Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Microsoft Security Essentials won't open virus? [Solved]


  • This topic is locked This topic is locked

#1
daniel.karakas

daniel.karakas

    Member

  • Member
  • PipPip
  • 94 posts
Hi, I tried to do a virus scan and noticed no MSecurityEssentials. When I tried to open it under programs I get this message: "Windows can't open specified file. You might not have the permission." I am running Windows 7.

Recently on Chrome I have been getting redirected to other sites. Afraid I might have click something by accident and contracted something Malwarebytes does not pick up anything. Does not happen on Firefox.

Thanks again, in advance!

Edited by daniel.karakas, 22 March 2014 - 08:44 AM.

  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there, could you run the following programme and post the two logs please

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

  • 0

#3
daniel.karakas

daniel.karakas

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts
Hi, thanks GeekU!

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by dale (administrator) on ASM52A2200 on 22-03-2014 12:23:02
Running from C:\Users\dale\Downloads
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(ABBYY) C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Microsoft Corporation) C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Encarta\Encarta World English Dictionary\Qshlfed.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
(Synaptics, Inc.) C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio64.exe
(KMP Media co.,Ltd) C:\Program Files (x86)\The KMPlayer\KMPlayer.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe
(Microsoft Corporation) C:\Windows\system32\prevhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Microsoft Corporation) C:\Windows\splwow64.exe
(Google) C:\Users\dale\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-08-12] ()
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] - C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1985824 2013-07-25] (Wondershare)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3623806083-1760329146-3607088104-1000\...\Run: [Google Update] - C:\Users\dale\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-06-25] (Google Inc.)
HKU\S-1-5-21-3623806083-1760329146-3607088104-1000\...\Run: [Google Update*] - [X] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKU\S-1-5-21-3623806083-1760329146-3607088104-1000\...\MountPoints2: {ccbed0aa-aebb-11e1-ad1c-001f16922226} - "E:\WD SmartWare.exe" autoplay=true
IFEO\notepad.exe: [Debugger] "C:\Program Files\Notepad2\Notepad2.exe" /z
Startup: C:\Users\dale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Encarta Dictionary Quickshelf.lnk
ShortcutTarget: Encarta Dictionary Quickshelf.lnk -> C:\Program Files (x86)\Microsoft Encarta\Encarta World English Dictionary\Qshlfed.exe (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

BHO: SMART Notebook Download Utility - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files (x86)\SMART Technologies\Education Software\Win64\NotebookPlugin.dll No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: No Name - {8984B388-A5BB-4DF7-B274-77B879E179DB} - No File
BHO-x32: iFinger plugin / Browser helper object - {A114D52B-870C-4F15-8021-B6D7F91A054B} - C:\Program Files (x86)\iFinger\plugins\IE.ifp (iFinger Ltd)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {09900DE8-1DCA-443F-9243-26FF581438AF} - No File
DPF: HKLM-x32 {0C615F36-0C1C-497B-B9E4-833B0D7AA8CA} http://24.80.232.13:81/NetViewX.cab
DPF: HKLM-x32 {556EEC63-31E2-47C3-BF29-DFF799D2FE04} https://secure.logme...?rnd=1069883935
DPF: HKLM-x32 {A4110378-789B-455F-AE86-3A1BFC402853} http://zone.msn.com/...vl.cab55579.cab
DPF: HKLM-x32 {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...k.cab102118.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100
Handler: ms-its51 - {F6F1E82D-DE4D-11D2-875C-0000F8105754} - No File
Handler-x32: ms-its51 - {F6F1E82D-DE4D-11D2-875C-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\itss51.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\dale\AppData\Roaming\Mozilla\Firefox\Profiles\iwq6usy8.default-1383615222522
FF Homepage: https://www.google.c...mNuLWyQGHt4HYBw
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/wpi,version=1.4 - C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll (Microsoft Corp)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1205146.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/wpi,version=1.4 - C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll (Microsoft Corp)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 - C:\Program Files (x86)\TELUS_Activation_11\npMotive.dll (Alcatel-Lucent)
FF Plugin-x32: NitroPDF - C:\Program Files (x86)\Nitro PDF\Reader\npnitromozilla.dll ( )
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\dale\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\dale\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\dale\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\dale\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\dale\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\dale\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\dale\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)

==================== Services (Whitelisted) =================

R2 ABBYY.Licensing.FineReader.Professional.11.0; C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe [818952 2011-12-22] (ABBYY)
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2011-03-16] (Alcatel-Lucent)
R2 MsDepSvc; C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [67400 2011-04-01] (Microsoft Corporation)
S2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-08-12] ()
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57820696 2008-07-10] (Microsoft Corporation)
R2 MySQL; C:\Program Files\MySQL\MySQL Server 5.1\my.ini [8915 2012-05-05] ()
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-08-12] ()
R2 NitroReaderDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [341296 2011-06-21] (Nitro PDF Software)
R2 ScrybeUpdater; C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [1300264 2011-05-27] (Synaptics, Inc.)
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [430616 2008-07-10] (Microsoft Corporation)
S2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{8d7c074a-07cc-7fd2-f05a-c9ccfd6113d2}\ \...\???\{8d7c074a-07cc-7fd2-f05a-c9ccfd6113d2}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

==================== Drivers (Whitelisted) ====================

S3 CH341SER_A64; C:\Windows\System32\Drivers\CH341S64.SYS [58368 2009-06-02] (www.winchiphead.com)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-07-17] ()
R3 LgBttPort; C:\Windows\System32\DRIVERS\lgbtpt64.sys [16384 2009-09-29] (LG Electronics Inc.)
R3 lgbusenum; C:\Windows\System32\DRIVERS\lgbtbs64.sys [14848 2009-09-29] (LG Electronics Inc.)
R3 LGVMODEM; C:\Windows\System32\DRIVERS\lgvmdm64.sys [17408 2009-09-29] (LG Electronics Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2011-03-16] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2011-03-16] (Printing Communications Assoc., Inc. (PCAUSA))
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
S3 SMARTMouseFilterx64; C:\Windows\System32\DRIVERS\SMARTMouseFilterx64.sys [10240 2013-03-07] (SMART Technologies)
S3 SMARTVHidMiniVistaAmd64; C:\Windows\System32\DRIVERS\SMARTVHidMiniVistaAmd64.sys [9216 2013-03-07] (SMART Technologies)
S3 SMARTVTabletPCx64; C:\Windows\System32\DRIVERS\SMARTVTabletPCx64.sys [22184 2013-03-07] (SMART Technologies ULC)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2013-04-24] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [28160 2013-04-24] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [34816 2013-04-24] (LG Electronics Inc.)
S3 ApfiltrService; system32\DRIVERS\Apfiltr.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-22 12:23 - 2014-03-22 12:23 - 00013782 _____ () C:\Users\dale\Downloads\FRST.txt
2014-03-22 12:22 - 2014-03-22 12:23 - 00000000 ____D () C:\FRST
2014-03-22 12:22 - 2014-03-22 12:22 - 02157056 _____ (Farbar) C:\Users\dale\Downloads\FRST64.exe
2014-03-22 07:11 - 2014-03-22 07:11 - 00000000 ____D () C:\Windows\TempF167CCAF-BC81-B374-AE4F-E137B53C6E82-Signatures
2014-03-21 22:09 - 2014-03-21 22:09 - 00026759 _____ () C:\Users\dale\Downloads\jurassic-park-1993_finnish-351220.zip
2014-03-21 22:08 - 2014-03-21 22:08 - 00040962 _____ () C:\Users\dale\Downloads\jurassic-park-1993_english-649408.zip
2014-03-21 22:02 - 2014-03-21 22:20 - 00000000 ____D () C:\Users\dale\Downloads\Jurassic Park (1993) [1080p]
2014-03-21 21:57 - 2014-03-21 21:57 - 00022309 _____ () C:\Users\dale\Downloads\[kickass.to]jurassic.park.1993.bdrip.1080p.dual.audio.hindi.5.1.rm.eng.5.1.tariq.qureshi.torrent
2014-03-21 21:01 - 2014-03-21 21:01 - 00036120 _____ () C:\Users\dale\Downloads\jurassic-park-1993_english-635929.zip
2014-03-21 19:54 - 2014-03-21 19:54 - 00000000 ____D () C:\Users\dale\Downloads\Goldfinger1964]DvDrip[Eng]-FXG
2014-03-21 19:51 - 2014-03-21 20:03 - 00000000 ____D () C:\Users\dale\Downloads\The Raid Redemption (2011)
2014-03-21 19:51 - 2014-03-21 19:59 - 00000000 ____D () C:\Users\dale\Downloads\Jurassic Park I 1993
2014-03-21 07:18 - 2014-03-21 07:18 - 00000000 ____D () C:\Windows\TempD858869B-9740-6BD9-89C9-C8033A15E732-Signatures
2014-03-20 03:00 - 2014-03-20 03:00 - 00000000 ____D () C:\Windows\Temp72AF277C-1525-9955-D167-140A39CE6135-Signatures
2014-03-19 20:36 - 2014-03-19 20:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-19 15:59 - 2014-03-19 16:00 - 00000000 ____D () C:\Users\dale\Downloads\Intuit TurboTax 2013 Canada
2014-03-19 07:36 - 2014-03-19 07:36 - 00000000 ____D () C:\Windows\TempEFC3F3A7-406E-7783-20EF-17693B889BA5-Signatures
2014-03-18 17:09 - 2014-03-18 17:09 - 00000000 ____D () C:\Users\dale\Desktop\LEN Housing
2014-03-18 07:41 - 2014-03-18 07:41 - 00000000 ____D () C:\Windows\TempC23D5EE1-B76E-7E6E-D185-6F92ED49A8FD-Signatures
2014-03-17 08:35 - 2014-03-17 08:45 - 00000000 ____D () C:\Users\dale\Desktop\cv
2014-03-17 07:56 - 2014-03-17 07:56 - 00000000 ____D () C:\Windows\TempAB6874E1-6EFB-9F5E-BCED-4F86507E1762-Signatures
2014-03-16 03:00 - 2014-03-16 03:00 - 00000000 ____D () C:\Windows\Temp537B2C91-ACBF-5BF4-1347-057CB0EDEEF5-Signatures
2014-03-15 03:00 - 2014-03-15 03:00 - 00000000 ____D () C:\Windows\Temp907ACCBF-663A-749F-92AA-FD614B2A9E16-Signatures
2014-03-14 23:21 - 2014-03-14 23:21 - 00016855 _____ () C:\Users\dale\Downloads\revolution-second-season_english-855172.zip
2014-03-14 23:21 - 2014-03-14 23:21 - 00016051 _____ () C:\Users\dale\Downloads\revolution-second-season_english-877581.zip
2014-03-14 23:21 - 2014-03-14 23:21 - 00015888 _____ () C:\Users\dale\Downloads\revolution-second-season_english-873931.zip
2014-03-14 23:21 - 2014-03-14 23:21 - 00013656 _____ () C:\Users\dale\Downloads\revolution-second-season_english-851559.zip
2014-03-14 23:21 - 2014-03-14 23:21 - 00013599 _____ () C:\Users\dale\Downloads\revolution-second-season_english-869950.zip
2014-03-14 08:00 - 2014-03-14 08:00 - 00000000 ____D () C:\Windows\TempB450F607-BDA6-E782-A014-24481F019757-Signatures
2014-03-13 03:04 - 2014-03-13 03:04 - 00000000 ____D () C:\Windows\Temp82860861-2519-F1C7-3D19-A055EF6C8A8A-Signatures
2014-03-12 23:02 - 2014-03-12 23:09 - 283815693 ____R () C:\Users\dale\Downloads\Revolution.2012.S02E15.HDTV.x264-LOL.mp4
2014-03-12 23:01 - 2014-03-12 23:12 - 329432774 ____R () C:\Users\dale\Downloads\Revolution.2012.S02E16.HDTV.x264-LOL.mp4
2014-03-12 04:14 - 2014-02-28 23:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-12 04:14 - 2014-02-28 22:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-12 04:14 - 2014-02-28 22:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-12 04:14 - 2014-02-28 21:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-12 04:14 - 2014-02-28 21:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-12 04:14 - 2014-02-28 21:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-12 04:14 - 2014-02-28 21:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-12 04:14 - 2014-02-28 21:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-12 04:14 - 2014-02-28 21:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-12 04:14 - 2014-02-28 21:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-12 04:14 - 2014-02-28 21:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-12 04:14 - 2014-02-28 21:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-12 04:14 - 2014-02-28 21:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-12 04:14 - 2014-02-28 21:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-12 04:14 - 2014-02-28 21:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-12 04:14 - 2014-02-28 21:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-12 04:14 - 2014-02-28 21:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-12 04:14 - 2014-02-28 20:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-12 04:14 - 2014-02-28 20:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-12 04:14 - 2014-02-28 20:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-12 04:14 - 2014-02-28 20:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-12 04:14 - 2014-02-28 20:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-12 04:14 - 2014-02-28 20:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-12 04:14 - 2014-02-28 20:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-12 04:14 - 2014-02-28 20:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-12 04:14 - 2014-02-28 20:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-12 04:14 - 2014-02-28 20:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-12 04:14 - 2014-02-28 20:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-12 04:14 - 2014-02-28 20:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-12 04:14 - 2014-02-28 20:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-12 04:14 - 2014-02-28 20:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-12 04:14 - 2014-02-28 20:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-12 04:14 - 2014-02-28 20:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-12 04:14 - 2014-02-28 20:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-12 04:14 - 2014-02-28 19:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-12 04:14 - 2014-02-28 19:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-12 04:14 - 2014-02-28 19:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-12 04:14 - 2014-02-28 19:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-12 04:14 - 2014-02-28 19:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-12 04:14 - 2014-02-28 19:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-12 04:14 - 2014-02-06 18:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 04:14 - 2014-01-28 19:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-12 04:14 - 2014-01-28 19:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-12 04:14 - 2014-01-27 19:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-12 04:13 - 2014-02-03 19:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-12 04:13 - 2014-02-03 19:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-12 04:13 - 2014-02-03 19:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-12 04:13 - 2014-02-03 19:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-12 03:00 - 2014-03-12 03:00 - 00000000 ____D () C:\Windows\Temp0CE082E2-4DB2-E26E-B899-15D3247C8194-Signatures
2014-03-11 21:22 - 2014-03-11 21:22 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-11 21:22 - 2014-03-11 21:22 - 00000000 ____D () C:\Users\dale\AppData\Local\Skype
2014-03-11 07:24 - 2014-03-11 07:25 - 00000000 ____D () C:\Windows\Temp2BD02C65-BE57-A637-1FA5-D76A98DD1E7B-Signatures
2014-03-10 19:38 - 2014-03-10 19:38 - 00015256 _____ () C:\Users\dale\Downloads\revolution-second-season_english-818431.zip
2014-03-10 19:38 - 2014-03-10 19:38 - 00014493 _____ () C:\Users\dale\Downloads\revolution-second-season_english-814599.zip
2014-03-10 19:38 - 2014-03-10 19:38 - 00013196 _____ () C:\Users\dale\Downloads\revolution-second-season_english-844497.zip
2014-03-10 19:38 - 2014-03-10 19:38 - 00012108 _____ () C:\Users\dale\Downloads\revolution-second-season_english-822071.zip
2014-03-10 15:54 - 2014-03-10 15:54 - 00000000 ____D () C:\Windows\Temp549F650D-B454-D528-0B83-465CEA0B4272-Signatures
2014-03-10 03:00 - 2014-03-10 03:00 - 00000000 ____D () C:\Windows\Temp424C21DF-C756-E6B9-F089-562BC1F4845F-Signatures
2014-03-09 11:24 - 2014-03-09 11:24 - 00000000 ____D () C:\Windows\TempD41D68B2-B9FE-82CF-9D18-8D4B89EE476F-Signatures
2014-03-08 13:34 - 2014-03-08 13:59 - 00000000 ____D () C:\Program Files (x86)\WizTree
2014-03-08 13:30 - 2014-03-08 13:31 - 00000000 ____D () C:\Users\dale\Desktop\Geessy Work
2014-03-08 04:00 - 2014-03-08 04:00 - 00000000 ____D () C:\Windows\TempE251C687-04CF-B042-2C2F-40B2DC403286-Signatures
2014-03-07 04:00 - 2014-03-07 04:00 - 00000000 ____D () C:\Windows\TempB2EFD702-4E3F-83E5-10A6-2A4D196F5E8F-Signatures
2014-03-06 04:00 - 2014-03-06 04:00 - 00000000 ____D () C:\Windows\Temp649C8DFD-DDD0-0B12-6304-A4258E2DF6D6-Signatures
2014-03-05 04:00 - 2014-03-05 04:00 - 00000000 ____D () C:\Windows\Temp86BDA880-72BA-E800-9D5E-D752136D1415-Signatures
2014-03-04 08:59 - 2014-03-04 08:59 - 00000000 ____D () C:\Windows\TempDCCA3082-4259-D26A-F7CB-388A69E67DFB-Signatures
2014-03-03 09:14 - 2014-03-03 09:14 - 00000000 ____D () C:\Windows\Temp838A6C2A-182D-F972-7AC4-3227E2C30B2C-Signatures
2014-03-02 11:34 - 2014-03-02 11:34 - 00000000 ____D () C:\Windows\TempB516AC1A-8A33-D9FA-1BC1-77E85F0C1CD2-Signatures
2014-03-01 10:35 - 2014-03-07 17:44 - 00000000 ____D () C:\Users\dale\Desktop\Comedy
2014-03-01 04:00 - 2014-03-01 04:00 - 00000000 ____D () C:\Windows\Temp702526FF-0F90-E4E4-8BA1-EECC830B09D5-Signatures
2014-02-28 04:00 - 2014-02-28 04:00 - 00000000 ____D () C:\Windows\Temp63E9048C-1308-F690-AED1-5C1ACDA69E4C-Signatures
2014-02-27 07:57 - 2014-02-27 07:58 - 00000000 ____D () C:\Windows\TempB4CA3120-5ADC-2CE3-9DFB-C2590AB8C3D7-Signatures
2014-02-26 04:00 - 2014-02-26 04:00 - 00000000 ____D () C:\Windows\TempBB950C1C-5C58-02FA-D13D-9DA3F698A031-Signatures
2014-02-25 04:00 - 2014-02-25 04:00 - 00000000 ____D () C:\Windows\TempF021D2D0-6C71-A9A5-78A0-E251EAE6BE11-Signatures
2014-02-24 08:17 - 2014-02-24 08:17 - 00000000 ____D () C:\Windows\Temp5A9E70C7-2785-582D-3D5E-7BA811BCB509-Signatures
2014-02-23 09:43 - 2014-02-23 09:43 - 00000000 ____D () C:\Windows\Temp60C4A19A-C900-3DD6-C83E-CDE27177C59A-Signatures
2014-02-22 11:17 - 2014-02-22 11:17 - 00000000 ____D () C:\Windows\Temp422D83C5-75C0-A982-D130-7EB98B6790BC-Signatures
2014-02-21 08:53 - 2014-02-21 08:53 - 00000000 ____D () C:\Windows\Temp9259F361-9CC4-7F89-EEE7-33588A2ECDD9-Signatures
2014-02-20 09:13 - 2014-02-20 09:13 - 00000000 ____D () C:\Windows\Temp287F794B-3A6F-929D-FFC2-AC8FB717D60C-Signatures

==================== One Month Modified Files and Folders =======

2014-03-22 12:23 - 2014-03-22 12:23 - 00013782 _____ () C:\Users\dale\Downloads\FRST.txt
2014-03-22 12:23 - 2014-03-22 12:22 - 00000000 ____D () C:\FRST
2014-03-22 12:22 - 2014-03-22 12:22 - 02157056 _____ (Farbar) C:\Users\dale\Downloads\FRST64.exe
2014-03-22 12:18 - 2012-05-05 02:12 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-22 12:13 - 2011-06-10 07:38 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417023454-3681503996-2767313351-1115UA.job
2014-03-22 11:58 - 2013-06-04 16:53 - 00000000 ____D () C:\Users\dale\Desktop\MARTIN
2014-03-22 11:40 - 2012-06-25 13:58 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3623806083-1760329146-3607088104-1000UA.job
2014-03-22 11:23 - 2011-04-16 10:53 - 01829595 _____ () C:\Windows\WindowsUpdate.log
2014-03-22 10:11 - 2012-07-20 22:06 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3623806083-1760329146-3607088104-1000UA.job
2014-03-22 07:21 - 2011-05-06 07:11 - 00024192 _____ () C:\Users\dale\AppData\Roaming\Notepad2.ini
2014-03-22 07:17 - 2012-06-25 13:58 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3623806083-1760329146-3607088104-1000Core.job
2014-03-22 07:16 - 2012-06-04 14:40 - 00000000 ____D () C:\Users\dale\AppData\Roaming\uTorrent
2014-03-22 07:11 - 2014-03-22 07:11 - 00000000 ____D () C:\Windows\TempF167CCAF-BC81-B374-AE4F-E137B53C6E82-Signatures
2014-03-22 07:11 - 2012-05-05 03:14 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-03-22 07:11 - 2011-04-16 13:10 - 00002141 _____ () C:\Windows\epplauncher.mif
2014-03-22 07:11 - 2011-04-16 13:09 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-03-21 22:22 - 2009-07-13 21:51 - 00196267 _____ () C:\Windows\setupact.log
2014-03-21 22:20 - 2014-03-21 22:02 - 00000000 ____D () C:\Users\dale\Downloads\Jurassic Park (1993) [1080p]
2014-03-21 22:11 - 2012-07-20 22:06 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3623806083-1760329146-3607088104-1000Core.job
2014-03-21 22:09 - 2014-03-21 22:09 - 00026759 _____ () C:\Users\dale\Downloads\jurassic-park-1993_finnish-351220.zip
2014-03-21 22:08 - 2014-03-21 22:08 - 00040962 _____ () C:\Users\dale\Downloads\jurassic-park-1993_english-649408.zip
2014-03-21 21:57 - 2014-03-21 21:57 - 00022309 _____ () C:\Users\dale\Downloads\[kickass.to]jurassic.park.1993.bdrip.1080p.dual.audio.hindi.5.1.rm.eng.5.1.tariq.qureshi.torrent
2014-03-21 21:25 - 2009-07-13 21:45 - 00013456 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-21 21:25 - 2009-07-13 21:45 - 00013456 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-21 21:22 - 2009-07-13 22:13 - 00879048 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-21 21:17 - 2011-04-19 07:33 - 00348436 _____ () C:\Windows\PFRO.log
2014-03-21 21:17 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-21 21:01 - 2014-03-21 21:01 - 00036120 _____ () C:\Users\dale\Downloads\jurassic-park-1993_english-635929.zip
2014-03-21 20:03 - 2014-03-21 19:51 - 00000000 ____D () C:\Users\dale\Downloads\The Raid Redemption (2011)
2014-03-21 19:59 - 2014-03-21 19:51 - 00000000 ____D () C:\Users\dale\Downloads\Jurassic Park I 1993
2014-03-21 19:54 - 2014-03-21 19:54 - 00000000 ____D () C:\Users\dale\Downloads\Goldfinger1964]DvDrip[Eng]-FXG
2014-03-21 13:13 - 2011-06-10 07:38 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417023454-3681503996-2767313351-1115Core.job
2014-03-21 11:14 - 2013-02-12 10:26 - 00000000 ____D () C:\Users\dale\Desktop\TV
2014-03-21 11:13 - 2013-08-27 19:35 - 00000000 ____D () C:\Users\dale\Desktop\nEW mOVIES
2014-03-21 07:18 - 2014-03-21 07:18 - 00000000 ____D () C:\Windows\TempD858869B-9740-6BD9-89C9-C8033A15E732-Signatures
2014-03-21 00:04 - 2012-06-03 19:37 - 00000000 ____D () C:\Users\dale\Documents\The KMPlayer
2014-03-20 20:25 - 2012-06-03 18:56 - 00000000 ____D () C:\Users\dale\Geessy Docs
2014-03-20 03:00 - 2014-03-20 03:00 - 00000000 ____D () C:\Windows\Temp72AF277C-1525-9955-D167-140A39CE6135-Signatures
2014-03-19 22:39 - 2012-05-29 19:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-19 22:35 - 2013-06-18 20:01 - 00000000 ____D () C:\Program Files (x86)\Google
2014-03-19 22:35 - 2012-06-25 13:58 - 00000000 ____D () C:\Users\dale\AppData\Local\Google
2014-03-19 20:36 - 2014-03-19 20:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-19 16:00 - 2014-03-19 15:59 - 00000000 ____D () C:\Users\dale\Downloads\Intuit TurboTax 2013 Canada
2014-03-19 12:41 - 2012-05-29 19:37 - 00000000 ____D () C:\Users\dale\AppData\Roaming\Mozilla
2014-03-19 07:36 - 2014-03-19 07:36 - 00000000 ____D () C:\Windows\TempEFC3F3A7-406E-7783-20EF-17693B889BA5-Signatures
2014-03-19 07:36 - 2013-08-25 11:19 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-19 07:33 - 2011-05-28 08:28 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-18 17:09 - 2014-03-18 17:09 - 00000000 ____D () C:\Users\dale\Desktop\LEN Housing
2014-03-18 07:41 - 2014-03-18 07:41 - 00000000 ____D () C:\Windows\TempC23D5EE1-B76E-7E6E-D185-6F92ED49A8FD-Signatures
2014-03-17 08:45 - 2014-03-17 08:35 - 00000000 ____D () C:\Users\dale\Desktop\cv
2014-03-17 07:56 - 2014-03-17 07:56 - 00000000 ____D () C:\Windows\TempAB6874E1-6EFB-9F5E-BCED-4F86507E1762-Signatures
2014-03-16 03:00 - 2014-03-16 03:00 - 00000000 ____D () C:\Windows\Temp537B2C91-ACBF-5BF4-1347-057CB0EDEEF5-Signatures
2014-03-15 03:00 - 2014-03-15 03:00 - 00000000 ____D () C:\Windows\Temp907ACCBF-663A-749F-92AA-FD614B2A9E16-Signatures
2014-03-14 23:21 - 2014-03-14 23:21 - 00016855 _____ () C:\Users\dale\Downloads\revolution-second-season_english-855172.zip
2014-03-14 23:21 - 2014-03-14 23:21 - 00016051 _____ () C:\Users\dale\Downloads\revolution-second-season_english-877581.zip
2014-03-14 23:21 - 2014-03-14 23:21 - 00015888 _____ () C:\Users\dale\Downloads\revolution-second-season_english-873931.zip
2014-03-14 23:21 - 2014-03-14 23:21 - 00013656 _____ () C:\Users\dale\Downloads\revolution-second-season_english-851559.zip
2014-03-14 23:21 - 2014-03-14 23:21 - 00013599 _____ () C:\Users\dale\Downloads\revolution-second-season_english-869950.zip
2014-03-14 08:00 - 2014-03-14 08:00 - 00000000 ____D () C:\Windows\TempB450F607-BDA6-E782-A014-24481F019757-Signatures
2014-03-13 03:22 - 2009-07-13 21:45 - 00424568 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-13 03:21 - 2012-07-29 11:58 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-13 03:21 - 2012-07-29 11:58 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-13 03:05 - 2011-04-18 17:53 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-13 03:04 - 2014-03-13 03:04 - 00000000 ____D () C:\Windows\Temp82860861-2519-F1C7-3D19-A055EF6C8A8A-Signatures
2014-03-12 23:12 - 2014-03-12 23:01 - 329432774 ____R () C:\Users\dale\Downloads\Revolution.2012.S02E16.HDTV.x264-LOL.mp4
2014-03-12 23:09 - 2014-03-12 23:02 - 283815693 ____R () C:\Users\dale\Downloads\Revolution.2012.S02E15.HDTV.x264-LOL.mp4
2014-03-12 03:00 - 2014-03-12 03:00 - 00000000 ____D () C:\Windows\Temp0CE082E2-4DB2-E26E-B899-15D3247C8194-Signatures
2014-03-11 22:51 - 2012-05-29 19:44 - 00000000 ____D () C:\Users\dale\AppData\Roaming\Skype
2014-03-11 21:22 - 2014-03-11 21:22 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-11 21:22 - 2014-03-11 21:22 - 00000000 ____D () C:\Users\dale\AppData\Local\Skype
2014-03-11 21:22 - 2012-05-29 19:44 - 00000000 ____D () C:\ProgramData\Skype
2014-03-11 07:25 - 2014-03-11 07:24 - 00000000 ____D () C:\Windows\Temp2BD02C65-BE57-A637-1FA5-D76A98DD1E7B-Signatures
2014-03-10 19:38 - 2014-03-10 19:38 - 00015256 _____ () C:\Users\dale\Downloads\revolution-second-season_english-818431.zip
2014-03-10 19:38 - 2014-03-10 19:38 - 00014493 _____ () C:\Users\dale\Downloads\revolution-second-season_english-814599.zip
2014-03-10 19:38 - 2014-03-10 19:38 - 00013196 _____ () C:\Users\dale\Downloads\revolution-second-season_english-844497.zip
2014-03-10 19:38 - 2014-03-10 19:38 - 00012108 _____ () C:\Users\dale\Downloads\revolution-second-season_english-822071.zip
2014-03-10 15:54 - 2014-03-10 15:54 - 00000000 ____D () C:\Windows\Temp549F650D-B454-D528-0B83-465CEA0B4272-Signatures
2014-03-10 03:00 - 2014-03-10 03:00 - 00000000 ____D () C:\Windows\Temp424C21DF-C756-E6B9-F089-562BC1F4845F-Signatures
2014-03-09 11:24 - 2014-03-09 11:24 - 00000000 ____D () C:\Windows\TempD41D68B2-B9FE-82CF-9D18-8D4B89EE476F-Signatures
2014-03-08 13:59 - 2014-03-08 13:34 - 00000000 ____D () C:\Program Files (x86)\WizTree
2014-03-08 13:31 - 2014-03-08 13:30 - 00000000 ____D () C:\Users\dale\Desktop\Geessy Work
2014-03-08 13:28 - 2013-08-07 11:23 - 00000000 ____D () C:\Users\dale\Desktop\FOTOS
2014-03-08 13:27 - 2013-11-05 18:01 - 00000000 ____D () C:\Users\dale\Desktop\esl
2014-03-08 04:00 - 2014-03-08 04:00 - 00000000 ____D () C:\Windows\TempE251C687-04CF-B042-2C2F-40B2DC403286-Signatures
2014-03-07 17:44 - 2014-03-01 10:35 - 00000000 ____D () C:\Users\dale\Desktop\Comedy
2014-03-07 04:00 - 2014-03-07 04:00 - 00000000 ____D () C:\Windows\TempB2EFD702-4E3F-83E5-10A6-2A4D196F5E8F-Signatures
2014-03-06 04:00 - 2014-03-06 04:00 - 00000000 ____D () C:\Windows\Temp649C8DFD-DDD0-0B12-6304-A4258E2DF6D6-Signatures
2014-03-05 04:00 - 2014-03-05 04:00 - 00000000 ____D () C:\Windows\Temp86BDA880-72BA-E800-9D5E-D752136D1415-Signatures
2014-03-04 08:59 - 2014-03-04 08:59 - 00000000 ____D () C:\Windows\TempDCCA3082-4259-D26A-F7CB-388A69E67DFB-Signatures
2014-03-03 09:14 - 2014-03-03 09:14 - 00000000 ____D () C:\Windows\Temp838A6C2A-182D-F972-7AC4-3227E2C30B2C-Signatures
2014-03-02 11:34 - 2014-03-02 11:34 - 00000000 ____D () C:\Windows\TempB516AC1A-8A33-D9FA-1BC1-77E85F0C1CD2-Signatures
2014-03-01 04:00 - 2014-03-01 04:00 - 00000000 ____D () C:\Windows\Temp702526FF-0F90-E4E4-8BA1-EECC830B09D5-Signatures
2014-02-28 23:05 - 2014-03-12 04:14 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-28 22:17 - 2014-03-12 04:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-28 22:16 - 2014-03-12 04:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-28 21:58 - 2014-03-12 04:14 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-28 21:52 - 2014-03-12 04:14 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-28 21:51 - 2014-03-12 04:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-28 21:42 - 2014-03-12 04:14 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-28 21:40 - 2014-03-12 04:14 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-28 21:37 - 2014-03-12 04:14 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-28 21:33 - 2014-03-12 04:14 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-28 21:33 - 2014-03-12 04:14 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-28 21:32 - 2014-03-12 04:14 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-28 21:30 - 2014-03-12 04:14 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-28 21:23 - 2014-03-12 04:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-02-28 21:17 - 2014-03-12 04:14 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-28 21:11 - 2014-03-12 04:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-28 21:02 - 2014-03-12 04:14 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-28 20:54 - 2014-03-12 04:14 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-28 20:52 - 2014-03-12 04:14 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-28 20:51 - 2014-03-12 04:14 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-28 20:47 - 2014-03-12 04:14 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-28 20:43 - 2014-03-12 04:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-28 20:43 - 2014-03-12 04:14 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-28 20:42 - 2014-03-12 04:14 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-28 20:40 - 2014-03-12 04:14 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-28 20:38 - 2014-03-12 04:14 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-28 20:37 - 2014-03-12 04:14 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-28 20:35 - 2014-03-12 04:14 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-28 20:18 - 2014-03-12 04:14 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-28 20:16 - 2014-03-12 04:14 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-28 20:14 - 2014-03-12 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-28 20:10 - 2014-03-12 04:14 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-28 20:03 - 2014-03-12 04:14 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-28 20:00 - 2014-03-12 04:14 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-28 19:57 - 2014-03-12 04:14 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-28 19:53 - 2009-07-13 22:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-02-28 19:38 - 2014-03-12 04:14 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-28 19:32 - 2014-03-12 04:14 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-28 19:27 - 2014-03-12 04:14 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-28 19:25 - 2014-03-12 04:14 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-28 19:25 - 2014-03-12 04:14 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-28 04:00 - 2014-02-28 04:00 - 00000000 ____D () C:\Windows\Temp63E9048C-1308-F690-AED1-5C1ACDA69E4C-Signatures
2014-02-27 07:58 - 2014-02-27 07:57 - 00000000 ____D () C:\Windows\TempB4CA3120-5ADC-2CE3-9DFB-C2590AB8C3D7-Signatures
2014-02-27 07:56 - 2011-04-16 13:10 - 00873916 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-26 04:00 - 2014-02-26 04:00 - 00000000 ____D () C:\Windows\TempBB950C1C-5C58-02FA-D13D-9DA3F698A031-Signatures
2014-02-25 04:00 - 2014-02-25 04:00 - 00000000 ____D () C:\Windows\TempF021D2D0-6C71-A9A5-78A0-E251EAE6BE11-Signatures
2014-02-24 08:17 - 2014-02-24 08:17 - 00000000 ____D () C:\Windows\Temp5A9E70C7-2785-582D-3D5E-7BA811BCB509-Signatures
2014-02-23 09:43 - 2014-02-23 09:43 - 00000000 ____D () C:\Windows\Temp60C4A19A-C900-3DD6-C83E-CDE27177C59A-Signatures
2014-02-22 11:17 - 2014-02-22 11:17 - 00000000 ____D () C:\Windows\Temp422D83C5-75C0-A982-D130-7EB98B6790BC-Signatures
2014-02-21 08:53 - 2014-02-21 08:53 - 00000000 ____D () C:\Windows\Temp9259F361-9CC4-7F89-EEE7-33588A2ECDD9-Signatures
2014-02-20 09:13 - 2014-02-20 09:13 - 00000000 ____D () C:\Windows\Temp287F794B-3A6F-929D-FFC2-AC8FB717D60C-Signatures
ZeroAccess:
C:\Users\dale\AppData\Local\Google\Desktop\Install
ZeroAccess:
C:\Program Files (x86)\Google\Desktop\Install

Some content of TEMP:
====================
C:\Users\leibeld\AppData\Local\Temp\GUR592F.exe
C:\Users\leibeld\AppData\Local\Temp\nitro_pdf_reader_64.exe
C:\Users\leibeld\AppData\Local\Temp\{4027756A-C829-4743-946E-AA3D2BAF34FE}-chrome_updater.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
ATTENTION: ====> ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client


LastRegBack: 2014-03-20 00:49

==================== End Of Log ============================




Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by dale at 2014-03-22 12:23:46
Running from C:\Users\dale\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Microsoft Security Essentials (Enabled - Up to date) {641105E6-77ED-3F35-A304-765193BCB75F}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Up to date) {DF70E402-51D7-30BB-99B4-4D23E83BFDE2}

==================== Installed Programs ======================

µTorrent (HKCU\...\uTorrent) (Version: 3.3.2.30303 - BitTorrent Inc.)
µTorrent (HKLM-x32\...\uTorrent) (Version: 3.3.0.29625 - BitTorrent Inc.)
ABBYY FineReader 11 (HKLM-x32\...\{F1100000-0011-0000-0001-074957833700}) (Version: 11.0.460 - ABBYY)
Adobe Flash Player 11 ActiveX (HKLM-x32\...\{676E4C31-0CD1-454E-BE3A-70D3AC93F915}) (Version: 11.7.700.169 - Adobe Systems Incorporated)
Adobe Flash Player 11 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 11.9.900.152 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.0.112 - Adobe Systems, Inc.)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.4.1.3341 - CDBurnerXP)
CutePDF Writer 2.8 (HKLM\...\CutePDF Writer Installation) (Version: - )
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{92C42EDD-6524-4577-B2EB-6C68C63B6D4A}) (Version: - Microsoft)
Facebook Video Calling 2.0.0.447 (HKLM-x32\...\{8DF41A9F-FE13-43E8-A003-5F9B55A011EE}) (Version: 2.0.447 - Skype Limited)
Google Talk Plugin (HKLM-x32\...\{E121A4FE-009B-385B-BB0D-B934E2A88288}) (Version: 5.2.4.18058 - Google)
HDAUDIO Soft Data Fax Modem with SmartCP (HKLM\...\CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFAOR2C06_118) (Version: - )
iFinger 2.0 (HKLM-x32\...\iFinger 2.0) (Version: 2.0.8.280 - iFinger Ltd.)
IIS 7.5 Express (HKLM-x32\...\{3A30B5F5-F12C-490F-8CD4-D200C75DF7E8}) (Version: 7.5.1190 - Microsoft Corporation)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JavaFX 2.1.1 (HKLM-x32\...\{1111706F-666A-4037-7777-211328764D10}) (Version: 2.1.1 - Oracle Corporation)
LG Bluetooth Drivers (HKLM-x32\...\{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}) (Version: 1.1 - LG Electronics)
LG PC Suite IV (HKLM-x32\...\LG PC Suite IV) (Version: 4.3.80.20121017 - LG Electronics)
LG United Mobile Driver (HKLM-x32\...\{2A3A4BD6-6CE0-4e2a-80D2-1D0FF6ACBFBA}) (Version: 3.10.1.0 - LG Electronics)
Logitech Harmony Remote Software 7 (HKLM-x32\...\{5C6F884D-680C-448B-B4C9-22296EE1B206}) (Version: 7.7.0.0 - Logitech)
Logitech Harmony Remote Software 7 (x32 Version: 7.7.0.0 - Logitech) Hidden
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft ASP.NET Web Pages (HKLM-x32\...\{631471BE-DEAB-454B-A9AC-CE3EB42C28B3}) (Version: 1.0.20105.0 - Microsoft Corporation)
Microsoft Encarta World English Dictionary (HKLM-x32\...\EWED 2000 A) (Version: - )
Microsoft IntelliPoint 8.1 (HKLM\...\Microsoft IntelliPoint 8.1) (Version: 8.15.406.0 - Microsoft)
Microsoft IntelliPoint 8.1 (Version: 8.15.406.0 - Microsoft) Hidden
Microsoft Office Access MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Access Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Groove MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office InfoPath MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Spanish) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared Setup Metadata MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Security Client (Version: 4.3.0219.0 - Microsoft Corporation) Hidden
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.3.219.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (Version: - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server 2008 Common Files (Version: 10.0.1600.22 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Database Engine Services (Version: 10.0.1600.22 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Database Engine Shared (Version: 10.0.1600.22 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{471AAD2C-9078-4DAC-BD43-FA10FB7C3FCE}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 RsFx Driver (Version: 10.0.1600.22 - Microsoft Corporation) Hidden
Microsoft SQL Server 2008 Setup Support Files (HKLM-x32\...\{BA4DA261-CB60-4690-B202-44998DFC6986}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (English) (HKLM\...\{EB0A3BCB-B9DF-4906-B066-BDEC6E213B91}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 Web Tools ENU (HKLM-x32\...\{A51500FE-6408-4305-B071-B961F691A4CE}) (Version: 4.0.8482.1 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 x64 ENU (HKLM\...\{8424B163-D1E0-48B7-88A2-C7A61767B3D7}) (Version: 4.0.8482.1 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.0.1600.22 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (HKLM-x32\...\{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM-x32\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.40303 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (Version: 10.0.40308 - Microsoft Corporation) Hidden
Microsoft Web Deploy 2.0 (HKLM\...\{5134B35A-B559-4762-94A4-FD4918977953}) (Version: 2.0.1070 - Microsoft Corporation)
Microsoft Web Platform Installer 3.0 (HKLM\...\{CC4878C0-4A6A-49CD-AAA7-DD3FCB06CC84}) (Version: 3.0.5 - Microsoft Corporation)
Microsoft WebMatrix (HKLM-x32\...\{66F0E678-69C2-4C46-BA95-117DF28C87E4}) (Version: 1.0.1073 - Microsoft Corporation)
Mozilla Firefox 28.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 en-US)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MySQL Connector Net 6.3.7 (HKLM-x32\...\{5FD88490-011C-4DF1-B886-F298D955171B}) (Version: 6.3.7 - Oracle)
MySQL Server 5.1 (HKLM\...\{D1AFFA41-BB7A-4398-A86A-2B935FC3A649}) (Version: 5.1.57 - MySQL AB)
Nitro PDF Reader 2 (HKLM\...\{536CE037-9381-4A3F-9B70-4E0523730123}) (Version: 2.0.0.29 - Nitro PDF Software)
Notepad2 (Notepad Replacement) (HKLM\...\Notepad2) (Version: 4.2.25 - Florian Balmer)
Perle DeviceManager (HKLM-x32\...\Perle DeviceManager) (Version: 4.2 - Perle Systems Limited)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.5969 - Realtek Semiconductor Corp.)
Remote Control USB Driver (HKLM-x32\...\{8471021C-F529-43DE-84DF-3612E10F58C4}) (Version: 2.3.2.317 - )
Revo Uninstaller 1.83 (HKLM-x32\...\Revo Uninstaller) (Version: 1.83 - VS Revo Group)
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.27.0 - SAMSUNG Electronics Co., Ltd.)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
Skype™ 6.14 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.14.104 - Skype Technologies S.A.)
Sql Server Customer Experience Improvement Program (Version: 10.0.1600.22 - Microsoft Corporation) Hidden
Stanza (HKLM-x32\...\Stanza) (Version: - )
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Gesture Suite featuring SYNAPTICS | Scrybe (HKLM-x32\...\{147DFAD8-34C3-4DE1-9FCA-ACEFDE9EF810}) (Version: 1.6.5.17120 - Synaptics Inc.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.20.0 - Synaptics Incorporated)
Tera Term 4.69 (HKLM-x32\...\Tera Term_is1) (Version: - )
The KMPlayer (remove only) (HKLM-x32\...\The KMPlayer) (Version: 3.4.0.59 - KMP Media co., Ltd)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817396) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{39767ECA-1731-45DB-AB5B-6BF40E151D66}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2825640) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{BA610006-2C39-4419-9834-CF61AB24810A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.PROPLUSR_{5E8EB600-8B94-429E-873E-98369C6DC1BC}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{DCE104A1-1875-4469-A83D-A5BFA6C4640F}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2553145) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{DA2F7ECE-6629-4A80-9CDE-EC95261B75E2}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2775360) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{80F56E3F-1D47-4E45-B6E0-FEF4E919F4F9}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2878227) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{5D357893-40BA-4323-86BA-D97C66CD72F4}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version: - Microsoft)
Update for Microsoft Word 2010 (KB2837593) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{E78E2B68-8FD1-42EE-BB74-99A4D9E6222D}) (Version: - Microsoft)
Windows Mobile Device Center (HKLM\...\{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}) (Version: 6.1.6965.0 - Microsoft Corporation)
Windows XP Mode (HKLM\...\{1374CC63-B520-4f3f-98E8-E9020BF01CFF}) (Version: 1.3.7600.16423 - Microsoft Corporation)
WinRAR 4.01 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.01.0 - win.rar GmbH)
WizTree v1.07 (HKLM-x32\...\WizTree_is1) (Version: - Antibody Software)
Wondershare Video Editor(Build 3.1.6) (HKLM-x32\...\Wondershare Video Editor_is1) (Version: - Wondershare Software)

==================== Restore Points =========================

15-03-2014 10:00:10 Windows Update
16-03-2014 10:00:10 Windows Update
17-03-2014 14:55:53 Windows Update
18-03-2014 14:40:46 Windows Update
19-03-2014 14:33:09 Windows Update
20-03-2014 05:28:21 Revo Uninstaller's restore point - Google Chrome
20-03-2014 10:00:12 Windows Update
21-03-2014 14:17:44 Windows Update
22-03-2014 14:10:55 Windows Update

==================== Hosts content: ==========================

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {13F94C08-5379-497B-BAAF-6D75323D7BED} - System32\Tasks\{E1F7AB0E-62C9-4258-A06D-6F1218EBB5B3} => Firefox.exe http://ui.skype.com/...l?page=tsPlugin
Task: {325CD0D0-B1CD-490D-8A55-610C966532AB} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe [2013-08-12] ()
Task: {464B03F2-6F9D-4A81-B2CE-D6661AB641E5} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1417023454-3681503996-2767313351-1115UA => C:\Users\leibeld\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-10] (Google Inc.)
Task: {740F6CB9-00A2-45D3-882F-27A131D654C9} - System32\Tasks\{B944CBEC-C684-4E63-98EA-C8B2337DF5A2} => C:\Temp\setup.exe [2010-06-13] (L1 Identity Solutions )
Task: {7BE19241-1F57-44F5-ABEA-EC424F1C6163} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3623806083-1760329146-3607088104-1000UA => C:\Users\dale\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-25] (Google Inc.)
Task: {9310245D-014E-4302-BAF2-649F034E0EEA} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-02] (Adobe Systems Incorporated)
Task: {A2E5BA19-24E2-4AF5-8771-602F89908AA1} - System32\Tasks\Microsoft_Hardware_Launch_IPoint_exe => c:\Program Files\Microsoft IntelliPoint\IPoint.exe [2011-04-13] (Microsoft Corporation)
Task: {B98E4E7F-D660-4C46-9BCF-229A3DE35BC7} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3623806083-1760329146-3607088104-1000Core => C:\Users\dale\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-20] (Facebook Inc.)
Task: {BF9248C3-51C6-42E5-9790-16C9226CFB6F} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-3623806083-1760329146-3607088104-1000UA => C:\Users\dale\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-07-20] (Facebook Inc.)
Task: {D556E336-E1B7-4795-A6CD-90D4C4F1CC68} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-1417023454-3681503996-2767313351-1115Core => C:\Users\leibeld\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-10] (Google Inc.)
Task: {FCB2871D-FEF9-4377-AB2F-DFD1339C9E5D} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3623806083-1760329146-3607088104-1000Core => C:\Users\dale\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-25] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3623806083-1760329146-3607088104-1000Core.job => C:\Users\dale\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3623806083-1760329146-3607088104-1000UA.job => C:\Users\dale\AppData\Local\Facebook\Update\FacebookUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417023454-3681503996-2767313351-1115Core.job => C:\Users\leibeld\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417023454-3681503996-2767313351-1115UA.job => C:\Users\leibeld\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3623806083-1760329146-3607088104-1000Core.job => C:\Users\dale\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3623806083-1760329146-3607088104-1000UA.job => C:\Users\dale\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2011-04-18 16:51 - 2009-11-05 08:40 - 00085504 _____ () C:\Windows\System32\cpwmon64.dll
2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2011-04-12 21:37 - 2011-04-12 21:37 - 07681536 _____ () C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
2013-11-17 20:30 - 2013-07-24 10:24 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2012-10-31 01:59 - 2012-10-31 01:59 - 04562432 _____ () C:\Program Files (x86)\The KMPlayer\libcodec.dll
2014-03-19 20:36 - 2014-03-19 20:36 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 15:45 - 2010-10-20 15:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-12-02 18:33 - 2013-12-02 18:33 - 16237448 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll
2013-09-05 01:14 - 2013-09-05 01:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: AcrSch2Svc => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^iFinger 2.0.lnk => C:\Windows\pss\iFinger 2.0.lnk.CommonStartup
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^iFinger.lnk => C:\Windows\pss\iFinger.lnk.CommonStartup
MSCONFIG\startupreg: Acronis Scheduler2 Service => "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
MSCONFIG\startupreg: BCSSync => "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
MSCONFIG\startupreg: Bonus.SSR.FR11 => "C:\Program Files (x86)\ABBYY FineReader 11\Bonus.ScreenshotReader.exe" /autorun
MSCONFIG\startupreg: Facebook Update => "C:\Users\dale\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
MSCONFIG\startupreg: Google Update => "C:\Users\dale\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: HotKeysCmds => C:\Windows\system32\hkcmd.exe
MSCONFIG\startupreg: IgfxTray => C:\Windows\system32\igfxtray.exe
MSCONFIG\startupreg: IntelliPoint => "c:\Program Files\Microsoft IntelliPoint\ipoint.exe"
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: Persistence => C:\Windows\system32\igfxpers.exe
MSCONFIG\startupreg: SAOB Monitor => C:\Program Files (x86)\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe
MSCONFIG\startupreg: Sidebar => C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Steam => "C:\Program Files (x86)\Steam\Steam.exe" -silent
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
MSCONFIG\startupreg: SynTPEnh => %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
MSCONFIG\startupreg: TrueImageMonitor.exe => "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"

==================== Faulty Device Manager Devices =============

Name: Microsoft Virtual WiFi Miniport Adapter
Description: Microsoft Virtual WiFi Miniport Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: vwifimp
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


==================== Event log errors: =========================

Application errors:
==================
Error: (03/22/2014 07:11:38 AM) (Source: Microsoft Security Client Setup) (User: NT AUTHORITY)
Description: HRESULT:0x80070643
Description:Cannot complete the Security Essentials Upgrade. Security Essentials is not currently monitoring and helping to protect your computer. Please restart your computer and try again. Error code:0x80070643. Fatal error during installation.

Error: (03/22/2014 07:11:37 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft Security Client -- Error 1321. The Installer has insufficient privileges to modify this file: C:\Program Files\Microsoft Security Client\MsMpEng.exe.

Error: (03/21/2014 07:18:22 AM) (Source: Microsoft Security Client Setup) (User: NT AUTHORITY)
Description: HRESULT:0x80070643
Description:Cannot complete the Security Essentials Upgrade. Security Essentials is not currently monitoring and helping to protect your computer. Please restart your computer and try again. Error code:0x80070643. Fatal error during installation.

Error: (03/21/2014 07:18:19 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft Security Client -- Error 1321. The Installer has insufficient privileges to modify this file: c:\Program Files\Microsoft Security Client\MsMpEng.exe.

Error: (03/20/2014 03:00:43 AM) (Source: Microsoft Security Client Setup) (User: NT AUTHORITY)
Description: HRESULT:0x80070643
Description:Cannot complete the Security Essentials Upgrade. Security Essentials is not currently monitoring and helping to protect your computer. Please restart your computer and try again. Error code:0x80070643. Fatal error during installation.

Error: (03/20/2014 03:00:40 AM) (Source: MsiInstaller) (User: NT AUTHORITY)
Description: Product: Microsoft Security Client -- Error 1321. The Installer has insufficient privileges to modify this file: c:\Program Files\Microsoft Security Client\MsMpEng.exe.

Error: (03/19/2014 10:35:25 PM) (Source: Application Hang) (User: )
Description: The program IEXPLORE.EXE version 11.0.9600.16521 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: e80

Start Time: 01cf43fe2884cc49

Termination Time: 14

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id:

Error: (03/19/2014 08:20:06 PM) (Source: Application Error) (User: )
Description: Faulting application name: KMPlayer.exe, version: 3.4.0.59, time stamp: 0x5099b3d0
Faulting module name: KERNELBASE.dll, version: 6.1.7601.18229, time stamp: 0x51fb1116
Exception code: 0x0eedfade
Fault offset: 0x0000c41f
Faulting process id: 0xc80
Faulting application start time: 0xKMPlayer.exe0
Faulting application path: KMPlayer.exe1
Faulting module path: KMPlayer.exe2
Report Id: KMPlayer.exe3

Error: (03/19/2014 00:41:52 PM) (Source: Microsoft-Windows-RestartManager) (User: ASM52A2200)
Description: Application or service 'Plugin Container for Firefox' could not be shut down.

Error: (03/19/2014 07:36:28 AM) (Source: Microsoft Security Client Setup) (User: NT AUTHORITY)
Description: HRESULT:0x80070643
Description:Cannot complete the Security Essentials Upgrade. Security Essentials is not currently monitoring and helping to protect your computer. Please restart your computer and try again. Error code:0x80070643. Fatal error during installation.


System errors:
=============
Error: (03/22/2014 00:16:21 PM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Error Reporting Service service to connect.

Error: (03/22/2014 07:12:08 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Security Essentials - 4.4.304.0 (KB2902885).

Error: (03/22/2014 07:11:01 AM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (03/22/2014 07:11:01 AM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (03/21/2014 09:18:11 PM) (Source: Service Control Manager) (User: )
Description: The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error:
%%-2147024891

Error: (03/21/2014 09:18:11 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (03/21/2014 09:17:59 PM) (Source: Service Control Manager) (User: )
Description: The Microsoft Network Inspection System service depends the following service: BFE. This service might not be installed.

Error: (03/21/2014 09:17:57 PM) (Source: Service Control Manager) (User: )
Description: The Function Discovery Resource Publication service terminated with the following error:
%%-2147024891

Error: (03/21/2014 09:17:57 PM) (Source: Service Control Manager) (User: )
Description: The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

Error: (03/21/2014 09:17:56 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service terminated with the following error:
%%1060


Microsoft Office Sessions:
=========================
Error: (03/22/2014 07:11:38 AM) (Source: Microsoft Security Client Setup)(User: NT AUTHORITY)
Description: HRESULT:0x80070643
Description:Cannot complete the Security Essentials Upgrade. Security Essentials is not currently monitoring and helping to protect your computer. Please restart your computer and try again. Error code:0x80070643. Fatal error during installation.

Error: (03/22/2014 07:11:37 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Microsoft Security Client -- Error 1321. The Installer has insufficient privileges to modify this file: C:\Program Files\Microsoft Security Client\MsMpEng.exe.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (03/21/2014 07:18:22 AM) (Source: Microsoft Security Client Setup)(User: NT AUTHORITY)
Description: HRESULT:0x80070643
Description:Cannot complete the Security Essentials Upgrade. Security Essentials is not currently monitoring and helping to protect your computer. Please restart your computer and try again. Error code:0x80070643. Fatal error during installation.

Error: (03/21/2014 07:18:19 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Microsoft Security Client -- Error 1321. The Installer has insufficient privileges to modify this file: c:\Program Files\Microsoft Security Client\MsMpEng.exe.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (03/20/2014 03:00:43 AM) (Source: Microsoft Security Client Setup)(User: NT AUTHORITY)
Description: HRESULT:0x80070643
Description:Cannot complete the Security Essentials Upgrade. Security Essentials is not currently monitoring and helping to protect your computer. Please restart your computer and try again. Error code:0x80070643. Fatal error during installation.

Error: (03/20/2014 03:00:40 AM) (Source: MsiInstaller)(User: NT AUTHORITY)
Description: Product: Microsoft Security Client -- Error 1321. The Installer has insufficient privileges to modify this file: c:\Program Files\Microsoft Security Client\MsMpEng.exe.(NULL)(NULL)(NULL)(NULL)(NULL)

Error: (03/19/2014 10:35:25 PM) (Source: Application Hang)(User: )
Description: IEXPLORE.EXE11.0.9600.16521e8001cf43fe2884cc4914C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Error: (03/19/2014 08:20:06 PM) (Source: Application Error)(User: )
Description: KMPlayer.exe3.4.0.595099b3d0KERNELBASE.dll6.1.7601.1822951fb11160eedfade0000c41fc8001cf4335330284d8C:\PROGRA~2\THEKMP~1\KMPlayer.exeC:\Windows\syswow64\KERNELBASE.dll884250c5-afde-11e3-8d79-001f16922226

Error: (03/19/2014 00:41:52 PM) (Source: Microsoft-Windows-RestartManager)(User: ASM52A2200)
Description: 1C:\Program Files (x86)\Mozilla Firefox\plugin-container.exePlugin Container for Firefox0211747080

Error: (03/19/2014 07:36:28 AM) (Source: Microsoft Security Client Setup)(User: NT AUTHORITY)
Description: HRESULT:0x80070643
Description:Cannot complete the Security Essentials Upgrade. Security Essentials is not currently monitoring and helping to protect your computer. Please restart your computer and try again. Error code:0x80070643. Fatal error during installation.


CodeIntegrity Errors:
===================================
Date: 2013-10-20 10:48:21.152
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-10-20 10:48:20.426
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-10-20 10:48:17.290
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-10-20 10:48:16.555
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-10-20 10:48:13.392
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-10-20 10:48:12.641
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-10-20 10:48:09.484
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-10-20 10:48:08.726
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-10-20 10:48:05.541
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sy_ because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2013-10-20 10:48:04.850
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\FsUsbExDisk.Sy_ because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Percentage of memory in use: 68%
Total physical RAM: 4024.93 MB
Available physical RAM: 1284.58 MB
Total Pagefile: 8048.04 MB
Available Pagefile: 4816.27 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:221.07 GB) (Free:40.62 GB) NTFS
Drive e: (WD SmartWare) (CDROM) (Total:0.43 GB) (Free:0 GB) UDF
Drive g: ( F:) (Fixed) (Total:930.86 GB) (Free:787.84 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 217E217E)
Partition 1: (Not Active) - (Size=12 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=221 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 931 GB) (Disk ID: 4D5AD2A2)
Partition 1: (Not Active) - (Size=931 GB) - (Type=07 NTFS)

==================== End Of Log ============================
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hmm have not seen this one for a while :) OK lets get you tidied up

Download the attached Fixlist.txt to the same location as FRST
[attachment=69719:fixlist.txt]
Run FRST and press Fix
On completion a log will be generated please post that along with a fresh FRST scan
  • 0

#5
daniel.karakas

daniel.karakas

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts
Here they are e 2 logs -- thanks!!



Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by dale at 2014-03-22 13:22:37 Run:1
Running from C:\Users\dale\Desktop\Computer Fix
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-3623806083-1760329146-3607088104-1000\...\Run: [Google Update*] - [X] <===== ATTENTION (ZeroAccess rootkit hidden path)
BHO-x32: No Name - {8984B388-A5BB-4DF7-B274-77B879E179DB} - No File
Toolbar: HKCU - No Name - {09900DE8-1DCA-443F-9243-26FF581438AF} - No File
S2 *etadpug; "C:\Program Files (x86)\Google\Desktop\Install\{8d7c074a-07cc-7fd2-f05a-c9ccfd6113d2}\ \...\???\{8d7c074a-07cc-7fd2-f05a-c9ccfd6113d2}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)
C:\Users\dale\AppData\Local\Google\Desktop\Install
C:\Program Files (x86)\Google\Desktop\Install
DeleteJunctionsIndirectory: C:\Program Files\Windows Defender
DeleteJunctionsIndirectory: C:\Program Files\Microsoft Security Client

*****************

HKU\S-1-5-21-3623806083-1760329146-3607088104-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update* => Value deleted successfully.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8984B388-A5BB-4DF7-B274-77B879E179DB} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{8984B388-A5BB-4DF7-B274-77B879E179DB} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{09900DE8-1DCA-443F-9243-26FF581438AF} => Value deleted successfully.
HKCR\CLSID\{09900DE8-1DCA-443F-9243-26FF581438AF} => Key not found.
*etadpug => Service deleted successfully.
C:\Users\dale\AppData\Local\Google\Desktop\Install => Moved successfully.
C:\Program Files (x86)\Google\Desktop\Install => Moved successfully.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking started.
"C:\Program Files\Windows Defender\en-US" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpAsDesc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpClient.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpCmdRun.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpCommu.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpEvMsg.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpOAV.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpRTP.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MpSvc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MSASCui.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpCom.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpLics.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender\MsMpRes.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Windows Defender" => Deleting reparse point and unlocking completed.
"C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking started.
"C:\Program Files\Microsoft Security Client\Backup" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\DbgHelp.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\Drivers" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\en-us" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\EppManifest.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MpAsDesc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MpClient.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MpCmdRun.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MpCommu.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\mpevmsg.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MpOAv.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MpRTP.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MpSvc.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MSESysprep.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MsMpCom.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MsMpEng.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MsMpLics.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MsMpRes.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\msseces.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\msseoobe.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\msseooberes.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\MsseWat.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\NisIpsPlugin.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\NisLog.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\NisSrv.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\NisWFP.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\Setup.exe" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\SetupRes.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\shellext.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\sqmapi.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\SymSrv.dll" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client\SymSrv.yes" => Deleting reparse point and unlocking done.
"C:\Program Files\Microsoft Security Client" => Deleting reparse point and unlocking completed.


The system needed a reboot.

==== End of Fixlog ====







Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by dale (administrator) on ASM52A2200 on 22-03-2014 13:27:55
Running from C:\Users\dale\Desktop\Computer Fix
Windows 7 Professional Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingc...can-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingc...can-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(Microsoft Corporation) c:\Program Files\Microsoft Security Client\MsMpEng.exe
(ABBYY) C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe
(Apple Inc.) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\McciCMService.exe
(Alcatel-Lucent) C:\Program Files\Common Files\Motive\McciCMService.exe
(Microsoft Corporation) C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Encarta\Encarta World English Dictionary\Qshlfed.exe
() C:\Program Files\MySQL\MySQL Server 5.1\bin\mysqld.exe
(Nitro PDF Software) C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe
(Wondershare) C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
(Synaptics, Inc.) C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Conexant Systems, Inc.) C:\Windows\system32\DRIVERS\xaudio64.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_9_900_152.exe
(Google) C:\Users\dale\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe
(Microsoft Corporation) C:\Windows\system32\prevhost.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [MSC] - c:\Program Files\Microsoft Security Client\msseces.exe [1356240 2013-08-12] (Microsoft Corporation)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] - C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1985824 2013-07-25] (Wondershare)
HKLM-x32\...\Run: [BCSSync] - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3623806083-1760329146-3607088104-1000\...\Run: [Google Update] - C:\Users\dale\AppData\Local\Google\Update\GoogleUpdate.exe [116648 2012-06-25] (Google Inc.)
HKU\S-1-5-21-3623806083-1760329146-3607088104-1000\...\MountPoints2: {ccbed0aa-aebb-11e1-ad1c-001f16922226} - "E:\WD SmartWare.exe" autoplay=true
IFEO\notepad.exe: [Debugger] "C:\Program Files\Notepad2\Notepad2.exe" /z
Startup: C:\Users\dale\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Encarta Dictionary Quickshelf.lnk
ShortcutTarget: Encarta Dictionary Quickshelf.lnk -> C:\Program Files (x86)\Microsoft Encarta\Encarta World English Dictionary\Qshlfed.exe (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

BHO: SMART Notebook Download Utility - {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - C:\Program Files (x86)\SMART Technologies\Education Software\Win64\NotebookPlugin.dll No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: iFinger plugin / Browser helper object - {A114D52B-870C-4F15-8021-B6D7F91A054B} - C:\Program Files (x86)\iFinger\plugins\IE.ifp (iFinger Ltd)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
DPF: HKLM-x32 {0C615F36-0C1C-497B-B9E4-833B0D7AA8CA} http://24.80.232.13:81/NetViewX.cab
DPF: HKLM-x32 {556EEC63-31E2-47C3-BF29-DFF799D2FE04} https://secure.logme...?rnd=1069883935
DPF: HKLM-x32 {A4110378-789B-455F-AE86-3A1BFC402853} http://zone.msn.com/...vl.cab55579.cab
DPF: HKLM-x32 {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...k.cab102118.cab
DPF: HKLM-x32 {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab
DPF: HKLM-x32 {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logme...trl.cab?lmi=100
Handler: ms-its51 - {F6F1E82D-DE4D-11D2-875C-0000F8105754} - No File
Handler-x32: ms-its51 - {F6F1E82D-DE4D-11D2-875C-0000F8105754} - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\itss51.dll (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

FireFox:
========
FF ProfilePath: C:\Users\dale\AppData\Roaming\Mozilla\Firefox\Profiles\iwq6usy8.default-1383615222522
FF Homepage: https://www.google.c...mNuLWyQGHt4HYBw
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_152.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/wpi,version=1.4 - C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll (Microsoft Corp)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_152.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw_1205146.dll No File
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/wpi,version=1.4 - C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll (Microsoft Corp)
FF Plugin-x32: @Motive.com/NpMotive,version=1.0 - C:\Program Files (x86)\TELUS_Activation_11\npMotive.dll (Alcatel-Lucent)
FF Plugin-x32: NitroPDF - C:\Program Files (x86)\Nitro PDF\Reader\npnitromozilla.dll ( )
FF Plugin HKCU: @Skype Limited.com/Facebook Video Calling Plugin - C:\Users\dale\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF Plugin HKCU: @talk.google.com/GoogleTalkPlugin - C:\Users\dale\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin HKCU: @talk.google.com/O1DPlugin - C:\Users\dale\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF Plugin HKCU: @tools.google.com/Google Update;version=3 - C:\Users\dale\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @tools.google.com/Google Update;version=9 - C:\Users\dale\AppData\Local\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\dale\AppData\Roaming\mozilla\plugins\npgoogletalk.dll (Google)
FF Plugin ProgramFiles/Appdata: C:\Users\dale\AppData\Roaming\mozilla\plugins\npo1d.dll (Google)

==================== Services (Whitelisted) =================

R2 ABBYY.Licensing.FineReader.Professional.11.0; C:\Program Files (x86)\ABBYY FineReader 11\NetworkLicenseServer.exe [818952 2011-12-22] (ABBYY)
R2 McciCMService64; C:\Program Files\Common Files\Motive\McciCMService.exe [517632 2011-03-16] (Alcatel-Lucent)
R2 MsDepSvc; C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [67400 2011-04-01] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23808 2013-08-12] (Microsoft Corporation)
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57820696 2008-07-10] (Microsoft Corporation)
R2 MySQL; C:\Program Files\MySQL\MySQL Server 5.1\my.ini [8915 2012-05-05] ()
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366600 2013-08-12] (Microsoft Corporation)
R2 NitroReaderDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [341296 2011-06-21] (Nitro PDF Software)
R2 ScrybeUpdater; C:\Program Files (x86)\Synaptics\Scrybe\Service\ScrybeUpdater.exe [1300264 2011-05-27] (Synaptics, Inc.)
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [430616 2008-07-10] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S3 CH341SER_A64; C:\Windows\System32\Drivers\CH341S64.SYS [58368 2009-06-02] (www.winchiphead.com)
S3 FsUsbExDisk; C:\Windows\SysWOW64\FsUsbExDisk.SYS [37344 2013-07-17] ()
R3 LgBttPort; C:\Windows\System32\DRIVERS\lgbtpt64.sys [16384 2009-09-29] (LG Electronics Inc.)
R3 lgbusenum; C:\Windows\System32\DRIVERS\lgbtbs64.sys [14848 2009-09-29] (LG Electronics Inc.)
R3 LGVMODEM; C:\Windows\System32\DRIVERS\lgvmdm64.sys [17408 2009-09-29] (LG Electronics Inc.)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [247216 2013-06-18] (Microsoft Corporation)
S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2011-03-16] (Printing Communications Assoc., Inc. (PCAUSA))
S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2011-03-16] (Printing Communications Assoc., Inc. (PCAUSA))
S2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [139616 2013-06-18] (Microsoft Corporation)
S3 RimVSerPort; C:\Windows\System32\DRIVERS\RimSerial_AMD64.sys [31744 2009-01-09] (Research in Motion Ltd)
S3 SMARTMouseFilterx64; C:\Windows\System32\DRIVERS\SMARTMouseFilterx64.sys [10240 2013-03-07] (SMART Technologies)
S3 SMARTVHidMiniVistaAmd64; C:\Windows\System32\DRIVERS\SMARTVHidMiniVistaAmd64.sys [9216 2013-03-07] (SMART Technologies)
S3 SMARTVTabletPCx64; C:\Windows\System32\DRIVERS\SMARTVTabletPCx64.sys [22184 2013-03-07] (SMART Technologies ULC)
S3 usbbus; C:\Windows\System32\DRIVERS\lgx64bus.sys [17920 2013-04-24] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgx64diag.sys [28160 2013-04-24] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgx64modem.sys [34816 2013-04-24] (LG Electronics Inc.)
S3 ApfiltrService; system32\DRIVERS\Apfiltr.sys [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]
S3 RimUsb; System32\Drivers\RimUsb_AMD64.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-22 13:21 - 2014-03-22 13:27 - 00000000 ____D () C:\Users\dale\Desktop\Computer Fix
2014-03-22 12:22 - 2014-03-22 13:27 - 00000000 ____D () C:\FRST
2014-03-22 07:11 - 2014-03-22 07:11 - 00000000 ____D () C:\Windows\TempF167CCAF-BC81-B374-AE4F-E137B53C6E82-Signatures
2014-03-21 22:09 - 2014-03-21 22:09 - 00026759 _____ () C:\Users\dale\Downloads\jurassic-park-1993_finnish-351220.zip
2014-03-21 22:08 - 2014-03-21 22:08 - 00040962 _____ () C:\Users\dale\Downloads\jurassic-park-1993_english-649408.zip
2014-03-21 22:02 - 2014-03-21 22:20 - 00000000 ____D () C:\Users\dale\Downloads\Jurassic Park (1993) [1080p]
2014-03-21 21:57 - 2014-03-21 21:57 - 00022309 _____ () C:\Users\dale\Downloads\[kickass.to]jurassic.park.1993.bdrip.1080p.dual.audio.hindi.5.1.rm.eng.5.1.tariq.qureshi.torrent
2014-03-21 21:01 - 2014-03-21 21:01 - 00036120 _____ () C:\Users\dale\Downloads\jurassic-park-1993_english-635929.zip
2014-03-21 19:54 - 2014-03-21 19:54 - 00000000 ____D () C:\Users\dale\Downloads\Goldfinger1964]DvDrip[Eng]-FXG
2014-03-21 19:51 - 2014-03-21 20:03 - 00000000 ____D () C:\Users\dale\Downloads\The Raid Redemption (2011)
2014-03-21 19:51 - 2014-03-21 19:59 - 00000000 ____D () C:\Users\dale\Downloads\Jurassic Park I 1993
2014-03-21 07:18 - 2014-03-21 07:18 - 00000000 ____D () C:\Windows\TempD858869B-9740-6BD9-89C9-C8033A15E732-Signatures
2014-03-20 03:00 - 2014-03-20 03:00 - 00000000 ____D () C:\Windows\Temp72AF277C-1525-9955-D167-140A39CE6135-Signatures
2014-03-19 20:36 - 2014-03-19 20:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-19 15:59 - 2014-03-19 16:00 - 00000000 ____D () C:\Users\dale\Downloads\Intuit TurboTax 2013 Canada
2014-03-19 07:36 - 2014-03-19 07:36 - 00000000 ____D () C:\Windows\TempEFC3F3A7-406E-7783-20EF-17693B889BA5-Signatures
2014-03-18 17:09 - 2014-03-18 17:09 - 00000000 ____D () C:\Users\dale\Desktop\LEN Housing
2014-03-18 07:41 - 2014-03-18 07:41 - 00000000 ____D () C:\Windows\TempC23D5EE1-B76E-7E6E-D185-6F92ED49A8FD-Signatures
2014-03-17 08:35 - 2014-03-17 08:45 - 00000000 ____D () C:\Users\dale\Desktop\cv
2014-03-17 07:56 - 2014-03-17 07:56 - 00000000 ____D () C:\Windows\TempAB6874E1-6EFB-9F5E-BCED-4F86507E1762-Signatures
2014-03-16 03:00 - 2014-03-16 03:00 - 00000000 ____D () C:\Windows\Temp537B2C91-ACBF-5BF4-1347-057CB0EDEEF5-Signatures
2014-03-15 03:00 - 2014-03-15 03:00 - 00000000 ____D () C:\Windows\Temp907ACCBF-663A-749F-92AA-FD614B2A9E16-Signatures
2014-03-14 23:21 - 2014-03-14 23:21 - 00016855 _____ () C:\Users\dale\Downloads\revolution-second-season_english-855172.zip
2014-03-14 23:21 - 2014-03-14 23:21 - 00016051 _____ () C:\Users\dale\Downloads\revolution-second-season_english-877581.zip
2014-03-14 23:21 - 2014-03-14 23:21 - 00015888 _____ () C:\Users\dale\Downloads\revolution-second-season_english-873931.zip
2014-03-14 23:21 - 2014-03-14 23:21 - 00013656 _____ () C:\Users\dale\Downloads\revolution-second-season_english-851559.zip
2014-03-14 23:21 - 2014-03-14 23:21 - 00013599 _____ () C:\Users\dale\Downloads\revolution-second-season_english-869950.zip
2014-03-14 08:00 - 2014-03-14 08:00 - 00000000 ____D () C:\Windows\TempB450F607-BDA6-E782-A014-24481F019757-Signatures
2014-03-13 03:04 - 2014-03-13 03:04 - 00000000 ____D () C:\Windows\Temp82860861-2519-F1C7-3D19-A055EF6C8A8A-Signatures
2014-03-12 23:02 - 2014-03-12 23:09 - 283815693 ____R () C:\Users\dale\Downloads\Revolution.2012.S02E15.HDTV.x264-LOL.mp4
2014-03-12 23:01 - 2014-03-12 23:12 - 329432774 ____R () C:\Users\dale\Downloads\Revolution.2012.S02E16.HDTV.x264-LOL.mp4
2014-03-12 04:14 - 2014-02-28 23:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-12 04:14 - 2014-02-28 22:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-12 04:14 - 2014-02-28 22:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-12 04:14 - 2014-02-28 21:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-12 04:14 - 2014-02-28 21:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-12 04:14 - 2014-02-28 21:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-12 04:14 - 2014-02-28 21:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-12 04:14 - 2014-02-28 21:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-12 04:14 - 2014-02-28 21:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-12 04:14 - 2014-02-28 21:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-12 04:14 - 2014-02-28 21:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-12 04:14 - 2014-02-28 21:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-12 04:14 - 2014-02-28 21:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-12 04:14 - 2014-02-28 21:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-12 04:14 - 2014-02-28 21:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-12 04:14 - 2014-02-28 21:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-12 04:14 - 2014-02-28 21:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-12 04:14 - 2014-02-28 20:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-12 04:14 - 2014-02-28 20:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-12 04:14 - 2014-02-28 20:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-12 04:14 - 2014-02-28 20:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-12 04:14 - 2014-02-28 20:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-12 04:14 - 2014-02-28 20:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-12 04:14 - 2014-02-28 20:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-12 04:14 - 2014-02-28 20:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-12 04:14 - 2014-02-28 20:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-12 04:14 - 2014-02-28 20:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-12 04:14 - 2014-02-28 20:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-12 04:14 - 2014-02-28 20:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-12 04:14 - 2014-02-28 20:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-12 04:14 - 2014-02-28 20:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-12 04:14 - 2014-02-28 20:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-12 04:14 - 2014-02-28 20:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-12 04:14 - 2014-02-28 20:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-12 04:14 - 2014-02-28 19:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-12 04:14 - 2014-02-28 19:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-12 04:14 - 2014-02-28 19:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-12 04:14 - 2014-02-28 19:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-12 04:14 - 2014-02-28 19:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-12 04:14 - 2014-02-28 19:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-12 04:14 - 2014-02-06 18:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 04:14 - 2014-01-28 19:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-12 04:14 - 2014-01-28 19:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-12 04:14 - 2014-01-27 19:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-12 04:13 - 2014-02-03 19:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-12 04:13 - 2014-02-03 19:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-12 04:13 - 2014-02-03 19:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-12 04:13 - 2014-02-03 19:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-12 03:00 - 2014-03-12 03:00 - 00000000 ____D () C:\Windows\Temp0CE082E2-4DB2-E26E-B899-15D3247C8194-Signatures
2014-03-11 21:22 - 2014-03-11 21:22 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-11 21:22 - 2014-03-11 21:22 - 00000000 ____D () C:\Users\dale\AppData\Local\Skype
2014-03-11 07:24 - 2014-03-11 07:25 - 00000000 ____D () C:\Windows\Temp2BD02C65-BE57-A637-1FA5-D76A98DD1E7B-Signatures
2014-03-10 19:38 - 2014-03-10 19:38 - 00015256 _____ () C:\Users\dale\Downloads\revolution-second-season_english-818431.zip
2014-03-10 19:38 - 2014-03-10 19:38 - 00014493 _____ () C:\Users\dale\Downloads\revolution-second-season_english-814599.zip
2014-03-10 19:38 - 2014-03-10 19:38 - 00013196 _____ () C:\Users\dale\Downloads\revolution-second-season_english-844497.zip
2014-03-10 19:38 - 2014-03-10 19:38 - 00012108 _____ () C:\Users\dale\Downloads\revolution-second-season_english-822071.zip
2014-03-10 15:54 - 2014-03-10 15:54 - 00000000 ____D () C:\Windows\Temp549F650D-B454-D528-0B83-465CEA0B4272-Signatures
2014-03-10 03:00 - 2014-03-10 03:00 - 00000000 ____D () C:\Windows\Temp424C21DF-C756-E6B9-F089-562BC1F4845F-Signatures
2014-03-09 11:24 - 2014-03-09 11:24 - 00000000 ____D () C:\Windows\TempD41D68B2-B9FE-82CF-9D18-8D4B89EE476F-Signatures
2014-03-08 13:34 - 2014-03-08 13:59 - 00000000 ____D () C:\Program Files (x86)\WizTree
2014-03-08 13:30 - 2014-03-08 13:31 - 00000000 ____D () C:\Users\dale\Desktop\Geessy Work
2014-03-08 04:00 - 2014-03-08 04:00 - 00000000 ____D () C:\Windows\TempE251C687-04CF-B042-2C2F-40B2DC403286-Signatures
2014-03-07 04:00 - 2014-03-07 04:00 - 00000000 ____D () C:\Windows\TempB2EFD702-4E3F-83E5-10A6-2A4D196F5E8F-Signatures
2014-03-06 04:00 - 2014-03-06 04:00 - 00000000 ____D () C:\Windows\Temp649C8DFD-DDD0-0B12-6304-A4258E2DF6D6-Signatures
2014-03-05 04:00 - 2014-03-05 04:00 - 00000000 ____D () C:\Windows\Temp86BDA880-72BA-E800-9D5E-D752136D1415-Signatures
2014-03-04 08:59 - 2014-03-04 08:59 - 00000000 ____D () C:\Windows\TempDCCA3082-4259-D26A-F7CB-388A69E67DFB-Signatures
2014-03-03 09:14 - 2014-03-03 09:14 - 00000000 ____D () C:\Windows\Temp838A6C2A-182D-F972-7AC4-3227E2C30B2C-Signatures
2014-03-02 11:34 - 2014-03-02 11:34 - 00000000 ____D () C:\Windows\TempB516AC1A-8A33-D9FA-1BC1-77E85F0C1CD2-Signatures
2014-03-01 10:35 - 2014-03-07 17:44 - 00000000 ____D () C:\Users\dale\Desktop\Comedy
2014-03-01 04:00 - 2014-03-01 04:00 - 00000000 ____D () C:\Windows\Temp702526FF-0F90-E4E4-8BA1-EECC830B09D5-Signatures
2014-02-28 04:00 - 2014-02-28 04:00 - 00000000 ____D () C:\Windows\Temp63E9048C-1308-F690-AED1-5C1ACDA69E4C-Signatures
2014-02-27 07:57 - 2014-02-27 07:58 - 00000000 ____D () C:\Windows\TempB4CA3120-5ADC-2CE3-9DFB-C2590AB8C3D7-Signatures
2014-02-26 04:00 - 2014-02-26 04:00 - 00000000 ____D () C:\Windows\TempBB950C1C-5C58-02FA-D13D-9DA3F698A031-Signatures
2014-02-25 04:00 - 2014-02-25 04:00 - 00000000 ____D () C:\Windows\TempF021D2D0-6C71-A9A5-78A0-E251EAE6BE11-Signatures
2014-02-24 08:17 - 2014-02-24 08:17 - 00000000 ____D () C:\Windows\Temp5A9E70C7-2785-582D-3D5E-7BA811BCB509-Signatures
2014-02-23 09:43 - 2014-02-23 09:43 - 00000000 ____D () C:\Windows\Temp60C4A19A-C900-3DD6-C83E-CDE27177C59A-Signatures
2014-02-22 11:17 - 2014-02-22 11:17 - 00000000 ____D () C:\Windows\Temp422D83C5-75C0-A982-D130-7EB98B6790BC-Signatures
2014-02-21 08:53 - 2014-02-21 08:53 - 00000000 ____D () C:\Windows\Temp9259F361-9CC4-7F89-EEE7-33588A2ECDD9-Signatures
2014-02-20 09:13 - 2014-02-20 09:13 - 00000000 ____D () C:\Windows\Temp287F794B-3A6F-929D-FFC2-AC8FB717D60C-Signatures

==================== One Month Modified Files and Folders =======

2014-03-22 13:27 - 2014-03-22 13:21 - 00000000 ____D () C:\Users\dale\Desktop\Computer Fix
2014-03-22 13:27 - 2014-03-22 12:22 - 00000000 ____D () C:\FRST
2014-03-22 13:27 - 2011-04-16 10:53 - 01875712 _____ () C:\Windows\WindowsUpdate.log
2014-03-22 13:24 - 2009-07-13 22:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-22 13:24 - 2009-07-13 21:51 - 00196323 _____ () C:\Windows\setupact.log
2014-03-22 13:23 - 2011-04-19 07:33 - 00350438 _____ () C:\Windows\PFRO.log
2014-03-22 13:22 - 2013-06-04 16:53 - 00000000 ____D () C:\Users\dale\Desktop\MARTIN
2014-03-22 13:22 - 2012-06-03 18:56 - 00000000 ____D () C:\Users\dale\Geessy Docs
2014-03-22 13:18 - 2012-05-05 02:12 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-22 13:13 - 2011-06-10 07:38 - 00000916 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417023454-3681503996-2767313351-1115UA.job
2014-03-22 13:13 - 2011-06-10 07:38 - 00000864 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1417023454-3681503996-2767313351-1115Core.job
2014-03-22 13:11 - 2012-07-20 22:06 - 00000924 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3623806083-1760329146-3607088104-1000UA.job
2014-03-22 13:03 - 2009-07-13 22:13 - 00879048 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-22 12:40 - 2012-06-25 13:58 - 00000904 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3623806083-1760329146-3607088104-1000UA.job
2014-03-22 12:30 - 2011-05-06 07:11 - 00024192 _____ () C:\Users\dale\AppData\Roaming\Notepad2.ini
2014-03-22 07:17 - 2012-06-25 13:58 - 00000852 _____ () C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3623806083-1760329146-3607088104-1000Core.job
2014-03-22 07:16 - 2012-06-04 14:40 - 00000000 ____D () C:\Users\dale\AppData\Roaming\uTorrent
2014-03-22 07:11 - 2014-03-22 07:11 - 00000000 ____D () C:\Windows\TempF167CCAF-BC81-B374-AE4F-E137B53C6E82-Signatures
2014-03-22 07:11 - 2012-05-05 03:14 - 00000000 ____D () C:\Program Files (x86)\Microsoft Security Client
2014-03-22 07:11 - 2011-04-16 13:10 - 00002141 _____ () C:\Windows\epplauncher.mif
2014-03-22 07:11 - 2011-04-16 13:09 - 00000000 ____D () C:\Program Files\Microsoft Security Client
2014-03-21 22:20 - 2014-03-21 22:02 - 00000000 ____D () C:\Users\dale\Downloads\Jurassic Park (1993) [1080p]
2014-03-21 22:11 - 2012-07-20 22:06 - 00000902 _____ () C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3623806083-1760329146-3607088104-1000Core.job
2014-03-21 22:09 - 2014-03-21 22:09 - 00026759 _____ () C:\Users\dale\Downloads\jurassic-park-1993_finnish-351220.zip
2014-03-21 22:08 - 2014-03-21 22:08 - 00040962 _____ () C:\Users\dale\Downloads\jurassic-park-1993_english-649408.zip
2014-03-21 21:57 - 2014-03-21 21:57 - 00022309 _____ () C:\Users\dale\Downloads\[kickass.to]jurassic.park.1993.bdrip.1080p.dual.audio.hindi.5.1.rm.eng.5.1.tariq.qureshi.torrent
2014-03-21 21:25 - 2009-07-13 21:45 - 00013456 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-21 21:25 - 2009-07-13 21:45 - 00013456 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-21 21:01 - 2014-03-21 21:01 - 00036120 _____ () C:\Users\dale\Downloads\jurassic-park-1993_english-635929.zip
2014-03-21 20:03 - 2014-03-21 19:51 - 00000000 ____D () C:\Users\dale\Downloads\The Raid Redemption (2011)
2014-03-21 19:59 - 2014-03-21 19:51 - 00000000 ____D () C:\Users\dale\Downloads\Jurassic Park I 1993
2014-03-21 19:54 - 2014-03-21 19:54 - 00000000 ____D () C:\Users\dale\Downloads\Goldfinger1964]DvDrip[Eng]-FXG
2014-03-21 11:14 - 2013-02-12 10:26 - 00000000 ____D () C:\Users\dale\Desktop\TV
2014-03-21 11:13 - 2013-08-27 19:35 - 00000000 ____D () C:\Users\dale\Desktop\nEW mOVIES
2014-03-21 07:18 - 2014-03-21 07:18 - 00000000 ____D () C:\Windows\TempD858869B-9740-6BD9-89C9-C8033A15E732-Signatures
2014-03-21 00:04 - 2012-06-03 19:37 - 00000000 ____D () C:\Users\dale\Documents\The KMPlayer
2014-03-20 03:00 - 2014-03-20 03:00 - 00000000 ____D () C:\Windows\Temp72AF277C-1525-9955-D167-140A39CE6135-Signatures
2014-03-19 22:39 - 2012-05-29 19:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-19 22:35 - 2013-06-18 20:01 - 00000000 ____D () C:\Program Files (x86)\Google
2014-03-19 22:35 - 2012-06-25 13:58 - 00000000 ____D () C:\Users\dale\AppData\Local\Google
2014-03-19 20:36 - 2014-03-19 20:36 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-19 16:00 - 2014-03-19 15:59 - 00000000 ____D () C:\Users\dale\Downloads\Intuit TurboTax 2013 Canada
2014-03-19 12:41 - 2012-05-29 19:37 - 00000000 ____D () C:\Users\dale\AppData\Roaming\Mozilla
2014-03-19 07:36 - 2014-03-19 07:36 - 00000000 ____D () C:\Windows\TempEFC3F3A7-406E-7783-20EF-17693B889BA5-Signatures
2014-03-19 07:36 - 2013-08-25 11:19 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-19 07:33 - 2011-05-28 08:28 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-18 17:09 - 2014-03-18 17:09 - 00000000 ____D () C:\Users\dale\Desktop\LEN Housing
2014-03-18 07:41 - 2014-03-18 07:41 - 00000000 ____D () C:\Windows\TempC23D5EE1-B76E-7E6E-D185-6F92ED49A8FD-Signatures
2014-03-17 08:45 - 2014-03-17 08:35 - 00000000 ____D () C:\Users\dale\Desktop\cv
2014-03-17 07:56 - 2014-03-17 07:56 - 00000000 ____D () C:\Windows\TempAB6874E1-6EFB-9F5E-BCED-4F86507E1762-Signatures
2014-03-16 03:00 - 2014-03-16 03:00 - 00000000 ____D () C:\Windows\Temp537B2C91-ACBF-5BF4-1347-057CB0EDEEF5-Signatures
2014-03-15 03:00 - 2014-03-15 03:00 - 00000000 ____D () C:\Windows\Temp907ACCBF-663A-749F-92AA-FD614B2A9E16-Signatures
2014-03-14 23:21 - 2014-03-14 23:21 - 00016855 _____ () C:\Users\dale\Downloads\revolution-second-season_english-855172.zip
2014-03-14 23:21 - 2014-03-14 23:21 - 00016051 _____ () C:\Users\dale\Downloads\revolution-second-season_english-877581.zip
2014-03-14 23:21 - 2014-03-14 23:21 - 00015888 _____ () C:\Users\dale\Downloads\revolution-second-season_english-873931.zip
2014-03-14 23:21 - 2014-03-14 23:21 - 00013656 _____ () C:\Users\dale\Downloads\revolution-second-season_english-851559.zip
2014-03-14 23:21 - 2014-03-14 23:21 - 00013599 _____ () C:\Users\dale\Downloads\revolution-second-season_english-869950.zip
2014-03-14 08:00 - 2014-03-14 08:00 - 00000000 ____D () C:\Windows\TempB450F607-BDA6-E782-A014-24481F019757-Signatures
2014-03-13 03:22 - 2009-07-13 21:45 - 00424568 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-13 03:21 - 2012-07-29 11:58 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-13 03:21 - 2012-07-29 11:58 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-13 03:05 - 2011-04-18 17:53 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-03-13 03:04 - 2014-03-13 03:04 - 00000000 ____D () C:\Windows\Temp82860861-2519-F1C7-3D19-A055EF6C8A8A-Signatures
2014-03-12 23:12 - 2014-03-12 23:01 - 329432774 ____R () C:\Users\dale\Downloads\Revolution.2012.S02E16.HDTV.x264-LOL.mp4
2014-03-12 23:09 - 2014-03-12 23:02 - 283815693 ____R () C:\Users\dale\Downloads\Revolution.2012.S02E15.HDTV.x264-LOL.mp4
2014-03-12 03:00 - 2014-03-12 03:00 - 00000000 ____D () C:\Windows\Temp0CE082E2-4DB2-E26E-B899-15D3247C8194-Signatures
2014-03-11 22:51 - 2012-05-29 19:44 - 00000000 ____D () C:\Users\dale\AppData\Roaming\Skype
2014-03-11 21:22 - 2014-03-11 21:22 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-03-11 21:22 - 2014-03-11 21:22 - 00000000 ____D () C:\Users\dale\AppData\Local\Skype
2014-03-11 21:22 - 2012-05-29 19:44 - 00000000 ____D () C:\ProgramData\Skype
2014-03-11 07:25 - 2014-03-11 07:24 - 00000000 ____D () C:\Windows\Temp2BD02C65-BE57-A637-1FA5-D76A98DD1E7B-Signatures
2014-03-10 19:38 - 2014-03-10 19:38 - 00015256 _____ () C:\Users\dale\Downloads\revolution-second-season_english-818431.zip
2014-03-10 19:38 - 2014-03-10 19:38 - 00014493 _____ () C:\Users\dale\Downloads\revolution-second-season_english-814599.zip
2014-03-10 19:38 - 2014-03-10 19:38 - 00013196 _____ () C:\Users\dale\Downloads\revolution-second-season_english-844497.zip
2014-03-10 19:38 - 2014-03-10 19:38 - 00012108 _____ () C:\Users\dale\Downloads\revolution-second-season_english-822071.zip
2014-03-10 15:54 - 2014-03-10 15:54 - 00000000 ____D () C:\Windows\Temp549F650D-B454-D528-0B83-465CEA0B4272-Signatures
2014-03-10 03:00 - 2014-03-10 03:00 - 00000000 ____D () C:\Windows\Temp424C21DF-C756-E6B9-F089-562BC1F4845F-Signatures
2014-03-09 11:24 - 2014-03-09 11:24 - 00000000 ____D () C:\Windows\TempD41D68B2-B9FE-82CF-9D18-8D4B89EE476F-Signatures
2014-03-08 13:59 - 2014-03-08 13:34 - 00000000 ____D () C:\Program Files (x86)\WizTree
2014-03-08 13:31 - 2014-03-08 13:30 - 00000000 ____D () C:\Users\dale\Desktop\Geessy Work
2014-03-08 13:28 - 2013-08-07 11:23 - 00000000 ____D () C:\Users\dale\Desktop\FOTOS
2014-03-08 13:27 - 2013-11-05 18:01 - 00000000 ____D () C:\Users\dale\Desktop\esl
2014-03-08 04:00 - 2014-03-08 04:00 - 00000000 ____D () C:\Windows\TempE251C687-04CF-B042-2C2F-40B2DC403286-Signatures
2014-03-07 17:44 - 2014-03-01 10:35 - 00000000 ____D () C:\Users\dale\Desktop\Comedy
2014-03-07 04:00 - 2014-03-07 04:00 - 00000000 ____D () C:\Windows\TempB2EFD702-4E3F-83E5-10A6-2A4D196F5E8F-Signatures
2014-03-06 04:00 - 2014-03-06 04:00 - 00000000 ____D () C:\Windows\Temp649C8DFD-DDD0-0B12-6304-A4258E2DF6D6-Signatures
2014-03-05 04:00 - 2014-03-05 04:00 - 00000000 ____D () C:\Windows\Temp86BDA880-72BA-E800-9D5E-D752136D1415-Signatures
2014-03-04 08:59 - 2014-03-04 08:59 - 00000000 ____D () C:\Windows\TempDCCA3082-4259-D26A-F7CB-388A69E67DFB-Signatures
2014-03-03 09:14 - 2014-03-03 09:14 - 00000000 ____D () C:\Windows\Temp838A6C2A-182D-F972-7AC4-3227E2C30B2C-Signatures
2014-03-02 11:34 - 2014-03-02 11:34 - 00000000 ____D () C:\Windows\TempB516AC1A-8A33-D9FA-1BC1-77E85F0C1CD2-Signatures
2014-03-01 04:00 - 2014-03-01 04:00 - 00000000 ____D () C:\Windows\Temp702526FF-0F90-E4E4-8BA1-EECC830B09D5-Signatures
2014-02-28 23:05 - 2014-03-12 04:14 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-28 22:17 - 2014-03-12 04:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-28 22:16 - 2014-03-12 04:14 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-28 21:58 - 2014-03-12 04:14 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-28 21:52 - 2014-03-12 04:14 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-28 21:51 - 2014-03-12 04:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-28 21:42 - 2014-03-12 04:14 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-28 21:40 - 2014-03-12 04:14 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-28 21:37 - 2014-03-12 04:14 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-28 21:33 - 2014-03-12 04:14 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-28 21:33 - 2014-03-12 04:14 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-28 21:32 - 2014-03-12 04:14 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-28 21:30 - 2014-03-12 04:14 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-02-28 21:23 - 2014-03-12 04:14 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-02-28 21:17 - 2014-03-12 04:14 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-28 21:11 - 2014-03-12 04:14 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-02-28 21:02 - 2014-03-12 04:14 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-28 20:54 - 2014-03-12 04:14 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-28 20:52 - 2014-03-12 04:14 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-02-28 20:51 - 2014-03-12 04:14 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-02-28 20:47 - 2014-03-12 04:14 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-02-28 20:43 - 2014-03-12 04:14 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-02-28 20:43 - 2014-03-12 04:14 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-02-28 20:42 - 2014-03-12 04:14 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-28 20:40 - 2014-03-12 04:14 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-02-28 20:38 - 2014-03-12 04:14 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-02-28 20:37 - 2014-03-12 04:14 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-02-28 20:35 - 2014-03-12 04:14 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-28 20:18 - 2014-03-12 04:14 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-28 20:16 - 2014-03-12 04:14 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-02-28 20:14 - 2014-03-12 04:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-02-28 20:10 - 2014-03-12 04:14 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-28 20:03 - 2014-03-12 04:14 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-02-28 20:00 - 2014-03-12 04:14 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-02-28 19:57 - 2014-03-12 04:14 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-02-28 19:53 - 2009-07-13 22:09 - 00000000 ____D () C:\Windows\System32\Tasks\WPD
2014-02-28 19:38 - 2014-03-12 04:14 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-28 19:32 - 2014-03-12 04:14 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-02-28 19:27 - 2014-03-12 04:14 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-02-28 19:25 - 2014-03-12 04:14 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-28 19:25 - 2014-03-12 04:14 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-02-28 04:00 - 2014-02-28 04:00 - 00000000 ____D () C:\Windows\Temp63E9048C-1308-F690-AED1-5C1ACDA69E4C-Signatures
2014-02-27 07:58 - 2014-02-27 07:57 - 00000000 ____D () C:\Windows\TempB4CA3120-5ADC-2CE3-9DFB-C2590AB8C3D7-Signatures
2014-02-27 07:56 - 2011-04-16 13:10 - 00873916 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI
2014-02-26 04:00 - 2014-02-26 04:00 - 00000000 ____D () C:\Windows\TempBB950C1C-5C58-02FA-D13D-9DA3F698A031-Signatures
2014-02-25 04:00 - 2014-02-25 04:00 - 00000000 ____D () C:\Windows\TempF021D2D0-6C71-A9A5-78A0-E251EAE6BE11-Signatures
2014-02-24 08:17 - 2014-02-24 08:17 - 00000000 ____D () C:\Windows\Temp5A9E70C7-2785-582D-3D5E-7BA811BCB509-Signatures
2014-02-23 09:43 - 2014-02-23 09:43 - 00000000 ____D () C:\Windows\Temp60C4A19A-C900-3DD6-C83E-CDE27177C59A-Signatures
2014-02-22 11:17 - 2014-02-22 11:17 - 00000000 ____D () C:\Windows\Temp422D83C5-75C0-A982-D130-7EB98B6790BC-Signatures
2014-02-21 08:53 - 2014-02-21 08:53 - 00000000 ____D () C:\Windows\Temp9259F361-9CC4-7F89-EEE7-33588A2ECDD9-Signatures
2014-02-20 09:13 - 2014-02-20 09:13 - 00000000 ____D () C:\Windows\Temp287F794B-3A6F-929D-FFC2-AC8FB717D60C-Signatures

Some content of TEMP:
====================
C:\Users\leibeld\AppData\Local\Temp\GUR592F.exe
C:\Users\leibeld\AppData\Local\Temp\nitro_pdf_reader_64.exe
C:\Users\leibeld\AppData\Local\Temp\{4027756A-C829-4743-946E-AA3D2BAF34FE}-chrome_updater.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-20 00:49

==================== End Of Log ============================
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Voila :) and it has gone

Could you try MS security essentials to see if it now works, also try the internet to check out for redirects

Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware from here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Attach the entire report in your next reply.
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.

THEN

Download and run farbar service scanner

Posted Image

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.
  • 0

#7
daniel.karakas

daniel.karakas

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts
Hi I ran Malawares and MS Security scan, both found nothing. Computer is freezing quite a bit now with Firefox, no misdirects though. Have had to do hard shut downs a few times. Here are the logs:


Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.22.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16521
dale :: ASM52A2200 [administrator]

3/23/2014 4:15:58 PM
mbam-log-2014-03-23 (16-15-58).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 281678
Time elapsed: 11 minute(s), 14 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)













Farbar Service Scanner Version: 25-02-2014
Ran by dale (administrator) on 23-03-2014 at 16:31:28
Running from "C:\Users\dale\Downloads"
Microsoft Windows 7 Professional Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
mpsdrv Service is not running. Checking service configuration:
The start type of mpsdrv service is OK.
The ImagePath of mpsdrv service is OK.

MpsSvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open MpsSvc registry key. The service key does not exist.

bfe Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to retrieve start type of bfe. The value does not exist.
Checking ImagePath: ATTENTION!=====> Unable to retrieve ImagePath of bfe. The value does not exist.
Unable to retrieve ServiceDll of bfe. The value does not exist.


Firewall Disabled Policy:
==================
"HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile" registry key does not exist.


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

wscsvc Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open wscsvc registry key. The service key does not exist.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.
Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============
Checking Start type of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ImagePath of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.
Checking ServiceDll of iphlpsvc: ATTENTION!=====> Unable to open iphlpsvc registry key. The service key does not exist.

Checking Start type of SharedAccess: ATTENTION!=====> Unable to retrieve start type of SharedAccess. The value does not exist.
Checking ImagePath of SharedAccess: ATTENTION!=====> Unable to retrieve ImagePath of SharedAccess. The value does not exist.
Checking ServiceDll of SharedAccess: ATTENTION!=====> Unable to retrieve ServiceDll of SharedAccess. The value does not exist.
Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Defaults\FirewallPolicy\FirewallRules" registry key. The key does not exist.
Checking FirewallRules of SharedAccess: ATTENTION!=====> Unable to open "SharedAccess\Parameters\FirewallPolicy\FirewallRules" registry key. The key does not exist.

Checking Start type of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist.
Checking ImagePath of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist.
Checking ServiceDll of PolicyAgent: ATTENTION!=====> Unable to open PolicyAgent registry key. The service key does not exist.

Checking Start type of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist.
Checking ImagePath of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist.
Checking ServiceDll of RemoteAccess: ATTENTION!=====> Unable to open RemoteAccess registry key. The service key does not exist.



File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

You have 9 disabled services at the moment so we will reset them next and then see how Firefox and the computer behaves

 

Download the attached Registry fixes.zip folder to your desktop

Unzip all nine .reg files to the desktop

Right click each reg file in turn and select Merge

Windows will ask for confirmation, allow them to add to the registry

Once all 9 are done reboot the computer and run FSS again please to ensure that they took

 

MSES should now work  


  • 0

#9
daniel.karakas

daniel.karakas

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts

Thanks I installed all registry fixes. I recently used wixtree to clean up my harddrive, perhaps I did some damage then? Here is the FSS log, thanks again!

 

 

Farbar Service Scanner Version: 25-02-2014
Ran by dale (administrator) on 24-03-2014 at 08:05:23
Running from "C:\Users\dale\Downloads"
Microsoft Windows 7 Professional  Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============
MpsSvc Service is not running. Checking service configuration:
The start type of MpsSvc service is OK.
The ImagePath of MpsSvc service is OK.
The ServiceDll of MpsSvc service is OK.

bfe Service is not running. Checking service configuration:
The start type of bfe service is OK.
The ImagePath of bfe service is OK.
The ServiceDll of bfe service is OK.


Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****


  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Could you now check widows updates please to ensure it works.  If it does not could you run this small programme  www.tweaking.com/content/page/repair_wmi.html

 

Use the direct download link.  Once you have run the programme try windows updates again

 

 


  • 0

Advertisements


#11
daniel.karakas

daniel.karakas

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts
Yes it seems like windows updates is working, it automatically updated last night, so I did not run the tweaking program.

Also noticed that firewall seems turned off and it will not let me select recommended settings. When I clicked on it, it said "Windows Firewall is not using the recomended settings". I clicked on the "update settings now" button and got a popup message that said "Windows Firewall was unable to make the requested updates".
 

Everything else seems to be working fine, no freezes or misdirections so far, THANKS!!


  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Could you run the WMI programme and that should cure the firewall problem, then when you are happy I will tidy up all my rubbish :)
  • 0

#13
daniel.karakas

daniel.karakas

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts

HI, I'm not sure what programme you mean when you say WMI, thx!


  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Sorry it is the small programme that I linked to in my previous post 10
  • 0

#15
daniel.karakas

daniel.karakas

    Member

  • Topic Starter
  • Member
  • PipPip
  • 94 posts

Hi I ran WMI but firewall still won't let me turn it on. Thanks M!


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP