
2014-09-02 10:26 - 2014-09-02 10:26 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-09-02 10:26 - 2014-07-25 12:55 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-09-02 10:26 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-09-02 10:26 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-09-02 10:26 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-09-02 10:11 - 2014-08-23 11:37 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-09-02 10:11 - 2014-08-23 11:15 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-09-02 10:11 - 2014-08-23 10:29 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-09-01 10:22 - 2014-07-09 11:33 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-09-01 10:22 - 2014-07-09 11:33 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-09-01 10:22 - 2014-07-09 11:33 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-09-01 10:22 - 2014-07-09 11:33 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-09-01 10:22 - 2014-07-09 11:33 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-09-01 10:22 - 2014-07-09 11:01 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-09-01 10:22 - 2014-07-09 11:01 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-09-01 10:22 - 2014-07-09 11:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-09-01 10:22 - 2014-07-09 11:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-09-01 10:22 - 2014-07-09 11:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-09-01 10:22 - 2014-07-09 08:08 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-09-01 10:22 - 2014-07-09 08:00 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-09-01 10:22 - 2014-06-25 11:35 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-09-01 10:22 - 2014-06-25 11:11 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-09-01 10:17 - 2014-07-16 12:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-01 10:17 - 2014-07-16 12:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-01 10:17 - 2014-06-18 11:48 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-09-01 10:17 - 2014-06-18 11:21 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-09-01 10:17 - 2014-06-06 19:40 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-09-01 10:17 - 2014-06-06 19:14 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-09-01 10:17 - 2014-06-03 19:32 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-09-01 10:17 - 2014-06-03 19:32 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-09-01 10:17 - 2014-06-03 19:32 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-09-01 10:17 - 2014-06-03 19:32 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-09-01 10:17 - 2014-06-03 18:59 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-09-01 10:17 - 2014-06-03 18:59 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-09-01 10:17 - 2014-06-03 18:59 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-09-01 10:17 - 2014-05-30 16:15 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-09-01 10:15 - 2014-06-16 11:40 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-09-01 10:15 - 2014-05-30 17:38 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-09-01 10:15 - 2014-05-30 17:38 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-09-01 10:15 - 2014-05-30 17:38 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-09-01 10:15 - 2014-05-30 17:38 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-09-01 10:15 - 2014-05-30 17:38 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-09-01 10:15 - 2014-05-30 17:38 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-09-01 10:15 - 2014-05-30 17:22 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-09-01 10:15 - 2014-05-30 17:22 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-09-01 10:15 - 2014-05-30 17:22 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-09-01 10:15 - 2014-05-30 17:22 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-09-01 10:15 - 2014-05-30 17:22 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-09-01 10:15 - 2014-05-30 17:22 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-09-01 10:03 - 2014-07-14 11:32 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-09-01 10:03 - 2014-07-14 11:10 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-09-01 10:02 - 2014-08-07 11:36 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-01 10:02 - 2014-08-07 11:31 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-01 10:01 - 2014-05-15 01:53 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-09-01 10:01 - 2014-05-15 01:53 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-09-01 10:01 - 2014-05-15 01:53 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-09-01 10:01 - 2014-05-15 01:53 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-09-01 10:01 - 2014-05-15 01:53 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-09-01 10:01 - 2014-05-15 01:53 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-09-01 10:01 - 2014-05-15 01:53 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-09-01 10:01 - 2014-05-15 01:51 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-09-01 10:01 - 2014-05-15 01:50 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-09-01 10:01 - 2014-05-15 01:47 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-09-01 10:01 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-09-01 10:01 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-09-01 10:01 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-09-01 10:01 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-29 15:55 - 2014-07-01 07:54 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-29 15:55 - 2014-07-01 07:44 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-29 15:55 - 2014-06-06 15:46 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-29 15:55 - 2014-06-06 15:42 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-29 15:55 - 2014-03-10 07:18 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-29 15:55 - 2014-03-10 07:18 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-29 15:55 - 2014-03-10 07:17 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-29 15:55 - 2014-03-10 07:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-16 05:26 - 2014-09-16 05:26 - 00038351 _____ () C:\Users\user\Desktop\FRST.txt
2014-09-16 05:26 - 2014-09-13 14:42 - 00000000 ____D () C:\FRST
2014-09-16 05:25 - 2014-09-16 05:25 - 00022478 _____ () C:\Users\user\Desktop\fixlist.txt
2014-09-16 05:19 - 2013-07-03 09:07 - 00000000 ____D () C:\Users\user\AppData\Roaming\Skype
2014-09-16 05:19 - 2013-06-23 22:08 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-15 16:56 - 2014-09-15 16:56 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2014-09-15 16:56 - 2013-06-18 09:06 - 01078778 _____ () C:\Windows\setupact.log
2014-09-15 16:56 - 2013-02-12 04:45 - 01641352 _____ () C:\Windows\WindowsUpdate.log
2014-09-15 16:55 - 2014-09-15 16:55 - 00077669 _____ () C:\Users\user\Downloads\FRST mon eve.txt
2014-09-15 16:55 - 2014-09-13 14:42 - 00077669 _____ () C:\Users\user\Downloads\FRST.txt
2014-09-15 06:38 - 2009-07-14 14:43 - 00784326 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-15 06:31 - 2009-07-14 14:15 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-15 06:31 - 2009-07-14 14:15 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-15 06:24 - 2013-07-08 12:49 - 00000439 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-09-15 06:23 - 2013-02-12 05:10 - 01144322 _____ () C:\Windows\PFRO.log
2014-09-15 06:23 - 2009-07-14 14:38 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-15 06:22 - 2014-09-14 13:21 - 00000000 ____D () C:\AdwCleaner
2014-09-15 06:00 - 2014-09-02 17:47 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-14 18:37 - 2009-07-14 15:02 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-09-14 18:15 - 2014-09-14 18:06 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-14 18:15 - 2014-09-14 18:05 - 00000000 ____D () C:\Users\user\Desktop\mbar
2014-09-14 18:06 - 2014-09-14 18:06 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-14 18:06 - 2014-09-13 07:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-14 18:05 - 2014-09-14 18:05 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-14 18:04 - 2014-09-14 18:04 - 14349744 _____ (Malwarebytes Corp.) C:\Users\user\Downloads\mbar-1.07.0.1012.exe
2014-09-14 15:41 - 2014-09-14 15:41 - 00470608 _____ () C:\Windows\Minidump\091414-22542-01.dmp
2014-09-14 15:41 - 2014-01-10 10:25 - 1112895121 _____ () C:\Windows\MEMORY.DMP
2014-09-14 15:41 - 2014-01-10 10:25 - 00000000 ____D () C:\Windows\Minidump
2014-09-14 14:14 - 2014-09-14 14:14 - 00380416 _____ () C:\Users\user\Downloads\GMER.exe
2014-09-14 13:30 - 2014-09-14 13:30 - 00000000 ____D () C:\Windows\ERUNT
2014-09-14 13:28 - 2014-09-14 13:28 - 00699016 _____ (CNET Download.com) C:\Users\user\Downloads\cbsidlm-cbsi213-Junkware_Removal_Tool-SEO-75910255.exe
2014-09-14 13:22 - 2014-09-02 10:58 - 00001100 _____ () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-09-14 13:20 - 2014-09-14 13:20 - 01373475 _____ () C:\Users\user\Downloads\AdwCleaner.exe
2014-09-14 13:15 - 2014-08-14 16:08 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForuser.job
2014-09-14 08:27 - 2009-07-14 12:50 - 00000000 ____D () C:\Windows\rescache
2014-09-14 07:36 - 2014-09-02 10:33 - 00000000 ____D () C:\Program Files (x86)\CDC27E14-F7CE-431E-BBE0-76C7592FBEF6
2014-09-14 07:36 - 2014-09-02 10:31 - 00000000 ____D () C:\Program Files\005
2014-09-13 14:43 - 2014-09-13 14:42 - 00032523 _____ () C:\Users\user\Downloads\Addition.txt
2014-09-13 14:41 - 2014-09-13 14:41 - 02105856 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2014-09-13 14:29 - 2014-09-13 14:29 - 00854417 _____ () C:\Users\user\Downloads\SecurityCheck.exe
2014-09-13 08:31 - 2014-09-13 08:31 - 00003126 _____ () C:\Windows\System32\Tasks\{8585E23B-1834-44C6-8B35-112E2FB58358}
2014-09-13 08:30 - 2014-09-13 08:30 - 00016130 _____ () C:\Users\user\Downloads\hijackthis.log
2014-09-13 08:26 - 2014-09-13 08:25 - 00388608 _____ (Trend Micro Inc.) C:\Users\user\Downloads\HiJackThis.exe
2014-09-13 08:26 - 2013-02-11 11:07 - 00000000 ____D () C:\Users\user\AppData\Local\VirtualStore
2014-09-13 05:21 - 2013-07-24 00:25 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-13 05:21 - 2013-02-11 11:23 - 00768636 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-13 05:18 - 2014-09-02 11:00 - 00000000 ___HD () C:\Users\Public\Temp
2014-09-13 05:18 - 2013-06-21 14:53 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-10 11:58 - 2013-06-26 04:22 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-09-10 11:57 - 2013-07-02 20:11 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-09-10 11:57 - 2013-06-23 22:08 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-10 11:57 - 2013-06-23 22:08 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-10 11:57 - 2013-06-23 22:08 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-07 11:17 - 2009-07-14 14:15 - 00268392 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-04 13:52 - 2014-09-02 18:26 - 00000000 ____D () C:\Users\user\AppData\Roaming\uTorrent
2014-09-04 13:43 - 2009-07-14 12:50 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-02 18:28 - 2014-09-02 18:28 - 00000854 _____ () C:\Users\user\Desktop\µTorrent.lnk
2014-09-02 17:48 - 2014-09-02 17:48 - 00000000 ____D () C:\Users\user\AppData\Roaming\AVAST Software
2014-09-02 17:47 - 2014-09-02 17:47 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-09-02 17:47 - 2014-09-02 17:47 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-09-02 17:47 - 2014-09-02 17:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-09-02 17:46 - 2014-09-02 17:47 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-09-02 17:46 - 2014-09-02 17:47 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-09-02 17:46 - 2014-09-02 17:47 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-09-02 17:46 - 2014-09-02 17:47 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-09-02 17:46 - 2014-09-02 17:47 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-09-02 17:46 - 2014-09-02 17:46 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-09-02 17:46 - 2014-09-02 17:46 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-09-02 17:46 - 2014-09-02 17:46 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-09-02 17:46 - 2014-09-02 17:46 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-09-02 17:40 - 2014-09-02 17:40 - 00000000 ____D () C:\Program Files\AVAST Software
2014-09-02 17:40 - 2014-09-02 17:38 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-09-02 17:38 - 2014-09-02 17:38 - 04862664 _____ (AVAST Software) C:\Users\user\Downloads\avast_free_antivirus_setup_online.exe
2014-09-02 17:16 - 2009-07-14 12:04 - 00000505 _____ () C:\Windows\win.ini
2014-09-02 17:06 - 2014-09-02 10:58 - 00000003 _____ () C:\Users\user\AppData\Local\proxy.log
2014-09-02 17:02 - 2014-09-02 17:02 - 00000584 _____ () C:\Windows\system32\TmInstall.log
2014-09-02 17:00 - 2013-06-21 14:13 - 00000000 ____D () C:\ProgramData\Trend Micro
2014-09-02 16:59 - 2013-06-21 14:18 - 00000000 ____D () C:\Users\user\AppData\Local\Trend Micro
2014-09-02 16:59 - 2013-06-21 14:16 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-09-02 16:56 - 2014-09-02 16:56 - 00631728 _____ (ClickMeIn Limited) C:\Users\user\AppData\Local\nsi3FD6.tmp
2014-09-02 10:59 - 2014-09-02 10:59 - 00000000 ____D () C:\Users\user\AppData\Local\com
2014-09-02 10:58 - 2013-07-02 11:18 - 00000000 ____D () C:\Users\user\AppData\Local\CrashDumps
2014-09-02 10:51 - 2014-09-02 10:51 - 01942864 _____ (BitTorrent Inc.) C:\Users\user\Desktop\uTorrent.exe
2014-09-02 10:46 - 2014-09-02 10:46 - 00575544 _____ (ClickMeIn Limited) C:\Users\user\AppData\Local\nsbA256.tmp
2014-09-02 10:33 - 2013-10-16 07:42 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-02 10:26 - 2014-09-02 10:26 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-09-02 10:26 - 2011-01-19 07:36 - 00000000 ____D () C:\Program Files (x86)\Java
2014-09-02 10:14 - 2009-07-14 12:50 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-09-02 10:14 - 2009-07-14 12:50 - 00000000 ____D () C:\Windows\system32\Dism
2014-09-02 10:14 - 2009-07-14 12:50 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-09-02 09:49 - 2014-06-01 14:35 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-01 18:21 - 2013-06-25 03:01 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-09-01 18:21 - 2013-06-25 03:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-08-29 15:58 - 2013-06-25 03:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-08-25 06:53 - 2014-09-02 17:33 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-23 11:37 - 2014-09-02 10:11 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 11:15 - 2014-09-02 10:11 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 10:29 - 2014-09-02 10:11 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-20 03:35 - 2014-09-13 05:22 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-20 03:09 - 2014-09-13 05:22 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-19 08:31 - 2014-09-13 05:22 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-19 07:59 - 2014-09-13 05:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-19 07:59 - 2014-09-13 05:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-19 07:56 - 2014-09-13 05:22 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-19 07:50 - 2014-09-13 05:22 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-19 07:49 - 2014-09-13 05:22 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-19 07:45 - 2014-09-13 05:22 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-19 07:45 - 2014-09-13 05:22 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-19 07:44 - 2014-09-13 05:22 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-19 07:44 - 2014-09-13 05:22 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-19 07:38 - 2014-09-13 05:22 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-19 07:38 - 2014-09-13 05:22 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-19 07:38 - 2014-09-13 05:22 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-19 07:35 - 2014-09-13 05:22 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-19 07:33 - 2014-09-13 05:22 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-19 07:33 - 2014-09-13 05:22 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-19 07:33 - 2014-09-13 05:22 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-19 07:27 - 2014-09-13 05:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-19 07:26 - 2014-09-13 05:22 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-19 07:21 - 2014-09-13 05:22 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-19 07:16 - 2014-09-13 05:22 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-19 07:15 - 2014-09-13 05:22 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-19 07:15 - 2014-09-13 05:22 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-19 07:14 - 2014-09-13 05:22 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-19 07:14 - 2014-09-13 05:22 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-19 07:12 - 2014-09-13 05:22 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-19 07:10 - 2014-09-13 05:22 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-19 07:09 - 2014-09-13 05:22 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-19 07:09 - 2014-09-13 05:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-19 07:09 - 2014-09-13 05:22 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-19 07:08 - 2014-09-13 05:22 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-19 07:07 - 2014-09-13 05:22 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-19 07:06 - 2014-09-13 05:22 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-19 07:05 - 2014-09-13 05:22 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-19 06:57 - 2014-09-13 05:22 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-19 06:55 - 2014-09-13 05:22 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-19 06:55 - 2014-09-13 05:22 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-19 06:53 - 2014-09-13 05:22 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-19 06:53 - 2014-09-13 05:22 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-19 06:52 - 2014-09-13 05:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-19 06:49 - 2014-09-13 05:22 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-19 06:47 - 2014-09-13 05:22 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-19 06:47 - 2014-09-13 05:22 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-19 06:46 - 2014-09-13 05:22 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-19 06:45 - 2014-09-13 05:22 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-19 06:45 - 2014-09-13 05:22 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-19 06:39 - 2014-09-13 05:22 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-19 06:38 - 2014-09-13 05:22 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-19 06:37 - 2014-09-13 05:22 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-19 06:25 - 2014-09-13 05:22 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-19 06:16 - 2014-09-13 05:22 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-19 06:08 - 2014-09-13 05:22 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-19 06:08 - 2014-09-13 05:22 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-19 06:06 - 2014-09-13 05:22 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

Some content of TEMP:
====================
C:\Users\user\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-16 05:19

==================== End Of Log ============================

#14 OCD

OCD

    SuperHelper

  • Malware Team
  • 5,574 posts

Posted 15 September 2014 - 05:32 PM

Hi shucky,

With the FRST program saved to your Desktop I need you to save the previously posted fix script to the desktop as fixlist.txt. Then run FRST and press the Fix button, post the log it generates.

In your next post please provide the following:

  • Fixlog.txt

OCD

Proud Graduate of WTT Classroom
Member of UNITE

Threads will be closed if no response after 5 days








If you are satisfied with the help you have received, please consider making a donation.


#15 shucky

shucky

    Authentic Member

  • Authentic Member
  • PipPip
  • 75 posts

Posted 17 September 2014 - 01:59 PM

Hi OCD
Sorry for the late reply, things have been hectic here. Here is the latest log you're asking for.

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-09-2014
Ran by user (administrator) on HOUSE-LAPTOP on 18-09-2014 05:21:00
Running from C:\Users\user\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: English (United States)
Internet Explorer Version 11
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(HP) C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(AMD) C:\Windows\System32\atieclxx.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe
(HP) C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(ABBYY) C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
() C:\ProgramData\DatacardService\HWDeviceService64.exe
(Huawei Technologies Co., Ltd.) C:\ProgramData\DatacardService\DCSHelper.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\alg.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Microsoft Corporation) C:\Windows\System32\StikyNot.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
(Hewlett-Packard Company) C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(cyberlink) C:\Program Files (x86)\CyberLink\Shared files\brs.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BTStackServer.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(Broadcom Corporation.) C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2480936 2010-12-17] (Synaptics Incorporated)
HKLM\...\Run: [IntelWireless] => C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe [1933584 2010-11-03] (Intel® Corporation)
HKLM\...\Run: [HPWirelessAssistant] => C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe [363064 2010-07-22] (Hewlett-Packard Company)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2013-07-03] (IDT, Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [285240 2012-09-01] (Intel Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2010-12-31] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-18] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2010-02-03] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2010-11-25] (cyberlink)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-05] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [41056 2013-05-09] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [318520 2010-12-14] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [574008 2011-07-11] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-11-01] (Apple Inc.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1058400 2011-10-31] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-25] (Oracle Corporation)
HKLM-x32\...\Run: [fst_au_200] => [X]
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [4085896 2014-09-02] (AVAST Software)
HKLM\...\RunOnce: [NCPluginUpdater] => C:\Program Files (x86)\Hewlett-Packard\HP Health Check\ActiveCheck\product_line\NCPluginUpdater.exe [21720 2014-08-19] (Hewlett-Packard)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\Run: [Mobile Partner] => C:\Program Files (x86)\Optus Mini WiFi\Optus Mini WiFi Modem
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [20584608 2013-11-14] (Skype Technologies S.A.)
HKU\S-1-5-21-137854066-446030056-4228977528-1000\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\System32\StikyNot.exe [427520 2009-07-14] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk
ShortcutTarget: Bluetooth.lnk -> C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish PictureMover.lnk
ShortcutTarget: Snapfish PictureMover.lnk -> C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe (Hewlett-Packard Company)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: 00Zecter -> {D25B32FE-CB96-491A-98FF-AD59DA382D69} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll (Versionate Inc.)
ShellIconOverlayIdentifiers: 01Zecter -> {EB24CA6D-F315-4A81-AC1A-C79CFD77F3F5} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll (Versionate Inc.)
ShellIconOverlayIdentifiers: 02Zecter -> {B3C78E40-6B64-47C3-AE34-60B770881EB8} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll (Versionate Inc.)
ShellIconOverlayIdentifiers: 03Zecter -> {622AFE52-33F6-4D9F-9966-E0BC52D7D69D} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll (Versionate Inc.)
ShellIconOverlayIdentifiers: 04Zecter -> {855156F0-2A0F-11DE-8C30-0800200C9A66} => C:\Program Files (x86)\Hewlett-Packard\HP CloudDrive\ShellExt64.dll (Versionate Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://ninemsn.com.au/
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = http://rover.ebay.co...w={searchTerms}
BHO: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Easy Photo Print -> {9421DD08-935F-4701-A9CA-22DF90AC4EA6} -> C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll (Hewlett-Packard)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: TrueSuite Website Log On -> {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} -> C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: No Name -> {d08ab008-0647-4784-8e2c-5769cd4a7c3a} -> No File
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)
Toolbar: HKLM - Easy Photo Print - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @microsoft.com/GENUINE -> disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.67.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @TrendMicro.com/FFExtension -> C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll No File
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2014-09-02]

Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2014-09-02]
CHR HKLM-x32\...\Chrome\Extension: [nhfpefkeidlhbjljfdojcnngjbddgein] - C:\Program Files (x86)\HP SimplePass 2011\tschrome.crx [2010-11-18]

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-09-02] (AVAST Software)
S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2010-11-25] (CyberLink)
R2 EpsonScanSvc; C:\Windows\system32\EscSvc64.exe [135824 2011-12-12] (Seiko Epson Corporation)
R2 HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [86528 2012-09-27] (Hewlett-Packard Company) [File not signed]
R2 HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [346976 2011-03-15] ()
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-11-03] ()

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2014-09-02] ()
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [79184 2014-09-02] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2014-09-02] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2014-09-02] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1041168 2014-09-02] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [427360 2014-09-02] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [92008 2014-09-02] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [224896 2014-09-02] ()
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-09-01] (Intel Corporation)
S3 Netaapl; C:\Windows\System32\DRIVERS\netaapl64.sys [22528 2012-09-10] (Apple Inc.) [File not signed]
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 clwvd; system32\DRIVERS\clwvd.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-16 05:26 - 2014-09-18 05:21 - 00018190 _____ () C:\Users\user\Desktop\FRST.txt
2014-09-15 16:56 - 2014-09-15 16:56 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2014-09-15 16:55 - 2014-09-15 16:55 - 00077669 _____ () C:\Users\user\Downloads\FRST mon eve.txt
2014-09-14 18:06 - 2014-09-14 18:15 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-14 18:06 - 2014-09-14 18:06 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-14 18:05 - 2014-09-14 18:15 - 00000000 ____D () C:\Users\user\Desktop\mbar
2014-09-14 18:05 - 2014-09-14 18:05 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-14 18:04 - 2014-09-14 18:04 - 14349744 _____ (Malwarebytes Corp.) C:\Users\user\Downloads\mbar-1.07.0.1012.exe
2014-09-14 15:41 - 2014-09-14 15:41 - 00470608 _____ () C:\Windows\Minidump\091414-22542-01.dmp
2014-09-14 14:14 - 2014-09-14 14:14 - 00380416 _____ () C:\Users\user\Downloads\GMER.exe
2014-09-14 13:30 - 2014-09-14 13:30 - 00000000 ____D () C:\Windows\ERUNT
2014-09-14 13:28 - 2014-09-14 13:28 - 00699016 _____ (CNET Download.com) C:\Users\user\Downloads\cbsidlm-cbsi213-Junkware_Removal_Tool-SEO-75910255.exe
2014-09-14 13:21 - 2014-09-15 06:22 - 00000000 ____D () C:\AdwCleaner
2014-09-14 13:20 - 2014-09-14 13:20 - 01373475 _____ () C:\Users\user\Downloads\AdwCleaner.exe
2014-09-13 14:42 - 2014-09-18 05:21 - 00000000 ____D () C:\FRST
2014-09-13 14:42 - 2014-09-15 16:55 - 00077669 _____ () C:\Users\user\Downloads\FRST.txt
2014-09-13 14:42 - 2014-09-13 14:43 - 00032523 _____ () C:\Users\user\Downloads\Addition.txt
2014-09-13 14:41 - 2014-09-13 14:41 - 02105856 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2014-09-13 14:29 - 2014-09-13 14:29 - 00854417 _____ () C:\Users\user\Downloads\SecurityCheck.exe
2014-09-13 08:31 - 2014-09-13 08:31 - 00003126 _____ () C:\Windows\System32\Tasks\{8585E23B-1834-44C6-8B35-112E2FB58358}
2014-09-13 08:30 - 2014-09-13 08:30 - 00016130 _____ () C:\Users\user\Downloads\hijackthis.log
2014-09-13 08:25 - 2014-09-13 08:26 - 00388608 _____ (Trend Micro Inc.) C:\Users\user\Downloads\HiJackThis.exe
2014-09-13 07:29 - 2014-09-14 18:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-13 05:22 - 2014-08-20 03:35 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-09-13 05:22 - 2014-08-20 03:09 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-09-13 05:22 - 2014-08-19 08:31 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-09-13 05:22 - 2014-08-19 07:59 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-09-13 05:22 - 2014-08-19 07:59 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-09-13 05:22 - 2014-08-19 07:56 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-09-13 05:22 - 2014-08-19 07:50 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-09-13 05:22 - 2014-08-19 07:49 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-09-13 05:22 - 2014-08-19 07:45 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-09-13 05:22 - 2014-08-19 07:45 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-09-13 05:22 - 2014-08-19 07:44 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-09-13 05:22 - 2014-08-19 07:44 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-09-13 05:22 - 2014-08-19 07:38 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-09-13 05:22 - 2014-08-19 07:38 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-09-13 05:22 - 2014-08-19 07:38 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-09-13 05:22 - 2014-08-19 07:35 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-09-13 05:22 - 2014-08-19 07:33 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-09-13 05:22 - 2014-08-19 07:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-09-13 05:22 - 2014-08-19 07:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-09-13 05:22 - 2014-08-19 07:27 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-09-13 05:22 - 2014-08-19 07:26 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-09-13 05:22 - 2014-08-19 07:21 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-09-13 05:22 - 2014-08-19 07:16 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-09-13 05:22 - 2014-08-19 07:15 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-09-13 05:22 - 2014-08-19 07:15 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-09-13 05:22 - 2014-08-19 07:14 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-09-13 05:22 - 2014-08-19 07:14 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-09-13 05:22 - 2014-08-19 07:12 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-09-13 05:22 - 2014-08-19 07:10 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-09-13 05:22 - 2014-08-19 07:09 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-09-13 05:22 - 2014-08-19 07:09 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-09-13 05:22 - 2014-08-19 07:09 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-09-13 05:22 - 2014-08-19 07:08 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-09-13 05:22 - 2014-08-19 07:07 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-09-13 05:22 - 2014-08-19 07:06 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-09-13 05:22 - 2014-08-19 07:05 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-09-13 05:22 - 2014-08-19 06:57 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-09-13 05:22 - 2014-08-19 06:55 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-09-13 05:22 - 2014-08-19 06:55 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-09-13 05:22 - 2014-08-19 06:53 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-09-13 05:22 - 2014-08-19 06:53 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-09-13 05:22 - 2014-08-19 06:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-09-13 05:22 - 2014-08-19 06:49 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-09-13 05:22 - 2014-08-19 06:47 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-09-13 05:22 - 2014-08-19 06:47 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-09-13 05:22 - 2014-08-19 06:46 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-09-13 05:22 - 2014-08-19 06:45 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-09-13 05:22 - 2014-08-19 06:45 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-09-13 05:22 - 2014-08-19 06:39 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-09-13 05:22 - 2014-08-19 06:38 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-09-13 05:22 - 2014-08-19 06:37 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-09-13 05:22 - 2014-08-19 06:25 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-09-13 05:22 - 2014-08-19 06:16 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-09-13 05:22 - 2014-08-19 06:08 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-09-13 05:22 - 2014-08-19 06:08 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-09-13 05:22 - 2014-08-19 06:06 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-09-13 05:18 - 2014-06-27 11:38 - 02777088 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2014-09-13 05:18 - 2014-06-27 11:15 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2014-09-11 19:32 - 2014-08-01 21:23 - 01031168 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll
2014-09-11 19:32 - 2014-08-01 21:05 - 00793600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll
2014-09-11 19:29 - 2014-07-07 11:36 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-09-11 19:29 - 2014-07-07 11:36 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-09-11 19:29 - 2014-07-07 11:10 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-09-11 19:29 - 2014-07-07 11:10 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-09-11 19:29 - 2014-07-07 11:09 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-09-11 19:22 - 2014-06-24 12:59 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-09-11 19:22 - 2014-06-24 12:29 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll
2014-09-02 18:28 - 2014-09-02 18:28 - 00000854 _____ () C:\Users\user\Desktop\µTorrent.lnk
2014-09-02 18:26 - 2014-09-04 13:52 - 00000000 ____D () C:\Users\user\AppData\Roaming\uTorrent
2014-09-02 17:48 - 2014-09-02 17:48 - 00000000 ____D () C:\Users\user\AppData\Roaming\AVAST Software
2014-09-02 17:47 - 2014-09-15 06:00 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-02 17:47 - 2014-09-02 17:47 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-09-02 17:47 - 2014-09-02 17:47 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-09-02 17:47 - 2014-09-02 17:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-09-02 17:47 - 2014-09-02 17:46 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-09-02 17:47 - 2014-09-02 17:46 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-09-02 17:47 - 2014-09-02 17:46 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-09-02 17:47 - 2014-09-02 17:46 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-09-02 17:47 - 2014-09-02 17:46 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-09-02 17:46 - 2014-09-02 17:46 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-09-02 17:46 - 2014-09-02 17:46 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-09-02 17:46 - 2014-09-02 17:46 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-09-02 17:46 - 2014-09-02 17:46 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-09-02 17:40 - 2014-09-02 17:40 - 00000000 ____D () C:\Program Files\AVAST Software
2014-09-02 17:38 - 2014-09-02 17:40 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-09-02 17:38 - 2014-09-02 17:38 - 04862664 _____ (AVAST Software) C:\Users\user\Downloads\avast_free_antivirus_setup_online.exe
2014-09-02 17:33 - 2014-08-25 06:53 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-09-02 17:02 - 2014-09-02 17:02 - 00000584 _____ () C:\Windows\system32\TmInstall.log
2014-09-02 16:56 - 2014-09-02 16:56 - 00631728 _____ (ClickMeIn Limited) C:\Users\user\AppData\Local\nsi3FD6.tmp
2014-09-02 11:00 - 2014-09-13 05:18 - 00000000 ___HD () C:\Users\Public\Temp
2014-09-02 10:59 - 2014-09-02 10:59 - 00000000 ____D () C:\Users\user\AppData\Local\com
2014-09-02 10:58 - 2014-09-14 13:22 - 00001100 _____ () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-09-02 10:58 - 2014-09-02 17:06 - 00000003 _____ () C:\Users\user\AppData\Local\proxy.log
2014-09-02 10:51 - 2014-09-02 10:51 - 01942864 _____ (BitTorrent Inc.) C:\Users\user\Desktop\uTorrent.exe
2014-09-02 10:46 - 2014-09-02 10:46 - 00575544 _____ (ClickMeIn Limited) C:\Users\user\AppData\Local\nsbA256.tmp
2014-09-02 10:33 - 2014-09-14 07:36 - 00000000 ____D () C:\Program Files (x86)\CDC27E14-F7CE-431E-BBE0-76C7592FBEF6
2014-09-02 10:31 - 2014-09-14 07:36 - 00000000 ____D () C:\Program Files\005
2014-09-02 10:26 - 2014-09-02 10:26 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-09-02 10:26 - 2014-07-25 12:55 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2014-09-02 10:26 - 2014-07-25 12:49 - 00272808 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaws.exe
2014-09-02 10:26 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\javaw.exe
2014-09-02 10:26 - 2014-07-25 12:49 - 00175528 _____ (Oracle Corporation) C:\Windows\SysWOW64\java.exe
2014-09-02 10:11 - 2014-08-23 11:37 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-09-02 10:11 - 2014-08-23 11:15 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-09-02 10:11 - 2014-08-23 10:29 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-09-01 10:22 - 2014-07-09 11:33 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDYAK.DLL
2014-09-01 10:22 - 2014-07-09 11:33 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDTAT.DLL
2014-09-01 10:22 - 2014-07-09 11:33 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU1.DLL
2014-09-01 10:22 - 2014-07-09 11:33 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDBASH.DLL
2014-09-01 10:22 - 2014-07-09 11:33 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\KBDRU.DLL
2014-09-01 10:22 - 2014-07-09 11:01 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDYAK.DLL
2014-09-01 10:22 - 2014-07-09 11:01 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDTAT.DLL
2014-09-01 10:22 - 2014-07-09 11:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU1.DLL
2014-09-01 10:22 - 2014-07-09 11:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDRU.DLL
2014-09-01 10:22 - 2014-07-09 11:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDBASH.DLL
2014-09-01 10:22 - 2014-07-09 08:08 - 00419992 _____ () C:\Windows\system32\locale.nls
2014-09-01 10:22 - 2014-07-09 08:00 - 00419992 _____ () C:\Windows\SysWOW64\locale.nls
2014-09-01 10:22 - 2014-06-25 11:35 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-09-01 10:22 - 2014-06-25 11:11 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-09-01 10:17 - 2014-07-16 12:53 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2014-09-01 10:17 - 2014-07-16 12:16 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2014-09-01 10:17 - 2014-06-18 11:48 - 00692736 _____ (Microsoft Corporation) C:\Windows\system32\osk.exe
2014-09-01 10:17 - 2014-06-18 11:21 - 00646144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\osk.exe
2014-09-01 10:17 - 2014-06-06 19:40 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-09-01 10:17 - 2014-06-06 19:14 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-09-01 10:17 - 2014-06-03 19:32 - 03241984 _____ (Microsoft Corporation) C:\Windows\system32\msi.dll
2014-09-01 10:17 - 2014-06-03 19:32 - 01941504 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2014-09-01 10:17 - 2014-06-03 19:32 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\msihnd.dll
2014-09-01 10:17 - 2014-06-03 19:32 - 00112064 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2014-09-01 10:17 - 2014-06-03 18:59 - 02363392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll
2014-09-01 10:17 - 2014-06-03 18:59 - 01805824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2014-09-01 10:17 - 2014-06-03 18:59 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msihnd.dll
2014-09-01 10:17 - 2014-05-30 16:15 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2014-09-01 10:15 - 2014-06-16 11:40 - 00985536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2014-09-01 10:15 - 2014-05-30 17:38 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-09-01 10:15 - 2014-05-30 17:38 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-09-01 10:15 - 2014-05-30 17:38 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2014-09-01 10:15 - 2014-05-30 17:38 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-09-01 10:15 - 2014-05-30 17:38 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-09-01 10:15 - 2014-05-30 17:38 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-09-01 10:15 - 2014-05-30 17:22 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-09-01 10:15 - 2014-05-30 17:22 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-09-01 10:15 - 2014-05-30 17:22 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2014-09-01 10:15 - 2014-05-30 17:22 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-09-01 10:15 - 2014-05-30 17:22 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-09-01 10:15 - 2014-05-30 17:22 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-09-01 10:03 - 2014-07-14 11:32 - 01216000 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2014-09-01 10:03 - 2014-07-14 11:10 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2014-09-01 10:02 - 2014-08-07 11:36 - 00529920 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-09-01 10:02 - 2014-08-07 11:31 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-09-01 10:01 - 2014-05-15 01:53 - 02477536 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2014-09-01 10:01 - 2014-05-15 01:53 - 00700384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2014-09-01 10:01 - 2014-05-15 01:53 - 00581600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2014-09-01 10:01 - 2014-05-15 01:53 - 00058336 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2014-09-01 10:01 - 2014-05-15 01:53 - 00044512 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2014-09-01 10:01 - 2014-05-15 01:53 - 00038880 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2014-09-01 10:01 - 2014-05-15 01:53 - 00036320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2014-09-01 10:01 - 2014-05-15 01:51 - 02620928 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2014-09-01 10:01 - 2014-05-15 01:50 - 00097792 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2014-09-01 10:01 - 2014-05-15 01:47 - 00092672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2014-09-01 10:01 - 2014-05-14 09:23 - 00198600 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2014-09-01 10:01 - 2014-05-14 09:23 - 00179656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2014-09-01 10:01 - 2014-05-14 09:20 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2014-09-01 10:01 - 2014-05-14 09:17 - 00033792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2014-08-29 15:55 - 2014-07-01 07:54 - 00008856 _____ (Microsoft Corporation) C:\Windows\system32\icardres.dll
2014-08-29 15:55 - 2014-07-01 07:44 - 00008856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardres.dll
2014-08-29 15:55 - 2014-06-06 15:46 - 00035480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TsWpfWrp.exe
2014-08-29 15:55 - 2014-06-06 15:42 - 00035480 _____ (Microsoft Corporation) C:\Windows\system32\TsWpfWrp.exe
2014-08-29 15:55 - 2014-03-10 07:18 - 01389208 _____ (Microsoft Corporation) C:\Windows\system32\icardagt.exe
2014-08-29 15:55 - 2014-03-10 07:18 - 00171160 _____ (Microsoft Corporation) C:\Windows\system32\infocardapi.dll
2014-08-29 15:55 - 2014-03-10 07:17 - 00619672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardagt.exe
2014-08-29 15:55 - 2014-03-10 07:17 - 00099480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\infocardapi.dll

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2014-09-18 05:21 - 2014-09-16 05:26 - 00018190 _____ () C:\Users\user\Desktop\FRST.txt
2014-09-18 05:21 - 2014-09-13 14:42 - 00000000 ____D () C:\FRST
2014-09-18 05:15 - 2009-07-14 14:15 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-09-18 05:15 - 2009-07-14 14:15 - 00026192 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-09-18 05:12 - 2013-02-12 04:45 - 01708909 _____ () C:\Windows\WindowsUpdate.log
2014-09-18 05:11 - 2009-07-14 14:43 - 00784326 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-09-18 05:08 - 2013-07-03 09:07 - 00000000 ____D () C:\Users\user\AppData\Roaming\Skype
2014-09-18 05:07 - 2014-08-14 16:08 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForuser.job
2014-09-18 05:07 - 2013-07-08 12:49 - 00000439 _____ () C:\Windows\system32\Drivers\etc\hosts.ics
2014-09-18 05:07 - 2013-06-18 09:06 - 01078834 _____ () C:\Windows\setupact.log
2014-09-18 05:07 - 2009-07-14 14:38 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-09-17 20:44 - 2013-06-26 04:22 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log
2014-09-17 20:43 - 2013-07-02 20:11 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2014-09-17 20:43 - 2013-06-23 22:08 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-09-15 16:56 - 2014-09-15 16:56 - 00000000 ____D () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bluetooth Devices
2014-09-15 16:55 - 2014-09-15 16:55 - 00077669 _____ () C:\Users\user\Downloads\FRST mon eve.txt
2014-09-15 16:55 - 2014-09-13 14:42 - 00077669 _____ () C:\Users\user\Downloads\FRST.txt
2014-09-15 06:23 - 2013-02-12 05:10 - 01144322 _____ () C:\Windows\PFRO.log
2014-09-15 06:22 - 2014-09-14 13:21 - 00000000 ____D () C:\AdwCleaner
2014-09-15 06:00 - 2014-09-02 17:47 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-09-14 18:37 - 2009-07-14 15:02 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-09-14 18:15 - 2014-09-14 18:06 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2014-09-14 18:15 - 2014-09-14 18:05 - 00000000 ____D () C:\Users\user\Desktop\mbar
2014-09-14 18:06 - 2014-09-14 18:06 - 00128728 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-09-14 18:06 - 2014-09-13 07:29 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-09-14 18:05 - 2014-09-14 18:05 - 00092888 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-09-14 18:04 - 2014-09-14 18:04 - 14349744 _____ (Malwarebytes Corp.) C:\Users\user\Downloads\mbar-1.07.0.1012.exe
2014-09-14 15:41 - 2014-09-14 15:41 - 00470608 _____ () C:\Windows\Minidump\091414-22542-01.dmp
2014-09-14 15:41 - 2014-01-10 10:25 - 1112895121 _____ () C:\Windows\MEMORY.DMP
2014-09-14 15:41 - 2014-01-10 10:25 - 00000000 ____D () C:\Windows\Minidump
2014-09-14 14:14 - 2014-09-14 14:14 - 00380416 _____ () C:\Users\user\Downloads\GMER.exe
2014-09-14 13:30 - 2014-09-14 13:30 - 00000000 ____D () C:\Windows\ERUNT
2014-09-14 13:28 - 2014-09-14 13:28 - 00699016 _____ (CNET Download.com) C:\Users\user\Downloads\cbsidlm-cbsi213-Junkware_Removal_Tool-SEO-75910255.exe
2014-09-14 13:22 - 2014-09-02 10:58 - 00001100 _____ () C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Search.lnk
2014-09-14 13:20 - 2014-09-14 13:20 - 01373475 _____ () C:\Users\user\Downloads\AdwCleaner.exe
2014-09-14 08:27 - 2009-07-14 12:50 - 00000000 ____D () C:\Windows\rescache
2014-09-14 07:36 - 2014-09-02 10:33 - 00000000 ____D () C:\Program Files (x86)\CDC27E14-F7CE-431E-BBE0-76C7592FBEF6
2014-09-14 07:36 - 2014-09-02 10:31 - 00000000 ____D () C:\Program Files\005
2014-09-13 14:43 - 2014-09-13 14:42 - 00032523 _____ () C:\Users\user\Downloads\Addition.txt
2014-09-13 14:41 - 2014-09-13 14:41 - 02105856 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
2014-09-13 14:29 - 2014-09-13 14:29 - 00854417 _____ () C:\Users\user\Downloads\SecurityCheck.exe
2014-09-13 08:31 - 2014-09-13 08:31 - 00003126 _____ () C:\Windows\System32\Tasks\{8585E23B-1834-44C6-8B35-112E2FB58358}
2014-09-13 08:30 - 2014-09-13 08:30 - 00016130 _____ () C:\Users\user\Downloads\hijackthis.log
2014-09-13 08:26 - 2014-09-13 08:25 - 00388608 _____ (Trend Micro Inc.) C:\Users\user\Downloads\HiJackThis.exe
2014-09-13 08:26 - 2013-02-11 11:07 - 00000000 ____D () C:\Users\user\AppData\Local\VirtualStore
2014-09-13 05:21 - 2013-07-24 00:25 - 00000000 ____D () C:\Windows\system32\MRT
2014-09-13 05:21 - 2013-02-11 11:23 - 00768636 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-09-13 05:18 - 2014-09-02 11:00 - 00000000 ___HD () C:\Users\Public\Temp
2014-09-13 05:18 - 2013-06-21 14:53 - 101694776 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-09-10 11:57 - 2013-06-23 22:08 - 00701104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-09-10 11:57 - 2013-06-23 22:08 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-09-10 11:57 - 2013-06-23 22:08 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-09-07 11:17 - 2009-07-14 14:15 - 00268392 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-09-04 13:52 - 2014-09-02 18:26 - 00000000 ____D () C:\Users\user\AppData\Roaming\uTorrent
2014-09-04 13:43 - 2009-07-14 12:50 - 00000000 ____D () C:\Windows\system32\NDF
2014-09-02 18:28 - 2014-09-02 18:28 - 00000854 _____ () C:\Users\user\Desktop\µTorrent.lnk
2014-09-02 17:48 - 2014-09-02 17:48 - 00000000 ____D () C:\Users\user\AppData\Roaming\AVAST Software
2014-09-02 17:47 - 2014-09-02 17:47 - 00427360 _____ (AVAST Software) C:\Windows\system32\Drivers\aswsp.sys
2014-09-02 17:47 - 2014-09-02 17:47 - 00001966 _____ () C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2014-09-02 17:47 - 2014-09-02 17:47 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast
2014-09-02 17:46 - 2014-09-02 17:47 - 01041168 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2014-09-02 17:46 - 2014-09-02 17:47 - 00224896 _____ () C:\Windows\system32\Drivers\aswVmm.sys
2014-09-02 17:46 - 2014-09-02 17:47 - 00092008 _____ (AVAST Software) C:\Windows\system32\Drivers\aswStm.sys
2014-09-02 17:46 - 2014-09-02 17:47 - 00079184 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2014-09-02 17:46 - 2014-09-02 17:47 - 00065776 _____ () C:\Windows\system32\Drivers\aswRvrt.sys
2014-09-02 17:46 - 2014-09-02 17:46 - 00307344 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2014-09-02 17:46 - 2014-09-02 17:46 - 00093568 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2014-09-02 17:46 - 2014-09-02 17:46 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2014-09-02 17:46 - 2014-09-02 17:46 - 00029208 _____ () C:\Windows\system32\Drivers\aswHwid.sys
2014-09-02 17:40 - 2014-09-02 17:40 - 00000000 ____D () C:\Program Files\AVAST Software
2014-09-02 17:40 - 2014-09-02 17:38 - 00000000 ____D () C:\ProgramData\AVAST Software
2014-09-02 17:38 - 2014-09-02 17:38 - 04862664 _____ (AVAST Software) C:\Users\user\Downloads\avast_free_antivirus_setup_online.exe
2014-09-02 17:16 - 2009-07-14 12:04 - 00000505 _____ () C:\Windows\win.ini
2014-09-02 17:06 - 2014-09-02 10:58 - 00000003 _____ () C:\Users\user\AppData\Local\proxy.log
2014-09-02 17:02 - 2014-09-02 17:02 - 00000584 _____ () C:\Windows\system32\TmInstall.log
2014-09-02 17:00 - 2013-06-21 14:13 - 00000000 ____D () C:\ProgramData\Trend Micro
2014-09-02 16:59 - 2013-06-21 14:18 - 00000000 ____D () C:\Users\user\AppData\Local\Trend Micro
2014-09-02 16:59 - 2013-06-21 14:16 - 00000258 __RSH () C:\ProgramData\ntuser.pol
2014-09-02 16:56 - 2014-09-02 16:56 - 00631728 _____ (ClickMeIn Limited) C:\Users\user\AppData\Local\nsi3FD6.tmp
2014-09-02 10:59 - 2014-09-02 10:59 - 00000000 ____D () C:\Users\user\AppData\Local\com
2014-09-02 10:58 - 2013-07-02 11:18 - 00000000 ____D () C:\Users\user\AppData\Local\CrashDumps
2014-09-02 10:51 - 2014-09-02 10:51 - 01942864 _____ (BitTorrent Inc.) C:\Users\user\Desktop\uTorrent.exe
2014-09-02 10:46 - 2014-09-02 10:46 - 00575544 _____ (ClickMeIn Limited) C:\Users\user\AppData\Local\nsbA256.tmp
2014-09-02 10:33 - 2013-10-16 07:42 - 00000000 ____D () C:\ProgramData\Oracle
2014-09-02 10:26 - 2014-09-02 10:26 - 00004489 _____ () C:\Windows\SysWOW64\jupdate-1.7.0_67-b01.log
2014-09-02 10:26 - 2011-01-19 07:36 - 00000000 ____D () C:\Program Files (x86)\Java
2014-09-02 10:14 - 2009-07-14 12:50 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2014-09-02 10:14 - 2009-07-14 12:50 - 00000000 ____D () C:\Windows\system32\Dism
2014-09-02 10:14 - 2009-07-14 12:50 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-09-02 09:49 - 2014-06-01 14:35 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-09-01 18:21 - 2013-06-25 03:01 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-09-01 18:21 - 2013-06-25 03:01 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-08-29 15:58 - 2013-06-25 03:02 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2014-08-25 06:53 - 2014-09-02 17:33 - 00270496 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-08-23 11:37 - 2014-09-02 10:11 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2014-08-23 11:15 - 2014-09-02 10:11 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2014-08-23 10:29 - 2014-09-02 10:11 - 03163648 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-08-20 03:35 - 2014-09-13 05:22 - 00374968 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2014-08-20 03:09 - 2014-09-13 05:22 - 00327872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2014-08-19 08:31 - 2014-09-13 05:22 - 23591424 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-08-19 07:59 - 2014-09-13 05:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-08-19 07:59 - 2014-09-13 05:22 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-08-19 07:56 - 2014-09-13 05:22 - 17455104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-08-19 07:50 - 2014-09-13 05:22 - 02793984 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-08-19 07:49 - 2014-09-13 05:22 - 05833728 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-08-19 07:45 - 2014-09-13 05:22 - 00547328 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-08-19 07:45 - 2014-09-13 05:22 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-08-19 07:44 - 2014-09-13 05:22 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2014-08-19 07:44 - 2014-09-13 05:22 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-08-19 07:38 - 2014-09-13 05:22 - 04232704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-08-19 07:38 - 2014-09-13 05:22 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-08-19 07:38 - 2014-09-13 05:22 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-08-19 07:35 - 2014-09-13 05:22 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-08-19 07:33 - 2014-09-13 05:22 - 00758272 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-08-19 07:33 - 2014-09-13 05:22 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-08-19 07:33 - 2014-09-13 05:22 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-08-19 07:27 - 2014-09-13 05:22 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-08-19 07:26 - 2014-09-13 05:22 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-08-19 07:21 - 2014-09-13 05:22 - 00446464 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-08-19 07:16 - 2014-09-13 05:22 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-08-19 07:15 - 2014-09-13 05:22 - 00072704 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-08-19 07:15 - 2014-09-13 05:22 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-08-19 07:14 - 2014-09-13 05:22 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2014-08-19 07:14 - 2014-09-13 05:22 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-08-19 07:12 - 2014-09-13 05:22 - 02185728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-08-19 07:10 - 2014-09-13 05:22 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-08-19 07:09 - 2014-09-13 05:22 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-08-19 07:09 - 2014-09-13 05:22 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-08-19 07:09 - 2014-09-13 05:22 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-08-19 07:08 - 2014-09-13 05:22 - 00289280 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-08-19 07:07 - 2014-09-13 05:22 - 00440320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-08-19 07:06 - 2014-09-13 05:22 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-08-19 07:05 - 2014-09-13 05:22 - 00597504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-08-19 06:57 - 2014-09-13 05:22 - 00365056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-08-19 06:55 - 2014-09-13 05:22 - 00727040 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-08-19 06:55 - 2014-09-13 05:22 - 00707072 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-08-19 06:53 - 2014-09-13 05:22 - 02104832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-08-19 06:53 - 2014-09-13 05:22 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-08-19 06:52 - 2014-09-13 05:22 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-08-19 06:49 - 2014-09-13 05:22 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-08-19 06:47 - 2014-09-13 05:22 - 00243200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-08-19 06:47 - 2014-09-13 05:22 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-08-19 06:46 - 2014-09-13 05:22 - 13588480 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-08-19 06:45 - 2014-09-13 05:22 - 11769856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-08-19 06:45 - 2014-09-13 05:22 - 02310656 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-08-19 06:39 - 2014-09-13 05:22 - 00603136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-08-19 06:38 - 2014-09-13 05:22 - 02014208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-08-19 06:37 - 2014-09-13 05:22 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-08-19 06:25 - 2014-09-13 05:22 - 01447424 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-08-19 06:16 - 2014-09-13 05:22 - 01812992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-08-19 06:08 - 2014-09-13 05:22 - 01190400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-08-19 06:08 - 2014-09-13 05:22 - 00775168 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-08-19 06:06 - 2014-09-13 05:22 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll

Some content of TEMP:
====================
C:\Users\user\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-09-16 05:19

==================== End Of Log ============================

Related Topics



0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users