Jump to content

Sven

Members
  • Content count

    40
  • Joined

  • Last visited

  • Days Won

    1

About Sven

  • Rank
    Member
  • Birthday 08/31/1953
  • Age 64

Profile Information

  • Gender
    Male
  • Location
    Torrance, CA
  • OS
    Windows 10
  • Age 64

Profile Fields

  • Country
  • Age 64

Recent Profile Visitors

1,161 profile views
  1. Apple vs FBI

    I don't use Apple computers, but like the I Phone and I back them 100%. if you write the software for a back door or any other way to get into the phone, it will work on all phones. lots of people have sensitive information on the phone like cc numbers they would be open to hackers and many other intrusions GO APPLE all the way to the supreme court Sven
  2. SHUTTERFLY

    Yes I use them, great print quality and good prices Sven
  3. now that is something I can get behind on Sven
  4. NEVER Refrigerate Your Bread

    Well, when I was single, I always purchased a sliced loaf of bread and then splitting it into stacks of 4 and freezing it. even after weeks in the freezer, after it thawed out again, it tasted like fresh from the bakery. this is in the freezer, not the fridge. my 2 cents Sven
  5. Thank you Broni, that did the trick. it is fast and like I used to know it. Thanks Again Sven
  6. I found it in the registry see attached pic
  7. Thanks Broni, How do I get rid of this thing? I looked in Programs and Features, but it is not listed. Thanks Sven
  8. Hi Broni, I have a strange problem with IE11, When I click on the link to get to this ( or any other Page ) I have no problem getting there. If I then click on a link on that page, it starts something, but it will not get there. I have to click on the back arrow and try again, sometimes more than once. So I ran JRT and it tells me: ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant After that IE behaves normally. This started after the last cleaning over at Windows BBS. After a while, like 2 days, the problem is back and I run JRT again and it is fine again. Always comes back with the same “ successfully repaired…….” Any idea on what is going on? Thanks Sven
  9. Thanks Broni, I did the reset, works OK. Thanks Sven
  10. Hi Broni, Not too long ago, you helped me clean my computer over at WindowsBBS. Shortly after that I noticed that it takes a long time to load pages in IE11. So I went back to that thread and ran again frst and Rogue Killer and Adw Cleaner and JRT. The logs are attached. What I noticed is that it says “unknown MBR code” and that worried me. Let me know if I need another cleaning. Thanks Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015 Ran by user (administrator) on SVENALBRECHT on 13-06-2015 10:09:58 Running from C:\Users\user\Desktop Loaded Profiles: user (Available Profiles: user) Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\winword.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation) HKLM-x32\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] () HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2015-05-31] () ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-2559062345-3467455893-886524796-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-2559062345-3467455893-886524796-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsbbs.com/ SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-05-05] (Microsoft Corporation) BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2013-07-31] (Logitech, Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-04-14] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-05-05] (Microsoft Corporation) BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2013-07-31] (Logitech, Inc.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-04-14] (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation) DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab DPF: HKLM-x32 {9BDF4724-10AA-43D5-BD15-AEA0D2287303} http://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab DPF: HKLM-x32 {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-05-05] (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62 FireFox: ======== FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\r4lmfvjz.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-29] () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-29] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll [2013-04-03] (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] () FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-08-27] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2011-07-26] (Nero AG) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.) FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-05-31] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-11-16] (Advanced Micro Devices, Inc.) [File not signed] R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2736824 2015-04-07] (Microsoft Corporation) S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2015-05-06] (Freemake) [File not signed] S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation) R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation) S2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3272656 2014-07-21] (Paramount Software UK Ltd) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-01] (TeamViewer GmbH) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices) R1 BTOWSFF; C:\Windows\System32\Drivers\BTOWSFF.sys [33024 2013-12-15] (Toolwiz.com) R0 BTOWSVF; C:\Windows\System32\Drivers\BTOWSVF.sys [52480 2013-12-15] (Toolwiz.com) R3 dvdfab; C:\Windows\System32\drivers\dvdfab.sys [79232 2011-08-15] (Fengtao Software Inc.) S3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys [17920 2010-06-19] (Siliten) S3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [21504 2009-11-27] (Windows ® Codename Longhorn DDK provider) [File not signed] S3 KMWDFILTER; C:\Windows\SysWOW64\DRIVERS\KMWDFILTER.sys [17408 2009-11-27] (Windows ® Codename Longhorn DDK provider) [File not signed] R0 KSafeDISK; C:\Windows\System32\Drivers\KSafeDISK.sys [52992 2013-12-15] (Toolwiz.com) R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [110744 2012-07-19] (Qualcomm Atheros Co., Ltd.) R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] () S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation) S3 PSVolAcc; C:\Windows\System32\Drivers\PSVolAcc.sys [12760 2014-07-21] (Paramount Software UK Ltd) R3 RTL8192cu; C:\Windows\System32\DRIVERS\rtwlanu.sys [1041000 2012-02-22] (Realtek Semiconductor Corporation ) S3 scsiscan; C:\Windows\system32\drivers\scsiscan.sys [17920 2009-07-13] (Microsoft Corporation) S3 SIVDriver; C:\Windows\system32\Drivers\SIVX64.sys [149240 2014-02-09] (Ray Hinchliffe) R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [204800 2011-11-14] (VIA Technologies, Inc.) R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [256000 2011-11-14] (VIA Technologies, Inc.) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-13 10:09 - 2015-06-13 10:10 - 00012764 _____ C:\Users\user\Desktop\FRST.txt 2015-06-13 10:09 - 2015-06-13 10:10 - 00000000 ____D C:\FRST 2015-06-13 10:09 - 2015-06-13 10:09 - 02109952 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe 2015-06-09 17:26 - 2015-05-25 11:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-06-09 17:26 - 2015-05-25 11:23 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-06-09 17:26 - 2015-05-25 11:23 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-06-09 17:26 - 2015-05-25 11:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-06-09 17:26 - 2015-05-25 11:19 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-06-09 17:26 - 2015-05-25 11:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll 2015-06-09 17:26 - 2015-05-25 11:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2015-06-09 17:26 - 2015-05-25 11:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2015-06-09 17:26 - 2015-05-25 11:19 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-06-09 17:26 - 2015-05-25 11:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-06-09 17:26 - 2015-05-25 11:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2015-06-09 17:26 - 2015-05-25 11:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2015-06-09 17:26 - 2015-05-25 11:19 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-06-09 17:26 - 2015-05-25 11:19 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-06-09 17:26 - 2015-05-25 11:19 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-06-09 17:26 - 2015-05-25 11:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2015-06-09 17:26 - 2015-05-25 11:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2015-06-09 17:26 - 2015-05-25 11:19 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-06-09 17:26 - 2015-05-25 11:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-06-09 17:26 - 2015-05-25 11:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll 2015-06-09 17:26 - 2015-05-25 11:19 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-06-09 17:26 - 2015-05-25 11:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-06-09 17:26 - 2015-05-25 11:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-06-09 17:26 - 2015-05-25 11:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-06-09 17:26 - 2015-05-25 11:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-06-09 17:26 - 2015-05-25 11:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2015-06-09 17:26 - 2015-05-25 11:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2015-06-09 17:26 - 2015-05-25 11:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe 2015-06-09 17:26 - 2015-05-25 11:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2015-06-09 17:26 - 2015-05-25 11:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-06-09 17:26 - 2015-05-25 11:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-06-09 17:26 - 2015-05-25 11:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe 2015-06-09 17:26 - 2015-05-25 11:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-06-09 17:26 - 2015-05-25 11:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe 2015-06-09 17:26 - 2015-05-25 11:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-06-09 17:26 - 2015-05-25 11:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe 2015-06-09 17:26 - 2015-05-25 11:18 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-06-09 17:26 - 2015-05-25 11:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-06-09 17:26 - 2015-05-25 11:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe 2015-06-09 17:26 - 2015-05-25 11:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-06-09 17:26 - 2015-05-25 11:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-06-09 17:26 - 2015-05-25 11:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-06-09 17:26 - 2015-05-25 11:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-06-09 17:26 - 2015-05-25 11:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 11:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 11:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 11:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 11:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 11:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 11:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 11:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 11:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 11:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 11:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 11:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 11:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 11:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 11:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 11:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 11:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 11:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 11:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 11:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 11:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 11:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 11:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 11:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 11:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 11:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 11:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 11:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 11:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-06-09 17:26 - 2015-05-25 11:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-06-09 17:26 - 2015-05-25 11:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-06-09 17:26 - 2015-05-25 11:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2015-06-09 17:26 - 2015-05-25 11:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll 2015-06-09 17:26 - 2015-05-25 11:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-06-09 17:26 - 2015-05-25 11:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-06-09 17:26 - 2015-05-25 11:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-06-09 17:26 - 2015-05-25 11:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-06-09 17:26 - 2015-05-25 11:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-06-09 17:26 - 2015-05-25 11:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll 2015-06-09 17:26 - 2015-05-25 11:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-06-09 17:26 - 2015-05-25 11:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-06-09 17:26 - 2015-05-25 11:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-06-09 17:26 - 2015-05-25 11:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-06-09 17:26 - 2015-05-25 11:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-06-09 17:26 - 2015-05-25 11:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe 2015-06-09 17:26 - 2015-05-25 11:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe 2015-06-09 17:26 - 2015-05-25 11:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-06-09 17:26 - 2015-05-25 11:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe 2015-06-09 17:26 - 2015-05-25 11:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe 2015-06-09 17:26 - 2015-05-25 11:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2015-06-09 17:26 - 2015-05-25 11:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe 2015-06-09 17:26 - 2015-05-25 10:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2015-06-09 17:26 - 2015-05-25 10:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2015-06-09 17:26 - 2015-05-25 10:59 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-06-09 17:26 - 2015-05-25 10:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2015-06-09 17:26 - 2015-05-25 10:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-06-09 17:26 - 2015-05-25 10:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-06-09 17:26 - 2015-05-25 10:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-06-09 17:26 - 2015-05-25 10:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-06-09 17:26 - 2015-05-25 10:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 10:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 10:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 10:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 10:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 10:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 10:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 10:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 10:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 10:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 10:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 10:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 10:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 10:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 10:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 10:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 10:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 10:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 10:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 10:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 10:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 10:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 10:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 10:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 10:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll 2015-06-09 17:26 - 2015-05-25 09:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2015-06-09 17:26 - 2015-05-25 09:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2015-06-09 17:26 - 2015-05-25 09:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 09:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 09:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2015-06-09 17:26 - 2015-05-22 11:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-06-09 17:26 - 2015-05-22 11:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-06-09 17:26 - 2015-05-22 11:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-06-09 17:26 - 2015-05-22 11:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-06-09 17:26 - 2015-05-22 11:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-06-09 17:26 - 2015-05-22 11:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-06-09 17:26 - 2015-05-22 11:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-06-09 17:26 - 2015-05-21 06:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2015-06-09 17:26 - 2015-04-29 11:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2015-06-09 17:26 - 2015-04-29 11:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll 2015-06-09 17:26 - 2015-04-29 11:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx 2015-06-09 17:26 - 2015-04-29 11:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll 2015-06-09 17:26 - 2015-04-29 11:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2015-06-09 17:26 - 2015-04-29 11:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2015-06-09 17:26 - 2015-04-29 11:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll 2015-06-09 17:26 - 2015-04-29 11:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx 2015-06-09 17:26 - 2015-04-29 11:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll 2015-06-09 17:26 - 2015-04-29 11:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2015-06-09 17:25 - 2015-06-01 12:16 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-06-09 17:25 - 2015-06-01 11:07 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-06-09 17:25 - 2015-05-27 07:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-06-09 17:25 - 2015-05-27 07:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-06-09 17:25 - 2015-05-25 10:08 - 03206144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-06-09 17:25 - 2015-05-22 20:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-06-09 17:25 - 2015-05-22 20:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-06-09 17:25 - 2015-05-22 20:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-06-09 17:25 - 2015-05-22 20:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-06-09 17:25 - 2015-05-22 20:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-06-09 17:25 - 2015-05-22 20:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-06-09 17:25 - 2015-05-22 20:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-06-09 17:25 - 2015-05-22 20:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-06-09 17:25 - 2015-05-22 20:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-06-09 17:25 - 2015-05-22 20:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-06-09 17:25 - 2015-05-22 20:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-06-09 17:25 - 2015-05-22 20:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-06-09 17:25 - 2015-05-22 20:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-06-09 17:25 - 2015-05-22 19:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-06-09 17:25 - 2015-05-22 19:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-06-09 17:25 - 2015-05-22 19:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-06-09 17:25 - 2015-05-22 19:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-06-09 17:25 - 2015-05-22 19:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-06-09 17:25 - 2015-05-22 19:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-06-09 17:25 - 2015-05-22 19:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-06-09 17:25 - 2015-05-22 19:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-06-09 17:25 - 2015-05-22 19:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-06-09 17:25 - 2015-05-22 19:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-06-09 17:25 - 2015-05-22 19:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-06-09 17:25 - 2015-05-22 19:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-06-09 17:25 - 2015-05-22 19:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-06-09 17:25 - 2015-05-22 12:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-06-09 17:25 - 2015-05-22 12:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-06-09 17:25 - 2015-05-22 12:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-06-09 17:25 - 2015-05-22 12:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-06-09 17:25 - 2015-05-22 12:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-06-09 17:25 - 2015-05-22 12:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-06-09 17:25 - 2015-05-22 12:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-06-09 17:25 - 2015-05-22 11:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-06-09 17:25 - 2015-05-22 11:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-06-09 17:25 - 2015-05-22 11:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-06-09 17:25 - 2015-05-22 11:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-06-09 17:25 - 2015-05-22 11:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-06-09 17:25 - 2015-05-22 11:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-06-09 17:25 - 2015-05-22 11:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-06-09 17:25 - 2015-05-22 11:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-06-09 17:25 - 2015-05-22 11:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-06-09 17:25 - 2015-05-22 11:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-06-09 17:25 - 2015-05-22 11:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-06-09 17:25 - 2015-05-22 11:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-06-09 17:25 - 2015-05-22 11:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-06-09 17:25 - 2015-05-22 11:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-06-09 17:25 - 2015-05-22 11:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-06-09 17:25 - 2015-05-22 11:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-06-09 17:25 - 2015-05-22 11:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-06-09 17:25 - 2015-05-22 11:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-06-09 17:25 - 2015-05-22 11:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-06-09 17:25 - 2015-05-22 10:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-06-09 17:25 - 2015-05-22 10:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-06-09 17:25 - 2015-05-22 10:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-06-09 17:25 - 2015-05-22 10:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-06-09 17:25 - 2015-04-24 11:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll 2015-06-09 17:25 - 2015-04-24 10:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll 2015-06-09 17:25 - 2015-04-10 20:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys 2015-06-08 22:25 - 2015-06-13 09:32 - 00000448 _____ C:\Windows\setupact.log 2015-06-08 22:25 - 2015-06-08 22:25 - 00000000 _____ C:\Windows\setuperr.log 2015-06-08 22:24 - 2015-06-13 09:32 - 00002352 _____ C:\Windows\PFRO.log 2015-06-08 22:22 - 2015-06-13 09:45 - 00000000 ____D C:\AdwCleaner 2015-06-08 20:01 - 2015-06-13 10:02 - 00000000 ____D C:\Users\user\Documents\Clean up 2015-06-02 21:47 - 2015-06-02 21:48 - 00003074 _____ C:\DelFix.txt 2015-06-02 21:47 - 2015-06-02 21:47 - 00000000 ____D C:\Windows\ERUNT 2015-06-02 17:37 - 2015-06-02 21:52 - 00000000 ____D C:\ProgramData\Sophos 2015-06-01 18:38 - 2015-06-01 18:38 - 00000000 ____D C:\Users\user\AppData\Local\TempTaskUpdateDetectionBE12D23C-0761-462F-982E-6604B32ABEA3 2015-06-01 18:31 - 2015-06-01 18:44 - 00000000 ____D C:\Windows\erdnt 2015-06-01 18:15 - 2015-06-01 18:15 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll 2015-06-01 18:15 - 2015-06-01 18:15 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll 2015-06-01 18:15 - 2015-06-01 18:15 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat 2015-06-01 18:15 - 2015-06-01 18:15 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat 2015-06-01 18:15 - 2015-06-01 18:15 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll 2015-06-01 18:15 - 2015-06-01 18:15 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2015-06-01 18:15 - 2015-06-01 18:15 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2015-06-01 18:15 - 2015-06-01 18:15 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll 2015-06-01 18:15 - 2015-06-01 18:15 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2015-06-01 18:15 - 2015-06-01 18:15 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2015-06-01 18:15 - 2015-06-01 18:15 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll 2015-06-01 18:15 - 2015-06-01 18:15 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll 2015-06-01 18:15 - 2015-06-01 18:15 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe 2015-06-01 18:15 - 2015-06-01 18:15 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2015-06-01 18:15 - 2015-06-01 18:15 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2015-06-01 18:15 - 2015-06-01 18:15 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe 2015-06-01 18:15 - 2015-06-01 18:15 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2015-06-01 18:15 - 2015-06-01 18:15 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2015-06-01 18:15 - 2015-06-01 18:15 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll 2015-06-01 18:15 - 2015-06-01 18:15 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2015-06-01 18:15 - 2015-06-01 18:15 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2015-06-01 18:15 - 2015-06-01 18:15 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2015-06-01 18:15 - 2015-06-01 18:15 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2015-06-01 18:15 - 2015-06-01 18:15 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2015-06-01 18:15 - 2015-06-01 18:15 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe 2015-06-01 18:15 - 2015-06-01 18:15 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2015-06-01 18:15 - 2015-06-01 18:15 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2015-06-01 18:15 - 2015-06-01 18:15 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2015-06-01 18:15 - 2015-06-01 18:15 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll 2015-06-01 18:15 - 2015-06-01 18:15 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2015-06-01 18:15 - 2015-06-01 18:15 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe 2015-06-01 18:15 - 2015-06-01 18:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2015-06-01 18:15 - 2015-06-01 18:15 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll 2015-06-01 18:15 - 2015-06-01 18:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2015-06-01 18:15 - 2015-06-01 18:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll 2015-06-01 18:15 - 2015-06-01 18:15 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2015-06-01 18:15 - 2015-06-01 18:15 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2015-06-01 18:15 - 2015-06-01 18:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll 2015-06-01 18:15 - 2015-06-01 18:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll 2015-06-01 18:15 - 2015-06-01 18:15 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll 2015-06-01 18:15 - 2015-06-01 18:15 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2015-06-01 18:15 - 2015-06-01 18:15 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2015-06-01 18:15 - 2015-06-01 18:15 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2015-06-01 18:15 - 2015-06-01 18:15 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2015-06-01 18:15 - 2015-06-01 18:15 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2015-06-01 18:15 - 2015-06-01 18:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2015-06-01 18:15 - 2015-06-01 18:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2015-06-01 18:15 - 2015-06-01 18:15 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2015-06-01 17:58 - 2015-06-01 17:58 - 00000000 ____D C:\Users\user\AppData\Local\GWX 2015-06-01 16:58 - 2015-06-01 16:58 - 00000207 _____ C:\Windows\tweaking.com-regbackup-SVENALBRECHT-Windows-7-Ultimate-(64-bit).dat 2015-06-01 16:47 - 2015-06-13 09:54 - 00037624 _____ C:\Windows\system32\Drivers\TrueSight.sys 2015-06-01 16:47 - 2015-06-01 16:57 - 00000000 ____D C:\ProgramData\RogueKiller 2015-06-01 16:03 - 2015-06-01 16:03 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2015-05-31 19:22 - 2015-06-01 16:04 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2015-05-31 19:21 - 2015-05-31 19:21 - 00000000 ____D C:\Program Files (x86)\Adobe 2015-05-31 18:22 - 2015-05-31 18:22 - 00543104 _____ C:\Users\user\Documents\cookies.txt 2015-05-31 18:22 - 2015-05-31 18:22 - 00034931 _____ C:\Users\user\Documents\bookmark.htm 2015-05-30 22:07 - 2015-06-12 22:12 - 00003938 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{D877F1F9-7D3E-4EE1-911B-3683107AE44E} 2015-05-30 22:05 - 2015-05-30 22:05 - 00000000 ____D C:\Users\user\Documents\Autoruns ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-13 09:50 - 2013-04-26 22:54 - 01352086 _____ C:\Windows\WindowsUpdate.log 2015-06-13 09:40 - 2009-07-13 21:45 - 00028000 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-06-13 09:40 - 2009-07-13 21:45 - 00028000 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-06-13 09:32 - 2014-04-19 09:31 - 00000330 _____ C:\Windows\Tasks\GlaryInitialize 4.job 2015-06-13 09:32 - 2013-10-20 16:54 - 00000000 _____ C:\Windows\system32\Drivers\lvuvc.hs 2015-06-13 09:32 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-06-12 23:23 - 2013-06-15 09:49 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-06-12 16:05 - 2013-05-04 15:39 - 00027136 _____ C:\Users\user\Documents\Lotto payout.xls 2015-06-10 14:33 - 2014-07-04 09:55 - 00000000 ____D C:\Users\user\AppData\Local\Adobe 2015-06-10 14:15 - 2013-06-15 09:49 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-06-10 14:15 - 2013-04-27 16:44 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-06-10 14:15 - 2013-04-27 16:44 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-06-09 22:52 - 2014-02-17 22:15 - 00000000 ____D C:\Users\user\AppData\Local\CrashDumps 2015-06-09 21:23 - 2015-04-21 18:07 - 00000000 __SHD C:\Users\user\AppData\Local\EmieBrowserModeList 2015-06-09 21:23 - 2014-05-02 18:26 - 00000000 __SHD C:\Users\user\AppData\Local\EmieUserList 2015-06-09 21:23 - 2014-05-02 18:26 - 00000000 __SHD C:\Users\user\AppData\Local\EmieSiteList 2015-06-09 20:07 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache 2015-06-09 18:31 - 2013-05-04 18:23 - 00697272 _____ C:\Windows\system32\perfh007.dat 2015-06-09 18:31 - 2013-05-04 18:23 - 00149240 _____ C:\Windows\system32\perfc007.dat 2015-06-09 18:31 - 2009-07-13 22:13 - 01620684 _____ C:\Windows\system32\PerfStringBackup.INI 2015-06-09 18:26 - 2009-07-13 22:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD 2015-06-09 18:25 - 2009-07-13 21:45 - 00568544 _____ C:\Windows\system32\FNTCACHE.DAT 2015-06-09 18:23 - 2015-04-21 17:07 - 00000000 ____D C:\Windows\system32\appraiser 2015-06-09 18:23 - 2014-05-10 22:34 - 00000000 ___SD C:\Windows\system32\CompatTel 2015-06-09 18:23 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2015-06-09 18:05 - 2013-08-08 18:27 - 00000000 ____D C:\Windows\system32\MRT 2015-06-09 18:01 - 2013-04-27 02:47 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-06-08 17:38 - 2014-07-26 20:44 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-06-07 13:54 - 2013-05-12 11:58 - 00000000 ____D C:\Users\user\AppData\Local\PokerStars.NET 2015-06-07 13:54 - 2013-05-12 11:58 - 00000000 ____D C:\Program Files (x86)\PokerStars.NET 2015-06-07 11:01 - 2015-04-20 20:47 - 00000000 ____D C:\Users\user\Documents\2015 2015-06-05 17:05 - 2015-04-21 19:32 - 00000980 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk 2015-06-05 17:05 - 2013-05-11 09:09 - 00000000 ____D C:\Program Files (x86)\TeamViewer 2015-06-01 18:46 - 2009-07-13 20:20 - 00000000 __RHD C:\Users\Default 2015-06-01 18:41 - 2009-07-13 19:34 - 00000215 _____ C:\Windows\system.ini 2015-06-01 18:39 - 2009-07-13 19:34 - 52953088 _____ C:\Windows\system32\config\components.bak 2015-06-01 18:39 - 2009-07-13 19:34 - 19398656 _____ C:\Windows\system32\config\system.bak 2015-06-01 18:39 - 2009-07-13 19:34 - 101711872 _____ C:\Windows\system32\config\software.bak 2015-06-01 18:39 - 2009-07-13 19:34 - 00524288 _____ C:\Windows\system32\config\default.bak 2015-06-01 18:39 - 2009-07-13 19:34 - 00262144 _____ C:\Windows\system32\config\security.bak 2015-06-01 18:39 - 2009-07-13 19:34 - 00262144 _____ C:\Windows\system32\config\sam.bak 2015-06-01 17:27 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF 2015-06-01 17:02 - 2014-07-26 20:44 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-05-31 19:21 - 2013-04-27 16:41 - 00000000 ____D C:\ProgramData\Adobe 2015-05-31 09:55 - 2014-02-16 14:51 - 00163328 ___SH C:\Users\user\Desktop\Thumbs.db 2015-05-30 11:26 - 2013-05-04 15:20 - 00000000 ____D C:\Users\user\AppData\Roaming\Skype 2015-05-21 22:12 - 2015-04-21 17:07 - 00000000 ___SD C:\Windows\SysWOW64\GWX 2015-05-21 22:11 - 2015-04-21 17:07 - 00000000 ___SD C:\Windows\system32\GWX 2015-05-21 19:11 - 2014-08-27 17:51 - 00000000 ____D C:\Program Files\Microsoft Office 15 Some files in TEMP: ==================== C:\Users\user\AppData\Local\Temp\dllnt_dump.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-06-04 20:19 ==================== End of log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2015 Ran by user at 2015-06-13 10:10:29 Running from C:\Users\user\Desktop Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2559062345-3467455893-886524796-500 - Administrator - Disabled) Guest (S-1-5-21-2559062345-3467455893-886524796-501 - Limited - Enabled) HomeGroupUser$ (S-1-5-21-2559062345-3467455893-886524796-1036 - Limited - Enabled) user (S-1-5-21-2559062345-3467455893-886524796-1000 - Administrator - Enabled) => C:\Users\user ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A} AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov) Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated) Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.160 - Adobe Systems Incorporated) Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated) Amazon Kindle (HKU\S-1-5-21-2559062345-3467455893-886524796-1000\...\Amazon Kindle) (Version: - Amazon) AMD Catalyst Install Manager (HKLM\...\{FAF03106-1653-15E1-3C0C-E7AE4FAE6EBF}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.) Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.) Belkin N600 DB USB Wireless Adapter (HKLM-x32\...\{B20F9D1C-A0A5-4CD8-8306-DA03872311B1}) (Version: 1.00.0184.2 - Belkin International, Inc.) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) CCleaner (HKLM\...\CCleaner) (Version: 4.01 - Piriform) CPUID CPU-Z 1.63.0 (HKLM\...\CPUID CPU-Z_is1) (Version: - ) Freemake Video Converter version 4.1.6 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.6 - Ellora Assets Corporation) HP Deskjet 1000 J110 series Basic Device Software (HKLM\...\{A3E89C5B-BB3A-433A-A878-D1310BB13EAD}) (Version: 28.0.1313.0 - Hewlett-Packard Co.) iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.) iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.) Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech) Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.) Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.) Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 5.3 - Paramount Software (UK) Ltd.) Macrium Reflect Free Edition (Version: 5.3.7149 - Paramount Software (UK) Ltd.) Hidden Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Office Korrekturhilfen 2013 - Deutsch (HKLM-x32\...\{90150000-001F-0407-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4719.1002 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation) Microsoft SkyDrive (HKU\S-1-5-21-2559062345-3467455893-886524796-1000\...\SkyDriveSetup.exe) (Version: 17.0.2006.0314 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Nero Backup Drivers (HKLM\...\{D600D357-5CB9-4DE9-8FD4-14E208BD1970}) (Version: 1.0.10000.1.0 - Nero AG) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4719.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.) Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.) TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.43174 - TeamViewer) VueScan x64 (HKLM\...\VueScan x64) (Version: - ) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2559062345-3467455893-886524796-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\user\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2559062345-3467455893-886524796-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\user\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2559062345-3467455893-886524796-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\user\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2559062345-3467455893-886524796-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\user\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2559062345-3467455893-886524796-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\user\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\FileSyncApi64.dll (Microsoft Corporation) ==================== Restore Points ========================= 02-06-2015 21:48:36 End of disinfection 02-06-2015 21:52:26 Removed Sophos Virus Removal Tool. 06-06-2015 09:00:30 Windows Update 09-06-2015 18:00:20 Windows Update 13-06-2015 09:43:57 Windows Update ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2014-07-05 22:32 - 2015-06-01 18:41 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {011CE1FD-DC5C-43FB-AA70-EB55338ED31A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-05-05] (Microsoft Corporation) Task: {0566CF5A-C25F-4538-9BC2-98C548E1973E} - System32\Tasks\{E3C54A32-52DF-46D7-A04B-9F585DCC4BDD} => D:\FFF001.EXE Task: {05E9F660-8893-476B-B7D5-4E8B75106757} - System32\Tasks\GlaryInitialize 4 => C:\Program Files (x86)\Glary Utilities 4\Initialize.exe [2014-04-14] (Glarysoft Ltd) Task: {0A1F7AC9-DCCC-44E0-809D-11122D4A7C00} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {0E39C653-47D9-4F4C-A6C0-ECB9684562CC} - System32\Tasks\{E9BB9AEC-ADCE-4524-9BE1-CF2D8F5EE532} => Iexplore.exe http://ui.skype.com/ui/0/6.18.73.106.456/en/go/help.faq.installer?LastError=1638 Task: {21F47A67-858C-443B-879A-D6234EC0FDD4} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation) Task: {22A0B148-DA54-4F4B-A5B7-AE3598C213F7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-04-23] (Piriform Ltd) Task: {257686D4-E521-4604-A3F4-162A09ED5A36} - System32\Tasks\GU4SkipUAC => C:\Program Files (x86)\Glary Utilities 4\Integrator.exe [2014-04-14] (Glarysoft Ltd) Task: {257C4FE1-08C1-4673-B0EE-A139B5787DE7} - System32\Tasks\Tweaking.com - Registry Backup => C:\Program Files (x86)\Tweaking.com\Registry Backup\TweakingRegistryBackup.exe Task: {25979E46-BFD9-4A92-A832-D0A2C5E792EA} - System32\Tasks\{2848C3EE-FF0F-4AC8-B5B8-022B622C4558} => Iexplore.exe http://ui.skype.com/ui/0/6.18.73.106.456/en/go/help.faq.installer?LastError=1638 Task: {33A30371-2F89-4FF1-96B3-F8B289454E5E} - System32\Tasks\{DA75907B-802B-4A88-ABD4-7A026131E76F} => pcalua.exe -a "C:\Program Files\AVAST Software\Avast\aswRunDll.exe" -c "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup Task: {3E57381B-82BA-4F26-A33C-E92660CDE653} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-16] (Microsoft Corporation) Task: {41654E46-86AC-4BE4-99C6-E2758D7EB511} - System32\Tasks\{52B5D05C-EB93-40BA-859C-665983B580C3} => D:\FFF001.EXE Task: {4C7EB2EA-169E-4F22-B7CE-5F2AD63D091A} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation) Task: {75060DED-5839-4279-82FA-98FFA91662C0} - System32\Tasks\{61D7D3F2-4767-4C9F-980C-5DAF0B7ACFF7} => D:\FFF001.EXE Task: {81DD951F-53E5-4F9D-90D8-21C20D9EBBBD} - System32\Tasks\{ED327E1F-C134-473C-B31A-A00E12C147EC} => D:\FFF001.EXE Task: {864AC9DA-7D8E-4F7B-BC52-AC6E38CB9C48} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks Task: {87C954D2-E789-4B1E-9C7A-6AE5B0834935} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation) Task: {8C490523-9DFA-4E92-A942-52B14EA02597} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {8DA992C9-E34D-4A7B-84CC-58D450329E3E} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation) Task: {93AD302C-AFB4-4C9E-9C4B-A3B7D588B2FA} - System32\Tasks\{1BF9924C-E463-4206-915F-5BE367E3BD06} => D:\FFF001.EXE Task: {962007D7-75FE-42F4-B2BD-F8338A0E0664} - System32\Tasks\ToolwizCareFree => C:\Program Files (x86)\ToolwizCareFree\ToolwizCares.exe [2013-12-15] (Toolwiz) Task: {9FD3FFC7-44BB-451D-BA8E-60DF357B3669} - System32\Tasks\{04A28F36-2F27-4916-BA62-B6EB8AC6A703} => pcalua.exe -a "E:\Gigabyte Drivers\W7\CPSetup.exe" -d "E:\Gigabyte Drivers\W7" Task: {A5C9E65A-0115-4928-A921-5449676E41BF} - System32\Tasks\{8A7FCC09-8BF8-4244-A5BB-B0BA3023C043} => Iexplore.exe http://ui.skype.com/ui/0/6.18.73.106.456/en/go/help.faq.installer?LastError=1638 Task: {AF8EA10C-6209-4F5C-8D0F-4912E0DA13E8} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation) Task: {B3F11657-4D62-4FD4-805A-1F788CF3E515} - System32\Tasks\{F3C66A42-EC67-43C1-965E-4732F4F3EE79} => pcalua.exe -a D:\cpic32.exe -d D:\ -c -setup Task: {BA697D06-360F-4977-8E93-E2EF4C649FE7} - System32\Tasks\{5227B1CA-E3E1-4509-B512-795F54DB9E3A} => pcalua.exe -a E:\DOSBox0.71-win32-installer.exe -d E:\ Task: {CAB969BE-449E-45B0-84C1-4B190BA22317} - System32\Tasks\{3FC8669F-5F5D-4288-BE53-0506A1DCD783} => Iexplore.exe http://ui.skype.com/ui/0/6.18.73.106.456/en/go/help.faq.installer?LastError=1638 Task: {DE49EDEB-F172-4446-B051-C44CBD2D1124} - System32\Tasks\Core Temp Autostart user => C:\Program Files\Core Temp\Core Temp.exe Task: {DF7649EF-B9D7-43D2-A93F-91D4F5FB5429} - System32\Tasks\{30FFB3B0-03B2-42AD-8230-70F710CB28AD} => pcalua.exe -a D:\UNINSTL.EXE -d D:\ Task: {F3228A8D-A276-40C3-841B-24429957218D} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2559062345-3467455893-886524796-1000 Task: {F54428E2-4699-4B0C-8CF7-64472C7DFC61} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-10] (Adobe Systems Incorporated) Task: {FC45CED1-C40A-4F85-B87A-B05C4C07A952} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2013-04-27] (Microsoft Corporation) Task: {FCAC4574-8F73-40DD-99CF-5B19511F8781} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation) Task: {FCFB02D3-115D-42AD-A418-5CC61F51E4B7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-05-05] (Microsoft Corporation) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GlaryInitialize 4.job => C:\Program Files (x86)\Glary Utilities 4\Initialize.exe ==================== Loaded Modules (Whitelisted) ============== 2015-03-20 18:12 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-03-20 18:12 - 2015-03-20 18:12 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2015-05-05 17:00 - 2015-05-05 17:00 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2014-08-27 17:51 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2015-05-05 16:58 - 2015-05-05 16:58 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll 2014-08-27 17:52 - 2014-08-27 17:55 - 00196264 _____ () C:\Program Files\Microsoft Office 15\root\office15\IEAWSDC.DLL ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-2559062345-3467455893-886524796-1000\...\anthem.com -> hxxps://www.anthem.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2559062345-3467455893-886524796-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 209.18.47.61 - 209.18.47.62 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: Apple Mobile Device => 2 MSCONFIG\Services: Apple Mobile Device Service => 2 MSCONFIG\Services: Bonjour Service => 2 MSCONFIG\Services: Freemake Improver => 2 MSCONFIG\Services: iPod Service => 3 MSCONFIG\Services: LBTServ => 3 MSCONFIG\Services: MozillaMaintenance => 3 MSCONFIG\Services: NAUpdate => 2 MSCONFIG\Services: RalinkRegistryWriter => 2 MSCONFIG\Services: RalinkRegistryWriter64 => 2 MSCONFIG\Services: RaMediaServer => 2 MSCONFIG\startupreg: GUDelayStartup => "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: NBAgent => "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: ToolwizCareFree => "C:\Program Files (x86)\ToolwizCareFree\ToolwizCares.exe" -autorun ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{1150BA71-A7F8-4D94-92BF-818FF79105DC}] => (Allow) C:\Users\user\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe FirewallRules: [{6F198C10-6D7F-465E-BFEC-716C85462A1C}] => (Allow) C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\USBSetup.exe FirewallRules: [{10D9A41E-EF89-4F24-8DA8-CA7483D5F45F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{2097A84B-7BA3-40F6-A971-F587D1D548BA}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe FirewallRules: [{06EC0723-808E-40AA-A4EC-94F813B279C2}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe FirewallRules: [{8F952F99-92EC-47A6-8E5A-ABC4E344EF7F}] => (Allow) LPort=1542 FirewallRules: [{1A11D717-9B34-47E7-ABF1-7CC49942D28F}] => (Allow) LPort=1542 FirewallRules: [{EC7375E4-3CB5-4193-88D8-96B91CC78B5B}] => (Allow) LPort=53 FirewallRules: [{D0CA5501-D423-4EDD-8312-2B28DF24197F}] => (Allow) LPort=1542 FirewallRules: [{B4CE74D6-7FD1-4266-8D30-7BB5A5F53D46}] => (Allow) LPort=1542 FirewallRules: [{57AB4E87-1413-4572-A4D9-424FD79AC468}] => (Allow) LPort=53 FirewallRules: [{30BC8712-2FA5-4034-AE6D-8A7A119D0C61}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{893B8FFE-541B-4560-B186-154F65BB788F}] => (Allow) LPort=2869 FirewallRules: [{A61FECA6-71D7-475F-B0D5-A7C4DF680C25}] => (Allow) LPort=1900 FirewallRules: [{6E2C1930-AA5C-4127-BDB2-FC7137876DEF}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{0FA1DBB4-EDA3-4ED9-94F2-412444E3B1AC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{23BA2A7A-CDB0-4D4D-8990-F7A1731D64AB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{1CC1DF0E-F218-4AAE-BD88-3A952CE64A30}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{169EFAFA-E21B-4826-99E2-4B7EB71BCC67}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{B3A1FE05-9681-4673-9C6C-7CA196B740B9}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe FirewallRules: [{C1AB6488-9BED-41A8-B9C7-2C0F9289D59F}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{1BA97627-18C4-474E-A71D-59441DC23F5F}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe FirewallRules: [{B70770B8-14A0-4CAD-944B-760E4486F9DD}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe FirewallRules: [{C6288A61-2D8F-43FE-91E2-6B014956F1FF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{38791979-ADE7-4C0B-B8C1-B9998ADEF645}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{ABD296A5-A676-4C5F-A2AB-AF2FCEA20BB3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{F06F96DA-63B5-4EC6-8545-72AE9843B0D1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe ==================== Faulty Device Manager Devices ============= Name: I:\ Description: SD/MMC Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a} Manufacturer: Generic- Service: WUDFRd Problem: : Windows has stopped this device because it has reported problems. (Code 43) Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. Name: K:\ Description: SM/xD-Picture Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a} Manufacturer: Generic- Service: WUDFRd Problem: : Windows has stopped this device because it has reported problems. (Code 43) Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. Name: Teredo Tunneling Pseudo-Interface Description: Microsoft Teredo Tunneling Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: J:\ Description: Compact Flash Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a} Manufacturer: Generic- Service: WUDFRd Problem: : Windows has stopped this device because it has reported problems. (Code 43) Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. Name: L:\ Description: MS/MS-Pro Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a} Manufacturer: Generic- Service: WUDFRd Problem: : Windows has stopped this device because it has reported problems. (Code 43) Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. ==================== Event log errors: ========================= Application errors: ================== Error: (06/13/2015 09:34:06 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/12/2015 11:24:10 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time stamp: 0x50a6a1b0 Faulting module name: Device.dll, version: 4.1.0.0, time stamp: 0x4f55e10b Exception code: 0xc0000005 Fault offset: 0x00000000000033c1 Faulting process id: 0x6b8 Faulting application start time: 0xFuel.Service.exe0 Faulting application path: Fuel.Service.exe1 Faulting module path: Fuel.Service.exe2 Report Id: Fuel.Service.exe3 Error: (06/12/2015 03:54:42 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/11/2015 11:18:03 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time stamp: 0x50a6a1b0 Faulting module name: Device.dll, version: 4.1.0.0, time stamp: 0x4f55e10b Exception code: 0xc0000005 Fault offset: 0x00000000000033c1 Faulting process id: 0x6b4 Faulting application start time: 0xFuel.Service.exe0 Faulting application path: Fuel.Service.exe1 Faulting module path: Fuel.Service.exe2 Report Id: Fuel.Service.exe3 Error: (06/11/2015 05:29:26 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/10/2015 11:41:10 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time stamp: 0x50a6a1b0 Faulting module name: Device.dll, version: 4.1.0.0, time stamp: 0x4f55e10b Exception code: 0xc0000005 Fault offset: 0x00000000000033c1 Faulting process id: 0x70c Faulting application start time: 0xFuel.Service.exe0 Faulting application path: Fuel.Service.exe1 Faulting module path: Fuel.Service.exe2 Report Id: Fuel.Service.exe3 Error: (06/10/2015 02:02:56 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/09/2015 11:26:16 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time stamp: 0x50a6a1b0 Faulting module name: Device.dll, version: 4.1.0.0, time stamp: 0x4f55e10b Exception code: 0xc0000005 Fault offset: 0x00000000000033c1 Faulting process id: 0x678 Faulting application start time: 0xFuel.Service.exe0 Faulting application path: Fuel.Service.exe1 Faulting module path: Fuel.Service.exe2 Report Id: Fuel.Service.exe3 Error: (06/09/2015 10:52:25 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: wmprph.exe, version: 12.0.7600.16385, time stamp: 0x4a5bd018 Faulting module name: ntdll.dll, version: 6.1.7601.18869, time stamp: 0x556366f2 Exception code: 0xc0000005 Fault offset: 0x000000000004ada4 Faulting process id: 0x350 Faulting application start time: 0xwmprph.exe0 Faulting application path: wmprph.exe1 Faulting module path: wmprph.exe2 Report Id: wmprph.exe3 Error: (06/09/2015 07:17:25 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (06/13/2015 10:08:02 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: machine-defaultLocalActivation{06622D85-6856-4460-8DE1-A81921B41C4B}{06622D85-6856-4460-8DE1-A81921B41C4B}NT AUTHORITYNETWORK SERVICES-1-5-20LocalHost (Using LRPC) Error: (06/13/2015 09:50:38 AM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Windows\System32\drivers\TrueSight.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error: (06/13/2015 09:48:24 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: machine-defaultLocalActivation{06622D85-6856-4460-8DE1-A81921B41C4B}{06622D85-6856-4460-8DE1-A81921B41C4B}NT AUTHORITYNETWORK SERVICES-1-5-20LocalHost (Using LRPC) Error: (06/13/2015 09:47:27 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (06/13/2015 09:47:24 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. Error: (06/13/2015 09:47:24 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (06/13/2015 09:47:23 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Macrium Reflect Image Mounting Service service terminated unexpectedly. It has done this 1 time(s). Error: (06/13/2015 09:47:23 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Process Monitor service terminated unexpectedly. It has done this 1 time(s). Error: (06/13/2015 09:47:23 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Freemake Improver service terminated unexpectedly. It has done this 1 time(s). Error: (06/13/2015 09:47:23 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Microsoft Office ClickToRun Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. Microsoft Office: ========================= Error: (06/13/2015 09:34:06 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/12/2015 11:24:10 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Fuel.Service.exe1.0.0.050a6a1b0Device.dll4.1.0.04f55e10bc000000500000000000033c16b801d0a5628d031734C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dllccc7bdf7-1194-11e5-913b-902b34edeb2f Error: (06/12/2015 03:54:42 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/11/2015 11:18:03 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Fuel.Service.exe1.0.0.050a6a1b0Device.dll4.1.0.04f55e10bc000000500000000000033c16b401d0a4a69ece527cC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dllc79f1ab4-10ca-11e5-8a78-902b34edeb2f Error: (06/11/2015 05:29:26 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/10/2015 11:41:10 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Fuel.Service.exe1.0.0.050a6a1b0Device.dll4.1.0.04f55e10bc000000500000000000033c170c01d0a3c09cebbfe9C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dlld7e3cbdc-1004-11e5-9516-902b34edeb2f Error: (06/10/2015 02:02:56 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/09/2015 11:26:16 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Fuel.Service.exe1.0.0.050a6a1b0Device.dll4.1.0.04f55e10bc000000500000000000033c167801d0a32363e92b46C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll98b2bace-0f39-11e5-989c-902b34edeb2f Error: (06/09/2015 10:52:25 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: wmprph.exe12.0.7600.163854a5bd018ntdll.dll6.1.7601.18869556366f2c0000005000000000004ada435001d0a34197fd2552C:\Program Files\Windows Media Player\wmprph.exeC:\Windows\SYSTEM32\ntdll.dllde45178e-0f34-11e5-989c-902b34edeb2f Error: (06/09/2015 07:17:25 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 CodeIntegrity Errors: =================================== Date: 2015-06-01 18:38:36.404 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-06-01 18:38:36.358 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-05-22 15:28:50.367 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-05-22 15:28:50.320 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: AMD FX-6100 Six-Core Processor Percentage of memory in use: 36% Total physical RAM: 15869.55 MB Available physical RAM: 10127.72 MB Total Pagefile: 32251.76 MB Available Pagefile: 27203.15 MB Total Virtual: 8192 MB Available Virtual: 8191.8 MB ==================== Drives ================================ Drive c: (Windows 7) (Fixed) (Total:465.76 GB) (Free:387.73 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive e: (Downloaded Programs) (Fixed) (Total:54.01 GB) (Free:36.34 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive f: (back up) (Fixed) (Total:446.39 GB) (Free:294.97 GB) NTFS Drive g: (DVD & Pictures) (Fixed) (Total:431.1 GB) (Free:403.86 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F9EA8380) Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: A7D65DD6) Partition 1: (Active) - (Size=54 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=446.4 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=431.1 GB) - (Type=07 NTFS) ==================== End of log ============================ RogueKiller V10.8.2.0 (x64) [Jun 9 2015] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : user [Administrator] Started from : C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DIWZ4Z7G\RogueKillerX64version.exe Mode : Scan -- Date : 06/13/2015 10:01:04 ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 5 ¤¤¤ [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2559062345-3467455893-886524796-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.windowsbbs.com/ -> Found [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2559062345-3467455893-886524796-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.windowsbbs.com/ -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{08521533-CDB2-45AD-AB3D-3E9DF2F2138F} | DhcpNameServer : 69.134.148.4 69.134.148.68 [uNITED STATES (US)][uNITED STATES (US)] -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{08521533-CDB2-45AD-AB3D-3E9DF2F2138F} | DhcpNameServer : 69.134.148.4 69.134.148.68 [uNITED STATES (US)][uNITED STATES (US)] -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{08521533-CDB2-45AD-AB3D-3E9DF2F2138F} | DhcpNameServer : 69.134.148.4 69.134.148.68 [uNITED STATES (US)][uNITED STATES (US)] -> Found ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ Hosts File : 1 ¤¤¤ [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: WDC WD5000AAKX-00ERMA0 ATA Device +++++ --- User --- [MBR] 5673b224de40662d7fade46ef2363668 [bSP] fbd4393ff96ab9a429c03603963f7258 : Windows Vista/7/8|VT.Unknown MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 476937 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: TOSHIBA DT01ACA100 ATA Device +++++ --- User --- [MBR] 70cd990cc6ae07d4236ab284558cba5a [bSP] d47f5553c99637600ef7816fab744eac : Windows Vista/7/8|VT.Unknown MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 55308 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 113274320 | Size: 457107 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1049446120 | Size: 441442 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive2: Generic- SD/MMC USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive3: Generic- Compact Flash USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive4: Generic- SM/xD-Picture USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive5: Generic- MS/MS-Pro USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) ============================================ RKreport_SCN_06012015_165335.log - RKreport_SCN_06082015_182344.log - RKreport_SCN_06082015_221406.log - RKreport_DEL_06082015_222011.log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.9.4 (06.13.2015:2) OS: Windows 7 Ultimate x64 Ran by user on Sat 06/13/2015 at 9:46:53.96 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Tasks ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Sat 06/13/2015 at 9:49:33.14 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v4.206 - Logfile created 13/06/2015 at 09:44:15 # Updated 01/06/2015 by Xplode # Database : 2015-06-09.1 [server] # Operating system : Windows 7 Ultimate Service Pack 1 (x64) # Username : user - SVENALBRECHT # Running from : C:\Users\user\Documents\Clean up\AdwCleaner.exe # Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Scheduled tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Web browsers ] ***** -\\ Internet Explorer v11.0.9600.17840 -\\ Mozilla Firefox v31.0 (x86 en-US) ************************* AdwCleaner[R0].txt - [760 bytes] - [08/06/2015 22:22:51] AdwCleaner[R1].txt - [682 bytes] - [13/06/2015 09:44:15] AdwCleaner[s0].txt - [823 bytes] - [08/06/2015 22:23:55] ########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [798 bytes] ##########
  11. Hi Broni, Not too long ago, you helped me clean my computer over at WindowsBBS. Shortly after that I noticed that it takes a long time to load pages in IE11. So I went back to that thread and ran again frst and Rogue Killer and Adw Cleaner and JRT. The logs are attached. What I noticed is that it says “unknown MBR code” and that worried me. Let me know if I need another cleaning. Thanks Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-06-2015 Ran by user (administrator) on SVENALBRECHT on 13-06-2015 10:09:58 Running from C:\Users\user\Desktop Loaded Profiles: user (Available Profiles: user) Platform: Windows 7 Ultimate Service Pack 1 (X64) OS Language: English (United States) Internet Explorer Version 11 (Default browser: IE) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe (TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\winword.exe (Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [MSC] => C:\Program Files\Microsoft Security Client\msseces.exe [1337000 2015-04-30] (Microsoft Corporation) HKLM-x32\...\Run: [LogitechQuickCamRibbon] => C:\Program Files\Logitech\Logitech WebCam Software\LWS.exe [2793304 2009-10-14] () HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated) Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled [2015-05-31] () ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-2559062345-3467455893-886524796-1000\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-2559062345-3467455893-886524796-1000\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsbbs.com/ SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-05-05] (Microsoft Corporation) BHO: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\SetPointSmooth.dll [2013-07-31] (Logitech, Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-04-14] (Microsoft Corporation) BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation) BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-05-05] (Microsoft Corporation) BHO-x32: Logitech SetPoint -> {AF949550-9094-4807-95EC-D1C317803333} -> C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll [2013-07-31] (Logitech, Inc.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-04-14] (Microsoft Corporation) BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-04-14] (Microsoft Corporation) DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab DPF: HKLM-x32 {9BDF4724-10AA-43D5-BD15-AEA0D2287303} http://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab DPF: HKLM-x32 {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-05-05] (Microsoft Corporation) Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll [2014-05-02] (Skype Technologies) Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62 FireFox: ======== FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\r4lmfvjz.default FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_17_0_0_188.dll [2015-05-29] () FF Plugin: @microsoft.com/GENUINE -> disabled No File FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-16] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_17_0_0_188.dll [2015-05-29] () FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll [2013-04-03] (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] () FF Plugin-x32: @microsoft.com/GENUINE -> disabled No File FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-02-17] (Microsoft Corporation) FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40416.0\npctrl.dll [2015-04-15] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-08-27] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2011-07-26] (Nero AG) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.) FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt FF Extension: Logitech SetPoint - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2014-05-31] ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2012-11-16] (Advanced Micro Devices, Inc.) [File not signed] R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2736824 2015-04-07] (Microsoft Corporation) S2 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2015-05-06] (Freemake) [File not signed] S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1080120 2015-04-14] (Malwarebytes Corporation) R2 MsMpSvc; C:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation) R3 NisSrv; C:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation) S2 ReflectService.exe; C:\Program Files\Macrium\Reflect\ReflectService.exe [3272656 2014-07-21] (Paramount Software UK Ltd) R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-01] (TeamViewer GmbH) S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AODDriver4.1; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [53888 2012-03-05] (Advanced Micro Devices) R1 BTOWSFF; C:\Windows\System32\Drivers\BTOWSFF.sys [33024 2013-12-15] (Toolwiz.com) R0 BTOWSVF; C:\Windows\System32\Drivers\BTOWSVF.sys [52480 2013-12-15] (Toolwiz.com) R3 dvdfab; C:\Windows\System32\drivers\dvdfab.sys [79232 2011-08-15] (Fengtao Software Inc.) S3 InputFilter_Hid_FlexDef2b; C:\Windows\System32\DRIVERS\InputFilter_FlexDef2b.sys [17920 2010-06-19] (Siliten) S3 KMWDFILTER; C:\Windows\System32\DRIVERS\KMWDFILTER.sys [21504 2009-11-27] (Windows ® Codename Longhorn DDK provider) [File not signed] S3 KMWDFILTER; C:\Windows\SysWOW64\DRIVERS\KMWDFILTER.sys [17408 2009-11-27] (Windows ® Codename Longhorn DDK provider) [File not signed] R0 KSafeDISK; C:\Windows\System32\Drivers\KSafeDISK.sys [52992 2013-12-15] (Toolwiz.com) R3 L1C; C:\Windows\System32\DRIVERS\L1C62x64.sys [110744 2012-07-19] (Qualcomm Atheros Co., Ltd.) R3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] () S3 LVPr2Mon; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] () R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-04-14] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-04-14] (Malwarebytes Corporation) R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation) R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation) S3 PSVolAcc; C:\Windows\System32\Drivers\PSVolAcc.sys [12760 2014-07-21] (Paramount Software UK Ltd) R3 RTL8192cu; C:\Windows\System32\DRIVERS\rtwlanu.sys [1041000 2012-02-22] (Realtek Semiconductor Corporation ) S3 scsiscan; C:\Windows\system32\drivers\scsiscan.sys [17920 2009-07-13] (Microsoft Corporation) S3 SIVDriver; C:\Windows\system32\Drivers\SIVX64.sys [149240 2014-02-09] (Ray Hinchliffe) R3 VUSB3HUB; C:\Windows\System32\DRIVERS\ViaHub3.sys [204800 2011-11-14] (VIA Technologies, Inc.) R3 xhcdrv; C:\Windows\System32\DRIVERS\xhcdrv.sys [256000 2011-11-14] (VIA Technologies, Inc.) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-13 10:09 - 2015-06-13 10:10 - 00012764 _____ C:\Users\user\Desktop\FRST.txt 2015-06-13 10:09 - 2015-06-13 10:10 - 00000000 ____D C:\FRST 2015-06-13 10:09 - 2015-06-13 10:09 - 02109952 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe 2015-06-09 17:26 - 2015-05-25 11:24 - 05569984 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe 2015-06-09 17:26 - 2015-05-25 11:23 - 00155584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys 2015-06-09 17:26 - 2015-05-25 11:23 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys 2015-06-09 17:26 - 2015-05-25 11:21 - 01728960 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll 2015-06-09 17:26 - 2015-05-25 11:19 - 01461760 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll 2015-06-09 17:26 - 2015-05-25 11:19 - 01255424 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll 2015-06-09 17:26 - 2015-05-25 11:19 - 01162752 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll 2015-06-09 17:26 - 2015-05-25 11:19 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll 2015-06-09 17:26 - 2015-05-25 11:19 - 00728576 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll 2015-06-09 17:26 - 2015-05-25 11:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll 2015-06-09 17:26 - 2015-05-25 11:19 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll 2015-06-09 17:26 - 2015-05-25 11:19 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll 2015-06-09 17:26 - 2015-05-25 11:19 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll 2015-06-09 17:26 - 2015-05-25 11:19 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll 2015-06-09 17:26 - 2015-05-25 11:19 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll 2015-06-09 17:26 - 2015-05-25 11:19 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll 2015-06-09 17:26 - 2015-05-25 11:19 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll 2015-06-09 17:26 - 2015-05-25 11:19 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll 2015-06-09 17:26 - 2015-05-25 11:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll 2015-06-09 17:26 - 2015-05-25 11:19 - 00113664 _____ (Microsoft Corporation) C:\Windows\system32\sechost.dll 2015-06-09 17:26 - 2015-05-25 11:19 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll 2015-06-09 17:26 - 2015-05-25 11:19 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll 2015-06-09 17:26 - 2015-05-25 11:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll 2015-06-09 17:26 - 2015-05-25 11:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll 2015-06-09 17:26 - 2015-05-25 11:19 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll 2015-06-09 17:26 - 2015-05-25 11:19 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll 2015-06-09 17:26 - 2015-05-25 11:18 - 00879104 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll 2015-06-09 17:26 - 2015-05-25 11:18 - 00404992 _____ (Microsoft Corporation) C:\Windows\system32\tracerpt.exe 2015-06-09 17:26 - 2015-05-25 11:18 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe 2015-06-09 17:26 - 2015-05-25 11:18 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe 2015-06-09 17:26 - 2015-05-25 11:18 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe 2015-06-09 17:26 - 2015-05-25 11:18 - 00104448 _____ (Microsoft Corporation) C:\Windows\system32\logman.exe 2015-06-09 17:26 - 2015-05-25 11:18 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe 2015-06-09 17:26 - 2015-05-25 11:18 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\typeperf.exe 2015-06-09 17:26 - 2015-05-25 11:18 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll 2015-06-09 17:26 - 2015-05-25 11:18 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\relog.exe 2015-06-09 17:26 - 2015-05-25 11:18 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe 2015-06-09 17:26 - 2015-05-25 11:18 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll 2015-06-09 17:26 - 2015-05-25 11:18 - 00019456 _____ (Microsoft Corporation) C:\Windows\system32\diskperf.exe 2015-06-09 17:26 - 2015-05-25 11:14 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll 2015-06-09 17:26 - 2015-05-25 11:14 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll 2015-06-09 17:26 - 2015-05-25 11:11 - 00686080 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll 2015-06-09 17:26 - 2015-05-25 11:11 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll 2015-06-09 17:26 - 2015-05-25 11:11 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 11:11 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 11:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 11:11 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 11:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 11:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 11:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 11:11 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 11:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 11:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 11:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 11:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 11:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 11:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 11:11 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 11:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 11:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 11:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 11:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 11:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 11:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 11:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 11:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 11:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 11:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 11:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 11:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 11:11 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 11:07 - 03989440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-06-09 17:26 - 2015-05-25 11:07 - 03934144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-06-09 17:26 - 2015-05-25 11:04 - 01310744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll 2015-06-09 17:26 - 2015-05-25 11:01 - 00641536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll 2015-06-09 17:26 - 2015-05-25 11:01 - 00635392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll 2015-06-09 17:26 - 2015-05-25 11:01 - 00551424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll 2015-06-09 17:26 - 2015-05-25 11:01 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll 2015-06-09 17:26 - 2015-05-25 11:01 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll 2015-06-09 17:26 - 2015-05-25 11:01 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll 2015-06-09 17:26 - 2015-05-25 11:01 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll 2015-06-09 17:26 - 2015-05-25 11:01 - 00092160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sechost.dll 2015-06-09 17:26 - 2015-05-25 11:01 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll 2015-06-09 17:26 - 2015-05-25 11:01 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-06-09 17:26 - 2015-05-25 11:01 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-06-09 17:26 - 2015-05-25 11:01 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll 2015-06-09 17:26 - 2015-05-25 11:01 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll 2015-06-09 17:26 - 2015-05-25 11:00 - 00364544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tracerpt.exe 2015-06-09 17:26 - 2015-05-25 11:00 - 00082944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\logman.exe 2015-06-09 17:26 - 2015-05-25 11:00 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-06-09 17:26 - 2015-05-25 11:00 - 00040448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\typeperf.exe 2015-06-09 17:26 - 2015-05-25 11:00 - 00037888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\relog.exe 2015-06-09 17:26 - 2015-05-25 11:00 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe 2015-06-09 17:26 - 2015-05-25 11:00 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\diskperf.exe 2015-06-09 17:26 - 2015-05-25 10:59 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll 2015-06-09 17:26 - 2015-05-25 10:59 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll 2015-06-09 17:26 - 2015-05-25 10:59 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-06-09 17:26 - 2015-05-25 10:59 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll 2015-06-09 17:26 - 2015-05-25 10:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-06-09 17:26 - 2015-05-25 10:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-06-09 17:26 - 2015-05-25 10:55 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-06-09 17:26 - 2015-05-25 10:55 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-06-09 17:26 - 2015-05-25 10:55 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 10:55 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 10:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 10:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 10:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 10:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 10:55 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 10:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 10:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 10:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 10:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 10:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 10:55 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 10:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 10:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 10:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 10:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 10:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 10:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 10:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 10:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 10:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 10:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 10:55 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 10:00 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\UtcResources.dll 2015-06-09 17:26 - 2015-05-25 09:50 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe 2015-06-09 17:26 - 2015-05-25 09:50 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe 2015-06-09 17:26 - 2015-05-25 09:48 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 09:48 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 09:48 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll 2015-06-09 17:26 - 2015-05-25 09:48 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll 2015-06-09 17:26 - 2015-05-22 11:18 - 01021440 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll 2015-06-09 17:26 - 2015-05-22 11:18 - 00757248 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll 2015-06-09 17:26 - 2015-05-22 11:18 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll 2015-06-09 17:26 - 2015-05-22 11:18 - 00423424 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll 2015-06-09 17:26 - 2015-05-22 11:18 - 00227328 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll 2015-06-09 17:26 - 2015-05-22 11:18 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll 2015-06-09 17:26 - 2015-05-22 11:13 - 01119232 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll 2015-06-09 17:26 - 2015-05-21 06:19 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll 2015-06-09 17:26 - 2015-04-29 11:22 - 14635008 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll 2015-06-09 17:26 - 2015-04-29 11:21 - 00009728 _____ (Microsoft Corporation) C:\Windows\system32\spwmp.dll 2015-06-09 17:26 - 2015-04-29 11:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\msdxm.ocx 2015-06-09 17:26 - 2015-04-29 11:21 - 00005120 _____ (Microsoft Corporation) C:\Windows\system32\dxmasf.dll 2015-06-09 17:26 - 2015-04-29 11:19 - 12625920 _____ (Microsoft Corporation) C:\Windows\system32\wmploc.DLL 2015-06-09 17:26 - 2015-04-29 11:07 - 11411456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll 2015-06-09 17:26 - 2015-04-29 11:07 - 00008192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\spwmp.dll 2015-06-09 17:26 - 2015-04-29 11:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdxm.ocx 2015-06-09 17:26 - 2015-04-29 11:07 - 00004096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxmasf.dll 2015-06-09 17:26 - 2015-04-29 11:05 - 12625408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmploc.DLL 2015-06-09 17:25 - 2015-06-01 12:16 - 00389840 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll 2015-06-09 17:25 - 2015-06-01 11:07 - 00342736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll 2015-06-09 17:25 - 2015-05-27 07:35 - 24917504 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll 2015-06-09 17:25 - 2015-05-27 07:08 - 19607040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-06-09 17:25 - 2015-05-25 10:08 - 03206144 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys 2015-06-09 17:25 - 2015-05-22 20:28 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-06-09 17:25 - 2015-05-22 20:15 - 00503808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-06-09 17:25 - 2015-05-22 20:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll 2015-06-09 17:25 - 2015-05-22 20:15 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll 2015-06-09 17:25 - 2015-05-22 20:14 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-06-09 17:25 - 2015-05-22 20:13 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll 2015-06-09 17:25 - 2015-05-22 20:10 - 02278912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-06-09 17:25 - 2015-05-22 20:09 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-06-09 17:25 - 2015-05-22 20:08 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll 2015-06-09 17:25 - 2015-05-22 20:06 - 00478208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-06-09 17:25 - 2015-05-22 20:05 - 00664064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-06-09 17:25 - 2015-05-22 20:05 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-06-09 17:25 - 2015-05-22 20:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll 2015-06-09 17:25 - 2015-05-22 19:57 - 00418304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-06-09 17:25 - 2015-05-22 19:52 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll 2015-06-09 17:25 - 2015-05-22 19:49 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll 2015-06-09 17:25 - 2015-05-22 19:48 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-06-09 17:25 - 2015-05-22 19:47 - 04305920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-06-09 17:25 - 2015-05-22 19:47 - 00285696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-06-09 17:25 - 2015-05-22 19:38 - 00689152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-06-09 17:25 - 2015-05-22 19:37 - 02052608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-06-09 17:25 - 2015-05-22 19:37 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll 2015-06-09 17:25 - 2015-05-22 19:28 - 12829696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-06-09 17:25 - 2015-05-22 19:20 - 01950720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-06-09 17:25 - 2015-05-22 19:16 - 01309696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-06-09 17:25 - 2015-05-22 19:14 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll 2015-06-09 17:25 - 2015-05-22 12:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb 2015-06-09 17:25 - 2015-05-22 12:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll 2015-06-09 17:25 - 2015-05-22 12:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll 2015-06-09 17:25 - 2015-05-22 12:00 - 02885632 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll 2015-06-09 17:25 - 2015-05-22 12:00 - 00584192 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll 2015-06-09 17:25 - 2015-05-22 12:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec 2015-06-09 17:25 - 2015-05-22 12:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll 2015-06-09 17:25 - 2015-05-22 11:59 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll 2015-06-09 17:25 - 2015-05-22 11:53 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll 2015-06-09 17:25 - 2015-05-22 11:52 - 06026240 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll 2015-06-09 17:25 - 2015-05-22 11:52 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll 2015-06-09 17:25 - 2015-05-22 11:48 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll 2015-06-09 17:25 - 2015-05-22 11:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll 2015-06-09 17:25 - 2015-05-22 11:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll 2015-06-09 17:25 - 2015-05-22 11:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe 2015-06-09 17:25 - 2015-05-22 11:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe 2015-06-09 17:25 - 2015-05-22 11:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe 2015-06-09 17:25 - 2015-05-22 11:36 - 00490496 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll 2015-06-09 17:25 - 2015-05-22 11:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll 2015-06-09 17:25 - 2015-05-22 11:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll 2015-06-09 17:25 - 2015-05-22 11:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll 2015-06-09 17:25 - 2015-05-22 11:21 - 00316928 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll 2015-06-09 17:25 - 2015-05-22 11:07 - 00720384 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe 2015-06-09 17:25 - 2015-05-22 11:06 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll 2015-06-09 17:25 - 2015-05-22 11:05 - 02125824 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl 2015-06-09 17:25 - 2015-05-22 11:05 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll 2015-06-09 17:25 - 2015-05-22 10:57 - 14404096 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll 2015-06-09 17:25 - 2015-05-22 10:50 - 02426880 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll 2015-06-09 17:25 - 2015-05-22 10:38 - 01545728 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll 2015-06-09 17:25 - 2015-05-22 10:26 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll 2015-06-09 17:25 - 2015-04-24 11:17 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll 2015-06-09 17:25 - 2015-04-24 10:56 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll 2015-06-09 17:25 - 2015-04-10 20:19 - 00069888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stream.sys 2015-06-08 22:25 - 2015-06-13 09:32 - 00000448 _____ C:\Windows\setupact.log 2015-06-08 22:25 - 2015-06-08 22:25 - 00000000 _____ C:\Windows\setuperr.log 2015-06-08 22:24 - 2015-06-13 09:32 - 00002352 _____ C:\Windows\PFRO.log 2015-06-08 22:22 - 2015-06-13 09:45 - 00000000 ____D C:\AdwCleaner 2015-06-08 20:01 - 2015-06-13 10:02 - 00000000 ____D C:\Users\user\Documents\Clean up 2015-06-02 21:47 - 2015-06-02 21:48 - 00003074 _____ C:\DelFix.txt 2015-06-02 21:47 - 2015-06-02 21:47 - 00000000 ____D C:\Windows\ERUNT 2015-06-02 17:37 - 2015-06-02 21:52 - 00000000 ____D C:\ProgramData\Sophos 2015-06-01 18:38 - 2015-06-01 18:38 - 00000000 ____D C:\Users\user\AppData\Local\TempTaskUpdateDetectionBE12D23C-0761-462F-982E-6604B32ABEA3 2015-06-01 18:31 - 2015-06-01 18:44 - 00000000 ____D C:\Windows\erdnt 2015-06-01 18:15 - 2015-06-01 18:15 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll 2015-06-01 18:15 - 2015-06-01 18:15 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll 2015-06-01 18:15 - 2015-06-01 18:15 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat 2015-06-01 18:15 - 2015-06-01 18:15 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat 2015-06-01 18:15 - 2015-06-01 18:15 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll 2015-06-01 18:15 - 2015-06-01 18:15 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll 2015-06-01 18:15 - 2015-06-01 18:15 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll 2015-06-01 18:15 - 2015-06-01 18:15 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll 2015-06-01 18:15 - 2015-06-01 18:15 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2015-06-01 18:15 - 2015-06-01 18:15 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll 2015-06-01 18:15 - 2015-06-01 18:15 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll 2015-06-01 18:15 - 2015-06-01 18:15 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll 2015-06-01 18:15 - 2015-06-01 18:15 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe 2015-06-01 18:15 - 2015-06-01 18:15 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe 2015-06-01 18:15 - 2015-06-01 18:15 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll 2015-06-01 18:15 - 2015-06-01 18:15 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe 2015-06-01 18:15 - 2015-06-01 18:15 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe 2015-06-01 18:15 - 2015-06-01 18:15 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll 2015-06-01 18:15 - 2015-06-01 18:15 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll 2015-06-01 18:15 - 2015-06-01 18:15 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll 2015-06-01 18:15 - 2015-06-01 18:15 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll 2015-06-01 18:15 - 2015-06-01 18:15 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll 2015-06-01 18:15 - 2015-06-01 18:15 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll 2015-06-01 18:15 - 2015-06-01 18:15 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll 2015-06-01 18:15 - 2015-06-01 18:15 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe 2015-06-01 18:15 - 2015-06-01 18:15 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll 2015-06-01 18:15 - 2015-06-01 18:15 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe 2015-06-01 18:15 - 2015-06-01 18:15 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll 2015-06-01 18:15 - 2015-06-01 18:15 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll 2015-06-01 18:15 - 2015-06-01 18:15 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx 2015-06-01 18:15 - 2015-06-01 18:15 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe 2015-06-01 18:15 - 2015-06-01 18:15 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe 2015-06-01 18:15 - 2015-06-01 18:15 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll 2015-06-01 18:15 - 2015-06-01 18:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx 2015-06-01 18:15 - 2015-06-01 18:15 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll 2015-06-01 18:15 - 2015-06-01 18:15 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll 2015-06-01 18:15 - 2015-06-01 18:15 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll 2015-06-01 18:15 - 2015-06-01 18:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll 2015-06-01 18:15 - 2015-06-01 18:15 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll 2015-06-01 18:15 - 2015-06-01 18:15 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll 2015-06-01 18:15 - 2015-06-01 18:15 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2015-06-01 18:15 - 2015-06-01 18:15 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll 2015-06-01 18:15 - 2015-06-01 18:15 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll 2015-06-01 18:15 - 2015-06-01 18:15 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll 2015-06-01 18:15 - 2015-06-01 18:15 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe 2015-06-01 18:15 - 2015-06-01 18:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2015-06-01 18:15 - 2015-06-01 18:15 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe 2015-06-01 18:15 - 2015-06-01 18:15 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2015-06-01 17:58 - 2015-06-01 17:58 - 00000000 ____D C:\Users\user\AppData\Local\GWX 2015-06-01 16:58 - 2015-06-01 16:58 - 00000207 _____ C:\Windows\tweaking.com-regbackup-SVENALBRECHT-Windows-7-Ultimate-(64-bit).dat 2015-06-01 16:47 - 2015-06-13 09:54 - 00037624 _____ C:\Windows\system32\Drivers\TrueSight.sys 2015-06-01 16:47 - 2015-06-01 16:57 - 00000000 ____D C:\ProgramData\RogueKiller 2015-06-01 16:03 - 2015-06-01 16:03 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task 2015-05-31 19:22 - 2015-06-01 16:04 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk 2015-05-31 19:21 - 2015-05-31 19:21 - 00000000 ____D C:\Program Files (x86)\Adobe 2015-05-31 18:22 - 2015-05-31 18:22 - 00543104 _____ C:\Users\user\Documents\cookies.txt 2015-05-31 18:22 - 2015-05-31 18:22 - 00034931 _____ C:\Users\user\Documents\bookmark.htm 2015-05-30 22:07 - 2015-06-12 22:12 - 00003938 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{D877F1F9-7D3E-4EE1-911B-3683107AE44E} 2015-05-30 22:05 - 2015-05-30 22:05 - 00000000 ____D C:\Users\user\Documents\Autoruns ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2015-06-13 09:50 - 2013-04-26 22:54 - 01352086 _____ C:\Windows\WindowsUpdate.log 2015-06-13 09:40 - 2009-07-13 21:45 - 00028000 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-06-13 09:40 - 2009-07-13 21:45 - 00028000 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-06-13 09:32 - 2014-04-19 09:31 - 00000330 _____ C:\Windows\Tasks\GlaryInitialize 4.job 2015-06-13 09:32 - 2013-10-20 16:54 - 00000000 _____ C:\Windows\system32\Drivers\lvuvc.hs 2015-06-13 09:32 - 2009-07-13 22:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT 2015-06-12 23:23 - 2013-06-15 09:49 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-06-12 16:05 - 2013-05-04 15:39 - 00027136 _____ C:\Users\user\Documents\Lotto payout.xls 2015-06-10 14:33 - 2014-07-04 09:55 - 00000000 ____D C:\Users\user\AppData\Local\Adobe 2015-06-10 14:15 - 2013-06-15 09:49 - 00003768 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-06-10 14:15 - 2013-04-27 16:44 - 00778416 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-06-10 14:15 - 2013-04-27 16:44 - 00142512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-06-09 22:52 - 2014-02-17 22:15 - 00000000 ____D C:\Users\user\AppData\Local\CrashDumps 2015-06-09 21:23 - 2015-04-21 18:07 - 00000000 __SHD C:\Users\user\AppData\Local\EmieBrowserModeList 2015-06-09 21:23 - 2014-05-02 18:26 - 00000000 __SHD C:\Users\user\AppData\Local\EmieUserList 2015-06-09 21:23 - 2014-05-02 18:26 - 00000000 __SHD C:\Users\user\AppData\Local\EmieSiteList 2015-06-09 20:07 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\rescache 2015-06-09 18:31 - 2013-05-04 18:23 - 00697272 _____ C:\Windows\system32\perfh007.dat 2015-06-09 18:31 - 2013-05-04 18:23 - 00149240 _____ C:\Windows\system32\perfc007.dat 2015-06-09 18:31 - 2009-07-13 22:13 - 01620684 _____ C:\Windows\system32\PerfStringBackup.INI 2015-06-09 18:26 - 2009-07-13 22:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD 2015-06-09 18:25 - 2009-07-13 21:45 - 00568544 _____ C:\Windows\system32\FNTCACHE.DAT 2015-06-09 18:23 - 2015-04-21 17:07 - 00000000 ____D C:\Windows\system32\appraiser 2015-06-09 18:23 - 2014-05-10 22:34 - 00000000 ___SD C:\Windows\system32\CompatTel 2015-06-09 18:23 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\PolicyDefinitions 2015-06-09 18:05 - 2013-08-08 18:27 - 00000000 ____D C:\Windows\system32\MRT 2015-06-09 18:01 - 2013-04-27 02:47 - 140135120 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe 2015-06-08 17:38 - 2014-07-26 20:44 - 00136408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys 2015-06-07 13:54 - 2013-05-12 11:58 - 00000000 ____D C:\Users\user\AppData\Local\PokerStars.NET 2015-06-07 13:54 - 2013-05-12 11:58 - 00000000 ____D C:\Program Files (x86)\PokerStars.NET 2015-06-07 11:01 - 2015-04-20 20:47 - 00000000 ____D C:\Users\user\Documents\2015 2015-06-05 17:05 - 2015-04-21 19:32 - 00000980 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 10.lnk 2015-06-05 17:05 - 2013-05-11 09:09 - 00000000 ____D C:\Program Files (x86)\TeamViewer 2015-06-01 18:46 - 2009-07-13 20:20 - 00000000 __RHD C:\Users\Default 2015-06-01 18:41 - 2009-07-13 19:34 - 00000215 _____ C:\Windows\system.ini 2015-06-01 18:39 - 2009-07-13 19:34 - 52953088 _____ C:\Windows\system32\config\components.bak 2015-06-01 18:39 - 2009-07-13 19:34 - 19398656 _____ C:\Windows\system32\config\system.bak 2015-06-01 18:39 - 2009-07-13 19:34 - 101711872 _____ C:\Windows\system32\config\software.bak 2015-06-01 18:39 - 2009-07-13 19:34 - 00524288 _____ C:\Windows\system32\config\default.bak 2015-06-01 18:39 - 2009-07-13 19:34 - 00262144 _____ C:\Windows\system32\config\security.bak 2015-06-01 18:39 - 2009-07-13 19:34 - 00262144 _____ C:\Windows\system32\config\sam.bak 2015-06-01 17:27 - 2009-07-13 20:20 - 00000000 ____D C:\Windows\system32\NDF 2015-06-01 17:02 - 2014-07-26 20:44 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2015-05-31 19:21 - 2013-04-27 16:41 - 00000000 ____D C:\ProgramData\Adobe 2015-05-31 09:55 - 2014-02-16 14:51 - 00163328 ___SH C:\Users\user\Desktop\Thumbs.db 2015-05-30 11:26 - 2013-05-04 15:20 - 00000000 ____D C:\Users\user\AppData\Roaming\Skype 2015-05-21 22:12 - 2015-04-21 17:07 - 00000000 ___SD C:\Windows\SysWOW64\GWX 2015-05-21 22:11 - 2015-04-21 17:07 - 00000000 ___SD C:\Windows\system32\GWX 2015-05-21 19:11 - 2014-08-27 17:51 - 00000000 ____D C:\Program Files\Microsoft Office 15 Some files in TEMP: ==================== C:\Users\user\AppData\Local\Temp\dllnt_dump.dll ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => File is digitally signed C:\Windows\System32\wininit.exe => File is digitally signed C:\Windows\SysWOW64\wininit.exe => File is digitally signed C:\Windows\explorer.exe => File is digitally signed C:\Windows\SysWOW64\explorer.exe => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\SysWOW64\svchost.exe => File is digitally signed C:\Windows\System32\services.exe => File is digitally signed C:\Windows\System32\User32.dll => File is digitally signed C:\Windows\SysWOW64\User32.dll => File is digitally signed C:\Windows\System32\userinit.exe => File is digitally signed C:\Windows\SysWOW64\userinit.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-06-04 20:19 ==================== End of log ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-06-2015 Ran by user at 2015-06-13 10:10:29 Running from C:\Users\user\Desktop Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2559062345-3467455893-886524796-500 - Administrator - Disabled) Guest (S-1-5-21-2559062345-3467455893-886524796-501 - Limited - Enabled) HomeGroupUser$ (S-1-5-21-2559062345-3467455893-886524796-1036 - Limited - Enabled) user (S-1-5-21-2559062345-3467455893-886524796-1000 - Administrator - Enabled) => C:\Users\user ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A} AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 9.22 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0922-000001000000}) (Version: 9.22.00.0 - Igor Pavlov) Adobe Flash Player 17 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 17.0.0.188 - Adobe Systems Incorporated) Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.160 - Adobe Systems Incorporated) Adobe Reader XI (11.0.11) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated) Amazon Kindle (HKU\S-1-5-21-2559062345-3467455893-886524796-1000\...\Amazon Kindle) (Version: - Amazon) AMD Catalyst Install Manager (HKLM\...\{FAF03106-1653-15E1-3C0C-E7AE4FAE6EBF}) (Version: 8.0.877.0 - Advanced Micro Devices, Inc.) Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{D7B824DE-DA32-4772-9E5E-39C5158136A7}) (Version: 3.1.3 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.) Belkin N600 DB USB Wireless Adapter (HKLM-x32\...\{B20F9D1C-A0A5-4CD8-8306-DA03872311B1}) (Version: 1.00.0184.2 - Belkin International, Inc.) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) CCleaner (HKLM\...\CCleaner) (Version: 4.01 - Piriform) CPUID CPU-Z 1.63.0 (HKLM\...\CPUID CPU-Z_is1) (Version: - ) Freemake Video Converter version 4.1.6 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.6 - Ellora Assets Corporation) HP Deskjet 1000 J110 series Basic Device Software (HKLM\...\{A3E89C5B-BB3A-433A-A878-D1310BB13EAD}) (Version: 28.0.1313.0 - Hewlett-Packard Co.) iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.) iTunes (HKLM\...\{93F2A022-6C37-48B8-B241-FFABD9F60C30}) (Version: 12.1.2.27 - Apple Inc.) Logitech SetPoint 6.61 (HKLM\...\sp6) (Version: 6.61.15 - Logitech) Logitech Webcam Software (HKLM\...\{987FE247-4E69-4A2E-A961-D14F901FDBF6}) (Version: 12.10.1113 - Logitech Inc.) Logitech Webcam Software Driver Package (HKLM\...\lvdrivers_12.10) (Version: 12.10.1110 - Logitech Inc.) Macrium Reflect Free Edition (HKLM\...\MacriumReflect) (Version: 5.3 - Paramount Software (UK) Ltd.) Macrium Reflect Free Edition (Version: 5.3.7149 - Paramount Software (UK) Ltd.) Hidden Malwarebytes Anti-Malware version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation) Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation) Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation) Microsoft Office Korrekturhilfen 2013 - Deutsch (HKLM-x32\...\{90150000-001F-0407-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation) Microsoft Office Professional Plus 2013 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 15.0.4719.1002 - Microsoft Corporation) Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40416.0 - Microsoft Corporation) Microsoft SkyDrive (HKU\S-1-5-21-2559062345-3467455893-886524796-1000\...\SkyDriveSetup.exe) (Version: 17.0.2006.0314 - Microsoft Corporation) Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (HKLM\...\{B6E3757B-5E77-3915-866A-CCFC4B8D194C}) (Version: 8.0.50727.4053 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Nero Backup Drivers (HKLM\...\{D600D357-5CB9-4DE9-8FD4-14E208BD1970}) (Version: 1.0.10000.1.0 - Nero AG) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4719.1002 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4719.1002 - Microsoft Corporation) Hidden QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.) Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.) TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.43174 - TeamViewer) VueScan x64 (HKLM\...\VueScan x64) (Version: - ) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2559062345-3467455893-886524796-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\user\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2559062345-3467455893-886524796-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\user\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2559062345-3467455893-886524796-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\user\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2559062345-3467455893-886524796-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\user\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\SkyDriveShell64.dll (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-2559062345-3467455893-886524796-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\user\AppData\Local\Microsoft\SkyDrive\17.0.2006.0314\amd64\FileSyncApi64.dll (Microsoft Corporation) ==================== Restore Points ========================= 02-06-2015 21:48:36 End of disinfection 02-06-2015 21:52:26 Removed Sophos Virus Removal Tool. 06-06-2015 09:00:30 Windows Update 09-06-2015 18:00:20 Windows Update 13-06-2015 09:43:57 Windows Update ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2014-07-05 22:32 - 2015-06-01 18:41 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {011CE1FD-DC5C-43FB-AA70-EB55338ED31A} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-05-05] (Microsoft Corporation) Task: {0566CF5A-C25F-4538-9BC2-98C548E1973E} - System32\Tasks\{E3C54A32-52DF-46D7-A04B-9F585DCC4BDD} => D:\FFF001.EXE Task: {05E9F660-8893-476B-B7D5-4E8B75106757} - System32\Tasks\GlaryInitialize 4 => C:\Program Files (x86)\Glary Utilities 4\Initialize.exe [2014-04-14] (Glarysoft Ltd) Task: {0A1F7AC9-DCCC-44E0-809D-11122D4A7C00} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {0E39C653-47D9-4F4C-A6C0-ECB9684562CC} - System32\Tasks\{E9BB9AEC-ADCE-4524-9BE1-CF2D8F5EE532} => Iexplore.exe http://ui.skype.com/ui/0/6.18.73.106.456/en/go/help.faq.installer?LastError=1638 Task: {21F47A67-858C-443B-879A-D6234EC0FDD4} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation) Task: {22A0B148-DA54-4F4B-A5B7-AE3598C213F7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-04-23] (Piriform Ltd) Task: {257686D4-E521-4604-A3F4-162A09ED5A36} - System32\Tasks\GU4SkipUAC => C:\Program Files (x86)\Glary Utilities 4\Integrator.exe [2014-04-14] (Glarysoft Ltd) Task: {257C4FE1-08C1-4673-B0EE-A139B5787DE7} - System32\Tasks\Tweaking.com - Registry Backup => C:\Program Files (x86)\Tweaking.com\Registry Backup\TweakingRegistryBackup.exe Task: {25979E46-BFD9-4A92-A832-D0A2C5E792EA} - System32\Tasks\{2848C3EE-FF0F-4AC8-B5B8-022B622C4558} => Iexplore.exe http://ui.skype.com/ui/0/6.18.73.106.456/en/go/help.faq.installer?LastError=1638 Task: {33A30371-2F89-4FF1-96B3-F8B289454E5E} - System32\Tasks\{DA75907B-802B-4A88-ABD4-7A026131E76F} => pcalua.exe -a "C:\Program Files\AVAST Software\Avast\aswRunDll.exe" -c "C:\Program Files\AVAST Software\Avast\Setup\setiface.dll" RunSetup Task: {3E57381B-82BA-4F26-A33C-E92660CDE653} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => C:\Windows\system32\compattel\DiagTrackRunner.exe [2015-03-16] (Microsoft Corporation) Task: {41654E46-86AC-4BE4-99C6-E2758D7EB511} - System32\Tasks\{52B5D05C-EB93-40BA-859C-665983B580C3} => D:\FFF001.EXE Task: {4C7EB2EA-169E-4F22-B7CE-5F2AD63D091A} - System32\Tasks\Microsoft\Windows\Setup\gwx\refreshgwxconfig => C:\Windows\system32\GWX\GWXConfigManager.exe [2015-05-07] (Microsoft Corporation) Task: {75060DED-5839-4279-82FA-98FFA91662C0} - System32\Tasks\{61D7D3F2-4767-4C9F-980C-5DAF0B7ACFF7} => D:\FFF001.EXE Task: {81DD951F-53E5-4F9D-90D8-21C20D9EBBBD} - System32\Tasks\{ED327E1F-C134-473C-B31A-A00E12C147EC} => D:\FFF001.EXE Task: {864AC9DA-7D8E-4F7B-BC52-AC6E38CB9C48} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => schtasks Task: {87C954D2-E789-4B1E-9C7A-6AE5B0834935} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation) Task: {8C490523-9DFA-4E92-A942-52B14EA02597} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated) Task: {8DA992C9-E34D-4A7B-84CC-58D450329E3E} - System32\Tasks\Microsoft\Windows\Setup\gwx\launchtrayprocess => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation) Task: {93AD302C-AFB4-4C9E-9C4B-A3B7D588B2FA} - System32\Tasks\{1BF9924C-E463-4206-915F-5BE367E3BD06} => D:\FFF001.EXE Task: {962007D7-75FE-42F4-B2BD-F8338A0E0664} - System32\Tasks\ToolwizCareFree => C:\Program Files (x86)\ToolwizCareFree\ToolwizCares.exe [2013-12-15] (Toolwiz) Task: {9FD3FFC7-44BB-451D-BA8E-60DF357B3669} - System32\Tasks\{04A28F36-2F27-4916-BA62-B6EB8AC6A703} => pcalua.exe -a "E:\Gigabyte Drivers\W7\CPSetup.exe" -d "E:\Gigabyte Drivers\W7" Task: {A5C9E65A-0115-4928-A921-5449676E41BF} - System32\Tasks\{8A7FCC09-8BF8-4244-A5BB-B0BA3023C043} => Iexplore.exe http://ui.skype.com/ui/0/6.18.73.106.456/en/go/help.faq.installer?LastError=1638 Task: {AF8EA10C-6209-4F5C-8D0F-4912E0DA13E8} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-04-14] (Microsoft Corporation) Task: {B3F11657-4D62-4FD4-805A-1F788CF3E515} - System32\Tasks\{F3C66A42-EC67-43C1-965E-4732F4F3EE79} => pcalua.exe -a D:\cpic32.exe -d D:\ -c -setup Task: {BA697D06-360F-4977-8E93-E2EF4C649FE7} - System32\Tasks\{5227B1CA-E3E1-4509-B512-795F54DB9E3A} => pcalua.exe -a E:\DOSBox0.71-win32-installer.exe -d E:\ Task: {CAB969BE-449E-45B0-84C1-4B190BA22317} - System32\Tasks\{3FC8669F-5F5D-4288-BE53-0506A1DCD783} => Iexplore.exe http://ui.skype.com/ui/0/6.18.73.106.456/en/go/help.faq.installer?LastError=1638 Task: {DE49EDEB-F172-4446-B051-C44CBD2D1124} - System32\Tasks\Core Temp Autostart user => C:\Program Files\Core Temp\Core Temp.exe Task: {DF7649EF-B9D7-43D2-A93F-91D4F5FB5429} - System32\Tasks\{30FFB3B0-03B2-42AD-8230-70F710CB28AD} => pcalua.exe -a D:\UNINSTL.EXE -d D:\ Task: {F3228A8D-A276-40C3-841B-24429957218D} - System32\Tasks\Games\UpdateCheck_S-1-5-21-2559062345-3467455893-886524796-1000 Task: {F54428E2-4699-4B0C-8CF7-64472C7DFC61} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-06-10] (Adobe Systems Incorporated) Task: {FC45CED1-C40A-4F85-B87A-B05C4C07A952} - System32\Tasks\Microsoft\Windows\Windows Activation Technologies\ValidationTask => C:\Windows\system32\Wat\WatAdminSvc.exe [2013-04-27] (Microsoft Corporation) Task: {FCAC4574-8F73-40DD-99CF-5B19511F8781} - System32\Tasks\Microsoft\Windows\Setup\GWXTriggers\Logon => C:\Windows\system32\GWX\GWX.exe [2015-05-07] (Microsoft Corporation) Task: {FCFB02D3-115D-42AD-A418-5CC61F51E4B7} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-05-05] (Microsoft Corporation) Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\GlaryInitialize 4.job => C:\Program Files (x86)\Glary Utilities 4\Initialize.exe ==================== Loaded Modules (Whitelisted) ============== 2015-03-20 18:12 - 2015-03-20 18:12 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2015-03-20 18:12 - 2015-03-20 18:12 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2015-05-05 17:00 - 2015-05-05 17:00 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2014-08-27 17:51 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2015-05-05 16:58 - 2015-05-05 16:58 - 00316576 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll 2014-08-27 17:52 - 2014-08-27 17:55 - 00196264 _____ () C:\Program Files\Microsoft Office 15\root\office15\IEAWSDC.DLL ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\sndappv2 => ""="service" ==================== EXE Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\S-1-5-21-2559062345-3467455893-886524796-1000\...\anthem.com -> hxxps://www.anthem.com ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2559062345-3467455893-886524796-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\user\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg DNS Servers: 209.18.47.61 - 209.18.47.62 ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: AdobeARMservice => 2 MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3 MSCONFIG\Services: Apple Mobile Device => 2 MSCONFIG\Services: Apple Mobile Device Service => 2 MSCONFIG\Services: Bonjour Service => 2 MSCONFIG\Services: Freemake Improver => 2 MSCONFIG\Services: iPod Service => 3 MSCONFIG\Services: LBTServ => 3 MSCONFIG\Services: MozillaMaintenance => 3 MSCONFIG\Services: NAUpdate => 2 MSCONFIG\Services: RalinkRegistryWriter => 2 MSCONFIG\Services: RalinkRegistryWriter64 => 2 MSCONFIG\Services: RaMediaServer => 2 MSCONFIG\startupreg: GUDelayStartup => "C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe" -delayrun MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe" MSCONFIG\startupreg: NBAgent => "C:\Program Files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" /WinStart MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime MSCONFIG\startupreg: ToolwizCareFree => "C:\Program Files (x86)\ToolwizCareFree\ToolwizCares.exe" -autorun ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [{1150BA71-A7F8-4D94-92BF-818FF79105DC}] => (Allow) C:\Users\user\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe FirewallRules: [{6F198C10-6D7F-465E-BFEC-716C85462A1C}] => (Allow) C:\Program Files\HP\HP Deskjet 1000 J110 series\Bin\USBSetup.exe FirewallRules: [{10D9A41E-EF89-4F24-8DA8-CA7483D5F45F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe FirewallRules: [{2097A84B-7BA3-40F6-A971-F587D1D548BA}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe FirewallRules: [{06EC0723-808E-40AA-A4EC-94F813B279C2}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe FirewallRules: [{8F952F99-92EC-47A6-8E5A-ABC4E344EF7F}] => (Allow) LPort=1542 FirewallRules: [{1A11D717-9B34-47E7-ABF1-7CC49942D28F}] => (Allow) LPort=1542 FirewallRules: [{EC7375E4-3CB5-4193-88D8-96B91CC78B5B}] => (Allow) LPort=53 FirewallRules: [{D0CA5501-D423-4EDD-8312-2B28DF24197F}] => (Allow) LPort=1542 FirewallRules: [{B4CE74D6-7FD1-4266-8D30-7BB5A5F53D46}] => (Allow) LPort=1542 FirewallRules: [{57AB4E87-1413-4572-A4D9-424FD79AC468}] => (Allow) LPort=53 FirewallRules: [{30BC8712-2FA5-4034-AE6D-8A7A119D0C61}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{893B8FFE-541B-4560-B186-154F65BB788F}] => (Allow) LPort=2869 FirewallRules: [{A61FECA6-71D7-475F-B0D5-A7C4DF680C25}] => (Allow) LPort=1900 FirewallRules: [{6E2C1930-AA5C-4127-BDB2-FC7137876DEF}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe FirewallRules: [{0FA1DBB4-EDA3-4ED9-94F2-412444E3B1AC}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{23BA2A7A-CDB0-4D4D-8990-F7A1731D64AB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{1CC1DF0E-F218-4AAE-BD88-3A952CE64A30}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{169EFAFA-E21B-4826-99E2-4B7EB71BCC67}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{B3A1FE05-9681-4673-9C6C-7CA196B740B9}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe FirewallRules: [{C1AB6488-9BED-41A8-B9C7-2C0F9289D59F}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [{1BA97627-18C4-474E-A71D-59441DC23F5F}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe FirewallRules: [{B70770B8-14A0-4CAD-944B-760E4486F9DD}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe FirewallRules: [{C6288A61-2D8F-43FE-91E2-6B014956F1FF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{38791979-ADE7-4C0B-B8C1-B9998ADEF645}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{ABD296A5-A676-4C5F-A2AB-AF2FCEA20BB3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{F06F96DA-63B5-4EC6-8545-72AE9843B0D1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe ==================== Faulty Device Manager Devices ============= Name: I:\ Description: SD/MMC Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a} Manufacturer: Generic- Service: WUDFRd Problem: : Windows has stopped this device because it has reported problems. (Code 43) Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. Name: K:\ Description: SM/xD-Picture Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a} Manufacturer: Generic- Service: WUDFRd Problem: : Windows has stopped this device because it has reported problems. (Code 43) Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. Name: Teredo Tunneling Pseudo-Interface Description: Microsoft Teredo Tunneling Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. Name: J:\ Description: Compact Flash Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a} Manufacturer: Generic- Service: WUDFRd Problem: : Windows has stopped this device because it has reported problems. (Code 43) Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. Name: L:\ Description: MS/MS-Pro Class Guid: {eec5ad98-8080-425f-922a-dabf3de3f69a} Manufacturer: Generic- Service: WUDFRd Problem: : Windows has stopped this device because it has reported problems. (Code 43) Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation. ==================== Event log errors: ========================= Application errors: ================== Error: (06/13/2015 09:34:06 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/12/2015 11:24:10 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time stamp: 0x50a6a1b0 Faulting module name: Device.dll, version: 4.1.0.0, time stamp: 0x4f55e10b Exception code: 0xc0000005 Fault offset: 0x00000000000033c1 Faulting process id: 0x6b8 Faulting application start time: 0xFuel.Service.exe0 Faulting application path: Fuel.Service.exe1 Faulting module path: Fuel.Service.exe2 Report Id: Fuel.Service.exe3 Error: (06/12/2015 03:54:42 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/11/2015 11:18:03 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time stamp: 0x50a6a1b0 Faulting module name: Device.dll, version: 4.1.0.0, time stamp: 0x4f55e10b Exception code: 0xc0000005 Fault offset: 0x00000000000033c1 Faulting process id: 0x6b4 Faulting application start time: 0xFuel.Service.exe0 Faulting application path: Fuel.Service.exe1 Faulting module path: Fuel.Service.exe2 Report Id: Fuel.Service.exe3 Error: (06/11/2015 05:29:26 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/10/2015 11:41:10 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time stamp: 0x50a6a1b0 Faulting module name: Device.dll, version: 4.1.0.0, time stamp: 0x4f55e10b Exception code: 0xc0000005 Fault offset: 0x00000000000033c1 Faulting process id: 0x70c Faulting application start time: 0xFuel.Service.exe0 Faulting application path: Fuel.Service.exe1 Faulting module path: Fuel.Service.exe2 Report Id: Fuel.Service.exe3 Error: (06/10/2015 02:02:56 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/09/2015 11:26:16 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Fuel.Service.exe, version: 1.0.0.0, time stamp: 0x50a6a1b0 Faulting module name: Device.dll, version: 4.1.0.0, time stamp: 0x4f55e10b Exception code: 0xc0000005 Fault offset: 0x00000000000033c1 Faulting process id: 0x678 Faulting application start time: 0xFuel.Service.exe0 Faulting application path: Fuel.Service.exe1 Faulting module path: Fuel.Service.exe2 Report Id: Fuel.Service.exe3 Error: (06/09/2015 10:52:25 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: wmprph.exe, version: 12.0.7600.16385, time stamp: 0x4a5bd018 Faulting module name: ntdll.dll, version: 6.1.7601.18869, time stamp: 0x556366f2 Exception code: 0xc0000005 Fault offset: 0x000000000004ada4 Faulting process id: 0x350 Faulting application start time: 0xwmprph.exe0 Faulting application path: wmprph.exe1 Faulting module path: wmprph.exe2 Report Id: wmprph.exe3 Error: (06/09/2015 07:17:25 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 System errors: ============= Error: (06/13/2015 10:08:02 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: machine-defaultLocalActivation{06622D85-6856-4460-8DE1-A81921B41C4B}{06622D85-6856-4460-8DE1-A81921B41C4B}NT AUTHORITYNETWORK SERVICES-1-5-20LocalHost (Using LRPC) Error: (06/13/2015 09:50:38 AM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Windows\System32\drivers\TrueSight.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver. Error: (06/13/2015 09:48:24 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: machine-defaultLocalActivation{06622D85-6856-4460-8DE1-A81921B41C4B}{06622D85-6856-4460-8DE1-A81921B41C4B}NT AUTHORITYNETWORK SERVICES-1-5-20LocalHost (Using LRPC) Error: (06/13/2015 09:47:27 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. Error: (06/13/2015 09:47:24 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Modules Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. Error: (06/13/2015 09:47:24 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Windows Media Player Network Sharing Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. Error: (06/13/2015 09:47:23 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Macrium Reflect Image Mounting Service service terminated unexpectedly. It has done this 1 time(s). Error: (06/13/2015 09:47:23 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Process Monitor service terminated unexpectedly. It has done this 1 time(s). Error: (06/13/2015 09:47:23 AM) (Source: Service Control Manager) (EventID: 7034) (User: ) Description: The Freemake Improver service terminated unexpectedly. It has done this 1 time(s). Error: (06/13/2015 09:47:23 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Microsoft Office ClickToRun Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service. Microsoft Office: ========================= Error: (06/13/2015 09:34:06 AM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/12/2015 11:24:10 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Fuel.Service.exe1.0.0.050a6a1b0Device.dll4.1.0.04f55e10bc000000500000000000033c16b801d0a5628d031734C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dllccc7bdf7-1194-11e5-913b-902b34edeb2f Error: (06/12/2015 03:54:42 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/11/2015 11:18:03 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Fuel.Service.exe1.0.0.050a6a1b0Device.dll4.1.0.04f55e10bc000000500000000000033c16b401d0a4a69ece527cC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dllc79f1ab4-10ca-11e5-8a78-902b34edeb2f Error: (06/11/2015 05:29:26 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/10/2015 11:41:10 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Fuel.Service.exe1.0.0.050a6a1b0Device.dll4.1.0.04f55e10bc000000500000000000033c170c01d0a3c09cebbfe9C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dlld7e3cbdc-1004-11e5-9516-902b34edeb2f Error: (06/10/2015 02:02:56 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 Error: (06/09/2015 11:26:16 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: Fuel.Service.exe1.0.0.050a6a1b0Device.dll4.1.0.04f55e10bc000000500000000000033c167801d0a32363e92b46C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll98b2bace-0f39-11e5-989c-902b34edeb2f Error: (06/09/2015 10:52:25 PM) (Source: Application Error) (EventID: 1000) (User: ) Description: wmprph.exe12.0.7600.163854a5bd018ntdll.dll6.1.7601.18869556366f2c0000005000000000004ada435001d0a34197fd2552C:\Program Files\Windows Media Player\wmprph.exeC:\Windows\SYSTEM32\ntdll.dllde45178e-0f34-11e5-989c-902b34edeb2f Error: (06/09/2015 07:17:25 PM) (Source: WinMgmt) (EventID: 10) (User: ) Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003 CodeIntegrity Errors: =================================== Date: 2015-06-01 18:38:36.404 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-06-01 18:38:36.358 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-05-22 15:28:50.367 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2015-05-22 15:28:50.320 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\drivers\usbaapl64.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. ==================== Memory info =========================== Processor: AMD FX-6100 Six-Core Processor Percentage of memory in use: 36% Total physical RAM: 15869.55 MB Available physical RAM: 10127.72 MB Total Pagefile: 32251.76 MB Available Pagefile: 27203.15 MB Total Virtual: 8192 MB Available Virtual: 8191.8 MB ==================== Drives ================================ Drive c: (Windows 7) (Fixed) (Total:465.76 GB) (Free:387.73 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive e: (Downloaded Programs) (Fixed) (Total:54.01 GB) (Free:36.34 GB) NTFS ==>[system with boot components (obtained from reading drive)] Drive f: (back up) (Fixed) (Total:446.39 GB) (Free:294.97 GB) NTFS Drive g: (DVD & Pictures) (Fixed) (Total:431.1 GB) (Free:403.86 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F9EA8380) Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: A7D65DD6) Partition 1: (Active) - (Size=54 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=446.4 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=431.1 GB) - (Type=07 NTFS) ==================== End of log ============================ RogueKiller V10.8.2.0 (x64) [Jun 9 2015] by Adlice Software mail : http://www.adlice.com/contact/ Feedback : http://forum.adlice.com Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://www.adlice.com Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : user [Administrator] Started from : C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DIWZ4Z7G\RogueKillerX64version.exe Mode : Scan -- Date : 06/13/2015 10:01:04 ¤¤¤ Processes : 0 ¤¤¤ ¤¤¤ Registry : 5 ¤¤¤ [PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2559062345-3467455893-886524796-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.windowsbbs.com/ -> Found [PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2559062345-3467455893-886524796-1000\Software\Microsoft\Internet Explorer\Main | Start Page : http://www.windowsbbs.com/ -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{08521533-CDB2-45AD-AB3D-3E9DF2F2138F} | DhcpNameServer : 69.134.148.4 69.134.148.68 [uNITED STATES (US)][uNITED STATES (US)] -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{08521533-CDB2-45AD-AB3D-3E9DF2F2138F} | DhcpNameServer : 69.134.148.4 69.134.148.68 [uNITED STATES (US)][uNITED STATES (US)] -> Found [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{08521533-CDB2-45AD-AB3D-3E9DF2F2138F} | DhcpNameServer : 69.134.148.4 69.134.148.68 [uNITED STATES (US)][uNITED STATES (US)] -> Found ¤¤¤ Tasks : 0 ¤¤¤ ¤¤¤ Files : 0 ¤¤¤ ¤¤¤ Hosts File : 1 ¤¤¤ [C:\Windows\System32\drivers\etc\hosts] 127.0.0.1 localhost ¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤ ¤¤¤ Web browsers : 0 ¤¤¤ ¤¤¤ MBR Check : ¤¤¤ +++++ PhysicalDrive0: WDC WD5000AAKX-00ERMA0 ATA Device +++++ --- User --- [MBR] 5673b224de40662d7fade46ef2363668 [bSP] fbd4393ff96ab9a429c03603963f7258 : Windows Vista/7/8|VT.Unknown MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 476937 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive1: TOSHIBA DT01ACA100 ATA Device +++++ --- User --- [MBR] 70cd990cc6ae07d4236ab284558cba5a [bSP] d47f5553c99637600ef7816fab744eac : Windows Vista/7/8|VT.Unknown MBR Code Partition table: 0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 55308 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 1 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 113274320 | Size: 457107 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] 2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 1049446120 | Size: 441442 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader] User = LL1 ... OK User = LL2 ... OK +++++ PhysicalDrive2: Generic- SD/MMC USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive3: Generic- Compact Flash USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive4: Generic- SM/xD-Picture USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) +++++ PhysicalDrive5: Generic- MS/MS-Pro USB Device +++++ Error reading User MBR! ([15] The device is not ready. ) Error reading LL1 MBR! NOT VALID! Error reading LL2 MBR! ([32] The request is not supported. ) ============================================ RKreport_SCN_06012015_165335.log - RKreport_SCN_06082015_182344.log - RKreport_SCN_06082015_221406.log - RKreport_DEL_06082015_222011.log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 6.9.4 (06.13.2015:2) OS: Windows 7 Ultimate x64 Ran by user on Sat 06/13/2015 at 9:46:53.96 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Tasks ~~~ Registry Values Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\SearchAssistant ~~~ Registry Keys ~~~ Files ~~~ Folders ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Sat 06/13/2015 at 9:49:33.14 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v4.206 - Logfile created 13/06/2015 at 09:44:15 # Updated 01/06/2015 by Xplode # Database : 2015-06-09.1 [server] # Operating system : Windows 7 Ultimate Service Pack 1 (x64) # Username : user - SVENALBRECHT # Running from : C:\Users\user\Documents\Clean up\AdwCleaner.exe # Option : Scan ***** [ Services ] ***** ***** [ Files / Folders ] ***** ***** [ Scheduled tasks ] ***** ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Web browsers ] ***** -\\ Internet Explorer v11.0.9600.17840 -\\ Mozilla Firefox v31.0 (x86 en-US) ************************* AdwCleaner[R0].txt - [760 bytes] - [08/06/2015 22:22:51] AdwCleaner[R1].txt - [682 bytes] - [13/06/2015 09:44:15] AdwCleaner[s0].txt - [823 bytes] - [08/06/2015 22:23:55] ########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [798 bytes] ##########
  12. Seems to be running fine. I did not get any pop ups the last 2 days thanks Broni nice little tool to delete all the tools Sven
  13. Hi Broni, Sophos ran just fine and no threats where found
  14. Hi Broni TFC has cleaned out about 1900 files, I have no log for that. Also, I have not gotten the pop up today or yesterday. must be one of the cleaning tools. running Sophos now, but it takes a long time. I will post the log when it is done. Thanks for your help Sven
  15. next log Farbar Service Scanner Version: 17-01-2015 Ran by user (administrator) on 04-03-2015 at 21:13:32 Running from "C:\Users\user\Desktop" Microsoft Windows 7 Ultimate Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Policy: ======================== Action Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== WinDefend Service is not running. Checking service configuration: The start type of WinDefend service is set to Demand. The default start type is Auto. The ImagePath of WinDefend service is OK. The ServiceDll of WinDefend service is OK. Windows Defender Disabled Policy: ========================== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware"=DWORD:1 Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => File is digitally signed C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed C:\Windows\System32\dhcpcore.dll => File is digitally signed C:\Windows\System32\drivers\afd.sys => File is digitally signed C:\Windows\System32\drivers\tdx.sys => File is digitally signed C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed C:\Windows\System32\dnsrslvr.dll => File is digitally signed C:\Windows\System32\mpssvc.dll => File is digitally signed C:\Windows\System32\bfe.dll => File is digitally signed C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed C:\Windows\System32\SDRSVC.dll => File is digitally signed C:\Windows\System32\vssvc.exe => File is digitally signed C:\Windows\System32\wscsvc.dll => File is digitally signed C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed C:\Windows\System32\wuaueng.dll => File is digitally signed C:\Windows\System32\qmgr.dll => File is digitally signed C:\Windows\System32\es.dll => File is digitally signed C:\Windows\System32\cryptsvc.dll => File is digitally signed C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed C:\Windows\System32\ipnathlp.dll => File is digitally signed C:\Windows\System32\iphlpsvc.dll => File is digitally signed C:\Windows\System32\svchost.exe => File is digitally signed C:\Windows\System32\rpcss.dll => File is digitally signed **** End of log ****
×