Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware problem from Skype download [Solved]

Started by Lydor , Jan 24 2014 03:14 PM

  • This topic is locked This topic is locked

#1
Lydor
Posted 24 January 2014 - 03:14 PM

Lydor

    New Member

  • Member
  • Pip
  • 9 posts
I have purchased a new Lenovo ideapad Y series which runs windows 8. The only things I have added has been Liquid Story binder and Microsoft enterprise, and downloaded Skype. when I downloaded Skype I had McAfee tell me it had put a program in quarantine and suddenly firefox was having adds and notices pop up saying I needed to scan my system, update, and even a few that were basic ads along the lines of "you are the 10,000 customer, you've won". Shortly after that firefox was opening tabs over and over again. I closed the window and the couple dozen tabs it had opened and ran spybot, and then malware bytes and cleaned the system up, when that didn't fix the problem I did a system restore to the day before, but when I did that and started on my downloads again, Skype failed to download and firefox started giving me a message saying "firefox is unable to open because there is an existing firefox process, end the process or restart to open firefox" I have restarted and rebooted several times, and no firefox process is appearing in the task manager. I have finally went in and had to undo the system restore. Unfortunately I now have the same problem with firefox again.

So in short, I picked up some bad software when I downloaded Skype. I have run spybot once, malwarebytes anti-malware, and now OTL. I am currently in my IE browser, and it does not seem to have the same issues that my firefox is. I am fairly certain I was downloading from Skype.com, but the confusion some of my more tech savvy friends have voiced over that makes me doubt myself. I hope this is pretty clear, as I am by no means a computer guy, but I will try to answer as quickly as possible any further questions

OTL Extras logfile created on: 1/24/2014 12:16:03 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ryan\Desktop
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16750)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

7.91 Gb Total Physical Memory | 5.69 Gb Available Physical Memory | 71.87% Memory free
9.10 Gb Paging File | 6.78 Gb Available in Paging File | 74.50% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 889.69 Gb Total Space | 839.98 Gb Free Space | 94.41% Space Free | Partition Type: NTFS
Drive D: | 25.00 Gb Total Space | 21.44 Gb Free Space | 85.78% Space Free | Partition Type: NTFS

Computer Name: LYDORS-DEN | User Name: Lydor's Den | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Lenovo Photos] -- "C:\Program Files (x86)\LenovoPhotos\Lenovo Photos\Lenovo Photos.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Lenovo Photos] -- "C:\Program Files (x86)\LenovoPhotos\Lenovo Photos\Lenovo Photos.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{434155FB-D39B-4642-A681-C3A524E7FE09}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{125E0729-A2E2-4D5F-A0E6-CF02C96D6162}" = dir=in | name=kindle |
"{12E86669-0294-48F4-A9A9-6D1689313B92}" = dir=out | name=@{microsoft.xboxcompanion_1.4.2.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxcompanion/resources/33279} |
"{13D7727F-F1E2-41BB-81BD-AC74BCA8630A}" = dir=out | name=@{microsoft.xboxlivegames_1.3.10.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} |
"{141976C3-0686-4FBA-B54F-E4F14BB2CDE7}" = dir=out | name=@{microsoft.bingmaps_1.6.1821.2624_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} |
"{15D4B4DC-58D9-4162-9DFA-344B29A9483A}" = dir=out | name=accuweather for windows 8 |
"{1D3D25A9-773C-4793-A60E-DC83D343A7D8}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} |
"{1DCB6E20-C8D3-48BF-9DA1-F0514BB157C7}" = dir=out | name=ebay |
"{2A7DA49A-08E7-4D43-A8B2-C63917EAF5E1}" = dir=out | name=@{microsoft.bingnews_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} |
"{2C5E8803-B95C-4B5C-99D4-CFAD43C761EB}" = dir=out | name=powerdvd for lenovo idea |
"{2C6298B5-969A-4CA9-AD77-3C8F77C719E1}" = dir=out | name=lenovo companion |
"{303EECA7-F7F6-4DA4-8867-88F519D1388C}" = dir=out | name=encyclopaedia britannica |
"{33FDE546-C2EF-4594-92E2-9E272B1AB98D}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{38755DCE-AE6C-4B76-890B-B0C1EFE5C99E}" = dir=out | name=lenovo cloud storage by sugarsync |
"{3E18FA96-5C73-4701-97F4-3E082701635C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{4081E750-4774-47C4-9B46-AA1828CBC817}" = dir=out | name=lenovo support |
"{514F092F-FAA8-4BE5-A26F-93E3B1DF2AA6}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{53F94075-B5F4-4779-9394-1883F9546595}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{543937CF-5710-48F8-9C78-B37DA7B7DBD7}" = dir=in | app=c:\program files (x86)\lenovo\powerdvd10\powerdvd10.exe |
"{5611D50F-6B6B-4EE8-A71C-23B1B3E613F8}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\platform\mcsvchost\mcsvhost.exe |
"{57088404-2686-46F4-A3F3-BBE18DEB681C}" = dir=in | app=c:\program files (x86)\lenovo\powerdvd10\powerdvd cinema\powerdvdcinema10.exe |
"{58FB0200-3072-454E-B6F8-EE71CA190D62}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
"{5B6EC56F-1F76-42F2-9711-8B2666542B17}" = dir=out | name=@{microsoft.zunevideo_1.5.41.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} |
"{5B878743-6670-478C-8FD2-72B6EDAAB1BE}" = dir=in | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{613F7BA8-86D9-4D30-BEC5-AC87848B2DE9}" = dir=in | app=c:\program files\intel corporation\intel widi\widiapp.exe |
"{66D397C9-D478-4323-ABB0-5CA086D6FCDC}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{68B7D4CA-71E6-442C-9993-B62230C968BF}" = dir=in | name=accuweather for windows 8 |
"{73C748EE-6FBB-49FA-B3E6-567DD5D5C39E}" = dir=out | name=windows_ie_ac_001 |
"{75A2B4FC-A679-404F-9914-9D37674634B4}" = dir=out | name=@{filmonlivetvfree.filmonlivetvfree_1.3.6.87_x64__zx03kxexxb716?ms-resource://filmonlivetvfree.filmonlivetvfree/resources/app-name} |
"{77755388-1075-416D-8FC1-F0AB7A711E75}" = dir=out | name=kindle |
"{7DD974E0-5BA2-4822-839C-148E6020434B}" = dir=out | name=@{microsoft.bingsports_2.0.0.309_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} |
"{7E765574-510A-4619-9F4C-F7EEA858CD7C}" = dir=out | name=@{microsoft.windowsphotos_16.4.4388.928_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} |
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{83FA7ADB-9B16-45DC-B36A-71B2C41333FA}" = dir=out | name=@{microsoft.bingtravel_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} |
"{84EBB777-FFC4-44FE-8805-3A19EA96242A}" = dir=out | name=rara.com |
"{94F1BFDF-7DD0-4D49-B9E4-28207DFED79E}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{9B393606-B42C-40EA-A9F6-62FD32950227}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{9EB92370-351F-483D-9851-6A0926143EB8}" = dir=in | name=@{filmonlivetvfree.filmonlivetvfree_1.3.6.87_x64__zx03kxexxb716?ms-resource://filmonlivetvfree.filmonlivetvfree/resources/app-name} |
"{9F7B52B7-9938-4BC8-9066-D3D54833C49C}" = dir=out | name=@{microsoft.reader_6.2.9200.20780_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{A480C004-3D2B-4863-BF1E-AFD2414288BC}" = dir=in | name=rara.com |
"{B4F31E30-0F8D-40E3-8ACF-FD722573AC82}" = dir=in | name=@{microsoft.xboxcompanion_1.4.2.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxcompanion/resources/33279} |
"{BBE82D56-E981-4229-9E88-B328391C43FD}" = dir=in | name=@{microsoft.reader_6.2.9200.20780_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} |
"{C07DE18E-DA77-4BD9-834A-00770F7F579F}" = dir=out | name=mcafee security advisor for lenovo |
"{C3604E22-72B8-44BF-8C2F-526D4B48420B}" = dir=out | name=zinio |
"{C487D048-4728-48B8-96F6-5FF90AEBF8A3}" = dir=out | name=merriam-webster dictionary |
"{CA588626-A1AA-4678-A96B-53F0690B3B9E}" = dir=in | name=mcafee security advisor for lenovo |
"{CBFBC150-E236-4E5E-B5EB-010641718C07}" = dir=in | app=c:\program files\cyberlink\powerdirector10\pdr10.exe |
"{DAFEFE81-27A6-41ED-9AD2-994E531A0D09}" = dir=in | name=evernote |
"{DD12861E-F9F2-42EA-9E39-27A93A7AA589}" = dir=out | name=@{microsoft.bingweather_2.0.0.310_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} |
"{DD5B3624-3066-4391-B0F9-C298FB3CA64A}" = dir=out | name=evernote |
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} |
"{E9D360E5-65A8-4DF6-8385-5A0F16294E8F}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} |
"{EF66DFB0-E88A-4E1D-BD83-523F486A2B49}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{F17F32FB-C16B-4E0D-A0E1-AFCB530AD256}" = dir=out | name=@{microsoft.zunemusic_1.4.18.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} |
"{F19AE5B8-947E-49A1-A30F-95A9AE45DE65}" = dir=out | name=@{microsoft.bing_1.5.1.259_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} |
"{F6033308-21BE-4CE3-ADE1-AE4BAA3CC967}" = dir=out | name=@{microsoft.bingfinance_2.0.0.308_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} |
"{FAAFED51-950E-4424-99B2-CB7DB535FC34}" = dir=in | name=ebay |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1334eac7-d6ef-4177-8780-05c963853cd3}" = Intel® PRO/Wireless Driver
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{302600C1-6BDF-4FD1-1307-148929CC1385}" = Intel® PROSet/Wireless Software for Bluetooth® Technology(patch version 3.0.1332.1)
"{34BE77EE-B563-49D7-A8A0-FFD76D29BBD3}" = Nitro Pro 8
"{409CB30E-E457-4008-9B1A-ED1B9EA21140}" = Intel® Rapid Storage Technology
"{44B72151-611E-429D-9765-9BA093D7E48A}" = Intel® Trusted Connect Service Client
"{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{90621A56-901E-417D-A8CB-E8E3A6793C29}" = Intel® WiDi
"{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 327.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 327.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 4.11.9
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 4.11.9
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D61F48DA-627B-404E-9315-32A651B18B64}" = Intel® PROSet/Wireless WiFi Software
"{E83FDB2A-C81C-403D-8FD3-A816A89AF80C}" = Intel® Rapid Storage Technology
"{EF79C448-6946-4D71-8134-03407888C054}" = Shared C Run-time for x64
"71BC3FD63F450BA0A957AAECBDB4A000C4F2BE42" = Windows Driver Package - Lenovo (ACPIVPC) System (06/15/2012 8.1.0.1)
"8A223E56FB1ED4F697B54E5BF96F1EB63B512684" = Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (06/19/2012 10.13.29.733)
"Elantech" = Lenovo pointing device
"Lenovo VeriFace" = Lenovo VeriFace
"LenovoExperienceImprovement" = Lenovo Experience Improvement
"StageLight" = StageLight version 1.0.0.3508

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"{20D9D0D9-1659-4775-992E-5F5650AD9B87}" = Intel® Update Manager
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Qualcomm Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.13
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_ENTERPRISE_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91CC5BAE-A098-40D3-A43B-C0DC7CE263FE}" = Onekey Theater
"{959B7F35-2819-40C5-A0CD-3C53B5FCC935}" = Genesys USB Mass Storage Device
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel® Manageability Engine Firmware Recovery Agent
"{aaf3655f-6961-4be2-aa4e-6de4dc1dc8f4}" = Intel® PROSet/Wireless Software
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = Lenovo PowerDVD10
"{E0A7ED39-8CD6-4351-93C3-69CCA00D12B4}" = Lenovo EasyCamera
"{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel® Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel® SDK for OpenCL - CPU Only Runtime Package
"{FF0CA85F-BB7D-475C-9836-BAF48AE712FD}_is1" = Liquid Story Binder XE version 4.93
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"ENTERPRISE" = Microsoft Office Enterprise 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Lenovo YouCam
"InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}" = Lenovo OneKey Recovery
"InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10
"InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}" = Energy Management
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = Lenovo PowerDVD10
"InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}" = UserGuide
"Intel AppUp(SM) center 33057" = Intel AppUp(SM) center
"Lenovo Photos" = Lenovo Photos
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300
"Mozilla Firefox 26.0 (x86 en-US)" = Mozilla Firefox 26.0 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MSC" = McAfee Internet Security
"SugarSync" = SugarSync Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Pokki" = Pokki
"UpdaterEX" = Extended Update

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 1/16/2014 4:22:52 AM | Computer Name = Lydors-Den | Source = McLogEvent | ID = 5022
Description =

Error - 1/16/2014 12:45:46 PM | Computer Name = Lydors-Den | Source = Microsoft-Windows-Immersive-Shell | ID = 5973
Description = Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!Microsoft.WindowsLive.Mail
failed with error: -2147023564 See the Microsoft-Windows-TWinUI/Operational log
for additional information.

Error - 1/16/2014 1:40:47 PM | Computer Name = Lydors-Den | Source = Application Hang | ID = 1002
Description = The program SystemSettings.exe version 6.2.9200.16420 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: 1a04 Start
Time: 01cf12e166003c92 Termination Time: 9 Application Path: C:\windows\ImmersiveControlPanel\SystemSettings.exe

Report
Id: 525866c7-7ed5-11e3-be77-00c2c6139f33 Faulting package full name: windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy

Faulting
package-relative application ID: microsoft.windows.immersivecontrolpanel

Error - 1/16/2014 1:50:34 PM | Computer Name = Lydors-Den | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddWin32ServiceFiles: Unable to back up image
of service McAfee Network Agent since QueryServiceConfig API failed System Error:
The
system cannot find the file specified. .

Error - 1/23/2014 4:31:03 PM | Computer Name = Lydors-Den | Source = Microsoft-Windows-CAPI2 | ID = 513
Description = Cryptographic Services failed while processing the OnIdentity() call
in the System Writer Object. Details: AddLegacyDriverFiles: Unable to back up image
of binary X5XSEx_Pr148. System Error: The system cannot find the file specified. .

Error - 1/23/2014 4:36:52 PM | Computer Name = Lydors-Den | Source = Application Error | ID = 1000
Description = Faulting application name: cltmng.exe, version: 2.9.40.12, time stamp:
0x52c3d32c Faulting module name: WININET.dll, version: 10.0.9200.16750, time stamp:
0x5269c725 Exception code: 0xc0000409 Fault offset: 0x0009e57a Faulting process id:
0x13c4 Faulting application start time: 0x01cf187ad4c77a5e Faulting application path:
C:\PROGRA~2\SearchProtect\SearchProtect\bin\cltmng.exe Faulting module path: C:\windows\SYSTEM32\WININET.dll
Report
Id: 168d13d4-846e-11e3-be7a-00c2c6139f33 Faulting package full name: Faulting package-relative
application ID:

Error - 1/23/2014 11:44:11 PM | Computer Name = Lydors-Den | Source = Microsoft-Windows-Immersive-Shell | ID = 2484
Description = Package Microsoft.SkypeApp_1.9.0.2016_x86__kzf8qxf38zg5c was terminated
because it took too long to suspend.

Error - 1/23/2014 11:44:19 PM | Computer Name = Lydors-Den | Source = Application Hang | ID = 1002
Description = The program wwahost.exe version 6.2.9200.16420 stopped interacting
with Windows and was closed. To see if more information about the problem is available,
check the problem history in the Action Center control panel. Process ID: ac4 Start
Time: 01cf18b67e3437c5 Termination Time: 4294967295 Application Path: C:\windows\syswow64\wwahost.exe

Report
Id: c97f942c-84a9-11e3-be7c-00c2c6139f33 Faulting package full name: Microsoft.SkypeApp_1.9.0.2016_x86__kzf8qxf38zg5c

Faulting
package-relative application ID: App

Error - 1/24/2014 6:59:10 AM | Computer Name = Lydors-Den | Source = Application Error | ID = 1000
Description = Faulting application name: ZeroConfigService.exe, version: 16.1.0.0,
time stamp: 0x521e80f5 Faulting module name: MurocApi.dll, version: 16.1.0.0, time
stamp: 0x521e7ff7 Exception code: 0xc0000005 Fault offset: 0x0000000000026570 Faulting
process id: 0x9f0 Faulting application start time: 0x01cf18f3377cfe46 Faulting application
path: C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe Faulting module path:
C:\Program Files\Intel\WiFi\bin\MurocApi.dll Report Id: 8d22860a-84e6-11e3-be7b-00c2c6139f33
Faulting
package full name: Faulting package-relative application ID:

Error - 1/24/2014 7:00:00 AM | Computer Name = Lydors-Den | Source = ESENT | ID = 455
Description = svchost (1532) SRUJet: Error -1811 (0xfffff8ed) occurred while opening
logfile C:\windows\system32\SRU\SRU00016.log.

[ Spybot - Search and Destroy Events ]
Error - 1/23/2014 10:29:26 PM | Computer Name = Lydors-Den | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions

[ System Events ]
Error - 1/16/2014 10:04:16 PM | Computer Name = Lydors-Den | Source = DCOM | ID = 10010
Description =

Error - 1/16/2014 10:04:47 PM | Computer Name = Lydors-Den | Source = DCOM | ID = 10010
Description =

Error - 1/16/2014 10:05:18 PM | Computer Name = Lydors-Den | Source = DCOM | ID = 10010
Description =

Error - 1/16/2014 10:05:50 PM | Computer Name = Lydors-Den | Source = DCOM | ID = 10010
Description =

Error - 1/16/2014 10:06:21 PM | Computer Name = Lydors-Den | Source = DCOM | ID = 10010
Description =

Error - 1/16/2014 10:06:52 PM | Computer Name = Lydors-Den | Source = DCOM | ID = 10010
Description =

Error - 1/16/2014 10:07:23 PM | Computer Name = Lydors-Den | Source = DCOM | ID = 10010
Description =

Error - 1/16/2014 10:07:54 PM | Computer Name = Lydors-Den | Source = DCOM | ID = 10010
Description =

Error - 1/16/2014 10:08:25 PM | Computer Name = Lydors-Den | Source = DCOM | ID = 10010
Description =

Error - 1/16/2014 10:08:26 PM | Computer Name = Lydors-Den | Source = DCOM | ID = 10010
Description =


< End of report >

Edited by Lydor, 24 January 2014 - 03:19 PM.

  • 0

Advertisements

#2
emeraldnzl
Posted 24 January 2014 - 08:50 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello Lydor,

Welcome to Geekstogo.

Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called (FRST.txt) in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run, it makes also another log (Addition.txt). Please also paste that into your reply.

  • 0

#3
Lydor
Posted 25 January 2014 - 12:54 AM

Lydor

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-01-2014
Ran by Lydor's Den (administrator) on LYDORS-DEN on 24-01-2014 23:52:41
Running from C:\Users\Ryan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\53APJ4CA
Windows 8 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel) C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Pokki) C:\Users\Ryan\AppData\Local\Pokki\Engine\pokki.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Pokki) C:\Users\Ryan\AppData\Local\Pokki\Engine\pokki.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
() C:\Windows\SysWOW64\UMonit64.exe
(Lenovo) C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\mcafee\msm\McSmtFwk.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\ismagent.exe
() C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\updateui.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation)
HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286704 2013-04-30] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13545032 2013-05-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1308232 2013-05-20] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2891592 2013-05-17] (ELAN Microelectronics Corp.)
HKLM\...\Run: [BTMTrayAgent] - C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [7830328 2013-05-21] (Motorola Solutions, Inc.)
HKLM\...\Run: [RtsFT] - C:\windows\RTFTrack.exe [6340312 2013-07-19] (Realtek semiconductor)
HKLM\...\Run: [UMonit64] - C:\windows\SysWOW64\UMonit64.exe [40960 2013-04-08] ()
HKLM\...\Run: [OnekeyStudio] - C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-14] (Lenovo)
HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17097200 2013-12-22] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [193008 2013-12-22] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [YouCam Tray] - C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-10-30] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] - C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537512 2013-09-24] (McAfee, Inc.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [mcpltui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537512 2013-09-24] (McAfee, Inc.)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKCU\...\Run: [Pokki] - C:\windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform
HKCU\...\Run: [EPLTarget\P0000000000000000] - C:\windows\system32\spool\DRIVERS\x64\3\E_YATIJJE.EXE /EPT "EPLTarget\P0000000000000000" /M "WF-3520 Series"
HKCU\...\Run: [Spybot-S&D Cleaning] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20728480 2014-01-14] (Skype Technologies S.A.)
MountPoints2: {44fd81a2-7f0a-11e3-be76-00c2c6139f33} - "G:\SETUP.EXE"
HKU\Default\...\Run: [Pokki] - C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform
HKU\Default User\...\Run: [Pokki] - C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => File Not Found
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [184048 2013-12-26] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [156256 2013-12-26] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://lenovo13.msn.com/?pc=LCJB
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com/?pc=LCJB
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://home.lenovo.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://home.lenovo.com
SearchScopes: HKLM - DefaultScope {2C23C968-BE9D-4953-B237-5D6FA9D95012} URL = http://www.bing.com/...=IE10TR&pc=LCJB
SearchScopes: HKLM - {2C23C968-BE9D-4953-B237-5D6FA9D95012} URL = http://www.bing.com/...=IE10TR&pc=LCJB
SearchScopes: HKLM-x32 - DefaultScope {2C23C968-BE9D-4953-B237-5D6FA9D95012} URL = http://www.bing.com/...=IE10TR&pc=LCJB
SearchScopes: HKLM-x32 - {2C23C968-BE9D-4953-B237-5D6FA9D95012} URL = http://www.bing.com/...=IE10TR&pc=LCJB
SearchScopes: HKCU - DefaultScope {2C23C968-BE9D-4953-B237-5D6FA9D95012} URL =
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKCU - {2C23C968-BE9D-4953-B237-5D6FA9D95012} URL =
BHO: Highlightly - {83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} - C:\Program Files\Highlightly\IE\HighlightlyClientIE.dll (Highlightly)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095}
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 24.116.0.53 24.116.2.50

FireFox:
========
FF ProfilePath: C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\5g8lp3ey.default
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF Extension: Highlightly - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2014-01-23]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
FF Extension: Highlightly - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2014-01-23]
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-12-22]

==================== Services (Whitelisted) =================

U2 BrcmSetSecurity; C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe [101536 2013-05-28] (Intel)
U2 ETDService; C:\Program Files\Elantech\ETDService.exe [99632 2013-05-03] (ELAN Microelectronics Corp.)
U2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
U2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation)
U3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
U2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-15] (Intel Corporation)
U2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [155448 2013-08-19] (Intel Corporation)
U2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-05-15] (Intel Corporation)
U2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178048 2013-11-28] (McAfee, Inc.)
U3 McAWFwk; C:\Program Files\mcafee\msc\McAWFwk.exe [332080 2012-01-26] (McAfee, Inc.)
U2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
U2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
U3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
U2 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [200728 2012-05-11] (McAfee, Inc.)
U2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
U2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
U2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025232 2013-12-11] (McAfee, Inc.)
U2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-12-05] (McAfee, Inc.)
U2 mfevtp; C:\windows\system32\mfevtps.exe [184800 2013-12-05] (McAfee, Inc.)
U2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
U3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
U2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-12-13] (Nitro PDF Software)
U2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
U2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
U2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
U2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
U2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2013-12-22] ()
U3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-12-22] (Microsoft Corporation)
U2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

U3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
U3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132920 2013-04-23] (Motorola Solutions, Inc.)
U3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-10-15] (Motorola Solutions, Inc.)
U3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-12-05] (McAfee, Inc.)
U3 ETDSMBus; C:\Windows\system32\DRIVERS\ETDSMBus.sys [22280 2013-05-16] (ELAN Microelectronic Corp.)
U3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
U2 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179792 2013-12-05] (McAfee, Inc.)
U2 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311120 2013-12-05] (McAfee, Inc.)
U0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69344 2013-12-05] (McAfee, Inc.)
U3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519576 2013-12-05] (McAfee, Inc.)
U2 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [782616 2013-12-05] (McAfee, Inc.)
U3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [411944 2013-11-26] (McAfee, Inc.)
U3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96112 2013-11-26] (McAfee, Inc.)
U2 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343696 2013-12-05] (McAfee, Inc.)
U3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-08-22] (Intel Corporation)
U3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8247640 2013-07-19] (Realtek Semiconductor Corp.)
U3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [206744 2013-05-28] (Windows ® Win 7 DDK provider)
U3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
U5 GeneStor; C:\Windows\System32\Drivers\GeneStor.sys [91368 2013-03-21] (GenesysLogic)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-24 23:51 - 2014-01-24 23:51 - 00000000 ____D C:\FRST
2014-01-24 12:22 - 2014-01-24 12:22 - 00134926 _____ C:\Users\Ryan\Desktop\OTL.Txt
2014-01-24 12:22 - 2014-01-24 12:22 - 00065354 _____ C:\Users\Ryan\Desktop\Extras.Txt
2014-01-24 12:14 - 2014-01-24 12:14 - 00602112 _____ (OldTimer Tools) C:\Users\Ryan\Desktop\OTL.exe
2014-01-23 20:52 - 2014-01-24 11:54 - 00000000 ____D C:\Users\Ryan\AppData\Local\Skype
2014-01-23 20:51 - 2014-01-24 23:44 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Skype
2014-01-23 20:51 - 2014-01-24 12:20 - 00000000 ____D C:\ProgramData\Skype
2014-01-23 20:51 - 2014-01-24 12:18 - 00000000 ___RD C:\Program Files (x86)\Skype
2014-01-23 20:51 - 2014-01-23 20:51 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2014-01-23 20:45 - 2014-01-23 20:46 - 01659552 _____ (Skype Technologies S.A.) C:\Users\Ryan\Downloads\SkypeSetup(2).exe
2014-01-23 20:07 - 2014-01-24 12:18 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-23 20:07 - 2014-01-24 11:54 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Malwarebytes
2014-01-23 20:07 - 2014-01-24 11:53 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-23 20:07 - 2014-01-23 20:07 - 00001124 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-23 20:07 - 2013-04-04 15:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-01-23 20:06 - 2014-01-23 20:06 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Ryan\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-23 17:43 - 2013-09-23 14:49 - 00197704 _____ (McAfee, Inc.) C:\windows\system32\Drivers\HipShieldK.sys
2014-01-23 14:41 - 2014-01-23 14:41 - 00000060 _____ C:\Users\Ryan\AppData\Roaming\WB.CFG
2014-01-23 13:41 - 2014-01-24 12:20 - 00000000 ____D C:\ProgramData\PCFixSpeed
2014-01-23 13:41 - 2014-01-23 13:41 - 00000978 _____ C:\Users\Public\Desktop\Optimize Your PC.lnk
2014-01-23 13:38 - 2014-01-23 13:38 - 00753040 _____ ( ) C:\Users\Ryan\Downloads\SkypeSetup(1).exe
2014-01-23 13:36 - 2014-01-24 23:41 - 00000324 _____ C:\windows\Tasks\UpdaterEX.job
2014-01-23 13:36 - 2014-01-24 11:54 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\UpdaterEX
2014-01-23 13:36 - 2014-01-24 11:53 - 00000000 ____D C:\Program Files\Highlightly
2014-01-23 13:36 - 2014-01-23 13:41 - 00002662 _____ C:\windows\System32\Tasks\UpdaterEX
2014-01-23 13:36 - 2014-01-23 13:36 - 20586496 _____ C:\Users\Ryan\Downloads\SkypeSetup [1].exe
2014-01-23 13:36 - 2014-01-23 13:36 - 00000000 ___HD C:\Users\Ryan\AppData\Local\SearchProtect
2014-01-23 13:34 - 2014-01-23 13:40 - 20586496 _____ C:\Users\Ryan\Downloads\SkypeSetup.exe
2014-01-23 13:25 - 2014-01-23 13:25 - 00000000 ____D C:\Users\ADMINI~1
2014-01-16 20:02 - 2014-01-16 20:02 - 00000000 ____D C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2014-01-16 19:57 - 2014-01-16 19:57 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2014-01-16 19:57 - 2014-01-16 19:57 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2014-01-16 19:33 - 2014-01-23 12:37 - 00433640 _____ C:\windows\system32\FNTCACHE.DAT
2014-01-16 19:31 - 2014-01-16 19:31 - 00000000 ____D C:\windows\SysWOW64\NV
2014-01-16 19:31 - 2014-01-16 19:31 - 00000000 ____D C:\windows\system32\NV
2014-01-16 19:29 - 2014-01-16 19:29 - 00000000 ____H C:\windows\system32\Drivers\Msft_Kernel_iBtFltCoex_01009.Wdf
2014-01-16 19:29 - 2014-01-16 19:29 - 00000000 ____D C:\iBTWU
2014-01-16 19:27 - 2013-11-26 17:19 - 00385614 _____ C:\windows\system32\ApnDatabase.xml
2014-01-16 19:27 - 2013-11-25 16:17 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidclass.sys
2014-01-16 19:27 - 2013-10-10 04:25 - 02232664 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2014-01-16 19:26 - 2013-08-09 22:21 - 00448512 _____ (Microsoft Corporation) C:\windows\system32\SettingSync.dll
2014-01-16 19:26 - 2013-08-09 22:21 - 00128512 _____ (Microsoft Corporation) C:\windows\system32\SettingSyncInfo.dll
2014-01-16 19:26 - 2013-08-09 20:58 - 00356352 _____ (Microsoft Corporation) C:\windows\SysWOW64\SettingSync.dll
2014-01-16 19:26 - 2013-08-02 23:40 - 01374208 _____ (Microsoft Corporation) C:\windows\system32\wdc.dll
2014-01-16 19:26 - 2013-08-02 23:40 - 00566784 _____ (Microsoft Corporation) C:\windows\system32\wvc.dll
2014-01-16 19:26 - 2013-08-02 23:40 - 00462336 _____ (Microsoft Corporation) C:\windows\system32\sysmon.ocx
2014-01-16 19:26 - 2013-08-02 22:14 - 00399360 _____ (Microsoft Corporation) C:\windows\SysWOW64\sysmon.ocx
2014-01-16 19:26 - 2013-08-02 22:13 - 01245696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdc.dll
2014-01-16 19:26 - 2013-08-02 22:13 - 00437248 _____ (Microsoft Corporation) C:\windows\SysWOW64\wvc.dll
2014-01-16 19:26 - 2013-08-01 23:28 - 19758080 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-01-16 19:26 - 2013-08-01 23:28 - 00222208 _____ (Microsoft Corporation) C:\windows\system32\shdocvw.dll
2014-01-16 19:26 - 2013-08-01 22:08 - 17561088 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-01-16 19:26 - 2013-08-01 22:08 - 00199168 _____ (Microsoft Corporation) C:\windows\SysWOW64\shdocvw.dll
2014-01-16 19:26 - 2013-07-24 16:10 - 00158208 _____ (Microsoft Corporation) C:\windows\SysWOW64\mbsmsapi.dll
2014-01-16 19:26 - 2013-07-24 16:06 - 00225280 _____ (Microsoft Corporation) C:\windows\system32\mbsmsapi.dll
2014-01-16 19:26 - 2013-04-09 16:17 - 01125888 _____ (Microsoft Corporation) C:\windows\system32\msctf.dll
2014-01-16 19:26 - 2013-04-09 15:29 - 00893952 _____ (Microsoft Corporation) C:\windows\SysWOW64\msctf.dll
2014-01-16 19:17 - 2014-01-16 19:17 - 00000000 ___HD C:\Users\Ryan\AppData\Local\Macromedia
2014-01-16 19:17 - 2014-01-16 19:17 - 00000000 ___HD C:\Users\Ryan\AppData\Local\Adobe
2014-01-16 16:59 - 2014-01-16 16:59 - 00000000 _____ C:\Recovery.txt
2014-01-16 10:58 - 2014-01-16 10:59 - 00000000 ____D C:\windows\system32\MRT
2014-01-16 10:58 - 2014-01-06 17:20 - 86054176 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-01-16 10:53 - 2014-01-16 20:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2014-01-16 10:53 - 2014-01-16 10:53 - 00000000 ____D C:\windows\PCHEALTH
2014-01-16 10:53 - 2014-01-16 10:53 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2014-01-16 10:52 - 2014-01-16 10:52 - 00000000 ____D C:\Program Files\Microsoft Office
2014-01-16 10:51 - 2014-01-24 12:20 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-16 10:51 - 2014-01-16 10:51 - 00000000 ___HD C:\Users\Ryan\AppData\Local\Microsoft Help
2014-01-16 10:51 - 2014-01-16 10:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2014-01-16 10:50 - 2014-01-16 10:50 - 00000000 __RHD C:\MSOCache
2014-01-16 10:49 - 2014-01-24 11:54 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\DAEMON Tools Lite
2014-01-16 10:48 - 2014-01-16 10:50 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2014-01-16 10:47 - 2014-01-16 10:47 - 00929928 _____ (CNET Download.com) C:\Users\Ryan\Downloads\cbsidlm-cbsi171-DAEMON_Tools_Lite-SEO-10778842.exe
2014-01-16 10:45 - 2014-01-16 10:46 - 00000000 ___HD C:\Users\Ryan\Microsoft Office 2007 Enterprise Yellow Edition DiGiTAL
2014-01-16 10:04 - 2014-01-24 12:20 - 00000000 ____D C:\Users\Ryan\AppData\Local\Liquid Story Binder XE
2014-01-16 10:04 - 2014-01-24 11:54 - 00000000 ____D C:\Users\Ryan\Documents\My Liquid Story Binder XE
2014-01-16 09:51 - 2012-07-25 22:26 - 00000824 _____ C:\windows\system32\Drivers\etc\hosts.20140116-085153.backup
2014-01-16 09:46 - 2014-01-16 09:46 - 00002068 _____ C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2014-01-16 01:56 - 2014-01-24 12:18 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-01-16 01:56 - 2014-01-23 19:29 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2014-01-16 01:56 - 2014-01-16 01:56 - 00001394 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-01-16 01:56 - 2014-01-16 01:56 - 00000000 ____D C:\windows\System32\Tasks\Safer-Networking
2014-01-16 01:56 - 2013-09-20 11:49 - 00021040 _____ (Safer Networking Limited) C:\windows\system32\sdnclean64.exe
2014-01-16 01:51 - 2014-01-16 01:52 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\Ryan\Downloads\spybot-2.2.exe
2014-01-16 01:42 - 2014-01-24 12:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2014-01-16 01:42 - 2014-01-24 11:54 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Mozilla
2014-01-16 01:42 - 2014-01-24 11:53 - 00000000 ____D C:\Users\Ryan\AppData\Local\Mozilla
2014-01-16 01:42 - 2014-01-16 01:42 - 00001162 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-01-16 01:42 - 2014-01-16 01:42 - 00000000 ____D C:\ProgramData\Mozilla
2014-01-16 01:42 - 2014-01-16 01:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-16 01:20 - 2014-01-16 01:20 - 00001190 _____ C:\Users\Public\Desktop\Liquid Story Binder XE.lnk
2014-01-16 01:20 - 2014-01-16 01:20 - 00000000 ____D C:\Program Files (x86)\Liquid Story Binder XE
2014-01-16 01:14 - 2014-01-16 01:14 - 00000000 ____H C:\Users\Ryan\agent.log
2014-01-16 01:10 - 2013-10-24 23:19 - 02241536 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-01-16 01:10 - 2013-10-24 23:19 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-01-16 01:10 - 2013-10-24 23:19 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2014-01-16 01:10 - 2013-10-24 23:19 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-01-16 01:10 - 2013-10-24 23:18 - 19271168 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-01-16 01:10 - 2013-10-24 23:18 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-01-16 01:10 - 2013-10-24 23:17 - 15404032 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-01-16 01:10 - 2013-10-24 23:17 - 03959808 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-01-16 01:10 - 2013-10-24 23:17 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-01-16 01:10 - 2013-10-24 23:17 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-01-16 01:10 - 2013-10-24 21:45 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-01-16 01:10 - 2013-10-24 21:44 - 14356992 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-01-16 01:10 - 2013-10-24 21:44 - 01140736 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-01-16 01:10 - 2013-10-24 21:43 - 13761536 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-01-16 01:10 - 2013-10-24 21:43 - 02877952 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-01-16 01:10 - 2013-10-24 21:43 - 02049024 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-01-16 01:10 - 2013-10-24 21:43 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-01-16 01:10 - 2013-10-24 21:43 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-01-16 01:10 - 2013-05-15 15:37 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
2014-01-16 01:10 - 2013-05-15 15:35 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
2014-01-16 01:10 - 2013-05-14 06:14 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-01-16 01:10 - 2013-05-14 02:23 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-01-16 01:10 - 2013-02-21 03:29 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-01-16 01:10 - 2013-02-21 03:29 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-01-16 01:10 - 2013-02-21 03:29 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-01-16 01:10 - 2013-02-21 03:29 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-01-16 01:10 - 2013-02-21 03:14 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-01-16 01:10 - 2013-02-21 03:14 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-01-16 01:10 - 2013-02-19 02:53 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll
2014-01-16 01:09 - 2013-10-18 22:45 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\imagehlp.dll
2014-01-16 01:09 - 2013-10-18 21:04 - 00059392 _____ (Microsoft Corporation) C:\windows\SysWOW64\imagehlp.dll
2014-01-16 01:09 - 2013-10-10 04:53 - 00096600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\wfplwfs.sys
2014-01-16 01:09 - 2013-10-10 02:21 - 01160192 _____ (Microsoft Corporation) C:\windows\system32\IKEEXT.DLL
2014-01-16 01:09 - 2013-10-10 02:20 - 00723968 _____ (Microsoft Corporation) C:\windows\system32\BFE.DLL
2014-01-16 01:09 - 2013-09-03 20:11 - 00576512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2014-01-16 01:09 - 2013-07-05 17:15 - 00652288 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll
2014-01-16 01:09 - 2013-07-03 19:13 - 00541696 _____ (Microsoft Corporation) C:\windows\SysWOW64\comctl32.dll
2014-01-16 01:08 - 2013-10-08 18:33 - 00059416 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2014-01-16 01:08 - 2013-10-08 15:30 - 00628736 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2014-01-16 01:08 - 2013-10-08 15:30 - 00126976 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2014-01-16 01:08 - 2013-10-08 15:30 - 00084992 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2014-01-16 01:08 - 2013-10-08 15:30 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2014-01-16 01:08 - 2013-10-08 15:28 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2014-01-16 01:08 - 2013-10-08 15:27 - 03279872 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2014-01-16 01:08 - 2013-10-08 15:27 - 01622016 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2014-01-16 01:08 - 2013-10-08 15:27 - 00773120 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2014-01-16 01:08 - 2013-10-08 15:27 - 00252928 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2014-01-16 01:08 - 2013-10-08 15:27 - 00175104 _____ (Microsoft Corporation) C:\windows\system32\storewuauth.dll
2014-01-16 01:08 - 2013-10-08 15:27 - 00142848 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2014-01-16 01:08 - 2013-10-08 15:27 - 00099328 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2014-01-16 01:08 - 2013-10-04 23:10 - 00285016 _____ (Microsoft Corporation) C:\windows\system32\Drivers\spaceport.sys
2014-01-16 01:08 - 2013-10-02 16:25 - 01300992 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-01-16 01:08 - 2013-10-01 19:50 - 00447320 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBHUB3.SYS
2014-01-16 01:08 - 2013-10-01 15:22 - 01022976 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-01-16 01:08 - 2013-09-27 22:48 - 00778752 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2014-01-16 01:08 - 2013-09-27 20:58 - 00551424 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2014-01-16 01:08 - 2013-09-19 00:32 - 01455448 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2014-01-16 01:08 - 2013-08-29 22:19 - 00626688 _____ (Microsoft Corporation) C:\windows\system32\resutils.dll
2014-01-16 01:08 - 2013-08-29 22:18 - 00374784 _____ (Microsoft Corporation) C:\windows\system32\clusapi.dll
2014-01-16 01:08 - 2013-08-29 16:48 - 00488960 _____ (Microsoft Corporation) C:\windows\SysWOW64\resutils.dll
2014-01-16 01:08 - 2013-08-29 16:47 - 00302080 _____ (Microsoft Corporation) C:\windows\SysWOW64\clusapi.dll
2014-01-16 01:07 - 2013-09-13 15:36 - 00247296 _____ (Microsoft Corporation) C:\windows\SysWOW64\ubpm.dll
2014-01-16 01:07 - 2013-09-13 15:33 - 00328192 _____ (Microsoft Corporation) C:\windows\system32\ubpm.dll
2014-01-16 01:07 - 2013-08-29 22:43 - 00061784 _____ (Microsoft Corporation) C:\windows\system32\Drivers\crashdmp.sys
2014-01-16 01:07 - 2013-08-29 22:20 - 01173504 _____ (Microsoft Corporation) C:\windows\system32\UIAutomationCore.dll
2014-01-16 01:07 - 2013-08-29 16:48 - 00914432 _____ (Microsoft Corporation) C:\windows\SysWOW64\UIAutomationCore.dll
2014-01-16 01:07 - 2013-08-20 23:39 - 00465240 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fvevol.sys
2014-01-16 01:07 - 2013-08-09 23:30 - 00151896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tpm.sys
2014-01-16 01:07 - 2013-08-09 22:21 - 00817152 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-01-16 01:07 - 2013-08-09 20:58 - 00656896 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-01-16 01:07 - 2013-07-24 16:10 - 10799104 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.UI.Xaml.dll
2014-01-16 01:07 - 2013-07-24 16:07 - 13661696 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.Xaml.dll
2014-01-16 01:07 - 2013-07-11 18:38 - 00599040 _____ (Microsoft Corporation) C:\windows\system32\WSDApi.dll
2014-01-16 01:07 - 2013-07-11 18:30 - 00485376 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSDApi.dll
2014-01-16 01:06 - 2013-07-05 15:02 - 00099328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbcir.sys
2014-01-16 01:06 - 2013-07-05 15:01 - 00210560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbvideo.sys
2014-01-16 01:06 - 2013-07-01 15:14 - 00025600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbprint.sys
2014-01-16 01:06 - 2013-06-28 20:08 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidparse.sys
2014-01-16 01:06 - 2013-06-21 22:45 - 00785624 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Wdf01000.sys
2014-01-16 01:06 - 2013-06-21 22:45 - 00054488 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdfLdr.sys
2014-01-16 01:05 - 2013-10-01 16:37 - 01569280 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2014-01-16 01:05 - 2013-10-01 16:26 - 01890816 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2014-01-16 01:03 - 2013-10-30 22:56 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\MPSSVC.dll
2014-01-16 01:03 - 2013-10-30 22:56 - 00758784 _____ (Microsoft Corporation) C:\windows\system32\FirewallAPI.dll
2014-01-16 01:03 - 2013-10-30 21:01 - 00550400 _____ (Microsoft Corporation) C:\windows\SysWOW64\FirewallAPI.dll
2014-01-16 01:03 - 2013-10-30 20:42 - 00074752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mpsdrv.sys
2014-01-16 01:03 - 2013-10-27 22:50 - 00588288 _____ (Microsoft Corporation) C:\windows\system32\SHCore.dll
2014-01-16 01:03 - 2013-10-27 21:05 - 00452608 _____ (Microsoft Corporation) C:\windows\SysWOW64\SHCore.dll
2014-01-16 01:03 - 2013-10-13 13:49 - 00100696 _____ (Microsoft Corporation) C:\windows\system32\Drivers\disk.sys
2014-01-16 01:03 - 2013-09-23 15:30 - 00419328 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-01-16 01:03 - 2013-09-23 15:30 - 00323072 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-01-16 01:03 - 2013-08-26 22:21 - 00227840 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll
2014-01-16 01:03 - 2013-08-26 22:19 - 00104448 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll
2014-01-16 01:03 - 2013-08-26 15:29 - 00199168 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll
2014-01-16 01:03 - 2013-08-26 15:28 - 00086016 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll
2014-01-16 01:03 - 2013-05-26 16:17 - 00035328 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2014-01-16 01:03 - 2013-05-26 15:59 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2014-01-16 01:03 - 2013-05-24 20:15 - 00362496 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2014-01-16 01:03 - 2013-05-24 19:32 - 00300032 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2014-01-16 01:02 - 2013-10-10 02:32 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\cscript.exe
2014-01-16 01:02 - 2013-10-10 02:30 - 00162304 _____ (Microsoft Corporation) C:\windows\SysWOW64\scrobj.dll
2014-01-16 01:02 - 2013-10-10 02:30 - 00156160 _____ (Microsoft Corporation) C:\windows\SysWOW64\scrrun.dll
2014-01-16 01:02 - 2013-10-10 02:24 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\wshom.ocx
2014-01-16 01:02 - 2013-10-10 02:23 - 00146944 _____ (Microsoft Corporation) C:\windows\system32\cscript.exe
2014-01-16 01:02 - 2013-10-10 02:22 - 00222720 _____ (Microsoft Corporation) C:\windows\system32\scrobj.dll
2014-01-16 01:02 - 2013-10-10 02:22 - 00194048 _____ (Microsoft Corporation) C:\windows\system32\scrrun.dll
2014-01-16 01:02 - 2013-08-23 00:22 - 02062848 _____ (Microsoft Corporation) C:\windows\system32\d3d11.dll
2014-01-16 01:02 - 2013-08-22 18:44 - 01711616 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d11.dll
2014-01-16 01:02 - 2013-07-19 15:13 - 00124112 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-01-16 01:02 - 2013-07-19 15:13 - 00102608 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-01-16 01:02 - 2013-07-01 18:41 - 00337752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBXHCI.SYS
2014-01-16 01:02 - 2013-07-01 18:41 - 00213336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\UCX01000.SYS
2014-01-16 01:02 - 2013-06-30 18:42 - 00623448 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
2014-01-16 01:02 - 2013-06-30 18:42 - 00498008 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys
2014-01-16 01:02 - 2013-06-30 18:42 - 00079192 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
2014-01-16 01:02 - 2013-06-30 18:42 - 00021848 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys
2014-01-16 01:02 - 2013-06-28 20:07 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys
2014-01-16 01:02 - 2013-06-28 20:06 - 00120832 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys
2014-01-16 01:01 - 2013-12-06 23:37 - 00688640 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll
2014-01-16 01:01 - 2013-12-06 23:37 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-16 01:01 - 2013-12-06 22:15 - 00562688 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll
2014-01-16 01:01 - 2013-12-06 22:15 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-16 01:01 - 2013-11-22 23:43 - 00420864 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2014-01-16 01:01 - 2013-11-22 22:05 - 00368640 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll
2014-01-16 01:01 - 2013-11-06 16:18 - 04036608 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-01-16 01:01 - 2013-10-31 22:38 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\msieftp.dll
2014-01-16 01:01 - 2013-10-31 20:49 - 00273408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msieftp.dll
2014-01-16 01:01 - 2013-10-01 16:37 - 02035712 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2014-01-16 01:01 - 2013-10-01 16:26 - 02304512 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2014-01-16 01:01 - 2013-09-27 20:35 - 00288768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\portcls.sys
2014-01-16 01:01 - 2013-08-01 23:28 - 10116608 _____ (Microsoft Corporation) C:\windows\system32\twinui.dll
2014-01-16 01:01 - 2013-08-01 22:08 - 08858112 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinui.dll
2014-01-16 01:01 - 2013-03-21 20:49 - 02382336 _____ (Microsoft Corporation) C:\windows\SysWOW64\esent.dll
2014-01-16 01:01 - 2013-03-21 15:47 - 02851840 _____ (Microsoft Corporation) C:\windows\system32\esent.dll
2014-01-16 00:57 - 2014-01-24 12:23 - 00003600 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1686866100-2634972451-2522554543-1002
2014-01-16 00:52 - 2014-01-24 02:51 - 00000000 ____D C:\ProgramData\EPSON
2014-01-16 00:52 - 2014-01-24 02:50 - 00000000 ____D C:\Program Files\Common Files\EPSON
2014-01-16 00:52 - 2012-09-27 12:02 - 00120320 _____ (SEIKO EPSON CORPORATION) C:\windows\system32\E_YLMJJE.DLL
2014-01-16 00:52 - 2012-09-27 12:02 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\windows\system32\E_YD4BJJE.DLL
2014-01-16 00:52 - 2012-09-27 12:02 - 00010752 _____ (SEIKO EPSON CORP.) C:\windows\system32\E_GCINST.DLL
2014-01-16 00:51 - 2014-01-16 00:51 - 00000000 ___HD C:\Users\Ryan\AppData\Roaming\Intel Corporation
2014-01-16 00:51 - 2014-01-16 00:51 - 00000000 ____D C:\ProgramData\Pokki
2014-01-16 00:51 - 2014-01-16 00:51 - 00000000 ____D C:\ProgramData\Energy Management
2014-01-16 00:50 - 2014-01-16 19:39 - 00000000 ___RD C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-16 00:50 - 2014-01-16 19:39 - 00000000 ___RD C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-01-16 00:50 - 2014-01-16 00:50 - 00001445 _____ C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-16 00:50 - 2014-01-16 00:50 - 00000139 _____ C:\Users\Public\Desktop\eBay.url
2014-01-16 00:50 - 2014-01-16 00:50 - 00000000 ____D C:\ProgramData\eBay
2014-01-16 00:49 - 2014-01-24 11:54 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Intel
2014-01-16 00:49 - 2014-01-24 11:54 - 00000000 ____D C:\Users\Ryan\AppData\Local\Packages
2014-01-16 00:49 - 2014-01-16 00:49 - 00000020 ___SH C:\Users\Ryan\ntuser.ini
2014-01-16 00:49 - 2014-01-16 00:49 - 00000000 ___HD C:\Users\Ryan\AppData\Roaming\Macromedia
2014-01-16 00:49 - 2014-01-16 00:49 - 00000000 ___HD C:\Users\Ryan\AppData\Roaming\Adobe
2014-01-16 00:49 - 2014-01-16 00:49 - 00000000 ___HD C:\Users\Ryan\AppData\Local\VirtualStore
2014-01-16 00:48 - 2014-01-24 18:12 - 00000000 ____D C:\Users\Ryan\AppData\Local\Pokki
2014-01-16 00:48 - 2014-01-24 12:21 - 00000000 ___RD C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-01-16 00:48 - 2014-01-24 12:21 - 00000000 ___RD C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-01-16 00:48 - 2014-01-24 12:21 - 00000000 ___RD C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-01-16 00:48 - 2014-01-24 12:04 - 00000000 ____D C:\Users\Ryan
2014-01-16 00:48 - 2014-01-24 11:54 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2014-01-16 00:48 - 2014-01-16 00:51 - 00001133 _____ C:\Users\Ryan\Desktop\Cyberlink Power2Go.lnk
2014-01-16 00:48 - 2013-02-04 15:18 - 00000189 ____H C:\Users\Ryan\Desktop\Lenovo Telephony Start Now.url
2014-01-16 00:48 - 2012-07-26 01:13 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-12-26 20:42 - 2013-12-26 20:42 - 29339936 _____ (NVIDIA Corporation) C:\windows\system32\nvoglv64.dll
2013-12-26 20:42 - 2013-12-26 20:42 - 25256224 _____ (NVIDIA Corporation) C:\windows\system32\nvcompiler.dll
2013-12-26 20:42 - 2013-12-26 20:42 - 22104352 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvoglv32.dll
2013-12-26 20:42 - 2013-12-26 20:42 - 17560352 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvcompiler.dll
2013-12-26 20:42 - 2013-12-26 20:42 - 15930288 _____ (NVIDIA Corporation) C:\windows\system32\nvwgf2umx.dll
2013-12-26 20:42 - 2013-12-26 20:42 - 15699056 _____ (NVIDIA Corporation) C:\windows\system32\nvd3dumx.dll
2013-12-26 20:42 - 2013-12-26 20:42 - 13656024 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvwgf2um.dll
2013-12-26 20:42 - 2013-12-26 20:42 - 12947384 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvd3dum.dll
2013-12-26 20:42 - 2013-12-26 20:42 - 11311392 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvlddmkm.sys
2013-12-26 20:42 - 2013-12-26 20:42 - 09281544 _____ (NVIDIA Corporation) C:\windows\system32\nvcuda.dll
2013-12-26 20:42 - 2013-12-26 20:42 - 07721112 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvcuda.dll
2013-12-26 20:42 - 2013-12-26 20:42 - 07598080 _____ (NVIDIA Corporation) C:\windows\system32\nvopencl.dll
2013-12-26 20:42 - 2013-12-26 20:42 - 06330064 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvopencl.dll
2013-12-26 20:42 - 2013-12-26 20:42 - 02971424 _____ (NVIDIA Corporation) C:\windows\system32\nvcuvid.dll
2013-12-26 20:42 - 2013-12-26 20:42 - 02789664 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvcuvid.dll
2013-12-26 20:42 - 2013-12-26 20:42 - 02367776 _____ (NVIDIA Corporation) C:\windows\system32\nvcuvenc.dll
2013-12-26 20:42 - 2013-12-26 20:42 - 02007840 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvcuvenc.dll
2013-12-26 20:42 - 2013-12-26 20:42 - 01884448 _____ (NVIDIA Corporation) C:\windows\system32\nvdispco6432762.dll
2013-12-26 20:42 - 2013-12-26 20:42 - 01515296 _____ (NVIDIA Corporation) C:\windows\system32\nvdispgenco6432762.dll
2013-12-26 20:42 - 2013-12-26 20:42 - 01230576 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvumdshim.dll
2013-12-26 20:42 - 2013-12-26 20:42 - 00681760 _____ (NVIDIA Corporation) C:\windows\system32\NvFBC64.dll
2013-12-26 20:42 - 2013-12-26 20:42 - 00603424 _____ (NVIDIA Corporation) C:\windows\system32\NvIFR64.dll
2013-12-26 20:42 - 2013-12-26 20:42 - 00586016 _____ (NVIDIA Corporation) C:\windows\SysWOW64\NvFBC.dll
2013-12-26 20:42 - 2013-12-26 20:42 - 00515360 _____ (NVIDIA Corporation) C:\windows\SysWOW64\NvIFR.dll
2013-12-26 20:42 - 2013-12-26 20:42 - 00353504 _____ (NVIDIA Corporation) C:\windows\system32\nvoglshim64.dll
2013-12-26 20:42 - 2013-12-26 20:42 - 00305600 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvoglshim32.dll
2013-12-26 20:42 - 2013-12-26 20:42 - 00156256 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvinit.dll
2013-12-26 20:42 - 2013-12-26 20:42 - 00032544 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvpciflt.sys
2013-12-26 20:42 - 2013-12-26 20:42 - 00022814 _____ C:\windows\system32\nvinfo.pb

==================== One Month Modified Files and Folders =======

2014-01-24 23:51 - 2014-01-24 23:51 - 00000000 ____D C:\FRST
2014-01-24 23:44 - 2014-01-23 20:51 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Skype
2014-01-24 23:41 - 2014-01-23 13:36 - 00000324 _____ C:\windows\Tasks\UpdaterEX.job
2014-01-24 23:00 - 2012-07-26 01:12 - 00000000 ____D C:\windows\system32\sru
2014-01-24 21:02 - 2013-12-22 11:02 - 00001855 _____ C:\Users\Public\Desktop\McAfee Internet Security.lnk
2014-01-24 18:12 - 2014-01-16 00:48 - 00000000 ____D C:\Users\Ryan\AppData\Local\Pokki
2014-01-24 13:00 - 2012-07-26 01:12 - 00000000 ___RD C:\windows\ImmersiveControlPanel
2014-01-24 13:00 - 2012-07-26 01:12 - 00000000 ____D C:\windows\system32\WinMetadata
2014-01-24 13:00 - 2012-07-25 22:38 - 00000000 ____D C:\windows\system32\Dism
2014-01-24 13:00 - 2012-07-25 22:37 - 00000000 ____D C:\windows\servicing
2014-01-24 12:53 - 2013-12-22 10:02 - 01742178 _____ C:\windows\WindowsUpdate.log
2014-01-24 12:23 - 2014-01-16 00:57 - 00003600 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1686866100-2634972451-2522554543-1002
2014-01-24 12:23 - 2012-07-26 01:12 - 00000000 ____D C:\windows\rescache
2014-01-24 12:22 - 2014-01-24 12:22 - 00134926 _____ C:\Users\Ryan\Desktop\OTL.Txt
2014-01-24 12:22 - 2014-01-24 12:22 - 00065354 _____ C:\Users\Ryan\Desktop\Extras.Txt
2014-01-24 12:22 - 2012-07-26 01:12 - 00000000 ___HD C:\windows\ELAMBKUP
2014-01-24 12:21 - 2014-01-16 00:48 - 00000000 ___RD C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-01-24 12:21 - 2014-01-16 00:48 - 00000000 ___RD C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-01-24 12:21 - 2014-01-16 00:48 - 00000000 ___RD C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-01-24 12:20 - 2014-01-23 20:51 - 00000000 ____D C:\ProgramData\Skype
2014-01-24 12:20 - 2014-01-23 13:41 - 00000000 ____D C:\ProgramData\PCFixSpeed
2014-01-24 12:20 - 2014-01-16 10:51 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-24 12:20 - 2014-01-16 10:04 - 00000000 ____D C:\Users\Ryan\AppData\Local\Liquid Story Binder XE
2014-01-24 12:18 - 2014-01-23 20:51 - 00000000 ___RD C:\Program Files (x86)\Skype
2014-01-24 12:18 - 2014-01-23 20:07 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-24 12:18 - 2014-01-16 01:56 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-01-24 12:18 - 2014-01-16 01:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2014-01-24 12:17 - 2012-07-26 00:28 - 00850046 _____ C:\windows\system32\PerfStringBackup.INI
2014-01-24 12:14 - 2014-01-24 12:14 - 00602112 _____ (OldTimer Tools) C:\Users\Ryan\Desktop\OTL.exe
2014-01-24 12:10 - 2013-12-22 11:02 - 00002560 _____ C:\windows\system32\VfService.trf
2014-01-24 12:10 - 2012-07-26 00:22 - 00000006 ____H C:\windows\Tasks\SA.DAT
2014-01-24 12:04 - 2014-01-16 00:48 - 00000000 ____D C:\Users\Ryan
2014-01-24 12:04 - 2013-12-22 11:01 - 00000000 ____D C:\Program Files (x86)\McAfee
2014-01-24 12:00 - 2012-07-26 01:12 - 00000000 ____D C:\windows\registration
2014-01-24 11:54 - 2014-01-23 20:52 - 00000000 ____D C:\Users\Ryan\AppData\Local\Skype
2014-01-24 11:54 - 2014-01-23 20:07 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Malwarebytes
2014-01-24 11:54 - 2014-01-23 13:36 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\UpdaterEX
2014-01-24 11:54 - 2014-01-16 10:49 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\DAEMON Tools Lite
2014-01-24 11:54 - 2014-01-16 10:04 - 00000000 ____D C:\Users\Ryan\Documents\My Liquid Story Binder XE
2014-01-24 11:54 - 2014-01-16 01:42 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Mozilla
2014-01-24 11:54 - 2014-01-16 00:49 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Intel
2014-01-24 11:54 - 2014-01-16 00:49 - 00000000 ____D C:\Users\Ryan\AppData\Local\Packages
2014-01-24 11:54 - 2014-01-16 00:48 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2014-01-24 11:53 - 2014-01-23 20:07 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-24 11:53 - 2014-01-23 13:36 - 00000000 ____D C:\Program Files\Highlightly
2014-01-24 11:53 - 2014-01-16 01:42 - 00000000 ____D C:\Users\Ryan\AppData\Local\Mozilla
2014-01-24 11:53 - 2013-12-22 11:01 - 00000000 ____D C:\ProgramData\McAfee
2014-01-24 11:53 - 2013-12-22 11:01 - 00000000 ____D C:\Program Files\Common Files\mcafee
2014-01-24 10:53 - 2012-07-26 01:12 - 00000000 ____D C:\windows\AUInstallAgent
2014-01-24 10:45 - 2013-03-25 14:02 - 00044408 _____ C:\windows\PFRO.log
2014-01-24 03:58 - 2012-07-25 22:26 - 00262144 ___SH C:\windows\system32\config\ELAM
2014-01-24 02:51 - 2014-01-16 00:52 - 00000000 ____D C:\ProgramData\EPSON
2014-01-24 02:50 - 2014-01-16 00:52 - 00000000 ____D C:\Program Files\Common Files\EPSON
2014-01-23 20:51 - 2014-01-23 20:51 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2014-01-23 20:46 - 2014-01-23 20:45 - 01659552 _____ (Skype Technologies S.A.) C:\Users\Ryan\Downloads\SkypeSetup(2).exe
2014-01-23 20:38 - 2012-07-25 22:26 - 00262144 ___SH C:\windows\system32\config\BBI
2014-01-23 20:07 - 2014-01-23 20:07 - 00001124 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-23 20:06 - 2014-01-23 20:06 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Ryan\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-23 19:29 - 2014-01-16 01:56 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2014-01-23 16:59 - 2012-07-25 22:26 - 00000167 _____ C:\windows\win.ini
2014-01-23 14:41 - 2014-01-23 14:41 - 00000060 _____ C:\Users\Ryan\AppData\Roaming\WB.CFG
2014-01-23 13:41 - 2014-01-23 13:41 - 00000978 _____ C:\Users\Public\Desktop\Optimize Your PC.lnk
2014-01-23 13:41 - 2014-01-23 13:36 - 00002662 _____ C:\windows\System32\Tasks\UpdaterEX
2014-01-23 13:40 - 2014-01-23 13:34 - 20586496 _____ C:\Users\Ryan\Downloads\SkypeSetup.exe
2014-01-23 13:38 - 2014-01-23 13:38 - 00753040 _____ ( ) C:\Users\Ryan\Downloads\SkypeSetup(1).exe
2014-01-23 13:36 - 2014-01-23 13:36 - 20586496 _____ C:\Users\Ryan\Downloads\SkypeSetup [1].exe
2014-01-23 13:36 - 2014-01-23 13:36 - 00000000 ___HD C:\Users\Ryan\AppData\Local\SearchProtect
2014-01-23 13:25 - 2014-01-23 13:25 - 00000000 ____D C:\Users\ADMINI~1
2014-01-23 12:37 - 2014-01-16 19:33 - 00433640 _____ C:\windows\system32\FNTCACHE.DAT
2014-01-16 20:02 - 2014-01-16 20:02 - 00000000 ____D C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2014-01-16 20:00 - 2014-01-16 10:53 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2014-01-16 19:57 - 2014-01-16 19:57 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2014-01-16 19:57 - 2014-01-16 19:57 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2014-01-16 19:39 - 2014-01-16 00:50 - 00000000 ___RD C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-16 19:39 - 2014-01-16 00:50 - 00000000 ___RD C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-01-16 19:32 - 2012-07-26 01:12 - 00000000 ___RD C:\windows\ToastData
2014-01-16 19:31 - 2014-01-16 19:31 - 00000000 ____D C:\windows\SysWOW64\NV
2014-01-16 19:31 - 2014-01-16 19:31 - 00000000 ____D C:\windows\system32\NV
2014-01-16 19:31 - 2013-12-22 10:20 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-16 19:29 - 2014-01-16 19:29 - 00000000 ____H C:\windows\system32\Drivers\Msft_Kernel_iBtFltCoex_01009.Wdf
2014-01-16 19:29 - 2014-01-16 19:29 - 00000000 ____D C:\iBTWU
2014-01-16 19:29 - 2012-07-26 00:21 - 00028457 _____ C:\windows\setupact.log
2014-01-16 19:27 - 2013-12-22 11:04 - 00000000 ____D C:\ProgramData\Office2013
2014-01-16 19:27 - 2013-12-22 10:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2014-01-16 19:17 - 2014-01-16 19:17 - 00000000 ___HD C:\Users\Ryan\AppData\Local\Macromedia
2014-01-16 19:17 - 2014-01-16 19:17 - 00000000 ___HD C:\Users\Ryan\AppData\Local\Adobe
2014-01-16 19:10 - 2012-07-26 01:12 - 00000000 ____D C:\windows\WinStore
2014-01-16 19:10 - 2012-07-26 01:12 - 00000000 ____D C:\windows\system32\SecureBootUpdates
2014-01-16 19:10 - 2012-07-26 01:12 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2014-01-16 16:59 - 2014-01-16 16:59 - 00000000 _____ C:\Recovery.txt
2014-01-16 16:59 - 2012-07-26 01:13 - 00262144 _____ C:\windows\system32\config\BCD-Template
2014-01-16 10:59 - 2014-01-16 10:58 - 00000000 ____D C:\windows\system32\MRT
2014-01-16 10:56 - 2012-07-25 22:38 - 00000000 ____D C:\windows\system32\oobe
2014-01-16 10:53 - 2014-01-16 10:53 - 00000000 ____D C:\windows\PCHEALTH
2014-01-16 10:53 - 2014-01-16 10:53 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2014-01-16 10:53 - 2013-03-25 14:07 - 00000000 ____D C:\Program Files (x86)\MSBuild
2014-01-16 10:53 - 2012-07-26 00:52 - 00000000 ____D C:\windows\ShellNew
2014-01-16 10:52 - 2014-01-16 10:52 - 00000000 ____D C:\Program Files\Microsoft Office
2014-01-16 10:51 - 2014-01-16 10:51 - 00000000 ___HD C:\Users\Ryan\AppData\Local\Microsoft Help
2014-01-16 10:51 - 2014-01-16 10:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2014-01-16 10:50 - 2014-01-16 10:50 - 00000000 __RHD C:\MSOCache
2014-01-16 10:50 - 2014-01-16 10:48 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2014-01-16 10:47 - 2014-01-16 10:47 - 00929928 _____ (CNET Download.com) C:\Users\Ryan\Downloads\cbsidlm-cbsi171-DAEMON_Tools_Lite-SEO-10778842.exe
2014-01-16 10:46 - 2014-01-16 10:45 - 00000000 ___HD C:\Users\Ryan\Microsoft Office 2007 Enterprise Yellow Edition DiGiTAL
2014-01-16 09:46 - 2014-01-16 09:46 - 00002068 _____ C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2014-01-16 01:56 - 2014-01-16 01:56 - 00001394 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-01-16 01:56 - 2014-01-16 01:56 - 00000000 ____D C:\windows\System32\Tasks\Safer-Networking
2014-01-16 01:52 - 2014-01-16 01:51 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\Ryan\Downloads\spybot-2.2.exe
2014-01-16 01:42 - 2014-01-16 01:42 - 00001162 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-01-16 01:42 - 2014-01-16 01:42 - 00000000 ____D C:\ProgramData\Mozilla
2014-01-16 01:42 - 2014-01-16 01:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-16 01:20 - 2014-01-16 01:20 - 00001190 _____ C:\Users\Public\Desktop\Liquid Story Binder XE.lnk
2014-01-16 01:20 - 2014-01-16 01:20 - 00000000 ____D C:\Program Files (x86)\Liquid Story Binder XE
2014-01-16 01:14 - 2014-01-16 01:14 - 00000000 ____H C:\Users\Ryan\agent.log
2014-01-16 00:54 - 2013-12-22 11:08 - 00000000 ____D C:\windows\System32\Tasks\Lenovo
2014-01-16 00:54 - 2013-12-22 10:28 - 00000000 ____D C:\ProgramData\Intel
2014-01-16 00:51 - 2014-01-16 00:51 - 00000000 ___HD C:\Users\Ryan\AppData\Roaming\Intel Corporation
2014-01-16 00:51 - 2014-01-16 00:51 - 00000000 ____D C:\ProgramData\Pokki
2014-01-16 00:51 - 2014-01-16 00:51 - 00000000 ____D C:\ProgramData\Energy Management
2014-01-16 00:51 - 2014-01-16 00:48 - 00001133 _____ C:\Users\Ryan\Desktop\Cyberlink Power2Go.lnk
2014-01-16 00:50 - 2014-01-16 00:50 - 00001445 _____ C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-16 00:50 - 2014-01-16 00:50 - 00000139 _____ C:\Users\Public\Desktop\eBay.url
2014-01-16 00:50 - 2014-01-16 00:50 - 00000000 ____D C:\ProgramData\eBay
2014-01-16 00:50 - 2013-12-22 10:48 - 00114237 _____ C:\windows\modules.log
2014-01-16 00:49 - 2014-01-16 00:49 - 00000020 ___SH C:\Users\Ryan\ntuser.ini
2014-01-16 00:49 - 2014-01-16 00:49 - 00000000 ___HD C:\Users\Ryan\AppData\Roaming\Macromedia
2014-01-16 00:49 - 2014-01-16 00:49 - 00000000 ___HD C:\Users\Ryan\AppData\Roaming\Adobe
2014-01-16 00:49 - 2014-01-16 00:49 - 00000000 ___HD C:\Users\Ryan\AppData\Local\VirtualStore
2014-01-09 01:02 - 2012-07-26 01:14 - 00694240 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-01-09 01:02 - 2012-07-26 01:14 - 00078296 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-06 17:20 - 2014-01-16 10:58 - 86054176 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2013-12-26 20:42 - 2013-12-26 20:42 - 29339936 _____ (NVIDIA Corporation) C:\windows\system32\nvoglv64.dll
2013-12-26 20:42 - 2013-12-26 20:42 - 25256224 _____ (NVIDIA Corporation) C:\windows\system32\nvcompiler.dll
2013-12-26 20:42 - 2013-12-26 20:42 - 22104352 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvoglv32.dll
2013-12-26 20:42 - 2013-12-26 20:42 - 17560352 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvcompiler.dll
2013-12-26 20:42 - 2013-12-26 20:42 - 15930288 _____ (NVIDIA Corporation) C:\windows\system32\nvwgf2umx.dll
2013-12-26 20:42 - 2013-12-26 20:42 - 15699056 _____ (NVIDIA Corporation) C:\windows\system32\nvd3dumx.dll
2013-12-26 20:42 - 2013-12-26 20:42 - 13656024 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvwgf2um.dll
2013-12-26 20:42 - 2013-12-26 20:42 - 12947384 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvd3dum.dll
2013-12-26 20:42 - 2013-12-26 20:42 - 11311392 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvlddmkm.sys
2013-12-26 20:42 - 2013-12-26 20:42 - 09281544 _____ (NVIDIA Corporation) C:\windows\system32\nvcuda.dll
2013-12-26 20:42 - 2013-12-26 20:42 - 07721112 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvcuda.dll
2013-12-26 20:42 - 2013-12-26 20:42 - 07598080 _____ (NVIDIA Corporation) C:\windows\system32\nvopencl.dll
2013-12-26 20:42 - 2013-12-26 20:42 - 06330064 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvopencl.dll
2013-12-26 20:42 - 2013-12-26 20:42 - 02971424 _____ (NVIDIA Corporation) C:\windows\system32\nvcuvid.dll
2013-12-26 20:42 - 2013-12-26 20:42 - 02789664 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvcuvid.dll
2013-12-26 20:42 - 2013-12-26 20:42 - 02367776 _____ (NVIDIA Corporation) C:\windows\system32\nvcuvenc.dll
2013-12-26 20:42 - 2013-12-26 20:42 - 02007840 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvcuvenc.dll
2013-12-26 20:42 - 2013-12-26 20:42 - 01884448 _____ (NVIDIA Corporation) C:\windows\system32\nvdispco6432762.dll
2013-12-26 20:42 - 2013-12-26 20:42 - 01515296 _____ (NVIDIA Corporation) C:\windows\system32\nvdispgenco6432762.dll
2013-12-26 20:42 - 2013-12-26 20:42 - 01230576 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvumdshim.dll
2013-12-26 20:42 - 2013-12-26 20:42 - 00681760 _____ (NVIDIA Corporation) C:\windows\system32\NvFBC64.dll
2013-12-26 20:42 - 2013-12-26 20:42 - 00603424 _____ (NVIDIA Corporation) C:\windows\system32\NvIFR64.dll
2013-12-26 20:42 - 2013-12-26 20:42 - 00586016 _____ (NVIDIA Corporation) C:\windows\SysWOW64\NvFBC.dll
2013-12-26 20:42 - 2013-12-26 20:42 - 00515360 _____ (NVIDIA Corporation) C:\windows\SysWOW64\NvIFR.dll
2013-12-26 20:42 - 2013-12-26 20:42 - 00353504 _____ (NVIDIA Corporation) C:\windows\system32\nvoglshim64.dll
2013-12-26 20:42 - 2013-12-26 20:42 - 00305600 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvoglshim32.dll
2013-12-26 20:42 - 2013-12-26 20:42 - 00156256 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvinit.dll
2013-12-26 20:42 - 2013-12-26 20:42 - 00032544 _____ (NVIDIA Corporation) C:\windows\system32\Drivers\nvpciflt.sys
2013-12-26 20:42 - 2013-12-26 20:42 - 00022814 _____ C:\windows\system32\nvinfo.pb
2013-12-26 20:42 - 2013-12-22 10:19 - 02990792 _____ (NVIDIA Corporation) C:\windows\system32\nvapi64.dll
2013-12-26 20:42 - 2013-12-22 10:19 - 02633376 _____ (NVIDIA Corporation) C:\windows\SysWOW64\nvapi.dll
2013-12-26 20:42 - 2013-12-22 10:19 - 01421584 _____ (NVIDIA Corporation) C:\windows\system32\nvumdshimx.dll
2013-12-26 20:42 - 2013-12-22 10:19 - 00184048 _____ (NVIDIA Corporation) C:\windows\system32\nvinitx.dll

Some content of TEMP:
====================
C:\Users\Ryan\AppData\Local\Temp\oct92A7.tmp.exe
C:\Users\Ryan\AppData\Local\Temp\ose00000.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-03-25 14:02

==================== End Of Log ============================
  • 0

#4
Lydor
Posted 25 January 2014 - 12:55 AM

Lydor

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2014
Ran by Lydor's Den at 2014-01-24 23:53:09
Running from C:\Users\Ryan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\53APJ4CA
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}

==================== Installed Programs ======================

Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.43 - Adobe Systems Incorporated)
CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden
CyberLink PowerDirector 10 (x32 Version: 10.0.0.2810 - CyberLink Corp.)
Energy Management (x32 Version: 8.0.2.11 - Lenovo)
Energy Management (x32 Version: 8.0.2.11 - Lenovo) Hidden
Extended Update (HKCU Version: - )
Genesys USB Mass Storage Device (x32 Version: 4.3.0.3 - Genesys Logic)
Intel AppUp(SM) center (x32 Version: 3.6.1.33057.10 - Intel)
Intel® Manageability Engine Firmware Recovery Agent (x32 Version: 1.0.0.36943 - Intel Corporation)
Intel® Management Engine Components (x32 Version: 9.0.0.1323 - Intel Corporation)
Intel® PRO/Wireless Driver (Version: 16.01.5000.0577 - Intel Corporation) Hidden
Intel® Processor Graphics (x32 Version: 9.18.10.3165 - Intel Corporation)
Intel® PROSet/Wireless Software for Bluetooth® Technology(patch version 3.0.1332.1) (Version: 3.1.1307.0366 - Intel Corporation)
Intel® Rapid Storage Technology (Version: 12.6.0.1033 - Intel Corporation)
Intel® Rapid Storage Technology (Version: 12.6.0.1033 - Intel Corporation) Hidden
Intel® SDK for OpenCL - CPU Only Runtime Package (x32 Version: 3.0.0.63463 - Intel Corporation)
Intel® Update Manager (x32 Version: 1.6.0.56 - Intel Corporation) Hidden
Intel® WiDi (Version: 4.1.19.0 - Intel Corporation)
Intel® PROSet/Wireless Software (x32 Version: 16.1.5 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (Version: 16.01.5000.0269 - Intel Corporation) Hidden
Intel® Trusted Connect Service Client (Version: 1.27.798.1 - Intel Corporation) Hidden
Lenovo EasyCamera (x32 Version: 6.2.9200.10240 - Realtek Semiconductor Corp.)
Lenovo Experience Improvement (Version: 1.0.4.0 - Lenovo)
Lenovo OneKey Recovery (Version: 8.0.0.1219 - CyberLink Corp.) Hidden
Lenovo OneKey Recovery (x32 Version: 8.0.0.1219 - CyberLink Corp.)
Lenovo Photos (x32 Version: 4.8.5 - CEWE COLOR AG u Co. OHG)
Lenovo pointing device (Version: 11.4.19.2 - ELAN Microelectronic Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5219.52 - CyberLink Corp.)
Lenovo PowerDVD10 (x32 Version: 10.0.5219.52 - CyberLink Corp.) Hidden
Lenovo VeriFace (Version: 5.0.13.5261 - Lenovo)
Lenovo YouCam (x32 Version: 4.1.3423 - CyberLink Corp.)
Lenovo YouCam (x32 Version: 4.1.3423 - CyberLink Corp.) Hidden
Liquid Story Binder XE version 4.93 (x32 Version: 4.93 - Black Obelisk Software)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
McAfee Internet Security (x32 Version: 12.8.908 - McAfee, Inc.)
Microsoft Office 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Access MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2007 (x32 Version: 12.0.4518.1014 - Microsoft Corporation) Hidden
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Microsoft Office Publisher MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2007 (x32 Version: 12.0.6612.1000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 26.0 (x86 en-US) (x32 Version: 26.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 26.0 - Mozilla)
Nitro Pro 8 (Version: 8.0.10.7 - Nitro)
NVIDIA Control Panel 327.62 (Version: 327.62 - NVIDIA Corporation) Hidden
NVIDIA GeForce Experience 1.5 (Version: 1.5 - NVIDIA Corporation)
NVIDIA Graphics Driver 327.62 (Version: 327.62 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.141.953 - NVIDIA Corporation) Hidden
NVIDIA Optimus 4.11.9 (Version: 4.11.9 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.12.1031 - NVIDIA Corporation) Hidden
NVIDIA PhysX System Software 9.12.1031 (Version: 9.12.1031 - NVIDIA Corporation)
NVIDIA Update 4.11.9 (Version: 4.11.9 - NVIDIA Corporation) Hidden
NVIDIA Update Components (Version: 4.11.9 - NVIDIA Corporation) Hidden
Onekey Theater (x32 Version: 3.0.1.0 - Lenovo)
Pokki (HKCU Version: 0.267.1.208 - Pokki)
Power2Go (x32 Version: 5.6.0.9109 - CyberLink Corp.)
Qualcomm Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (x32 Version: 2.1.0.12 - Qualcomm Atheros Communications Inc.)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.6923 - Realtek Semiconductor Corp.)
Shared C Run-time for x64 (Version: 10.0.0 - McAfee)
Skype™ 6.13 (x32 Version: 6.13.104 - Skype Technologies S.A.)
Spybot - Search & Destroy (x32 Version: 2.2.25 - Safer-Networking Ltd.)
StageLight version 1.0.0.3508 (Version: version 1.0.0.3508 - Open Labs, LLC.)
SugarSync Manager (x32 Version: 1.9.61.90905 - SugarSync, Inc.)
Update for 2007 Microsoft Office System (KB967642) (x32 Version: - Microsoft)
Update for Microsoft Office 2007 Help for Common Features (KB963673) (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office Access 2007 Help (KB963663) (x32 Version: - Microsoft)
Update for Microsoft Office Excel 2007 Help (KB963678) (x32 Version: - Microsoft)
Update for Microsoft Office Infopath 2007 Help (KB963662) (x32 Version: - Microsoft)
Update for Microsoft Office OneNote 2007 Help (KB963670) (x32 Version: - Microsoft)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Help (KB963677) (x32 Version: - Microsoft)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2850085) 32-Bit Edition (x32 Version: - Microsoft)
Update for Microsoft Office Powerpoint 2007 Help (KB963669) (x32 Version: - Microsoft)
Update for Microsoft Office Publisher 2007 Help (KB963667) (x32 Version: - Microsoft)
Update for Microsoft Office Script Editor Help (KB963671) (x32 Version: - Microsoft)
Update for Microsoft Office Word 2007 Help (KB963665) (x32 Version: - Microsoft)
UserGuide (x32 Version: 1.0.0.15 - Lenovo)
UserGuide (x32 Version: 1.0.0.15 - Lenovo) Hidden
Windows Driver Package - Lenovo (ACPIVPC) System (06/15/2012 8.1.0.1) (Version: 06/15/2012 8.1.0.1 - Lenovo)
Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (06/19/2012 10.13.29.733) (Version: 06/19/2012 10.13.29.733 - Lenovo)

==================== Restore Points =========================

16-01-2014 17:50:33 Installed Microsoft Office Enterprise 2007
23-01-2014 20:31:00 Scheduled Checkpoint
24-01-2014 09:48:42 Restore Operation

==================== Hosts content: ==========================

2012-07-25 22:26 - 2014-01-16 09:51 - 00450639 ____R C:\windows\system32\Drivers\etc\hosts
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 123haustiereundmehr.com
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {0AB7456E-2516-484D-A698-659DB2BB60A0} - System32\Tasks\Lenovo\Experience Improvement => C:\Program Files\Lenovo\ExperienceImprovement\LenovoExperienceImprovement.exe [2013-06-03] (Lenovo)
Task: {18BEE6C7-481E-45C7-B708-707407A5DD62} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\Bootstrap.exe [2013-03-08] (Intel Corporation)
Task: {1AAFF332-5C62-4558-9991-DAA649C4C9C5} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask
Task: {1D884322-1151-4CD5-943C-4A4A6387F188} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)
Task: {1DB439AE-9379-4706-ACE3-6133DE2E3154} - System32\Tasks\UMonitor Task => C:\windows\system32\UMonit64.exe
Task: {1F4425C4-C507-48B7-A63E-E5F29C09D2EF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDUpdate.exe
Task: {23A5D8BE-9196-40EB-BD89-794398B2B073} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {3EF9D2D6-87D4-414F-A86C-0A7E0D378B16} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDScan.exe
Task: {7C46D75D-589C-4882-B078-49DE29C226BC} - System32\Tasks\Microsoft\Windows\Setup\Pre-staged GDR Notification => C:\Windows\system32\NotificationUI.exe [2013-08-15] (Microsoft Corporation)
Task: {809B891A-53C0-4496-8AB5-53835076B6ED} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search &amp; Destroy 2\SDImmunize.exe
Task: {918788BB-5448-4F53-9842-FCC725818A1D} - System32\Tasks\ISM-UpdateService-e57b59e7-5862-4250-9ce0-76fb411dc0d2-Logon => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\Bootstrap.exe [2013-03-08] (Intel Corporation)
Task: {A72208BF-7A49-4FB8-B684-252375F3443A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing
Task: {C6A88F2D-53D2-4805-9D69-443738A1847C} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState
Task: {CFE6E609-8D10-4CF2-A75F-985FCC5C3E4F} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation)
Task: {E9D9CAD6-0D80-42F9-8C06-D7CAA532F102} - System32\Tasks\UpdaterEX => C:\Users\Ryan\AppData\Roaming\UpdaterEX\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
Task: {EBF06DEC-4228-4813-AC0C-62821AE4E330} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask
Task: C:\windows\Tasks\UpdaterEX.job => C:\Users\Ryan\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION

==================== Loaded Modules (whitelisted) =============

2013-12-05 11:24 - 2013-12-05 11:24 - 02330440 _____ () C:\Users\Ryan\AppData\Local\Pokki\ocdeskband_0.dll
2013-12-22 10:49 - 2013-08-07 10:21 - 00176048 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\ModernShared\ErrorReporting\ErrorReporting.dll
2014-01-16 01:56 - 2012-08-23 11:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2014-01-16 01:56 - 2013-05-16 11:55 - 00113496 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2014-01-16 01:56 - 2013-05-16 11:55 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2014-01-16 01:56 - 2013-05-16 11:55 - 00161112 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2014-01-16 01:56 - 2012-04-03 18:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2013-09-06 19:11 - 2013-09-06 19:11 - 00569856 _____ () C:\Users\Ryan\AppData\Local\Pokki\Engine\ppGoogleNaClPluginChrome.dll
2013-09-06 19:11 - 2013-09-06 19:11 - 01400846 _____ () C:\Users\Ryan\AppData\Local\Pokki\Engine\avcodec-54.dll
2013-09-06 19:11 - 2013-09-06 19:11 - 00151054 _____ () C:\Users\Ryan\AppData\Local\Pokki\Engine\avutil-51.dll
2013-09-06 19:11 - 2013-09-06 19:11 - 00222734 _____ () C:\Users\Ryan\AppData\Local\Pokki\Engine\avformat-54.dll
2013-12-22 10:29 - 2013-05-15 20:08 - 01199576 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2010-12-17 13:56 - 2010-12-17 13:56 - 02603520 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtCore4.dll
2013-03-07 13:53 - 2013-03-07 13:53 - 00015872 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\featureController.dll
2010-12-17 13:56 - 2010-12-17 13:56 - 01006592 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtNetwork4.dll
2010-12-17 13:56 - 2010-12-17 13:56 - 00382464 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtXml4.dll
2010-01-12 17:55 - 2010-01-12 17:55 - 00400384 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\sqlite3.dll
2010-01-12 17:55 - 2010-01-12 17:55 - 00322048 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\log4cplus.dll
2010-12-16 13:16 - 2010-12-16 13:16 - 00195584 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\libgsoap.dll
2010-01-18 00:34 - 2010-01-18 00:34 - 00062464 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\zlib1.dll
2013-03-07 13:55 - 2013-03-07 13:55 - 00472576 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\DeviceProfile.dll
2013-03-07 13:58 - 2013-03-07 13:58 - 00499488 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\plugin\PServerPlugin.dll
2013-03-07 13:54 - 2013-03-07 13:54 - 00013824 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\eventsSender.dll
2010-12-17 13:56 - 2010-12-17 13:56 - 14978048 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtWebKit4.dll
2010-12-17 13:56 - 2010-12-17 13:56 - 09224704 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\QtGui4.dll
2010-12-17 13:56 - 2010-12-17 13:56 - 00317952 _____ () C:\Program Files (x86)\Intel\Intel® ME FW Recovery Agent\bin\phonon4.dll

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Could not start eventlog service, could not read events.


==================== Memory info ===========================

Percentage of memory in use: 37%
Total physical RAM: 8104.27 MB
Available physical RAM: 5102.77 MB
Total Pagefile: 9320.27 MB
Available Pagefile: 6433.6 MB
Total Virtual: 8192 MB
Available Virtual: 8191.76 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:889.69 GB) (Free:839.83 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:21.44 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 932 GB) (Disk ID: E762247E)

Partition: GPT Partition Type
==================== End Of Log ============================
  • 0

#5
emeraldnzl
Posted 25 January 2014 - 01:25 AM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Firstly please uninstall:

Pokki

After that

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
  • 0

#6
Lydor
Posted 25 January 2014 - 02:24 AM

Lydor

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-01-2014
Ran by Lydor's Den at 2014-01-25 01:24:06 Run:1
Running from C:\Users\Ryan\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
(Pokki) C:\Users\Ryan\AppData\Local\Pokki\Engine\pokki.exe
C:\Users\Ryan\AppData\Local\Pokki
HKU\Default\...\Run: [Pokki] - C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform
HKU\Default User\...\Run: [Pokki] - C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform
MountPoints2: {44fd81a2-7f0a-11e3-be76-00c2c6139f33} - "G:\SETUP.EXE"
AppInit_DLLs: C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll => File Not Found
C:\PROGRA~2\SearchProtect
SearchScopes: HKCU - DefaultScope {2C23C968-BE9D-4953-B237-5D6FA9D95012} URL =
SearchScopes: HKCU - {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL =
SearchScopes: HKCU - {2C23C968-BE9D-4953-B237-5D6FA9D95012} URL =
BHO: Highlightly - {83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} - C:\Program Files\Highlightly\IE\HighlightlyClientIE.dll (Highlightly)
C:\Program Files\Highlightly
FF Extension: Highlightly - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] [2014-01-23]
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]
C:\Users\Ryan\AppData\Local\Temp\oct92A7.tmp.exe
C:\Users\Ryan\AppData\Local\Temp\ose00000.exe
Task: {E9D9CAD6-0D80-42F9-8C06-D7CAA532F102} - System32\Tasks\UpdaterEX => C:\Users\Ryan\AppData\Roaming\UpdaterEX\UpdateProc\UpdateTask.exe [2013-04-12] () <==== ATTENTION
C:\Users\Ryan\AppData\Roaming\UpdaterEX\UpdateProc
Task: C:\windows\Tasks\UpdaterEX.job => C:\Users\Ryan\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE <==== ATTENTION
C:\Users\Ryan\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE
C:\windows\Tasks\UpdaterEX.job
*****************

C:\Users\Ryan\AppData\Local\Pokki\Engine\pokki.exe => No running process found
"C:\Users\Ryan\AppData\Local\Pokki" => File/Directory not found.
HKU\Default\Software\Microsoft\Windows\CurrentVersion\Run\\Pokki => Value deleted successfully.
HKU\Default User\Software\Microsoft\Windows\CurrentVersion\Run\\Pokki => Value not found.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{44fd81a2-7f0a-11e3-be76-00c2c6139f33} => Key deleted successfully.
HKCR\CLSID\{44fd81a2-7f0a-11e3-be76-00c2c6139f33} => Key not found.
"C:\\PROGRA~2\\SearchProtect\\SearchProtect\\bin\\SPVC64Loader.dll" => Value Data removed successfully.
"C:\PROGRA~2\SearchProtect" => File/Directory not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key deleted successfully.
HKCR\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2C23C968-BE9D-4953-B237-5D6FA9D95012} => Key deleted successfully.
HKCR\CLSID\{2C23C968-BE9D-4953-B237-5D6FA9D95012} => Key not found.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} => Key deleted successfully.
HKCR\CLSID\{83F2328D-0D6A-42B4-B0C4-02A929EDD4BE} => Key deleted successfully.
C:\Program Files\Highlightly => Moved successfully.
C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected] => Moved successfully.
"C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]" => File/Directory not found.
C:\Users\Ryan\AppData\Local\Temp\oct92A7.tmp.exe => Moved successfully.
C:\Users\Ryan\AppData\Local\Temp\ose00000.exe => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E9D9CAD6-0D80-42F9-8C06-D7CAA532F102} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E9D9CAD6-0D80-42F9-8C06-D7CAA532F102} => Key deleted successfully.
C:\Windows\System32\Tasks\UpdaterEX => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UpdaterEX => Key deleted successfully.
C:\Users\Ryan\AppData\Roaming\UpdaterEX\UpdateProc => Moved successfully.
C:\windows\Tasks\UpdaterEX.job => Moved successfully.
"C:\Users\Ryan\AppData\Roaming\UPDATE~1\UPDATE~1\UPDATE~1.EXE" => File/Directory not found.
"C:\windows\Tasks\UpdaterEX.job" => File/Directory not found.

==== End of Fixlog ====
  • 0

#7
emeraldnzl
Posted 25 January 2014 - 02:55 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello Lydor,

Please download zoek.exe and save it to your desktop (Firefox users right click and Save Link As...).

  • Close any open browsers.
  • Temporarily disable your AntiVirus program. (If necessary)
  • Double click on zoek.exe to run.
  • Please wait while the tool starts. It will appear to be doing nothing and may take a few seconds to come up
  • Copy the text below and paste it into the large window in the zoek tool:

    autoclean;
    FFdefaults;

  • Click on Run script button
  • Please wait patiently (it may take a few minutes) until a log report will open (this may be after reboot, if required)
  • Copy (Ctrl +C) and paste (Ctrl +V) the contents of the opened entire report back here.
Note: It will also create a log in the C:\ directory named "zoek-results.log"
  • 0

#8
Lydor
Posted 26 January 2014 - 02:33 AM

Lydor

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Zoek.exe v5.0.0.0 Updated 25-January-2014
Tool run by Lydor's Den on Sun 01/26/2014 at 0:02:14.75.
Microsoft Windows 8 6.2.9200 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Ryan\Downloads\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

1/26/2014 12:02:50 AM Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\5g8lp3ey.default\prefs.js:

Added to C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\5g8lp3ey.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.co...ogle Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.co...ogle Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

ProfilePath: C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\5g8lp3ey.default

user.js not found
---- FireFox user.js and prefs.js backups ----

prefs_20140126_1209_.backup

==== Deleting Files \ Folders ======================

C:\Users\Ryan\AppData\Roaming\UpdaterEX deleted
C:\ProgramData\Package Cache deleted
C:\Users\Default\AppData\Local\Pokki deleted
C:\Users\Ryan\AppData\Local\SearchProtect deleted

==== Firefox Extensions Registry ======================

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"[email protected]"="C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]" []

==== Firefox Extensions ======================

ProfilePath: C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\5g8lp3ey.default
- Undetermined - C:\Program Files (x86)\Mozilla Firefox\extensions\[email protected]

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\5g8lp3ey.default
2557FBC582910A71CDEB0F22886D118D - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll - Shockwave Flash


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://lenovo13.msn.com/?pc=LCJB"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{2C23C968-BE9D-4953-B237-5D6FA9D95012}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2C23C968-BE9D-4953-B237-5D6FA9D95012}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://lenovo13.msn.com/?pc=LCJB"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/...ox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.co...ge={startPage}"

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\[email protected] deleted successfully

==== Empty IE Cache ======================

C:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Ryan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Ryan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\BY1LAUBM will be deleted at reboot
C:\Users\Ryan\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VPURYARX will be deleted at reboot

==== Empty FireFox Cache ======================

C:\Users\Ryan\AppData\Local\Mozilla\Firefox\Profiles\5g8lp3ey.default\Cache emptied successfully

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=1239 folders=119 294944303 bytes)
  • 0

#9
emeraldnzl
Posted 26 January 2014 - 01:30 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello Lydor,

Making some progress I think.

Now

Please download : ADWCleaner to your desktop.

NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs and click on the AdwCleaner icon.

Posted Image

Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy and paste back here. If a report doesn't appear, press the report button and Copy & Paste the contents on your next reply.

A copy of the report is also saved in the C:\AdwCleaner folder.

After that

Please run FRST again and post back the FRST.txt log it generates.

So when you return please post
  • AdwCleaner log
  • FRST.txt
  • 0

#10
Lydor
Posted 26 January 2014 - 02:34 PM

Lydor

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
# AdwCleaner v3.017 - Report created 26/01/2014 at 13:27:11
# Updated 12/01/2014 by Xplode
# Operating System : Windows 8 (64 bits)
# Username : Lydor's Den - LYDORS-DEN
# Running from : C:\Users\Ryan\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\PCFixSpeed
Folder Deleted : C:\ProgramData\Pokki

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\Classes\*\shell\pokki
Key Deleted : HKCU\Software\Classes\Folder\shell\pokki
Key Deleted : HKCU\Software\Classes\pokki
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{4AA46D49-459F-4358-B4D1-169048547C23}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A75BE48D-BF58-4A8B-B96C-F9A09DFB9844}
Key Deleted : HKCU\Software\UpdaterEX
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\UpdaterEX

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16537


-\\ Mozilla Firefox v26.0 (en-US)

[ File : C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\5g8lp3ey.default\prefs.js ]


[ File : C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\5g8lp3ey.default\prefs.js ]


[ File : C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\5g8lp3ey.default\prefs.js ]


*************************

AdwCleaner[R0].txt - [1829 octets] - [26/01/2014 13:19:09]
AdwCleaner[S0].txt - [1731 octets] - [26/01/2014 13:27:11]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1791 octets] ##########







Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-01-2014 02
Ran by Lydor's Den (administrator) on LYDORS-DEN on 26-01-2014 13:33:09
Running from C:\Users\Ryan\Desktop
Windows 8 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\System32\dasHost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe
(Nalpeiron Ltd.) C:\Windows\SysWOW64\NLSSRV32.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
() C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel) C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.0.1119.516_x64__8wekyb3d8bbwe\LiveComm.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDIntelligent.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek semiconductor) C:\Windows\RTFTrack.exe
() C:\Windows\SysWOW64\UMonit64.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe
(Motorola Solutions, Inc.) C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe
(Lenovo) C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe
(Lenovo (Beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe
(Lenovo(beijing) Limited) C:\Program Files (x86)\Lenovo\Energy Management\utility.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe
(CyberLink Corp.) C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation)
HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286704 2013-04-30] (Intel Corporation)
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13545032 2013-05-28] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_Dolby] - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1308232 2013-05-20] (Realtek Semiconductor)
HKLM\...\Run: [ETDCtrl] - C:\Program Files\Elantech\ETDCtrl.exe [2891592 2013-05-17] (ELAN Microelectronics Corp.)
HKLM\...\Run: [BTMTrayAgent] - C:\Program Files (x86)\Intel\Bluetooth\btmshellex.dll [7830328 2013-05-21] (Motorola Solutions, Inc.)
HKLM\...\Run: [RtsFT] - C:\windows\RTFTrack.exe [6340312 2013-07-19] (Realtek semiconductor)
HKLM\...\Run: [UMonit64] - C:\windows\SysWOW64\UMonit64.exe [40960 2013-04-08] ()
HKLM\...\Run: [OnekeyStudio] - C:\Program Files\Lenovo\Onekey Theater\OnekeyStudio.exe [4196432 2012-09-14] (Lenovo)
HKLM\...\Run: [Energy Management] - C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe [17097200 2013-12-22] (Lenovo (Beijing) Limited)
HKLM\...\Run: [EnergyUtility] - C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe [193008 2013-12-22] (Lenovo(beijing) Limited)
HKLM-x32\...\Run: [YouCam Tray] - C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe [168464 2012-10-30] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GShortCut] - C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe [217088 2012-04-18] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] - C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.exe [95192 2013-03-08] (CyberLink Corp.)
HKLM-x32\...\Run: [mcui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537512 2013-09-24] (McAfee, Inc.)
HKLM-x32\...\Run: [Intel AppUp(SM) center] - C:\Program Files (x86)\Intel\IntelAppStore\bin\ismagent.exe [155488 2012-07-12] (Intel Corporation)
HKLM-x32\...\Run: [mcpltui_exe] - C:\Program Files\McAfee.com\Agent\mcagent.exe [537512 2013-09-24] (McAfee, Inc.)
HKLM-x32\...\Run: [SDTray] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [GrooveMonitor] - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKCU\...\Run: [EPLTarget\P0000000000000000] - C:\windows\system32\spool\DRIVERS\x64\3\E_YATIJJE.EXE /EPT "EPLTarget\P0000000000000000" /M "WF-3520 Series"
HKCU\...\Run: [Spybot-S&D Cleaning] - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)
HKCU\...\Run: [Skype] - C:\Program Files (x86)\Skype\Phone\Skype.exe [20728480 2014-01-14] (Skype Technologies S.A.)
AppInit_DLLs: C:\windows\system32\nvinitx.dll => C:\windows\system32\nvinitx.dll [184048 2013-12-26] (NVIDIA Corporation)
AppInit_DLLs-x32: c:\windows\syswow64\nvinit.dll => c:\windows\syswow64\nvinit.dll [156256 2013-12-26] (NVIDIA Corporation)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://lenovo13.msn.com/?pc=LCJB
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://home.lenovo.com
SearchScopes: HKLM - DefaultScope {2C23C968-BE9D-4953-B237-5D6FA9D95012} URL = http://www.bing.com/...=IE10TR&pc=LCJB
SearchScopes: HKLM - {2C23C968-BE9D-4953-B237-5D6FA9D95012} URL = http://www.bing.com/...=IE10TR&pc=LCJB
SearchScopes: HKLM-x32 - {2C23C968-BE9D-4953-B237-5D6FA9D95012} URL = http://www.bing.com/...=IE10TR&pc=LCJB
SearchScopes: HKCU - DefaultScope {2C23C968-BE9D-4953-B237-5D6FA9D95012} URL =
SearchScopes: HKCU - {2C23C968-BE9D-4953-B237-5D6FA9D95012} URL =
SearchScopes: HKCU - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://www.google.co...age={startPage}
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
DPF: HKLM-x32 {4FF78044-96B4-4312-A5B7-FDA3CB328095}
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\mcafee\msc\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\msc\McSnIePl.dll (McAfee, Inc.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 24.116.0.53 24.116.2.50

FireFox:
========
FF ProfilePath: C:\Users\Ryan\AppData\Roaming\Mozilla\Firefox\Profiles\5g8lp3ey.default
FF NewTab: hxxp://www.google.com/
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Homepage: hxxp://www.google.com
FF Keyword.URL: hxxp://www.google.com/search?btnG=Google+Search&q=
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_43.dll ()
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_43.dll ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=3.5.29 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-12-22]

==================== Services (Whitelisted) =================

U2 BrcmSetSecurity; C:\Program Files\Intel Corporation\Intel WiDi\BrcmSetSecurity.exe [101536 2013-05-28] (Intel)
U2 ETDService; C:\Program Files\Elantech\ETDService.exe [99632 2013-05-03] (ELAN Microelectronics Corp.)
U2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
U2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15344 2013-04-30] (Intel Corporation)
U3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [820184 2013-02-13] (Intel® Corporation)
U2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-05-15] (Intel Corporation)
U2 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [155448 2013-08-19] (Intel Corporation)
U2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-05-15] (Intel Corporation)
U2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178048 2013-11-28] (McAfee, Inc.)
U3 McAWFwk; C:\Program Files\mcafee\msc\McAWFwk.exe [332080 2012-01-26] (McAfee, Inc.)
U2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
U2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
U3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
U2 McOobeSv; C:\Program Files\Common Files\mcafee\McSvcHost\McSvHost.exe [200728 2012-05-11] (McAfee, Inc.)
U2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
U2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
U2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025232 2013-12-11] (McAfee, Inc.)
U2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219272 2013-12-05] (McAfee, Inc.)
U2 mfevtp; C:\windows\system32\mfevtps.exe [184800 2013-12-05] (McAfee, Inc.)
U2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
U3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273136 2013-08-28] ()
U2 NitroDriverReadSpool8; C:\Program Files\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe [230408 2012-12-13] (Nitro PDF Software)
U2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
U2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
U2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
U2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)
U2 VeriFaceSrv; C:\Program Files (x86)\Lenovo\Lenovo VeriFace\VfConnectorService.exe [68368 2013-12-22] ()
U3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [16048 2013-12-22] (Microsoft Corporation)
U2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3378416 2013-08-28] (Intel® Corporation)

==================== Drivers (Whitelisted) ====================

U3 BthLEEnum; C:\Windows\system32\DRIVERS\BthLEEnum.sys [202752 2012-07-25] (Microsoft Corporation)
U3 btmaux; C:\Windows\system32\DRIVERS\btmaux.sys [132920 2013-04-23] (Motorola Solutions, Inc.)
U3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2013-10-15] (Motorola Solutions, Inc.)
U3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70112 2013-12-05] (McAfee, Inc.)
U3 ETDSMBus; C:\Windows\system32\DRIVERS\ETDSMBus.sys [22280 2013-05-16] (ELAN Microelectronic Corp.)
U3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
U2 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [179792 2013-12-05] (McAfee, Inc.)
U2 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311120 2013-12-05] (McAfee, Inc.)
U0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [69344 2013-12-05] (McAfee, Inc.)
U3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [519576 2013-12-05] (McAfee, Inc.)
U2 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [782616 2013-12-05] (McAfee, Inc.)
U3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [411944 2013-11-26] (McAfee, Inc.)
U3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [96112 2013-11-26] (McAfee, Inc.)
U2 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [343696 2013-12-05] (McAfee, Inc.)
U3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew00.sys [3345376 2013-08-22] (Intel Corporation)
U3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [8247640 2013-07-19] (Realtek Semiconductor Corp.)
U3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [206744 2013-05-28] (Windows ® Win 7 DDK provider)
U3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)
U5 GeneStor; C:\Windows\System32\Drivers\GeneStor.sys [91368 2013-03-21] (GenesysLogic)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-01-26 13:33 - 2014-01-26 13:33 - 00017118 _____ C:\Users\Ryan\Desktop\FRST.txt
2014-01-26 13:33 - 2014-01-26 13:33 - 00000000 ____D C:\Users\Ryan\Desktop\FRST-OlderVersion
2014-01-26 13:18 - 2014-01-26 13:27 - 00000000 ____D C:\AdwCleaner
2014-01-26 13:17 - 2014-01-26 13:17 - 01236282 _____ C:\Users\Ryan\Downloads\AdwCleaner.exe
2014-01-26 01:26 - 2014-01-26 13:31 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Nitro PDF
2014-01-26 00:08 - 2014-01-26 00:11 - 00000260 _____ C:\folders.log
2014-01-26 00:08 - 2014-01-26 00:11 - 00000000 ____D C:\zoek
2014-01-26 00:02 - 2014-01-26 00:11 - 00005553 _____ C:\zoek-results.log
2014-01-26 00:02 - 2014-01-26 00:11 - 00003385 _____ C:\runcheck.txt
2014-01-26 00:02 - 2014-01-26 00:09 - 00000000 ____D C:\zoek_backup
2014-01-26 00:01 - 2014-01-26 00:01 - 01283072 _____ C:\Users\Ryan\Downloads\zoek.exe
2014-01-25 01:23 - 2014-01-26 13:33 - 02078208 _____ (Farbar) C:\Users\Ryan\Desktop\FRST64.exe
2014-01-25 00:02 - 2014-01-25 00:02 - 00001162 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-01-25 00:02 - 2014-01-25 00:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-24 23:53 - 2014-01-24 23:53 - 00000105 _____ C:\Users\Ryan\Desktop\Addition.txt
2014-01-24 23:51 - 2014-01-26 13:33 - 00000000 ____D C:\FRST
2014-01-24 12:22 - 2014-01-24 12:22 - 00134926 _____ C:\Users\Ryan\Desktop\OTL.Txt
2014-01-24 12:22 - 2014-01-24 12:22 - 00065354 _____ C:\Users\Ryan\Desktop\Extras.Txt
2014-01-24 12:14 - 2014-01-24 12:14 - 00602112 _____ (OldTimer Tools) C:\Users\Ryan\Desktop\OTL.exe
2014-01-23 20:52 - 2014-01-24 11:54 - 00000000 ____D C:\Users\Ryan\AppData\Local\Skype
2014-01-23 20:51 - 2014-01-26 13:31 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Skype
2014-01-23 20:51 - 2014-01-24 12:20 - 00000000 ____D C:\ProgramData\Skype
2014-01-23 20:51 - 2014-01-24 12:18 - 00000000 ___RD C:\Program Files (x86)\Skype
2014-01-23 20:51 - 2014-01-23 20:51 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2014-01-23 20:45 - 2014-01-23 20:46 - 01659552 _____ (Skype Technologies S.A.) C:\Users\Ryan\Downloads\SkypeSetup(2).exe
2014-01-23 20:07 - 2014-01-24 12:18 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-23 20:07 - 2014-01-24 11:54 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Malwarebytes
2014-01-23 20:07 - 2014-01-24 11:53 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-23 20:07 - 2014-01-23 20:07 - 00001124 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-23 20:07 - 2013-04-04 15:50 - 00025928 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\mbam.sys
2014-01-23 20:06 - 2014-01-23 20:06 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Ryan\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-23 17:43 - 2013-09-23 14:49 - 00197704 _____ (McAfee, Inc.) C:\windows\system32\Drivers\HipShieldK.sys
2014-01-23 14:41 - 2014-01-23 14:41 - 00000060 _____ C:\Users\Ryan\AppData\Roaming\WB.CFG
2014-01-23 13:41 - 2014-01-23 13:41 - 00000978 _____ C:\Users\Public\Desktop\Optimize Your PC.lnk
2014-01-23 13:38 - 2014-01-23 13:38 - 00753040 _____ ( ) C:\Users\Ryan\Downloads\SkypeSetup(1).exe
2014-01-23 13:36 - 2014-01-23 13:36 - 20586496 _____ C:\Users\Ryan\Downloads\SkypeSetup [1].exe
2014-01-23 13:34 - 2014-01-23 13:40 - 20586496 _____ C:\Users\Ryan\Downloads\SkypeSetup.exe
2014-01-23 13:25 - 2014-01-23 13:25 - 00000000 ____D C:\Users\ADMINI~1
2014-01-16 20:02 - 2014-01-16 20:02 - 00000000 ____D C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2014-01-16 19:57 - 2014-01-16 19:57 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2014-01-16 19:57 - 2014-01-16 19:57 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2014-01-16 19:33 - 2014-01-23 12:37 - 00433640 _____ C:\windows\system32\FNTCACHE.DAT
2014-01-16 19:31 - 2014-01-16 19:31 - 00000000 ____D C:\windows\SysWOW64\NV
2014-01-16 19:31 - 2014-01-16 19:31 - 00000000 ____D C:\windows\system32\NV
2014-01-16 19:29 - 2014-01-16 19:29 - 00000000 ____H C:\windows\system32\Drivers\Msft_Kernel_iBtFltCoex_01009.Wdf
2014-01-16 19:29 - 2014-01-16 19:29 - 00000000 ____D C:\iBTWU
2014-01-16 19:27 - 2013-11-26 17:19 - 00385614 _____ C:\windows\system32\ApnDatabase.xml
2014-01-16 19:27 - 2013-11-25 16:17 - 00083968 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidclass.sys
2014-01-16 19:27 - 2013-10-10 04:25 - 02232664 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tcpip.sys
2014-01-16 19:26 - 2013-08-09 22:21 - 00448512 _____ (Microsoft Corporation) C:\windows\system32\SettingSync.dll
2014-01-16 19:26 - 2013-08-09 22:21 - 00128512 _____ (Microsoft Corporation) C:\windows\system32\SettingSyncInfo.dll
2014-01-16 19:26 - 2013-08-09 20:58 - 00356352 _____ (Microsoft Corporation) C:\windows\SysWOW64\SettingSync.dll
2014-01-16 19:26 - 2013-08-02 23:40 - 01374208 _____ (Microsoft Corporation) C:\windows\system32\wdc.dll
2014-01-16 19:26 - 2013-08-02 23:40 - 00566784 _____ (Microsoft Corporation) C:\windows\system32\wvc.dll
2014-01-16 19:26 - 2013-08-02 23:40 - 00462336 _____ (Microsoft Corporation) C:\windows\system32\sysmon.ocx
2014-01-16 19:26 - 2013-08-02 22:14 - 00399360 _____ (Microsoft Corporation) C:\windows\SysWOW64\sysmon.ocx
2014-01-16 19:26 - 2013-08-02 22:13 - 01245696 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdc.dll
2014-01-16 19:26 - 2013-08-02 22:13 - 00437248 _____ (Microsoft Corporation) C:\windows\SysWOW64\wvc.dll
2014-01-16 19:26 - 2013-08-01 23:28 - 19758080 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2014-01-16 19:26 - 2013-08-01 23:28 - 00222208 _____ (Microsoft Corporation) C:\windows\system32\shdocvw.dll
2014-01-16 19:26 - 2013-08-01 22:08 - 17561088 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2014-01-16 19:26 - 2013-08-01 22:08 - 00199168 _____ (Microsoft Corporation) C:\windows\SysWOW64\shdocvw.dll
2014-01-16 19:26 - 2013-07-24 16:10 - 00158208 _____ (Microsoft Corporation) C:\windows\SysWOW64\mbsmsapi.dll
2014-01-16 19:26 - 2013-07-24 16:06 - 00225280 _____ (Microsoft Corporation) C:\windows\system32\mbsmsapi.dll
2014-01-16 19:26 - 2013-04-09 16:17 - 01125888 _____ (Microsoft Corporation) C:\windows\system32\msctf.dll
2014-01-16 19:26 - 2013-04-09 15:29 - 00893952 _____ (Microsoft Corporation) C:\windows\SysWOW64\msctf.dll
2014-01-16 19:17 - 2014-01-16 19:17 - 00000000 ___HD C:\Users\Ryan\AppData\Local\Macromedia
2014-01-16 19:17 - 2014-01-16 19:17 - 00000000 ___HD C:\Users\Ryan\AppData\Local\Adobe
2014-01-16 16:59 - 2014-01-16 16:59 - 00000000 _____ C:\Recovery.txt
2014-01-16 10:58 - 2014-01-16 10:59 - 00000000 ____D C:\windows\system32\MRT
2014-01-16 10:58 - 2014-01-06 17:20 - 86054176 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-01-16 10:53 - 2014-01-16 20:00 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2014-01-16 10:53 - 2014-01-16 10:53 - 00000000 ____D C:\windows\PCHEALTH
2014-01-16 10:53 - 2014-01-16 10:53 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2014-01-16 10:52 - 2014-01-16 10:52 - 00000000 ____D C:\Program Files\Microsoft Office
2014-01-16 10:51 - 2014-01-24 12:20 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-16 10:51 - 2014-01-16 10:51 - 00000000 ___HD C:\Users\Ryan\AppData\Local\Microsoft Help
2014-01-16 10:51 - 2014-01-16 10:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2014-01-16 10:50 - 2014-01-16 10:50 - 00000000 __RHD C:\MSOCache
2014-01-16 10:49 - 2014-01-24 11:54 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\DAEMON Tools Lite
2014-01-16 10:48 - 2014-01-16 10:50 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2014-01-16 10:47 - 2014-01-16 10:47 - 00929928 _____ (CNET Download.com) C:\Users\Ryan\Downloads\cbsidlm-cbsi171-DAEMON_Tools_Lite-SEO-10778842.exe
2014-01-16 10:45 - 2014-01-16 10:46 - 00000000 ___HD C:\Users\Ryan\Microsoft Office 2007 Enterprise Yellow Edition DiGiTAL
2014-01-16 10:04 - 2014-01-24 12:20 - 00000000 ____D C:\Users\Ryan\AppData\Local\Liquid Story Binder XE
2014-01-16 10:04 - 2014-01-24 11:54 - 00000000 ____D C:\Users\Ryan\Documents\My Liquid Story Binder XE
2014-01-16 09:51 - 2012-07-25 22:26 - 00000824 _____ C:\windows\system32\Drivers\etc\hosts.20140116-085153.backup
2014-01-16 01:56 - 2014-01-24 12:18 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-01-16 01:56 - 2014-01-23 19:29 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2014-01-16 01:56 - 2014-01-16 01:56 - 00001394 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-01-16 01:56 - 2014-01-16 01:56 - 00000000 ____D C:\windows\System32\Tasks\Safer-Networking
2014-01-16 01:56 - 2013-09-20 11:49 - 00021040 _____ (Safer Networking Limited) C:\windows\system32\sdnclean64.exe
2014-01-16 01:51 - 2014-01-16 01:52 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\Ryan\Downloads\spybot-2.2.exe
2014-01-16 01:42 - 2014-01-25 00:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2014-01-16 01:42 - 2014-01-24 11:54 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Mozilla
2014-01-16 01:42 - 2014-01-24 11:53 - 00000000 ____D C:\Users\Ryan\AppData\Local\Mozilla
2014-01-16 01:42 - 2014-01-16 01:42 - 00000000 ____D C:\ProgramData\Mozilla
2014-01-16 01:20 - 2014-01-16 01:20 - 00001190 _____ C:\Users\Public\Desktop\Liquid Story Binder XE.lnk
2014-01-16 01:20 - 2014-01-16 01:20 - 00000000 ____D C:\Program Files (x86)\Liquid Story Binder XE
2014-01-16 01:14 - 2014-01-16 01:14 - 00000000 ____H C:\Users\Ryan\agent.log
2014-01-16 01:10 - 2013-10-24 23:19 - 02241536 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-01-16 01:10 - 2013-10-24 23:19 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-01-16 01:10 - 2013-10-24 23:19 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\uxtheme.dll
2014-01-16 01:10 - 2013-10-24 23:19 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-01-16 01:10 - 2013-10-24 23:18 - 19271168 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-01-16 01:10 - 2013-10-24 23:18 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-01-16 01:10 - 2013-10-24 23:17 - 15404032 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-01-16 01:10 - 2013-10-24 23:17 - 03959808 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-01-16 01:10 - 2013-10-24 23:17 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-01-16 01:10 - 2013-10-24 23:17 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-01-16 01:10 - 2013-10-24 21:45 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-01-16 01:10 - 2013-10-24 21:44 - 14356992 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-01-16 01:10 - 2013-10-24 21:44 - 01140736 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-01-16 01:10 - 2013-10-24 21:43 - 13761536 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-01-16 01:10 - 2013-10-24 21:43 - 02877952 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-01-16 01:10 - 2013-10-24 21:43 - 02049024 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-01-16 01:10 - 2013-10-24 21:43 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-01-16 01:10 - 2013-10-24 21:43 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-01-16 01:10 - 2013-05-15 15:37 - 00044032 _____ (Microsoft Corporation) C:\windows\SysWOW64\UXInit.dll
2014-01-16 01:10 - 2013-05-15 15:35 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\UXInit.dll
2014-01-16 01:10 - 2013-05-14 06:14 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-01-16 01:10 - 2013-05-14 02:23 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-01-16 01:10 - 2013-02-21 03:29 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-01-16 01:10 - 2013-02-21 03:29 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-01-16 01:10 - 2013-02-21 03:29 - 00039424 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-01-16 01:10 - 2013-02-21 03:29 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-01-16 01:10 - 2013-02-21 03:14 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-01-16 01:10 - 2013-02-21 03:14 - 00053248 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-01-16 01:10 - 2013-02-19 02:53 - 00534528 _____ (Microsoft Corporation) C:\windows\SysWOW64\uxtheme.dll
2014-01-16 01:09 - 2013-10-18 22:45 - 00062976 _____ (Microsoft Corporation) C:\windows\system32\imagehlp.dll
2014-01-16 01:09 - 2013-10-18 21:04 - 00059392 _____ (Microsoft Corporation) C:\windows\SysWOW64\imagehlp.dll
2014-01-16 01:09 - 2013-10-10 04:53 - 00096600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\wfplwfs.sys
2014-01-16 01:09 - 2013-10-10 02:21 - 01160192 _____ (Microsoft Corporation) C:\windows\system32\IKEEXT.DLL
2014-01-16 01:09 - 2013-10-10 02:20 - 00723968 _____ (Microsoft Corporation) C:\windows\system32\BFE.DLL
2014-01-16 01:09 - 2013-09-03 20:11 - 00576512 _____ (Microsoft Corporation) C:\windows\system32\Drivers\afd.sys
2014-01-16 01:09 - 2013-07-05 17:15 - 00652288 _____ (Microsoft Corporation) C:\windows\system32\comctl32.dll
2014-01-16 01:09 - 2013-07-03 19:13 - 00541696 _____ (Microsoft Corporation) C:\windows\SysWOW64\comctl32.dll
2014-01-16 01:08 - 2013-10-08 18:33 - 00059416 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2014-01-16 01:08 - 2013-10-08 15:30 - 00628736 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2014-01-16 01:08 - 2013-10-08 15:30 - 00126976 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2014-01-16 01:08 - 2013-10-08 15:30 - 00084992 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2014-01-16 01:08 - 2013-10-08 15:30 - 00035328 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2014-01-16 01:08 - 2013-10-08 15:28 - 00040448 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2014-01-16 01:08 - 2013-10-08 15:27 - 03279872 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2014-01-16 01:08 - 2013-10-08 15:27 - 01622016 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2014-01-16 01:08 - 2013-10-08 15:27 - 00773120 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2014-01-16 01:08 - 2013-10-08 15:27 - 00252928 _____ (Microsoft Corporation) C:\windows\system32\WUSettingsProvider.dll
2014-01-16 01:08 - 2013-10-08 15:27 - 00175104 _____ (Microsoft Corporation) C:\windows\system32\storewuauth.dll
2014-01-16 01:08 - 2013-10-08 15:27 - 00142848 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2014-01-16 01:08 - 2013-10-08 15:27 - 00099328 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2014-01-16 01:08 - 2013-10-04 23:10 - 00285016 _____ (Microsoft Corporation) C:\windows\system32\Drivers\spaceport.sys
2014-01-16 01:08 - 2013-10-02 16:25 - 01300992 _____ (Microsoft Corporation) C:\windows\system32\gdi32.dll
2014-01-16 01:08 - 2013-10-01 19:50 - 00447320 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBHUB3.SYS
2014-01-16 01:08 - 2013-10-01 15:22 - 01022976 _____ (Microsoft Corporation) C:\windows\SysWOW64\gdi32.dll
2014-01-16 01:08 - 2013-09-27 22:48 - 00778752 _____ (Microsoft Corporation) C:\windows\system32\oleaut32.dll
2014-01-16 01:08 - 2013-09-27 20:58 - 00551424 _____ (Microsoft Corporation) C:\windows\SysWOW64\oleaut32.dll
2014-01-16 01:08 - 2013-09-19 00:32 - 01455448 _____ (Microsoft Corporation) C:\windows\system32\Drivers\dxgkrnl.sys
2014-01-16 01:08 - 2013-08-29 22:19 - 00626688 _____ (Microsoft Corporation) C:\windows\system32\resutils.dll
2014-01-16 01:08 - 2013-08-29 22:18 - 00374784 _____ (Microsoft Corporation) C:\windows\system32\clusapi.dll
2014-01-16 01:08 - 2013-08-29 16:48 - 00488960 _____ (Microsoft Corporation) C:\windows\SysWOW64\resutils.dll
2014-01-16 01:08 - 2013-08-29 16:47 - 00302080 _____ (Microsoft Corporation) C:\windows\SysWOW64\clusapi.dll
2014-01-16 01:07 - 2013-09-13 15:36 - 00247296 _____ (Microsoft Corporation) C:\windows\SysWOW64\ubpm.dll
2014-01-16 01:07 - 2013-09-13 15:33 - 00328192 _____ (Microsoft Corporation) C:\windows\system32\ubpm.dll
2014-01-16 01:07 - 2013-08-29 22:43 - 00061784 _____ (Microsoft Corporation) C:\windows\system32\Drivers\crashdmp.sys
2014-01-16 01:07 - 2013-08-29 22:20 - 01173504 _____ (Microsoft Corporation) C:\windows\system32\UIAutomationCore.dll
2014-01-16 01:07 - 2013-08-29 16:48 - 00914432 _____ (Microsoft Corporation) C:\windows\SysWOW64\UIAutomationCore.dll
2014-01-16 01:07 - 2013-08-20 23:39 - 00465240 _____ (Microsoft Corporation) C:\windows\system32\Drivers\fvevol.sys
2014-01-16 01:07 - 2013-08-09 23:30 - 00151896 _____ (Microsoft Corporation) C:\windows\system32\Drivers\tpm.sys
2014-01-16 01:07 - 2013-08-09 22:21 - 00817152 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2014-01-16 01:07 - 2013-08-09 20:58 - 00656896 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2014-01-16 01:07 - 2013-07-24 16:10 - 10799104 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.UI.Xaml.dll
2014-01-16 01:07 - 2013-07-24 16:07 - 13661696 _____ (Microsoft Corporation) C:\windows\system32\Windows.UI.Xaml.dll
2014-01-16 01:07 - 2013-07-11 18:38 - 00599040 _____ (Microsoft Corporation) C:\windows\system32\WSDApi.dll
2014-01-16 01:07 - 2013-07-11 18:30 - 00485376 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSDApi.dll
2014-01-16 01:06 - 2013-07-05 15:02 - 00099328 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbcir.sys
2014-01-16 01:06 - 2013-07-05 15:01 - 00210560 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbvideo.sys
2014-01-16 01:06 - 2013-07-01 15:14 - 00025600 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbprint.sys
2014-01-16 01:06 - 2013-06-28 20:08 - 00032768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\hidparse.sys
2014-01-16 01:06 - 2013-06-21 22:45 - 00785624 _____ (Microsoft Corporation) C:\windows\system32\Drivers\Wdf01000.sys
2014-01-16 01:06 - 2013-06-21 22:45 - 00054488 _____ (Microsoft Corporation) C:\windows\system32\Drivers\WdfLdr.sys
2014-01-16 01:05 - 2013-10-01 16:37 - 01569280 _____ (Microsoft Corporation) C:\windows\SysWOW64\crypt32.dll
2014-01-16 01:05 - 2013-10-01 16:26 - 01890816 _____ (Microsoft Corporation) C:\windows\system32\crypt32.dll
2014-01-16 01:03 - 2013-10-30 22:56 - 00915968 _____ (Microsoft Corporation) C:\windows\system32\MPSSVC.dll
2014-01-16 01:03 - 2013-10-30 22:56 - 00758784 _____ (Microsoft Corporation) C:\windows\system32\FirewallAPI.dll
2014-01-16 01:03 - 2013-10-30 21:01 - 00550400 _____ (Microsoft Corporation) C:\windows\SysWOW64\FirewallAPI.dll
2014-01-16 01:03 - 2013-10-30 20:42 - 00074752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mpsdrv.sys
2014-01-16 01:03 - 2013-10-27 22:50 - 00588288 _____ (Microsoft Corporation) C:\windows\system32\SHCore.dll
2014-01-16 01:03 - 2013-10-27 21:05 - 00452608 _____ (Microsoft Corporation) C:\windows\SysWOW64\SHCore.dll
2014-01-16 01:03 - 2013-10-13 13:49 - 00100696 _____ (Microsoft Corporation) C:\windows\system32\Drivers\disk.sys
2014-01-16 01:03 - 2013-09-23 15:30 - 00419328 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2014-01-16 01:03 - 2013-09-23 15:30 - 00323072 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2014-01-16 01:03 - 2013-08-26 22:21 - 00227840 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll
2014-01-16 01:03 - 2013-08-26 22:19 - 00104448 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll
2014-01-16 01:03 - 2013-08-26 15:29 - 00199168 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll
2014-01-16 01:03 - 2013-08-26 15:28 - 00086016 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll
2014-01-16 01:03 - 2013-05-26 16:17 - 00035328 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2014-01-16 01:03 - 2013-05-26 15:59 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2014-01-16 01:03 - 2013-05-24 20:15 - 00362496 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2014-01-16 01:03 - 2013-05-24 19:32 - 00300032 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2014-01-16 01:02 - 2013-10-10 02:32 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\cscript.exe
2014-01-16 01:02 - 2013-10-10 02:30 - 00162304 _____ (Microsoft Corporation) C:\windows\SysWOW64\scrobj.dll
2014-01-16 01:02 - 2013-10-10 02:30 - 00156160 _____ (Microsoft Corporation) C:\windows\SysWOW64\scrrun.dll
2014-01-16 01:02 - 2013-10-10 02:24 - 00143872 _____ (Microsoft Corporation) C:\windows\system32\wshom.ocx
2014-01-16 01:02 - 2013-10-10 02:23 - 00146944 _____ (Microsoft Corporation) C:\windows\system32\cscript.exe
2014-01-16 01:02 - 2013-10-10 02:22 - 00222720 _____ (Microsoft Corporation) C:\windows\system32\scrobj.dll
2014-01-16 01:02 - 2013-10-10 02:22 - 00194048 _____ (Microsoft Corporation) C:\windows\system32\scrrun.dll
2014-01-16 01:02 - 2013-08-23 00:22 - 02062848 _____ (Microsoft Corporation) C:\windows\system32\d3d11.dll
2014-01-16 01:02 - 2013-08-22 18:44 - 01711616 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d11.dll
2014-01-16 01:02 - 2013-07-19 15:13 - 00124112 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2014-01-16 01:02 - 2013-07-19 15:13 - 00102608 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2014-01-16 01:02 - 2013-07-01 18:41 - 00337752 _____ (Microsoft Corporation) C:\windows\system32\Drivers\USBXHCI.SYS
2014-01-16 01:02 - 2013-07-01 18:41 - 00213336 _____ (Microsoft Corporation) C:\windows\system32\Drivers\UCX01000.SYS
2014-01-16 01:02 - 2013-06-30 18:42 - 00623448 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbhub.sys
2014-01-16 01:02 - 2013-06-30 18:42 - 00498008 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbport.sys
2014-01-16 01:02 - 2013-06-30 18:42 - 00079192 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbehci.sys
2014-01-16 01:02 - 2013-06-30 18:42 - 00021848 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbd.sys
2014-01-16 01:02 - 2013-06-28 20:07 - 00032256 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbuhci.sys
2014-01-16 01:02 - 2013-06-28 20:06 - 00120832 _____ (Microsoft Corporation) C:\windows\system32\Drivers\usbccgp.sys
2014-01-16 01:01 - 2013-12-06 23:37 - 00688640 _____ (Microsoft Corporation) C:\windows\system32\WSShared.dll
2014-01-16 01:01 - 2013-12-06 23:37 - 00163840 _____ (Microsoft Corporation) C:\windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-16 01:01 - 2013-12-06 22:15 - 00562688 _____ (Microsoft Corporation) C:\windows\SysWOW64\WSShared.dll
2014-01-16 01:01 - 2013-12-06 22:15 - 00124928 _____ (Microsoft Corporation) C:\windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2014-01-16 01:01 - 2013-11-22 23:43 - 00420864 _____ (Microsoft Corporation) C:\windows\system32\WMPhoto.dll
2014-01-16 01:01 - 2013-11-22 22:05 - 00368640 _____ (Microsoft Corporation) C:\windows\SysWOW64\WMPhoto.dll
2014-01-16 01:01 - 2013-11-06 16:18 - 04036608 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-01-16 01:01 - 2013-10-31 22:38 - 00312320 _____ (Microsoft Corporation) C:\windows\system32\msieftp.dll
2014-01-16 01:01 - 2013-10-31 20:49 - 00273408 _____ (Microsoft Corporation) C:\windows\SysWOW64\msieftp.dll
2014-01-16 01:01 - 2013-10-01 16:37 - 02035712 _____ (Microsoft Corporation) C:\windows\SysWOW64\authui.dll
2014-01-16 01:01 - 2013-10-01 16:26 - 02304512 _____ (Microsoft Corporation) C:\windows\system32\authui.dll
2014-01-16 01:01 - 2013-09-27 20:35 - 00288768 _____ (Microsoft Corporation) C:\windows\system32\Drivers\portcls.sys
2014-01-16 01:01 - 2013-08-01 23:28 - 10116608 _____ (Microsoft Corporation) C:\windows\system32\twinui.dll
2014-01-16 01:01 - 2013-08-01 22:08 - 08858112 _____ (Microsoft Corporation) C:\windows\SysWOW64\twinui.dll
2014-01-16 01:01 - 2013-03-21 20:49 - 02382336 _____ (Microsoft Corporation) C:\windows\SysWOW64\esent.dll
2014-01-16 01:01 - 2013-03-21 15:47 - 02851840 _____ (Microsoft Corporation) C:\windows\system32\esent.dll
2014-01-16 00:57 - 2014-01-25 03:59 - 00003600 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1686866100-2634972451-2522554543-1002
2014-01-16 00:52 - 2014-01-24 02:51 - 00000000 ____D C:\ProgramData\EPSON
2014-01-16 00:52 - 2014-01-24 02:50 - 00000000 ____D C:\Program Files\Common Files\EPSON
2014-01-16 00:52 - 2012-09-27 12:02 - 00120320 _____ (SEIKO EPSON CORPORATION) C:\windows\system32\E_YLMJJE.DLL
2014-01-16 00:52 - 2012-09-27 12:02 - 00083968 _____ (SEIKO EPSON CORPORATION) C:\windows\system32\E_YD4BJJE.DLL
2014-01-16 00:52 - 2012-09-27 12:02 - 00010752 _____ (SEIKO EPSON CORP.) C:\windows\system32\E_GCINST.DLL
2014-01-16 00:51 - 2014-01-16 00:51 - 00000000 ___HD C:\Users\Ryan\AppData\Roaming\Intel Corporation
2014-01-16 00:51 - 2014-01-16 00:51 - 00000000 ____D C:\ProgramData\Energy Management
2014-01-16 00:50 - 2014-01-16 19:39 - 00000000 ___RD C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-16 00:50 - 2014-01-16 19:39 - 00000000 ___RD C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-01-16 00:50 - 2014-01-16 00:50 - 00001445 _____ C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-16 00:50 - 2014-01-16 00:50 - 00000139 _____ C:\Users\Public\Desktop\eBay.url
2014-01-16 00:50 - 2014-01-16 00:50 - 00000000 ____D C:\ProgramData\eBay
2014-01-16 00:49 - 2014-01-26 01:26 - 00000000 ___HD C:\Users\Ryan\AppData\Local\VirtualStore
2014-01-16 00:49 - 2014-01-24 11:54 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Intel
2014-01-16 00:49 - 2014-01-24 11:54 - 00000000 ____D C:\Users\Ryan\AppData\Local\Packages
2014-01-16 00:49 - 2014-01-16 00:49 - 00000020 ___SH C:\Users\Ryan\ntuser.ini
2014-01-16 00:49 - 2014-01-16 00:49 - 00000000 ___HD C:\Users\Ryan\AppData\Roaming\Macromedia
2014-01-16 00:49 - 2014-01-16 00:49 - 00000000 ___HD C:\Users\Ryan\AppData\Roaming\Adobe
2014-01-16 00:48 - 2014-01-24 12:21 - 00000000 ___RD C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-01-16 00:48 - 2014-01-24 12:21 - 00000000 ___RD C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-01-16 00:48 - 2014-01-24 12:21 - 00000000 ___RD C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-01-16 00:48 - 2014-01-24 12:04 - 00000000 ____D C:\Users\Ryan
2014-01-16 00:48 - 2014-01-24 11:54 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2014-01-16 00:48 - 2014-01-16 00:51 - 00001133 _____ C:\Users\Ryan\Desktop\Cyberlink Power2Go.lnk
2014-01-16 00:48 - 2013-02-04 15:18 - 00000189 ____H C:\Users\Ryan\Desktop\Lenovo Telephony Start Now.url
2014-01-16 00:48 - 2012-07-26 01:13 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

==================== One Month Modified Files and Folders =======

2014-01-26 13:33 - 2014-01-26 13:33 - 00017118 _____ C:\Users\Ryan\Desktop\FRST.txt
2014-01-26 13:33 - 2014-01-26 13:33 - 00000000 ____D C:\Users\Ryan\Desktop\FRST-OlderVersion
2014-01-26 13:33 - 2014-01-25 01:23 - 02078208 _____ (Farbar) C:\Users\Ryan\Desktop\FRST64.exe
2014-01-26 13:33 - 2014-01-24 23:51 - 00000000 ____D C:\FRST
2014-01-26 13:31 - 2014-01-26 01:26 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Nitro PDF
2014-01-26 13:31 - 2014-01-23 20:51 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Skype
2014-01-26 13:29 - 2013-03-25 14:02 - 00045654 _____ C:\windows\PFRO.log
2014-01-26 13:29 - 2012-07-26 00:22 - 00000006 ____H C:\windows\Tasks\SA.DAT
2014-01-26 13:28 - 2013-12-22 11:02 - 00002560 _____ C:\windows\system32\VfService.trf
2014-01-26 13:27 - 2014-01-26 13:18 - 00000000 ____D C:\AdwCleaner
2014-01-26 13:17 - 2014-01-26 13:17 - 01236282 _____ C:\Users\Ryan\Downloads\AdwCleaner.exe
2014-01-26 12:47 - 2013-12-22 10:02 - 01858367 _____ C:\windows\WindowsUpdate.log
2014-01-26 12:44 - 2013-12-22 11:02 - 00001855 _____ C:\Users\Public\Desktop\McAfee Internet Security.lnk
2014-01-26 12:40 - 2012-07-26 00:28 - 00850046 _____ C:\windows\system32\PerfStringBackup.INI
2014-01-26 12:37 - 2012-07-26 01:12 - 00000000 ____D C:\windows\system32\sru
2014-01-26 01:26 - 2014-01-16 00:49 - 00000000 ___HD C:\Users\Ryan\AppData\Local\VirtualStore
2014-01-26 00:11 - 2014-01-26 00:08 - 00000260 _____ C:\folders.log
2014-01-26 00:11 - 2014-01-26 00:08 - 00000000 ____D C:\zoek
2014-01-26 00:11 - 2014-01-26 00:02 - 00005553 _____ C:\zoek-results.log
2014-01-26 00:11 - 2014-01-26 00:02 - 00003385 _____ C:\runcheck.txt
2014-01-26 00:09 - 2014-01-26 00:02 - 00000000 ____D C:\zoek_backup
2014-01-26 00:01 - 2014-01-26 00:01 - 01283072 _____ C:\Users\Ryan\Downloads\zoek.exe
2014-01-25 14:38 - 2012-07-26 01:12 - 00000000 ____D C:\windows\AUInstallAgent
2014-01-25 03:59 - 2014-01-16 00:57 - 00003600 _____ C:\windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1686866100-2634972451-2522554543-1002
2014-01-25 00:02 - 2014-01-25 00:02 - 00001162 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-01-25 00:02 - 2014-01-25 00:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2014-01-25 00:02 - 2014-01-16 01:42 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2014-01-24 23:53 - 2014-01-24 23:53 - 00000105 _____ C:\Users\Ryan\Desktop\Addition.txt
2014-01-24 13:00 - 2012-07-26 01:12 - 00000000 ___RD C:\windows\ImmersiveControlPanel
2014-01-24 13:00 - 2012-07-26 01:12 - 00000000 ____D C:\windows\system32\WinMetadata
2014-01-24 13:00 - 2012-07-25 22:38 - 00000000 ____D C:\windows\system32\Dism
2014-01-24 13:00 - 2012-07-25 22:37 - 00000000 ____D C:\windows\servicing
2014-01-24 12:23 - 2012-07-26 01:12 - 00000000 ____D C:\windows\rescache
2014-01-24 12:22 - 2014-01-24 12:22 - 00134926 _____ C:\Users\Ryan\Desktop\OTL.Txt
2014-01-24 12:22 - 2014-01-24 12:22 - 00065354 _____ C:\Users\Ryan\Desktop\Extras.Txt
2014-01-24 12:22 - 2012-07-26 01:12 - 00000000 ___HD C:\windows\ELAMBKUP
2014-01-24 12:21 - 2014-01-16 00:48 - 00000000 ___RD C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2014-01-24 12:21 - 2014-01-16 00:48 - 00000000 ___RD C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2014-01-24 12:21 - 2014-01-16 00:48 - 00000000 ___RD C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2014-01-24 12:20 - 2014-01-23 20:51 - 00000000 ____D C:\ProgramData\Skype
2014-01-24 12:20 - 2014-01-16 10:51 - 00000000 ____D C:\ProgramData\Microsoft Help
2014-01-24 12:20 - 2014-01-16 10:04 - 00000000 ____D C:\Users\Ryan\AppData\Local\Liquid Story Binder XE
2014-01-24 12:18 - 2014-01-23 20:51 - 00000000 ___RD C:\Program Files (x86)\Skype
2014-01-24 12:18 - 2014-01-23 20:07 - 00000000 ____D C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-01-24 12:18 - 2014-01-16 01:56 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-01-24 12:14 - 2014-01-24 12:14 - 00602112 _____ (OldTimer Tools) C:\Users\Ryan\Desktop\OTL.exe
2014-01-24 12:04 - 2014-01-16 00:48 - 00000000 ____D C:\Users\Ryan
2014-01-24 12:04 - 2013-12-22 11:01 - 00000000 ____D C:\Program Files (x86)\McAfee
2014-01-24 12:00 - 2012-07-26 01:12 - 00000000 ____D C:\windows\registration
2014-01-24 11:54 - 2014-01-23 20:52 - 00000000 ____D C:\Users\Ryan\AppData\Local\Skype
2014-01-24 11:54 - 2014-01-23 20:07 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Malwarebytes
2014-01-24 11:54 - 2014-01-16 10:49 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\DAEMON Tools Lite
2014-01-24 11:54 - 2014-01-16 10:04 - 00000000 ____D C:\Users\Ryan\Documents\My Liquid Story Binder XE
2014-01-24 11:54 - 2014-01-16 01:42 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Mozilla
2014-01-24 11:54 - 2014-01-16 00:49 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Intel
2014-01-24 11:54 - 2014-01-16 00:49 - 00000000 ____D C:\Users\Ryan\AppData\Local\Packages
2014-01-24 11:54 - 2014-01-16 00:48 - 00000000 ____D C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo
2014-01-24 11:53 - 2014-01-23 20:07 - 00000000 ____D C:\ProgramData\Malwarebytes
2014-01-24 11:53 - 2014-01-16 01:42 - 00000000 ____D C:\Users\Ryan\AppData\Local\Mozilla
2014-01-24 11:53 - 2013-12-22 11:01 - 00000000 ____D C:\ProgramData\McAfee
2014-01-24 11:53 - 2013-12-22 11:01 - 00000000 ____D C:\Program Files\Common Files\mcafee
2014-01-24 03:58 - 2012-07-25 22:26 - 00262144 ___SH C:\windows\system32\config\ELAM
2014-01-24 02:51 - 2014-01-16 00:52 - 00000000 ____D C:\ProgramData\EPSON
2014-01-24 02:50 - 2014-01-16 00:52 - 00000000 ____D C:\Program Files\Common Files\EPSON
2014-01-23 20:51 - 2014-01-23 20:51 - 00002697 _____ C:\Users\Public\Desktop\Skype.lnk
2014-01-23 20:46 - 2014-01-23 20:45 - 01659552 _____ (Skype Technologies S.A.) C:\Users\Ryan\Downloads\SkypeSetup(2).exe
2014-01-23 20:38 - 2012-07-25 22:26 - 00262144 ___SH C:\windows\system32\config\BBI
2014-01-23 20:07 - 2014-01-23 20:07 - 00001124 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2014-01-23 20:06 - 2014-01-23 20:06 - 10285040 _____ (Malwarebytes Corporation ) C:\Users\Ryan\Downloads\mbam-setup-1.75.0.1300.exe
2014-01-23 19:29 - 2014-01-16 01:56 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2014-01-23 16:59 - 2012-07-25 22:26 - 00000167 _____ C:\windows\win.ini
2014-01-23 14:41 - 2014-01-23 14:41 - 00000060 _____ C:\Users\Ryan\AppData\Roaming\WB.CFG
2014-01-23 13:41 - 2014-01-23 13:41 - 00000978 _____ C:\Users\Public\Desktop\Optimize Your PC.lnk
2014-01-23 13:40 - 2014-01-23 13:34 - 20586496 _____ C:\Users\Ryan\Downloads\SkypeSetup.exe
2014-01-23 13:38 - 2014-01-23 13:38 - 00753040 _____ ( ) C:\Users\Ryan\Downloads\SkypeSetup(1).exe
2014-01-23 13:36 - 2014-01-23 13:36 - 20586496 _____ C:\Users\Ryan\Downloads\SkypeSetup [1].exe
2014-01-23 13:25 - 2014-01-23 13:25 - 00000000 ____D C:\Users\ADMINI~1
2014-01-23 12:37 - 2014-01-16 19:33 - 00433640 _____ C:\windows\system32\FNTCACHE.DAT
2014-01-16 20:02 - 2014-01-16 20:02 - 00000000 ____D C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
2014-01-16 20:00 - 2014-01-16 10:53 - 00000000 ____D C:\Program Files (x86)\Microsoft Works
2014-01-16 19:57 - 2014-01-16 19:57 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2014-01-16 19:57 - 2014-01-16 19:57 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2014-01-16 19:39 - 2014-01-16 00:50 - 00000000 ___RD C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-16 19:39 - 2014-01-16 00:50 - 00000000 ___RD C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-01-16 19:32 - 2012-07-26 01:12 - 00000000 ___RD C:\windows\ToastData
2014-01-16 19:31 - 2014-01-16 19:31 - 00000000 ____D C:\windows\SysWOW64\NV
2014-01-16 19:31 - 2014-01-16 19:31 - 00000000 ____D C:\windows\system32\NV
2014-01-16 19:31 - 2013-12-22 10:20 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-16 19:29 - 2014-01-16 19:29 - 00000000 ____H C:\windows\system32\Drivers\Msft_Kernel_iBtFltCoex_01009.Wdf
2014-01-16 19:29 - 2014-01-16 19:29 - 00000000 ____D C:\iBTWU
2014-01-16 19:29 - 2012-07-26 00:21 - 00028457 _____ C:\windows\setupact.log
2014-01-16 19:27 - 2013-12-22 11:04 - 00000000 ____D C:\ProgramData\Office2013
2014-01-16 19:27 - 2013-12-22 10:50 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2014-01-16 19:17 - 2014-01-16 19:17 - 00000000 ___HD C:\Users\Ryan\AppData\Local\Macromedia
2014-01-16 19:17 - 2014-01-16 19:17 - 00000000 ___HD C:\Users\Ryan\AppData\Local\Adobe
2014-01-16 19:10 - 2012-07-26 01:12 - 00000000 ____D C:\windows\WinStore
2014-01-16 19:10 - 2012-07-26 01:12 - 00000000 ____D C:\windows\system32\SecureBootUpdates
2014-01-16 19:10 - 2012-07-26 01:12 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2014-01-16 16:59 - 2014-01-16 16:59 - 00000000 _____ C:\Recovery.txt
2014-01-16 16:59 - 2012-07-26 01:13 - 00262144 _____ C:\windows\system32\config\BCD-Template
2014-01-16 10:59 - 2014-01-16 10:58 - 00000000 ____D C:\windows\system32\MRT
2014-01-16 10:56 - 2012-07-25 22:38 - 00000000 ____D C:\windows\system32\oobe
2014-01-16 10:53 - 2014-01-16 10:53 - 00000000 ____D C:\windows\PCHEALTH
2014-01-16 10:53 - 2014-01-16 10:53 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio
2014-01-16 10:53 - 2013-03-25 14:07 - 00000000 ____D C:\Program Files (x86)\MSBuild
2014-01-16 10:53 - 2012-07-26 00:52 - 00000000 ____D C:\windows\ShellNew
2014-01-16 10:52 - 2014-01-16 10:52 - 00000000 ____D C:\Program Files\Microsoft Office
2014-01-16 10:51 - 2014-01-16 10:51 - 00000000 ___HD C:\Users\Ryan\AppData\Local\Microsoft Help
2014-01-16 10:51 - 2014-01-16 10:51 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 8
2014-01-16 10:50 - 2014-01-16 10:50 - 00000000 __RHD C:\MSOCache
2014-01-16 10:50 - 2014-01-16 10:48 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2014-01-16 10:47 - 2014-01-16 10:47 - 00929928 _____ (CNET Download.com) C:\Users\Ryan\Downloads\cbsidlm-cbsi171-DAEMON_Tools_Lite-SEO-10778842.exe
2014-01-16 10:46 - 2014-01-16 10:45 - 00000000 ___HD C:\Users\Ryan\Microsoft Office 2007 Enterprise Yellow Edition DiGiTAL
2014-01-16 01:56 - 2014-01-16 01:56 - 00001394 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2014-01-16 01:56 - 2014-01-16 01:56 - 00000000 ____D C:\windows\System32\Tasks\Safer-Networking
2014-01-16 01:52 - 2014-01-16 01:51 - 40658208 _____ (Safer-Networking Ltd. ) C:\Users\Ryan\Downloads\spybot-2.2.exe
2014-01-16 01:42 - 2014-01-16 01:42 - 00000000 ____D C:\ProgramData\Mozilla
2014-01-16 01:20 - 2014-01-16 01:20 - 00001190 _____ C:\Users\Public\Desktop\Liquid Story Binder XE.lnk
2014-01-16 01:20 - 2014-01-16 01:20 - 00000000 ____D C:\Program Files (x86)\Liquid Story Binder XE
2014-01-16 01:14 - 2014-01-16 01:14 - 00000000 ____H C:\Users\Ryan\agent.log
2014-01-16 00:54 - 2013-12-22 11:08 - 00000000 ____D C:\windows\System32\Tasks\Lenovo
2014-01-16 00:54 - 2013-12-22 10:28 - 00000000 ____D C:\ProgramData\Intel
2014-01-16 00:51 - 2014-01-16 00:51 - 00000000 ___HD C:\Users\Ryan\AppData\Roaming\Intel Corporation
2014-01-16 00:51 - 2014-01-16 00:51 - 00000000 ____D C:\ProgramData\Energy Management
2014-01-16 00:51 - 2014-01-16 00:48 - 00001133 _____ C:\Users\Ryan\Desktop\Cyberlink Power2Go.lnk
2014-01-16 00:50 - 2014-01-16 00:50 - 00001445 _____ C:\Users\Ryan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-01-16 00:50 - 2014-01-16 00:50 - 00000139 _____ C:\Users\Public\Desktop\eBay.url
2014-01-16 00:50 - 2014-01-16 00:50 - 00000000 ____D C:\ProgramData\eBay
2014-01-16 00:50 - 2013-12-22 10:48 - 00114237 _____ C:\windows\modules.log
2014-01-16 00:49 - 2014-01-16 00:49 - 00000020 ___SH C:\Users\Ryan\ntuser.ini
2014-01-16 00:49 - 2014-01-16 00:49 - 00000000 ___HD C:\Users\Ryan\AppData\Roaming\Macromedia
2014-01-16 00:49 - 2014-01-16 00:49 - 00000000 ___HD C:\Users\Ryan\AppData\Roaming\Adobe
2014-01-09 01:02 - 2012-07-26 01:14 - 00694240 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-01-09 01:02 - 2012-07-26 01:14 - 00078296 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-01-06 17:20 - 2014-01-16 10:58 - 86054176 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-01-26 13:11

==================== End Of Log ============================
  • 0

Advertisements

#11
emeraldnzl
Posted 26 January 2014 - 02:46 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Hello again Lydor,

Please run a free online scan with the ESET Online Scanner

Vista / Win7 users: Right-click on the either the IE or FF icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run as Administrator.

Note: This scan works with Internet Explorer or Mozilla FireFox.

If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.

  • Click the green ESET Online Scanner box
  • Tick the box next to YES, I accept the Terms of Use
    then click on: Start
  • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.
  • Make sure that the option Scan archives is checked.
  • If you are given an option to quarantine files ensure the scan is set to do so.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Click on Start
  • The virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically. The scan may take several hours.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close, before you do that though, make sure you copy the logfile to notepad somewhere you can find it again
  • Then click on: Finish
  • Copy and paste that log as a reply to this topic and tell me how your machine is now.

  • 0

#12
Lydor
Posted 27 January 2014 - 03:18 PM

Lydor

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
C:\FRST\Quarantine\UpdateProc\UpdateTask.exe a variant of Win32/DealPly.H application cleaned by deleting - quarantined
C:\Users\Ryan\Downloads\cbsidlm-cbsi171-DAEMON_Tools_Lite-SEO-10778842.exe a variant of Win32/CNETInstaller.B application cleaned by deleting - quarantined
C:\Users\Ryan\Downloads\SkypeSetup(1).exe Win32/InstallCore.IY application cleaned by deleting - quarantined


The laptop is running smoothly, but I still cannot open firefox and only get a message of

"Firefox is already running, but is not responding. To open a new window, you must first close the existing Firefox process, or restart your system."
  • 0

#13
emeraldnzl
Posted 27 January 2014 - 03:25 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts

"Firefox is already running, but is not responding. To open a new window, you must first close the existing Firefox process, or restart your system."


Try resetting Firefox to see if that helps matters.

Go to the link below for instructions:

https://support.mozi...x-most-problems

Tell me how you get on.
  • 0

#14
Lydor
Posted 27 January 2014 - 04:09 PM

Lydor

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
I cant follow those instructions, because I cannot open a firefox browser to get to the orange firefox button.
  • 0

#15
emeraldnzl
Posted 27 January 2014 - 04:13 PM

emeraldnzl

    GeekU Instructor

  • GeekU Moderator
  • 20,051 posts
Oh dear that won't work then. :rolleyes:

This might be a better approach.

Reinstall Firefox.

Please go to Uninstall Firefox and follow the instructions for uninstalling Firefox but don't tick the box to Remove my Firefox personal data and customizations.

After that reinstall Firefox.

Note: If you do not have the Firefox Installer on your machine you will need to download it from here.

Come back and tell me if that has made a difference.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP