Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-02-2015 01 Ran by SYSTEM on MININT-9NCLM19 on 20-02-2015 02:41:23 Running from j:\ Platform: Windows 7 Home Premium (X64) OS Language: English (United States) Internet Explorer Version 9 Boot Mode: Recovery The current controlset is ControlSet001 [b]ATTENTION!:=====> If the system is bootable FRST must be run from normal or Safe mode to create a complete log.[/b] Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Registry (Whitelisted) ================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2837288 2011-10-14] (Synaptics Incorporated) HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1424896 2011-08-16] (IDT, Inc.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [557768 2014-09-19] (Adobe Systems Incorporated) HKLM\...\Run: [BTMTrayAgent] => rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [343168 2011-09-29] (Advanced Micro Devices, Inc.) HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2011-04-14] (Renesas Electronics Corporation) HKLM-x32\...\Run: [HPOSD] => C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe [379960 2011-08-19] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2011-08-26] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated) HKLM-x32\...\Run: [Everything] => C:\Program Files (x86)\Everything\Everything.exe [602624 2009-03-12] () HKLM-x32\...\Run: [Bubbles] => C:\Program Files (x86)\Bubbles\BubbleBox.exe [454656 2006-08-16] () HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [578944 2012-03-05] (Hewlett-Packard Development Company, L.P.) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [87336 2011-03-30] (CyberLink Corp.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2014-12-03] (Adobe Systems Incorporated) HKLM-x32\...\Run: [mobilegeni daemon] => C:\Program Files (x86)\Mobogenie\DaemonProcess.exe HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [5227112 2015-01-26] (AVAST Software) HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2694320 2015-01-07] (Adobe Systems Incorporated) HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039240 2013-12-26] (Adobe Systems Incorporated) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [Acrobat Assistant 8.0] => D:\Programs\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498728 2014-12-02] (Adobe Systems Inc.) HKLM-x32\...\Run: [Carbonite Backup] => C:\Program Files (x86)\Carbonite\Carbonite Backup\CarboniteUI.exe [1056976 2014-06-27] (Carbonite, Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [508800 2014-12-17] (Oracle Corporation) Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation) HKU\Beth\...\Run: [Spotify Web Helper] => C:\Users\Beth\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1676344 2014-12-16] (Spotify Ltd) HKU\Beth\...\Run: [Google Update] => C:\Users\Beth\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-05-09] (Google Inc.) HKU\Beth\...\Run: [MusicManager] => C:\Users\Beth\AppData\Local\Programs\Google\MusicManager\MusicManager.exe [7475200 2014-11-13] (Google Inc.) HKU\Beth\...\Run: [SpeedUpMyComputer] => C:\Program Files (x86)\SmartTweak\SpeedUpMyComputer\SpeedUpMyComputer.exe /ot /as /ss HKU\Beth\...\Run: [Spotify] => C:\Users\Beth\AppData\Roaming\Spotify\spotify.exe [6737976 2014-12-16] (Spotify Ltd) AppInit_DLLs-x32: C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll => "C:\PROGRA~2\Citrix\ICACLI~1\RSHook.dll" File Not Found Startup: C:\Users\Beth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Amazon Cloud Drive.lnk ShortcutTarget: Amazon Cloud Drive.lnk -> (No File) Startup: C:\Users\Beth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk ShortcutTarget: Dropbox.lnk -> (No File) ==================== Services (Whitelisted) ================= (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S2 AdobeUpdateService; C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ElevationManager\AdobeUpdateService.exe [710320 2015-01-07] (Adobe Systems Incorporated) S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2015-01-18] (AVAST Software) S2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [104416 2015-01-18] (AVAST Software) S2 CLKMSVC10_38F51D56; C:\Program Files (x86)\Cyberlink\PowerDVD10\NavFilter\kmsvc.exe [244720 2012-02-08] (CyberLink) S2 DisplayLinkService; C:\Program Files\DisplayLink Core Software\DisplayLinkManager.exe [9663848 2011-04-10] (DisplayLink Corp.) S2 Dnscache; C:\Windows\System32\dnsrslvr.dll [0 2015-02-18] () <==== ATTENTION (zero size file/folder) S2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [1200160 2012-11-09] (Fitbit, Inc.) S2 HPPRXSVC; C:\Program Files (x86)\Hewlett-Packard\HP Proximity Sensor\HPPRXSVC.exe [37432 2011-10-05] (Hewlett-Packard Development Company, L.P.) S2 ISCTAgent; C:\Program Files (x86)\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [93696 2011-09-06] () S2 MBAMScheduler; D:\Programs\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2014-11-21] (Malwarebytes Corporation) S2 MBAMService; D:\Programs\Malwarebytes Anti-Malware\mbamservice.exe [969016 2014-11-21] (Malwarebytes Corporation) S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2012-02-26] () S3 odserv; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [440696 2011-07-20] () S2 ptumlcmsvc; C:\Windows\system32\ptumlcmsvc64.exe [184320 2012-05-22] () S2 RegSrvc; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [148752 2012-02-26] () S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation) S2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [2669840 2012-02-26] (Intel® Corporation) ==================== Drivers (Whitelisted) ==================== (If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.) S3 agp440; C:\Windows\system32\drivers\agp440.sys [61008 2009-07-13] () S3 aliide; C:\Windows\system32\drivers\aliide.sys [15440 2009-07-13] () S2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [29208 2015-01-18] () S1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [28184 2015-01-18] (AVAST Software) S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [83280 2015-01-18] () S0 aswNdisFlt; C:\Windows\System32\DRIVERS\aswNdisFlt.sys [449936 2015-01-18] (AVAST Software) S1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93568 2015-01-18] () S0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2015-01-18] () S1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1050432 2015-01-18] (AVAST Software) S1 aswSP; C:\Windows\system32\drivers\aswSP.sys [436624 2015-01-18] (AVAST Software) S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [116728 2015-01-18] (AVAST Software) S0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [267632 2015-01-18] () S3 AX88772; C:\Windows\System32\DRIVERS\ax88772.sys [79360 2011-12-12] () S3 BrSerWdm; C:\Windows\System32\Drivers\BrSerWdm.sys [47104 2009-06-10] () S3 circlass; C:\Windows\system32\drivers\circlass.sys [45568 2009-07-13] () S3 clwvd; C:\Windows\System32\DRIVERS\clwvd.sys [31088 2010-07-28] () S3 CompositeBus; C:\Windows\system32\drivers\CompositeBus.sys [38912 2010-11-20] () S1 ctxusbm; C:\Windows\System32\DRIVERS\ctxusbm.sys [93272 2012-02-13] () S3 DisplayLinkUsbPort; C:\Windows\System32\DRIVERS\DisplayLinkUsbPort_5.6.31854.0.sys [17408 2012-05-14] (http://libusb-win32.sourceforge.net) S3 HidIr; C:\Windows\system32\drivers\hidir.sys [46592 2009-07-13] () S3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [44992 2011-09-06] () S3 iwdbus; C:\Windows\System32\DRIVERS\iwdbus.sys [25496 2011-08-05] () S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2014-11-21] () S3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-02-16] (Malwarebytes Corporation) S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2014-11-21] (Malwarebytes Corporation) S3 MegaSR; C:\Windows\system32\drivers\MegaSR.sys [284736 2009-07-13] () S1 mssmbios; C:\Windows\system32\drivers\mssmbios.sys [32320 2009-07-13] () S3 nfrd960; C:\Windows\system32\drivers\nfrd960.sys [51264 2009-07-13] () S3 pciide; C:\Windows\system32\drivers\pciide.sys [12352 2009-07-13] () S3 PTUMLMBMP; C:\Windows\System32\DRIVERS\PTUMLMBMP.sys [240416 2012-05-22] (DEVGURU Co., LTD.) S3 stexstor; C:\Windows\system32\drivers\stexstor.sys [24656 2009-07-13] () S3 umbus; C:\Windows\System32\DRIVERS\umbus.sys [48640 2010-11-20] () S3 usbccgp; C:\Windows\System32\DRIVERS\usbccgp.sys [99840 2013-11-26] () S3 usbprint; C:\Windows\System32\DRIVERS\usbprint.sys [25088 2009-07-13] () S3 usbvideo; C:\Windows\System32\Drivers\usbvideo.sys [185344 2013-07-12] () S3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [35344 2014-05-28] () S3 WUDFRd; C:\Windows\System32\DRIVERS\WUDFRd.sys [198656 2012-07-25] () ==================== NetSvcs (Whitelisted) =================== (If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.) ==================== One Month Created Files and Folders ======== (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-20 18:38 - 2015-02-20 02:41 - 00000000 ____D () C:\FRST 2015-02-20 07:39 - 2015-02-20 07:41 - 00000000 ____D () C:\Windows\System32\config\BACKUP THAT I MADE 2015-02-20 07:32 - 2010-11-20 00:32 - 00027008 _____ (Advanced Micro Devices) C:\Windows\System32\Drivers\amdxata.sys 2015-02-16 09:33 - 2015-02-16 10:10 - 00000163 _____ () C:\Users\Beth\Desktop\phprc 2015-02-16 08:09 - 2015-02-16 09:11 - 00001322 _____ () C:\Users\Beth\Desktop\donation_calculator.html 2015-02-12 14:47 - 2015-02-12 14:47 - 00000000 ____D () C:\Users\Beth\Desktop\open-sans-fontfacekit 2015-02-12 14:45 - 2015-02-12 14:45 - 01849237 _____ () C:\Users\Beth\Desktop\open-sans-fontfacekit.zip 2015-02-12 13:12 - 2015-02-12 13:12 - 00098216 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll 2015-02-12 13:11 - 2015-02-12 13:11 - 00000000 ____D () C:\ProgramData\Oracle 2015-02-12 13:11 - 2015-02-12 13:11 - 00000000 ____D () C:\Program Files (x86)\Java 2015-02-12 12:00 - 2015-02-12 12:01 - 00639400 _____ (Oracle Corporation) C:\Users\Beth\Desktop\chromeinstall-8u31.exe 2015-02-11 05:11 - 2015-01-15 00:14 - 00155072 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys 2015-02-11 05:11 - 2015-01-15 00:14 - 00095680 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys 2015-02-11 05:11 - 2015-01-15 00:09 - 01461760 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll 2015-02-11 05:11 - 2015-01-15 00:09 - 00136192 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll 2015-02-11 05:11 - 2015-01-15 00:09 - 00031232 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe 2015-02-11 05:11 - 2015-01-15 00:09 - 00029184 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll 2015-02-11 05:11 - 2015-01-15 00:09 - 00028160 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll 2015-02-11 05:11 - 2015-01-15 00:08 - 00064000 _____ (Microsoft Corporation) C:\Windows\System32\auditpol.exe 2015-02-11 05:11 - 2015-01-15 00:06 - 00146432 _____ (Microsoft Corporation) C:\Windows\System32\msaudite.dll 2015-02-11 05:11 - 2015-01-15 00:06 - 00060416 _____ (Microsoft Corporation) C:\Windows\System32\msobjs.dll 2015-02-11 05:11 - 2015-01-15 00:04 - 00686080 _____ (Microsoft Corporation) C:\Windows\System32\adtschema.dll 2015-02-11 05:11 - 2015-01-14 23:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe 2015-02-11 05:11 - 2015-01-14 23:42 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll 2015-02-11 05:11 - 2015-01-14 23:41 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll 2015-02-11 05:11 - 2015-01-14 23:39 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll 2015-02-11 05:11 - 2015-01-14 23:39 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll 2015-02-11 05:11 - 2015-01-14 23:37 - 00686080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll 2015-02-11 05:11 - 2015-01-14 20:22 - 00458824 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys 2015-02-11 05:11 - 2015-01-13 19:08 - 17878016 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2015-02-11 05:11 - 2015-01-13 18:53 - 02339840 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2015-02-11 05:11 - 2015-01-13 18:49 - 01392128 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll 2015-02-11 05:11 - 2015-01-13 18:47 - 00816640 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll 2015-02-11 05:11 - 2015-01-13 18:47 - 00599040 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2015-02-11 05:11 - 2015-01-13 18:47 - 00085504 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2015-02-11 05:11 - 2015-01-13 18:45 - 00453120 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll 2015-02-11 05:11 - 2015-01-13 18:45 - 00282112 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll 2015-02-11 05:11 - 2015-01-13 18:44 - 02382848 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2015-02-11 05:11 - 2015-01-13 18:44 - 00248320 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll 2015-02-11 05:11 - 2015-01-13 18:44 - 00096768 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2015-02-11 05:11 - 2015-01-13 17:51 - 12371456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll 2015-02-11 05:11 - 2015-01-13 17:47 - 01810944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll 2015-02-11 05:11 - 2015-01-13 17:42 - 01129472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll 2015-02-11 05:11 - 2015-01-13 17:41 - 00717824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll 2015-02-11 05:11 - 2015-01-13 17:41 - 00421376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll 2015-02-11 05:11 - 2015-01-13 17:40 - 02382848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb 2015-02-11 05:11 - 2015-01-13 17:40 - 00353792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll 2015-02-11 05:11 - 2015-01-13 17:40 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll 2015-02-11 05:11 - 2015-01-13 17:40 - 00176640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll 2015-02-11 05:11 - 2015-01-13 17:40 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll 2015-02-11 05:11 - 2015-01-12 19:10 - 01190912 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll 2015-02-11 05:11 - 2015-01-12 18:49 - 01011200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll 2015-02-11 05:10 - 2015-01-13 22:09 - 05554112 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2015-02-11 05:10 - 2015-01-13 22:05 - 00503808 _____ (Microsoft Corporation) C:\Windows\System32\srcore.dll 2015-02-11 05:10 - 2015-01-13 22:05 - 00050176 _____ (Microsoft Corporation) C:\Windows\System32\srclient.dll 2015-02-11 05:10 - 2015-01-13 22:04 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\rstrui.exe 2015-02-11 05:10 - 2015-01-13 21:44 - 03972544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe 2015-02-11 05:10 - 2015-01-13 21:44 - 03917760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe 2015-02-11 05:10 - 2015-01-13 21:41 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll 2015-02-11 05:10 - 2015-01-13 18:59 - 10924032 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2015-02-11 05:10 - 2015-01-13 18:59 - 00448512 _____ (Microsoft Corporation) C:\Windows\System32\html.iec 2015-02-11 05:10 - 2015-01-13 18:49 - 01388032 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2015-02-11 05:10 - 2015-01-13 18:47 - 01494016 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2015-02-11 05:10 - 2015-01-13 18:47 - 00237056 _____ (Microsoft Corporation) C:\Windows\System32\url.dll 2015-02-11 05:10 - 2015-01-13 18:46 - 00729088 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2015-02-11 05:10 - 2015-01-13 18:46 - 00173056 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2015-02-11 05:10 - 2015-01-13 18:45 - 02157056 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2015-02-11 05:10 - 2015-01-13 18:44 - 00055296 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll 2015-02-11 05:10 - 2015-01-13 18:44 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe 2015-02-11 05:10 - 2015-01-13 18:44 - 00011264 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe 2015-02-11 05:10 - 2015-01-13 17:49 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec 2015-02-11 05:10 - 2015-01-13 17:46 - 09742336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll 2015-02-11 05:10 - 2015-01-13 17:43 - 01139712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll 2015-02-11 05:10 - 2015-01-13 17:42 - 01427968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl 2015-02-11 05:10 - 2015-01-13 17:41 - 01802752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll 2015-02-11 05:10 - 2015-01-13 17:41 - 00607744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll 2015-02-11 05:10 - 2015-01-13 17:41 - 00231936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll 2015-02-11 05:10 - 2015-01-13 17:41 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe 2015-02-11 05:10 - 2015-01-13 17:41 - 00065024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll 2015-02-11 05:10 - 2015-01-13 17:40 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll 2015-02-11 05:10 - 2015-01-13 17:40 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe 2015-02-11 05:10 - 2015-01-13 17:40 - 00010752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe 2015-02-11 05:10 - 2015-01-08 18:03 - 03201536 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys 2015-02-11 05:10 - 2014-12-07 19:09 - 00406528 _____ (Microsoft Corporation) C:\Windows\System32\scesrv.dll 2015-02-11 05:10 - 2014-12-07 18:46 - 00308224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\scesrv.dll 2015-02-06 13:00 - 2015-02-06 13:01 - 00009921 _____ () C:\Users\Beth\Desktop\the-journal-of-international-security-affairs-users.csv 2015-02-04 18:28 - 2015-02-04 18:28 - 05070512 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe 2015-01-30 04:43 - 2015-01-30 04:43 - 01117032 _____ () C:\Windows\Minidump\013015-41589-01.dmp 2015-01-28 12:05 - 2015-01-28 12:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox 2015-01-26 11:25 - 2015-01-26 11:26 - 06381120 _____ () C:\Users\Beth\Downloads\FileZilla_3.10.0.2_win32-setup.exe 2015-01-21 07:16 - 2015-01-29 08:39 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox.bak ==================== One Month Modified Files and Folders ======= (If an entry is included in the fixlist, the file\folder will be moved.) 2015-02-18 13:49 - 2013-09-11 05:10 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll 2015-02-18 13:49 - 2011-10-24 11:06 - 00161792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll 2015-02-18 13:49 - 2011-10-24 10:48 - 00000000 _____ () C:\Windows\SysWOW64\dnsapi.dll 2015-02-18 13:49 - 2011-10-24 10:47 - 00739840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll 2015-02-18 13:48 - 2013-09-11 05:09 - 00197120 _____ (Microsoft Corporation) C:\Windows\System32\shdocvw.dll 2015-02-18 13:47 - 2014-04-09 16:19 - 01163264 _____ (Microsoft Corporation) C:\Windows\System32\kernel32.dll 2015-02-18 13:47 - 2011-10-24 11:06 - 00222208 _____ (Microsoft Corporation) C:\Windows\System32\msls31.dll 2015-02-18 13:47 - 2011-10-24 10:48 - 00357888 _____ (Microsoft Corporation) C:\Windows\System32\dnsapi.dll 2015-02-18 13:47 - 2011-10-24 10:48 - 00030208 _____ (Microsoft Corporation) C:\Windows\System32\dnscacheugc.exe 2015-02-18 13:47 - 2011-10-24 10:48 - 00000000 _____ () C:\Windows\System32\dnsrslvr.dll 2015-02-18 13:46 - 2013-12-11 11:34 - 00081408 _____ (Microsoft Corporation) C:\Windows\System32\imagehlp.dll 2015-02-16 13:04 - 2012-01-28 18:42 - 01771132 _____ () C:\Windows\WindowsUpdate.log 2015-02-16 13:03 - 2013-02-24 11:48 - 02016180 _____ () C:\Windows\System32\ptumlacsvc-0.log 2015-02-16 13:01 - 2012-05-09 20:07 - 00000000 ____D () C:\Users\Beth\AppData\Roaming\Spotify 2015-02-16 12:49 - 2012-06-14 06:26 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2015-02-16 12:45 - 2014-02-03 09:02 - 00000556 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3806131777-2811000131-3782704934-1000.job 2015-02-16 12:28 - 2012-06-01 04:02 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job 2015-02-16 12:21 - 2014-10-30 05:24 - 00129752 _____ (Malwarebytes Corporation) C:\Windows\System32\Drivers\MBAMSwissArmy.sys 2015-02-16 12:16 - 2012-05-09 13:59 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3806131777-2811000131-3782704934-1000UA.job 2015-02-16 12:16 - 2012-05-09 13:59 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3806131777-2811000131-3782704934-1000Core.job 2015-02-16 11:28 - 2012-05-09 20:07 - 00000000 ____D () C:\Users\Beth\AppData\Local\Spotify 2015-02-16 10:35 - 2013-07-24 05:53 - 00000000 ____D () C:\Users\Beth\AppData\Roaming\FileZilla 2015-02-16 06:52 - 2012-05-09 13:53 - 00000000 ____D () C:\Users\Beth\AppData\Local\Adobe 2015-02-16 06:03 - 2012-06-14 06:26 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2015-02-16 05:52 - 2013-06-17 04:41 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update 2015-02-15 10:57 - 2009-07-13 21:13 - 00006206 _____ () C:\Windows\System32\PerfStringBackup.INI 2015-02-15 10:54 - 2014-07-09 08:25 - 00007021 _____ () C:\Windows\setupact.log 2015-02-15 06:14 - 2009-07-13 20:45 - 00032064 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2015-02-15 06:14 - 2009-07-13 20:45 - 00032064 ____H () C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2015-02-15 06:07 - 2012-05-10 09:32 - 00000000 ____D () C:\Users\Beth\AppData\Local\CrashDumps 2015-02-15 06:06 - 2009-07-13 21:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT 2015-02-14 13:49 - 2014-06-11 09:11 - 00001456 _____ () C:\Users\Beth\AppData\Local\Adobe Save for Web 13.0 Prefs 2015-02-13 10:36 - 2012-05-09 19:43 - 00000000 ____D () C:\Program Files (x86)\Everything 2015-02-13 10:21 - 2012-05-17 12:06 - 00003180 _____ () C:\Windows\System32\Tasks\HPCeeScheduleForBeth 2015-02-13 10:21 - 2012-05-17 12:06 - 00000328 _____ () C:\Windows\Tasks\HPCeeScheduleForBeth.job 2015-02-13 06:38 - 2014-08-27 15:35 - 00000000 ____D () C:\Windows\rescache 2015-02-12 10:27 - 2012-05-10 11:46 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log 2015-02-12 06:46 - 2009-07-13 20:45 - 11385624 _____ () C:\Windows\System32\FNTCACHE.DAT 2015-02-12 06:43 - 2012-05-09 15:35 - 00000000 ____D () C:\ProgramData\Microsoft Help 2015-02-12 06:41 - 2013-07-17 15:37 - 00000000 ____D () C:\Windows\System32\MRT 2015-02-12 06:32 - 2012-05-14 06:26 - 116773704 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe 2015-02-09 04:57 - 2012-05-09 13:53 - 00319568 _____ () C:\Users\Beth\AppData\Local\GDIPFONTCACHEV1.DAT 2015-02-07 12:09 - 2012-05-09 13:59 - 00003872 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3806131777-2811000131-3782704934-1000UA 2015-02-07 12:09 - 2012-05-09 13:59 - 00003476 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3806131777-2811000131-3782704934-1000Core 2015-02-05 15:44 - 2012-06-14 06:26 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA 2015-02-05 15:44 - 2012-06-14 06:26 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore 2015-02-05 10:32 - 2012-05-17 11:39 - 00000000 _____ () C:\Windows\System32\HP_ActiveX_Patch_NOT_DETECTED.txt 2015-02-05 00:28 - 2012-06-01 04:02 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater 2015-02-04 18:28 - 2012-06-01 04:02 - 00701616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe 2015-02-04 18:28 - 2011-10-24 11:09 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl 2015-02-02 07:38 - 2014-08-28 08:17 - 00000033 _____ () C:\Users\Beth\AppData\Roaming\AdobeWLCMCache.dat 2015-02-01 06:41 - 2012-05-09 14:27 - 00000000 ____D () C:\Users\Beth\AppData\Local\Akamai 2015-01-30 05:48 - 2014-02-03 09:02 - 00003572 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-3806131777-2811000131-3782704934-1000 2015-01-30 04:43 - 2012-08-29 16:40 - 00000000 ____D () C:\Windows\Minidump 2015-01-30 04:42 - 2014-03-06 15:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service 2015-01-30 04:42 - 2012-05-09 13:51 - 00000000 ____D () C:\users\Beth 2015-01-30 04:42 - 2010-11-20 19:47 - 00880570 _____ () C:\Windows\PFRO.log 2015-01-27 14:55 - 2009-07-13 19:20 - 00000000 ____D () C:\Windows\System32\NDF 2015-01-26 11:30 - 2013-09-05 06:08 - 00000818 _____ () C:\Users\Public\Desktop\FileZilla Client.lnk 2015-01-26 11:30 - 2013-09-05 06:08 - 00000818 _____ () C:\ProgramData\Desktop\FileZilla Client.lnk Some content of TEMP: ==================== C:\Users\Beth\AppData\Local\Temp\Extract.exe ==================== Known DLLs (Whitelisted) ================ ==================== Bamital & volsnap Check ================= (There is no automatic fix for files that do not pass verification.) C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\SysWOW64\wininit.exe => MD5 is legit C:\Windows\explorer.exe => MD5 is legit C:\Windows\SysWOW64\explorer.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\SysWOW64\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\SysWOW64\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\SysWOW64\userinit.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== Restore Points ========================= ==================== BCD ================================ Windows Boot Manager -------------------- identifier {bootmgr} device partition=Y: path \bootmgr description Windows Boot Manager locale en-US default {default} displayorder {default} timeout 30 Windows Boot Loader ------------------- identifier {default} device partition=C: path \Windows\system32\winload.exe description Windows 7 Home Premium locale en-US osdevice partition=C: systemroot \Windows Windows Boot Loader ------------------- identifier {bd91f359-b96e-11e4-b9e2-b33e86acc49c} device ramdisk=[F:]\Recovery\WindowsRE\Winre.wim,{bd91f35a-b96e-11e4-b9e2-b33e86acc49c} path \windows\system32\winload.exe description Windows Recovery Environment (recovered) locale osdevice ramdisk=[F:]\Recovery\WindowsRE\Winre.wim,{bd91f35a-b96e-11e4-b9e2-b33e86acc49c} systemroot \windows winpe Yes Windows Memory Tester --------------------- identifier {memdiag} device partition=Y: path \boot\memtest.exe description Windows Memory Diagnostic locale en-US Device options -------------- identifier {bd91f35a-b96e-11e4-b9e2-b33e86acc49c} ramdisksdidevice partition=F: ramdisksdipath \Recovery\WindowsRE\boot.sdi ==================== Memory info =========================== Percentage of memory in use: 10% Total physical RAM: 8139.86 MB Available physical RAM: 7286.35 MB Total Pagefile: 8138.01 MB Available Pagefile: 7285.25 MB Total Virtual: 8192 MB Available Virtual: 8191.9 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:73.33 GB) (Free:5.15 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive d: (DATA) (Fixed) (Total:678.59 GB) (Free:409.82 GB) NTFS Drive f: (Recovery_Tool) (Fixed) (Total:0.9 GB) (Free:0.31 GB) NTFS ==>[System with boot components (obtained from reading drive)] Drive g: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.08 GB) FAT32 Drive h: (RECOVERY_DATA) (Fixed) (Total:20.05 GB) (Free:2.09 GB) NTFS Drive j: (Repair disc Windows 7 64-bit) (Removable) (Total:0.49 GB) (Free:0.3 GB) NTFS Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS Drive y: (SYSTEM) (Fixed) (Total:0.19 GB) (Free:0.16 GB) NTFS ==>[System with boot components (obtained from reading drive)] ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: 115AA0B8) Partition 1: (Active) - (Size=199 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=73.3 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=922 MB) - (Type=07 NTFS) Partition 4: (Not Active) - (Size=103 MB) - (Type=0C) ======================================================== Disk: 1 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 76C368A9) Partition 1: (Not Active) - (Size=678.6 GB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=20 GB) - (Type=07 NTFS) ======================================================== Disk: 2 (Size: 506.6 MB) (Disk ID: 27FA80D4) Partition 1: (Active) - (Size=506 MB) - (Type=07 NTFS) LastRegBack: 2015-02-13 06:27 ==================== End Of Log ============================